2013-01-28 09:32:01 +01:00
< ? php
App :: uses ( 'AppController' , 'Controller' );
/**
* Logs Controller
*
* @ property Log $Log
*/
class LogsController extends AppController {
public $components = array (
'Security' ,
'RequestHandler' ,
'AdminCrud' => array (
'crud' => array ( 'index' )
)
);
public $paginate = array (
'limit' => 60 ,
'order' => array (
'Log.id' => 'DESC'
)
);
public function beforeFilter () {
parent :: beforeFilter ();
// permit reuse of CSRF tokens on the search page.
2014-02-10 00:29:46 +01:00
if ( 'search' == $this -> request -> params [ 'action' ]) {
2013-01-28 09:32:01 +01:00
$this -> Security -> csrfUseOnce = false ;
}
}
/**
* admin_index method
*
* @ return void
*/
public function admin_index () {
2013-06-27 17:57:33 +02:00
if ( ! $this -> userRole [ 'perm_audit' ]) $this -> redirect ( array ( 'controller' => 'events' , 'action' => 'index' , 'admin' => false ));
2013-01-28 09:32:01 +01:00
$this -> set ( 'isSearch' , 0 );
2016-05-15 19:50:12 +02:00
$this -> recursive = 0 ;
$validFilters = $this -> Log -> logMeta ;
if ( ! $this -> _isSiteAdmin ()) {
2013-01-25 11:21:39 +01:00
$orgRestriction = null ;
$orgRestriction = $this -> Auth -> user ( 'org' );
2013-01-28 09:32:01 +01:00
$conditions [ 'Log.org LIKE' ] = '%' . $orgRestriction . '%' ;
2013-01-25 11:21:39 +01:00
$this -> paginate = array (
2012-12-18 04:54:31 +01:00
'limit' => 60 ,
2013-05-31 17:38:46 +02:00
'conditions' => $conditions ,
'order' => array ( 'Log.id' => 'DESC' )
2013-01-25 11:21:39 +01:00
);
2016-05-15 19:50:12 +02:00
} else {
$validFilters = array_merge_recursive ( $validFilters , $this -> Log -> logMetaAdmin );
}
if ( isset ( $this -> params [ 'named' ][ 'filter' ]) && in_array ( $this -> params [ 'named' ][ 'filter' ], array_keys ( $validFilters ))) {
$this -> paginate [ 'conditions' ][ 'Log.action' ] = $validFilters [ $this -> params [ 'named' ][ 'filter' ]][ 'values' ];
2013-01-28 09:32:01 +01:00
}
2016-05-15 19:50:12 +02:00
$this -> set ( 'validFilters' , $validFilters );
$this -> set ( 'filter' , isset ( $this -> params [ 'named' ][ 'filter' ]) ? $this -> params [ 'named' ][ 'filter' ] : false );
$this -> set ( 'list' , $this -> paginate ());
2013-01-28 09:32:01 +01:00
}
2013-06-18 12:27:59 +02:00
// Shows a minimalistic history for the currently selected event
2014-02-05 13:45:18 +01:00
public function event_index ( $id , $org = null ) {
2013-06-18 12:27:59 +02:00
// check if the user has access to this event...
