MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
MISP/app/Controller/AppController.php

297 lines
10 KiB
PHP
Raw Normal View History

Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00
<?php
/**
* Application level Controller
*
* This file is application-wide controller file. You can put all
* application-wide controller-related methods here.
*
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
CakePHP Update from CakePHP to version 2.2.2 as well as needed patch files.
2012-09-25 15:41:58 +02:00
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
CakePHP Update from CakePHP to version 2.2.2 as well as needed patch files.
2012-09-25 15:41:58 +02:00
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @package app.Controller
* @since CakePHP(tm) v 0.2.9
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00
*/
removed reference to useless user_id. fixed bug where Contact reporter doesn't work when user does not exist (contact reporter now sends mails to all the org)
2012-06-08 16:57:10 +02:00
// TODO GPG encryption has issues when keys are expired
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00
App::uses('Controller', 'Controller');
GFI Sandbox files having size 0 are not md5 summed in CakePHP.
2012-11-14 15:12:19 +01:00
App::uses('File', 'Utility');
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00
/**
* Application Controller
*
* Add your application-wide methods in the class below, your controllers
* will inherit them.
*
CakePHP Update from CakePHP to version 2.2.2 as well as needed patch files.
2012-09-25 15:41:58 +02:00
* @package app.Controller
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00
* @link http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
coding standards Coding Standards.
2012-12-18 17:44:07 +01:00
*
* @throws ForbiddenException // TODO Exception
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00
*/
class AppController extends Controller {
Renamed Signature to Attribute
2012-03-26 19:56:44 +02:00
AdminCrud and coding standard more AdminCrud and coding standard clean up.
2013-01-04 16:48:46 +01:00
public $defaultModel = '';
generateAllFor<FieldName> so we can use an URL like: http://localhost/<TableName>/generateAllFor<FieldName>/newValue/oldValue for example: http://localhost/events/generateAllForAnalysis/0/null http://localhost/users/generateAllForInvitedBy/1/0 http://localhost/users/generateAllForRoleId/1/0
2012-12-18 04:50:52 +01:00
Regexp changes, UI changes - first cleanup of regexp - some changes left off from the UI changes that were not in the views themselves
2013-07-04 15:45:11 +02:00
public $debugMode = false;
generateAllFor<FieldName> so we can use an URL like: http://localhost/<TableName>/generateAllFor<FieldName>/newValue/oldValue for example: http://localhost/events/generateAllForAnalysis/0/null http://localhost/users/generateAllForInvitedBy/1/0 http://localhost/users/generateAllForRoleId/1/0
2012-12-18 04:50:52 +01:00
public function __construct($id = false, $table = null, $ds = null) {
parent::__construct($id, $table, $ds);
$name = get_class($this);
AdminCrud and coding standard more AdminCrud and coding standard clean up.
2013-01-04 16:48:46 +01:00
$name = str_replace('sController', '', $name);
$name = str_replace('Controller', '', $name);
$this->defaultModel = $name;
generateAllFor<FieldName> so we can use an URL like: http://localhost/<TableName>/generateAllFor<FieldName>/newValue/oldValue for example: http://localhost/events/generateAllForAnalysis/0/null http://localhost/users/generateAllForInvitedBy/1/0 http://localhost/users/generateAllForRoleId/1/0
2012-12-18 04:50:52 +01:00
}
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
public $components = array(
'Session',
'Auth' => array(
'className' => 'SecureAuth',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
),
Integrated ownership, ACL and minor fixes - Orgs can propose new attributes or changes to existing attributes for events that they do not own - publishing users of the owner organisation can see, accept or discard them - Reworked the access control - minor fixes
2013-04-25 14:04:08 +02:00
'authError' => 'Unauthorised access.',
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
'loginRedirect' => array('controller' => 'users', 'action' => 'routeafterlogin'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
Integrated ownership, ACL and minor fixes - Orgs can propose new attributes or changes to existing attributes for events that they do not own - publishing users of the owner organisation can see, accept or discard them - Reworked the access control - minor fixes
2013-04-25 14:04:08 +02:00
//'authorize' => array('Controller', // Added this line
//'Actions' => array('actionPath' => 'controllers')) // TODO ACL, 4: tell actionPath
:q
2013-11-06 10:52:18 +01:00
),
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
