2015-02-23 11:33:38 +01:00
< ? php
App :: uses ( 'AppController' , 'Controller' );
class SharingGroupsController extends AppController {
public $components = array ( 'Session' , 'RequestHandler' );
2016-06-04 01:08:16 +02:00
2015-02-23 11:33:38 +01:00
public function beforeFilter () {
parent :: beforeFilter ();
if ( ! empty ( $this -> request -> params [ 'admin' ]) && ! $this -> _isSiteAdmin ()) $this -> redirect ( '/' );
2015-04-07 00:24:44 +02:00
$sgs = $this -> SharingGroup -> fetchAllAuthorised ( $this -> Auth -> user ());
$this -> paginate = Set :: merge ( $this -> paginate , array ( 'conditions' => array ( 'SharingGroup.id' => $sgs )));
2015-02-23 11:33:38 +01:00
}
2016-06-04 01:08:16 +02:00
2015-02-23 11:33:38 +01:00
public $paginate = array (
'limit' => 60 ,
'maxLimit' => 9999 , // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
'order' => array (
'SharingGroup.name' => 'ASC'
),
2016-03-23 19:58:14 +01:00
'fields' => array ( 'SharingGroup.id' , 'SharingGroup.name' , 'SharingGroup.description' , 'SharingGroup.releasability' , 'SharingGroup.local' , 'SharingGroup.active' ),
'contain' => array (
'SharingGroupOrg' => array (
'Organisation' => array ( 'fields' => array ( 'Organisation.name' , 'Organisation.id' , 'Organisation.uuid' ))
),
'Organisation' => array (
'fields' => array ( 'Organisation.id' , 'Organisation.name' , 'Organisation.uuid' ),
),
'SharingGroupServer' => array (
'fields' => array ( 'SharingGroupServer.all_orgs' ),
'Server' => array (
'fields' => array ( 'Server.name' , 'Server.id' )
)
)
),
2015-02-23 11:33:38 +01:00
);
2016-06-04 01:08:16 +02:00
2015-02-23 11:33:38 +01:00
public function add () {
2015-11-14 17:27:06 +01:00
if ( ! $this -> userRole [ 'perm_sharing_group' ]) throw new MethodNotAllowedException ( 'You don\'t have the required privileges to do that.' );
2015-02-23 11:33:38 +01:00
if ( $this -> request -> is ( 'post' )) {
2015-04-07 00:24:44 +02:00
$json = json_decode ( $this -> request -> data [ 'SharingGroup' ][ 'json' ], true );
2015-02-23 11:33:38 +01:00
$this -> SharingGroup -> create ();
2015-04-07 00:24:44 +02:00
$sg = $json [ 'sharingGroup' ];
$sg [ 'organisation_uuid' ] = $this -> Auth -> user ( 'Organisation' )[ 'uuid' ];
2015-04-27 00:44:28 +02:00
$sg [ 'local' ] = 1 ;
2015-04-20 11:46:55 +02:00
$sg [ 'org_id' ] = $this -> Auth -> user ( 'org_id' );
2015-02-23 11:33:38 +01:00
$this -> request -> data [ 'SharingGroup' ][ 'organisation_uuid' ] = $this -> Auth -> user ( 'Organisation' )[ 'uuid' ];
2015-04-07 00:24:44 +02:00
if ( $this -> SharingGroup -> save ( array ( 'SharingGroup' => $sg ))) {
foreach ( $json [ 'organisations' ] as $org ) {
$this -> SharingGroup -> SharingGroupOrg -> create ();
$this -> SharingGroup -> SharingGroupOrg -> save ( array (
'sharing_group_id' => $this -> SharingGroup -> id ,
2015-04-14 17:51:38 +02:00
'org_id' => $org [ 'id' ],
2015-04-07 00:24:44 +02:00
'extend' => $org [ 'extend' ]
));
2015-02-23 11:33:38 +01:00
}
2015-04-26 10:15:02 +02:00
if ( $json [ 'sharingGroup' ][ 'limitServers' ]) {
