2012-03-15 15:06:45 +01:00
< ? php
/**
* Application level Controller
*
* This file is application - wide controller file . You can put all
* application - wide controller - related methods here .
*
* PHP 5
*
* CakePHP ( tm ) : Rapid Development Framework ( http :// cakephp . org )
* Copyright 2005 - 2011 , Cake Software Foundation , Inc . ( http :// cakefoundation . org )
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice .
*
* @ copyright Copyright 2005 - 2011 , Cake Software Foundation , Inc . ( http :// cakefoundation . org )
* @ link http :// cakephp . org CakePHP ( tm ) Project
* @ package app . Controller
* @ since CakePHP ( tm ) v 0.2 . 9
* @ license MIT License ( http :// www . opensource . org / licenses / mit - license . php )
*/
2012-06-08 16:57:10 +02:00
// TODO GPG encryption has issues when keys are expired
2012-03-15 15:06:45 +01:00
App :: uses ( 'Controller' , 'Controller' );
App :: uses ( 'Sanitize' , 'Utility' );
/**
* Application Controller
*
* Add your application - wide methods in the class below , your controllers
* will inherit them .
*
* @ package app . Controller
* @ link http :// book . cakephp . org / 2.0 / en / controllers . html #the-app-controller
*/
class AppController extends Controller {
2012-03-26 19:56:44 +02:00
2012-03-15 15:06:45 +01:00
public $components = array (
2012-06-28 17:24:12 +02:00
'Acl' , // TODO XXX remove
2012-03-15 15:06:45 +01:00
'Session' ,
'Auth' => array (
2012-06-06 11:00:02 +02:00
'className' => 'SecureAuth' ,
2012-03-15 15:06:45 +01:00
'authenticate' => array (
'Form' => array (
'fields' => array ( 'username' => 'email' )
)
),
2012-06-06 11:00:02 +02:00
'authError' => 'Did you really think you are allowed to see that?' ,
2012-03-15 15:06:45 +01:00
'loginRedirect' => array ( 'controller' => 'users' , 'action' => 'routeafterlogin' ),
'logoutRedirect' => array ( 'controller' => 'users' , 'action' => 'login' ),
2012-06-28 17:24:12 +02:00
'authorize' => array ( 'Controller' , // Added this line
'Actions' => array ( 'actionPath' => 'controllers' )) // TODO ACL, 4: tell actionPath
2012-03-15 15:06:45 +01:00
)
);
2012-03-26 19:56:44 +02:00
2012-03-15 15:06:45 +01:00
public function isAuthorized ( $user ) {
2012-03-27 09:31:41 +02:00
if ( self :: _isAdmin ()) {
2012-03-20 14:57:52 +01:00
return true ; // admin can access every action on every controller
2012-03-15 15:06:45 +01:00
}
return false ; // The rest don't
}
2012-03-26 19:56:44 +02:00
2012-03-15 15:06:45 +01:00
function beforeFilter () {
2012-04-07 08:31:01 +02:00
// REST things
2012-04-10 15:47:42 +02:00
if ( $this -> _isRest ()) {
2012-04-07 08:31:01 +02:00
// disable CSRF for REST access
2012-05-04 14:47:50 +02:00
if ( array_key_exists ( 'Security' , $this -> components ))
$this -> Security -> csrfCheck = false ;
2012-04-07 08:31:01 +02:00
// Authenticate user with authkey in Authorization HTTP header
2012-04-10 15:47:42 +02:00
if ( ! empty ( $_SERVER [ 'HTTP_AUTHORIZATION' ])) {
2012-04-06 16:32:33 +02:00
$authkey = $_SERVER [ 'HTTP_AUTHORIZATION' ];
$this -> loadModel ( 'User' );
$params = array (
'conditions' => array ( 'User.authkey' => $authkey ),
'recursive' => 0 ,
);
$user = $this -> User -> find ( 'first' , $params );
2012-03-15 15:06:45 +01:00
2012-04-06 16:32:33 +02:00
if ( $user ) {
// User found in the db, add the user info to the session
$this -> Session -> renew ();
$this -> Session -> write ( AuthComponent :: $sessionKey , $user [ 'User' ]);
} else {
// User not authenticated correctly
// reset the session information
$this -> Session -> destroy ();
2012-06-06 11:00:02 +02:00
throw new ForbiddenException ( 'Incorrect authentication key' );