);
Several changes in one (xml version, tag filters for exports) - xml version now included in the xml exports - MISP will now check the xml version on all imports related to sync / add MISP XML and try to update the incoming info if it detects an older version - exports now take tag names as a parameter (affected exports: XML, text, HIDS, NIDS) - eventtags now correctly get removed when an event is deleted
2014-02-02 18:10:21 +01:00
public $mispVersion = '2.2.0';
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
public function beforeFilter() {
Some security fixes
2014-01-10 13:56:35 +01:00
// send users away that are using ancient versions of IE
// Make sure to update this if IE 20 comes out :)
if(preg_match('/(?i)msie [2-8]/',$_SERVER['HTTP_USER_AGENT']) && !strpos($_SERVER['HTTP_USER_AGENT'], 'Opera')) throw new MethodNotAllowedException('You are using an unsecure version of IE, please download Google Chrome, Mozilla Firefox or update to a newer version of IE.');
fix incorrect order of checking user info (with REST authkey)
2013-06-12 16:09:03 +02:00
// REST authentication
Initial JSON REST Some small travins changes too. FYI there's an automated travis build available at https://travis-ci.org/MISP/MISP We don't have unit testing and travis setup is subpar so everything will fail for now.
2013-11-12 16:23:37 +01:00
if ($this->_isRest() || $this->isJson()) {
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
// disable CSRF for REST access
if (array_key_exists('Security', $this->components))
Updates to security - perm_auth new toggle, can disable auth key usage for a role - prevents sync / rest with a perm_auth == false key - some changes to sync to provide better feedback on why it failed - rewording of distribution options
2013-02-06 17:45:43 +01:00
$this->Security->csrfCheck = false;
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
// Authenticate user with authkey in Authorization HTTP header
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
fix rest authentication and further auth clean up
2013-04-29 11:22:46 +02:00
$user = $this->checkAuthUser($_SERVER['HTTP_AUTHORIZATION']);
mirated first parts of nice GUI proposed by Alexandru of CERT-EU
2013-05-30 11:14:00 +02:00
if ($user) {
// User found in the db, add the user info to the session
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
Changes to the automation - authorization key should be sent through headers. - passing it in the url is deprecated - updated automation page to reflect the changes - csv export now has headers
2014-01-16 17:19:51 +01:00
} else {
mirated first parts of nice GUI proposed by Alexandru of CERT-EU
2013-05-30 11:14:00 +02:00
// User not authenticated correctly
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
// reset the session information
mirated first parts of nice GUI proposed by Alexandru of CERT-EU
2013-05-30 11:14:00 +02:00
$this->Session->destroy();
fix rest authentication and further auth clean up
2013-04-29 11:22:46 +02:00
throw new ForbiddenException('The authentication key provided cannot be used for syncing.');
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
}
}
}
fix incorrect order of checking user info (with REST authkey)
2013-06-12 16:09:03 +02:00
// user must accept terms
//
if ($this->Session->check('Auth.User') && !$this->Auth->user('termsaccepted') && (!in_array($this->request->here, array('/users/terms', '/users/logout', '/users/login')))) {
$this->redirect(array('controller' => 'users', 'action' => 'terms', 'admin' => false));
}
if ($this->Session->check('Auth.User') && $this->Auth->user('change_pw') && (!in_array($this->request->here, array('/users/terms', '/users/change_pw', '/users/logout', '/users/login')))) {
$this->redirect(array('controller' => 'users', 'action' => 'change_pw', 'admin' => false));
}
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
Integrated ownership, ACL and minor fixes - Orgs can propose new attributes or changes to existing attributes for events that they do not own - publishing users of the owner organisation can see, accept or discard them - Reworked the access control - minor fixes
2013-04-25 14:04:08 +02:00
// We don't want to run these role checks before the user is logged in, but we want them available for every view once the user is logged on
// instead of using checkAction(), like we normally do from controllers when trying to find out about a permission flag, we can use getActions()
// getActions returns all the flags in a single SQL query
if ($this->Auth->user()) {
$role = $this->getActions();
$this->set('me', $this->Auth->user());
$this->set('isAdmin', $role['perm_admin']);
First rework of the siteadmin role - ADMIN org removed. - Siteadmins are now identified by the perm_site_admin flag - Siteadmins can now be of any organisation - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin.
