Resolves #1569: Implemented new secretariat fields on BaseOrg model

package.json

@@ -46,7 +46,7 @@
         "lodash": "^4.17.21",
         "luxon": "^3.4.4",
         "mongo-cursor-pagination": "^8.1.3",
-        "mongoose": "^8.8.3",
+        "mongoose": "^8.9.5",
         "mongoose-aggregate-paginate-v2": "1.0.6",
         "morgan": "^1.9.1",
         "node-dev": "^7.4.3",

src/constants/index.js

@@ -44,7 +44,7 @@ function getConstants () {
     USER_ROLES: [
       'ADMIN'
     ],
-    JOINT_APPROVAL_FIELDS: ['short_name', 'long_name', 'authority', 'aliases', 'oversees', 'root_or_tlr', 'charter_or', 'product_list', 'disclosure_policy', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone', 'contact_info.org_email'],
+    JOINT_APPROVAL_FIELDS: ['short_name', 'long_name', 'authority', 'aliases', 'oversees', 'root_or_tlr', 'charter_or', 'product_list', 'disclosure_policy', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone', 'contact_info.org_email', 'cna_role_type', 'cna_country', 'vulnerability_advisory_locations', 'advisory_location_require_credentials', 'industry', 'tl_root_start_date', 'is_cna_discussion_list'],
     JOINT_APPROVAL_FIELDS_LEGACY: ['short_name', 'name', 'authority.active_roles'],
     USER_ROLE_ENUM: {
       ADMIN: 'ADMIN'

src/controller/org.controller/org.middleware.js

@@ -48,6 +48,18 @@ function validateCreateOrgParameters () {
           .isArray(),
         body(['root_or_tlr']).default(false)
           .isBoolean(),
+        body(['vulnerability_advisory_locations'])
+          .default([])
+          .custom(isFlatStringArray),
+        body(['advisory_location_require_credentials'])
+          .default(false)
+          .isBoolean(),
+        body(['tl_root_start_date'])
+          .default(null)
+          .isDate(),
+        body(['is_cna_discussion_list'])
+          .default(false)
+          .isBoolean(),
         body(
           [
             'charter_or_scope',
@@ -58,7 +70,10 @@ function validateCreateOrgParameters () {
             'contact_info.poc_email',
             'contact_info.poc_phone',
             'contact_info.org_email',
-            'contact_info.website'
+            'contact_info.website',
+            'cna_role_type',
+            'cna_country',
+            'industry'
           ])
           .default('')
           .isString(),
@@ -119,7 +134,14 @@ function validateCreateOrgParameters () {
           'contact_info.poc_phone',
           'contact_info.org_email',
           'contact_info.additional_contact_users',
-          'contact_info.website')
+          'contact_info.website',
+          'cna_role_type',
+          'cna_country',
+          'vulnerability_advisory_locations',
+          'advisory_location_require_credentials',
+          'industry',
+          'tl_root_start_date',
+          'is_cna_discussion_list')
       ]
     }
 
@@ -169,8 +191,8 @@ function validateUpdateOrgParameters () {
     const useRegistry = req.query.registry === 'true'
 
     const legacyParametersOnly = ['id_quota', 'name']
-    const registryParametersOnly = ['hard_quota', 'long_name', 'cve_program_org_function', 'oversees', 'root_or_tlr', 'charter_or_scope', 'disclosure_policy', 'product_list']
-    const sharedParameters = ['new_short_name', 'active_roles.add', 'active_roles.remove']
+    const registryParametersOnly = ['hard_quota', 'long_name', 'cve_program_org_function', 'oversees', 'root_or_tlr', 'charter_or_scope', 'disclosure_policy', 'product_list', 'cna_role_type', 'cna_country', 'vulnerability_advisory_locations', 'advisory_location_require_credentials', 'industry', 'tl_root_start_date', 'is_cna_discussion_list']
+    const sharedParameters = ['new_short_name', 'active_roles.add', 'active_roles.remove', 'registry']
 
     const allParameters = [
       ...legacyParametersOnly, ...registryParametersOnly, ...sharedParameters
@@ -191,28 +213,40 @@ function validateUpdateOrgParameters () {
 