2012-04-06 16:32:33 +02:00
}
}
}
// These variables are required for every view
$this -> set ( 'me' , $this -> Auth -> user ());
$this -> set ( 'isAdmin' , $this -> _isAdmin ());
2012-06-28 17:24:12 +02:00
// TODO ACL: 5: from Controller to Views
$this -> set ( 'isAclAdd' , $this -> checkAcl ( 'add' ));
$this -> set ( 'isAclModify' , $this -> checkAcl ( 'edit' ));
$this -> set ( 'isAclPublish' , $this -> checkAcl ( 'publish' ));
2012-03-15 15:06:45 +01:00
}
2012-03-26 19:56:44 +02:00
2012-04-10 15:47:42 +02:00
protected function _isRest () {
return ( isset ( $this -> RequestHandler ) && $this -> RequestHandler -> isXml ());
}
2012-03-26 19:56:44 +02:00
2012-03-15 15:06:45 +01:00
/**
2012-03-26 19:56:44 +02:00
* Convert an array to the same array but with the values also as index instead of an interface_exists
*/
2012-03-15 15:06:45 +01:00
function _arrayToValuesIndexArray ( $old_array ) {
$new_array = Array ();
foreach ( $old_array as $value )
$new_array [ $value ] = $value ;
return $new_array ;
}
2012-03-26 19:56:44 +02:00
2012-03-15 15:06:45 +01:00
/**
2012-03-26 19:56:44 +02:00
* checks if the currently logged user is an administrator
*/
2012-03-15 15:06:45 +01:00
public function _isAdmin () {
2012-03-27 09:31:41 +02:00
$org = $this -> Auth -> user ( 'org' );
if ( isset ( $org ) && $org === 'ADMIN' ) {
2012-03-15 15:06:45 +01:00
return true ;
}
return false ;
}
/**
* Refreshes the Auth session with new / updated data
2012-03-26 19:56:44 +02:00
* @ return void
2012-03-15 15:06:45 +01:00
*/
function _refreshAuth () {
if ( isset ( $this -> User )) {
$user = $this -> User -> read ( false , $this -> Auth -> user ( 'id' ));
} else {
$user = ClassRegistry :: init ( 'User' ) -> findById ( $this -> Auth -> user ( 'id' ));
}
$this -> Auth -> login ( $user [ 'User' ]);
}
2012-03-26 19:56:44 +02:00
/**
* Updates the missing fields from v0 . 1 to v0 . 2 of CyDefSIG
2012-03-26 20:25:45 +02:00
* First you will need to manually update the database to the new schema .
2012-04-25 13:17:44 +02:00
* Log in as admin user and
* Then run this function by setting debug = 1 ( or more ) and call / events / migrate01to02
2012-03-26 19:56:44 +02:00
*/
2012-04-25 13:17:44 +02:00
function migrate01to02 () {
2012-06-06 11:00:02 +02:00
if ( ! self :: _isAdmin ()) throw new NotFoundException ();
2012-03-26 19:56:44 +02:00
// generate uuids for events who have no uuid
$this -> loadModel ( 'Event' );
2012-03-26 20:25:45 +02:00
$params = array (
'conditions' => array ( 'Event.uuid' => '' ),
'recursive' => 0 ,
'fields' => array ( 'Event.id' ),
);
$events = $this -> Event -> find ( 'all' , $params );
echo '<p>Generating UUID for events: ' ;
foreach ( $events as $event ) {
$this -> Event -> id = $event [ 'Event' ][ 'id' ];
$this -> Event -> saveField ( 'uuid' , String :: uuid ());
echo $event [ 'Event' ][ 'id' ] . ' ' ;
}
echo " </p> " ;
2012-03-26 19:56:44 +02:00
// generate uuids for attributes who have no uuid
$this -> loadModel ( 'Attribute' );
2012-03-26 20:25:45 +02:00
$params = array (
'conditions' => array ( 'Attribute.uuid' => '' ),
'recursive' => 0 ,
'fields' => array ( 'Attribute.id' ),
);
$attributes = $this -> Attribute -> find ( 'all' , $params );
echo '<p>Generating UUID for attributes: ' ;
foreach ( $attributes as $attribute ) {
$this -> Attribute -> id = $attribute [ 'Attribute' ][ 'id' ];
$this -> Attribute -> saveField ( 'uuid' , String :: uuid ());
echo $attribute [ 'Attribute' ][ 'id' ] . ' ' ;
}
echo " </p> " ;
2012-03-26 19:56:44 +02:00
}
2012-04-25 13:17:44 +02:00
/**
* Updates the missing fields from v0 . 2 to v0 . 2.1 of CyDefSIG
* First you will need to manually update the database to the new schema .
