@@ -398,7 +391,7 @@
-
+
{{milestone.milestoneComments}}
@@ -408,7 +401,7 @@
-
{{milestone.milestoneDate | date:'yyyy-MM-dd'}}
@@ -418,7 +411,7 @@
-
{{milestone.milestoneStatus}}
@@ -428,7 +421,7 @@
-
{{milestone.milestoneTeam}}
@@ -437,12 +430,12 @@
-
@@ -471,7 +464,7 @@
Label
-
@@ -479,10 +472,10 @@
{{label.labelName}}
-
-
@@ -505,8 +498,8 @@
-
diff --git a/client/src/app/pages/poam-processing/poam-details/poam-details.component.ts b/client/src/app/pages/poam-processing/poam-details/poam-details.component.ts
index 0fd39bf4..3e21f3b5 100644
--- a/client/src/app/pages/poam-processing/poam-details/poam-details.component.ts
+++ b/client/src/app/pages/poam-processing/poam-details/poam-details.component.ts
@@ -12,8 +12,8 @@ import { DatePipe } from '@angular/common';
import { ChangeDetectorRef, Component, OnDestroy, OnInit, ViewChild } from '@angular/core';
import { ActivatedRoute, Router } from '@angular/router';
import { addDays, format, isAfter } from 'date-fns';
-import { Subscription, forkJoin, of, throwError } from 'rxjs';
-import { catchError, map, switchMap, tap } from 'rxjs/operators';
+import { Subscription, forkJoin, of } from 'rxjs';
+import { catchError } from 'rxjs/operators';
import { SubSink } from 'subsink';
import { SharedService } from '../../../common/services/shared.service';
import { CollectionsService } from '../../admin-processing/collection-processing/collections.service';
@@ -25,20 +25,7 @@ import { ConfirmationService, MessageService } from 'primeng/api';
import { Table } from 'primeng/table';
import { jsonToPlainText } from "json-to-plain-text";
import { AAPackageService } from '../../admin-processing/aaPackage-processing/aaPackage-processing.service';
-function getRoleFromAccessLevel(accessLevel: number): string {
- switch (accessLevel) {
- case 1:
- return 'viewer';
- case 2:
- return 'submitter';
- case 3:
- return 'approver';
- case 4:
- return 'cat1approver';
- default:
- return 'none';
- }
-}
+
interface AAPackage {
aaPackageId: number;
aaPackage: string;
@@ -61,36 +48,19 @@ interface Permission {
})
export class PoamDetailsComponent implements OnInit, OnDestroy {
@ViewChild('dt') table: Table;
- editingRows: { [s: string]: boolean } = {};
- clonedAssignees: { [s: string]: any; } = {};
+ protected accessLevel: number;
clonedMilestones: { [s: string]: any; } = {};
- milestoneStatusOptions = [
- { label: 'Pending', value: 'Pending' },
- { label: 'Complete', value: 'Complete' }
- ];
-
- approvalStatusOptions = [
- { label: 'Not Reviewed', value: 'Not Reviewed' },
- { label: 'Approved', value: 'Approved' },
- { label: 'Rejected', value: 'Rejected' }
- ];
-
poamLabels: any[] = [];
labelList: any[] = [];
- newLabel: any = { labelId: null };
errorDialogVisible: boolean = false;
errorMessage: string = '';
errorHeader: string = 'Error';
- public isLoggedIn = false;
- users: any;
user: any;
poam: any;
poamId: string = "";
payload: any;
dates: any = {};
collectionUsers: any;
- collectionSubmitters: any[] = [];
- collection: any;
collectionApprovers: any;
collectionBasicList: any[] = [];
aaPackages: AAPackage[] = [];
@@ -99,27 +69,29 @@ export class PoamDetailsComponent implements OnInit, OnDestroy {
poamMilestones: any[] = [];
pluginData: any;
assets: any;
+ assetList: any[] = [];
poamAssets: any[] = [];
poamAssignees: any[] = [];
isEmassCollection: boolean = false;
- canModifySubmitter: boolean = false;
- showApprove: boolean = false;
- showSubmit: boolean = false;
- showClose: boolean = false;
showCheckData: boolean = false;
- stigmanCollections: any[] = [];
stigmanSTIGs: any;
tenableVulnResponse: any;
tenablePluginData: string;
filteredStigmanSTIGs: string[] = [];
- selectedStig: any = null;
+ filteredVulnerabilitySources: string[] = [];
selectedStigTitle: string = '';
selectedStigObject: any = null;
selectedStigBenchmarkId: string = '';
stigmanCollectionId: any;
- groupId: any;
- assetList: any[] = [];
stateData: any;
+ selectedCollection: any;
+ private subscriptions = new Subscription();
+ private subs = new SubSink();
+
+ milestoneStatusOptions = [
+ { label: 'Pending', value: 'Pending' },
+ { label: 'Complete', value: 'Complete' }
+ ];
vulnerabilitySources: string[] = [
"ACAS Nessus Scanner",
@@ -127,30 +99,27 @@ export class PoamDetailsComponent implements OnInit, OnDestroy {
"RMF Controls",
"Task Order",
];
- filteredVulnerabilitySources: string[] =[];
+
statusOptions = [
{ label: 'Draft', value: 'Draft', disabled: false },
{ label: 'Closed', value: 'Closed', disabled: false },
{ label: 'Expired', value: 'Expired', disabled: false },
{ label: 'Submitted', value: 'Submitted', disabled: true },
{ label: 'Approved', value: 'Approved', disabled: true },
+ { label: 'Pending CAT-I Approval', value: 'Pending CAT-I Approval', disabled: true },
{ label: 'Rejected', value: 'Rejected', disabled: true },
{ label: 'Extension Requested', value: 'Extension Requested', disabled: true },
];
- rawSeverityOptions = [
- { label: 'CAT I - Critical/High', value: 'CAT I - Critical/High' },
