mirror of https://github.com/MISP/MISP
Further work on the sharing groups
- correlations should work fine now - users can only see events they should be allowed to see on the event index / event view / event history viewpull/762/head
parent
5abd8dfead
commit
0e7b2448d2
|
@ -30,7 +30,8 @@ class EventsController extends AppController {
|
|||
),
|
||||
'contain' => array(
|
||||
'Org' => array('fields' => array('id', 'name')),
|
||||
'Orgc' => array('fields' => array('id', 'name'))
|
||||
'Orgc' => array('fields' => array('id', 'name')),
|
||||
'SharingGroup' => array('fields' => array('id', 'name'))
|
||||
)
|
||||
);
|
||||
|
||||
|
@ -71,11 +72,25 @@ class EventsController extends AppController {
|
|||
|
||||
// if not admin or own org, check private as well..
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$sgids = $this->Event->SharingGroup->fetchAllAuthorised($this->Auth->user());
|
||||
$this->paginate = Set::merge($this->paginate,array(
|
||||
'conditions' =>
|
||||
array("OR" => array(
|
||||
array('Event.org =' => $this->Auth->user('org')),
|
||||
array('Event.distribution >' => 0),
|
||||
array(
|
||||
'Event.org_id' => $this->Auth->user('organisation_id')
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Event.distribution >' => 0,
|
||||
'Event.distribution <' => 4,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Event.distribution' => 4,
|
||||
'Event.sharing_group_id' => $sgids
|
||||
),
|
||||
)
|
||||
))));
|
||||
}
|
||||
}
|
||||
|
@ -469,7 +484,8 @@ class EventsController extends AppController {
|
|||
$this->set('eventDescriptions', $this->Event->fieldDescriptions);
|
||||
$this->set('analysisLevels', $this->Event->analysisLevels);
|
||||
$this->set('distributionLevels', $this->Event->distributionLevels);
|
||||
$shortDist = array(0 => 'Organisation', 1 => 'Community', 2 => 'Connected', 3 => 'All');
|
||||
|
||||
$shortDist = array(0 => 'Organisation', 1 => 'Community', 2 => 'Connected', 3 => 'All', 4 => ' sharing Group');
|
||||
$this->set('shortDist', $shortDist);
|
||||
}
|
||||
|
||||
|
@ -584,7 +600,7 @@ class EventsController extends AppController {
|
|||
if (strlen($id) == 36) {
|
||||
$this->Event->recursive = -1;
|
||||
$temp = $this->Event->findByUuid($id);
|
||||
if ($temp == null) throw new NotFoundException(__('Invalid event'));
|
||||
if ($temp == null) throw new NotFoundException('Invalid event');
|
||||
$id = $temp['Event']['id'];
|
||||
}
|
||||
$isSiteAdmin = $this->_isSiteAdmin();
|
||||
|
@ -594,6 +610,7 @@ class EventsController extends AppController {
|
|||
throw new NotFoundException(__('Invalid event.'));
|
||||
}
|
||||
$results = $this->__fetchEvent($id);
|
||||
if (empty($results)) throw new NotFoundException('Invalid event');
|
||||
if ($this->_isRest()) {
|
||||
$this->loadModel('Attribute');
|
||||
foreach ($results[0]['Attribute'] as &$attribute) {
|
||||
|
@ -3178,4 +3195,4 @@ class EventsController extends AppController {
|
|||
$this->set('id', $id);
|
||||
$this->render('ajax/exportChoice');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -68,13 +68,12 @@ class LogsController extends AppController {
|
|||
$this->Event->read(null, $id);
|
||||
// send unauthorised people away. Only site admins and users of the same org may see events that are "your org only". Everyone else can proceed for all other levels of distribution
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($this->Event->data['Event']['distribution'] == 0) {
|
||||
if ($this->Event->data['Event']['org'] != $this->Auth->user('org')) {
|
||||
$this->Session->setFlash(__('You don\'t have access to view this event.'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
} else {
|
||||
$mineOrAdmin = true;
|
||||
}
|
||||
if (!$this->Event->checkIfAuthorised($this->Auth->user(), $id)) {
|
||||
$this->Session->setFlash(__('You don\'t have access to view this event.'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
if ($this->Event->data['Event']['org_id'] == $this->Auth->user('organisation_id')) {
|
||||
$mineOrAdmin = true;
|
||||
}
|
||||
} else {
|
||||
$mineOrAdmin = true;
|
||||
|
|
|
@ -145,7 +145,7 @@ class SharingGroupsController extends AppController {
|
|||
}
|
||||
|
||||
public function view($id) {
|
||||
$sharingGroupIDs = $this->SharingGroup->fetchSharingGroups($this->Auth->user(), $this->_isSiteAdmin(), true);
|
||||
$sharingGroupIDs = $this->SharingGroup->fetchAllAuthorised($this->Auth->user());