* Log in as admin user and
* Then run this function by setting debug = 1 ( or more ) and call / events / migrate02to021
*/
2012-06-14 11:03:43 +02:00
function _explodeValueToValues () {
// search for composite value1 fields and explode it to value1 and value2
$this -> loadModel ( 'Attribute' );
2012-04-25 13:17:44 +02:00
$params = array (
2012-06-14 11:03:43 +02:00
'conditions' => array (
'OR' => array (
'Attribute.type' => $this -> Attribute -> getCompositeTypes ()
)
),
2012-04-25 13:17:44 +02:00
'recursive' => 0 ,
'fields' => array ( 'Attribute.id' , 'Attribute.value1' ),
);
$attributes = $this -> Attribute -> find ( 'all' , $params );
2012-06-14 11:03:43 +02:00
echo '<h2>Exploding composite fields in 2 columns: </h2><ul>' ;
foreach ( $attributes as $attribute ) {
$pieces = explode ( '|' , $attribute [ 'Attribute' ][ 'value1' ]);
if ( 2 != sizeof ( $pieces )) continue ; // do nothing if not 2 pieces
2012-04-25 13:17:44 +02:00
$this -> Attribute -> id = $attribute [ 'Attribute' ][ 'id' ];
2012-06-14 11:03:43 +02:00
echo '<li>' . $attribute [ 'Attribute' ][ 'id' ] . ' --> ' . $attribute [ 'Attribute' ][ 'value1' ] . ' --> ' . $pieces [ 0 ] . ' --> ' . $pieces [ 1 ] . '</li> ' ;
$this -> Attribute -> saveField ( 'value1' , $pieces [ 0 ]);
$this -> Attribute -> id = $attribute [ 'Attribute' ][ 'id' ];
2012-04-25 13:17:44 +02:00
$this -> Attribute -> saveField ( 'value2' , $pieces [ 1 ]);
}
2012-06-14 11:03:43 +02:00
echo " </ul> DONE. " ;
2012-04-25 13:17:44 +02:00
}
2012-07-04 11:28:40 +02:00
function migrate02to021 () {
if ( ! self :: _isAdmin ()) throw new NotFoundException ();
// search for composite value1 fields and explode it to value1 and value2
$this -> _explodeValueToValues ();
}
2012-06-06 11:00:02 +02:00
function migrate021to022 () {
if ( ! self :: _isAdmin ()) throw new NotFoundException ();
// replace description by comment
// replace empty category
// not easy as we have to guess the category from the type
2012-07-04 11:28:40 +02:00
//$this->loadModel('Attribute');
// $params = array(
// 'conditions' => array('Attribute.type' => ''),
// 'recursive' => 0,
// 'fields' => array('Attribute.id'),
// );
// $attributes = $this->Attribute->find('all', $params);
// echo '<p>Replacing empty categories by OtherExploding composite fields in 2 columns: </p><ul>';
// foreach ($attributes as $attribute) {
// $pieces = explode('|', $attribute['Attribute']['value1']);
// if (2 != sizeof($pieces)) continue; // do nothing if not 2 pieces
// $this->Attribute->id = $attribute['Attribute']['id'];
// echo '<li>'.$attribute['Attribute']['id'].' --> '.$attribute['Attribute']['value1'].' --> '.$pieces[0].' --> '.$pieces[1].'</li> ';
// $this->Attribute->saveField('value1', $pieces[0]);
// $this->Attribute->id = $attribute['Attribute']['id'];
// $this->Attribute->saveField('value2', $pieces[1]);
// }
// echo "</ul> DONE</p>";
2012-06-06 11:00:02 +02:00
// search for incompatible combination of category / type
2012-06-14 11:03:43 +02:00
}
2012-08-03 12:00:16 +02:00
function migratemisp02to10 () {
2012-06-14 11:03:43 +02:00
if ( ! self :: _isAdmin ()) throw new NotFoundException ();
// add missing columns, rename other columns
$queries = array (
// ATTRIBUTES
// rename value to value1
" ALTER TABLE `attributes` CHANGE `value` `value1` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL "
// add value2
, " ALTER TABLE `attributes` ADD `value2` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL AFTER `value1` "
// fix the keys
, " ALTER TABLE `attributes` DROP INDEX `uuid`; "