- { label: 'CAT II - Medium', value: 'CAT II - Medium' },
- { label: 'CAT III - Low', value: 'CAT III - Low' },
- ];
-
- adjSeverityOptions = [
- { label: 'CAT I - Critical/High', value: 'CAT I - Critical/High' },
- { label: 'CAT II - Medium', value: 'CAT II - Medium' },
- { label: 'CAT III - Low', value: 'CAT III - Low' },
+ severityOptions = [
+ { value: 'CAT I - Critical', label: 'CAT I - Critical' },
+ { value: 'CAT I - High', label: 'CAT I - High' },
+ { value: 'CAT II - Medium', label: 'CAT II - Medium' },
+ { value: 'CAT III - Low', label: 'CAT III - Low' },
+ { value: 'CAT III - Informational', label: 'CAT III - Informational' }
];
- residualRiskOptions = [
+ ratingOptions = [
{ label: 'Very Low', value: 'Very Low' },
{ label: 'Low', value: 'Low' },
{ label: 'Moderate', value: 'Moderate' },
@@ -158,47 +127,6 @@ export class PoamDetailsComponent implements OnInit, OnDestroy {
{ label: 'Very High', value: 'Very High' },
];
- likelihoodOptions = [
- { label: 'Very Low', value: 'Very Low' },
- { label: 'Low', value: 'Low' },
- { label: 'Moderate', value: 'Moderate' },
- { label: 'High', value: 'High' },
- { label: 'Very High', value: 'Very High' },
- ];
-
- relevanceOfThreatOptions = [
- { label: 'Very Low', value: 'Very Low' },
- { label: 'Low', value: 'Low' },
- { label: 'Moderate', value: 'Moderate' },
- { label: 'High', value: 'High' },
- { label: 'Very High', value: 'Very High' },
- ];
-
- businessImpactRatingOptions = [
- { label: 'Very Low', value: 'Very Low' },
- { label: 'Low', value: 'Low' },
- { label: 'Moderate', value: 'Moderate' },
- { label: 'High', value: 'High' },
- { label: 'Very High', value: 'Very High' },
- ];
-
- steps = [
- { label: 'Assignees' },
- { label: 'Approvers' },
- { label: 'Assets' },
- { label: 'Predisposing Conditions' },
- { label: 'Mitigations' },
- { label: 'Required Resources' },
- { label: 'Residual Risk' },
- { label: 'Business Impact' },
- { label: 'Milestones' },
- { label: 'POAM Labels' },
- { label: 'Notes' },
- ];
- selectedCollection: any;
- private subscriptions = new Subscription();
- private subs = new SubSink();
-
constructor(
private aaPackageService: AAPackageService,
private confirmationService: ConfirmationService,
@@ -232,45 +160,30 @@ export class PoamDetailsComponent implements OnInit, OnDestroy {
async setPayload() {
this.user = null;
this.payload = null;
-
+ this.accessLevel = 0;
(await this.userService.getCurrentUser()).subscribe({
next: (response: any) => {
if (response?.userId) {
this.user = response;
- if (this.user.accountStatus === 'ACTIVE') {
-
- const mappedPermissions = this.user.permissions.map((permission: Permission) => ({
- collectionId: permission.collectionId,
- accessLevel: permission.accessLevel,
- }));
+ const mappedPermissions = this.user.permissions?.map((permission: Permission) => ({
+ collectionId: permission.collectionId,
+ accessLevel: permission.accessLevel,
+ }));
- this.payload = {
- ...this.user,
- collections: mappedPermissions
- };
-
- const selectedPermissions = this.payload.collections.find((x: { collectionId: any; }) => x.collectionId == this.payload.lastCollectionAccessedId);
- let myRole: string;
-
- if (!selectedPermissions && !this.user.isAdmin) {
- myRole = 'none';
- } else if (this.user.isAdmin) {
- myRole = 'admin';
- } else if (selectedPermissions) {
- myRole = getRoleFromAccessLevel(selectedPermissions.accessLevel);
- } else {
- myRole = 'none';
+ this.payload = {
+ ...this.user,
+ collections: mappedPermissions
+ };
+ if (mappedPermissions.length > 0) {
+ const selectedPermissions = this.payload.collections.find(
+ (x: { collectionId: any; }) => x.collectionId == this.payload.lastCollectionAccessedId
+ );
+
+ if (selectedPermissions) {
+ this.accessLevel = selectedPermissions.accessLevel;
}
-
- this.payload.role = myRole;
- this.showApprove = ['admin', 'cat1approver', 'approver'].includes(this.payload.role);
- this.showClose = ['admin', 'cat1approver', 'approver', 'submitter'].includes(this.payload.role);
- this.showSubmit = ['admin', 'cat1approver', 'approver', 'submitter'].includes(this.payload.role);
- this.canModifySubmitter = ['admin', 'cat1approver', 'approver', 'submitter'].includes(this.payload.role);
- this.getData();
}
- } else {
- console.error('User data is not available or user is not active');
+ this.getData();
}
},
error: (error) => {
@@ -295,22 +208,21 @@ export class PoamDetailsComponent implements OnInit, OnDestroy {
} else {
forkJoin([
await this.poamService.getPoam(this.poamId),
- await this.poamService.getCollection(this.payload.lastCollectionAccessedId, this.payload.userName),
await this.collectionService.getUsersForCollection(this.payload.lastCollectionAccessedId),
await this.assetService.getAssetsByCollection(this.payload.lastCollectionAccessedId),
await this.poamService.getPoamAssignees(this.poamId),
await this.poamService.getPoamApprovers(this.poamId),
await this.poamService.getPoamMilestones(this.poamId),