2013-10-03 11:45:27 +02:00
$this->set('isSiteAdmin', $role['perm_site_admin']);
Integrated ownership, ACL and minor fixes - Orgs can propose new attributes or changes to existing attributes for events that they do not own - publishing users of the owner organisation can see, accept or discard them - Reworked the access control - minor fixes
2013-04-25 14:04:08 +02:00
$this->set('isAclAdd', $role['perm_add']);
$this->set('isAclModify', $role['perm_modify']);
$this->set('isAclModifyOrg', $role['perm_modify_org']);
$this->set('isAclPublish', $role['perm_publish']);
$this->set('isAclSync', $role['perm_sync']);
$this->set('isAclAdmin', $role['perm_admin']);
$this->set('isAclAudit', $role['perm_audit']);
$this->set('isAclAuth', $role['perm_auth']);
First rework of the siteadmin role - ADMIN org removed. - Siteadmins are now identified by the perm_site_admin flag - Siteadmins can now be of any organisation - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin.
2013-10-03 11:45:27 +02:00
$this->set('isAclRegexp', $role['perm_regexp_access']);
New permission - tagger: a user that can create / edit / delete the list of tags that is usable for events
2014-01-21 16:59:21 +01:00
$this->set('isAclTagger', $role['perm_tagger']);
Change to new distribution - first stage
2013-06-10 17:33:03 +02:00
$this->userRole = $role;
mirated first parts of nice GUI proposed by Alexandru of CERT-EU
2013-05-30 11:14:00 +02:00
} else {
UI hide top links when not logged in
2013-06-03 16:37:13 +02:00
$this->set('me', false);
mirated first parts of nice GUI proposed by Alexandru of CERT-EU
2013-05-30 11:14:00 +02:00
$this->set('isAdmin', false);
$this->set('isSiteAdmin', false);
$this->set('isAclAdd', false);
$this->set('isAclModify', false);
$this->set('isAclModifyOrg', false);
$this->set('isAclPublish', false);
$this->set('isAclSync', false);
$this->set('isAclAdmin', false);
$this->set('isAclAudit', false);
$this->set('isAclAuth', false);
First rework of the siteadmin role - ADMIN org removed. - Siteadmins are now identified by the perm_site_admin flag - Siteadmins can now be of any organisation - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin.
2013-10-03 11:45:27 +02:00
$this->set('isAclRegexp', false);
New permission - tagger: a user that can create / edit / delete the list of tags that is usable for events
2014-01-21 16:59:21 +01:00
$this->set('isAclTagger', false);
Integrated ownership, ACL and minor fixes - Orgs can propose new attributes or changes to existing attributes for events that they do not own - publishing users of the owner organisation can see, accept or discard them - Reworked the access control - minor fixes
2013-04-25 14:04:08 +02:00
}
Some UI fixes related to the debug/nondebug alignment
2013-07-09 10:05:19 +02:00
if (Configure::read('debug') > 0) {
Regexp changes, UI changes - first cleanup of regexp - some changes left off from the UI changes that were not in the views themselves
2013-07-04 15:45:11 +02:00
$this->debugMode = 'debugOn';
} else {
$this->debugMode = 'debugOff';
}
$this->set('debugMode', $this->debugMode);
Proposal changes Fixes #192 - Contextual comments for proposals - shows proposal count in the top bar - new view showing all of the events of the user's organisation with an active proposal
2013-12-12 16:25:20 +01:00
$proposalCount = $this->_getProposalCount();
$this->set('proposalCount', $proposalCount[0]);
$this->set('proposalEventCount', $proposalCount[1]);
Several changes in one (xml version, tag filters for exports) - xml version now included in the xml exports - MISP will now check the xml version on all imports related to sync / add MISP XML and try to update the incoming info if it detects an older version - exports now take tag names as a parameter (affected exports: XML, text, HIDS, NIDS) - eventtags now correctly get removed when an event is deleted
2014-02-02 18:10:21 +01:00
$this->set('mispVersion', $this->mispVersion);
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
}
Change to new distribution - first stage
2013-06-10 17:33:03 +02:00
public $userRole = null;
Initial JSON REST Some small travins changes too. FYI there's an automated travis build available at https://travis-ci.org/MISP/MISP We don't have unit testing and travis setup is subpar so everything will fail for now.