, " ALTER TABLE `attributes` ADD INDEX `value1_key` ( `value1` ( 5 ) ) ; "
, " ALTER TABLE `attributes` ADD INDEX `value2_key` ( `value2` ( 5 ) ) ; "
// EVENTS
// remove useless things
, " ALTER TABLE `events` DROP `user_id` "
, " ALTER TABLE `events` DROP `alerted` "
, " ALTER TABLE `events` ADD `revision` INT( 10 ) NOT NULL DEFAULT '0' AFTER `uuid` "
// fix the keys
, " ALTER TABLE events DROP INDEX uuid "
, " ALTER TABLE events DROP INDEX info "
// SERVERS
// rename lastfetchedid to lastpushedid
, " ALTER TABLE `servers` CHANGE `lastfetchedid` `lastpushedid` INT( 11 ) NOT NULL "
// add lastpulledid
, " ALTER TABLE `servers` ADD `lastpulledid` INT( 11 ) NOT NULL AFTER `lastpushedid` "
// USERS
// fix keys
, " ALTER TABLE `users` DROP INDEX `username` "
, " ALTER TABLE `users` ADD INDEX `email` ( `email` ) "
);
// execute the queries
foreach ( $queries as & $query ) {
$result = $this -> { $this -> modelClass } -> query ( $query );
}
2012-07-19 14:52:27 +02:00
}
2012-08-03 12:00:16 +02:00
function migratemisp10to11 () {
2012-07-19 14:52:27 +02:00
if ( ! self :: _isAdmin ()) throw new NotFoundException ();
2012-06-14 11:03:43 +02:00
2012-07-19 14:52:27 +02:00
// add missing columns, rename other columns
$queries = array (
// EVENTS
// bring user_id back in
" ALTER TABLE `events` ADD `user_id` INT( 11 ) NOT NULL AFTER `info` "
);
// execute the queries
foreach ( $queries as & $query ) {
$result = $this -> { $this -> modelClass } -> query ( $query );
2012-06-14 11:03:43 +02:00
2012-07-19 14:52:27 +02:00
}
2012-08-03 12:00:16 +02:00
}
function generateCorrelation () {
if ( ! self :: _isAdmin ()) throw new NotFoundException ();
$this -> loadModel ( 'Correlation' );
$this -> loadModel ( 'Attribute' );
$fields = array ( 'Attribute.id' , 'Attribute.event_id' , 'Event.date' );
// get all attributes..
$attributes = $this -> Attribute -> find ( 'all' , array ( 'recursive' => 0 ));
// for all attributes..
foreach ( $attributes as $attribute ) {
$this -> Attribute -> setRelatedAttributes ( $attribute [ 'Attribute' ], $fields = array ());
// // i want to keep this in repo for a moment
// $relatedAttributes = $this->Attribute->getRelatedAttributes($attribute['Attribute'], $fields);
// if ($relatedAttributes) {
// foreach ($relatedAttributes as $relatedAttribute) {
// // // and store into table
// $this->Correlation->create();
// $this->Correlation->save(array('Correlation' => array(
// '1_event_id' => $attribute['Attribute']['event_id'], '1_attribute_id' => $attribute['Attribute']['id'],
// 'event_id' => $relatedAttribute['Attribute']['event_id'], 'attribute_id' => $relatedAttribute['Attribute']['id'],
// 'date' => $relatedAttribute['Event']['date'])));
// }
// }
}
2012-06-06 11:00:02 +02:00
}
2012-06-28 17:24:12 +02:00
// TODO ACL, 6b: check on Group and per Model (not used)
function checkAccess () {
$aco = ucfirst ( $this -> params [ 'controller' ]);
$user = ClassRegistry :: init ( 'User' ) -> findById ( $this -> Auth -> user ( 'id' ));
return $this -> Acl -> check ( $user , 'controllers/' . $aco , '*' );
}
// TODO ACL, 6: check on Group and any Model
function checkAcl ( $action ) {
$aco = 'Events' ; // TODO ACL was 'Attributes'
$user = ClassRegistry :: init ( 'User' ) -> findById ( $this -> Auth -> user ( 'id' ));
// TODO ACL, CHECK, below if indicates some wrong: Fatal error: Call to a member function check() on a non-object in /var/www/cydefsig/app/Controller/AppController.php on line 289
if ( $this -> Acl ) return $this -> Acl -> check ( $user , 'controllers/' . $aco . '/' . $action , '*' );
else return true ;
}
2012-03-15 15:06:45 +01:00
}