await this.poamService.getPoamLabelsByPoam(this.poamId)
- ]).subscribe(([poam, collection, users, collectionAssets, assignees, poamApprovers, poamMilestones, poamLabels]: any) => {
+ ]).subscribe(([poam, users, collectionAssets, assignees, poamApprovers, poamMilestones, poamLabels]: any) => {
this.poam = { ...poam, hqs: poam.hqs === 1 ? true : false };
this.dates.scheduledCompletionDate = poam.scheduledCompletionDate ? new Date(poam.scheduledCompletionDate) : null;
this.dates.iavComplyByDate = poam.iavComplyByDate ? new Date(poam.iavComplyByDate) : null;
this.dates.submittedDate = poam.submittedDate ? new Date(poam.submittedDate) : null;
this.dates.closedDate = poam.closedDate ? new Date(poam.closedDate) : null;
- this.collection = collection.collection;
this.collectionUsers = users;
this.assets = collectionAssets;
+ this.poamAssets = [];
this.poamAssignees = assignees;
this.poamApprovers = poamApprovers;
this.poamMilestones = poamMilestones.poamMilestones.map((milestone: any) => ({
@@ -319,32 +231,19 @@ export class PoamDetailsComponent implements OnInit, OnDestroy {
}));
this.selectedStigTitle = this.poam.stigTitle;
this.selectedStigBenchmarkId = this.poam.stigBenchmarkId;
- this.collectionApprovers = this.collectionUsers.filter((user: Permission) => user.accessLevel >= 3 || this.user.isAdmin);
+ this.collectionApprovers = this.collectionUsers.filter((user: Permission) => user.accessLevel >= 3);
if (this.collectionApprovers.length > 0 && (this.poamApprovers == undefined || this.poamApprovers.length == 0)) {
this.addDefaultApprovers();
}
- if (this.collectionUsers) {
- this.collectionUsers.forEach((user: any) => {
- if (user.accessLevel >= 2) {
- this.collectionSubmitters.push({ ...user });
- }
- });
- }
+
if (this.poam.tenablePluginData) {
- try {
- const pluginDataObject = JSON.parse(this.poam.tenablePluginData);
- this.tenablePluginData = jsonToPlainText(pluginDataObject, {});
- } catch (error) {
- this.tenablePluginData = this.poam.tenablePluginData;
- }
- }
- if ((this.poam.vulnerabilitySource === 'STIG' || this.poam.vulnerabilitySource === 'ACAS Nessus Scanner') && !this.isEmassCollection) {
- this.poamAssets = [];
- } else {
- this.fetchAssets();
+ this.parsePluginData(this.poam.tenablePluginData);
}
+
+ if (this.isEmassCollection) {
+ this.fetchAssets();
+ }
this.poamLabels = poamLabels;
- this.setChartSelectionData();
});
(await this.sharedService.getSTIGsFromSTIGMAN()).subscribe({
next: (data) => {
@@ -362,14 +261,12 @@ export class PoamDetailsComponent implements OnInit, OnDestroy {
}
async createNewACASPoam() {
- this.canModifySubmitter = true;
this.pluginData = this.stateData.pluginData;
await this.loadVulnerabilitiy(this.pluginData.id);
forkJoin([
- await this.poamService.getCollection(this.payload.lastCollectionAccessedId, this.payload.userName),
await this.collectionService.getUsersForCollection(this.payload.lastCollectionAccessedId),
await this.assetService.getAssetsByCollection(this.payload.lastCollectionAccessedId),
- ]).subscribe(async ([collection, users, collectionAssets]: any) => {
+ ]).subscribe(async ([users, collectionAssets]: any) => {
this.poam = {
poamId: "ADDPOAM",
collectionId: this.payload.lastCollectionAccessedId,
@@ -389,58 +286,60 @@ ${this.pluginData.description}` || "",
scheduledCompletionDate: '',
submitterId: this.payload.userId,
status: "Draft",
- tenablePluginData: this.pluginData || "",
+ tenablePluginData: this.pluginData ? JSON.stringify(this.pluginData) : "",
hqs: false,
};
this.dates.scheduledCompletionDate = null;
this.dates.iavComplyByDate = this.poam.iavComplyByDate ? new Date(this.poam.iavComplyByDate) : null;
this.dates.submittedDate = new Date(this.poam.submittedDate);
-
- this.collection = collection;
this.collectionUsers = users;
this.assets = collectionAssets;
this.poamAssets = [];
this.poamAssignees = [];
this.collectionApprovers = [];
- this.collectionApprovers = this.collectionUsers.filter((user: Permission) => user.accessLevel >= 3 || this.user.isAdmin);
+ this.collectionApprovers = this.collectionUsers.filter((user: Permission) => user.accessLevel >= 3);
this.poamApprovers = this.collectionApprovers.map((approver: any) => ({
userId: approver.userId,
approvalStatus: 'Not Reviewed',
comments: '',
}));
- this.collectionSubmitters = [];
- if (this.collectionUsers) {
- this.collectionUsers.forEach((user: any) => {
- if (user.accessLevel >= 2) {
- this.collectionSubmitters.push({ ...user });
- }
- });
- }
- this.setChartSelectionData();
if (this.poam.tenablePluginData) {
- try {
- const pluginDataObject = JSON.parse(this.poam.tenablePluginData);
- this.tenablePluginData = jsonToPlainText(pluginDataObject, {});
- } catch (error) {
- this.tenablePluginData = this.poam.tenablePluginData;
- }
+ this.parsePluginData(this.poam.tenablePluginData);
}
});
}
+ private parsePluginData(pluginData: string) {
+ try {
+ let dataObject: any;
+
+ if (typeof pluginData === 'string') {
+ dataObject = JSON.parse(pluginData);
