mirror of https://github.com/MISP/MISP
Changes to the event view
- reworked the way events are loaded and reloaded to check for privilegespull/217/head
parent
f545511a76
commit
0b834464ac
|
@ -126,43 +126,52 @@ class EventsController extends AppController {
|
|||
if ($temp == null) throw new NotFoundException(__('Invalid event'));
|
||||
$id = $temp['Event']['id'];
|
||||
}
|
||||
$isSiteAdmin = $this->_isSiteAdmin();
|
||||
|
||||
$this->Event->recursive = 2;
|
||||
$this->Event->contain('Attribute', 'ShadowAttribute', 'User.email');
|
||||
$this->Event->id = $id;
|
||||
$this->Event->read(null, $id);
|
||||
if (!$this->Event->exists()) {
|
||||
throw new NotFoundException(__('Invalid event, it already exists.'));
|
||||
}
|
||||
$this->Event->read(null, $id);
|
||||
|
||||
// rearrange the shadow attributes
|
||||
foreach ($this->Event->data['Attribute'] as $key => &$attribute) {
|
||||
if (!isset($attribute['ShadowAttribute'])) $attribute['ShadowAttribute'] = array();
|
||||
foreach ($this->Event->data['ShadowAttribute'] as $k => &$sa) {
|
||||
if ($sa['old_id'] == $attribute['id']) {
|
||||
$this->Event->data['Attribute'][$key]['ShadowAttribute'][] = $sa;
|
||||
unset($this->Event->data['ShadowAttribute'][$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
$userEmail = $this->Event->data['User']['email'];
|
||||
unset ($this->Event->data['User']);
|
||||
$this->Event->data['User']['email'] = $userEmail;
|
||||
if (!$this->_IsSiteAdmin()) {
|
||||
// check for non-private and re-read
|
||||
if ($this->Event->data['Event']['org'] != $this->Auth->user('org')) {
|
||||
$this->Event->hasMany['Attribute']['conditions'] = array('OR' => array(array('Attribute.private !=' => 1), array('Attribute.private =' => 1, 'Attribute.cluster =' => 1))); // TODO seems very dangerous for the correlation construction in afterSave!!!
|
||||
$this->Event->read(null, $id);
|
||||
}
|
||||
|
||||
$myEvent = true;
|
||||
if (!$isSiteAdmin) {
|
||||
// check private
|
||||
if (($this->Event->data['Event']['private'] && !$this->Event->data['Event']['cluster']) && ($this->Event->data['Event']['org'] != $this->Auth->user('org'))) {
|
||||
$this->Session->setFlash(__('Invalid event.'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
}
|
||||
}
|
||||
if ($this->Event->data['Event']['org'] != $this->Auth->user('org')) {
|
||||
$myEvent = false;
|
||||
}
|
||||
|
||||
// Now that we're loaded the event and made sure that we can actually see it, let's do 2 thngs:
|
||||
// run through each attribute and unset it if it's private and we're not an admin or from the owner org of the event
|
||||
// if we didn't unset the attribute, rearrange the shadow attributes
|
||||
foreach ($this->Event->data['Attribute'] as $key => &$attribute) {
|
||||
if (!$isSiteAdmin && !$myEvent && $attribute['private'] == 1) {
|
||||
unset($this->Event->data['Attribute'][$key]);
|
||||
} else {
|
||||
if (!isset($attribute['ShadowAttribute'])) $attribute['ShadowAttribute'] = array();
|
||||
foreach ($this->Event->data['ShadowAttribute'] as $k => &$sa) {
|
||||
if ($sa['old_id'] == $attribute['id']) {
|
||||
$this->Event->data['Attribute'][$key]['ShadowAttribute'][] = $sa;
|
||||
unset($this->Event->data['ShadowAttribute'][$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// since we unset some attributes and shadowattributes, let's reindex them.
