MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
MISP/app/Controller/Component/ACLComponent.php

372 lines
11 KiB
PHP
Raw Normal View History

Work on the new ACL system
2016-04-17 23:13:39 +02:00
<?php
App::uses('Component', 'Controller');
class ACLComponent extends Component {
private $__aclList = array(
'*' => array(
'blackhole' => array(),
'checkAction' => array(),
'checkAuthUser' => array(),
'checkExternalAuthUser' => array(),
'cleanModelCaches' => array(),
'generateCount' => array(),
'getActions' => array(),
'pruneDuplicateUUIDs' => array(),
'removeDuplicateEvents' => array(),
'updateDatabase' => array(),
'upgrade2324' => array(),
),
'attributes' => array(
'add' => array('perm_add'),
'add_attachment' => array('perm_add'),
'add_threatconnect' => array('perm_add'),
'attributeReplace' => array('perm_add'),
'checkComposites' => array('perm_admin'),
'delete' => array('perm_add'),
'deleteSelected' => array('perm_add'),
'describeTypes' => array('perm_auth'),
'download' => array('*'),
'downloadAttachment' => array('*'),
'downloadSample' => array('*'),
'edit' => array('perm_add'),
'editField' => array('perm_add'),
'editSelected' => array('perm_add'),
'fetchEditForm' => array('perm_add'),
'fetchViewValue' => array('*'),
'generateCorrelation' => array(),
'hoverEnrichment' => array('perm_add'),
'index' => array('*'),
'pruneOrphanedAttributes' => array(),
'reportValidationIssuesAttributes' => array(),
'restSearch' => array('*'),
'returnAttributes' => array('*'),
'rpz' => array('*'),
'search' => array('*'),
'searchAlternate' => array('*'),
'text' => array('*'),
'updateAttributeValues' => array('perm_add'),
'view' => array('*'),
),
'eventBlacklists' => array(
'add' => array(),
'delete' => array(),
'edit' => array(),
'index' => array(),
),
'eventDelegations' => array(
'acceptDelegation' => array('perm_add'),
'delegateEvent' => array('perm_add'),
'deleteDelegation' => array('perm_add'),
'view' => array('*'),
),
'events' => array(
'add' => array('perm_add'),
'addIOC' => array('perm_add'),
'addTag' => array('perm_tagger'),
'add_misp_export' => array('perm_modify'),
'alert' => array('perm_publish'),
'automation' => array('perm_auth'),
'checkuuid' => array('perm_sync'),
'contact' => array('*'),
'create_dummy_event' => array(),
'create_massive_dummy_events' => array(),
'csv' => array('*'),
'delegation_index' => array('*'),
'delete' => array('perm_add'),
'dot' => array(),
'downloadExport' => array('*'),
'downloadOpenIOCEvent' => array('*'),
'downloadSearchResult' => array('*'),
'edit' => array('perm_add'),
'export' => array('*'),
'exportChoice' => array('*'),
'filterEventIdsForPush' => array('perm_sync'),
'filterEventIndex' => array('*'),
'freeTextImport' => array('perm_add'),
'hids' => array('*'),
'index' => array('*'),
'nids' => array('*'),
'proposalEventIndex' => array('*'),
'publish' => array('perm_publish'),
'pushProposals' => array('perm_sync'),
'queryEnrichment' => array('perm_add'),
'removePivot' => array('*'),
'removeTag' => array('perm_tagger'),
'reportValidationIssuesEvents' => array(),
'restSearch' => array('*'),
'saveFreeText' => array('perm_add'),
'stix' => array('*'),
'strposarray' => array(),
'updateGraph' => array('*'),
'upload_sample' => array('perm_auth'),
'view' => array('*'),
'viewEventAttributes' => array('*'),
'viewGraph' => array('*'),
'xml' => array('*'),
),
'feeds' => array(
'add' => array(),
'delete' => array(),
'edit' => array(),
'fetchFromFeed' => array(),
'getEvent' => array(),
'index' => array(),
'previewEvent' => array(),
'previewIndex' => array(),
'view' => array(),
),
'jobs' => array(
'cache' => array(),
'getGenerateCorrelationProgress' => array(),
'getProgress' => array(),
'index' => array(),
),
'logs' => array(
'admin_index' => array(),
'admin_search' => array(),
'event_index' => array(),
'maxDateActivity' => array(),
'returnDates' => array(),
),
'orgBlacklists' => array(
'add' => array(),
'delete' => array(),
'edit' => array(),
'index' => array(),
),
'organisations' => array(
'admin_add' => array(),
'admin_delete' => array(),
'admin_edit' => array(),
'admin_generateuuid' => array(),
'admin_merge' => array(),
'fetchOrgsForSG' => array(),
'fetchSGOrgRow' => array(),
'getUUIDs' => array(),
'index' => array(),
'landingpage' => array(),
'view' => array(),
),
'pages' => array(
'display' => array(),
),
'posts' => array(
'add' => array(),
'delete' => array(),
'edit' => array(),
),
'regexp' => array(
'admin_add' => array(),
'admin_clean' => array(),
'admin_delete' => array(),
'admin_edit' => array(),
'admin_index' => array(),
'cleanRegexModifiers' => array(),
'index' => array(),
),
'roles' => array(
'admin_add' => array(),
'admin_delete' => array(),
'admin_edit' => array(),
'admin_index' => array(),
'index' => array(),
'view' => array(),
),
'servers' => array(
'add' => array(),
'delete' => array(),