+ } else if (typeof pluginData === 'object') {
+ dataObject = pluginData;
+ } else {
+ throw new Error('Invalid plugin data format');
+ }
+
+ this.tenablePluginData = jsonToPlainText(dataObject, {});
+ } catch (error) {
+ this.tenablePluginData = this.poam.tenablePluginData;
+ }
+ }
+
mapTenableSeverity(severity: string) {
switch (severity) {
case "0":
- return 'CAT III - Low';
+ return 'CAT III - Informational';
case "1":
return 'CAT III - Low';
case "2":
return 'CAT II - Medium';
case "3":
- return 'CAT I - Critical/High';
+ return 'CAT I - High';
case "4":
- return 'CAT I - Critical/High';
+ return 'CAT I - Critical';
default:
return '';
}
@@ -494,12 +393,10 @@ ${this.pluginData.description}` || "",
async createNewSTIGManagerPoam() {
this.validateStigManagerCollection(false);
- this.canModifySubmitter = true;
forkJoin([
- await this.poamService.getCollection(this.payload.lastCollectionAccessedId, this.payload.userName),
await this.collectionService.getUsersForCollection(this.payload.lastCollectionAccessedId),
await this.assetService.getAssetsByCollection(this.payload.lastCollectionAccessedId),
- ]).subscribe(async ([collection, users, collectionAssets]: any) => {
+ ]).subscribe(async ([users, collectionAssets]: any) => {
this.poam = {
poamId: "ADDPOAM",
collectionId: this.payload.lastCollectionAccessedId,
@@ -518,28 +415,17 @@ ${this.pluginData.description}` || "",
this.dates.scheduledCompletionDate = null;
this.dates.iavComplyByDate = null;
this.dates.submittedDate = new Date(this.poam.submittedDate);
-
- this.collection = collection;
this.collectionUsers = users;
this.assets = collectionAssets;
this.poamAssets = [];
this.poamAssignees = [];
this.collectionApprovers = [];
- this.collectionApprovers = this.collectionUsers.filter((user: Permission) => user.accessLevel >= 3 || this.user.isAdmin);
+ this.collectionApprovers = this.collectionUsers.filter((user: Permission) => user.accessLevel >= 3);
this.poamApprovers = this.collectionApprovers.map((approver: any) => ({
userId: approver.userId,
approvalStatus: 'Not Reviewed',
comments: '',
}));
- this.collectionSubmitters = [];
- if (this.collectionUsers) {
- this.collectionUsers.forEach((user: any) => {
- if (user.accessLevel >= 2) {
- this.collectionSubmitters.push({ ...user });
- }
- });
- }
- this.setChartSelectionData();
(await this.sharedService.getSTIGsFromSTIGMAN()).subscribe({
next: (data) => {
this.stigmanSTIGs = data.map((stig: any) => ({
@@ -569,12 +455,10 @@ ${this.pluginData.description}` || "",
}
async createNewPoam() {
- this.canModifySubmitter = true;
forkJoin([
- await this.poamService.getCollection(this.payload.lastCollectionAccessedId, this.payload.userName),
await this.collectionService.getUsersForCollection(this.payload.lastCollectionAccessedId),
await this.assetService.getAssetsByCollection(this.payload.lastCollectionAccessedId),
- ]).subscribe(async ([collection, users, collectionAssets]: any) => {
+ ]).subscribe(async ([users, collectionAssets]: any) => {
this.poam = {
poamId: "ADDPOAM",
collectionId: this.payload.lastCollectionAccessedId,
@@ -593,28 +477,17 @@ ${this.pluginData.description}` || "",
this.dates.scheduledCompletionDate = null;
this.dates.iavComplyByDate = null;
this.dates.submittedDate = new Date(this.poam.submittedDate);
-
- this.collection = collection;
this.collectionUsers = users;
this.assets = collectionAssets;
this.poamAssets = [];
this.poamAssignees = [];
this.collectionApprovers = [];
- this.collectionApprovers = this.collectionUsers.filter((user: Permission) => user.accessLevel >= 3 || this.user.isAdmin);
+ this.collectionApprovers = this.collectionUsers.filter((user: Permission) => user.accessLevel >= 3);
this.poamApprovers = this.collectionApprovers.map((approver: any) => ({
userId: approver.userId,
approvalStatus: 'Not Reviewed',
comments: '',
}));
- this.collectionSubmitters = [];
- if (this.collectionUsers) {
- this.collectionUsers.forEach((user: any) => {
- if (user.accessLevel >= 2) {
- this.collectionSubmitters.push({ ...user });
- }
- });
- }
- this.setChartSelectionData();
(await this.sharedService.getSTIGsFromSTIGMAN()).subscribe({
next: (data) => {
this.stigmanSTIGs = data.map((stig: any) => ({
@@ -726,15 +599,6 @@ ${this.pluginData.description}` || "",
})
}
- setChartSelectionData() {
- this.collectionSubmitters = [];
- if (this.collectionUsers) {
- this.collectionUsers.forEach((user: any) => {
- if (user.accessLevel >= 2) this.collectionSubmitters.push({ ...user });
- });
- }
- }
-
async approvePoam() {
await this.router.navigateByUrl("/poam-processing/poam-approve/" + this.poam.poamId);
}
@@ -783,7 +647,6 @@ ${this.pluginData.description}` || "",
this.poam.submittedDate = this.dates.submittedDate ? format(this.dates.submittedDate, "yyyy-MM-dd") : null;
this.poam.iavComplyByDate = this.dates.iavComplyByDate ? format(this.dates.iavComplyByDate, "yyyy-MM-dd") : null;
this.poam.requiredResources = this.poam.requiredResources ? this.poam.requiredResources : "";
