MISP/app/Model/SharingGroup.php

<?php
App::uses('AppModel', 'Model');

class SharingGroup extends AppModel {
	
	public $actsAs = array('Containable');
	public $validate = array(
		'name' => array(
			'unique' => array(
				'rule' => 'isUnique',
				'message' => 'A sharing group with this name already exists.'
			),
			'notempty' => array(
				'rule' => array('notempty'),
			),
		),
		'uuid' => array(
			'uuid' => array(
				'rule' => array('uuid'),
				'message' => 'Please provide a valid UUID'
			),
		)
	);
	public $hasMany = array(
		'SharingGroupOrg' => array(
			'className' => 'SharingGroupOrg',
			'foreignKey' => 'sharing_group_id',
			'dependent' => true,	// cascade deletes
		),
		'SharingGroupServer' => array(
			'className' => 'SharingGroupServer',
			'foreignKey' => 'sharing_group_id',
			'dependent' => true,	// cascade deletes
		)
	);
	
	public $belongsTo = array(
		'Organisation' => array(
			'className' => 'Organisation',
			'foreignKey' => 'org_id',
		)
	);


	public function beforeValidate($options = array()) {
		parent::beforeValidate();
		if (empty($this->data['SharingGroup']['uuid'])) {
			$this->data['SharingGroup']['uuid'] = String::uuid();
		}
		$date = date('Y-m-d H:i:s');
		if (empty($this->data['SharingGroup']['date_created'])) {
			$this->data['SharingGroup']['date_created'] = $date;
		}
		$this->data['SharingGroup']['date_modified'] = $date;
		return true;
	}
	
	// returns a list of all sharing groups that the user is allowed to see
	// scope can be:
	// full: Entire SG object with all organisations and servers attached
	// name: array in ID => name key => value format
	// false: array with all IDs
	public function fetchAllAuthorised($user, $scope = false, $active = false) {
		$conditions = array();
		if ($active !== false) $conditions['AND'][] = array('SharingGroup.active' => $active);
		if ($user['Role']['perm_site_admin']) {
			$sgs = $this->find('all', array(
				'recursive' => -1,
				'fields' => array('id'),
				'conditions' => $conditions
			));
			$ids = array();
			foreach ($sgs as $sg) $ids[] = $sg['SharingGroup']['id'];
		} else {
			$ids = array_unique(array_merge($this->SharingGroupServer->fetchAllAuthorised(), $this->SharingGroupOrg->fetchAllAuthorised($user['Organisation']['id'])));
		}
		if ($scope === 'full') {
			if (!empty($ids)) $conditions['And'][] = array('SharingGroup.id' => $ids);
			$sgs = $this->find('all', array(
				'contain' => array('SharingGroupServer' => array('Server'), 'SharingGroupOrg' => array('Organisation'), 'Organisation'),
				'conditions' => $conditions,
				'order' => 'name ASC'
			));
			return $sgs;
		} else if ($scope == 'name') {
			if (!empty($ids)) $conditions['And'][] = array('SharingGroup.id' => $ids);
			$sgs = $this->find('list', array(
				'recursive' => -1,
				'fields' => array('id', 'name'),
				'order' => 'name ASC',
				'conditions' => $conditions,
			));
			return $sgs;
		} else {
			return $ids;
		}
	}
	
	
	public function checkIfAuthorisedExtend($user, $id) {
		if ($this->checkIfOwner($user, $id)) return true;
		$this->id = $id;
		if (!$this->exists()) return false;
		$sg = $this->SharingGroupOrg->find('first', array(
			'conditions' => array(
				'sharing_group_id' => $id,
				'org_id' => $user['org_id'],
				'extend' => 1,
			),
			'recursive' => -1,
			'fields' => array('id', 'org_id', 'extend')
		));
		if (empty($sg)) return false;
		else return true;
	}
	
	// returns true if the SG exists and the user is allowed to see it
	public function checkIfAuthorised($user, $id) {
		if (!isset($user['id'])) throw new MethodNotAllowedException('Invalid user.');
		$this->id = $id;
		if (!$this->exists()) return false;
		if ($user['Role']['perm_site_admin'] || $this->SharingGroupServer->checkIfAuthorised($id) || $this->SharingGroupOrg->checkIfAuthorised($id, $user['Organisation']['id'])) return true;
		return false;
	}
	
	public function checkIfOwner($user, $id) {
		if (!isset($user['id'])) throw new MethodNotAllowedException('Invalid user.');
		$this->id = $id;
		if (!$this->exists()) return false;
		if ($user['Role']['perm_site_admin']) return true;
		$sg = $this->find('first', array(
				'conditions' => array('SharingGroup.id' => $id),
				'recursive' => -1,
				'fields' => array('id', 'org_id'),
		));
		return ($sg['SharingGroup']['org_id'] == $user['org_id']);
	}
}
Initial commit 2015-02-23 11:33:38 +01:00			`<?php`
			`App::uses('AppModel', 'Model');`

