Merge pull request #2041 from department-of-veterans-affairs/rc/2023-…

…07-11/Sprint-56-c1

Rc/2023 07 11/sprint 56 c1

.github/emass.json

@@ -0,0 +1,6 @@
+{
+  "systemID": 999,
+  "systemName": "LEAF",
+  "systemOwnerName": "Michael Gao",
+  "systemOwnerEmail": "[email protected]"
+}

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,31 @@
+name: CodeQL
+'on':
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    - cron: 1 21 * * 2
+  workflow_dispatch: null
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    concurrency: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - javascript
+          - java
+    steps:
+      - name: Run Code Scanning
+        uses: department-of-veterans-affairs/codeql-tools/codeql-analysis@main
+        with:
+          language: ${{ matrix.language }}

LEAF_Nexus/sources/Employee.php

@@ -496,7 +496,7 @@ private function isActiveNationally(array $user): bool
      *
      * Created at: 6/9/2023, 2:31:07 PM (America/New_York)
      */
-    private function getEmployeeByUserName(array $user_names, Db $db): array
+    public function getEmployeeByUserName(array $user_names, Db $db): array
     {
         $sql = "SELECT `empUID`, `userName`, `lastName`, `firstName`, `middleName`,
                     `phoneticLastName`, `phoneticFirstName`, `domain`, `deleted`,
@@ -562,26 +562,28 @@ private function getEmployeeDataByEmpUID(array $empUID, Db $db): array
     private function updateEmployeeByUserName(string $user_name, array $national_user, Db $db): array
     {
         $vars = array(
-            ':userName' => $user_name,
+            ':userName' => $national_user['user_name'],
             ':lastName' => $national_user['lastName'],
             ':firstName' => $national_user['firstName'],
             ':midInit' => $national_user['middleName'],
             ':phoneticFname' => $national_user['phoneticFirstName'],
             ':phoneticLname' => $national_user['phoneticLastName'],
             ':domain' => $national_user['domain'],
             ':deleted' => $national_user['deleted'],
-            ':lastUpdated' => $national_user['lastUpdated']
+            ':lastUpdated' => $national_user['lastUpdated'],
+            ':localUserName' => $user_name
         );
         $sql = "UPDATE `employee`
-                SET `lastName` = :lastName,
+                SET `userName` = :userName,
+                    `lastName` = :lastName,
                     `firstName` = :firstName,
                     `middleName` = :midInit,
                     `phoneticFirstName` = :phoneticFname,
                     `phoneticLastName` = :phoneticLname,
                     `domain` = :domain,
                     `deleted` = :deleted,
                     `lastUpdated` = :lastUpdated
-                WHERE `userName` = :userName";
+                WHERE `userName` = :localUserName";
         $result = $db->prepared_query($sql, $vars);
 
         $return_value = array(
@@ -676,8 +678,8 @@ public function addNew($firstName, $lastName, $middleName = '', $userName = '',
                       ':phoLastName' => metaphone($this->sanitizeInput($lastName)),
                       ':lastUpdated' => time(), );
         $this->db->prepared_query('INSERT INTO employee (firstName, lastName, middleName, userName, phoneticFirstName, phoneticLastName, lastUpdated, new_empUUID)
-        							VALUES (:firstName, :lastName, :middleName, :userName, :phoFirstName, :phoLastName, :lastUpdated, UUID())
-        							ON DUPLICATE KEY UPDATE deleted=0', $vars);
+                                    VALUES (:firstName, :lastName, :middleName, :userName, :phoFirstName, :phoLastName, :lastUpdated, UUID())
+                                    ON DUPLICATE KEY UPDATE deleted=0', $vars);
 
         $empUID = $this->lookupLogin($this->sanitizeInput($userName))[0]['empUID'];
 
