Skip to content

Commit

Permalink
iwork on gdpr
Browse files Browse the repository at this point in the history
  • Loading branch information
@dbarzin
dbarzin committed Apr 29, 2023
1 parent 1f9f2a3 commit a97a296
Show file tree
Hide file tree
Showing 10 changed files with 216 additions and 17 deletions.
10 changes: 5 additions & 5 deletions ROADMAP.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,15 @@ Changements prévus en 2023 :
## Evolutions majeures

- [ ] Maintenir le registre des traitements
- [ ] Améliorer la recherche des CVE en utilisant CPE (Common Plateform Enumeration)
- [ ] Améliorer la recherche des CVE en assignat un CPE [Common Plateform Enumeration](https://nvd.nist.gov/products/cpe) aux objets de la catographie.
- [ ] Générer un annuaire de crise
- [ ] Identifier les chemins critiques
- [ ] Lien avec Monarc : identifier les assets qui peuvent être sujet d'une analyse de risques
- [x] schémas de l'infrastructure réseau physique
- [ ] Exploiter les logs - recherche et affihcer tout les changements d'un objet
- [x] Lien entre router physique et logique ainsi que les commutateurs logiques et physiques
- [x] Carte des actifs par rack, bâtiment/salle et site
- [ ] Utiliser des Accessor pour les Model : https://laravel.com/docs/9.x/eloquent-mutators#defining-a-mutator
- [ ] Utiliser des [Accessor pour les Model](https://laravel.com/docs/9.x/eloquent-mutators#defining-a-mutator)
- [x] Ajouter un objet "lien physique" (câble) et dessiner un plan de l'infrastructure réseau
- [ ] Ajouter une vue de l'adressage réseau [Hilbert Map of IPv4 address space](https://bl.ocks.org/vasturiano/8aceecba58f115c81853879a691fd94f), [Measuring the use of IPv4 space with Heatmaps](https://www.caida.org/archive/arin-heatmaps/) identifier le nombre de périphériques par sous-réseau.
- [ ] Généraliser la notion de cartographe à d'autres objets
Expand All @@ -41,8 +42,8 @@ Changements prévus en 2023 :

## Evolutions mineurs

- [ ] Packaging des librairies javascript avec npm
- [ ] Mise à jour du framework Laravel vers la version suivante
- [ ] Packaging des librairies javascript avec [Laravel Mix](https://laravel-mix.com/).
- [ ] Mise à jour du framework vers [Laravel 10.x](https://laravel.com/docs/10.x)
- [ ] Dessiner un nouveu jeu d'icônes en SVG
- [ ] Améliorer la documentation, notemment les niveaux de maturité pour chaque objet.
- [ ] Améliorer la documentation de l'API (https://nordicapis.com/5-examples-of-excellent-api-documentation/)
Expand All @@ -57,4 +58,3 @@ Changements prévus en 2023 :
- [ ] Publier une VM Docker sur [dockerHub](https://hub.docker.com/)
- [ ] Documenter une procédure de déploiement sous Debian
- [ ] Dark Theme

149 changes: 149 additions & 0 deletions database/migrations/2023_04_18_123308_add_gdpr_tables.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
<?php

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class AddGdprTables extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
// Get back on previous GDPR migration
Schema::table('activities', function (Blueprint $table) {
$table->dropColumn('responsible');
$table->dropColumn('purpose');
$table->dropColumn('categories');
$table->dropColumn('recipients');
$table->dropColumn('transfert');
$table->dropColumn('retention');
$table->dropColumn('controls');
});

// Create table security_controls
Schema::create('security_controls', function (Blueprint $table) {
$table->increments('id');
$table->string('name');
$table->longText('description')->nullable();
$table->timestamps();
$table->softDeletes();
$table->unique(['name', 'deleted_at'], 'security_controls_name_unique');
});

// Create table data_processing_register
Schema::create('data_processing_register', function (Blueprint $table) {
$table->increments('id');
$table->string('name');




$table->timestamps();
$table->softDeletes();
});