$mayModify = false ;
$mineOrAdmin = false ;
2013-06-26 17:20:56 +02:00
$this -> loadModel ( 'Event' );
$this -> Event -> recursive = - 1 ;
$this -> Event -> read ( null , $id );
2013-06-18 12:27:59 +02:00
// send unauthorised people away. Only site admins and users of the same org may see events that are "your org only". Everyone else can proceed for all other levels of distribution
2013-10-03 11:45:27 +02:00
if ( ! $this -> _isSiteAdmin ()) {
2015-04-10 15:23:53 +02:00
if ( ! $this -> Event -> checkIfAuthorised ( $this -> Auth -> user (), $id )) {
$this -> Session -> setFlash ( __ ( 'You don\'t have access to view this event.' ));
$this -> redirect ( array ( 'controller' => 'events' , 'action' => 'index' , 'admin' => false ));
}
2015-04-14 17:51:38 +02:00
if ( $this -> Event -> data [ 'Event' ][ 'org_id' ] == $this -> Auth -> user ( 'org_id' )) {
2015-04-10 15:23:53 +02:00
$mineOrAdmin = true ;
2013-06-18 12:27:59 +02:00
}
} else {
$mineOrAdmin = true ;
}
2013-06-26 17:20:56 +02:00
$this -> set ( 'published' , $this -> Event -> data [ 'Event' ][ 'published' ]);
2013-06-27 17:57:33 +02:00
if ( $mineOrAdmin && $this -> userRole [ 'perm_modify' ]) $mayModify = true ;
2014-01-28 16:27:58 +01:00
2013-06-18 12:27:59 +02:00
$conditions [ 'OR' ][] = array ( 'AND' => array ( 'Log.model LIKE' => 'Event' , 'Log.model_id LIKE' => $id ));
2014-02-26 14:14:59 +01:00
if ( $org ) $conditions [ 'AND' ][] = array ( 'Log.org LIKE' => $org , 'Log.model LIKE' => 'ShadowAttribute' );
2014-01-28 16:27:58 +01:00
// if we are not the owners of the event and we aren't site admins, then we should only see the entries for attributes that are not private
// This means that we will not be able to see deleted attributes - since those could have been private
if ( ! $mayModify ) {
2015-12-13 21:28:10 +01:00
$sgs = $this -> Event -> SharingGroup -> fetchAllAuthorised ( $this -> Auth -> user ());
2016-05-20 19:00:03 +02:00
// get a list of the attributes that belong to the event
2014-01-28 16:27:58 +01:00
$this -> loadModel ( 'Attribute' );
$this -> Attribute -> recursive = - 1 ;
$attributes = $this -> Attribute -> find ( 'all' , array (
'conditions' => array ( 'event_id' => $id ),
2015-12-13 21:28:10 +01:00
'fields' => array ( 'id' , 'event_id' , 'distribution' , 'sharing_group_id' ),
2014-01-28 16:27:58 +01:00
'contain' => 'Event.distribution'
));
// get a list of all log entries that affect the current event or any of the attributes found above
$conditions [ 'OR' ][] = array ( 'AND' => array ( 'Log.model LIKE' => 'Attribute' ));
// set a condition for the attribute, otherwise an empty event will show all attributes in the log
$conditions [ 'OR' ][ 1 ][ 'AND' ][ 'OR' ][ 0 ] = array ( 'Log.model_id LIKE' => null );
foreach ( $attributes as $a ) {
// Hop over the attributes that are private if the user should is not of the same org and not an admin
2015-12-13 21:28:10 +01:00
if ( $mineOrAdmin || ( $a [ 'Event' ][ 'distribution' ] != 0 && ( $a [ 'Attribute' ][ 'distribution' ] != 0 && ( $a [ 'Attribute' ][ 'distribution' ] != 4 || in_array ( $a [ 'Attribute' ][ 'sharing_group_id' ] , $sgs ))))) {
2014-01-28 16:27:58 +01:00
$conditions [ 'OR' ][ 1 ][ 'AND' ][ 'OR' ][] = array ( 'Log.model_id LIKE' => $a [ 'Attribute' ][ 'id' ]);
}
2013-06-18 12:27:59 +02:00
}
2014-01-28 16:27:58 +01:00
} else {
