Skip to content

Commit 38fa4b9

Browse files
david-roccadavid-rocca
authored
Merge pull request #1586 from CVEProject/cb_new_secretariat_fields
Resolves #1569: Implemented new secretariat fields on BaseOrg model
2 parents 433bc1a + e4b8440 commit 38fa4b9

File tree

8 files changed

+172
-61
lines changed

8 files changed

+172
-61
lines changed

package-lock.json

Lines changed: 33 additions & 33 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@
4646
"lodash": "^4.17.21",
4747
"luxon": "^3.4.4",
4848
"mongo-cursor-pagination": "^8.1.3",
49-
"mongoose": "^8.8.3",
49+
"mongoose": "^8.9.5",
5050
"mongoose-aggregate-paginate-v2": "1.0.6",
5151
"morgan": "^1.9.1",
5252
"node-dev": "^7.4.3",

src/constants/index.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ function getConstants () {
4444
USER_ROLES: [
4545
'ADMIN'
4646
],
47-
JOINT_APPROVAL_FIELDS: ['short_name', 'long_name', 'authority', 'aliases', 'oversees', 'root_or_tlr', 'charter_or', 'product_list', 'disclosure_policy', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone', 'contact_info.org_email'],
47+
JOINT_APPROVAL_FIELDS: ['short_name', 'long_name', 'authority', 'aliases', 'oversees', 'root_or_tlr', 'charter_or', 'product_list', 'disclosure_policy', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone', 'contact_info.org_email', 'cna_role_type', 'cna_country', 'vulnerability_advisory_locations', 'advisory_location_require_credentials', 'industry', 'tl_root_start_date', 'is_cna_discussion_list'],
4848
JOINT_APPROVAL_FIELDS_LEGACY: ['short_name', 'name', 'authority.active_roles'],
4949
USER_ROLE_ENUM: {
5050
ADMIN: 'ADMIN'

src/controller/org.controller/org.middleware.js

Lines changed: 77 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,18 @@ function validateCreateOrgParameters () {
4848
.isArray(),
4949
body(['root_or_tlr']).default(false)
5050
.isBoolean(),
51+
body(['vulnerability_advisory_locations'])
52+
.default([])
53+
.custom(isFlatStringArray),
54+
body(['advisory_location_require_credentials'])
55+
.default(false)
56+
.isBoolean(),
57+
body(['tl_root_start_date'])
58+
.default(null)
59+
.isDate(),
60+
body(['is_cna_discussion_list'])
61+
.default(false)
62+
.isBoolean(),
5163
body(
5264
[
5365
'charter_or_scope',
@@ -58,7 +70,10 @@ function validateCreateOrgParameters () {
5870
'contact_info.poc_email',
5971
'contact_info.poc_phone',
6072
'contact_info.org_email',
61-
'contact_info.website'
73+
'contact_info.website',
74+
'cna_role_type',
75+
'cna_country',
76+
'industry'
6277
])
6378
.default('')
6479
.isString(),
@@ -119,7 +134,14 @@ function validateCreateOrgParameters () {
119134
'contact_info.poc_phone',
120135
'contact_info.org_email',
121136
'contact_info.additional_contact_users',
122-
'contact_info.website')
137+
'contact_info.website',
138+
'cna_role_type',
139+
'cna_country',
140+
'vulnerability_advisory_locations',
141+
'advisory_location_require_credentials',
142+
'industry',
143+
'tl_root_start_date',
144+
'is_cna_discussion_list')
123145
]
124146
}
125147

@@ -169,8 +191,8 @@ function validateUpdateOrgParameters () {
169191
const useRegistry = req.query.registry === 'true'
170192

171193
const legacyParametersOnly = ['id_quota', 'name']
172-
const registryParametersOnly = ['hard_quota', 'long_name', 'cve_program_org_function', 'oversees', 'root_or_tlr', 'charter_or_scope', 'disclosure_policy', 'product_list']
173-
const sharedParameters = ['new_short_name', 'active_roles.add', 'active_roles.remove']
194+
const registryParametersOnly = ['hard_quota', 'long_name', 'cve_program_org_function', 'oversees', 'root_or_tlr', 'charter_or_scope', 'disclosure_policy', 'product_list', 'cna_role_type', 'cna_country', 'vulnerability_advisory_locations', 'advisory_location_require_credentials', 'industry', 'tl_root_start_date', 'is_cna_discussion_list']
195+
const sharedParameters = ['new_short_name', 'active_roles.add', 'active_roles.remove', 'registry']
174196

175197
const allParameters = [
176198
...legacyParametersOnly, ...registryParametersOnly, ...sharedParameters
@@ -191,28 +213,40 @@ function validateUpdateOrgParameters () {
191213

