AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[FIX] SIM-06 + EmailService + WebhookService + supplier assessment

Browse Source 
- ServicesController::provision(): created_by usa userId (INT) non string
- EmailService::logEmail(): rimosso sent_at (colonna non esiste in email_log)
- WebhookService::incidentPayload(): status ?? 'detected' (null-safe)
- simulate-nis2.php: supplier assessment usa formato assessment_responses
  corretto [{question, weight, value: yes|partial|no}]

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
DevEnv nis2-agile 2026-03-09 09:56:39 +01:00
parent 4be541e9b5
commit 13df162ec4
4 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
application/controllers/ServicesController.php
View File

@ -647,7 +647,7 @@ class ServicesController extends BaseController
$orgId, $keyName, $keyPrefix, $keyHash, $orgId, $keyName, $keyPrefix, $keyHash,
json_encode(['read:all', 'write:all', 'admin:org', 'sso:login']), json_encode(['read:all', 'write:all', 'admin:org', 'sso:login']),
$expiresAt, $expiresAt,
'provision:' . ($caller['system'] ?? 'external'), $userId, // created_by: admin utente provisioned
] ]
); );

1
application/services/EmailService.php
View File

@ -609,7 +609,6 @@ class EmailService
'recipient' => $to, 'recipient' => $to,
'subject' => mb_substr($subject, 0, 255), 'subject' => mb_substr($subject, 0, 255),
'status' => $success ? 'sent' : 'failed', 'status' => $success ? 'sent' : 'failed',
'sent_at' => date('Y-m-d H:i:s'),
]); ]);
} catch (\Throwable $e) { } catch (\Throwable $e) {
error_log('[EmailService] Errore log email: ' . $e->getMessage()); error_log('[EmailService] Errore log email: ' . $e->getMessage());

2
application/services/WebhookService.php
View File

@ -237,7 +237,7 @@ class WebhookService
'title' => $incident['title'], 'title' => $incident['title'],
'classification' => $incident['classification'], 'classification' => $incident['classification'],
'severity' => $incident['severity'], 'severity' => $incident['severity'],
'status' => $incident['status'], 'status' => $incident['status'] ?? 'detected',
'is_significant' => (bool)$incident['is_significant'], 'is_significant' => (bool)$incident['is_significant'],
'detected_at' => $incident['detected_at'], 'detected_at' => $incident['detected_at'],
'art23_deadlines' => [ 'art23_deadlines' => [

16
simulate-nis2.php
View File

@ -809,13 +809,17 @@ foreach ($COMPANIES as $slug => $comp) {
// Assessment fornitore // Assessment fornitore
if ($supId) { if ($supId) {
// assessment_responses: array di {question, weight, value: yes|partial|no}
$highRisk = in_array($supDef['risk_level'], ['high', 'critical']);
$assessRes = api('POST', "/supply-chain/{$supId}/assess", [ $assessRes = api('POST', "/supply-chain/{$supId}/assess", [
'has_security_controls' => 1, 'assessment_responses' => [
'has_incident_procedure' => $supDef['risk_level'] !== 'low' ? 1 : 0, ['question' => 'Controlli sicurezza implementati', 'weight' => 3, 'value' => 'yes'],
'gdpr_compliant' => 1, ['question' => 'Procedura gestione incidenti', 'weight' => 2, 'value' => $highRisk ? 'yes' : 'partial'],
'nis2_contractual_clauses' => $supDef['critical'] ? 1 : 0, ['question' => 'Conformità GDPR', 'weight' => 2, 'value' => 'yes'],
'last_audit_date' => date('Y-m-d', strtotime('-6 months')), ['question' => 'Clausole NIS2 nel contratto', 'weight' => 2, 'value' => $supDef['critical'] ? 'yes' : 'partial'],
'notes' => "Assessment automatico — fornitore {$supDef['service_type']}", ['question' => 'Audit sicurezza negli ultimi 12 mesi', 'weight' => 1, 'value' => $highRisk ? 'yes' : 'partial'],
['question' => 'Piano business continuity documentato', 'weight' => 2, 'value' => 'partial'],
],
], $jwt, $orgId); ], $jwt, $orgId);
if (apiOk($assessRes, "supplier.assess")) { if (apiOk($assessRes, "supplier.assess")) {
ok("Assessment fornitore: {$supDef['name']}"); ok("Assessment fornitore: {$supDef['name']}");