2013-11-12 16:23:37 +01:00
public function isJson(){
return $this->request->header('Accept') === 'application/json';
}
blackhole full out-commented.
2012-10-25 15:16:19 +02:00
//public function blackhole($type) {
// // handle errors.
// throw new Exception(__d('cake_dev', 'The request has been black-holed'));
// //throw new BadRequestException(__d('cake_dev', 'The request has been black-holed'));
//}
blackhole i have an idea this blackholeCallback seems to overcome a lot of blackhole situations we got. Notably during deleting multiple events from the index, this improved not getting a blackhole a lot.
2012-10-17 13:00:50 +02:00
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
protected function _isRest() {
Basic JSON API CRUD [ci skip] - adds JSON example to shell scripts - adds sample JSON event - ??? for some redundant Attribute model conditions - updates travis with CakePHP installation
2013-11-14 12:43:31 +01:00
return (isset($this->RequestHandler) && ($this->RequestHandler->isXml() || $this->isJson()));
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
}
Proposal changes Fixes #192 - Contextual comments for proposals - shows proposal count in the top bar - new view showing all of the events of the user's organisation with an active proposal
2013-12-12 16:25:20 +01:00
private function _getProposalCount() {
$this->loadModel('ShadowAttribute');
$this->ShadowAttribute->recursive = -1;
$shadowAttributes = $this->ShadowAttribute->find('all', array(
Further work on the scheduled tasks - Also some changes left off from the previous commit
2013-12-17 11:38:06 +01:00
'recursive' => -1,
'fields' => array('event_id', 'event_org'),
Proposal changes Fixes #192 - Contextual comments for proposals - shows proposal count in the top bar - new view showing all of the events of the user's organisation with an active proposal
2013-12-12 16:25:20 +01:00
'conditions' => array(
'ShadowAttribute.event_org' => $this->Auth->user('org')
)));
$results = array();
$eventIds = array();
$results[0] = count($shadowAttributes);
foreach ($shadowAttributes as $sa) {
if (!in_array($sa['ShadowAttribute']['event_id'], $eventIds)) $eventIds[] = $sa['ShadowAttribute']['event_id'];
}
$results[1] = count($eventIds);
return $results;
}
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
/**
* Convert an array to the same array but with the values also as index instead of an interface_exists
*/
Merge and code standards. Forgot to clean View/Helper/AppHelper.php. Changed underscore method names to private and protected where appropriate given phpcs code standards errors.
2012-09-24 09:02:09 +02:00
protected function _arrayToValuesIndexArray($oldArray) {
CakePHP Coding Standards changed to camel caps format where needed.
2012-09-19 11:05:10 +02:00
$newArray = Array();
foreach ($oldArray as $value)
$newArray[$value] = $value;
return $newArray;
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
}
/**
Performance tweak - User/Role not looked up recursively anymore for authorisation checks - improves performance significantly. Also, checking perm_add and perm_modify instead of doing a lookup in the ACL tables
2013-04-22 14:44:55 +02:00
* checks if the currently logged user is an administrator (an admin that can manage the users and events of his own organisation)
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
*/
Merge and code standards. Forgot to clean View/Helper/AppHelper.php. Changed underscore method names to private and protected where appropriate given phpcs code standards errors.
2012-09-24 09:02:09 +02:00
protected function _isAdmin() {
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
$org = $this->Auth->user('org');
First rework of the siteadmin role - ADMIN org removed. - Siteadmins are now identified by the perm_site_admin flag - Siteadmins can now be of any organisation - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin.
