mirror of https://github.com/MISP/MISP
chg: [eventGraph] only networkHistory user creator can delete its
saved networkpull/3449/head
parent
4b7c1d07e0
commit
03a7ee6f9c
|
@ -71,9 +71,7 @@ class EventNetworkHistoryController extends AppController {
|
|||
$formURL = 'eventNetworkHistory_add_form';
|
||||
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($networkHistory['org_id'] == $this->Auth->user('org_id')
|
||||
&& (($this->userRole['perm_modify'] && $networkHistory['user_id'] != $this->Auth->user('id'))
|
||||
|| $this->userRole['perm_modify_org'])) {
|
||||
if ($this->userRole['perm_modify'] || $this->userRole['perm_modify_org']) {
|
||||
// Allow the edit
|
||||
} else {
|
||||
throw new NotFoundException(__('Invalid network history'));
|
||||
|
@ -164,11 +162,13 @@ class EventNetworkHistoryController extends AppController {
|
|||
$networkHistory = $this->EventNetworkHistory->find('first', array(
|
||||
'conditions' => $conditions,
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'event_id'),
|
||||
'fields' => array('id', 'event_id', 'user_id'),
|
||||
));
|
||||
if (empty($networkHistory)) throw new NotFoundException('Invalid NetworkHistory');
|
||||
if ($this->request->is('ajax')) {
|
||||
if ($this->request->is('post')) {
|
||||
// only creator can delete its network
|
||||
if ($networkHistory['EventNetworkHistory']['user_id'] != $this->Auth->user()['id']) throw new MethodNotAllowedException('This network does not belong to you.');
|
||||
$result = $this->EventNetworkHistory->delete($id);
|
||||
if ($result) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Network history deleted.')), 'status'=>200, 'type' => 'json'));
|
||||
|
@ -187,7 +187,6 @@ class EventNetworkHistoryController extends AppController {
|
|||
'conditions' => array('EventNetworkHistory.id' => $id),
|
||||
'flatten' => 1,
|
||||
);
|
||||
//$networkHistory = $this->NetworkHistory->fetchNetworkHistory($this->Auth->user(), $params);
|
||||
$networkHistory = $this->NetworkHistory->get($this->Auth->user(), $params);
|
||||
if (empty($networkHistory)) throw new NotFoundException(__('Invalid network history'));
|
||||
$networkHistory = $networkHistory[0];
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
<span id="fullscreen-btn-eventgraph" class="fullscreen-btn btn btn-xs btn-primary" data-toggle="tooltip" data-placement="top" data-title="<?php echo __('Toggle fullscreen');?>"><span class="fa fa-desktop"></span></span>
|
||||
|
||||
<div id="eventgraph_shortcuts_background" class="eventgraph_network_background"></div>
|
||||
<div id="eventgraph_network" class="eventgraph_network" data-event-id="<?php echo h($event['Event']['id']); ?>" data-event-timestamp="<?php echo h($event['Event']['timestamp']); ?>" data-user-manipulation="<?php echo $mayModify || $isSiteAdmin ? 'true' : 'false'; ?>" data-extended="<?php echo $extended; ?>"></div>
|
||||
<div id="eventgraph_network" class="eventgraph_network" data-event-id="<?php echo h($event['Event']['id']); ?>" data-event-timestamp="<?php echo h($event['Event']['timestamp']); ?>" data-user-manipulation="<?php echo $mayModify || $isSiteAdmin ? 'true' : 'false'; ?>" data-extended="<?php echo $extended; ?>" data-user-email="<?php echo h($me['email']);?>"></div>
|
||||
<div class="loading-network-div" id="refecences_network_loading_div" style="display: none;">
|
||||
<div class="spinner-network" data-original-title="" title=""></div>
|
||||
<div class="loadingText-network" data-original-title="" title=""></div>
|
||||
|
|
|
@ -141,3 +141,7 @@ label.center-in-network-header {
|
|||
.flushright {
|
||||
float: right;
|
||||
}
|
||||
|
||||
.btn[disabled] {
|
||||
cursor: not-allowed;
|
||||
}
|
||||
|
|
|
@ -51,14 +51,19 @@ class ActionTable {
|
|||
}
|
||||
|
||||
delete_row(row_pos) {
|
||||
var row_id = this.tr_id_mapping[row_pos];
|
||||
var tr = document.getElementById(row_id);
|
||||
var tr = this.get_DOM_row(row_pos);
|
||||
var array = this.__get_array_from_DOM_row(tr);
|
||||
var data_index = this.__find_array_index(array, this.data);
|
||||
tr.outerHTML = "";
|
||||
this.data.splice(data_index, 1);
|
||||
}
|
||||
|
||||
get_DOM_row(row_pos) {
|
||||
var row_id = this.tr_id_mapping[row_pos];
|
||||
var tr = document.getElementById(row_id);
|
||||
return tr;
|
||||
}
|
||||
|
||||
get_data() {
|
||||
return this.data;
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@ var edges = new vis.DataSet();
|
|||
var typeaheadDataSearch;
|
||||
var event_last_change = $('#eventgraph_network').data('event-timestamp');
|
||||
var scope_id = $('#eventgraph_network').data('event-id');
|
||||
var user_email = $('#eventgraph_network').data('user-email');
|
||||
var container = document.getElementById('eventgraph_network');
|
||||
var user_manipulation = $('#eventgraph_network').data('user-manipulation');
|
||||
var root_id_attr = "rootNode:attribute";
|
||||
|
@ -596,6 +597,16 @@ class EventGraph {
|
|||
// has to do it manually here (not using reset_graph_history) because menu_history still not constructed yet
|
||||
dataHandler.fetch_graph_history(function(history_formatted) {
|
||||
menu_history.items["table_graph_history_actiontable"].set_table_data(history_formatted);
|
||||
for(var i=0; i<history_formatted.length; i++) {
|
||||
var history = history_formatted[i];
|
||||
var cur_email = history[2];
|
||||
if (cur_email != user_email) {
|
||||
// disable delete button
|
||||
var tr = eventGraph.menu_history.items.table_graph_history_actiontable.get_DOM_row(i);
|
||||
var btn_del = $(tr).find('.btn-danger');
|
||||
btn_del.prop('disabled', true);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
return menu_history;
|
||||
|
@ -1600,7 +1611,6 @@ class MispInteraction {
|
|||
}
|
||||
|
||||
delete_saved_network(data) {
|
||||
console.log('deleting');
|
||||
var network_id = data[0];
|
||||
var url = "/" + "eventNetworkHistory" + "/" + "delete" + "/" + network_id;
|
||||
$.get(url, function(data) {
|
||||
|
@ -1835,6 +1845,16 @@ function reset_graph_history() {
|
|||
var table = eventGraph.menu_history.items["table_graph_history_actiontable"];
|
||||
dataHandler.fetch_graph_history(function(history_formatted) {
|
||||
table.set_table_data(history_formatted);
|
||||
for(var i=0; i<history_formatted.length; i++) {
|
||||
var history = history_formatted[i];
|
||||
var cur_email = history[2];
|
||||
if (cur_email != user_email) {
|
||||
// disable delete button
|
||||
var tr = eventGraph.menu_history.items.table_graph_history_actiontable.get_DOM_row(i);
|
||||
var btn_del = $(tr).find('.btn-danger');
|
||||
btn_del.prop('disabled', true);
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue