MISP/app/Controller/RolesController.php

<?php

App::uses('AppController', 'Controller');

/**
 * Roles Controller
 *
 * @property Role $Role
 */
class RolesController extends AppController {

	public $options = array('0' => 'Read Only', '1' => 'Manage My Own Events', '2' => 'Manage Organization Events', '3' => 'Manage & Publish Organization Events'); // FIXME move this to Role Model

	public $components = array(
		'Security',
		'Session', 'AdminCrud' // => array('fields' => array('name'))
	);

	public $helpers = array('Js' => array('Jquery'));

	public $paginate = array(
			'limit' => 60,
			'order' => array(
					'Role.name' => 'ASC'
			)
	);

	public function beforeFilter() {
		parent::beforeFilter();
	}

/**
 * view method
 *
 * @param string $id
 * @return void
 *
 * @throws NotFoundException
 */
	public function view($id = null) {
		$this->Role->id = $id;
		//$this->Acl->allow($this->Role, 'controllers/Events/add');
		if (!$this->Role->exists()) {
			throw new NotFoundException(__('Invalid role'));
		}
		$this->set('premissionLevelName', $this->Role->premissionLevelName);
		$this->set('role', $this->Role->read(null, $id));
		$this->set('id', $id);
	}

/**
 * admin_add method
 *
 * @return void
 */
	public function admin_add() {
		if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
		if ($this->request->is('post')) {
			$this->Role->create();
			if ($this->Role->save($this->request->data)) {
				$this->Session->setFlash(__(sprintf('The Role has been saved.')));
				$this->set('options', $this->options);
				$passAlong = $this->Role->read(null, $this->Role->getInsertID());
				$this->redirect(array('action' => 'index'));
			} else {
				if (!($this->Session->check('Message.flash'))) {
					$this->Role->Session->setFlash(__(sprintf('The Role could not be saved. Please, try again.')));
				}
			}
		}
		$this->set('permFlags', $this->Role->permFlags);
		$this->set('options', $this->options);
		//$this->AdminCrud->adminAdd();
	}

/**
 * admin_index method
 *
 * @return void
 */
	public function admin_index() {
		if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
		$this->AdminCrud->adminIndex();
		$this->set('permFlags', $this->Role->permFlags);
		$this->set('options', $this->options);
	}

/**
 * admin_edit method
 *
 * @param string $id
 * @return void
 * @throws NotFoundException
 */
	public function admin_edit($id = null) {
		if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
		$this->AdminCrud->adminEdit($id);
		$passAlong = $this->Role->read(null, $id);
		$this->set('options', $this->options);
		$this->set('permFlags', $this->Role->permFlags);
		$this->set('id', $id);
	}

/**
 * admin_delete method
 *
 * @param string $id
 *
 * @throws MethodNotAllowedException
 * @throws NotFoundException
 *
 * @return void
 */
	public function admin_delete($id = null) {
		$this->AdminCrud->adminDelete($id);
	}

/**
 * index method
 *
 * @return void
 */
	public function index() {
		$this->recursive = 0;
		$this->set('permFlags', $this->Role->permFlags);
		$this->set('list', $this->paginate());
		$this->set('options', $this->options);
	}
}
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`<?php`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`App::uses('AppController', 'Controller');`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`/**`
Role renamed everything group to role (i.s.o. renaming just the visable). 2012-12-12 16:15:01 +01:00			`* Roles Controller`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`*`
Role renamed everything group to role (i.s.o. renaming just the visable). 2012-12-12 16:15:01 +01:00			`* @property Role $Role`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`*/`
Role renamed everything group to role (i.s.o. renaming just the visable). 2012-12-12 16:15:01 +01:00			`class RolesController extends AppController {`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00
fix sanitization in Roles #96 2013-04-24 15:24:39 +02:00			`public $options = array('0' => 'Read Only', '1' => 'Manage My Own Events', '2' => 'Manage Organization Events', '3' => 'Manage & Publish Organization Events'); // FIXME move this to Role Model`
RBAC change the “Requested Level of User Access” items conform "draft of Terms-ofUse and Joining Instruction".‏ 2012-11-08 10:31:50 +01:00
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`public $components = array(`
coding standards Coding Standards. 2012-12-19 02:48:53 +01:00			`'Security',`
RBAC ampesant in html. 2013-01-22 15:46:39 +01:00			`'Session', 'AdminCrud' // => array('fields' => array('name'))`
coding standards Coding Standards. 2012-12-19 02:48:53 +01:00			`);`
RBAC Forgot to call saveAcl in Groups::add(). (to correct wrong behavior, edit group, do not change any and button submit.) 2012-09-18 17:32:34 +02:00
Roles controller Jquery helper added For some reason I needed it 2013-01-22 16:15:32 +01:00			`public $helpers = array('Js' => array('Jquery'));`