192214
if (useRegistry) {
193215
validations.push(
194-
195-
query(['hard_quota']).optional().not().isArray().isInt({ min: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_min, max: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_max }).withMessage(errorMsgs.ID_QUOTA),
216+
query(['hard_quota'])
217+
.optional()
218+
.not()
219+
.isArray()
220+
.isInt({
221+
min: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_min,
222+
max: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_max
223+
})
224+
.withMessage(errorMsgs.ID_QUOTA),
196225
query(['long_name']).optional().isString().trim().notEmpty(),
197226
query(['oversees']).optional().isArray(),
198227
query(['root_or_tlr']).optional().isBoolean(),
199-
query(
200-
[
201-
'cve_program_org_function',
202-
'charter_or_scope',
203-
'disclosure_policy',
204-
'product_list',
205-
'contact_info.poc',
206-
'contact_info.poc_email',
207-
'contact_info.poc_phone',
208-
'contact_info.org_email',
209-
'contact_info.website'
210-
])
228+
query([
229+
'cve_program_org_function',
230+
'charter_or_scope',
231+
'disclosure_policy',
232+
'product_list',
233+
'contact_info.poc',
234+
'contact_info.poc_email',
235+
'contact_info.poc_phone',
236+
'contact_info.org_email',
237+
'contact_info.website',
238+
'cna_role_type',
239+
'cna_country',
240+
'vulnerability_advisory_locations',
241+
'advisory_location_require_credentials',
242+
'industry',
243+
'tl_root_start_date',
244+
'is_cna_discussion_list'
245+
])
211246
.optional()
212247
.isString(),
213248
...isNotAllowedQuery(...legacyParametersOnly)
214249
// if we decide that we want to allow more, we can add them here.
215-
216250
)
217251
} else {
218252
validations.push(
@@ -273,10 +307,20 @@ function isUserRole (val) {
273307
function parsePostParams (req, res, next) {
274308
utils.reqCtxMapping(req, 'body', [])
275309
utils.reqCtxMapping(req, 'query', [
276-
'new_short_name', 'name', 'id_quota', 'active',
277-
'active_roles.add', 'active_roles.remove',
278-
'new_username', 'org_short_name',
279-
'name.first', 'name.last', 'name.middle', 'name.suffix', 'long_name', 'cve_program_org_function',
310+
'new_short_name',
311+
'name',
312+
'id_quota',
313+
'active',
314+
'active_roles.add',
315+
'active_roles.remove',
316+
'new_username',
317+
'org_short_name',
318+
'name.first',
319+
'name.last',
320+
'name.middle',
321+
'name.suffix',
322+
'long_name',
323+
'cve_program_org_function',
280324
'charter_or_scope',
281325
'disclosure_policy',
282326
'product_list',
@@ -285,7 +329,16 @@ function parsePostParams (req, res, next) {
285329
'contact_info.poc_phone',
286330
'contact_info.org_email',
287331
'hard_quota',
288-
'contact_info.website', 'root_or_tlr', 'oversees'
332+
'contact_info.website',
333+
'root_or_tlr',
334+
'oversees',
335+
'cna_role_type',
336+
'cna_country',
337+
'vulnerability_advisory_locations',
338+
'advisory_location_require_credentials',
339+
'industry',
340+
'tl_root_start_date',
341+
'is_cna_discussion_list'
289342
])
290343
utils.reqCtxMapping(req, 'params', ['shortname', 'username'])
291344
next()

src/controller/registry-org.controller/registry-org.middleware.js

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,14 @@ function parsePostParams (req, res, next) {
1515
'charter_or_scope', 'disclosure_policy', 'product_list',
1616
'soft_quota', 'hard_quota',
1717
'contact_info.additional_contact_users', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone',
18-
'contact_info.admins', 'contact_info.org_email', 'contact_info.website'
18+
'contact_info.admins', 'contact_info.org_email', 'contact_info.website',
19+
'cna_role_type',
20+
'cna_country',
21+
'vulnerability_advisory_locations',
22+
'advisory_location_require_credentials',
23+
'industry',
24+
'tl_root_start_date',
25+
'is_cna_discussion_list'
1926
])
2027
next()
2128
}

src/middleware/schemas/BaseOrg.json

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,11 @@
3939
"discriminator": {
4040
"description": "Discriminator key used by Mongoose for type inheritance",
4141
"type": "string"
42+
},
43+
"timestamp": {
44+
"description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM'. If timezone offset is not given, GMT (+00:00) is assumed.",
45+
"pattern": "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$",
46+
"type": "string"
4247
}
4348
},
4449
"properties": {
@@ -118,6 +123,31 @@
118123
}
119124
},
120125
"additionalProperties": false
126+
},
127+
"cna_role_type": {
128+
"type": "string"
129+
},
130+
"cna_country": {
131+
"type": "string"
132+
},
133+
"vulnerability_advisory_locations": {
134+
"type": "array",
135+
"uniqueItems": true,
136+
"items": {
137+
"type": "string"
138+
}
139+
},
140+
"advisory_location_require_credentials": {
141+
"type": "boolean"
142+
},
143+
"industry": {
144+
"type": "string"
145+
},
146+
"tl_root_start_date": {
147+
"$ref": "#/definitions/timestamp"
148+
},
149+
"is_cna_discussion_list": {
150+
"type": "boolean"
121151
}
122152
},
123153
"required": [

0 commit comments

Comments
 (0)