MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [decaying] Renamed function and started true implemention of ACL 

for models
pull/5032/head
mokaddem 2019-08-16 10:52:00 +02:00
parent 3a356a51e4
commit 128cdb7744
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
3 changed files with 33 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
app/Controller/DecayingModelController.php
View File

@ -35,7 +35,7 @@ class DecayingModelController extends AppController
public function export($model_id)
{
$model = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $model_id, true);
$model = $this->DecayingModel->fetchModel($this->Auth->user(), $model_id, true);
if (!$this->_isSiteAdmin() && !$decModel) {
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
}
@ -85,7 +85,7 @@ class DecayingModelController extends AppController
throw new MethodNotAllowedException("This method is not allowed");
}
$decaying_model = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id, true);
$decaying_model = $this->DecayingModel->fetchModel($this->Auth->user(), $id, true);
if (!$this->_isSiteAdmin() && !$decModel) {
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
}
@ -121,7 +121,7 @@ class DecayingModelController extends AppController
if ($this->DecayingModel->save($this->request->data)) {
if ($this->request->is('ajax')) {
$saved = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $this->DecayingModel->id);
$saved = $this->DecayingModel->fetchModel($this->Auth->user(), $this->DecayingModel->id);
$response = array('data' => $saved, 'action' => 'add');
return $this->RestResponse->viewData($response, $this->response->type());
} else {
@ -136,7 +136,7 @@ class DecayingModelController extends AppController
public function edit($id)
{
$decayingModel = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id);
$decayingModel = $this->DecayingModel->fetchModel($this->Auth->user(), $id);
if (!$this->_isSiteAdmin() && !$decModel) {
throw new NotFoundException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
}
@ -208,7 +208,7 @@ class DecayingModelController extends AppController
$save_result = $this->DecayingModel->save($this->request->data, true, $fieldList);
if ($save_result) {
if ($this->request->is('ajax')) {
$saved = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $this->DecayingModel->id);
$saved = $this->DecayingModel->fetchModel($this->Auth->user(), $this->DecayingModel->id);
$response = array('data' => $saved, 'action' => 'edit');
return $this->RestResponse->viewData($response, $this->response->type());
} else {
@ -217,7 +217,7 @@ class DecayingModelController extends AppController
}
} else {
if ($this->request->is('ajax')) {
$saved = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $this->DecayingModel->id);
$saved = $this->DecayingModel->fetchModel($this->Auth->user(), $this->DecayingModel->id);
$response = array('data' => $saved, 'action' => 'edit', 'saved' => false);
return $this->RestResponse->viewData($response, $this->response->type());
} else {
@ -238,7 +238,7 @@ class DecayingModelController extends AppController
public function delete($id)
{
if ($this->request->is('post')) {
$decayingModel = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id);
$decayingModel = $this->DecayingModel->fetchModel($this->Auth->user(), $id);
if (!$this->_isSiteAdmin() && !$decModel) {
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
}
@ -254,7 +254,7 @@ class DecayingModelController extends AppController
public function enable($id)
{
$decayingModel = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id);
$decayingModel = $this->DecayingModel->fetchModel($this->Auth->user(), $id);
if (!$this->_isSiteAdmin() && !$decModel) {
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
}
@ -263,13 +263,13 @@ class DecayingModelController extends AppController
$decayingModel['DecayingModel']['enabled'] = 1;
if ($this->DecayingModel->save($decayingModel)) {
if ($this->request->is('ajax')) {
$response = array('data' => $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id), 'action' => 'edit');
$response = array('data' => $this->DecayingModel->fetchModel($this->Auth->user(), $id), 'action' => 'edit');
return $this->RestResponse->viewData($response, $this->response->type());
}
$this->Flash->success(__('Decaying Model enabled.'));
} else {
if ($this->request->is('ajax')) {
$response = array('data' => $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id), 'action' => 'edit');
$response = array('data' => $this->DecayingModel->fetchModel($this->Auth->user(), $id), 'action' => 'edit');
return $this->RestResponse->viewData($response, $this->response->type());
}
$this->Flash->error(__('Error while enabling decaying model'));
@ -283,7 +283,7 @@ class DecayingModelController extends AppController
public function disable($id)
{
$decayingModel = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id);
$decayingModel = $this->DecayingModel->fetchModel($this->Auth->user(), $id);
if (!$this->_isSiteAdmin() && !$decModel) {
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
}
@ -292,13 +292,13 @@ class DecayingModelController extends AppController
$decayingModel['DecayingModel']['enabled'] = 0;
if ($this->DecayingModel->save($decayingModel)) {
if ($this->request->is('ajax')) {
$response = array('data' => $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id), 'action' => 'edit');
$response = array('data' => $this->DecayingModel->fetchModel($this->Auth->user(), $id), 'action' => 'edit');
return $this->RestResponse->viewData($response, $this->response->type());
}
$this->Flash->success(__('Decaying Model disabled.'));
} else {
if ($this->request->is('ajax')) {
$response = array('data' => $this->DecayingModel->checkAuthorisation($this->Auth->user(), $id), 'action' => 'edit');
$response = array('data' => $this->DecayingModel->fetchModel($this->Auth->user(), $id), 'action' => 'edit');
return $this->RestResponse->viewData($response, $this->response->type());
}
$this->Flash->error(__('Error while disabling decaying model'));
@ -376,7 +376,7 @@ class DecayingModelController extends AppController
public function decayingToolSimulation($model_id)
{
$decaying_model = $this->DecayingModel->checkAuthorisation($this->Auth->user(), $model_id);
$decaying_model = $this->DecayingModel->fetchModel($this->Auth->user(), $model_id);
if (!$decaying_model) {
throw new NotFoundException(__('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
}