coding standards Coding Standards. 2012-12-19 02:48:53 +01:00			`public $paginate = array(`
			`'limit' => 60,`
			`'order' => array(`
			`'Role.name' => 'ASC'`
			`)`
			`);`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00
coding standards Coding Standards. 2012-12-19 02:48:53 +01:00			`public function beforeFilter() {`
			`parent::beforeFilter();`
			`}`
RBAC Forgot to call saveAcl in Groups::add(). (to correct wrong behavior, edit group, do not change any and button submit.) 2012-09-18 17:32:34 +02:00
RBAC roles/view/<id>. 2013-01-22 16:12:36 +01:00			`/**`
			`* view method`
			`*`
			`* @param string $id`
			`* @return void`
coding standards Coding Standards. 2013-01-28 12:05:23 +01:00			`*`
			`* @throws NotFoundException`
RBAC roles/view/<id>. 2013-01-22 16:12:36 +01:00			`*/`
			`public function view($id = null) {`
			`$this->Role->id = $id;`
Reworked aros_acos creation - moved and fixed the aros_acos creation on the new role creation - new method in appController that sets all the aros_acos from scratch (for example for a new instance, or a changed acos / aros table) - some minor changes, redirects to the terms page on invalid events removed, etc. 2013-02-05 17:22:37 +01:00			`//$this->Acl->allow($this->Role, 'controllers/Events/add');`
RBAC roles/view/<id>. 2013-01-22 16:12:36 +01:00			`if (!$this->Role->exists()) {`
			`throw new NotFoundException(__('Invalid role'));`
			`}`
Further progress 2015-08-31 02:32:37 +02:00			`$this->set('premissionLevelName', $this->Role->premissionLevelName);`
RBAC roles/view/<id>. 2013-01-22 16:12:36 +01:00			`$this->set('role', $this->Role->read(null, $id));`
Further work on the UI - reworked almost all of the side menues to be centralised - Some fixes for the IOC export not handling two new-ish types correctly - Some changes to the menues (including a few options that didn't exist before) - rework of the popovers in some forms 2013-10-24 16:41:42 +02:00			`$this->set('id', $id);`
RBAC roles/view/<id>. 2013-01-22 16:12:36 +01:00			`}`

DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`/**`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00			`* admin_add method`
coding standards Coding Standards. 2012-12-19 02:48:53 +01:00			`*`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`* @return void`
			`*/`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00			`public function admin_add() {`
First rework of the siteadmin role - ADMIN org removed. - Siteadmins are now identified by the perm_site_admin flag - Siteadmins can now be of any organisation - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin. 2013-10-03 11:45:27 +02:00			`if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));`
Reworked aros_acos creation - moved and fixed the aros_acos creation on the new role creation - new method in appController that sets all the aros_acos from scratch (for example for a new instance, or a changed acos / aros table) - some minor changes, redirects to the terms page on invalid events removed, etc. 2013-02-05 17:22:37 +01:00			`if ($this->request->is('post')) {`
			`$this->Role->create();`
			`if ($this->Role->save($this->request->data)) {`
			`$this->Session->setFlash(__(sprintf('The Role has been saved.')));`
			`$this->set('options', $this->options);`
			`$passAlong = $this->Role->read(null, $this->Role->getInsertID());`
			`$this->redirect(array('action' => 'index'));`
			`} else {`
			`if (!($this->Session->check('Message.flash'))) {`
			`$this->Role->Session->setFlash(__(sprintf('The Role could not be saved. Please, try again.')));`
			`}`
			`}`
			`}`
Update to the roles and user filtering - new role permission added for SG editors - roles reworked, permissions all looked up centrally from the role model instead of code replication across controllers and views - user filtering now correctly uses organisation objects instead of org strings 2015-04-07 14:47:14 +02:00			`$this->set('permFlags', $this->Role->permFlags);`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00			`$this->set('options', $this->options);`
Reworked aros_acos creation - moved and fixed the aros_acos creation on the new role creation - new method in appController that sets all the aros_acos from scratch (for example for a new instance, or a changed acos / aros table) - some minor changes, redirects to the terms page on invalid events removed, etc. 2013-02-05 17:22:37 +01:00			`//$this->AdminCrud->adminAdd();`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`}`
RBAC Forgot to call saveAcl in Groups::add(). (to correct wrong behavior, edit group, do not change any and button submit.) 2012-09-18 17:32:34 +02:00
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`/**`
			`* admin_index method`
			`*`
			`* @return void`
			`*/`
			`public function admin_index() {`
First rework of the siteadmin role - ADMIN org removed. - Siteadmins are now identified by the perm_site_admin flag - Siteadmins can now be of any organisation - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin. 2013-10-03 11:45:27 +02:00			`if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00			`$this->AdminCrud->adminIndex();`
Update to the roles and user filtering - new role permission added for SG editors - roles reworked, permissions all looked up centrally from the role model instead of code replication across controllers and views - user filtering now correctly uses organisation objects instead of org strings 2015-04-07 14:47:14 +02:00			`$this->set('permFlags', $this->Role->permFlags);`
RBAC change the “Requested Level of User Access” items conform "draft of Terms-ofUse and Joining Instruction".‏ 2012-11-08 10:31:50 +01:00			`$this->set('options', $this->options);`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`}`