|
||||
$this->Event->data['ShadowAttribute'] = array_values($this->Event->data['ShadowAttribute']);
|
||||
$this->Event->data['Attribute'] = array_values($this->Event->data['Attribute']);
|
||||
|
||||
$userEmail = $this->Event->data['User']['email'];
|
||||
unset ($this->Event->data['User']);
|
||||
$this->Event->data['User']['email'] = $userEmail;
|
||||
|
||||
$this->set('analysisLevels', $this->Event->analysisLevels);
|
||||
|
||||
$this->loadModel('Attribute');
|
||||
$relatedEvents = $this->Event->getRelatedEvents($this->Auth->user());
|
||||
$relatedAttributes = $this->Event->getRelatedAttributes($this->Auth->user());
|
||||
|
||||
|
@ -196,14 +205,9 @@ class EventsController extends AppController {
|
|||
} else {
|
||||
$conditions = array('AND' => array('ShadowAttribute.event_id' => $this->Event->data['Event']['id'], 'ShadowAttribute.old_id' => '0', 'ShadowAttribute.org' => $this->Auth->user('org')));
|
||||
}
|
||||
$this->loadModel('ShadowAttribute');
|
||||
// Only load the shadow attributes, nothing related
|
||||
$this->ShadowAttribute->recursive = -1;
|
||||
$remaining = $this->ShadowAttribute->find('all', array(
|
||||
'conditions' => $conditions
|
||||
));
|
||||
$remaining = $this->Event->data['ShadowAttribute'];
|
||||
}
|
||||
|
||||
$this->loadModel('Attribute');
|
||||
// params for the jQuery RESTfull interface
|
||||
$this->set('authkey', $this->Auth->user('authkey'));
|
||||
$this->set('baseurl', Configure::read('CyDefSIG.baseurl'));
|
||||
|
@ -213,7 +217,6 @@ class EventsController extends AppController {
|
|||
// passing decriptions for model fields
|
||||
$this->set('eventDescriptions', $this->Event->fieldDescriptions);
|
||||
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
|
||||
|
||||
$this->set('event', $this->Event->data);
|
||||
if(isset($remaining)) {
|
||||
$this->set('remaining', $remaining);
|
||||
|
|
|
@ -73,22 +73,6 @@ class Attribute extends AppModel {
|
|||
'All communities' => array('desc' => 'This field determines the current distribution of the even', 'formdesc' => "This will share the event with all MISP communities, allowing the event to be freely propagated from one server to the next."),
|
||||
);
|
||||
|
||||
public $hasMany = array(
|
||||
'ShadowAttribute' => array(
|
||||
'className' => 'ShadowAttribute',
|
||||
'foreignKey' => 'old_id',
|
||||
'dependent' => true, // cascade deletes
|
||||
'conditions' => '',
|
||||
'fields' => '',
|
||||
'order' => array('ShadowAttribute.old_id DESC', 'ShadowAttribute.old_id DESC'),
|
||||
'limit' => '',
|
||||
'offset' => '',
|
||||
'exclusive' => '',
|
||||
'finderQuery' => '',
|
||||
'counterQuery' => ''
|
||||
)
|
||||
);
|
||||
|
||||
// these are definition of possible types + their descriptions and maybe later other behaviors
|
||||
// e.g. if the attribute should be correlated with others or not
|
||||
|
||||
|
|
|
@ -273,14 +273,6 @@ class ShadowAttribute extends AppModel {
|
|||
* @var array
|
||||
*/
|
||||
public $belongsTo = array(
|
||||
'Attribute' => array(
|
||||
'className' => 'Attribute',
|
||||
'foreignKey' => 'id',
|
||||
'conditions' => '',
|
||||
'fields' => '',
|
||||
'order' => '',
|
||||
'counterCache' => true
|
||||
),
|
||||
'Event' => array(
|
||||
'className' => 'Event',
|
||||
'foreignKey' => 'id',
|
||||
|
|
|
@ -305,41 +305,41 @@ if (!empty($event['Attribute'])):?>
|
|||
//if ($remain === end($remaining)) $extra .= ' highlightBottom';
|
||||
?>
|
||||
<tr class="highlight2">
|
||||
<td class="highlight2" title="<?php if('' != $remain['ShadowAttribute']['category']) echo $categoryDefinitions[$remain['ShadowAttribute']['category']]['desc'];?>">
|
||||
<td class="highlight2" title="<?php if('' != $remain['category']) echo $categoryDefinitions[$remain['category']]['desc'];?>">
|
||||
<?php
|
||||
echo h($remain['ShadowAttribute']['category']);
