Merge pull request CactuseSecurity#3086 from SolidProgramming/issue_3062

Merge: Modelling - no NA should be usable for selected interfaces

Author: tpurschke

roles/database/files/sql/idempotent/fworch-texts.sql

@@ -1156,12 +1156,6 @@ INSERT INTO txt VALUES ('add_interface', 	    'German',	'Schnittstelle hinzuf&uu
 INSERT INTO txt VALUES ('add_interface', 	    'English',	'Add Interface');
 INSERT INTO txt VALUES ('edit_interface', 	    'German',	'Schnittstelle bearbeiten');
 INSERT INTO txt VALUES ('edit_interface', 	    'English',	'Edit Interface');
-INSERT INTO txt VALUES ('interface_contain_nwarea','German','Schnittstellen dürfen keine Netzbereiche enthalten');
-INSERT INTO txt VALUES ('interface_contain_nwarea','English','Interfaces must not contain network areas');
-INSERT INTO txt VALUES ('direction_contain_nwarea','German','Quelle und Ziel dürfen nicht gleichzeitig einen Netzbereich enthalten');
-INSERT INTO txt VALUES ('direction_contain_nwarea','English','Source and destination must not contain a network area at the same time');
-INSERT INTO txt VALUES ('only_common_service',  'German',   'Dieser Netzbereich kann nur in der Registerkarte Gemeinsame Dienste verwendet werden.');
-INSERT INTO txt VALUES ('only_common_service',  'English',  'This network area can only be used in common services tab');
 INSERT INTO txt VALUES ('delete_interface', 	'German',	'Schnittstelle löschen');
 INSERT INTO txt VALUES ('delete_interface', 	'English',	'Delete Interface');
 INSERT INTO txt VALUES ('insert_forbidden', 	'German',	'Einfügen verboten');
@@ -2867,6 +2861,14 @@ INSERT INTO txt VALUES ('U9019', 'German',  'Sind sie sicher, dass sie die Exter
 INSERT INTO txt VALUES ('U9019', 'English', 'Are you sure you want to reinit the external requests for following ticket: ');
 INSERT INTO txt VALUES ('U9020', 'German',  'Die externe Beantragung wurde gestartet.');
 INSERT INTO txt VALUES ('U9020', 'English', 'External Request initialized.');
+INSERT INTO txt VALUES ('U9021', 'German',  'Schnittstellen dürfen keine Netzbereiche enthalten');
+INSERT INTO txt VALUES ('U9021', 'English', 'Interfaces must not contain network areas');
+INSERT INTO txt VALUES ('U9022', 'German',  'Quelle und Ziel dürfen nicht gleichzeitig einen Netzbereich enthalten');
+INSERT INTO txt VALUES ('U9022', 'English', 'Source and destination must not contain a network area at the same time');
+INSERT INTO txt VALUES ('U9023', 'German',  'Dieser Netzbereich kann nur in der Registerkarte Gemeinsame Dienste verwendet werden.');
+INSERT INTO txt VALUES ('U9023', 'English', 'This network area can only be used in common services tab');
+INSERT INTO txt VALUES ('U9024', 'German',  'Netzbereiche können nicht zusammen mit Schnittstellen anderer Apps genutzt werden.');
+INSERT INTO txt VALUES ('U9024', 'English', 'Network areas cannot be used together with interfaces from foreign apps.');
 
 -- error messages
 INSERT INTO txt VALUES ('E0001', 'German',  'Nicht klassifizierter Fehler: ');

roles/lib/files/FWO.Services/ModellingConnectionHandler.cs

@@ -276,6 +276,38 @@ public void AddExtraConfig()
             AddExtraConfigMode = true;
         }
 
+        /// <summary>
+        /// Checks the given interface object if it can be used with network areas that are added to the connection.
+        /// </summary>
+        /// <param name="interf"></param>
+        /// <returns></returns>
+        public bool InterfaceAllowedWithNetworkArea(ModellingConnection interf)
+        {
+            if (!ActConn.IsInterface && !ActConn.IsCommonService && interf.AppId != ActConn.AppId &&
+                ( ActConn.DestinationAreas.Count > 0 || DstAreasToAdd.Count > 0 ||
+                ActConn.SourceAreas.Count > 0 || SrcAreasToAdd.Count > 0 ))
+            {
+                return false;
+            }
+
+            return true;
+        }
+
+        /// <summary>
+        /// Checks the selected interface if it is foreign to the modelled connection
+        /// </summary>
+        /// <returns></returns>
+        public bool IsNotInterfaceForeignToApp()
+        {
+            if (!ActConn.IsInterface && !ActConn.IsCommonService && ActConn.UsedInterfaceId != null &&
+                ActConn.UsedInterfaceId > 0 && PreselectedInterfaces.FirstOrDefault(_ => _.Id == ActConn.UsedInterfaceId)?.AppId != ActConn.AppId)
+            {
+                return false;
+            }
+
+            return true;
+        }
+
         /// <summary>
         /// Checks the opposite direction if it already contains a network area.
         /// </summary>
@@ -314,13 +346,13 @@ public bool NetworkAreaUseAllowed(List<ModellingNetworkArea> networkAreas, Direc
 