- this.poam.vulnIdRestricted = this.poam.vulnIdRestricted ? this.poam.vulnIdRestricted : "";
this.poam.poamLog = [{ userId: this.user.userId }];
if (this.poam.status === "Closed") {
this.poam.closedDate = format(new Date(), "yyyy-MM-dd");
@@ -906,6 +769,7 @@ ${this.pluginData.description}` || "",
this.poam.iavComplyByDate = this.dates.iavComplyByDate ? format(this.dates.iavComplyByDate, "yyyy-MM-dd") : null;
this.poam.scheduledCompletionDate = this.dates.scheduledCompletionDate ? format(this.dates.scheduledCompletionDate, "yyyy-MM-dd") : null;
this.poam.submittedDate = this.dates.submittedDate ? format(this.dates.submittedDate, "yyyy-MM-dd") : null;
+ this.poam.hqs = 1 ? true : false;
this.savePoam();
}
@@ -942,6 +806,10 @@ ${this.pluginData.description}` || "",
this.messageService.add({ severity: "error", summary: 'Information', detail: "IAV Comply By Date is required if an IAVM Number is provided." });
return false;
}
+ if (this.poam.adjSeverity && this.poam.adjSeverity != this.poam.rawSeverity && !this.poam.mitigations) {
+ this.messageService.add({ severity: "error", summary: 'Information', detail: "If Adjusted Severity deviates from the Raw Severity, Mitigations becomes a required field." });
+ return false;
+ }
return true;
}
@@ -1338,6 +1206,7 @@ ${this.pluginData.description}` || "",
.map(aaPackage => aaPackage.aaPackage);
}
+
confirm(options: { header: string, message: string, accept: () => void }) {
this.confirmationService.confirm({
message: options.message,
diff --git a/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.html b/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.html
index 013e1455..deeffbc7 100644
--- a/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.html
+++ b/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.html
@@ -13,8 +13,8 @@
-
Extension Time Allowed:
-
+
Extension Time Requested:
+
@@ -33,106 +33,187 @@
[suggestions]="filteredJustifications"
(completeMethod)="filterJustifications($event)"
[placeholder]="extensionJustificationPlaceholder"
- [style]="{'width':'100%'}">
+ [style]="{'width':'100%'}"
+ [disabled]="accessLevel < 2">
-
-
-
-
- Milestone Comments
- Milestone Date
- Milestone Change Comments
- Milestone Change Date
- Milestone Status
- Milestone Team
-
-
-
-
-
-
-
-
-
-
- {{milestone.milestoneComments}}
-
-
-
-
-
-
-
-
- {{milestone.milestoneDate | date:'yyyy-MM-dd'}}
-
-
-
-
-
-
-
-
-
- {{milestone.milestoneChangeComments}}
-
-
-
-
-
-
-
-
- {{milestone.milestoneChangeDate | date:'yyyy-MM-dd'}}
-
-
-
-
-
-
-
-
- {{milestone.milestoneStatus}}
-
-
-
-
-
-
-
-
- {{milestone.milestoneTeam}}
-
-
-
-
-
-
-
-
-
-
- No Data to Display
-
-
-
+
+
+
+
+
+
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Impact Description:
+
+
+
+
+
+
+
+
-
diff --git a/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.scss b/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.scss
index d6d62e11..8c0d34e6 100644
--- a/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.scss
+++ b/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.scss
@@ -21,10 +21,54 @@
margin-bottom: 0.5rem;
}
-p-table {
- margin-top: 1rem;
-}
-
.p-button-outlined {
margin-right: 1rem;
}
+
+.form-group {
+ margin-bottom: 15px;
+}
+
+.form-group label {
+ display: block;
+ margin-bottom: 5px;
+}
+
+:host ::ng-deep {
+ .p-card-content {
+ padding: 0;
+ }
+
+ .p-stepper-panel {
+ height: 100%;
+ }
+
+ .stepper-content-wrapper {
+ display: flex;
+ flex-direction: column;
+ height: 420px;
+ }
+
+ .stepper-content {
+ flex: 1;
+ overflow-y: auto;
+ padding: 1rem;
+ margin-bottom: .5rem;
+ }
+
+ .stepper-buttons {
+ display: flex;
+ justify-content: space-between;
+ padding: 0 1rem 1rem;
+ border-bottom: 1px solid var(--surface-d);
+ &.first-panel {
+ justify-content: flex-end;
+ }
+ }
+
+ .p-datatable {
+ .p-datatable-wrapper {
+ overflow-x: auto;
+ }
+ }
+}
diff --git a/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.ts b/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.ts
index 11176c2a..8c6ba49a 100644
--- a/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.ts
+++ b/client/src/app/pages/poam-processing/poam-extend/poam-extend.component.ts
@@ -8,16 +8,23 @@
!########################################################################
*/
-import { Component, OnInit, OnDestroy, ViewChild, ChangeDetectorRef } from '@angular/core';
+import { Component, OnInit, OnDestroy, ChangeDetectorRef } from '@angular/core';
import { Router, ActivatedRoute } from '@angular/router';
import { ConfirmationService } from 'primeng/api';
import { Subscription, forkJoin } from 'rxjs';
-import { addDays, format, isAfter, parseISO } from 'date-fns';
+import { addDays, format, isAfter } from 'date-fns';
import { PoamService } from '../poams.service';
import { UsersService } from '../../admin-processing/user-processing/users.service';
import { SharedService } from '../../../common/services/shared.service';
import { PoamExtensionService } from '../poam-extend/poam-extend.service';