foreach ( $json [ 'servers' ] as $server ) {
$this -> SharingGroup -> SharingGroupServer -> create ();
$this -> SharingGroup -> SharingGroupServer -> save ( array (
'sharing_group_id' => $this -> SharingGroup -> id ,
'server_id' => $server [ 'id' ],
'all_orgs' => $server [ 'all_orgs' ]
));
}
2015-04-07 00:24:44 +02:00
}
$this -> redirect ( '/SharingGroups/view/' . $this -> SharingGroup -> id );
2015-02-23 11:33:38 +01:00
} else {
2015-04-07 00:24:44 +02:00
$validationReplacements = array (
'notempty' => 'This field cannot be left empty.' ,
);
$validationErrors = $this -> SharingGroup -> validationErrors ;
$failedField = array_keys ( $validationErrors )[ 0 ];
$reason = reset ( $this -> SharingGroup -> validationErrors )[ 0 ];
foreach ( $validationReplacements as $k => $vR ) if ( $reason == $k ) $reason = $vR ;
$this -> Session -> setFlash ( 'The sharing group could not be added. ' . ucfirst ( $failedField ) . ': ' . $reason );
2015-02-23 11:33:38 +01:00
}
}
2015-04-07 00:24:44 +02:00
$orgs = $this -> SharingGroup -> Organisation -> find ( 'all' , array (
'conditions' => array ( 'local' => 1 ),
'recursive' => - 1 ,
'fields' => array ( 'id' , 'name' )
));
$this -> set ( 'orgs' , $orgs );
$this -> set ( 'localInstance' , Configure :: read ( 'MISP.baseurl' ));
// We just pass true and allow the user to edit, since he/she is just about to create the SG. This is needed to reuse the view for the edit
$this -> set ( 'user' , $this -> Auth -> user ());
2015-02-23 11:33:38 +01:00
}
2016-06-04 01:08:16 +02:00
2015-02-23 11:33:38 +01:00
public function edit ( $id ) {
2015-11-14 17:27:06 +01:00
if ( ! $this -> userRole [ 'perm_sharing_group' ]) throw new MethodNotAllowedException ( 'You don\'t have the required privileges to do that.' );
2015-04-07 00:24:44 +02:00
// add check for perm_sharing_group
2015-02-23 11:33:38 +01:00
$this -> SharingGroup -> id = $id ;
2015-04-07 00:24:44 +02:00
if ( ! $this -> SharingGroup -> exists ()) throw new NotFoundException ( 'Invalid sharing group.' );
2015-04-18 07:53:18 +02:00
if ( ! $this -> _isSiteAdmin () && ! $this -> SharingGroup -> checkIfAuthorisedExtend ( $this -> Auth -> user (), $id )) throw new MethodNotAllowedException ( 'Action not allowed.' );
2016-06-04 01:08:16 +02:00
2015-04-07 00:24:44 +02:00
// check if the user is eligible to edit the SG (original creator or extend)
$sharingGroup = $this -> SharingGroup -> find ( 'first' , array (
'conditions' => array ( 'SharingGroup.id' => $id ),
'recursive' => - 1 ,
'contain' => array (
'SharingGroupOrg' => array (
'Organisation' => array ( 'name' , 'local' , 'id' )
),
'SharingGroupServer' => array (
'Server' => array (
'fields' => array ( 'name' , 'url' , 'id' )
)
),
'Organisation' => array (
'fields' => array ( 'name' , 'local' , 'id' )
),
),
));
if ( $this -> request -> is ( 'post' )) {
$json = json_decode ( $this -> request -> data [ 'SharingGroup' ][ 'json' ], true );
$sg = $json [ 'sharingGroup' ];
2015-04-20 11:46:55 +02:00
$sg [ 'id' ] = $id ;
2016-02-10 23:48:39 +01:00
$fields = array ( 'name' , 'releasability' , 'description' , 'active' , 'limitServers' );
$existingSG = $this -> SharingGroup -> find ( 'first' , array ( 'recursive' => - 1 , 'conditions' => array ( 'SharingGroup.id' => $id )));
foreach ( $fields as $field ) $existingSG [ 'SharingGroup' ][ $field ] = $sg [ $field ];
2016-02-11 14:56:05 +01:00
unset ( $existingSG [ 'SharingGroup' ][ 'modified' ]);
2016-02-10 23:48:39 +01:00
if ( $this -> SharingGroup -> save ( $existingSG )) {
2015-04-20 11:46:55 +02:00
$this -> SharingGroup -> SharingGroupOrg -> updateOrgsForSG ( $id , $json [ 'organisations' ], $sharingGroup [ 'SharingGroupOrg' ], $this -> Auth -> user ());
$this -> SharingGroup -> SharingGroupServer -> updateServersForSG ( $id , $json [ 'servers' ], $sharingGroup [ 'SharingGroupServer' ], $json [ 'sharingGroup' ][ 'limitServers' ], $this -> Auth -> user ());
2015-04-07 00:24:44 +02:00
$this -> redirect ( '/SharingGroups/view/' . $id );
} else {
$validationReplacements = array (
'notempty' => 'This field cannot be left empty.' ,
);
$validationErrors = $this -> SharingGroup -> validationErrors ;
$failedField = array_keys ( $validationErrors )[ 0 ];
$reason = reset ( $this -> SharingGroup -> validationErrors )[ 0 ];
foreach ( $validationReplacements as $k => $vR ) if ( $reason == $k ) $reason = $vR ;
2015-12-09 01:43:54 +01:00
$this -> Session -> setFlash ( 'The sharing group could not be edited. ' . ucfirst ( $failedField ) . ': ' . $reason );
2015-04-07 00:24:44 +02:00
}
2015-02-23 11:33:38 +01:00
}
2015-04-07 00:24:44 +02:00
$orgs = $this -> SharingGroup -> Organisation -> find ( 'all' , array (
'conditions' => array ( 'local' => 1 ),
'recursive' => - 1 ,
'fields' => array ( 'id' , 'name' )
));
$this -> set ( 'sharingGroup' , $sharingGroup );
2015-04-18 07:53:18 +02:00
$this -> set ( 'id' , $id );
2015-04-07 00:24:44 +02:00
$this -> set ( 'orgs' , $orgs );
$this -> set ( 'localInstance' , Configure :: read ( 'MISP.baseurl' ));
// We just pass true and allow the user to edit, since he/she is just about to create the SG. This is needed to reuse the view for the edit
$this -> set ( 'user' , $this -> Auth -> user ());
2015-02-23 11:33:38 +01:00
}
2016-06-04 01:08:16 +02:00
2015-02-23 11:33:38 +01:00
public function delete ( $id ) {
2015-11-14 17:27:06 +01:00
if ( ! $this -> userRole [ 'perm_sharing_group' ]) throw new MethodNotAllowedException ( 'You don\'t have the required privileges to do that.' );
2015-02-23 11:33:38 +01:00
if ( ! $this -> request -> is ( 'post' )) throw new MethodNotAllowedException ( 'Action not allowed, post request expected.' );
2015-04-07 00:24:44 +02:00
if ( ! $this -> SharingGroup -> checkIfOwner ( $this -> Auth -> user (), $id )) throw new MethodNotAllowedException ( 'Action not allowed.' );
2015-04-25 20:49:29 +02:00
$deletedSg = $this -> SharingGroup -> find ( 'first' , array (
'conditions' => array ( 'id' => $id ),
'recursive' => - 1 ,
'fields' => array ( 'active' )
));
