Class: EvidenceController

Inherits:
ApplicationController show all
Includes:
ApplicationHelper, DocumentHelper, EvidenceHelper, GdataHelper
Defined in:
app/controllers/evidence_controller.rb

Overview

Handle evidence collection

Constant Summary

Constant Summary

Constants included from ApplicationHelper

ApplicationHelper::ADMIN_MODULES, ApplicationHelper::WORKFLOW_MODULES

Instance Method Summary (collapse)

Methods included from ApplicationHelper

#access_control_roles, #admin_project_modules, #display_compact, #display_time, #equal_ids, #filter_biz_processes, #filter_system_controls, #filter_systems, #mat, #mt, #pat, #program_display, #project_modules, #render_for, #typecast_params, #yield_content!

Methods included from EvidenceHelper

#capture_evidence

Methods included from DocumentHelper

#transform_document_url

Methods included from GdataHelper

#accepted_gfolder, #auth_gdocs, #cycle_gfolder, #gdocs_by_title, #get_gdata, #get_gdata_client, #get_gdocs, #get_gfolders, #new_client, #new_evidence_gfolder, #system_gfolder

Instance Method Details

- (Object) attach

Attach a document (either Google doc or regular)



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'app/controllers/evidence_controller.rb', line 90

def attach
  @system_control = SystemControl.by_system_control(params[:system_id], params[:control_id], @cycle)
  desc = DocumentDescriptor.find(params[:descriptor_id])

  doc_params = params[:document]
  gdocs_param = doc_params[:gdocs]
  if gdocs_param
    gdocs_param = [ gdocs_param ] unless gdocs_param.is_a?(Array)
    folders = get_gfolders
    return unless folders

    by_title = gdocs_by_title(folders)
    sys_folder = by_title[system_gfolder(@cycle, @system_control.system)]
    new_folder = by_title[new_evidence_gfolder(@cycle)]
    systems_folder = by_title[system_gfolder(@cycle)]
    accepted_folder = by_title[accepted_gfolder(@cycle)]

    docs = get_gdocs(:folder => sys_folder)
    return if docs.nil?
    docs.update(get_gdocs(:folder => new_folder)) if new_folder

    gdocs_param.each do |doc_href|
      gdoc = docs[doc_href]
      if gdoc.nil?
        flash[:error] = "Failed to attach some docs"
      else
        copy = capture_evidence(gdoc, @system_control.system)
        gclient = get_gdata_client
        link = Gdoc.make_id_url(copy)
        doc =  Document.where(:link => link).first
        doc ||= Document.create(
          :link => link, :title => gdoc.title, :document_descriptor => desc
        )

        if !SystemControl.evidence_attached?(doc)
          # newly attached - put it under the accepted folder
          gclient.move_into_folder(copy, accepted_folder)
          gclient.move_into_folder(copy, sys_folder)
        end

        if @system_control.evidences.include?(doc)
          flash[:error] = "Document already attached"
        elsif doc.document_descriptor == desc
          @system_control.evidences << doc
        else
          flash[:error] = "Document already exists with another descriptor"
        end
      end
    end
  else
    doc = Document.where(:link => doc_params[:link]).first
    doc ||= Document.create(
      :link => doc_params[:link],
      :title => doc_params[:title],
      :document_descriptor => desc
    )
    if doc.document_descriptor == desc
      @system_control.evidences << doc
    else
      flash[:error] = "Document already exists with another descriptor"
    end
    #@system_control.evidences << doc
  end
  # FIXME
  #@system_control.evidences.save!
  flash[:notice] = "Attached evidence to #{@system_control.system.title} / #{@system_control.control.title}" if flash[:error].nil?
  redirect_to :action => :index
end

- (Object) destroy

Destroy a document - AJAX



174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
 
# File 'app/controllers/evidence_controller.rb', line 174

def destroy
  system_control = SystemControl.by_system_control(params[:system_id], params[:control_id], @cycle)
  doc = Document.find(params[:document_id])
  system_control.evidences.delete(doc)
  #system_control.evidences.save
  if doc.link.scheme == 'xgdoc'
    folders = get_gfolders
    return unless folders

    by_title = gdocs_by_title(folders)
    sys_folder = by_title[system_gfolder(@cycle, system_control.system)]
    new_folder = by_title[new_evidence_gfolder(@cycle)]
    systems_folder = by_title[system_gfolder(@cycle)]
    accepted_folder = by_title[accepted_gfolder(@cycle)]

    docs = get_gdocs(:folder => sys_folder)
    (type, docid) = doc.link.path.split('/')
    gdoc = nil
    docs.each do |url, d|
      if url.end_with?(docid)
        gdoc = d
      end
    end
    gclient = get_gdata_client
    if !SystemControl.evidence_attached?(doc) && gdoc
      # not attached to any SystemControls  - remove it from the accepted folder
      gclient.remove_from_folder(gdoc, accepted_folder)
    end
  end
  flash[:notice] = "Detached evidence from #{system_control.system.title} / #{system_control.control.title}" if flash[:error].nil?
  redirect_to :action => :index
end

- (Object) index

Show the tree of (possibly filtered) systems.

