mirror of https://github.com/MISP/MISP
Some fixes to the templating
- resolved bugs with permissions - fixed the broken mass delete tool - Fixed an issue with the type not being chosen correctly for file type attributes when created through the templating toolpull/274/head^2
parent
45d826a252
commit
029ef252a2
|
@ -913,22 +913,26 @@ class AttributesController extends AppController {
|
|||
if (!$this->Attribute->exists()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = $this->Attribute->find('first', array(
|
||||
'conditions' => array('Attribute.id' => $id),
|
||||
'fields' => array('Attribute.id, Attribute.event_id', 'Attribute.uuid'),
|
||||
'contain' => array('Event' => array(
|
||||
'fields' => array('Event.id', 'Event.orgc', 'Event.org', 'Event.locked')
|
||||
)),
|
||||
));
|
||||
if ('true' == Configure::read('MISP.sync')) {
|
||||
// find the uuid
|
||||
$result = $this->Attribute->findById($id);
|
||||
$uuid = $result['Attribute']['uuid'];
|
||||
}
|
||||
|
||||
// check for permissions
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$this->Attribute->read();
|
||||
if ($this->Attribute->data['Event']['locked']) {
|
||||
if ($this->_checkOrg() != $this->Attribute->data['Event']['org'] || !$this->userRole['perm_sync']) {
|
||||
if ($result['Event']['locked']) {
|
||||
if ($this->_checkOrg() != $result['Event']['org'] || !$this->userRole['perm_sync']) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
} else {
|
||||
if ($this->_checkOrg() != $this->Attribute->data['Event']['orgc']) {
|
||||
if ($this->_checkOrg() != $result['Event']['orgc']) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -230,7 +230,7 @@ class TemplatesController extends AppController {
|
|||
'recursive' => -1,
|
||||
'fields' => array('orgc', 'id'),
|
||||
));
|
||||
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc'] != $this->Auth->user('org'))) throw new MethodNotFoundException('Event not found or you are not authorised to edit it.');
|
||||
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc'] != $this->Auth->user('org'))) throw new NotFoundException('Event not found or you are not authorised to edit it.');
|
||||
|
||||
$conditions = array();
|
||||
if (!$this->_isSiteAdmin) {
|
||||
|
@ -268,10 +268,9 @@ class TemplatesController extends AppController {
|
|||
|
||||
if (empty($event)) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
|
||||
if (empty($template)) throw new MethodNotAllowedException('Template not found or you are not authorised to edit it.');
|
||||
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($event['Event']['orgc'] != $this->Auth->user('org')) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
|
||||
if ($template['Template']['org'] != $this->Auth->user('org')) throw new MethodNotAllowedException('Template not found or you are not authorised to use it.');
|
||||
if ($template['Template']['org'] != $this->Auth->user('org') && !$template['Template']['share']) throw new MethodNotAllowedException('Template not found or you are not authorised to use it.');
|
||||
}
|
||||
|
||||
$this->set('template_id', $template_id);
|
||||
|
@ -306,7 +305,7 @@ class TemplatesController extends AppController {
|
|||
$event = $this->Event->find('first', array(
|
||||
'conditions' => array('id' => $event_id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'orgc', 'distribution'),
|
||||
'fields' => array('id', 'orgc', 'distribution', 'published'),
|
||||
'contain' => 'EventTag',
|
||||
));
|
||||
if (empty($event)) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
<?php
|
||||
|
||||
class ComplexTypeTool {
|
||||
|
||||
public function checkComplexRouter($input, $type) {
|
||||
switch ($type) {
|
||||
case 'File':
|
||||
|
@ -18,6 +17,7 @@ class ComplexTypeTool {
|
|||
|
||||
// checks if the passed input matches a valid file description attribute's pattern (filename, md5, sha1, sha256, filename|md5, filename|sha1, filename|sha256)
|
||||
public function checkComplexFile($input) {
|
||||
$original = $input;
|
||||
$type = '';
|
||||
$composite = false;
|
||||
if (strpos($input, '|')) {
|
||||
|
@ -33,7 +33,7 @@ class ComplexTypeTool {
|
|||
if (strlen($input) == 64 && preg_match("#[0-9a-f]{64}$#", $input)) $type .= 'sha256';
|
||||
if ($type == '' && !$composite && preg_match("#^.+#", $input)) $type = 'filename';
|
||||
if ($type == '') $type = 'other';
|
||||
return array('type' => $type, 'value' => $input);
|
||||
return array('type' => $type, 'value' => $original);
|
||||
}
|
||||
|
||||
public function checkComplexCnC($input) {
|
||||
|
|
|
@ -513,7 +513,6 @@ class Attribute extends AppModel {
|
|||
public function validateAttributeValue($fields) {
|
||||
$value = $fields['value'];
|
||||
$returnValue = false;
|
||||
|
||||
// check data validation
|
||||
switch($this->data['Attribute']['type']) {
|
||||
case 'md5':
|
||||
|
@ -1381,7 +1380,7 @@ class Attribute extends AppModel {
|
|||
}
|
||||
}
|
||||
$result = $this->__resolveElementFile($element['TemplateElementFile'][0], $temp);
|
||||
if ($element['TemplateElementFile'][0]['mandatory'] && empty($temp) && empty($errors[$element['id']])) $errors[$element['id']] = 'Error: This field is mandatory.';
|
||||
if ($element['TemplateElementFile'][0]['mandatory'] && empty($temp) && empty($errors[$element['id']])) $errors[$element['id']] = 'This field is mandatory.';
|
||||
}
|
||||
if ($element['element_definition'] == 'file' || $element['element_definition'] == 'attribute') {
|
||||
if ($result['errors']) {
|
||||
|
@ -1459,6 +1458,7 @@ class Attribute extends AppModel {
|
|||
if (!$tmp_file->exists()) {
|
||||
$errors = 'File cannot be read.';
|
||||
} else {
|
||||
$element['type'] = 'malware-sample';
|
||||
$attributes[] = $this->__createAttribute($element, $malwareName);
|
||||
$content = $tmp_file->read();
|
||||
$attributes[count($attributes) - 1]['data'] = $file['tmp_name'];
|
||||
|
|
|
@ -62,9 +62,11 @@
|
|||
<span id="multi-edit-button" title="Edit selected" class="icon-edit mass-select useCursorPointer" onClick="editSelectedAttributes(<?php echo $event['Event']['id']; ?>);"></span>
|
||||
<span id="multi-delete-button" title="Delete selected" class = "icon-trash mass-select useCursorPointer" onClick="deleteSelectedAttributes(<?php echo $event['Event']['id']; ?>);"></span>
|
||||
</div>
|
||||
<?php if ($mayModify): ?>
|
||||
<div class="tabMenu tabMenuToolsBlock noPrint">
|
||||
<span id="create-button" title="Populate using a template" class="icon-list-alt useCursorPointer" onClick="getTemplateChoicePopup(<?php echo $event['Event']['id']; ?>);"></span>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<table class="table table-striped table-condensed">
|
||||
<tr>
|
||||
<?php if ($mayModify && !empty($eventArray)): ?>
|
||||
|
|
Loading…
Reference in New Issue