From 114092c5a6d02628fe146a4667f6321ae1d3d980 Mon Sep 17 00:00:00 2001 From: Stuart Laverick Date: Fri, 2 Feb 2024 13:01:54 +0000 Subject: [PATCH 01/14] Updated Service HasPermissionFilter --- .../Filters/Service/HasPermissionFilter.php | 13 ++- aws/resources.py | 92 ++++++++++++++++++- 2 files changed, 99 insertions(+), 6 deletions(-) diff --git a/app/Http/Filters/Service/HasPermissionFilter.php b/app/Http/Filters/Service/HasPermissionFilter.php index 64b083c4a..af6bf167f 100644 --- a/app/Http/Filters/Service/HasPermissionFilter.php +++ b/app/Http/Filters/Service/HasPermissionFilter.php @@ -3,17 +3,20 @@ namespace App\Http\Filters\Service; use App\Models\Service; -use Illuminate\Database\Eloquent\Builder; use Spatie\QueryBuilder\Filters\Filter; +use Illuminate\Database\Eloquent\Builder; class HasPermissionFilter implements Filter { public function __invoke(Builder $query, $value, string $property): Builder { - $serviceIds = request()->user('api') - ? request()->user('api')->services()->pluck(table(Service::class, 'id'))->toArray() + $user = request()->user('api'); + if (!$user || !$user->isGlobalAdmin()) { + $serviceIds = $user + ? $user->services()->pluck(table(Service::class, 'id'))->toArray() : []; - - return $query->whereIn(table(Service::class, 'id'), $serviceIds); + $query->whereIn(table(Service::class, 'id'), $serviceIds); + } + return $query; } } diff --git a/aws/resources.py b/aws/resources.py index 4c616b293..cda46301b 100644 --- a/aws/resources.py +++ b/aws/resources.py @@ -1086,7 +1086,97 @@ def create_aws_web_acl_resource(template, aws_metric_name_variable, aws_managed MetricName=Join('-',[aws_metric_name_variable, 'CommonRuleSet']), SampledRequestsEnabled=True ) - ) + ), + wafv2.WebACLRule( + Name='AWS-AWSManagedRulesKnownBadInputsRuleSet', + Statement=wafv2.StatementOne( + ManagedRuleGroupStatement=wafv2.ManagedRuleGroupStatement( + Name='AWSManagedRulesKnownBadInputsRuleSet', + VendorName='AWS' + ) + ), + OverrideAction=wafv2.OverrideAction( + **{"None":wafv2.NoneAction()} + ), + Priority=2, + VisibilityConfig=wafv2.VisibilityConfig( + CloudWatchMetricsEnabled=True, + MetricName=Join('-',[aws_metric_name_variable, 'KnownBadInputs']), + SampledRequestsEnabled=True + ) + ), + wafv2.WebACLRule( + Name='AWS-AWSManagedRulesSQLiRuleSet', + Statement=wafv2.StatementOne( + ManagedRuleGroupStatement=wafv2.ManagedRuleGroupStatement( + Name='AWSManagedRulesSQLiRuleSet', + VendorName='AWS' + ) + ), + OverrideAction=wafv2.OverrideAction( + **{"None":wafv2.NoneAction()} + ), + Priority=2, + VisibilityConfig=wafv2.VisibilityConfig( + CloudWatchMetricsEnabled=True, + MetricName=Join('-',[aws_metric_name_variable, 'SQLi']), + SampledRequestsEnabled=True + ) + ), + wafv2.WebACLRule( + Name='AWS-AWSManagedRulesPHPRuleSet', + Statement=wafv2.StatementOne( + ManagedRuleGroupStatement=wafv2.ManagedRuleGroupStatement( + Name='AWSManagedRulesPHPRuleSet', + VendorName='AWS' + ) + ), + OverrideAction=wafv2.OverrideAction( + **{"None":wafv2.NoneAction()} + ), + Priority=2, + VisibilityConfig=wafv2.VisibilityConfig( + CloudWatchMetricsEnabled=True, + MetricName=Join('-',[aws_metric_name_variable, 'PHP']), + SampledRequestsEnabled=True + ) + ), + wafv2.WebACLRule( + Name='AWS-AWSManagedRulesAmazonIpReputationList', + Statement=wafv2.StatementOne( + ManagedRuleGroupStatement=wafv2.ManagedRuleGroupStatement( + Name='AWSManagedRulesAmazonIpReputationList', + VendorName='AWS' + ) + ), + OverrideAction=wafv2.OverrideAction( + **{"None":wafv2.NoneAction()} + ), + Priority=2, + VisibilityConfig=wafv2.VisibilityConfig( + CloudWatchMetricsEnabled=True, + MetricName=Join('-',[aws_metric_name_variable, 