// -> link to entities
// -> link to applications
// -> link with security measures

// create access rights


// Access rights
// if not initial migration -> add permissions
if (Permission::All()->count()>0) {
// create new permissions
$permissions = [
[
'id' => '???',
'title' => 'gdpr_access',
],

[
'id' => '263',
'title' => 'security_controls_create',
],
[
'id' => '264',
'title' => 'security_controls_edit',
],
[
'id' => '265',
'title' => 'security_controls_show',
],
[
'id' => '266',
'title' => 'security_controls_delete',
],
[
'id' => '267',
'title' => 'security_controls_access',
],


[
'id' => '263',
'title' => 'data_processing_register_create',
],
[
'id' => '264',
'title' => 'data_processing_register_edit',
],
[
'id' => '265',
'title' => 'data_processing_register_show',
],
[
'id' => '266',
'title' => 'data_processing_register_delete',
],
[
'id' => '267',
'title' => 'data_processing_register_access',
],

];
Permission::insert($permissions);

// Add permissions in roles :
// Admin
Role::findOrFail(1)->permissions()->sync([263,264,265,266,267], false);
// User
Role::findOrFail(2)->permissions()->sync([263,264,265,266,267], false);
// Auditor
Role::findOrFail(3)->permissions()->sync([266,267], false);
}

}

/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
// delete access rights

// delete tables
Schema::dropIfExists('data_processing_register');
Schema::dropIfExists('security_controls');

// Forward table activities
Schema::table('activities', function (Blueprint $table) {
// name + description // ....
$table->longText('responsible')->nullable()->after('description'); // a
$table->longText('purpose')->nullable()->after('responsible'); // b
$table->longText('categories')->nullable()->after('purpose'); // c
$table->longText('recipients')->nullable()->after('categories'); // d
$table->longText('transfert')->nullable()->after('recipients'); // e
$table->longText('retention')->nullable()->after('transfert'); // f
$table->longText('controls')->nullable()->after('retention'); // g
});

}
}
14 changes: 13 additions & 1 deletion resources/lang/fr/cruds.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -673,6 +673,11 @@
'title' => "Vue de l'infrastructure réseau",
'title_short' => 'Infrastructure réseau',
],
'gdpr' => [
'description' => "The view of the General Data Protection Regulation contains all the information required by art. 30 of the GDPR.",
'title' => "General Data Protection Regulation View",
'title_short' => 'GDPR view',
],
'user_management' => ['title' => 'Gestion des utilisateurs', 'title_short' => 'Utilisateurs'],
'configuration' => ['title' => 'Configuration', 'title_short' => 'configuration'],
],
Expand Down Expand Up @@ -987,6 +992,13 @@
'reload' => 'Recommencer'
],
],
'register' => [
'fields' => [
'' => '',
],
'title' => 'Registre des traitements',
'title_singular' => 'Rgistre',
],
'role' => [
'fields' => [
'permissions' => 'Permissions',
Expand All @@ -995,8 +1007,8 @@
'title_helper' => 'Nom du rôle',
],
'title' => 'Rôles',
'title_short' => 'Rôle',
'title_singular' => 'Rôle',
"check_all" => "Tout cocher"
],
'router' => [
'description' => 'Composant gérant les connexions entre différents réseaux.',
Expand Down
2 changes: 1 addition & 1 deletion resources/views/layouts/admin.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
<span class="navbar-toggler-icon"></span>
</button>
<a class="navbar-brand" href="/admin">
<span class="navbar-brand-full">{{ env('APP_NAME') === "Laravel" ? "Mercator" : env('APP_NAME') }}</span>
<span class="navbar-brand-full">{{ (env('APP_NAME') === null) || (env('APP_NAME') === "Laravel") ? "Mercator" : env('APP_NAME') }}</span>
<span class="navbar-brand-minimized"></span>
</a>
<button class="navbar-toggler sidebar-toggler d-md-down-none" type="button" data-toggle="sidebar-lg-show">
Expand Down
34 changes: 34 additions & 0 deletions resources/views/partials/menu.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,40 @@
</a>
</li>