|
||||
if (!in_array($id, $sharingGroupIDs)) throw new MethodNotAllowedException('Sharing group doesn\'t exist or you do not have permission to access it.');
|
||||
$this->SharingGroup->id = $id;
|
||||
$this->SharingGroup->contain(array('SharingGroupOrg' => array('Organisation'), 'Organisation'));
|
||||
|
|
|
@ -409,6 +409,7 @@ class Event extends AppModel {
|
|||
|
||||
public function getRelatedEvents($user, $eventId = null, $sgids) {
|
||||
if ($eventId == null) $eventId = $this->data['Event']['id'];
|
||||
if (!isset($sgids) || empty($sgids)) $sgids = array(-1);
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
// search the correlation table for the event ids of the related events
|
||||
// Rules:
|
||||
|
@ -427,27 +428,39 @@ class Event extends AppModel {
|
|||
'Correlation.1_event_id' => $eventId,
|
||||
array(
|
||||
'OR' => array(
|
||||
'Correlation.org_id' => $user['Org']['id'],
|
||||
'Correlation.org' => $user['organisation_id'],
|
||||
'AND' => array(
|
||||
'OR' => array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution >' => 0,
|
||||
'Correlation.distribution <' => 4,
|
||||
),
|
||||
'AND' => array(
|
||||
'Correlation.distribution' => 4,
|
||||
'Correlation.sharing_group_id' => $sgids
|
||||
array(
|
||||
'OR' => array(
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution >' => 0,
|
||||
'Correlation.distribution <' => 4,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution' => 4,
|
||||
'Correlation.sharing_group_id' => $sgids
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
'OR' => array(
|
||||
'Correlation.a_distribution' => 5,
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution >' => 0,
|
||||
'Correlation.a_distribution <' => 4,
|
||||
),
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution' => 4,
|
||||
'Correlation.a_sharing_group_id' => $sgids
|
||||
array(
|
||||
'OR' => array(
|
||||
'Correlation.a_distribution' => 5,
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution >' => 0,
|
||||
'Correlation.a_distribution <' => 4,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution' => 4,
|
||||
'Correlation.a_sharing_group_id' => $sgids
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
|
@ -483,35 +496,48 @@ class Event extends AppModel {
|
|||
|
||||
public function getRelatedAttributes($user, $id = null, $sgids) {
|
||||
if ($id == null) $id = $this->data['Event']['id'];
|
||||
if (!isset($sgids) || empty($sgids)) $sgids = array(-1);
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
// search the correlation table for the event ids of the related attributes
|
||||
if (!$user['Role']['perm_site_admin']) {
|
||||
$conditionsCorrelation = array(
|
||||
'AND' => array(
|
||||
'Correlation.1_event_id' => $eventId,
|
||||
'Correlation.1_event_id' => $id,
|
||||
array(
|
||||
'OR' => array(
|
||||
'Correlation.org_id' => $user['Org']['id'],
|
||||
'Correlation.org' => $user['organisation_id'],
|
||||
'AND' => array(
|
||||
'OR' => array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution >' => 0,
|
||||
'Correlation.distribution <' => 4,
|
||||
),
|
||||
'AND' => array(
|
||||
'Correlation.distribution' => 4,
|
||||
'Correlation.sharing_group_id' => $sgids
|
||||
array(
|
||||
'OR' => array(
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution >' => 0,
|
||||
'Correlation.distribution <' => 4,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution' => 4,
|
||||
'Correlation.sharing_group_id' => $sgids
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
'OR' => array(
|
||||
'Correlation.a_distribution' => 5,
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution >' => 0,
|
||||
'Correlation.a_distribution <' => 4,
|
||||
),
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution' => 4,
|
||||
'Correlation.a_sharing_group_id' => $sgids
|
||||
array(
|
||||
'OR' => array(
|
||||
'Correlation.a_distribution' => 5,
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution >' => 0,
|
||||
'Correlation.a_distribution <' => 4,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution' => 4,
|
||||
'Correlation.a_sharing_group_id' => $sgids
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
|
@ -933,18 +959,25 @@ class Event extends AppModel {
|
|||
if (!$user['Role']['perm_site_admin']) {
|
||||
$sgids = $this->SharingGroup->fetchAllAuthorised($user);
|
||||
$conditions['AND']['OR'] = array(
|
||||
