Merge pull request #164 from sei-vsarvepalli/version-3.0.11

Version 3.0.11
CERTCC · Dec 11, 2024 · 9593c8f · 9593c8f
2 parents 40fb2df + a25de39
commit 9593c8f
Show file tree

Hide file tree

Showing 7 changed files with 89 additions and 25 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,17 @@
 CHANGELOG
 VINCE Coordination platform code
 
+Version 3.0.11 2024-12-11
+
+* Update to fix "Reply to User" button further scenarios.
+
+Version 3.0.10 2024-12-10
+
+* Dependabot update recommendations: `django` 4.2.17 to 4.2.16
+* Fixed bug preventing the "Reply to User" buttons from working in certain circumstances
+* Added pk to CaseAPIView (GH-Issue #162)
+
+
 Version 3.0.9 2024-10-28
 
 * Update to fix Security issue with enumerate users in vincecomm (Internal-783 CVE-2024-10469)

diff --git a/bigvince/settings_.py b/bigvince/settings_.py
@@ -54,7 +54,7 @@
 ROOT_DIR = environ.Path(__file__) - 3
 
 # any change that requires database migrations is a minor release
-VERSION = "3.0.9"
+VERSION = "3.0.11"
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

diff --git a/requirements.txt b/requirements.txt
@@ -24,7 +24,7 @@ cryptography==43.0.1
 cvelib==1.3.0
 Deprecated==1.2.13
 dictdiffer==0.9.0
-Django==4.2.16
+Django==4.2.17
 django-appconf==1.0.5
 django-countries==7.4.2
 django-environ==0.9.0

diff --git a/vince/templates/vince/ticket_activity.html b/vince/templates/vince/ticket_activity.html
@@ -25,34 +25,33 @@ <h3 class="section-title">
 		<div class="large-12 columns">
 			<div class="article-row-section">
 				<div class="article-row-section-inner">
-					{% for followup in ticket.get_actions %}
+					{% for followup in followups %}
 						<div class="article-row">
-
 							<div class="article-row-img">
 								{% autoescape off %}
-								{% if followup.user %}
-									{{ followup.user|vtuserlogo:"profile-pic" }}
+								{% if followup.fup.user %}
+									{{ followup.fup.user|vtuserlogo:"profile-pic" }}
 								{% else %}
-									{{ followup.html_logo }}
+									{{ followup.fup.html_logo }}
 								{% endif %}
 								{% endautoescape %}
 							</div>
 							<div class="article-row-content">
-								<p class="article-row-content-description trescaped">{{ followup.title|escape|email_to_user }} {% if followup.title in "Comment,Closed" and followup.user == user %} <small><a href="{% url 'vince:followup_edit' followup.id %}" class='followup-edit'><i class="fas fa-edit" title="Edit this comment"></i></a></small>{% elif "Email" in followup.title %}{% if followup.email_id %}<span class="email-detail" title="{{ followup.email_id }} in {{ followup.email_bucket }}"><i class="fas fa-envelope-open-text"></i></span>{% endif %}{% endif %}</p>
+								<p class="article-row-content-description trescaped">{{ followup.fup.title|escape|email_to_user }} {% if followup.fup.title in "Comment,Closed" and followup.fup.user == user %} <small><a href="{% url 'vince:followup_edit' followup.fup.id %}" class='followup-edit'><i class="fas fa-edit" title="Edit this comment"></i></a></small>{% elif "Email" in followup.fup.title %}{% if followup.fup.email_id %}<span class="email-detail" title="{{ followup.fup.email_id }} in {{ followup.fup.email_bucket }}"><i class="fas fa-envelope-open-text"></i></span>{% endif %}{% endif %}</p>
 								<p class="article-row-content-detail">
-									{% if followup.comment|is_json %}
+									{% if followup.fup.comment|is_json %}
 										<div class="long_text_container">
 											<div class="text_container textheightshort">
 												<div class="text_content">
-													{{ followup.comment }}
+													{{ followup.fup.comment }}
 												</div>
 											</div>
 										</div>
-									{% elif followup.comment %}
+									{% elif followup.fup.comment %}
 										<div class="long_text_container">
 											<div class="text_container textheightshort">
 												<div class="text_content">
-													{{ followup.comment|force_escape|smarter_urlize:50|linebreaksbr }}
+													{{ followup.fup.comment|force_escape|smarter_urlize:50|linebreaksbr }}
 												</div>
 											</div>
 											<div class="showfull moretext"><i class="fas fa-arrow-down"></i>  Show More</div>
@@ -64,39 +63,39 @@ <h3 class="section-title">
 										<a href="{% url 'vince:contact' contact_link %}">View changes.</a>
 									{% endif %}
 								</p>
-								{% for change in followup.ticketchange_set.all %}
+								{% for change in followup.fup.ticketchange_set.all %}
 									{% if forloop.first %}<div class='changes'><ul>{% endif %}
 									<li>{% blocktrans with change.field as field and change.old_value as old_value and change.new_value as new_value %}Changed {{field }} from {{ old_value }} to {{ new_value }}.{% endblocktrans %}</li>
 									{% if forloop.last %}</ul></div>{% endif %}
 								{% endfor %}
-								{% for attachment in followup.attachment_set.all %}
+								{% for attachment in followup.fup.attachment_set.all %}
 									{% if forloop.first %}<div class='attachments'><ul>{% endif %}
 										<li><a href="{% url 'vince:attachment' attachment.uuid %}">{{ attachment.filename }}</a> ({{ attachment.mime_type }}, {{ attachment.size|filesizeformat }})</li>
 									{% if forloop.last %}</ul></div>{% endif %}
 								{% endfor %}
-								{% if "commented on report" in followup.title %}
+								{% if "commented on report" in followup.fup.title %}
 									<div>
 										<a href="{{ vincecomm_link }}"> <button type="button" class="button primary tiny"> <i class="fas fa-reply"></i> Respond</button></a>
 									</div>
 								{% endif %}
-								{% for message in followup.followupmessage_set.all %}
+								{% for message in followup.msgset %}
 									<div>
-										<a href="{% url 'vinny:msg_detail' message.msg %}"> 
-											<button type="button" class="button primary tiny"> <i class="fas fa-reply"></i> Reply to User</button>
+										<a href="{% url 'vinny:msg_detail' message.pk %}"> 
+											<button type="button" class="button primary tiny"> <i class="fas fa-reply"></i> Reply to {{ message.sender.first_name }} {{ message.sender.last_name }}</button>
 										</a>
 									</div>
 								{% endfor %}
-								{% if followup.title|review:followup and followup.ticket.review %}
+								{% if followup.fup.title|review:followup.fup and followup.fup.ticket.review %}
 									<div>
-										<a href="{% url 'vince:reviewdetail' followup.ticket.review.id %}"> 
+										<a href="{% url 'vince:reviewdetail' followup.fup.ticket.review.id %}"> 
 											<button type="button" class="button primary tiny"> View Review</button>
 										</a>
 									</div>
 								{% endif %}
-								<time class="article-row-content-time">{{ followup.date|date:"Y-m-d H:i" }} ({{ followup.date|naturaltime }}) {% if followup.user %} by {{ followup.user.usersettings.vince_username }}{% endif %}  {% if followup.last_edit %}<b><i class="fas fa-edit"></i> Edited: {{ followup.last_edit|date:"Y-m-d" }}</b>{% endif %}</time>
-								{% if followup.is_email %}
+								<time class="article-row-content-time">{{ followup.fup.date|date:"Y-m-d H:i" }} ({{ followup.fup.date|naturaltime }}) {% if followup.fup.user %} by {{ followup.fup.user.usersettings.vince_username }}{% endif %}  {% if followup.fup.last_edit %}<b><i class="fas fa-edit"></i> Edited: {{ followup.fup.last_edit|date:"Y-m-d" }}</b>{% endif %}</time>
+								{% if followup.fup.is_email %}
 									<div class="edit-hover">
-										<a href="{% url 'vince:replyemail' followup.id %}" type="button" class="edit-btn button primary" title="Reply to Email"><i aria-hidden="true" class="fas fa-reply"></i></a>
+										<a href="{% url 'vince:replyemail' followup.fup.id %}" type="button" class="edit-btn button primary" title="Reply to Email"><i aria-hidden="true" class="fas fa-reply"></i></a>
 									</div>
 								{% endif %}
 							</div>