@can('gdpr_access')
<li class="nav-item nav-dropdown">
<a class="nav-link nav-dropdown-toggle" href="#">
<i class="fa-fw fas fa-folder nav-icon">

</i>
{{ trans('cruds.menu.gdpr.title') }}
</a>
<ul class="nav-dropdown-items">
@can('entity_access')
<li class="nav-item">
<a href='{{ route("admin.dataPoocessing.index") }}' class="nav-link {{ request()->is('admin/dataPoocessing') || request()->is('admin/dataPoocessing/*') ? 'active' : '' }}">
<i class="fa-fw fas fa-align-justify nav-icon">

</i>
{{ trans('cruds.data_processing.title') }}
</a>
</li>
@endcan
@can('security_control_access')
<li class="nav-item">
<a href='{{ route("admin.securityControls.index") }}' class="nav-link {{ request()->is('admin/securityControls') || request()->is('admin/securityControls/*') ? 'active' : '' }}">
<i class="fa-fw fas fa-align-justify nav-icon">

</i>
{{ trans('cruds.security_control.title') }}
</a>
</li>
@endcan
</ul>
</li>
@endcan


@can('ecosystem_access')
<li class="nav-item nav-dropdown">
<a class="nav-link nav-dropdown-toggle" href="#">
Expand Down
2 changes: 1 addition & 1 deletion site/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,5 +159,5 @@ <h3 id="limitations">Limitations</h3>

<!--
MkDocs version : 1.3.0
Build Date UTC : 2022-08-14 22:32:50.517580+00:00
Build Date UTC : 2023-04-09 11:17:55.294858+00:00
-->
4 changes: 4 additions & 0 deletions site/references/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,10 @@ <h2 id="references">Références</h2>
<li><a href="https://www.ssi.gouv.fr/entreprise/management-du-risque/la-methode-ebios-risk-manager/">EBIOS Risk Manager</a></li>
</ul>
<p>La méthode de référence française EBIOS accompagne les organisations pour identifier et comprendre les risques numériques qui leurs sont propres. Elle permet de déterminer les mesures de sécurité adaptées à la menace et de mettre en place le cadre de suivi et d’amélioration continue à l’issue d’une analyse de risque partagée au plus haut niveau.</p>
<ul>
<li>Le <a href="https://github.com/dbarzin/mercator">GitHub du projet</a></li>
</ul>
<p>Le lien vers les sources, la documentation et la procédure d'installation de Mercator</p>

</div>
</div><footer>
Expand Down
2 changes: 1 addition & 1 deletion site/search/search_index.json
View file

Large diffs are not rendered by default.

16 changes: 8 additions & 8 deletions site/sitemap.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,42 +2,42 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://dbarzin.githubs.io/mercator/</loc>
<lastmod>2022-08-14</lastmod>
<lastmod>2023-04-09</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://dbarzin.githubs.io/mercator/admin/</loc>
<lastmod>2022-08-14</lastmod>
<lastmod>2023-04-09</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://dbarzin.githubs.io/mercator/api/</loc>
<lastmod>2022-08-14</lastmod>
<lastmod>2023-04-09</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://dbarzin.githubs.io/mercator/application/</loc>
<lastmod>2022-08-14</lastmod>
<lastmod>2023-04-09</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://dbarzin.githubs.io/mercator/cartography/</loc>
<lastmod>2022-08-14</lastmod>
<lastmod>2023-04-09</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://dbarzin.githubs.io/mercator/model/</loc>
<lastmod>2022-08-14</lastmod>
<lastmod>2023-04-09</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://dbarzin.githubs.io/mercator/references/</loc>
<lastmod>2022-08-14</lastmod>
<lastmod>2023-04-09</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://dbarzin.githubs.io/mercator/reports/</loc>
<lastmod>2022-08-14</lastmod>
<lastmod>2023-04-09</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>
Binary file modified site/sitemap.xml.gz
View file
Binary file not shown.

0 comments on commit a97a296

Please sign in to comment.