From 328a6025876b1c458294eb0a5c68bf6fcf93e2f0 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Tue, 10 Dec 2024 16:37:22 -0500 Subject: [PATCH 1/2] Upgrade to 3.0.10 --- CHANGELOG.md | 7 ++++ bigvince/settings_.py | 2 +- requirements.txt | 2 +- vince/templates/vince/ticket_activity.html | 41 ++++++++++---------- vince/templatetags/get_vincecomm_messages.py | 39 +++++++++++++++++++ vince/views.py | 17 +++++++- vinny/serializers.py | 2 +- 7 files changed, 85 insertions(+), 25 deletions(-) create mode 100644 vince/templatetags/get_vincecomm_messages.py diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a78ca6..50bfc8f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,13 @@ CHANGELOG VINCE Coordination platform code +Version 3.0.10 2024-12-10 + +* Dependabot update recommendations: `django` 4.2.17 to 4.2.16 +* Fixed bug preventing the "Reply to User" buttons from working in certain circumstances +* Added pk to CaseAPIView (GH-Issue #162) + + Version 3.0.9 2024-10-28 * Update to fix Security issue with enumerate users in vincecomm (Internal-783 CVE-2024-10469) diff --git a/bigvince/settings_.py b/bigvince/settings_.py index 5ada983..9fe2fff 100644 --- a/bigvince/settings_.py +++ b/bigvince/settings_.py @@ -54,7 +54,7 @@ ROOT_DIR = environ.Path(__file__) - 3 # any change that requires database migrations is a minor release -VERSION = "3.0.9" +VERSION = "3.0.10" # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/ diff --git a/requirements.txt b/requirements.txt index 2938cba..ac927df 100644 --- a/requirements.txt +++ b/requirements.txt @@ -24,7 +24,7 @@ cryptography==43.0.1 cvelib==1.3.0 Deprecated==1.2.13 dictdiffer==0.9.0 -Django==4.2.16 +Django==4.2.17 django-appconf==1.0.5 django-countries==7.4.2 django-environ==0.9.0 diff --git a/vince/templates/vince/ticket_activity.html b/vince/templates/vince/ticket_activity.html index 6aa150b..20c5c45 100644 --- a/vince/templates/vince/ticket_activity.html +++ b/vince/templates/vince/ticket_activity.html @@ -25,34 +25,33 @@

- {% for followup in ticket.get_actions %} + {% for followup in followups %}
-
{% autoescape off %} - {% if followup.user %} - {{ followup.user|vtuserlogo:"profile-pic" }} + {% if followup.fup.user %} + {{ followup.fup.user|vtuserlogo:"profile-pic" }} {% else %} - {{ followup.html_logo }} + {{ followup.fup.html_logo }} {% endif %} {% endautoescape %}
-

{{ followup.title|escape|email_to_user }} {% if followup.title in "Comment,Closed" and followup.user == user %} {% elif "Email" in followup.title %}{% if followup.email_id %}{% endif %}{% endif %}

+

{{ followup.fup.title|escape|email_to_user }} {% if followup.fup.title in "Comment,Closed" and followup.fup.user == user %} {% elif "Email" in followup.fup.title %}{% if followup.fup.email_id %}{% endif %}{% endif %}

- {% if followup.comment|is_json %} + {% if followup.fup.comment|is_json %}

- {{ followup.comment }} + {{ followup.fup.comment }}
- {% elif followup.comment %} + {% elif followup.fup.comment %}
- {{ followup.comment|force_escape|smarter_urlize:50|linebreaksbr }} + {{ followup.fup.comment|force_escape|smarter_urlize:50|linebreaksbr }}
Show More
@@ -64,39 +63,39 @@

View changes. {% endif %}

- {% for change in followup.ticketchange_set.all %} + {% for change in followup.fup.ticketchange_set.all %} {% if forloop.first %}
    {% endif %}
  • {% blocktrans with change.field as field and change.old_value as old_value and change.new_value as new_value %}Changed {{field }} from {{ old_value }} to {{ new_value }}.{% endblocktrans %}
    • {% if forloop.last %}
{% endif %} {% endfor %} - {% for attachment in followup.attachment_set.all %} + {% for attachment in followup.fup.attachment_set.all %} {% if forloop.first %}
    {% endif %}
  • {{ attachment.filename }} ({{ attachment.mime_type }}, {{ attachment.size|filesizeformat }})
    • {% if forloop.last %}
{% endif %} {% endfor %} - {% if "commented on report" in followup.title %} + {% if "commented on report" in followup.fup.title %} {% endif %} - {% for message in followup.followupmessage_set.all %} + {% for message in followup.msgset %} {% endfor %} - {% if followup.title|review:followup and followup.ticket.review %} + {% if followup.fup.title|review:followup.fup and followup.fup.ticket.review %} {% endif %} - - {% if followup.is_email %} + + {% if followup.fup.is_email %}
- +
{% endif %}