import { MessageService } from 'primeng/api';
+import { AuthGuard } from '../../../core/auth/guards/auth.guard';
+
+interface Permission {
+ userId: number;
+ collectionId: number;
+ accessLevel: number;
+}
@Component({
selector: 'cpat-poam-extend',
@@ -26,6 +33,7 @@ import { MessageService } from 'primeng/api';
providers: [ConfirmationService]
})
export class PoamExtendComponent implements OnInit, OnDestroy {
+ protected accessLevel: number;
displayExtensionDialog: boolean = false;
dates: any = {};
poam: any;
@@ -51,15 +59,49 @@ export class PoamExtendComponent implements OnInit, OnDestroy {
];
filteredJustifications: string[] = [];
extensionTimeOptions = [
- { label: '0 Days', value: 0 },
+ { label: '3 Days', value: 3 },
+ { label: '7 Days', value: 7 },
+ { label: '14 Days', value: 14 },
{ label: '30 Days', value: 30 },
{ label: '60 Days', value: 60 },
{ label: '90 Days', value: 90 },
{ label: '180 Days', value: 180 },
{ label: '365 Days', value: 365 }
];
+ residualRiskOptions = [
+ { label: 'Very Low', value: 'Very Low' },
+ { label: 'Low', value: 'Low' },
+ { label: 'Moderate', value: 'Moderate' },
+ { label: 'High', value: 'High' },
+ { label: 'Very High', value: 'Very High' },
+ ];
+
+ likelihoodOptions = [
+ { label: 'Very Low', value: 'Very Low' },
+ { label: 'Low', value: 'Low' },
+ { label: 'Moderate', value: 'Moderate' },
+ { label: 'High', value: 'High' },
+ { label: 'Very High', value: 'Very High' },
+ ];
+
+ relevanceOfThreatOptions = [
+ { label: 'Very Low', value: 'Very Low' },
+ { label: 'Low', value: 'Low' },
+ { label: 'Moderate', value: 'Moderate' },
+ { label: 'High', value: 'High' },
+ { label: 'Very High', value: 'Very High' },
+ ];
+
+ impactRatingOptions = [
+ { label: 'Very Low', value: 'Very Low' },
+ { label: 'Low', value: 'Low' },
+ { label: 'Moderate', value: 'Moderate' },
+ { label: 'High', value: 'High' },
+ { label: 'Very High', value: 'Very High' },
+ ];
selectedCollection: any;
user: any;
+ payload: any;
completionDate: any;
completionDateWithExtension: any;
labelList: any;
@@ -93,19 +135,38 @@ export class PoamExtendComponent implements OnInit, OnDestroy {
async setPayload() {
this.user = null;
+ this.payload = null;
+ this.accessLevel = 0;
(await this.userService.getCurrentUser()).subscribe({
next: (response: any) => {
if (response?.userId) {
this.user = response;
+ const mappedPermissions = this.user.permissions?.map((permission: Permission) => ({
+ collectionId: permission.collectionId,
+ accessLevel: permission.accessLevel,
+ }));
+
+ this.payload = {
+ ...this.user,
+ collections: mappedPermissions
+ };
+ if (mappedPermissions.length > 0) {
+ const selectedPermissions = this.payload.collections.find(
+ (x: { collectionId: any; }) => x.collectionId == this.payload.lastCollectionAccessedId
+ );
+
+ if (selectedPermissions) {
+ this.accessLevel = selectedPermissions.accessLevel;
+ }
+ }
this.getData();
- } else {
- console.error('User data is not available or user is not active');
}
},
error: (error) => {
console.error('An error occurred:', error);
}
});
+ this.cdr.detectChanges();
}
async getData() {
@@ -127,6 +188,13 @@ export class PoamExtendComponent implements OnInit, OnDestroy {
this.poam = {
poamId: +poamData.poamId,
status: poamData.status,
+ mitigations: poamData.mitigations,
+ requiredResources: poamData.requiredResources,
+ residualRisk: poamData.residualRisk,
+ likelihood: poamData.likelihood,
+ relevanceOfThreat: poamData.relevanceOfThreat,
+ impactRating: poamData.impactRating,
+ impactDescription: poamData.impactDescription,
extensionTimeAllowed: extensionData.extensionTimeAllowed,
extensionJustification: extensionData.extensionJustification,
scheduledCompletionDate: new Date(extensionData.scheduledCompletionDate),
@@ -142,6 +210,13 @@ export class PoamExtendComponent implements OnInit, OnDestroy {
extensionTimeAllowed: 0,
extensionJustification: '',
scheduledCompletionDate: '',
+ mitigations: '',
+ requiredResources: '',
+ residualRisk: '',
+ likelihood: '',
+ relevanceOfThreat: '',
+ impactRating: '',
+ impactDescription: '',
};
this.extensionJustification = '';
this.completionDateWithExtension = this.poam.scheduledCompletionDate.substr(0, 10).replaceAll('-', '/');
@@ -333,6 +408,13 @@ export class PoamExtendComponent implements OnInit, OnDestroy {
extensionTimeAllowed: this.poam.extensionTimeAllowed,
extensionJustification: this.extensionJustification,
status: 'Extension Requested',
+ mitigations: this.poam.mitigations,
+ requiredResources: this.poam.requiredResources,
+ residualRisk: this.poam.residualRisk,
+ likelihood: this.poam.likelihood,
+ relevanceOfThreat: this.poam.relevanceOfThreat,
+ impactRating: this.poam.impactRating,
+ impactDescription: this.poam.impactDescription,
poamLog: [{ userId: this.user.userId }],
};
@@ -341,7 +423,19 @@ export class PoamExtendComponent implements OnInit, OnDestroy {
}
try {
- await this.poamExtensionService.putPoamExtension(extensionData);