if ( $this -> SharingGroup -> delete ( $id )) $this -> Session -> setFlash ( __ ( 'Sharing Group deleted' ));
else $this -> Session -> setFlash ( __ ( 'Sharing Group could not be deleted. Make sure that there are no events, attributes or threads belonging to this sharing group.' ));
if ( $deletedSg [ 'SharingGroup' ][ 'active' ]) $this -> redirect ( '/SharingGroups/index' );
else $this -> redirect ( '/SharingGroups/index/true' );
2015-02-23 11:33:38 +01:00
}
2016-06-04 01:08:16 +02:00
2015-04-25 20:49:29 +02:00
public function index ( $passive = false ) {
if ( $passive === 'true' ) $passive = true ;
if ( $passive === true ) $this -> paginate [ 'conditions' ][] = array ( 'SharingGroup.active' => false );
else $this -> paginate [ 'conditions' ][] = array ( 'SharingGroup.active' => true );
2015-02-23 11:33:38 +01:00
$result = $this -> paginate ();
// check if the current user can modify or delete the SG
foreach ( $result as $k => $sg ) {
2016-03-23 19:58:14 +01:00
if ( $sg [ 'Organisation' ][ 'uuid' ] == $this -> Auth -> user ( 'Organisation' )[ 'uuid' ] && $this -> userRole [ 'perm_sharing_group' ]) {
2015-02-23 11:33:38 +01:00
$result [ $k ][ 'editable' ] = true ;
} else {
$result [ $k ][ 'editable' ] = false ;
2015-04-18 07:53:18 +02:00
if ( ! empty ( $sg [ 'SharingGroupOrg' ])) {
foreach ( $sg [ 'SharingGroupOrg' ] as $sgo ) {
2016-03-13 15:53:47 +01:00
if ( $sgo [ 'org_id' ] == $this -> Auth -> user ( 'org_id' ) && $sgo [ 'extend' ]) $result [ $k ][ 'editable' ] = true ;
2015-04-18 07:53:18 +02:00
}
}
2015-02-23 11:33:38 +01:00
}
}
2015-04-25 20:49:29 +02:00
$this -> set ( 'passive' , $passive );
2016-03-23 19:58:14 +01:00
if ( $this -> _isRest ()) {
$this -> set ( 'response' , $result );
$this -> set ( '_serialize' , array ( 'response' ));
} else {
$this -> set ( 'sharingGroups' , $result );
}
2015-02-23 11:33:38 +01:00
}
2016-06-04 01:08:16 +02:00
2015-02-23 11:33:38 +01:00
public function view ( $id ) {
2015-04-18 07:53:18 +02:00
if ( ! $this -> SharingGroup -> checkIfAuthorised ( $this -> Auth -> user (), $id )) throw new MethodNotAllowedException ( 'Sharing group doesn\'t exist or you do not have permission to access it.' );
2015-02-23 11:33:38 +01:00
$this -> SharingGroup -> id = $id ;
2015-04-19 10:44:24 +02:00
$this -> SharingGroup -> contain ( array ( 'SharingGroupOrg' => array ( 'Organisation' ), 'Organisation' , 'SharingGroupServer' => array ( 'Server' )));
2015-02-23 11:33:38 +01:00
$this -> SharingGroup -> read ();
2015-04-19 10:44:24 +02:00
$sg = $this -> SharingGroup -> data ;
if ( isset ( $sg [ 'SharingGroupServer' ])) {
foreach ( $sg [ 'SharingGroupServer' ] as & $sgs ) {
if ( $sgs [ 'server_id' ] == 0 ) $sgs [ 'Server' ] = array ( 'name' => 'Local instance' , 'url' => Configure :: read ( 'MISP.baseurl' ));
}
}
2015-04-18 07:53:18 +02:00
$this -> set ( 'mayModify' , $this -> SharingGroup -> checkIfAuthorisedExtend ( $this -> Auth -> user (), $id ));
$this -> set ( 'id' , $id );
2015-04-19 10:44:24 +02:00
$this -> set ( 'sg' , $sg );
2015-02-23 11:33:38 +01:00
}
}