We may get a POST here if a filter is changed.

We may also receive a GET with a Google Docs oauth token, which will be handled with auth_gdocs.



25
26
27
28
29
30
31
32
33
 
# File 'app/controllers/evidence_controller.rb', line 25

def index
  if request.post?
    # TODO: memoize tree open/close state
    redirect_to :action => :index
  else
    return unless auth_gdocs
    @systems = filter_systems(System.joins(:system_controls).where(:system_controls => { :cycle_id => @cycle }).order(:slug))
  end
end

- (Object) new

Show a document attachment form - AJAX



48
49
50
51
52
53
 
# File 'app/controllers/evidence_controller.rb', line 48

def new
  sc = SystemControl.by_system_control(params[:system_id], params[:control_id], @cycle)
  desc = DocumentDescriptor.find(params[:descriptor_id])
  @document = Document.new
  render(:partial => "attach_form", :locals => {:sc => sc, :desc => desc})
end

- (Object) new_gdoc

Show a Google doc attachment form - AJAX



56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'app/controllers/evidence_controller.rb', line 56

def new_gdoc
  sc = SystemControl.by_system_control(params[:system_id], params[:control_id], @cycle)
  desc = DocumentDescriptor.find(params[:descriptor_id])

  folders = get_gfolders(:ajax => true, :retry_url => url_for(:action => :index))
  return unless folders

  by_title = gdocs_by_title(folders)
  sys_folder = by_title[system_gfolder(@cycle, sc.system)]
  new_folder = by_title[new_evidence_gfolder(@cycle)]
  systems_folder = by_title[system_gfolder(@cycle)]

  if !systems_folder
    flash[:error] = "No #{systems_folder} folder in your Google Docs"
    @redirect_url = url_for(:action => :index)
    return render :partial => 'base/ajax_redirect'
  end

  if sys_folder.nil?
    gclient = get_gdata_client
    sys_folder = gclient.create_folder(sc.system.slug, :parent => systems_folder)
    session[:gfolders] = {} # clear cache
  end

  @docs = get_gdocs(:folder => sys_folder, :ajax => true, :retry_url => url_for(:action => :index))
  return unless @docs
  @docs.update(get_gdocs(:folder => new_folder, :ajax => true, :retry_url => url_for(:action => :index))) if new_folder
  @docs.delete_if { |key, doc| doc.type == 'folder' }
  @folder_url = sys_folder.links["alternate"]

  render(:partial => "attach_form_gdoc", :locals => {:sc => sc, :desc => desc})
end

- (Object) review

User reviews a document by marking it pass/fail/maybe - AJAX



208
209
210
211
212
213
214
215
 
# File 'app/controllers/evidence_controller.rb', line 208

def review
  document_id = params[:document_id]
  document = Document.find(document_id)
  document.reviewed = params[:value] != "maybe"
  document.good = params[:value] == "1"
  document.save!
  render(:partial => 'document', :locals => {:document => document})
end

- (Object) show

Show a document - AJAX



160
161
162
163
 
# File 'app/controllers/evidence_controller.rb', line 160

def show
  document = Document.find(params[:document_id])
  render(:partial => "document", :locals => {:document => document})
end

- (Object) show_closed_control

Show an open Control - AJAX



36
37
38
39
 
# File 'app/controllers/evidence_controller.rb', line 36

def show_closed_control
  sc = SystemControl.by_system_control(params[:system_id], params[:control_id], @cycle)
  render(:partial => "closed_control", :locals => {:sc => sc})
end

- (Object) show_control

Show a closed Control - AJAX



42
43
44
45
 
# File 'app/controllers/evidence_controller.rb', line 42

def show_control
  sc = SystemControl.by_system_control(params[:system_id], params[:control_id], @cycle)
  render(:partial => "control", :locals => {:sc => sc})
end

- (Object) update

Update a regular document - AJAX



166
167
168
169
170
171
 
# File 'app/controllers/evidence_controller.rb', line 166

def update
  document_id = params[:document_id]
  document = Document.find(document_id)
  document.update_attributes!(params[:document])
  render(:partial => 'document', :locals => {:document => document})
end