$conditions [ 'OR' ][] = array ( 'AND' => array ( 'Log.model LIKE' => 'Attribute' , 'Log.title LIKE' => '%Event (' . $id . ')%' ));
2013-06-18 12:27:59 +02:00
}
2014-01-28 16:27:58 +01:00
$conditions [ 'OR' ][] = array ( 'AND' => array ( 'Log.model LIKE' => 'ShadowAttribute' , 'Log.title LIKE' => '%Event (' . $id . ')%' ));
$fieldList = array ( 'title' , 'created' , 'model' , 'model_id' , 'action' , 'change' , 'org' );
2013-06-18 12:27:59 +02:00
$this -> paginate = array (
'limit' => 60 ,
'conditions' => $conditions ,
'order' => array ( 'Log.id' => 'DESC' ),
'fields' => $fieldList
);
2014-01-06 05:15:47 +01:00
$this -> set ( 'event' , $this -> Event -> data );
2013-06-18 12:27:59 +02:00
$this -> set ( 'list' , $this -> paginate ());
$this -> set ( 'eventId' , $id );
$this -> set ( 'mayModify' , $mayModify );
}
2013-03-11 13:12:48 +01:00
public $helpers = array ( 'Js' => array ( 'Jquery' ), 'Highlight' );
2013-01-28 09:32:01 +01:00
2016-01-12 19:49:01 +01:00
public function admin_search ( $new = false ) {
2013-06-27 17:57:33 +02:00
if ( ! $this -> userRole [ 'perm_audit' ]) $this -> redirect ( array ( 'controller' => 'events' , 'action' => 'index' , 'admin' => false ));
2013-01-28 09:32:01 +01:00
$orgRestriction = null ;
2013-10-03 11:45:27 +02:00
if ( $this -> _isSiteAdmin ()) {
2013-01-28 09:32:01 +01:00
$orgRestriction = false ;
2013-01-28 09:42:20 +01:00
} else {
2013-01-28 09:32:01 +01:00
$orgRestriction = $this -> Auth -> user ( 'org' );
}
$this -> set ( 'orgRestriction' , $orgRestriction );
2016-05-15 19:50:12 +02:00
$validFilters = $this -> Log -> logMeta ;
if ( $this -> _isSiteAdmin ()) $validFilters = array_merge_recursive ( $validFilters , $this -> Log -> logMetaAdmin );
$this -> set ( 'validFilters' , $validFilters );
$this -> set ( 'filters' , false );
2016-01-12 19:49:01 +01:00
if ( $new !== false ) {
2013-01-28 09:32:01 +01:00
$this -> set ( 'actionDefinitions' , $this -> { $this -> defaultModel } -> actionDefinitions );
// reset the paginate_conditions
$this -> Session -> write ( 'paginate_conditions_log' , array ());
2016-01-12 19:49:01 +01:00
if ( $this -> request -> is ( 'post' )) { // FIXME remove this crap check
2016-02-25 13:52:49 +01:00
$filters [ 'email' ] = $this -> request -> data [ 'Log' ][ 'email' ];
2013-01-28 09:42:20 +01:00
if ( ! $orgRestriction ) {
2016-02-25 13:52:49 +01:00
$filters [ 'org' ] = $this -> request -> data [ 'Log' ][ 'org' ];
2013-01-28 09:42:20 +01:00
} else {
2016-02-25 13:52:49 +01:00
$filters [ 'org' ] = $this -> Auth -> user ( 'org' );
2013-01-28 09:32:01 +01:00
}
2016-02-25 13:52:49 +01:00
$filters [ 'action' ] = $this -> request -> data [ 'Log' ][ 'action' ];
$filters [ 'model' ] = $this -> request -> data [ 'Log' ][ 'model' ];
$filters [ 'model_id' ] = $this -> request -> data [ 'Log' ][ 'model_id' ];
$filters [ 'title' ] = $this -> request -> data [ 'Log' ][ 'title' ];
$filters [ 'change' ] = $this -> request -> data [ 'Log' ][ 'change' ];
if ( Configure :: read ( 'MISP.log_client_ip' )) $filters [ 'ip' ] = $this -> request -> data [ 'Log' ][ 'ip' ];
2013-01-28 09:32:01 +01:00
// for info on what was searched for
2016-02-25 13:52:49 +01:00
$this -> set ( 'emailSearch' , $filters [ 'email' ]);
$this -> set ( 'orgSearch' , $filters [ 'org' ]);
$this -> set ( 'actionSearch' , $filters [ 'action' ]);
$this -> set ( 'modelSearch' , $filters [ 'model' ]);