@@ -736,8 +738,8 @@ public function importFromNational($userName)
                                   ':timestamp' => time(),
                                   ':author' => 'imported', );
                     $this->db->prepared_query("INSERT INTO {$this->dataTable} ({$this->dataTableUID}, indicatorID, data, timestamp, author)
-														VALUES (:UID, :indicatorID, :data, :timestamp, :author)
-														ON DUPLICATE KEY UPDATE data=:data, timestamp=:timestamp, author=:author", $vars);
+                                                        VALUES (:UID, :indicatorID, :data, :timestamp, :author)
+                                                        ON DUPLICATE KEY UPDATE data=:data, timestamp=:timestamp, author=:author", $vars);
                 }
 
                 // Email
@@ -747,8 +749,8 @@ public function importFromNational($userName)
                               ':timestamp' => time(),
                               ':author' => 'imported', );
                 $this->db->prepared_query("INSERT INTO {$this->dataTable} ({$this->dataTableUID}, indicatorID, data, timestamp, author)
-													VALUES (:UID, :indicatorID, :data, :timestamp, :author)
-													ON DUPLICATE KEY UPDATE data=:data, timestamp=:timestamp, author=:author", $vars);
+                                                    VALUES (:UID, :indicatorID, :data, :timestamp, :author)
+                                                    ON DUPLICATE KEY UPDATE data=:data, timestamp=:timestamp, author=:author", $vars);
 
                 if ($res[0]['data'][8]['data'] != '')
                 {
@@ -759,8 +761,8 @@ public function importFromNational($userName)
                             ':timestamp' => time(),
                             ':author' => 'imported', );
                     $this->db->prepared_query("INSERT INTO {$this->dataTable} ({$this->dataTableUID}, indicatorID, data, timestamp, author)
-													VALUES (:UID, :indicatorID, :data, :timestamp, :author)
-													ON DUPLICATE KEY UPDATE data=:data, timestamp=:timestamp, author=:author", $vars);
+                                                    VALUES (:UID, :indicatorID, :data, :timestamp, :author)
+                                                    ON DUPLICATE KEY UPDATE data=:data, timestamp=:timestamp, author=:author", $vars);
                 }
 
                 if ($res[0]['data'][23]['data'] != '')
@@ -772,8 +774,8 @@ public function importFromNational($userName)
                                   ':timestamp' => time(),
                                   ':author' => 'imported', );
                     $this->db->prepared_query("INSERT INTO {$this->dataTable} ({$this->dataTableUID}, indicatorID, data, timestamp, author)
-													VALUES (:UID, :indicatorID, :data, :timestamp, :author)
-													ON DUPLICATE KEY UPDATE data=:data, timestamp=:timestamp, author=:author", $vars);
+                                                    VALUES (:UID, :indicatorID, :data, :timestamp, :author)
+                                                    ON DUPLICATE KEY UPDATE data=:data, timestamp=:timestamp, author=:author", $vars);
                 }
 
                 return $empUID;
@@ -930,7 +932,7 @@ public function lookupEmpUID($empUID)
         $sqlVars = array(':empUID' => $empUID);
         $result = $this->db->prepared_query($strSQL, $sqlVars);
 
-	$strSQL = "SELECT data AS email FROM {$this->dataTable} WHERE empUID=:empUID AND indicatorID = 6";
+        $strSQL = "SELECT data AS email FROM {$this->dataTable} WHERE empUID=:empUID AND indicatorID = 6";
         $resEmail = $this->db->prepared_query($strSQL, $sqlVars);
 
         if(isset($result[0]) && isset($resEmail[0])) {
@@ -1091,12 +1093,13 @@ public function lookupName($lastName, $firstName, $middleName = '')
 
     public function lookupEmail($email)
     {
-        $sql = "SELECT * FROM {$this->dataTable}
-    				LEFT JOIN {$this->tableName} USING (empUID)
-    				WHERE indicatorID = 6
-    					AND data = :email
-    					AND deleted = 0
-    				{$this->limit}";
+        $sql = "SELECT *
+                FROM {$this->dataTable}
+                LEFT JOIN {$this->tableName} USING (empUID)
+                WHERE indicatorID = 6
+                    AND data = :email
+                    AND deleted = 0
+                {$this->limit}";
 