'AmazonIpReputationList']), + SampledRequestsEnabled=True + ) + ), + wafv2.WebACLRule( + Name='AWS-AWSManagedRulesAnonymousIpList', + Statement=wafv2.StatementOne( + ManagedRuleGroupStatement=wafv2.ManagedRuleGroupStatement( + Name='AWSManagedRulesAnonymousIpList', + VendorName='AWS' + ) + ), + OverrideAction=wafv2.OverrideAction( + **{"None":wafv2.NoneAction()} + ), + Priority=2, + VisibilityConfig=wafv2.VisibilityConfig( + CloudWatchMetricsEnabled=True, + MetricName=Join('-',[aws_metric_name_variable, 'AnonymousIpList']), + SampledRequestsEnabled=True + ) + ), ], Scope='REGIONAL', VisibilityConfig=wafv2.VisibilityConfig( From a012683eb0efec7ab802c02f067e6c85671008b0 Mon Sep 17 00:00:00 2001 From: Stuart Laverick Date: Fri, 2 Feb 2024 15:53:39 +0000 Subject: [PATCH 02/14] Set char limit on service useful info description to 1000 --- .../Organisation/HasPermissionFilter.php | 8 +++++++- .../OrganisationEvent/HasPermissionFilter.php | 8 +++++++- .../Filters/Service/HasPermissionFilter.php | 18 +++++++++++------- app/Http/Requests/Service/StoreRequest.php | 2 +- app/Http/Requests/Service/UpdateRequest.php | 2 +- 5 files changed, 27 insertions(+), 11 deletions(-) diff --git a/app/Http/Filters/Organisation/HasPermissionFilter.php b/app/Http/Filters/Organisation/HasPermissionFilter.php index c7085c39f..9dffa16bc 100644 --- a/app/Http/Filters/Organisation/HasPermissionFilter.php +++ b/app/Http/Filters/Organisation/HasPermissionFilter.php @@ -11,9 +11,15 @@ class HasPermissionFilter implements Filter { public function __invoke(Builder $query, $value, string $property): Builder { - $organisationIds = []; $user = request()->user('api'); + // If Global or Super Admin, apply no filter + if ($user && $user->isGlobalAdmin()) { + return $query; + } + + $organisationIds = []; + if ($user) { $userOrganisationIds = $user->organisations() ->pluck(table(Organisation::class, 'id')) diff --git a/app/Http/Filters/OrganisationEvent/HasPermissionFilter.php b/app/Http/Filters/OrganisationEvent/HasPermissionFilter.php index 6bbc76bca..6e6fd215f 100644 --- a/app/Http/Filters/OrganisationEvent/HasPermissionFilter.php +++ b/app/Http/Filters/OrganisationEvent/HasPermissionFilter.php @@ -11,9 +11,15 @@ class HasPermissionFilter implements Filter { public function __invoke(Builder $query, $value, string $property): Builder { - $organisationIds = []; $user = request()->user('api'); + // If Global or Super Admin, apply no filter + if ($user && $user->isGlobalAdmin()) { + return $query; + } + + $organisationIds = []; + if ($user && $user->isOrganisationAdmin()) { $organisationIds = $user->organisations() ->pluck(table(Organisation::class, 'id')) diff --git a/app/Http/Filters/Service/HasPermissionFilter.php b/app/Http/Filters/Service/HasPermissionFilter.php index af6bf167f..e98967ae9 100644 --- a/app/Http/Filters/Service/HasPermissionFilter.php +++ b/app/Http/Filters/Service/HasPermissionFilter.php @@ -3,20 +3,24 @@ namespace App\Http\Filters\Service; use App\Models\Service; -use Spatie\QueryBuilder\Filters\Filter; use Illuminate\Database\Eloquent\Builder; +use Spatie\QueryBuilder\Filters\Filter; class HasPermissionFilter implements Filter { public function __invoke(Builder $query, $value, string $property): Builder { $user = request()->user('api'); - if (!$user || !