2013-10-03 11:45:27 +02:00
if ($this->userRole['perm_site_admin'] || $this->userRole['perm_admin']) {
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
return true;
}
return false;
}
Reworked the sync / release control - Fixed issues with the sync - Secondary publishes on remote servers failed - Introduced new fields in events to stop backward traverse of edit information that lead to low performance and eroneous distribution information updates when more than 2 servers were linked - Deletion of an attribute now deletes on remote servers - Changes to the event ownership - Original creator org now noted in the event itself - Only original creator org can change distribution - Events will show up with the original creator org for users (admins can see both that and the owner of the event on the local instance) - Server.organization now used in junction with the connecting user's org and the instance's org (from the bootstrap) to determine distribution flow control and access rights - Lots of minor changes
2013-02-19 15:37:35 +01:00
/**
Small fixes - Comments about isAdmin vs isSiteAdmin - Extra config line added to bootstrap.default.php for the built in e-mail system
2013-04-16 15:55:33 +02:00
* checks if the currently logged user is a site administrator (an admin that can manage any user or event on the instance and create / edit the roles).
Reworked the sync / release control - Fixed issues with the sync - Secondary publishes on remote servers failed - Introduced new fields in events to stop backward traverse of edit information that lead to low performance and eroneous distribution information updates when more than 2 servers were linked - Deletion of an attribute now deletes on remote servers - Changes to the event ownership - Original creator org now noted in the event itself - Only original creator org can change distribution - Events will show up with the original creator org for users (admins can see both that and the owner of the event on the local instance) - Server.organization now used in junction with the connecting user's org and the instance's org (from the bootstrap) to determine distribution flow control and access rights - Lots of minor changes
2013-02-19 15:37:35 +01:00
*/
Fixes to access rights, some sanitization, etc - Admins cannot manually change anyone's authkey, they need to generate a new one via the reset link - Some pages could be accessed by changing the url - fixed (though needs further testing) - Edited a change in the manual that may have been confusing - Some changes to the way ACL is set up - still needs more work
2013-02-04 17:55:35 +01:00
protected function _isSiteAdmin() {
First rework of the siteadmin role - ADMIN org removed. - Siteadmins are now identified by the perm_site_admin flag - Siteadmins can now be of any organisation - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin.
2013-10-03 11:45:27 +02:00
return $this->userRole['perm_site_admin'];
Fixes to access rights, some sanitization, etc - Admins cannot manually change anyone's authkey, they need to generate a new one via the reset link - Some pages could be accessed by changing the url - fixed (though needs further testing) - Edited a change in the manual that may have been confusing - Some changes to the way ACL is set up - still needs more work
2013-02-04 17:55:35 +01:00
}
Reworked the sync / release control - Fixed issues with the sync - Secondary publishes on remote servers failed - Introduced new fields in events to stop backward traverse of edit information that lead to low performance and eroneous distribution information updates when more than 2 servers were linked - Deletion of an attribute now deletes on remote servers - Changes to the event ownership - Original creator org now noted in the event itself - Only original creator org can change distribution - Events will show up with the original creator org for users (admins can see both that and the owner of the event on the local instance) - Server.organization now used in junction with the connecting user's org and the instance's org (from the bootstrap) to determine distribution flow control and access rights - Lots of minor changes
2013-02-19 15:37:35 +01:00
protected function _checkOrg() {
return $this->Auth->user('org');
}
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
/**
* Refreshes the Auth session with new/updated data
* @return void
*/
Merge and code standards. Forgot to clean View/Helper/AppHelper.php. Changed underscore method names to private and protected where appropriate given phpcs code standards errors.