|
||||
echo h($remain['category']);
|
||||
?>
|
||||
</td>
|
||||
<td class="short highlight2" title="
|
||||
<?php
|
||||
echo $typeDefinitions[$remain['ShadowAttribute']['type']]['desc'];
|
||||
echo $typeDefinitions[$remain['type']]['desc'];
|
||||
?>
|
||||
">
|
||||
<?php
|
||||
echo h($remain['ShadowAttribute']['type']);
|
||||
echo h($remain['type']);
|
||||
?>
|
||||
</td>
|
||||
<td class = "short highlight2">
|
||||
<?php
|
||||
$sigDisplay = nl2br(h($remain['ShadowAttribute']['value']));
|
||||
if ('attachment' == $remain['ShadowAttribute']['type'] || 'malware-sample' == $remain['ShadowAttribute']['type'] ) {
|
||||
$filenameHash = explode('|', $remain['ShadowAttribute']['value']);
|
||||
$sigDisplay = nl2br(h($remain['value']));
|
||||
if ('attachment' == $remain['type'] || 'malware-sample' == $remain['type'] ) {
|
||||
$filenameHash = explode('|', $remain['value']);
|
||||
if (strrpos($filenameHash[0], '\\')) {
|
||||
$filepath = substr($filenameHash[0], 0, strrpos($filenameHash[0], '\\'));
|
||||
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
|
||||
echo $filepath;
|
||||
echo $this->Html->link($filename, array('controller' => 'shadow_attributes', 'action' => 'download', $remain['ShadowAttribute']['id']));
|
||||
echo $this->Html->link($filename, array('controller' => 'shadow_attributes', 'action' => 'download', $remain['id']));
|
||||
} else {
|
||||
echo $this->Html->link($filenameHash[0], array('controller' => 'shadow_attributes', 'action' => 'download', $remain['ShadowAttribute']['id']));
|
||||
echo $this->Html->link($filenameHash[0], array('controller' => 'shadow_attributes', 'action' => 'download', $remain['id']));
|
||||
}
|
||||
if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1];
|
||||
} elseif (strpos($remain['ShadowAttribute']['type'], '|') !== false) {
|
||||
$filenameHash = explode('|', $remain['ShadowAttribute']['value']);
|
||||
} elseif (strpos($remain['type'], '|') !== false) {
|
||||
$filenameHash = explode('|', $remain['value']);
|
||||
echo h($filenameHash[0]);
|
||||
if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1];
|
||||
} elseif ('vulnerability' == $remain['ShadowAttribute']['type']) {
|
||||
} elseif ('vulnerability' == $remain['type']) {
|
||||
echo $this->Html->link(h($sigDisplay), 'http://www.google.com/search?q=' . h($sigDisplay), array('target' => '_blank'));
|
||||
} elseif ('link' == $remain['ShadowAttribute']['type']) {
|
||||
} elseif ('link' == $remain['type']) {
|
||||
echo $this->Html->link(h($sigDisplay), h($sigDisplay));
|
||||
} else {
|
||||
echo h($sigDisplay);
|
||||
|
@ -350,15 +350,15 @@ if (!empty($event['Attribute'])):?>
|
|||
</td>
|
||||
<td class="short highlight2">
|
||||
<?php
|
||||
echo $remain['ShadowAttribute']['to_ids'] ? 'Yes' : 'No';
|
||||
echo $remain['to_ids'] ? 'Yes' : 'No';
|
||||
?></td>
|
||||
<td class="short highlight2"></td>
|
||||
<td class="short action-links highlight2">
|
||||
<?php
|
||||
if (($event['Event']['org'] == $me['org'] && $mayPublish) || $isSiteAdmin) {
|
||||
echo $this->Html->link('', array('controller' => 'shadow_attributes', 'action' => 'accept', $remain['ShadowAttribute']['id']), array('class' => 'icon-ok', 'title' => 'Accept'));
|
||||
echo $this->Html->link('', array('controller' => 'shadow_attributes', 'action' => 'accept', $remain['id']), array('class' => 'icon-ok', 'title' => 'Accept'));
|
||||
}
|
||||
echo $this->Html->link('', array('controller' => 'shadow_attributes', 'action' => 'discard',$remain['ShadowAttribute']['id']), array('class' => 'icon-trash', 'title' => 'Discard'));
|
||||
echo $this->Html->link('', array('controller' => 'shadow_attributes', 'action' => 'discard',$remain['id']), array('class' => 'icon-trash', 'title' => 'Discard'));
|
||||
?>
|
||||
</td>
|
||||
</tr>
|
||||
|
|
Loading…
Reference in New Issue