         $vars = array(':email' => $email);
 
@@ -1106,11 +1109,11 @@ public function lookupEmail($email)
     public function lookupPhone($phone)
     {
         $sql = "SELECT * FROM {$this->dataTable}
-			    	LEFT JOIN {$this->tableName} USING (empUID)
-			    	WHERE indicatorID = 5
-				    	AND data LIKE :phone
-				    	AND deleted = 0
-				    	{$this->limit}";
+                    LEFT JOIN {$this->tableName} USING (empUID)
+                    WHERE indicatorID = 5
+                        AND data LIKE :phone
+                        AND deleted = 0
+                        {$this->limit}";
 
         $vars = array(':phone' => $this->parseWildcard('*' . $phone));
 
@@ -1124,8 +1127,8 @@ public function lookupByIndicatorID($indicatorID, $query)
         );
 
         $res = $this->db->prepared_query("SELECT * FROM {$this->dataTable}
-    						LEFT JOIN {$this->tableName} USING ({$this->dataTableUID})
-    						WHERE indicatorID = :indicatorID
+                            LEFT JOIN {$this->tableName} USING ({$this->dataTableUID})
+                            WHERE indicatorID = :indicatorID
                                 AND data LIKE :query
                                 AND deleted=0", $vars);
 
@@ -1144,9 +1147,9 @@ public function getBackups($empUID)
         }
         $vars = array(':empUID' => $empUID);
         $res = $this->db->prepared_query('SELECT * FROM relation_employee_backup
-    										LEFT JOIN employee ON
-    											relation_employee_backup.backupEmpUID = employee.empUID
-    										WHERE relation_employee_backup.empUID=:empUID', $vars);
+                                            LEFT JOIN employee ON
+                                                relation_employee_backup.backupEmpUID = employee.empUID
+                                            WHERE relation_employee_backup.empUID=:empUID', $vars);
 
         $this->cache["getBackups_{$empUID}"] = $res;
 
@@ -1169,8 +1172,8 @@ public function getBackupsFor($empUID)
         }
         $vars = array(':empUID' => $empUID);
         $res = $this->db->prepared_query('SELECT * FROM relation_employee_backup
-    										LEFT JOIN employee USING (empUID)
-    										WHERE relation_employee_backup.backupEmpUID=:empUID', $vars);
+                                            LEFT JOIN employee USING (empUID)
+                                            WHERE relation_employee_backup.backupEmpUID=:empUID', $vars);
 
         $this->cache["getBackupsFor_{$empUID}"] = $res;
 
@@ -1199,7 +1202,7 @@ public function setBackup($primaryEmpUID, $backupEmpUID)
                       ':backupEmpUID' => $backupEmpUID,
                       ':approver' => $this->login->getUserID(), );
         $res = $this->db->prepared_query('INSERT INTO relation_employee_backup (empUID, backupEmpUID, approved, approverUserName)
-											VALUES (:empUID, :backupEmpUID, 1, :approver)', $vars);
+                                            VALUES (:empUID, :backupEmpUID, 1, :approver)', $vars);
 
         return true;
     }
@@ -1225,7 +1228,7 @@ public function removeBackup($primaryEmpUID, $backupEmpUID)
         $vars = array(':empUID' => $primaryEmpUID,
                       ':backupEmpUID' => $backupEmpUID, );
         $res = $this->db->prepared_query('DELETE FROM relation_employee_backup
-											WHERE empUID=:empUID AND backupEmpUID=:backupEmpUID', $vars);
+                                            WHERE empUID=:empUID AND backupEmpUID=:backupEmpUID', $vars);
 
         return true;
     }

LEAF_Request_Portal/admin/ajaxJSON.php

@@ -7,6 +7,10 @@
     JSON index for legacy ajax endpoints
     Date Created: August 13, 2009
 