2012-09-24 09:02:09 +02:00
protected function _refreshAuth() {
peformance
2013-06-08 11:31:22 +02:00
$this->loadModel('User');
$this->User->recursive = -1;
$user = $this->User->findById($this->Auth->user('id'));
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00
$this->Auth->login($user['User']);
CakePHP Coding Standards http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html Eclipse: Window->Preferences General->Editors->Text Editors Displayed tab width: 4 Insert spaces for tabs NOT PHP->Code Style->Formatter Tab policy: Tabs File->Convert Line Delimeters To->Unix [default] http://mark-story.com/posts/view/static-analysis-tools-for-php for instance: phpcs --standard=CakePHP app/Model/ Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
}
Merge branch 'master' into develop Conflicts: app/Controller/AppController.php app/Controller/AttributesController.php app/Controller/EventsController.php app/Controller/ServersController.php app/Controller/UsersController.php app/Model/Attribute.php app/Model/Event.php app/Model/Server.php app/Model/User.php app/View/Attributes/edit.ctp app/View/Attributes/index.ctp app/View/Elements/actions_menu.ctp app/View/Events/add.ctp app/View/Events/index.ctp app/View/Events/view.ctp app/View/Events/xml/view.ctp app/View/Servers/index.ctp app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
/**
Integrated ownership, ACL and minor fixes - Orgs can propose new attributes or changes to existing attributes for events that they do not own - publishing users of the owner organisation can see, accept or discard them - Reworked the access control - minor fixes
2013-04-25 14:04:08 +02:00
*
* @param $action
* @return boolean
Merge branch 'master' into develop Conflicts: app/Controller/AppController.php app/Controller/AttributesController.php app/Controller/EventsController.php app/Controller/ServersController.php app/Controller/UsersController.php app/Model/Attribute.php app/Model/Event.php app/Model/Server.php app/Model/User.php app/View/Attributes/edit.ctp app/View/Attributes/index.ctp app/View/Elements/actions_menu.ctp app/View/Events/add.ctp app/View/Events/index.ctp app/View/Events/view.ctp app/View/Events/xml/view.ctp app/View/Servers/index.ctp app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
*/
Integrated ownership, ACL and minor fixes - Orgs can propose new attributes or changes to existing attributes for events that they do not own - publishing users of the owner organisation can see, accept or discard them - Reworked the access control - minor fixes
2013-04-25 14:04:08 +02:00
// pass an action to this method for it to check the active user's access to the action
public function checkAction($action = 'perm_sync') {
$this->loadModel('Role');
$this->Role->recursive = -1;
$role = $this->Role->findById($this->Auth->user('role_id'));
if ($role['Role'][$action]) return true;
return false;
RBAC should now respect Manage, so also edit, own and org events.‏
2012-11-08 14:09:52 +01:00
}
Integrated ownership, ACL and minor fixes - Orgs can propose new attributes or changes to existing attributes for events that they do not own - publishing users of the owner organisation can see, accept or discard them - Reworked the access control - minor fixes
2013-04-25 14:04:08 +02:00
// returns the role of the currently authenticated user as an array, used to set the permission variables for views in the AppController's beforeFilter() method
public function getActions() {
$this->loadModel('Role');
$this->Role->recursive = -1;
$role = $this->Role->findById($this->Auth->user('role_id'));
return $role['Role'];
sync have sync option in role. and only display the Sync Actions when sync option or admin. (still has to be disabled if role is below manage org events.
2012-12-07 15:00:40 +01:00
}
Updates to security - perm_auth new toggle, can disable auth key usage for a role - prevents sync / rest with a perm_auth == false key - some changes to sync to provide better feedback on why it failed - rewording of distribution options
2013-02-06 17:45:43 +01:00
/**
*
* @param unknown $authkey
fix rest authentication and further auth clean up
2013-04-29 11:22:46 +02:00
* @return boolean or user array
Updates to security - perm_auth new toggle, can disable auth key usage for a role - prevents sync / rest with a perm_auth == false key - some changes to sync to provide better feedback on why it failed - rewording of distribution options
2013-02-06 17:45:43 +01:00
*/
public function checkAuthUser($authkey) {
Performance tweak - User/Role not looked up recursively anymore for authorisation checks - improves performance significantly. Also, checking perm_add and perm_modify instead of doing a lookup in the ACL tables
2013-04-22 14:44:55 +02:00
$this->loadModel('User');
$this->User->recursive = -1;
$user = $this->User->findByAuthkey($authkey);
Updates to security - perm_auth new toggle, can disable auth key usage for a role - prevents sync / rest with a perm_auth == false key - some changes to sync to provide better feedback on why it failed - rewording of distribution options
2013-02-06 17:45:43 +01:00
if (isset($user['User'])) {
Performance tweak - User/Role not looked up recursively anymore for authorisation checks - improves performance significantly. Also, checking perm_add and perm_modify instead of doing a lookup in the ACL tables
2013-04-22 14:44:55 +02:00
$this->loadModel('Role');
$this->Role->recursive = -1;
$role = $this->Role->findById($user['User']['role_id']);
First round of implementations for the new API searches - users can search RESTfully for attributes based on various filtering mechanisms and get either an event that includes the located attribute(s) or just an array of attributes returned. - users can also request all attributes of a (or several) types and get them returned as an XML
2013-09-19 12:05:08 +02:00
$user['User']['siteAdmin'] = false;
First rework of the siteadmin role - ADMIN org removed. - Siteadmins are now identified by the perm_site_admin flag - Siteadmins can now be of any organisation - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin.
