mirror of https://github.com/MISP/MISP
chg: [decaying] Renamed function and started true implemention of ACL
for modelspull/5032/head
parent
3a356a51e4
commit
128cdb7744
|
@ -35,7 +35,7 @@ class DecayingModelController extends AppController
|
|||
|
||||
public function export($model_id)
|
||||
{
|
||||
$model = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $model_id, true);
|
||||
$model = $this->DecayingModel->fetchModel($this->Auth->user(), $model_id, true);
|
||||
if (!$this->_isSiteAdmin() && !$decModel) {
|
||||
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
|
||||
}
|
||||
|
@ -85,7 +85,7 @@ class DecayingModelController extends AppController
|
|||
throw new MethodNotAllowedException("This method is not allowed");
|
||||
}
|
||||
|
||||
$decaying_model = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id, true);
|
||||
$decaying_model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true);
|
||||
if (!$this->_isSiteAdmin() && !$decModel) {
|
||||
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
|
||||
}
|
||||
|
@ -121,7 +121,7 @@ class DecayingModelController extends AppController
|
|||
|
||||
if ($this->DecayingModel->save($this->request->data)) {
|
||||
if ($this->request->is('ajax')) {
|
||||
$saved = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $this->DecayingModel->id);
|
||||
$saved = $this->DecayingModel->fetchModel($this->Auth->user(), $this->DecayingModel->id);
|
||||
$response = array('data' => $saved, 'action' => 'add');
|
||||
return $this->RestResponse->viewData($response, $this->response->type());
|
||||
} else {
|
||||
|
@ -136,7 +136,7 @@ class DecayingModelController extends AppController
|
|||
|
||||
public function edit($id)
|
||||
{
|
||||
$decayingModel = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id);
|
||||
$decayingModel = $this->DecayingModel->fetchModel($this->Auth->user(), $id);
|
||||
if (!$this->_isSiteAdmin() && !$decModel) {
|
||||
throw new NotFoundException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
|
||||
}
|
||||
|
@ -208,7 +208,7 @@ class DecayingModelController extends AppController
|
|||
$save_result = $this->DecayingModel->save($this->request->data, true, $fieldList);
|
||||
if ($save_result) {
|
||||
if ($this->request->is('ajax')) {
|
||||
$saved = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $this->DecayingModel->id);
|
||||
$saved = $this->DecayingModel->fetchModel($this->Auth->user(), $this->DecayingModel->id);
|
||||
$response = array('data' => $saved, 'action' => 'edit');
|
||||
return $this->RestResponse->viewData($response, $this->response->type());
|
||||
} else {
|
||||
|
@ -217,7 +217,7 @@ class DecayingModelController extends AppController
|
|||
}
|
||||
} else {
|
||||
if ($this->request->is('ajax')) {
|
||||
$saved = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $this->DecayingModel->id);
|
||||
$saved = $this->DecayingModel->fetchModel($this->Auth->user(), $this->DecayingModel->id);
|
||||
$response = array('data' => $saved, 'action' => 'edit', 'saved' => false);
|
||||
return $this->RestResponse->viewData($response, $this->response->type());
|
||||
} else {
|
||||
|
@ -238,7 +238,7 @@ class DecayingModelController extends AppController
|
|||
public function delete($id)
|
||||
{
|
||||
if ($this->request->is('post')) {
|
||||
$decayingModel = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id);
|
||||
$decayingModel = $this->DecayingModel->fetchModel($this->Auth->user(), $id);
|
||||
if (!$this->_isSiteAdmin() && !$decModel) {
|
||||
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
|
||||
}
|
||||
|
@ -254,7 +254,7 @@ class DecayingModelController extends AppController
|
|||
|
||||
public function enable($id)
|
||||
{
|
||||
$decayingModel = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id);
|
||||
$decayingModel = $this->DecayingModel->fetchModel($this->Auth->user(), $id);
|
||||
if (!$this->_isSiteAdmin() && !$decModel) {
|
||||
