Source Code of com.denimgroup.threadfix.webapp.controller.ScheduledScanController

////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2014 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////

package com.denimgroup.threadfix.webapp.controller;

import com.denimgroup.threadfix.data.entities.Application;
import com.denimgroup.threadfix.data.entities.Permission;
import com.denimgroup.threadfix.data.entities.ScheduledScan;
import com.denimgroup.threadfix.logging.SanitizedLogger;
import com.denimgroup.threadfix.remote.response.RestResponse;
import com.denimgroup.threadfix.service.ApplicationService;
import com.denimgroup.threadfix.service.ScheduledScanService;
import com.denimgroup.threadfix.service.queue.scheduledjob.ScheduledScanScheduler;
import com.denimgroup.threadfix.service.util.PermissionUtils;
import com.denimgroup.threadfix.webapp.config.FormRestResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;

import javax.validation.Valid;
import java.util.List;

@Controller
@RequestMapping("/organizations/{orgId}/applications/{appId}/scheduledScans")
@SessionAttributes(value= {"scanQueueTaskList", "scanQueueTask"})
public class ScheduledScanController {

  private final SanitizedLogger log = new SanitizedLogger(ScheduledScanController.class);

    @Autowired
  private ScheduledScanService scheduledScanService;

    @Autowired
    private ScheduledScanScheduler scheduledScanScheduler;

    @Autowired
    private ApplicationService applicationService;

  @RequestMapping(value = "/addScheduledScan", method = RequestMethod.POST)
  public @ResponseBody RestResponse<List<ScheduledScan>> addScheduledScan(@PathVariable("appId") int appId, @PathVariable("orgId") int orgId,
                                   @Valid @ModelAttribute ScheduledScan scheduledScan,
                                   BindingResult result) {
    log.info("Start adding scheduled scan to application " + appId);

        if (!PermissionUtils.isAuthorized(Permission.CAN_MANAGE_APPLICATIONS, orgId, appId)){
            return RestResponse.failure("You are not allowed to modify scheduled scans for this application.");
        }

        scheduledScanService.validateDate(scheduledScan, result);

        if (result.hasErrors()) {
            return FormRestResponse.failure("Encountered errors.", result);
        }

        Application application = applicationService.loadApplication(appId);

        if (application == null || !application.isActive()) {
            return RestResponse.failure("Application was not found for ID " + appId);
        }

        int scheduledScanId = scheduledScanService.save(appId, scheduledScan);
    if (scheduledScanId < 0) {
      return RestResponse.failure("Adding Scheduled Scan failed.");
    }

        //Add new job to scheduler
        if (scheduledScanScheduler.addScheduledScan(scheduledScan)) {
            log.info("Successfully added new scheduled scan to scheduler");
            return RestResponse.success(application.getScheduledScans());

        } else {
            log.warn("Failed to add new scheduled scan to scheduler");
            String message = "Adding new "+ scheduledScan.getFrequency() + " Scan for " + scheduledScan.getScanner() + " failed.";

            scheduledScanService.delete(scheduledScan);
            return RestResponse.failure(message);
        }
  }

  @RequestMapping(value = "/scheduledScan/{scheduledScanId}/delete", method = RequestMethod.POST)
  public @ResponseBody RestResponse<String> delete(@PathVariable("appId") int appId,
      @PathVariable("orgId") int orgId,
      @PathVariable("scheduledScanId") int scheduledScanId) {

    log.info("Start deleting scheduled scan from application with id " + appId);
    if (!PermissionUtils.isAuthorized(Permission.CAN_MANAGE_APPLICATIONS,orgId,appId)){
      return RestResponse.failure("You are not authorized to delete this scheduled scan.");
    }
        ScheduledScan scheduledScan = scheduledScanService.loadById(scheduledScanId);
        if (scheduledScan == null) {
            return RestResponse.failure("That scheduled scan was not found.");
        }

        //Remove job from scheduler
        if (scheduledScanScheduler.removeScheduledScan(scheduledScan)) {
            String ret = scheduledScanService.delete(scheduledScan);
            if (ret != null) {
                log.warn(ret);
                return RestResponse.failure(ret);
            } else {
                log.info("Successfully deleted scheduled scan from scheduler");
                return RestResponse.success(scheduledScan.getFrequency() + " Scan for " + scheduledScan.getScanner()
                        + " Scheduled Scan successfully deleted.");
            }
        } else {
            String message = "Failed to delete " + scheduledScan.getFrequency() + " Scan for " + scheduledScan.getScanner() +
                    " scheduled scan from scheduler";
            log.warn(message);
            return RestResponse.failure(message);
        }
  }
}