+
+ (await this.poamExtensionService.putPoamExtension(extensionData)).subscribe({
+ next: (res) => {
+ if (res.null || res.null == "null") {
+ this.messageService.add({ severity: "error", summary: 'Information', detail: "Unexpected error adding POAM Extension" });
+ } else {
+ this.messageService.add({ severity: "success", summary: 'Success', detail: `Added POAM: ${res.poamId}` });
+ }
+ },
+ error: () => {
+ this.messageService.add({ severity: "error", summary: 'Information', detail: "Unexpected error adding POAM Extension" });
+ }
+ });
if (this.poam.extensionTimeAllowed > 0) {
await this.poamService.updatePoamStatus(this.poamId, extensionData);
}
diff --git a/client/src/app/pages/poam-processing/poam-manage/poam-manage.component.html b/client/src/app/pages/poam-processing/poam-manage/poam-manage.component.html
index 9fd2ee61..14c327b3 100644
--- a/client/src/app/pages/poam-processing/poam-manage/poam-manage.component.html
+++ b/client/src/app/pages/poam-processing/poam-manage/poam-manage.component.html
@@ -31,25 +31,25 @@
@@ -59,6 +59,6 @@
diff --git a/client/src/app/pages/poam-processing/poam-manage/poam-manage.component.ts b/client/src/app/pages/poam-processing/poam-manage/poam-manage.component.ts
index d024bb7e..2a1354e3 100644
--- a/client/src/app/pages/poam-processing/poam-manage/poam-manage.component.ts
+++ b/client/src/app/pages/poam-processing/poam-manage/poam-manage.component.ts
@@ -37,7 +37,7 @@ interface LabelInfo {
export class PoamManageComponent implements OnInit, AfterViewInit, OnDestroy {
advancedSeverityseverityPieChartData: any[] = [];
advancedStatusPieChartData: any[] = [];
- approvalColumns = ['POAM ID', 'Adjusted Severity', 'Approval Status', 'Manage'];
+ approvalColumns = ['POAM ID', 'Adjusted Severity', 'Approval Status', 'POAM'];
private subs = new SubSink();
public isLoggedIn = false;
public monthlyPoamStatus: any[] = [];
@@ -186,7 +186,7 @@ export class PoamManageComponent implements OnInit, AfterViewInit, OnDestroy {
}
updateAdvancedPieChart(): void {
- const severityOrder = ['CAT I - Critical/High', 'CAT II - Medium', 'CAT III - Low'];
+ const severityOrder = ['CAT I - Critical' || 'CAT I - High', 'CAT II - Medium', 'CAT III - Low' || 'CAT III - Informational'];
const severityLabel = ['CAT I', 'CAT II', 'CAT III'];
const statusOrder = ['Submitted', 'Approved', 'Closed', 'Rejected', 'Extension Requested', 'Expired', 'Draft'];
diff --git a/client/src/app/pages/poam-processing/poams.service.ts b/client/src/app/pages/poam-processing/poams.service.ts
index 09f661b0..b5cd8d7d 100644
--- a/client/src/app/pages/poam-processing/poams.service.ts
+++ b/client/src/app/pages/poam-processing/poams.service.ts
@@ -38,12 +38,6 @@ export class PoamService {
return new HttpHeaders().set('Authorization', 'Bearer ' + token);
}
- async getCollection(id: string, userName: string) {
- const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/collection/${id}/user/${userName}`, { headers })
- .pipe(catchError(this.handleError));
- }
-
async getCollectionPoamStatus(id: string) {
const headers = await this.getAuthHeaders();
return this.http.get(`${this.cpatApiBase}/metrics/collection/${id}/poamstatus`, { headers })
@@ -74,27 +68,27 @@ export class PoamService {
.pipe(catchError(this.handleError));
}
- async getPoam(id: string, includeApprovers: boolean = false, includeAssignees: boolean = false, includeAssets: boolean = false) {
+ async getPoam(poamId: string, includeApprovers: boolean = false, includeAssignees: boolean = false, includeAssets: boolean = false) {
const params = new HttpParams()
.set('approvers', includeApprovers.toString())
.set('assignees', includeAssignees.toString())
.set('assets', includeAssets.toString());
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/poam/${id}`, {
+ return this.http.get(`${this.cpatApiBase}/poam/${poamId}`, {
headers: headers,
params: params
}).pipe(catchError(this.handleError));
}
- async getPoamsByCollection(id: string, includeApprovers: boolean = false, includeAssignees: boolean = false, includeAssets: boolean = false) {
+ async getPoamsByCollection(collectionId: string, includeApprovers: boolean = false, includeAssignees: boolean = false, includeAssets: boolean = false) {
const params = new HttpParams()
.set('approvers', includeApprovers.toString())
.set('assignees', includeAssignees.toString())
.set('assets', includeAssets.toString());
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/poams/collection/${id}`, {
+ return this.http.get(`${this.cpatApiBase}/poams/collection/${collectionId}`, {
headers: headers,
params: params
}).pipe(catchError(this.handleError));
@@ -119,15 +113,15 @@ export class PoamService {
.pipe(catchError(this.handleError));
}
- async getPoamAssets(id: string) {
+ async getPoamAssets(poamId: string) {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/poamAssets/poam/${id}`, { headers })
+ return this.http.get(`${this.cpatApiBase}/poamAssets/poam/${poamId}`, { headers })
