Merge pull request dbarzin#358 from dbarzin/dev

Rebase
asiffer · May 1, 2023 · 129a89d · 129a89d
2 parents 9164175 + 4556576
commit 129a89d
Show file tree

Hide file tree

Showing 47 changed files with 2,688 additions and 707 deletions.
diff --git a/ROADMAP.md b/ROADMAP.md
@@ -23,14 +23,15 @@ Changements prévus en 2023 :
 ## Evolutions majeures
 
 - [ ] Maintenir le registre des traitements
-- [ ] Améliorer la recherche des CVE en utilisant CPE (Common Plateform Enumeration)
+- [ ] Améliorer la recherche des CVE en assignat un CPE [Common Plateform Enumeration](https://nvd.nist.gov/products/cpe) aux objets de la catographie.
 - [ ] Générer un annuaire de crise
+- [ ] Identifier les chemins critiques
 - [ ] Lien avec Monarc : identifier les assets qui peuvent être sujet d'une analyse de risques 
 - [x] schémas de l'infrastructure réseau physique
 - [ ] Exploiter les logs - recherche et affihcer tout les changements d'un objet
 - [x] Lien entre router physique et logique ainsi que les commutateurs logiques et physiques 
 - [x] Carte des actifs par rack, bâtiment/salle et site
-- [ ] Utiliser des Accessor pour les Model : https://laravel.com/docs/9.x/eloquent-mutators#defining-a-mutator
+- [ ] Utiliser des [Accessor pour les Model](https://laravel.com/docs/9.x/eloquent-mutators#defining-a-mutator)
 - [x] Ajouter un objet "lien physique" (câble) et dessiner un plan de l'infrastructure réseau
 - [ ] Ajouter une vue de l'adressage réseau [Hilbert Map of IPv4 address space](https://bl.ocks.org/vasturiano/8aceecba58f115c81853879a691fd94f), [Measuring the use of IPv4 space with Heatmaps](https://www.caida.org/archive/arin-heatmaps/) identifier le nombre de périphériques par sous-réseau.
 - [ ] Généraliser la notion de cartographe à d'autres objets
@@ -41,8 +42,8 @@ Changements prévus en 2023 :
 
 ## Evolutions mineurs
 
-- [ ] Packaging des librairies javascript avec npm
-- [ ] Mise à jour du framework Laravel vers la version suivante
+- [ ] Packaging des librairies javascript avec [Laravel Mix](https://laravel-mix.com/).
+- [ ] Mise à jour du framework vers [Laravel 10.x](https://laravel.com/docs/10.x)
 - [ ] Dessiner un nouveu jeu d'icônes en SVG
 - [ ] Améliorer la documentation, notemment les niveaux de maturité pour chaque objet.
 - [ ] Améliorer la documentation de l'API (https://nordicapis.com/5-examples-of-excellent-api-documentation/)
@@ -57,4 +58,3 @@ Changements prévus en 2023 :
 - [ ] Publier une VM Docker sur [dockerHub](https://hub.docker.com/)
 - [ ] Documenter une procédure de déploiement sous Debian
 - [ ] Dark Theme
-
diff --git a/app/Activity.php b/app/Activity.php
@@ -80,11 +80,6 @@ public function operations()
         return $this->belongsToMany(Operation::class)->orderBy('name');
     }
 
-    public function documents()
-    {
-        return $this->belongsToMany(Document::class);
-    }
-
     protected function serializeDate(DateTimeInterface $date)
     {
         return $date->format('Y-m-d H:i:s');

diff --git a/app/DataProcessing.php b/app/DataProcessing.php
@@ -0,0 +1,73 @@
+<?php
+
+namespace App;
+
+use App\Document;
+use App\Process;
+use App\MApplication;
+use App\Information;
+
+use App\Traits\Auditable;
+use DateTimeInterface;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\SoftDeletes;
+
+/**
+ * App\Actor
+ *
+ */
+class DataProcessing extends Model
+{
+    use SoftDeletes, Auditable;
+
+    public $table = 'data_processing';
+
+    public static $searchable = [
+        'name',
+        'description',
+    ];
+
+    protected $dates = [
+        'created_at',
+        'updated_at',
+        'deleted_at',
+    ];
+
+    protected $fillable = [
+        'name',
+        'description',
+        'responsible',
+        'purpose',
+        'categories',
+        'recipients',
+        'transfert',
+        'retention',
+        'controls',
+    ];
+
+
+    public function processes()
+    {
+        return $this->belongsToMany(Process::class)->orderBy('identifiant');
+    }
+
+    public function applications()
+    {
+        return $this->belongsToMany(MApplication::class)->orderBy('name');
+    }
+
+    public function informations()
+    {
+        return $this->belongsToMany(Information::class)->orderBy('name');
+    }
+
+    public function documents()
+    {
+        return $this->belongsToMany(Document::class);
+    }
+
+    protected function serializeDate(DateTimeInterface $date)
+    {
+        return $date->format('Y-m-d H:i:s');
+    }
+}
diff --git a/app/Http/Controllers/Admin/ActivityController.php b/app/Http/Controllers/Admin/ActivityController.php
@@ -21,7 +21,6 @@ public function index()
     {
         abort_if(Gate::denies('activity_access'), Response::HTTP_FORBIDDEN, '403 Forbidden');
 
-        // $activities = Activity::all()->sortBy('name');
         $activities = Activity::with('operations', 'activitiesProcesses')->orderBy('name')->get();
 
         return view('admin.activities.index', compact('activities'));
@@ -33,9 +32,7 @@ public function create()
 