     if (useRegistry) {
       validations.push(
-
-        query(['hard_quota']).optional().not().isArray().isInt({ min: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_min, max: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_max }).withMessage(errorMsgs.ID_QUOTA),
+        query(['hard_quota'])
+          .optional()
+          .not()
+          .isArray()
+          .isInt({
+            min: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_min,
+            max: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_max
+          })
+          .withMessage(errorMsgs.ID_QUOTA),
         query(['long_name']).optional().isString().trim().notEmpty(),
         query(['oversees']).optional().isArray(),
         query(['root_or_tlr']).optional().isBoolean(),
-        query(
-          [
-            'cve_program_org_function',
-            'charter_or_scope',
-            'disclosure_policy',
-            'product_list',
-            'contact_info.poc',
-            'contact_info.poc_email',
-            'contact_info.poc_phone',
-            'contact_info.org_email',
-            'contact_info.website'
-          ])
+        query([
+          'cve_program_org_function',
+          'charter_or_scope',
+          'disclosure_policy',
+          'product_list',
+          'contact_info.poc',
+          'contact_info.poc_email',
+          'contact_info.poc_phone',
+          'contact_info.org_email',
+          'contact_info.website',
+          'cna_role_type',
+          'cna_country',
+          'vulnerability_advisory_locations',
+          'advisory_location_require_credentials',
+          'industry',
+          'tl_root_start_date',
+          'is_cna_discussion_list'
+        ])
           .optional()
           .isString(),
         ...isNotAllowedQuery(...legacyParametersOnly)
         // if we decide that we want to allow more, we can add them here.
-
       )
     } else {
       validations.push(
@@ -273,10 +307,20 @@ function isUserRole (val) {
 function parsePostParams (req, res, next) {
   utils.reqCtxMapping(req, 'body', [])
   utils.reqCtxMapping(req, 'query', [
-    'new_short_name', 'name', 'id_quota', 'active',
-    'active_roles.add', 'active_roles.remove',
-    'new_username', 'org_short_name',
-    'name.first', 'name.last', 'name.middle', 'name.suffix', 'long_name', 'cve_program_org_function',
+    'new_short_name',
+    'name',
+    'id_quota',
+    'active',
+    'active_roles.add',
+    'active_roles.remove',
+    'new_username',
+    'org_short_name',
+    'name.first',
+    'name.last',
+    'name.middle',
+    'name.suffix',
+    'long_name',
+    'cve_program_org_function',
     'charter_or_scope',
     'disclosure_policy',
     'product_list',
@@ -285,7 +329,16 @@ function parsePostParams (req, res, next) {
     'contact_info.poc_phone',
     'contact_info.org_email',
     'hard_quota',
-    'contact_info.website', 'root_or_tlr', 'oversees'
+    'contact_info.website',
+    'root_or_tlr',
+    'oversees',
+    'cna_role_type',
+    'cna_country',
+    'vulnerability_advisory_locations',
+    'advisory_location_require_credentials',
+    'industry',
+    'tl_root_start_date',
+    'is_cna_discussion_list'
   ])
   utils.reqCtxMapping(req, 'params', ['shortname', 'username'])
   next()

src/controller/registry-org.controller/registry-org.middleware.js

@@ -15,7 +15,14 @@ function parsePostParams (req, res, next) {
     'charter_or_scope', 'disclosure_policy', 'product_list',
     'soft_quota', 'hard_quota',
     'contact_info.additional_contact_users', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone',
-    'contact_info.admins', 'contact_info.org_email', 'contact_info.website'
+    'contact_info.admins', 'contact_info.org_email', 'contact_info.website',
+    'cna_role_type',
+    'cna_country',
+    'vulnerability_advisory_locations',
+    'advisory_location_require_credentials',
+    'industry',
+    'tl_root_start_date',
+    'is_cna_discussion_list'
   ])
   next()
 }

src/middleware/schemas/BaseOrg.json

@@ -39,6 +39,11 @@
     "discriminator": {
       "description": "Discriminator key used by Mongoose for type inheritance",
       "type": "string"
+    },
+    "timestamp": {
+      "description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM'. If timezone offset is not given, GMT (+00:00) is assumed.",
+      "pattern": "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$",
+      "type": "string"
     }
   },
   "properties": {
@@ -118,6 +123,31 @@
         }
       },
       "additionalProperties": false
+    },
+    "cna_role_type": {
+      "type": "string"
+    },
+    "cna_country": {
+      "type": "string"
+    },
+    "vulnerability_advisory_locations": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+        "type": "string"
+      }
+    },
+    "advisory_location_require_credentials": {
+      "type": "boolean"
+    },
+    "industry": {
+      "type": "string"
+    },
+    "tl_root_start_date": {
+      "$ref": "#/definitions/timestamp"
+    },
+    "is_cna_discussion_list": {
+      "type": "boolean"
     }
   },
   "required": [