diff --git a/vince/templatetags/get_vincecomm_messages.py b/vince/templatetags/get_vincecomm_messages.py
@@ -0,0 +1,39 @@
+#########################################################################
+# VINCE
+#
+# Copyright 2023 Carnegie Mellon University.
+#
+# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING
+# INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON
+# UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
+# AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR
+# PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE
+# MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND
+# WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
+#
+# Released under a MIT (SEI)-style license, please see license.txt or contact
+# permission@sei.cmu.edu for full terms.
+#
+# [DISTRIBUTION STATEMENT A] This material has been approved for public
+# release and unlimited distribution.  Please see Copyright notice for non-US
+# Government use and distribution.
+#
+# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the
+# U.S. Patent and Trademark Office by Carnegie Mellon University.
+#
+# This Software includes and/or makes use of Third-Party Software each subject
+# to its own license.
+#
+# DM21-1126
+########################################################################
+from django import template
+
+# from vinny.models import Message
+
+register = template.Library()
+
+
+@register.filter
+def get_vincecomm_messages(id):
+    # return Message.objects.filter(pk=id)
+    return True
diff --git a/vince/views.py b/vince/views.py
@@ -179,6 +179,10 @@
 logger.setLevel(logging.DEBUG)
 
 
+def get_vincecomm_messages(id):
+    return Message.objects.filter(pk=id).first()
+
+
 def normalize_time(instance, column):
     """Time fields normalize and find issues"""
     if hasattr(instance, column):
@@ -5029,7 +5033,18 @@ def get_context_data(self, **kwargs):
         context["ticketpage"] = 1
         context["ticket"] = get_object_or_404(Ticket, id=self.kwargs["pk"])
         context["more"] = False
-        logger.debug(f'in TicketActivityView, context["ticket"].get_actions() is {context["ticket"].get_actions()}')
+        followups = context["ticket"].get_actions()
+
+        list_of_fups_with_messages = []
+        for followup in followups:
+            fup_with_messages = {"fup": followup}
+            list_of_msg_values = []
+            for message in followup.followupmessage_set.all():
+                list_of_msg_values.append(get_vincecomm_messages(message.msg))
+            fup_with_messages["msgset"] = list_of_msg_values
+            list_of_fups_with_messages.append(fup_with_messages)
+
+        context["followups"] = list_of_fups_with_messages
         if context["ticket"].followup_set.count() > Ticket.MAX_ACTIVITY:
             if self.request.GET.get("all", None):
                 context["ticket"].MAX_ACTIVITY = 0

diff --git a/vinny/serializers.py b/vinny/serializers.py
@@ -78,7 +78,7 @@ class CaseSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = Case
-        fields = ("vuid", "created", "status", "summary", "title", "due_date", "modified")
+        fields = ("vuid", "created", "status", "summary", "title", "due_date", "modified", "pk")
 
     def get_status(self, obj):
         return obj.get_status_display()