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
|
||||
}
|
||||
|
@ -263,13 +263,13 @@ class DecayingModelController extends AppController
|
|||
$decayingModel['DecayingModel']['enabled'] = 1;
|
||||
if ($this->DecayingModel->save($decayingModel)) {
|
||||
if ($this->request->is('ajax')) {
|
||||
$response = array('data' => $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id), 'action' => 'edit');
|
||||
$response = array('data' => $this->DecayingModel->fetchModel($this->Auth->user(), $id), 'action' => 'edit');
|
||||
return $this->RestResponse->viewData($response, $this->response->type());
|
||||
}
|
||||
$this->Flash->success(__('Decaying Model enabled.'));
|
||||
} else {
|
||||
if ($this->request->is('ajax')) {
|
||||
$response = array('data' => $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id), 'action' => 'edit');
|
||||
$response = array('data' => $this->DecayingModel->fetchModel($this->Auth->user(), $id), 'action' => 'edit');
|
||||
return $this->RestResponse->viewData($response, $this->response->type());
|
||||
}
|
||||
$this->Flash->error(__('Error while enabling decaying model'));
|
||||
|
@ -283,7 +283,7 @@ class DecayingModelController extends AppController
|
|||
|
||||
public function disable($id)
|
||||
{
|
||||
$decayingModel = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id);
|
||||
$decayingModel = $this->DecayingModel->fetchModel($this->Auth->user(), $id);
|
||||
if (!$this->_isSiteAdmin() && !$decModel) {
|
||||
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
|
||||
}
|
||||
|
@ -292,13 +292,13 @@ class DecayingModelController extends AppController
|
|||
$decayingModel['DecayingModel']['enabled'] = 0;
|
||||
if ($this->DecayingModel->save($decayingModel)) {
|
||||
if ($this->request->is('ajax')) {
|
||||
$response = array('data' => $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id), 'action' => 'edit');
|
||||
$response = array('data' => $this->DecayingModel->fetchModel($this->Auth->user(), $id), 'action' => 'edit');
|
||||
return $this->RestResponse->viewData($response, $this->response->type());
|
||||
}
|
||||
$this->Flash->success(__('Decaying Model disabled.'));
|
||||
} else {
|
||||
if ($this->request->is('ajax')) {
|
||||
$response = array('data' => $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id), 'action' => 'edit');
|
||||
$response = array('data' => $this->DecayingModel->fetchModel($this->Auth->user(), $id), 'action' => 'edit');
|
||||
return $this->RestResponse->viewData($response, $this->response->type());
|
||||
}
|
||||
$this->Flash->error(__('Error while disabling decaying model'));
|
||||
|
@ -376,7 +376,7 @@ class DecayingModelController extends AppController
|
|||
|
||||
public function decayingToolSimulation($model_id)
|
||||
{
|
||||
$decaying_model = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $model_id);
|
||||
$decaying_model = $this->DecayingModel->fetchModel($this->Auth->user(), $model_id);
|
||||
if (!$decaying_model) {
|
||||
throw new NotFoundException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
|
||||
}
|
||||
|
|
|
@ -20,10 +20,7 @@ class DecayingModelMappingController extends AppController
|
|||
|
||||
|
||||
public function linkAttributeTypeToModel($model_id) {
|
||||
$model = $this->DecayingModelMapping->DecayingModel->checkAuthorisation($this->Auth->user(), $model_id);
|
||||
if ($model == false) {
|
||||
throw new MethodNotAllowedException(_('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
|
||||
}
|
||||
$model = $this->DecayingModelMapping->DecayingModel->fetchModel($this->Auth->user(), $model_id);
|
||||
|
||||
if ($this->request->is('post')) {
|
||||
if (!isset($this->request->data['DecayingModelMapping']['model_id'])) {
|
||||
|
|
|
@ -183,10 +183,12 @@ class DecayingModel extends AppModel
|
|||
return $decayingModels;
|
||||
}
|
||||
|
||||
public function checkAuthorisation($user, $id, $full=true)
|
||||
// Method that fetches decayingModel
|
||||