$user->isGlobalAdmin()) { - $serviceIds = $user - ? $user->services()->pluck(table(Service::class, 'id'))->toArray() - : []; - $query->whereIn(table(Service::class, 'id'), $serviceIds); + + // If Global or Super Admin, apply no filter + if ($user && $user->isGlobalAdmin()) { + return $query; } - return $query; + + $serviceIds = $user + ? $user->services()->pluck(table(Service::class, 'id'))->toArray() + : []; + + return $query->whereIn(table(Service::class, 'id'), $serviceIds); } } diff --git a/app/Http/Requests/Service/StoreRequest.php b/app/Http/Requests/Service/StoreRequest.php index eff9ccf07..33919b2b4 100644 --- a/app/Http/Requests/Service/StoreRequest.php +++ b/app/Http/Requests/Service/StoreRequest.php @@ -188,7 +188,7 @@ function ($attribute, $value, $fail) { 'useful_infos' => ['present', 'array'], 'useful_infos.*' => ['array'], 'useful_infos.*.title' => ['required_with:useful_infos.*', 'string', 'min:1', 'max:255'], - 'useful_infos.*.description' => ['required_with:useful_infos.*', 'string', new MarkdownMinLength(1), new MarkdownMaxLength(10000)], + 'useful_infos.*.description' => ['required_with:useful_infos.*', 'string', new MarkdownMinLength(1), new MarkdownMaxLength(1000)], 'useful_infos.*.order' => ['required_with:useful_infos.*', 'integer', 'min:1', new InOrder(array_pluck_multi($this->useful_infos, 'order'))], 'offerings' => ['present', 'array'], diff --git a/app/Http/Requests/Service/UpdateRequest.php b/app/Http/Requests/Service/UpdateRequest.php index d29ed008c..8587329d3 100644 --- a/app/Http/Requests/Service/UpdateRequest.php +++ b/app/Http/Requests/Service/UpdateRequest.php @@ -218,7 +218,7 @@ public function rules(): array 'useful_infos' => ['array'], 'useful_infos.*' => ['array'], 'useful_infos.*.title' => ['required_with:useful_infos.*', 'string', 'min:1', 'max:255'], - 'useful_infos.*.description' => ['required_with:useful_infos.*', 'string', new MarkdownMinLength(1), new MarkdownMaxLength(10000)], + 'useful_infos.*.description' => ['required_with:useful_infos.*', 'string', new MarkdownMinLength(1), new MarkdownMaxLength(1000)], 'useful_infos.*.order' => [ 'required_with:useful_infos.*', 'integer', From a7fb91b87ec57c134a0f3dd66b157ae4bb3327f7 Mon Sep 17 00:00:00 2001 From: Stuart Laverick Date: Tue, 30 Apr 2024 10:16:04 +0100 Subject: [PATCH 03/14] Added Powered by Ayup Connect to footer and header of docs --- app/Docs/ExternalDocs.php | 2 +- app/Docs/Info.php | 2 +- app/Docs/OpenApi.php | 3 +-- resources/views/layout.blade.php | 18 ++++++++++++++---- 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/app/Docs/ExternalDocs.php b/app/Docs/ExternalDocs.php index c54f37f43..da4196557 100644 --- a/app/Docs/ExternalDocs.php +++ b/app/Docs/ExternalDocs.php @@ -11,6 +11,6 @@ public static function create(string $objectId = null): BaseObject { return parent::create($objectId) ->description('GitHub Wiki') - ->url('https://github.com/LondonBoroughSutton/helpyourselfsutton-api/wiki'); + ->url('https://github.com/Connected-Places/api/wiki'); } } diff --git a/app/Docs/Info.php b/app/Docs/Info.php index 040e42851..7a47b587f 100644 --- a/app/Docs/Info.php +++ b/app/Docs/Info.php @@ -16,7 +16,7 @@ public static function create(string $objectId = null): BaseObject ->version('v1') ->contact( Contact::create() - ->name('Ayup Digital') + ->name('Ayup Connect') ->url('https://ayup.agency') ); } diff --git a/app/Docs/OpenApi.php b/app/Docs/OpenApi.php index 7cd995bf0..75602d42a 100644 --- a/app/Docs/OpenApi.php +++ b/app/Docs/OpenApi.php @@ -148,8 +148,7 @@ public static function create(string $objectId = null): BaseObject Tags\TaxonomyOrganisationsTag::create(), Tags\UpdateRequestsTag::create(), Tags\UsersTag::create() - ) - ->externalDocs(ExternalDocs::create()); + ); } /** diff --git a/resources/views/layout.blade.php b/resources/views/layout.blade.php index 80f036703..2c1450b5c 100644 --- a/resources/views/layout.blade.php +++ b/resources/views/layout.blade.php @@ -1,5 +1,5 @@ - + @@ -18,7 +18,7 @@ @yield('css') - +