$this -> set ( 'model_idSearch' , $filters [ 'model_id' ]);
$this -> set ( 'titleSearch' , $filters [ 'title' ]);
$this -> set ( 'changeSearch' , $filters [ 'change' ]);
if ( Configure :: read ( 'MISP.log_client_ip' )) $this -> set ( 'ipSearch' , $filters [ 'ip' ]);
2013-01-28 09:32:01 +01:00
$this -> set ( 'isSearch' , 1 );
// search the db
2016-02-25 13:52:49 +01:00
$conditions = $this -> __buildSearchConditions ( $filters );
2013-01-28 09:32:01 +01:00
$this -> { $this -> defaultModel } -> recursive = 0 ;
$this -> paginate = array (
'limit' => 60 ,
2013-05-31 17:38:46 +02:00
'conditions' => $conditions ,
'order' => array ( 'Log.id' => 'DESC' )
2013-01-28 09:32:01 +01:00
);
2013-04-22 16:39:47 +02:00
$this -> set ( 'list' , $this -> paginate ());
2013-01-28 09:32:01 +01:00
// and store into session
$this -> Session -> write ( 'paginate_conditions_log' , $this -> paginate );
2016-02-25 13:52:49 +01:00
$this -> Session -> write ( 'paginate_conditions_log_email' , $filters [ 'email' ]);
$this -> Session -> write ( 'paginate_conditions_log_org' , $filters [ 'org' ]);
$this -> Session -> write ( 'paginate_conditions_log_action' , $filters [ 'action' ]);
$this -> Session -> write ( 'paginate_conditions_log_model' , $filters [ 'model' ]);
$this -> Session -> write ( 'paginate_conditions_log_model_id' , $filters [ 'model_id' ]);
$this -> Session -> write ( 'paginate_conditions_log_title' , $filters [ 'title' ]);
$this -> Session -> write ( 'paginate_conditions_log_change' , $filters [ 'change' ]);
if ( Configure :: read ( 'MISP.log_client_ip' )) $this -> Session -> write ( 'paginate_conditions_log_ip' , $filters [ 'ip' ]);
2013-01-28 09:32:01 +01:00
// set the same view as the index page
$this -> render ( 'admin_index' );
} else {
2016-01-12 19:49:01 +01:00
// get from Session
2016-02-25 13:52:49 +01:00
$filters [ 'email' ] = $this -> Session -> read ( 'paginate_conditions_log_email' );
$filters [ 'org' ] = $this -> Session -> read ( 'paginate_conditions_log_org' );
$filters [ 'action' ] = $this -> Session -> read ( 'paginate_conditions_log_action' );
$filters [ 'model' ] = $this -> Session -> read ( 'paginate_conditions_log_model' );
$filters [ 'model_id' ] = $this -> Session -> read ( 'paginate_conditions_log_model_id' );
$filters [ 'title' ] = $this -> Session -> read ( 'paginate_conditions_log_title' );
$filters [ 'change' ] = $this -> Session -> read ( 'paginate_conditions_log_change' );
if ( Configure :: read ( 'MISP.log_client_ip' )) $filters [ 'ip' ] = $this -> Session -> read ( 'paginate_conditions_log_ip' );
2016-01-12 19:49:01 +01:00
// for info on what was searched for
2016-02-25 13:52:49 +01:00
$this -> set ( 'emailSearch' , $filters [ 'email' ]);
$this -> set ( 'orgSearch' , $filters [ 'org' ]);
$this -> set ( 'actionSearch' , $filters [ 'action' ]);
$this -> set ( 'modelSearch' , $filters [ 'model' ]);
$this -> set ( 'model_idSearch' , $filters [ 'model_id' ]);
$this -> set ( 'titleSearch' , $filters [ 'title' ]);
$this -> set ( 'changeSearch' , $filters [ 'change' ]);
if ( Configure :: read ( 'MISP.log_client_ip' )) $this -> set ( 'ipSearch' , $filters [ 'ip' ]);
2016-01-12 19:49:01 +01:00
$this -> set ( 'isSearch' , 1 );
// re-get pagination
$this -> { $this -> defaultModel } -> recursive = 0 ;
$this -> paginate = $this -> Session -> read ( 'paginate_conditions_log' );
2016-02-25 13:29:20 +01:00
