Editing description of vulnerability (#2479)

* Editing description of vulnerability

save-backend/src/main/kotlin/com/saveourtool/save/backend/controllers/vulnerability/VulnerabilityController.kt

@@ -213,8 +213,9 @@ class VulnerabilityController(
     @PreAuthorize("hasRole('ROLE_SUPER_ADMIN')")
     fun update(
         @RequestBody vulnerabilityDto: VulnerabilityDto,
+        authentication: Authentication,
     ): Mono<StringResponse> = blockingToMono {
-        vulnerabilityService.update(vulnerabilityDto)
+        vulnerabilityService.update(vulnerabilityDto, authentication)
     }.map {
         ResponseEntity.ok("Vulnerability was successfully updated")
     }

save-backend/src/main/kotlin/com/saveourtool/save/backend/service/vulnerability/VulnerabilityService.kt

@@ -5,6 +5,8 @@ import com.saveourtool.save.backend.repository.OrganizationRepository
 import com.saveourtool.save.backend.repository.TagRepository
 import com.saveourtool.save.backend.repository.UserRepository
 import com.saveourtool.save.backend.repository.vulnerability.*
+import com.saveourtool.save.backend.utils.hasRole
+import com.saveourtool.save.domain.Role
 import com.saveourtool.save.entities.Organization
 import com.saveourtool.save.entities.Tag
 import com.saveourtool.save.entities.User
@@ -15,6 +17,7 @@ import com.saveourtool.save.info.UserInfo
 import com.saveourtool.save.utils.getByIdOrNotFound
 import com.saveourtool.save.utils.orNotFound
 
+import org.springframework.http.HttpStatus
 import org.springframework.security.core.Authentication
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
@@ -349,13 +352,22 @@ class VulnerabilityService(
 
     /**
      * @param vulnerabilityDto
+     * @param authentication
      * @throws ResponseStatusException
      */
     @Transactional
-    fun update(vulnerabilityDto: VulnerabilityDto) {
+    fun update(vulnerabilityDto: VulnerabilityDto, authentication: Authentication) {
+        val userId = authentication.userId()
+
         val vulnerability = vulnerabilityRepository.findByName(vulnerabilityDto.name).orNotFound()
+
+        if (!authentication.hasRole(Role.SUPER_ADMIN) && (userId != vulnerability.userId || vulnerability.status == VulnerabilityStatus.APPROVED)) {
+            throw ResponseStatusException(HttpStatus.FORBIDDEN)
+        }
+
         val vulnerabilityUpdate = vulnerability.apply {
             progress = vulnerabilityDto.progress
+            description = vulnerabilityDto.description.orEmpty()
             status = vulnerabilityDto.status
         }
         vulnerabilityRepository.save(vulnerabilityUpdate)

save-frontend/src/main/kotlin/com/saveourtool/save/frontend/components/views/vuln/VulnerabilityGeneralInfo.kt

@@ -4,6 +4,7 @@ import com.saveourtool.save.entities.vulnerability.VulnerabilityDto
 import com.saveourtool.save.frontend.components.basic.renderAvatar
 import com.saveourtool.save.frontend.components.basic.renderUserAvatarWithName
 import com.saveourtool.save.frontend.components.basic.userBoard
+import com.saveourtool.save.frontend.externals.fontawesome.*
 import com.saveourtool.save.frontend.utils.*
 import com.saveourtool.save.utils.toUnixCalendarFormat
 
@@ -18,21 +19,58 @@ import web.cssom.ClassName
 import web.cssom.rem
 
 import kotlinx.datetime.TimeZone
+import kotlinx.serialization.encodeToString
+import kotlinx.serialization.json.Json
 
