optimization

Author: siewer

src/main/java/io/mixeway/api/dashboard/controller/DashboardController.java

@@ -55,7 +55,7 @@ public SourceDetectionChartData getSourceTrendData(Principal principal) throws I
 
     @PreAuthorize("hasAuthority('ROLE_USER')")
     @GetMapping(value = "/projects")
-    public List<Projects> getProjects(Principal principal) {
+    public List<ProjectDTO> getProjects(Principal principal) {
         return dashboardService.getProjects(principal);
     }
 

src/main/java/io/mixeway/api/dashboard/model/ProjectDTO.java

@@ -0,0 +1,23 @@
+package io.mixeway.api.dashboard.model;
+
+import lombok.Data;
+
+@Data
+public class ProjectDTO {
+    private Long id;
+    private String ciid;
+    private String name;
+    private String description;
+    private int risk;
+    private int enableVulnManage;
+
+    // Constructor
+    public ProjectDTO(Long id, String ciid, String name, String description, int risk, int enableVulnManage) {
+        this.id = id;
+        this.ciid = ciid;
+        this.name = name;
+        this.description = description;
+        this.risk = risk;
+        this.enableVulnManage = enableVulnManage;
+    }
+}

src/main/java/io/mixeway/api/dashboard/service/DashboardService.java

@@ -67,19 +67,8 @@ public SourceDetectionChartData getSourceTrendData(Principal principal) {
 
         return findVulnHistoryService.getSourceTrendData(principal);
     }
-    public List<Projects> getProjects(Principal principal) {
-        List<Projects> projects = new ArrayList<>();
-        for (Project p : permissionFactory.getProjectForPrincipal(principal)){
-            Projects projects1 = new Projects();
-            projects1.setId(p.getId());
-            projects1.setCiid(p.getCiid());
-            projects1.setName(p.getName());
-            projects1.setDescription(p.getDescription());
-            projects1.setRisk(p.getRisk());
-            projects1.setEnableVulnManage(p.isEnableVulnManage() ? 1 : 0 );
-            projects.add(projects1);
-        }
-        return projects;
+    public List<ProjectDTO> getProjects(Principal principal) {
+        return permissionFactory.getProjectForPrincipalWithDTO(principal);
     }
 
     public ResponseEntity<Status> putProject(String projectName, String projectDescription, String ciid, int enableVulnManage, Principal principal) {

src/main/java/io/mixeway/db/repository/ProjectRepository.java

@@ -3,6 +3,7 @@
 import java.util.List;
 import java.util.Optional;
 
+import io.mixeway.api.dashboard.model.ProjectDTO;
 import io.mixeway.db.entity.Project;
 import io.mixeway.db.entity.User;
 import org.springframework.data.jpa.repository.JpaRepository;
@@ -40,4 +41,14 @@ public interface ProjectRepository extends JpaRepository<Project, Long>{
 	@Query(value="select distinct(p.id) from project p, asset a, interface i where p.id=a.project_id and i.asset_id=a.id and i.scanrunning=true", nativeQuery = true)
 	List<Long> getProjectIdWithScanRunningOnInterface();
 
+
+	@Query("SELECT new io.mixeway.api.dashboard.model.ProjectDTO(p.id, p.ciid, p.name, p.description, p.risk, " +
+			"CASE WHEN p.enableVulnManage = true THEN 1 ELSE 0 END) " +
+			"FROM Project p JOIN p.users u WHERE u.username = :username")
+	List<ProjectDTO> findProjectDTOsByUsername(@Param("username") String username);
+
+	@Query("SELECT new io.mixeway.api.dashboard.model.ProjectDTO(p.id, p.ciid, p.name, p.description, p.risk, " +
+			"CASE WHEN p.enableVulnManage = true THEN 1 ELSE 0 END) " +
+			"FROM Project p")
+	List<ProjectDTO> findAllProjectDTOs();
 }

src/main/java/io/mixeway/utils/PermissionFactory.java

@@ -1,5 +1,6 @@
 package io.mixeway.utils;
 
+import io.mixeway.api.dashboard.model.ProjectDTO;
 import io.mixeway.config.Constants;
 import io.mixeway.db.entity.Project;
 import io.mixeway.db.entity.User;
@@ -142,6 +143,21 @@ public List<Project> getProjectForPrincipal(Principal principal){
         }
     }
 
+    public List<ProjectDTO> getProjectForPrincipalWithDTO(Principal principal){
+        Optional<User> userOptional = userRepository.findByUsernameOrApiKey(principal.getName(), principal.getName());
+        if (userOptional.isPresent()) {
+            String permission = userOptional.get().getPermisions();
+            if (Arrays.asList(Constants.ROLE_API, Constants.ROLE_USER, Constants.ROLE_PROJECT_OWNER, Constants.ROLE_EDITOR_RUNNER).contains(permission)) {
+                // Return projects for the user
+                return projectRepository.findProjectDTOsByUsername(principal.getName());
+            } else if (Arrays.asList(Constants.ROLE_ADMIN, Constants.ROLE_AUDITOR).contains(permission)) {
+                // Return all projects
+                return projectRepository.findAllProjectDTOs();
+            }
+        }
+        return Collections.emptyList();
+    }
+
     /**
      * Update user permissions
      *

src/main/resources/db/changelog/db.changelog-master.sql

@@ -1410,3 +1410,8 @@ update assethistory set low=0 where low is null;
 CREATE INDEX idx_project_vulnerability_project_id ON projectvulnerability (project_id);
 CREATE INDEX idx_project_vulnerability_status_id ON projectvulnerability (status_id);
 CREATE INDEX idx_project_vulnerability_grade ON projectvulnerability (grade);
+
+--changeset siewer:add_new_indexes
+CREATE INDEX idx_user_id ON users (id);
+CREATE INDEX idx_users_project_users ON user_project(users_id);
+CREATE INDEX idx_users_project_project ON user_project(project_id);