Merge branch 'main' into BC-7995-node-22

hpi-schul-cloud · Nov 8, 2024 · dd4a666 · dd4a666
2 parents f4592e7 + 133f4c4
commit dd4a666
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 5 deletions.
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -141,13 +141,17 @@ jobs:
         security-events: write
     steps:
       - name: run trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
         with:
           image-ref: 'ghcr.io/${{ github.repository }}-default:${{ needs.branch_meta.outputs.sha }}'
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
           ignore-unfixed: true
+          scan-type: 'image'
+        env:
+          TRIVY_SKIP_DB_UPDATE: true
+          TRIVY_SKIP_JAVA_DB_UPDATE: true
       - name: upload trivy results
         if: ${{ always() }}
         uses: github/codeql-action/upload-sarif@v3

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -0,0 +1,39 @@
+# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.
+# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true.
+name: Update Trivy Cache
+
+on:
+  schedule:
+    - cron: '0 0 * * *'  # Run daily at midnight UTC
+  workflow_dispatch:  # Allow manual triggering
+
+jobs:
+  update-trivy-db:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup oras
+        uses: oras-project/setup-oras@v1
+
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+      - name: Download and extract the vulnerability DB
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
+          oras pull ghcr.io/aquasecurity/trivy-db:2
+          tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
+          rm db.tar.gz
+
+      - name: Download and extract the Java DB
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
+          oras pull ghcr.io/aquasecurity/trivy-java-db:1
+          tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
+          rm javadb.tar.gz
+
+      - name: Cache DBs
+        uses: actions/cache/save@v4
+        with:
+          path: ${{ github.workspace }}/.cache/trivy
+          key: cache-trivy-${{ steps.date.outputs.date }}
diff --git a/controllers/courses.js b/controllers/courses.js
@@ -80,8 +80,8 @@ const getSyncedElements = 	(
 		startDate,
 		untilDate,
 		syncedWithGroup,
+		excludeFromSync: course.excludeFromSync?.join(','),
 	};
-
 	return selectedElements;
 };
 
@@ -305,7 +305,17 @@ const editCourseHandler = (req, res, next) => {
 
 		if (syncedGroupId && group) {
 			course.name = group.name;
-			course.teacherIds = getUserIdsByRole(group.users, 'teacher');
+
+			const teacherIds = getUserIdsByRole(group.users, 'teacher');
+			const isTeacherInGroup = teacherIds.some((tid) => tid === res.locals.currentUser._id);
+			const isTeacher = res.locals.currentUser.roles.map((role) => role.name).includes('teacher');
+			if (!isTeacherInGroup && isTeacher) {
+				course.excludeFromSync = ['teachers'];
+				course.teacherIds = [res.locals.currentUser._id];
+			} else {
+				course.teacherIds = teacherIds;
+			}
+
 			course.userIds = getUserIdsByRole(group.users, 'student');
 
 			if (group.validPeriod) {
@@ -578,7 +588,7 @@ router.post('/', (req, res, next) => {
 		req.body.untilDate = untilDate.toDate();
 	}
 
-	const keys = ['teacherIds', 'substitutionIds', 'classIds', 'userIds'];
+	const keys = ['teacherIds', 'substitutionIds', 'classIds', 'userIds', 'excludeFromSync'];
 	req.body = strToPropsArray(req.body, keys);
 
 	req.body.features = [];
@@ -843,7 +853,7 @@ router.patch('/:courseId', async (req, res, next) => {
 			req.body.substitutionIds = [];
 		}
 
-		const keys = ['teacherIds', 'substitutionIds', 'classIds', 'userIds'];
+		const keys = ['teacherIds', 'substitutionIds', 'classIds', 'userIds', 'excludeFromSync'];
 		req.body = strToPropsArray(req.body, keys);
 
 		const startDate = timesHelper.dateTimeStringToMoment(req.body.startDate).utc();

diff --git a/views/courses/create-course.hbs b/views/courses/create-course.hbs
@@ -188,6 +188,10 @@
               </div>
             </div>
 
+              {{#if syncedWithGroup}}
+                      <input type="hidden" id="excludeFromSync" name="excludeFromSync" value="{{excludeFromSync}}">
+              {{/if}}
+
             </section>
 
             <section data-panel="section-2" data-testid="section-2-area" class="submit-page course-submit-page">

diff --git a/views/courses/edit-course.hbs b/views/courses/edit-course.hbs
@@ -300,6 +300,9 @@
 					</button>
 				</div>
 
+                {{#if course.syncedWithGroup}}
+                    <input type="hidden" id="excludeFromSync" name="excludeFromSync" value="{{excludeFromSync}}">
+                {{/if}}
 
 				{{#unless @root.course.isArchived}}
 					<div class="modal-footer">