			`/**`
			`* admin_edit method`
			`*`
			`* @param string $id`
			`* @return void`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00			`* @throws NotFoundException`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`*/`
			`public function admin_edit($id = null) {`
First rework of the siteadmin role - ADMIN org removed. - Siteadmins are now identified by the perm_site_admin flag - Siteadmins can now be of any organisation - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin. 2013-10-03 11:45:27 +02:00			`if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00			`$this->AdminCrud->adminEdit($id);`
Minor changes - some changes to the access control - re-renabled regexp and blacklists, will need a closer look though - editing a role should update ACL - some other minor things 2013-02-21 17:24:41 +01:00			`$passAlong = $this->Role->read(null, $id);`
RBAC change the “Requested Level of User Access” items conform "draft of Terms-ofUse and Joining Instruction".‏ 2012-11-08 10:31:50 +01:00			`$this->set('options', $this->options);`
Update to the roles and user filtering - new role permission added for SG editors - roles reworked, permissions all looked up centrally from the role model instead of code replication across controllers and views - user filtering now correctly uses organisation objects instead of org strings 2015-04-07 14:47:14 +02:00			`$this->set('permFlags', $this->Role->permFlags);`
Further work on the UI - reworked almost all of the side menues to be centralised - Some fixes for the IOC export not handling two new-ish types correctly - Some changes to the menues (including a few options that didn't exist before) - rework of the popovers in some forms 2013-10-24 16:41:42 +02:00			`$this->set('id', $id);`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`}`

			`/**`
			`* admin_delete method`
			`*`
Org admin privileges Added restrictions for org admins and regular users to be able to see regexp/whitelist/blacklist information without being able to edit them. Org admins can also see the roles but not edit them. 2013-01-28 11:44:09 +01:00			`* @param string $id`
coding standards Coding Standards. 2012-12-19 02:48:53 +01:00			`*`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00			`* @throws MethodNotAllowedException`
coding standards Coding Standards. 2012-12-19 02:48:53 +01:00			`* @throws NotFoundException`
			`*`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`* @return void`
			`*/`
			`public function admin_delete($id = null) {`
AdminCrud use of the AdminCrud component. 2013-01-04 15:49:52 +01:00			`$this->AdminCrud->adminDelete($id);`
DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00			`}`
Org admin privileges Added restrictions for org admins and regular users to be able to see regexp/whitelist/blacklist information without being able to edit them. Org admins can also see the roles but not edit them. 2013-01-28 11:44:09 +01:00
			`/**`
			`* index method`
			`*`
			`* @return void`
			`*/`
			`public function index() {`
			`$this->recursive = 0;`
Update to the roles and user filtering - new role permission added for SG editors - roles reworked, permissions all looked up centrally from the role model instead of code replication across controllers and views - user filtering now correctly uses organisation objects instead of org strings 2015-04-07 14:47:14 +02:00			`$this->set('permFlags', $this->Role->permFlags);`
fix sanitization in Roles #96 2013-04-24 15:24:39 +02:00			`$this->set('list', $this->paginate());`
Org admin privileges Added restrictions for org admins and regular users to be able to see regexp/whitelist/blacklist information without being able to edit them. Org admins can also see the roles but not edit them. 2013-01-28 11:44:09 +01:00			`$this->set('options', $this->options);`
			`}`
Roles controller Jquery helper added For some reason I needed it 2013-01-22 16:15:32 +01:00			`}`