'deleteFile' => array(),
'edit' => array(),
'fetchServersForSG' => array(),
'filterEventIndex' => array(),
'getVersion' => array(),
'index' => array(),
'previewEvent' => array(),
'previewIndex' => array(),
'pull' => array(),
'purgeSessions' => array(),
'push' => array(),
'restartWorkers' => array(),
'serverSettings' => array(),
'serverSettingsEdit' => array(),
'serverSettingsReloadSetting' => array(),
'startWorker' => array(),
'startZeroMQServer' => array(),
'statusZeroMQServer' => array(),
'stopWorker' => array(),
'stopZeroMQServer' => array(),
'testConnection' => array(),
'uploadFile' => array(),
),
'shadowAttributes' => array(
'accept' => array(),
'acceptSelected' => array(),
'add' => array(),
'add_attachment' => array(),
'delete' => array(),
'discard' => array(),
'discardSelected' => array(),
'download' => array(),
'edit' => array(),
'editField' => array(),
'fetchEditForm' => array(),
'generateCorrelation' => array(),
'getProposalsByUuid' => array(),
'getProposalsByUuidList' => array(),
'index' => array(),
'view' => array(),
),
'sharingGroups' => array(
'add' => array(),
'delete' => array(),
'edit' => array(),
'index' => array(),
'view' => array(),
),
'sightings' => array(
'add' => array(),
'delete' => array(),
),
'tags' => array(
'add' => array(),
'delete' => array(),
'edit' => array(),
'index' => array(),
'quickAdd' => array(),
'selectTag' => array(),
'selectTaxonomy' => array(),
'showEventTag' => array(),
'view' => array(),
'viewTag' => array(),
),
'tasks' => array(
'index' => array(),
'setTask' => array(),
),
'taxonomies' => array(
'addTag' => array(),
'disable' => array(),
'enable' => array(),
'index' => array(),
'taxonomyMassConfirmation' => array(),
'update' => array(),
'view' => array(),
),
'templateElements' => array(
'add' => array(),
'delete' => array(),
'edit' => array(),
'index' => array(),
'templateElementAddChoices' => array(),
),
'templates' => array(
'add' => array(),
'delete' => array(),
'deleteTemporaryFile' => array(),
'edit' => array(),
'index' => array(),
'populateEventFromTemplate' => array(),
'saveElementSorting' => array(),
'submitEventPopulation' => array(),
'templateChoices' => array(),
'uploadFile' => array(),
'view' => array(),
),
'threads' => array(
'index' => array(),
'view' => array(),
'viewEvent' => array(),
),
'users' => array(
'admin_add' => array(),
'admin_delete' => array(),
'admin_edit' => array(),
'admin_email' => array(),
'admin_filterUserIndex' => array(),
'admin_index' => array(),
'admin_view' => array(),
'arrayCopy' => array(),
'change_pw' => array(),
'checkAndCorrectPgps' => array(),
'dashBoard' => array(),
'delete' => array(),
'downloadTerms' => array(),
'edit' => array(),
'fetchPGPKey' => array(),
'histogram' => array(),
'index' => array(),
'initiatePasswordReset' => array(),
'login' => array(),
'logout' => array(),
'memberslist' => array(),
'resetauthkey' => array(),
'routeafterlogin' => array(),
'statistics' => array(),
'terms' => array(),
'updateLoginTime' => array(),
'verifyGPG' => array(),
'view' => array(),
),
'whitelists' => array(
'admin_add' => array(),
'admin_delete' => array(),
'admin_edit' => array(),
'admin_index' => array(),
'index' => array(),
)
);
public function checkAccess($user, $controller, $action) {
if (!isset($this->__aclList[$controller])) $this->__error(404, 'Invalid controller.');
if (isset($this->__aclList[$controller]['*']) ||
$user['Role']['perm_site_admin'] ||
(isset($this->__aclList[$controller][$action]) && $user['Role'][$this->__aclList[$controller][$action]])
) return true;
$this->__error(403, 'You do not have permission to use this functionality.');
}
private function __error($code, $message) {
switch ($code) {
case 404:
throw new NotFoundException($message);
break;
default:
throw new InternalErrorException('Unknown error: ' . $message);
}
}
public function printAllFunctionNames() {
$functionFinder = '/function[\s\n]+(\S+)[\s\n]*\(/';
$dir = new Folder(APP . 'Controller');
$files = $dir->find('.*\.php');
$results = array();
foreach ($files as $file) {
$controllerName = lcfirst(str_replace('Controller.php', "", $file));
if ($controllerName === 'app') $controllerName = '*';
$functionArray = array();
$fileContents = file_get_contents(APP . 'Controller' . DS . $file);
preg_match_all($functionFinder, $fileContents, $functionArray);
foreach ($functionArray[1] as $function) {
if (substr($function, 0, 1) !== '_' && $function !== 'beforeFilter') $results[$controllerName][] = $function;
}
if( count( $functionArray )>1 ){
$functionArray = $functionArray[1];
}
}
$pretty = "";
ksort($results);
foreach ($results as $controller => $functions) {
$pretty .= "'" . $controller . "' => array(" . PHP_EOL;
sort($functions);
foreach ($functions as $method) {
$pretty .= "\t'" . $method . "' => array()," . PHP_EOL;
}
$pretty .= ")," . PHP_EOL;
}
debug($pretty);
}
}