         $operations = Operation::all()->sortBy('name')->pluck('name', 'id');
         $processes = Process::all()->sortBy('name')->pluck('identifiant', 'id');
-
-        session()->put("documents",array());
-
+
         return view('admin.activities.create', compact('operations', 'processes'));
     }
 
@@ -44,8 +41,6 @@ public function store(StoreActivityRequest $request)
         $activity = Activity::create($request->all());
         $activity->operations()->sync($request->input('operations', []));
         $activity->activitiesProcesses()->sync($request->input('processes', []));
-        $activity->documents()->sync(session()->get("documents"));
-        session()->forget("documents");
 
         return redirect()->route('admin.activities.index');
     }

diff --git a/app/Http/Controllers/Admin/DataProcessingController.php b/app/Http/Controllers/Admin/DataProcessingController.php
@@ -0,0 +1,109 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use App\Information;
+use App\MApplication;
+use App\Process;
+use App\DataProcessing;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\MassDestroyDataProcessingRequest;
+use App\Http\Requests\StoreDataProcessingRequest;
+use App\Http\Requests\UpdateDataProcessingRequest;
+
+use Gate;
+
+use Symfony\Component\HttpFoundation\Response;
+
+class DataProcessingController extends Controller
+{
+    public function index()
+    {
+        abort_if(Gate::denies('data_processing_register_access'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+
+        $processingRegister = DataProcessing::orderBy('name')->get();
+
+        return view('admin.dataProcessing.index', compact('processingRegister'));
+    }
+
+    public function create()
+    {
+        abort_if(Gate::denies('data_processing_register_create'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+
+        $processes = Process::orderBy('identifiant')->get()->pluck('identifiant', 'id');
+        $informations = Information::orderBy('name')->get()->pluck('name', 'id');
+        $applications = MApplication::orderBy('name')->get()->pluck('name', 'id');
+
+        session()->put("documents",array());
+
+        return view('admin.dataProcessing.create', 
+            compact('applications', 'informations', 'processes'));
+    }
+
+    public function store(StoreDataProcessingRequest $request)
+    {
+        $dataProcessing = DataProcessing::create($request->all());
+        $dataProcessing->processes()->sync($request->input('processes', []));
+        $dataProcessing->informations()->sync($request->input('informations', []));
+        $dataProcessing->applications()->sync($request->input('applications', []));
+        $dataProcessing->documents()->sync(session()->get("documents"));
+        session()->forget("documents");
+
+        return redirect()->route('admin.data-processing.index');
+    }
+
+    public function edit(DataProcessing $dataProcessing)
+    {
+        abort_if(Gate::denies('data_processing_register_edit'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+
+        $processes = Process::orderBy('identifiant')->get()->pluck('identifiant', 'id');
+        $informations = Information::orderBy('name')->get()->pluck('name', 'id');
+        $applications = MApplication::orderBy('name')->get()->pluck('name', 'id');
+        session()->put("documents", $dataProcessing->documents()->get());
+
+//dd(session()->get("documents"));
+
+        $dataProcessing->load('applications', 'informations', 'processes');
+
+        return view('admin.dataProcessing.edit', 
+            compact('dataProcessing', 'applications', 'informations', 'processes'));
+    }
+
+    public function update(UpdateDataProcessingRequest $request, DataProcessing $dataProcessing)
+    {
+        $dataProcessing->update($request->all());
+        $dataProcessing->processes()->sync($request->input('processes', []));
+        $dataProcessing->applications()->sync($request->input('applications', []));
+        $dataProcessing->informations()->sync($request->input('informations', []));
+        $dataProcessing->documents()->sync(session()->get("documents"));
+        session()->forget("documents");
+
+        return redirect()->route('admin.data-processing.index');
+    }
+
+    public function show(DataProcessing $dataProcessing)
+    {
+        abort_if(Gate::denies('data_processing_register_show'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+
+        $dataProcessing->load('applications', 'informations', 'processes');
+
+        return view('admin.dataProcessing.show', compact('dataProcessing'));
+    }
+
+    public function destroy(DataProcessing $dataProcessing)
+    {
+        abort_if(Gate::denies('data_processing_register_delete'), Response::HTTP_FORBIDDEN, '403 Forbidden');
+
+        $dataProcessing->delete();
+
+        return redirect()->route('admin.data-processing.index');
+    }
+
+    public function massDestroy(MassDestroyDataProcessingRequest $request)
+    {
+        DataProcessing::whereIn('id', request('ids'))->delete();
+
+        return response(null, Response::HTTP_NO_CONTENT);
+    }
+}
diff --git a/app/Http/Controllers/Admin/HomeController.php b/app/Http/Controllers/Admin/HomeController.php
@@ -2,6 +2,9 @@
 
 namespace App\Http\Controllers\Admin;
 
+// GDPR
+use App\DataProcessing;
+use App\SecurityControl;
 // ecosystem
 use App\Activity;
 use App\Actor;
@@ -123,6 +126,10 @@ public function index()
     protected function computeMaturity()
     {
         $levels = [
+            // GDPR
+            'data_processing' => DataProcessing::count(),
+            'security_controls' => SecurityControl::count(),
+
             // ecosystem
             'entities' => Entity::count(),
             'relations' => Relation::count(),
@@ -215,14 +222,6 @@ protected function computeMaturity()
             'activities' => Activity::count(),
             'activities_lvl2' => Activity
                 ::where('description', '<>', null)
-                    ->where('responsible', '<>', null)
-                    ->where('purpose', '<>', null)
-                    ->where('categories', '<>', null)
-                    ->where('recipients', '<>', null)
-                    ->where('transfert', '<>', null)
-                    ->where('description', '<>', null)
-                    ->where('retention', '<>', null)
-                    ->where('controls', '<>', null)
                     // activity must have one process
                     /*
                     ->whereExists(function ($query) {