Skip to end of metadata
Go to start of metadata

ACL

Privileges

evaluation - create + update + delete (added)

These privileges are intended for admins who have the permission to change the workflow.

finding - [(mitigation)|(evidence)]_*

The descriptions for these 4 default privileges [(mitigation)|(evidence)]_[(ivv)|(iso)] will be changed to comply with new naming convention.

New privileges will be created for each new approval steps.

Models

Evaluation

Add a column "Description" (string, optional)

Controllers

ConfigController

viewWorkflowAction

Construct the workflow diagram

modifyWorkflowAction

This action should be called via an AJAX POST request because it does heavy back-end works and only renders error messages.

This action requires:

  1. the queue of changes
  2. an ordered mapping array (between the id and databaseId of the steps) for each queue (2 arrays by default)

At the start of the process, a Doctrine Transaction will be opened. ACL will be checked at this point.

The submitted queue of changes will be processed in the order they were submitted, one query for each (i.e. no optimization included in this ticket's scope).

For example, if the user updates (the metadata of) a step, moves that step around, and then removes the step totally, 3 queries will be made in the exact same order.

Privileges will be created, deleted, or updated (mainly description) accordingly.

At the end of the process, the precedence and nextId of all steps will be recalculated and updated basing on the order of the steps in the mapping arrays.

In case there is an error, the transaction will be rolled back.

View scripts

default/views/scripts/yui/interactive-ordered-list.phtml

The view script for the Interactive Ordered List

finding/views/scripts/workflow/view.phtml

The main view script for the page

finding/views/scripts/workflow/step.phtml

The view script for each approval step

finding/view/scripts/workflow/remove-step.phtml

The "form" to select the destination for findings (if any) currently in the to-be-removed approval step.

This form should be loaded into a Fisma.UrlPanel (as is finding/view/scripts/remediation/reject-evidence.phtml)

finding/view/scripts/workflow/select-roles.phtml

The "form" to select the roles to assign to the (corresponding privilege of the) approval step.

This form should be loaded into a Fisma.UrlPanel (as is finding/view/scripts/remediation/reject-evidence.phtml)

Menu

Finding => Administration => Finding Workflow

Library

Fisma/Yui/InteractiveOrderedList.php (added)

A control composed of a linear ordered list, whose members can be dragged and dropped to reorder.

The list accepts a path to a view-script and an array of member data, EACH of which will be thrown at the view-script.

The list automatically add a blank item at the beginning of the list with the id "skeleton", which will be cloned for "Add new".

Each successful drag-drop action will trigger an associated JS function (specified at list-level).

The dragging and dropping is done by YUI as hard-coded in the corresponding view script.

Java-scripts

Fisma/InteractiveOrderedListItem.js (added as placeholder)

Extends DDProxy from YUI.

Fisma/FindingWorkflow.js (added as placeholder)

This is not really an object but more like a placeholder for handling behavors

Style-sheets

InteractiveOrderedList.css (added)

Styling formats for InteractiveOrderedList

Finding.css

Extra styling formats for the main view script as well as the remove-approval-step form.

Labels:
None
Edit Labels