 /**
  * [FC] that is used to display some general vulnerability information
  */
 @Suppress("EMPTY_BLOCK_STRUCTURE_ERROR", "MAGIC_NUMBER")
 val vulnerabilityGeneralInfo: FC<VulnerabilityGeneralInfo> = FC { props ->
+
+    val (isEditDisabled, setIsEditDisabled) = useState(true)
+    val (vulnerability, setVulnerability) = useStateFromProps(props.vulnerability)
+
+    val enrollRequest = useDeferredRequest {
+        post(
+            "$apiUrl/vulnerabilities/update",
+            jsonHeaders,
+            Json.encodeToString(vulnerability),
+            loadingHandler = ::noopLoadingHandler,
+        )
+    }
+
     with(props.vulnerability) {
         div {
             className = ClassName("card shadow mt-3 mb-4")
 
             div {
                 className = ClassName("card-body")
                 div {
-                    className = ClassName("font-weight-bold text-primary text-uppercase mb-4")
-                    +name
+                    className = ClassName("row")
+                    div {
+                        className = ClassName("ml-3 font-weight-bold text-primary text-uppercase mb-4")
+                        +name
+                    }
+                    if (isEditDisabled) {
+                        buttonBuilder(
+                            labelBuilder = {
+                                +"Edit "
+                                fontAwesomeIcon(icon = faEdit)
+                            },
+                            "link", isOutline = true, classes = "text-xs text-muted text-left ml-auto") {
+                            setIsEditDisabled(false)
+                        }
+                    } else {
+                        buttonBuilder(faCheck, "link", isOutline = true, classes = "text-muted text-left ml-auto") {
+                            enrollRequest()
+                            setIsEditDisabled(true)
+                        }
+                        buttonBuilder(faTimesCircle, null, isOutline = true) {
+                            setVulnerability(props.vulnerability)
+                            setIsEditDisabled(true)
+                        }
+                    }
                 }
                 textarea {
                     className = ClassName("auto_height form-control-plaintext pt-0 pb-0")
@@ -69,8 +107,16 @@ val vulnerabilityGeneralInfo: FC<VulnerabilityGeneralInfo> = FC { props ->
                 }
                 textarea {
                     className = ClassName("auto_height form-control-plaintext pt-0 pb-0")
-                    value = description
+                    value = vulnerability.description
+                    disabled = isEditDisabled
                     rows = 8
+                    onChange = { event ->
+                        setVulnerability { vulnerability ->
+                            vulnerability.copy(
+                                description = event.target.value
+                            )
+                        }
+                    }
                 }
                 if (!vulnerabilityIdentifier.isNullOrEmpty()) {
                     hr { }

save-frontend/src/main/kotlin/com/saveourtool/save/frontend/utils/ChildrenBuilderUtils.kt

@@ -141,8 +141,18 @@ fun ChildrenBuilder.renderTablePlaceholder(
     }
 }
 
+/**
+ * @param labelBuilder
+ * @param style
+ * @param isDisabled
+ * @param isOutline
+ * @param isActive
+ * @param classes
+ * @param title
+ * @param onClickFun
+ */
 @Suppress("TOO_MANY_PARAMETERS", "LongParameterList", "LAMBDA_IS_NOT_LAST_PARAMETER")
-private fun ChildrenBuilder.buttonBuilder(
+fun ChildrenBuilder.buttonBuilder(
     labelBuilder: ChildrenBuilder.() -> Unit,
     style: String? = "primary",
     isDisabled: Boolean = false,

save-orchestrator-common/src/test/kotlin/com/saveourtool/save/orchestrator/docker/DockerContainerManagerTest.kt

@@ -89,7 +89,7 @@ class DockerContainerManagerTest {
         val inspectContainerResponse = dockerClient
             .inspectContainerCmd(testContainerId)
             .exec()
-        Assertions.assertEquals("/entrypoint.sh", inspectContainerResponse.path)
+        Assertions.assertEquals("/__cacert_entrypoint.sh", inspectContainerResponse.path)
         inspectContainerResponse.args.forEach { println(it) }
         Assertions.assertArrayEquals(
             arrayOf("bash", "-c", "env \$(cat /home/save-agent/.env | xargs) sh -c \"./script.sh\""),