			`class SharingGroup extends AppModel {`

			`public $actsAs = array('Containable');`
			`public $validate = array(`
			`'name' => array(`
			`'unique' => array(`
			`'rule' => 'isUnique',`
			`'message' => 'A sharing group with this name already exists.'`
			`),`
			`'notempty' => array(`
			`'rule' => array('notempty'),`
			`),`
			`),`
			`'uuid' => array(`
			`'uuid' => array(`
			`'rule' => array('uuid'),`
			`'message' => 'Please provide a valid UUID'`
			`),`
			`)`
			`);`
			`public $hasMany = array(`
Further work on the sharing groups 2015-04-07 00:24:44 +02:00			`'SharingGroupOrg' => array(`
			`'className' => 'SharingGroupOrg',`
			`'foreignKey' => 'sharing_group_id',`
			`'dependent' => true, // cascade deletes`
			`),`
			`'SharingGroupServer' => array(`
			`'className' => 'SharingGroupServer',`
Initial commit 2015-02-23 11:33:38 +01:00			`'foreignKey' => 'sharing_group_id',`
			`'dependent' => true, // cascade deletes`
			`)`
			`);`

			`public $belongsTo = array(`
			`'Organisation' => array(`
			`'className' => 'Organisation',`
Further progress 2015-04-18 07:53:18 +02:00			`'foreignKey' => 'org_id',`
Initial commit 2015-02-23 11:33:38 +01:00			`)`
			`);`
Update to the roles and user filtering - new role permission added for SG editors - roles reworked, permissions all looked up centrally from the role model instead of code replication across controllers and views - user filtering now correctly uses organisation objects instead of org strings 2015-04-07 14:47:14 +02:00
Initial commit 2015-02-23 11:33:38 +01:00
			`public function beforeValidate($options = array()) {`
			`parent::beforeValidate();`
			`if (empty($this->data['SharingGroup']['uuid'])) {`
			`$this->data['SharingGroup']['uuid'] = String::uuid();`
			`}`
			`$date = date('Y-m-d H:i:s');`
			`if (empty($this->data['SharingGroup']['date_created'])) {`
			`$this->data['SharingGroup']['date_created'] = $date;`
			`}`
			`$this->data['SharingGroup']['date_modified'] = $date;`
			`return true;`
			`}`

