Add permission for manually creating CVEs

Signed-off-by: Max Magorsch <arzano@gentoo.org>
author: Max Magorsch <arzano@gentoo.org> 2020-04-20 13:57:08 +0200
committer: Max Magorsch <arzano@gentoo.org> 2020-04-20 13:57:08 +0200
commit: 22d233dcc865326ff9b04726ef3c5f32a414dda4 (patch)
tree: 84208cd3d22951b4dd7f606a8105146bd8353835 /pkg
parent: Add a page to manually enter a cve (diff)
download: glsamaker-22d233dcc865326ff9b04726ef3c5f32a414dda4.tar.gz
glsamaker-22d233dcc865326ff9b04726ef3c5f32a414dda4.tar.bz2
glsamaker-22d233dcc865326ff9b04726ef3c5f32a414dda4.zip
4 files changed, 5 insertions, 1 deletions
diff --git a/pkg/app/handler/admin/edit.go b/pkg/app/handler/admin/edit.go
index 8cf9291..c618678 100644
--- a/pkg/app/handler/admin/edit.go
+++ b/pkg/app/handler/admin/edit.go
@@ -152,6 +152,7 @@ func EditPermissions(w http.ResponseWriter, r *http.Request) {
 		cveView := getArrayParam("cve-view", r)
 		cveUpdateCVEs := getArrayParam("cve-updateCVEs", r)
 		cveComment := getArrayParam("cve-comment", r)
+		cveAddCVE := getArrayParam("cve-addCVE", r)
 		cveAddPackage := getArrayParam("cve-addPackage", r)
 		cveChangeState := getArrayParam("cve-changeState", r)
 		cveAssignBug := getArrayParam("cve-assignBug", r)
@@ -181,6 +182,7 @@ func EditPermissions(w http.ResponseWriter, r *http.Request) {
 					View:        containsInt(cveView, changedUser.Id),
 					UpdateCVEs:  containsInt(cveUpdateCVEs, changedUser.Id),
 					Comment:     containsInt(cveComment, changedUser.Id),
+					AddCVE:      containsInt(cveAddCVE, changedUser.Id),
 					AddPackage:  containsInt(cveAddPackage, changedUser.Id),
 					ChangeState: containsInt(cveChangeState, changedUser.Id),
 					AssignBug:   containsInt(cveAssignBug, changedUser.Id),
diff --git a/pkg/app/handler/cvetool/new.go b/pkg/app/handler/cvetool/new.go
index 782efd7..10a1f23 100644
--- a/pkg/app/handler/cvetool/new.go
+++ b/pkg/app/handler/cvetool/new.go
@@ -16,7 +16,7 @@ func New(w http.ResponseWriter, r *http.Request) {
 
 	user := utils.GetAuthenticatedUser(r)
 
-	if !user.Permissions.Glsa.View {
+	if !user.Permissions.CVETool.AddCVE {
 		authentication.AccessDenied(w, r)
 		return
 	}
diff --git a/pkg/app/utils.go b/pkg/app/utils.go
index 9d66c13..e442d12 100644
--- a/pkg/app/utils.go
+++ b/pkg/app/utils.go
@@ -27,6 +27,7 @@ func defaultAdminPermissions() users.Permissions {
 			View:        true,
 			UpdateCVEs:  true,
 			Comment:     true,
+			AddCVE:      true,
 			AddPackage:  true,
 			ChangeState: true,
 			AssignBug:   true,
diff --git a/pkg/models/users/user.go b/pkg/models/users/user.go
index b8a60d6..e4b4e4b 100644
--- a/pkg/models/users/user.go
+++ b/pkg/models/users/user.go
@@ -111,6 +111,7 @@ type CVEToolPermissions struct {
 	View        bool
 	UpdateCVEs  bool
 	Comment     bool
+	AddCVE      bool
 	AddPackage  bool
 	ChangeState bool
 	AssignBug   bool
author	Max Magorsch <arzano@gentoo.org>	2020-04-20 13:57:08 +0200
committer	Max Magorsch <arzano@gentoo.org>	2020-04-20 13:57:08 +0200
commit	22d233dcc865326ff9b04726ef3c5f32a414dda4 (patch)
tree	84208cd3d22951b4dd7f606a8105146bd8353835 /pkg
parent	Add a page to manually enter a cve (diff)
download	glsamaker-22d233dcc865326ff9b04726ef3c5f32a414dda4.tar.gz glsamaker-22d233dcc865326ff9b04726ef3c5f32a414dda4.tar.bz2 glsamaker-22d233dcc865326ff9b04726ef3c5f32a414dda4.zip