2013-10-03 11:45:27 +02:00
if ($role['Role']['perm_site_admin']) $user['User']['siteAdmin'] = true;
Updates to security - perm_auth new toggle, can disable auth key usage for a role - prevents sync / rest with a perm_auth == false key - some changes to sync to provide better feedback on why it failed - rewording of distribution options
2013-02-06 17:45:43 +01:00
if ($role['Role']['perm_auth']) {
fix rest authentication and further auth clean up
2013-04-29 11:22:46 +02:00
return $user;
Updates to security - perm_auth new toggle, can disable auth key usage for a role - prevents sync / rest with a perm_auth == false key - some changes to sync to provide better feedback on why it failed - rewording of distribution options
2013-02-06 17:45:43 +01:00
}
}
fix rest authentication and further auth clean up
2013-04-29 11:22:46 +02:00
return false;
Updates to security - perm_auth new toggle, can disable auth key usage for a role - prevents sync / rest with a perm_auth == false key - some changes to sync to provide better feedback on why it failed - rewording of distribution options
2013-02-06 17:45:43 +01:00
}
count & GFI Sandbox count # attributes in events index. plus various fixes for distribution in correlation of a GFI Sandbox upload.
2012-11-14 16:14:04 +01:00
public function generateCount() {
Update to the admin privileges - Changed the requirement for a lot of functions to be site admin as opposed to admin.
2013-03-05 15:19:58 +01:00
if (!self::_isSiteAdmin()) throw new NotFoundException();
huge performance increase in generateCount
2013-07-12 14:55:56 +02:00
// do one SQL query with the counts
// loop over events, update in db
$this->loadModel('Attribute');
Changes to the misc admin functions - cleaned them up a bit, views for results - removed query() and replaced it with CakePHP find()
2014-01-17 09:53:23 +01:00
$events = $this->Attribute->find('all', array(
'recursive' => -1,
'fields' => array('event_id', 'count(event_id) as attribute_count'),
'group' => array('Attribute.event_id'),
'order' => array('Attribute.event_id ASC'),
));
foreach ($events as $k => $event) {
$this->Event->read(null, $event['Attribute']['event_id']);
huge performance increase in generateCount
2013-07-12 14:55:56 +02:00
$this->Event->set('attribute_count', $event[0]['attribute_count']);
$this->Event->save();
count & GFI Sandbox count # attributes in events index. plus various fixes for distribution in correlation of a GFI Sandbox upload.
2012-11-14 16:14:04 +01:00
}
Changes to the misc admin functions - cleaned them up a bit, views for results - removed query() and replaced it with CakePHP find()
2014-01-17 09:53:23 +01:00
$this->Session->setFlash(__('All done. attribute_count generated from scratch for ' . $k . ' events.'));
minor admin tools improvements
2013-07-12 15:35:00 +02:00
$this->redirect(array('controller' => 'pages', 'action' => 'display', 'administration'));
count & GFI Sandbox count # attributes in events index. plus various fixes for distribution in correlation of a GFI Sandbox upload.
2012-11-14 16:14:04 +01:00
}
GFI Sandbox files having size 0 are not md5 summed in CakePHP.
2012-11-14 15:12:19 +01:00
}