             if (IsAreaForbiddenInDirection(direction))
             {
-                reason.Text = userConfig.GetText("direction_contain_nwarea");
+                reason.Text = userConfig.GetText("U9022");
                 return false;
             }
 
             if (ActConn.IsInterface)
             {
-                reason.Text = userConfig.GetText("interface_contain_nwarea");
+                reason.Text = userConfig.GetText("U9021");
                 return false;
             }
 
@@ -335,7 +367,7 @@ public bool NetworkAreaUseAllowed(List<ModellingNetworkArea> networkAreas, Direc
                 return true;
             }
 
-            reason.Text = userConfig.GetText("only_common_service");
+            reason.Text = userConfig.GetText("U9023");
             return false;
         }
 

roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor

@@ -489,6 +489,13 @@
     {
         if(Container.ConnElement != null)
         {
+            if (ConnHandler is not null && !ConnHandler.InterfaceAllowedWithNetworkArea(Container.ConnElement))
+            {
+                DisplayMessageInUi(default, userConfig.GetText("edit_connection"), userConfig.GetText("U9024"), true);
+                Container.Clear();
+                return;
+            }
+
             if(ConnHandler!.ActConn.IsInterface)
             {
                 await ConnHandler!.RequestReplaceInterface(Container.ConnElement);
@@ -506,6 +513,13 @@
             }
             if(Container.AreaElements.Count > 0)
             {
+                if (ConnHandler is not null && !ConnHandler.IsNotInterfaceForeignToApp())
+                {
+                    DisplayMessageInUi(default, userConfig.GetText("edit_connection"), userConfig.GetText("U9024"), true);
+                    Container.Clear();
+                    return;
+                }
+
                 if (ConnHandler is not null && !ConnHandler.NetworkAreaUseAllowed(Container.AreaElements, Direction.Source, out (string Title, string Text) reason))
                 {
                     DisplayMessageInUi(default, reason.Title, reason.Text, true);
@@ -531,6 +545,13 @@
     {
         if(Container.ConnElement != null)
         {
+            if (ConnHandler is not null && !ConnHandler.InterfaceAllowedWithNetworkArea(Container.ConnElement))
+            {
+                DisplayMessageInUi(default, userConfig.GetText("edit_connection"), userConfig.GetText("U9024"), true);
+                Container.Clear();
+                return;
+            }
+
             if(ConnHandler!.ActConn.IsInterface)
             {
                 await ConnHandler!.RequestReplaceInterface(Container.ConnElement);
@@ -547,7 +568,14 @@
                 ConnHandler?.AppRolesToDestination(Container.AppRoleElements);
             }
             if(Container.AreaElements.Count > 0)
-            {    
+            {
+                if (ConnHandler is not null && !ConnHandler.IsNotInterfaceForeignToApp())
+                {
+                    DisplayMessageInUi(default, userConfig.GetText("edit_connection"), userConfig.GetText("U9024"), true);
+                    Container.Clear();
+                    return;
+                }
+
                 if (ConnHandler is not null && !ConnHandler.NetworkAreaUseAllowed(Container.AreaElements, Direction.Destination, out (string Title, string Text) reason))
                 {
                     DisplayMessageInUi(default, reason.Title, reason.Text, true);

roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor

@@ -298,6 +298,12 @@
 
     private bool InterfaceToConn(ModellingConnection interf)
     {
+        if (ConnHandler is not null && !ConnHandler.InterfaceAllowedWithNetworkArea(interf))
+        {
+            DisplayMessageInUi(default, userConfig.GetText("edit_connection"), userConfig.GetText("U9024"), true);           
+            return false;
+        }
+
         ConnHandler?.InterfaceToConn(interf);
         ConnHandlerChanged.InvokeAsync(ConnHandler);
         return true;
@@ -358,6 +364,13 @@
         }
         if(areas.Count > 0)
         {
+            if (ConnHandler is not null && !ConnHandler.IsNotInterfaceForeignToApp())
+            {
+                DisplayMessageInUi(default, userConfig.GetText("edit_connection"), userConfig.GetText("U9024"), true);
+                selectedNwElems = new();
+                return;
+            }
+
             Direction direction = toSource ? Direction.Source : Direction.Destination;
 
             if (ConnHandler is not null && !ConnHandler.NetworkAreaUseAllowed(areas, direction, out (string Title, string Text) reason))