.pipe(catchError(this.handleError));
}
- async getPoamAssignees(id: string) {
+ async getPoamAssignees(poamId: string) {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/poamAssignees/poam/${id}`, { headers })
+ return this.http.get(`${this.cpatApiBase}/poamAssignees/poam/${poamId}`, { headers })
.pipe(catchError(this.handleError));
}
@@ -195,21 +189,9 @@ export class PoamService {
.pipe(catchError(this.handleError));
}
- async getPoamApprovers(id: string) {
- const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/poamApprovers/${id}`, { headers })
- .pipe(catchError(this.handleError));
- }
-
- async getPoamApproversByCollectionUser(collectionId: string, userId: string) {
- const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/poamApprovers/collection/${collectionId}/${userId}`, { headers })
- .pipe(catchError(this.handleError));
- }
-
- async getPoamApproversByUserId(userId: string) {
+ async getPoamApprovers(poamId: string) {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/poamApprovers/user/${userId}`, { headers })
+ return this.http.get(`${this.cpatApiBase}/poamApprovers/${poamId}`, { headers })
.pipe(catchError(this.handleError));
}
@@ -281,17 +263,17 @@ export class PoamService {
.pipe(catchError(this.handleError));
}
- async getPoamLabels(id: any) {
+ async getPoamLabels(collectionId: any) {
const headers = await this.getAuthHeaders();
return this.http
- .get(`${this.cpatApiBase}/poamLabels/${id}`, { headers })
+ .get(`${this.cpatApiBase}/poamLabels/${collectionId}`, { headers })
.pipe(catchError(this.handleError));
}
- async getPoamLabelsByPoam(id: any) {
+ async getPoamLabelsByPoam(poamId: any) {
const headers = await this.getAuthHeaders();
return this.http
- .get(`${this.cpatApiBase}/poamLabels/poam/${id}`, { headers })
+ .get(`${this.cpatApiBase}/poamLabels/poam/${poamId}`, { headers })
.pipe(catchError(this.handleError));
}
@@ -312,53 +294,53 @@ export class PoamService {
return this.http.delete(`${this.cpatApiBase}/poamLabel/poam/${poamId}/label/${labelId}`, options);
}
- async getAvailablePoamStatus(userId: string) {
+ async getAvailablePoamStatus() {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/metrics/available/${userId}/poamstatus`, { headers })
+ return this.http.get(`${this.cpatApiBase}/metrics/available/poamstatus`, { headers })
.pipe(catchError(this.handleError));
}
- async getAvailablePoamLabel(userId: string) {
+ async getAvailablePoamLabel() {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/metrics/available/${userId}/poamlabel`, { headers })
+ return this.http.get(`${this.cpatApiBase}/metrics/available/poamlabel`, { headers })
.pipe(catchError(this.handleError));
}
- async getAvailablePoamSeverity(userId: string) {
+ async getAvailablePoamSeverity() {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/metrics/available/${userId}/poamseverity`, { headers })
+ return this.http.get(`${this.cpatApiBase}/metrics/available/poamseverity`, { headers })
.pipe(catchError(this.handleError));
}
- async getAvailableMonthlyPoamStatus(userId: string) {
+ async getAvailableMonthlyPoamStatus() {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/metrics/available/${userId}/monthlypoamstatus`, { headers })
+ return this.http.get(`${this.cpatApiBase}/metrics/available/monthlypoamstatus`, { headers })
.pipe(catchError(this.handleError));
}
- async getAvailablePoamScheduledCompletion(userId: string) {
+ async getAvailablePoamScheduledCompletion() {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/metrics/available/${userId}/poamScheduledCompletion`, { headers })
+ return this.http.get(`${this.cpatApiBase}/metrics/available/poamScheduledCompletion`, { headers })
.pipe(catchError(this.handleError));
}
async getAvailableCollectionPoamCounts(userId: any) {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/metrics/available/${userId}/collectionpoamcount`, { headers })
+ return this.http.get(`${this.cpatApiBase}/metrics/available/collectionpoamcount`, { headers })
.pipe(catchError(this.handleError));
}
- async getAvailablePoams(userId: string) {
+ async getAvailablePoams() {
const headers = await this.getAuthHeaders();
- return this.http.get(`${this.cpatApiBase}/poams/${userId}`, { headers })
+ return this.http.get(`${this.cpatApiBase}/poams`, { headers })
.pipe(catchError(this.handleError));
}
async getAvailablePoamLabels(userId: any) {
const headers = await this.getAuthHeaders();
return this.http
- .get(`${this.cpatApiBase}/poamLabels/available/${userId}`, { headers })
+ .get(`${this.cpatApiBase}/poamLabels`, { headers })
.pipe(catchError(this.handleError));
}
}
diff --git a/client/src/index.html b/client/src/index.html
index 5b19f126..aae2f182 100644
--- a/client/src/index.html
+++ b/client/src/index.html
@@ -39,7 +39,7 @@
extraScopes: "",
scopePrefix: "",
claims: {
- scope: "c-pat:read c-pat:op openid profile offline_access",
+ scope: "scope",
username: "preferred_username",
servicename: "clientId",
fullname: "name",