if ( ! isset ( $this -> paginate [ 'order' ])) $this -> paginate [ 'order' ] = array ( 'Log.id' => 'DESC' );
2016-02-25 13:52:49 +01:00
$conditions = $this -> __buildSearchConditions ( $filters );
$this -> paginate [ 'conditions' ] = $conditions ;
2016-01-12 19:49:01 +01:00
$this -> set ( 'list' , $this -> paginate ());
// set the same view as the index page
$this -> render ( 'admin_index' );
2013-01-28 09:32:01 +01:00
}
} else {
2016-01-12 19:49:01 +01:00
// no search keyword is given, show the search form
// combobox for actions
$actions = array ( '' => array ( 'ALL' => 'ALL' ), 'actions' => array ());
$actions [ 'actions' ] = array_merge ( $actions [ 'actions' ], $this -> _arrayToValuesIndexArray ( $this -> { $this -> defaultModel } -> validate [ 'action' ][ 'rule' ][ 1 ]));
$this -> set ( 'actions' , $actions );
2016-01-13 08:40:18 +01:00
// combobox for models
2016-01-13 08:36:14 +01:00
$models = array ( 'Attribute' , 'Event' , 'EventBlacklist' , 'EventTag' , 'Organisation' , 'Post' , 'Regexp' , 'Role' , 'Server' , 'ShadowAttribute' , 'SharingGroup' , 'Tag' , 'Task' , 'Taxonomy' , 'Template' , 'Thread' , 'User' , 'Whitelist' );
2016-01-13 08:40:18 +01:00
$existing_models = $this -> Log -> find ( 'list' , array (
2016-05-23 11:16:13 +02:00
'recursive' => - 1 ,
'conditions' => array ( 'Log.model !=' => '' ),
'fields' => array ( 'Log.model' , 'Log.model' ),
'group' => array ( 'Log.model' ),
2016-01-13 08:40:18 +01:00
));
$models = array_intersect ( $models , $existing_models );
2016-01-13 08:36:14 +01:00
$models = array ( '' => 'ALL' ) + $this -> _arrayToValuesIndexArray ( $models );
2016-01-12 19:49:01 +01:00
$this -> set ( 'models' , $models );
2013-01-28 09:32:01 +01:00
$this -> set ( 'actionDefinitions' , $this -> { $this -> defaultModel } -> actionDefinitions );
}
}
2014-01-09 10:04:53 +01:00
2016-02-25 13:52:49 +01:00
private function __buildSearchConditions ( $filters ) {
$conditions = array ();
if ( isset ( $filters [ 'email' ]) && ! empty ( $filters [ 'email' ])) {
$conditions [ 'LOWER(Log.email) LIKE' ] = '%' . strtolower ( $filters [ 'email' ]) . '%' ;
}
if ( isset ( $filters [ 'org' ]) && ! empty ( $filters [ 'org' ])) {
$conditions [ 'LOWER(Log.org) LIKE' ] = '%' . strtolower ( $filters [ 'org' ]) . '%' ;
}
if ( $filters [ 'action' ] != 'ALL' ) {
$conditions [ 'Log.action' ] = $filters [ 'action' ];
}
if ( $filters [ 'model' ] != '' ) {
$conditions [ 'Log.model' ] = $filters [ 'model' ];
}
if ( $filters [ 'model_id' ] != '' ) {
$conditions [ 'Log.model_id' ] = $filters [ 'model_id' ];
}
if ( isset ( $filters [ 'title' ]) && ! empty ( $filters [ 'title' ])) {
$conditions [ 'LOWER(Log.title) LIKE' ] = '%' . strtolower ( $filters [ 'title' ]) . '%' ;
}
if ( isset ( $filters [ 'change' ]) && ! empty ( $filters [ 'change' ])) {
$conditions [ 'LOWER(Log.change) LIKE' ] = '%' . strtolower ( $filters [ 'change' ]) . '%' ;
}
if ( Configure :: read ( 'MISP.log_client_ip' ) && isset ( $filters [ 'ip' ]) && ! empty ( $filters [ 'ip' ])) {
$conditions [ 'Log.ip LIKE' ] = '%' . $filters [ 'ip' ] . '%' ;
}
return $conditions ;
}
2014-02-05 13:45:18 +01:00
public function returnDates ( $org = 'all' ) {
$data = $this -> Log -> returnDates ( $org );
2014-01-09 10:04:53 +01:00
$this -> set ( 'data' , $data );
$this -> set ( '_serialize' , 'data' );
}
2013-01-28 09:32:01 +01:00
}