Further work on the sharing groups 2015-04-07 00:24:44 +02:00			`// returns a list of all sharing groups that the user is allowed to see`
Further work on the sharing groups - correlations should work fine now - users can only see events they should be allowed to see on the event index / event view / event history view 2015-04-10 15:23:53 +02:00			`// scope can be:`
			`// full: Entire SG object with all organisations and servers attached`
			`// name: array in ID => name key => value format`
			`// false: array with all IDs`
Sharing groups correctly selectable in attributes - still needs work 2015-04-14 18:11:51 +02:00			`public function fetchAllAuthorised($user, $scope = false, $active = false) {`
			`$conditions = array();`
			`if ($active !== false) $conditions['AND'][] = array('SharingGroup.active' => $active);`
Further work on the sharing groups 2015-04-07 00:24:44 +02:00			`if ($user['Role']['perm_site_admin']) {`
			`$sgs = $this->find('all', array(`
			`'recursive' => -1,`
			`'fields' => array('id'),`
Sharing groups correctly selectable in attributes - still needs work 2015-04-14 18:11:51 +02:00			`'conditions' => $conditions`
Further work on the sharing groups 2015-04-07 00:24:44 +02:00			`));`
			`$ids = array();`
			`foreach ($sgs as $sg) $ids[] = $sg['SharingGroup']['id'];`
			`} else {`
			`$ids = array_unique(array_merge($this->SharingGroupServer->fetchAllAuthorised(), $this->SharingGroupOrg->fetchAllAuthorised($user['Organisation']['id'])));`
Initial commit 2015-02-23 11:33:38 +01:00			`}`
Further work on the sharing groups: - changes to the data model - correlation engine updated 2015-04-09 17:27:34 +02:00			`if ($scope === 'full') {`
Sharing groups correctly selectable in attributes - still needs work 2015-04-14 18:11:51 +02:00			`if (!empty($ids)) $conditions['And'][] = array('SharingGroup.id' => $ids);`
Further work on the sharing groups: - changes to the data model - correlation engine updated 2015-04-09 17:27:34 +02:00			`$sgs = $this->find('all', array(`
			`'contain' => array('SharingGroupServer' => array('Server'), 'SharingGroupOrg' => array('Organisation'), 'Organisation'),`
Sharing groups correctly selectable in attributes - still needs work 2015-04-14 18:11:51 +02:00			`'conditions' => $conditions,`
Further work on the sharing groups: - changes to the data model - correlation engine updated 2015-04-09 17:27:34 +02:00			`'order' => 'name ASC'`
			`));`
			`return $sgs;`
			`} else if ($scope == 'name') {`
Sharing groups correctly selectable in attributes - still needs work 2015-04-14 18:11:51 +02:00			`if (!empty($ids)) $conditions['And'][] = array('SharingGroup.id' => $ids);`
Further work on the sharing groups: - changes to the data model - correlation engine updated 2015-04-09 17:27:34 +02:00			`$sgs = $this->find('list', array(`
			`'recursive' => -1,`
			`'fields' => array('id', 'name'),`
Further work on the sharing groups - correlations should work fine now - users can only see events they should be allowed to see on the event index / event view / event history view 2015-04-10 15:23:53 +02:00			`'order' => 'name ASC',`
Sharing groups correctly selectable in attributes - still needs work 2015-04-14 18:11:51 +02:00			`'conditions' => $conditions,`
Further work on the sharing groups: - changes to the data model - correlation engine updated 2015-04-09 17:27:34 +02:00			`));`
			`return $sgs;`
			`} else {`
			`return $ids;`
			`}`
Initial commit 2015-02-23 11:33:38 +01:00			`}`

Further progress 2015-04-18 07:53:18 +02:00
			`public function checkIfAuthorisedExtend($user, $id) {`
			`if ($this->checkIfOwner($user, $id)) return true;`
			`$this->id = $id;`
			`if (!$this->exists()) return false;`
			`$sg = $this->SharingGroupOrg->find('first', array(`
			`'conditions' => array(`
			`'sharing_group_id' => $id,`
			`'org_id' => $user['org_id'],`
			`'extend' => 1,`
			`),`
			`'recursive' => -1,`
			`'fields' => array('id', 'org_id', 'extend')`
			`));`
			`if (empty($sg)) return false;`
			`else return true;`
			`}`

Further work on the sharing groups 2015-04-07 00:24:44 +02:00			`// returns true if the SG exists and the user is allowed to see it`
			`public function checkIfAuthorised($user, $id) {`
			`if (!isset($user['id'])) throw new MethodNotAllowedException('Invalid user.');`
			`$this->id = $id;`
			`if (!$this->exists()) return false;`
			`if ($user['Role']['perm_site_admin'] \|\| $this->SharingGroupServer->checkIfAuthorised($id) \|\| $this->SharingGroupOrg->checkIfAuthorised($id, $user['Organisation']['id'])) return true;`
			`return false;`
Initial commit 2015-02-23 11:33:38 +01:00			`}`

Further work on the sharing groups 2015-04-07 00:24:44 +02:00			`public function checkIfOwner($user, $id) {`
			`if (!isset($user['id'])) throw new MethodNotAllowedException('Invalid user.');`
			`$this->id = $id;`
			`if (!$this->exists()) return false;`
			`if ($user['Role']['perm_site_admin']) return true;`
			`$sg = $this->find('first', array(`
			`'conditions' => array('SharingGroup.id' => $id),`
			`'recursive' => -1,`
Further progress 2015-04-18 07:53:18 +02:00			`'fields' => array('id', 'org_id'),`
Further work on the sharing groups 2015-04-07 00:24:44 +02:00			`));`
Further progress 2015-04-18 07:53:18 +02:00			`return ($sg['SharingGroup']['org_id'] == $user['org_id']);`
Further work on the sharing groups 2015-04-07 00:24:44 +02:00			`}`
Initial commit 2015-02-23 11:33:38 +01:00			`}`