// very flexible, it's basically a replacement for find, with the addition that it restricts access based on user
|
||||
// - full attach Attribute types associated to the requested model
|
||||
public function fetchModel($user, $id, $full=true, $conditions = array())
|
||||
{
|
||||
// fetch the bare template
|
||||
$conditions = array('id' => $id);
|
||||
$conditions['id'] = $id;
|
||||
$searchOptions = array(
|
||||
'conditions' => $conditions,
|
||||
);
|
||||
|
@ -199,20 +201,18 @@ class DecayingModel extends AppModel
|
|||
if (empty($decayingModel)) {
|
||||
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
|
||||
}
|
||||
if (
|
||||
!$user['Role']['perm_site_admin'] && // if the user is a site admin, return the model without question
|
||||
$user['Organisation']['id'] != $decayingModel['DecayingModel']['org_id'] &&
|
||||
!$decayingModel['DecayingModel']['all_orgs']
|
||||
) {
|
||||
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
|
||||
}
|
||||
|
||||
if ($full) {
|
||||
$decayingModel['DecayingModel']['attribute_types'] = $this->DecayingModelMapping->getAssociatedTypes($user, $decayingModel['DecayingModel']['id']);
|
||||
}
|
||||
|
||||
//if the user is a site admin, return the model without question
|
||||
if ($user['Role']['perm_site_admin']) {
|
||||
return $decayingModel;
|
||||
}
|
||||
|
||||
if ($user['Organisation']['id'] == $decayingModel['DecayingModel']['org_id'] && $user['Role']['perm_decaying'] || true) {
|
||||
return $decayingModel;
|
||||
}
|
||||
return false;
|
||||
return $decayingModel;
|
||||
}
|
||||
|
||||
// filter out taxonomies and entries not having a numerical value
|
||||
|
@ -269,7 +269,7 @@ class DecayingModel extends AppModel
|
|||
$full_path = APP . 'Model/DecayingModelsFormulas/' . $filename;
|
||||
$expected_classname = $filename_no_extension;
|
||||
if (is_file($full_path)) {
|
||||
include $full_path;
|
||||
include_once $full_path;
|
||||
$model_class = ClassRegistry::init($expected_classname);
|
||||
if ($model_class->checkLoading() === 'BONFIRE LIT') {
|
||||
return $model_class;
|
||||
|
@ -340,7 +340,7 @@ class DecayingModel extends AppModel
|
|||
$attribute['Attribute']['AttributeTag'] = $attribute['AttributeTag'];
|
||||
unset($attribute['AttributeTag']);
|
||||
}
|
||||
$model = $this->checkAuthorisation($user, $model_id, true);
|
||||
$model = $this->fetchModel($user, $model_id, true);
|
||||
if ($model === false) {
|
||||
throw new NotFoundException(__('Model not found'));
|
||||
}
|
||||
|
@ -422,7 +422,7 @@ class DecayingModel extends AppModel
|
|||
public function attachScoresToAttribute($user, &$attribute, $model_id=false, $model_overrides=array())
|
||||
{
|
||||
if ($model_id !== false) {
|
||||
$model = $this->checkAuthorisation($user, $model_id, false);
|
||||
$model = $this->fetchModel($user, $model_id, false);
|
||||
if ($model !== false) {
|
||||
if (!empty($model_overrides)) {
|
||||
$this->overrideModelParameters($model, $model_overrides);
|
||||
|
@ -438,7 +438,7 @@ class DecayingModel extends AppModel
|
|||
$associated_model_ids = array_values($associated_model_ids[$attribute['type']]);
|
||||
if (!empty($associated_model_ids)) {
|
||||
foreach ($associated_model_ids as $model_id) {
|
||||
$model = $this->checkAuthorisation($user, $model_id, false);
|
||||
$model = $this->fetchModel($user, $model_id, false);
|
||||
if ($model !== false && $model['DecayingModel']['enabled']) {
|
||||
$score = $this->getScore($attribute, $model, $user);
|
||||
$decayed = $this->isDecayed($attribute, $model, $score);
|
||||
|
@ -459,7 +459,7 @@ class DecayingModel extends AppModel
|
|||
));
|
||||
}
|
||||
if (is_numeric($model) && $user !== false) {
|
||||
$model = $this->checkAuthorisation($user, $model);
|
||||
$model = $this->fetchModel($user, $model);
|
||||
}
|
||||
$this->Computation = $this->getModelClass($model);
|
||||
return $this->Computation->computeCurrentScore($user, $model, $attribute);
|
||||
|
|
Loading…
Reference in New Issue