diff --git a/vince/templatetags/get_vincecomm_messages.py b/vince/templatetags/get_vincecomm_messages.py new file mode 100644 index 0000000..67e648c --- /dev/null +++ b/vince/templatetags/get_vincecomm_messages.py @@ -0,0 +1,39 @@ +######################################################################### +# VINCE +# +# Copyright 2023 Carnegie Mellon University. +# +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING +# INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON +# UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, +# AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR +# PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE +# MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND +# WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# +# Released under a MIT (SEI)-style license, please see license.txt or contact +# permission@sei.cmu.edu for full terms. +# +# [DISTRIBUTION STATEMENT A] This material has been approved for public +# release and unlimited distribution. Please see Copyright notice for non-US +# Government use and distribution. +# +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University. +# +# This Software includes and/or makes use of Third-Party Software each subject +# to its own license. +# +# DM21-1126 +######################################################################## +from django import template + +# from vinny.models import Message + +register = template.Library() + + +@register.filter +def get_vincecomm_messages(id): + # return Message.objects.filter(pk=id) + return True diff --git a/vince/views.py b/vince/views.py index 7c81adc..b79f82f 100644 --- a/vince/views.py +++ b/vince/views.py @@ -179,6 +179,10 @@ logger.setLevel(logging.DEBUG) +def get_vincecomm_messages(id): + return Message.objects.filter(pk=id).first() + + def normalize_time(instance, column): """Time fields normalize and find issues""" if hasattr(instance, column): @@ -5029,7 +5033,18 @@ def get_context_data(self, **kwargs): context["ticketpage"] = 1 context["ticket"] = get_object_or_404(Ticket, id=self.kwargs["pk"]) context["more"] = False - logger.debug(f'in TicketActivityView, context["ticket"].get_actions() is {context["ticket"].get_actions()}') + followups = context["ticket"].get_actions() + + list_of_fups_with_messages = [] + for followup in followups: + fup_with_messages = {"fup": followup} + list_of_msg_values = [] + for message in followup.followupmessage_set.all(): + list_of_msg_values.append(get_vincecomm_messages(message.id)) + fup_with_messages["msgset"] = list_of_msg_values + list_of_fups_with_messages.append(fup_with_messages) + + context["followups"] = list_of_fups_with_messages if context["ticket"].followup_set.count() > Ticket.MAX_ACTIVITY: if self.request.GET.get("all", None): context["ticket"].MAX_ACTIVITY = 0 diff --git a/vinny/serializers.py b/vinny/serializers.py index 30731ed..f686192 100644 --- a/vinny/serializers.py +++ b/vinny/serializers.py @@ -78,7 +78,7 @@ class CaseSerializer(serializers.ModelSerializer): class Meta: model = Case - fields = ("vuid", "created", "status", "summary", "title", "due_date", "modified") + fields = ("vuid", "created", "status", "summary", "title", "due_date", "modified", "pk") def get_status(self, obj): return obj.get_status_display() From a25de3996c95138bc9ed8bc16ba53e14db8d0a21 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Wed, 11 Dec 2024 10:05:06 -0500 Subject: [PATCH 2/2] Update to 3.0.11 --- CHANGELOG.md | 4 ++++ bigvince/settings_.py | 2 +- vince/views.py | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50bfc8f..ed1050c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ CHANGELOG VINCE Coordination platform code +Version 3.0.11 2024-12-11 + +* Update to fix "Reply to User" button further scenarios. + Version 3.0.10 2024-12-10 * Dependabot update recommendations: `django` 4.2.17 to 4.2.16 diff --git a/bigvince/settings_.py b/bigvince/settings_.py index 9fe2fff..9556b81 100644 --- a/bigvince/settings_.py +++ b/bigvince/settings_.py @@ -54,7 +54,7 @@ ROOT_DIR = environ.Path(__file__) - 3 # any change that requires database migrations is a minor release -VERSION = "3.0.10" +VERSION = "3.0.11" # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/ diff --git a/vince/views.py b/vince/views.py index b79f82f..c529dbe 100644 --- a/vince/views.py +++ b/vince/views.py @@ -5040,7 +5040,7 @@ def get_context_data(self, **kwargs): fup_with_messages = {"fup": followup} list_of_msg_values = [] for message in followup.followupmessage_set.all(): - list_of_msg_values.append(get_vincecomm_messages(message.id)) + list_of_msg_values.append(get_vincecomm_messages(message.msg)) fup_with_messages["msgset"] = list_of_msg_values list_of_fups_with_messages.append(fup_with_messages)