'OR' => array(
|
||||
'Event.distribution >' => 0,
|
||||
'Event.org LIKE' => $org
|
||||
'Event.org_id' => $user['organisation_id'],
|
||||
array(
|
||||
'AND' => array(
|
||||
'Event.distribution >' => 0,
|
||||
'Event.distribution <' => 4
|
||||
),
|
||||
),
|
||||
'Event.sharing_group_id' => $sgids
|
||||
array(
|
||||
'AND' => array(
|
||||
'Event.sharing_group_id' => $sgids,
|
||||
'Event.distribution' => 4,
|
||||
)
|
||||
)
|
||||
);
|
||||
$conditionsAttributes['OR'] = array(
|
||||
'Attribute.distribution >' => 0,
|
||||
'(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $org
|
||||
'(SELECT events.org_id FROM events WHERE events.id = Attribute.event_id)' => $user['organisation_id']
|
||||
);
|
||||
}
|
||||
|
||||
if ($from) $conditions['AND'][] = array('Event.date >=' => $from);
|
||||
if ($to) $conditions['AND'][] = array('Event.date <=' => $to);
|
||||
|
||||
|
@ -981,7 +1014,6 @@ class Event extends AppModel {
|
|||
$fieldsShadowAtt = array('ShadowAttribute.id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.value', 'ShadowAttribute.to_ids', 'ShadowAttribute.uuid', 'ShadowAttribute.event_id', 'ShadowAttribute.old_id', 'ShadowAttribute.comment', 'ShadowAttribute.org');
|
||||
$fieldsOrg = array('id', 'name');
|
||||
|
||||
|
||||
$params = array('conditions' => $conditions,
|
||||
'recursive' => 0,
|
||||
'fields' => $fields,
|
||||
|
@ -1561,7 +1593,6 @@ class Event extends AppModel {
|
|||
}
|
||||
return true;
|
||||
} else {
|
||||
debug($this->validationErrors);
|
||||
//throw new MethodNotAllowedException("Validation ERROR: \n".var_export($this->Event->validationErrors, true));
|
||||
return false;
|
||||
}
|
||||
|
@ -2015,4 +2046,20 @@ class Event extends AppModel {
|
|||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
// convenience method to check whther a user can see an event
|
||||
public function checkIfAuthorised($user, $id) {
|
||||
if (!isset($user['id'])) throw new MethodNotAllowedException('Invalid user.');
|
||||
$this->id = $id;
|
||||
if (!$this->exists()) return false;
|
||||
if ($user['Role']['perm_site_admin']) return true;
|
||||
$event = $this->find('first', array(
|
||||
'conditions' => array('id' => $id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'sharing_group_id', 'distribution', 'org_id')
|
||||
));
|
||||
if ($event['Event']['org_id'] == $user['organisation_id'] || ($event['Event']['distribution'] > 0 && $event['Event']['distribution'] < 4)) return true;
|
||||
if ($event['Event']['distribution'] == 5 && $this->SharingGroup->checkIfAuthorised($user, $event['Event']['sharing_group_id'])) return true;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -57,7 +57,10 @@ class SharingGroup extends AppModel {
|
|||
}
|
||||
|
||||
// returns a list of all sharing groups that the user is allowed to see
|
||||
// pass true to get the actual SG objects
|
||||
// scope can be:
|
||||
// full: Entire SG object with all organisations and servers attached
|
||||
// name: array in ID => name key => value format
|
||||
// false: array with all IDs
|
||||
public function fetchAllAuthorised($user, $scope = false) {
|
||||
if ($user['Role']['perm_site_admin']) {
|
||||
$sgs = $this->find('all', array(
|
||||
|
@ -80,7 +83,8 @@ class SharingGroup extends AppModel {
|
|||
$sgs = $this->find('list', array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'name'),
|
||||
'order' => 'name ASC'
|
||||
'order' => 'name ASC',
|
||||
'conditions' => array('SharingGroup.id' => $ids),
|
||||
));
|
||||
return $sgs;
|
||||
} else {
|
||||
|
|
|
@ -157,7 +157,12 @@
|
|||
<?php echo nl2br(h($event['Event']['info'])); ?>
|
||||
</td>
|
||||
<td class="short <?php if ($event['Event']['distribution'] == 0) echo 'privateRedText';?>" ondblclick="location.href ='/events/view/<?php echo $event['Event']['id'];?>'" title = "<?php echo $event['Event']['distribution'] != 3 ? $distributionLevels[$event['Event']['distribution']] : 'All';?>">
|
||||
<?php echo $shortDist[$event['Event']['distribution']]; ?>
|
||||
<?php if ($event['Event']['distribution'] == 4):?>
|
||||
<a href="/sharingGroups/view/<?php echo h($event['SharingGroup']['id']); ?>"><?php echo h($event['SharingGroup']['name']);?></a>
|
||||
<?php else:
|
||||
echo h($shortDist[$event['Event']['distribution']]);
|
||||
endif;
|
||||
?>
|
||||
</td>
|
||||
<td class="short action-links">
|
||||
<?php
|
||||
|
|
Loading…
Reference in New Issue