+    This file has been deprecated, as of June 28, 2023 there is nothing in here
+    that is used in the general LEAF application, It is being left until we can
+    verify that it is not used in any custom setups.
+
 */
 
 error_reporting(E_ERROR);
@@ -29,7 +33,7 @@
     case 'mod_groups_getMembers':
         $group = new Portal\Group($db, $login);
 
-        echo json_encode($group->getMembers($_GET['groupID']));
+        echo $group->getMembers($_GET['groupID'])['data'];
 
         break;
     case 'directory_lookup':

LEAF_Request_Portal/admin/index.php

@@ -197,6 +197,7 @@ function hasDevConsoleAccess($login, $oc_db)
                                             $libsPath.'js/codemirror/lib/codemirror.css',
                                             $libsPath.'js/codemirror/addon/display/fullscreen.css',
                                             $libsPath.'js/choicesjs/choices.min.css',
+                                            $libsPath.'js/vue-dest/form_editor/LEAF_FormEditor.css',
                                             $site_paths['orgchart_path'] . '/css/employeeSelector.css',
                                             $site_paths['orgchart_path'] . '/css/groupSelector.css',
                                             $site_paths['orgchart_path'] . '/css/positionSelector.css'
@@ -537,6 +538,37 @@ function hasDevConsoleAccess($login, $oc_db)
             $main->assign('body', 'You require System Administrator level access to view this section.');
         }
 
+        break;
+    case 'site_designer':
+        $t_form = new Smarty;
+        $t_form->left_delimiter = '<!--{';
+        $t_form->right_delimiter = '}-->';
+        $libsPath = '../../libs/';
+        $t_form->assign('CSRFToken', $_SESSION['CSRFToken']);
+        $t_form->assign('APIroot', '../api/');
+        $t_form->assign('libsPath', $libsPath);
+        $t_form->assign('orgchartPath', '../..'.$site_paths['orgchart_path']);
+        $t_form->assign('userID', Leaf\XSSHelpers::sanitizeHTML($login->getUserID()));
+
+        $main->assign('javascripts', array(
+            '../js/form.js', '../js/formGrid.js', '../js/formQuery.js', '../js/formSearch.js',
+            $libsPath.'js/jquery/chosen/chosen.jquery.min.js',
+            $libsPath.'js/choicesjs/choices.min.js',
+            $libsPath.'js/LEAF/XSSHelpers.js',
+            $libsPath.'js/jquery/jquery-ui.custom.min.js',
+            $libsPath.'js/jquery/trumbowyg/trumbowyg.min.js'
+        ));
+        $main->assign('stylesheets', array(
+            $libsPath.'js/jquery/chosen/chosen.min.css',
+            $libsPath.'js/choicesjs/choices.min.css',
+            $libsPath.'js/vue-dest/site_designer/LEAF_Designer.css'
+        ));
+
+        if ($login->checkGroup(1)) {
+            $main->assign('body', $t_form->fetch('site_designer_vue.tpl'));
+        } else {
+            $main->assign('body', 'You require System Administrator level access to view this section.');
+        }
         break;
     default:
 //        $main->assign('useDojo', false);

LEAF_Request_Portal/admin/templates/form_editor_vue.tpl

@@ -19,7 +19,7 @@
     </leaf-form-dialog>
 </div>
 
-<script type="text/javascript" src="<!--{$libsPath}-->js/vue-dest/LEAF_FormEditor_main_build.js" defer></script>
+<script type="text/javascript" src="<!--{$libsPath}-->js/vue-dest/form_editor/LEAF_FormEditor.js" defer></script>
 
 <script>
     const CSRFToken = '<!--{$CSRFToken}-->';

LEAF_Request_Portal/admin/templates/menu.tpl

@@ -21,6 +21,7 @@
         <ul>
 
             <li><a href="./">Admin Home<i class="leaf-nav-icon-space"></i></a></li>
+            <li><a href="https://leaf.va.gov/platform/service_requests_launchpad/" target="_blank">Get Help<i class="leaf-nav-icon-space"></i></a></li>
 
             <li class="lev3">
                 <a href="javascript:void(0);">User Access</a>