5
app/Controller/DecayingModelMappingController.php
View File

@ -20,10 +20,7 @@ class DecayingModelMappingController extends AppController
public function linkAttributeTypeToModel($model_id) {
$model = $this->DecayingModelMapping->DecayingModel->checkAuthorisation($this->Auth->user(), $model_id);
if ($model == false) {
throw new MethodNotAllowedException(_('No Decaying Model with the provided ID exists, or you are not authorised to edit it.'));
}
$model = $this->DecayingModelMapping->DecayingModel->fetchModel($this->Auth->user(), $model_id);
if ($this->request->is('post')) {
if (!isset($this->request->data['DecayingModelMapping']['model_id'])) {

36
app/Model/DecayingModel.php
View File

@ -183,10 +183,12 @@ class DecayingModel extends AppModel
return $decayingModels;
}
public function checkAuthorisation($user, $id, $full=true)
// Method that fetches decayingModel
// very flexible, it's basically a replacement for find, with the addition that it restricts access based on user
// - full attach Attribute types associated to the requested model
public function fetchModel($user, $id, $full=true, $conditions = array())
{
// fetch the bare template
$conditions = array('id' => $id);
$conditions['id'] = $id;
$searchOptions = array(
'conditions' => $conditions,
);
@ -199,20 +201,18 @@ class DecayingModel extends AppModel
if (empty($decayingModel)) {
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
}
if (
!$user['Role']['perm_site_admin'] && // if the user is a site admin, return the model without question
$user['Organisation']['id'] != $decayingModel['DecayingModel']['org_id'] &&
!$decayingModel['DecayingModel']['all_orgs']
) {
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
}
if ($full) {
$decayingModel['DecayingModel']['attribute_types'] = $this->DecayingModelMapping->getAssociatedTypes($user, $decayingModel['DecayingModel']['id']);
}
//if the user is a site admin, return the model without question
if ($user['Role']['perm_site_admin']) {
return $decayingModel;
}
if ($user['Organisation']['id'] == $decayingModel['DecayingModel']['org_id'] && $user['Role']['perm_decaying'] || true) {
return $decayingModel;
}
return false;
return $decayingModel;
}
// filter out taxonomies and entries not having a numerical value
@ -269,7 +269,7 @@ class DecayingModel extends AppModel
$full_path = APP . 'Model/DecayingModelsFormulas/' . $filename;
$expected_classname = $filename_no_extension;
if (is_file($full_path)) {
include $full_path;
include_once $full_path;
$model_class = ClassRegistry::init($expected_classname);
if ($model_class->checkLoading() === 'BONFIRE LIT') {
return $model_class;
@ -340,7 +340,7 @@ class DecayingModel extends AppModel
$attribute['Attribute']['AttributeTag'] = $attribute['AttributeTag'];
unset($attribute['AttributeTag']);
}
$model = $this->checkAuthorisation($user, $model_id, true);
$model = $this->fetchModel($user, $model_id, true);
if ($model === false) {
throw new NotFoundException(__('Model not found'));
}
@ -422,7 +422,7 @@ class DecayingModel extends AppModel
public function attachScoresToAttribute($user, &$attribute, $model_id=false, $model_overrides=array())
{
if ($model_id !== false) {
$model = $this->checkAuthorisation($user, $model_id, false);
$model = $this->fetchModel($user, $model_id, false);
if ($model !== false) {
if (!empty($model_overrides)) {
$this->overrideModelParameters($model, $model_overrides);
@ -438,7 +438,7 @@ class DecayingModel extends AppModel
$associated_model_ids = array_values($associated_model_ids[$attribute['type']]);
if (!empty($associated_model_ids)) {
foreach ($associated_model_ids as $model_id) {
$model = $this->checkAuthorisation($user, $model_id, false);
$model = $this->fetchModel($user, $model_id, false);
if ($model !== false && $model['DecayingModel']['enabled']) {
$score = $this->getScore($attribute, $model, $user);
$decayed = $this->isDecayed($attribute, $model, $score);
@ -459,7 +459,7 @@ class DecayingModel extends AppModel
));
}
if (is_numeric($model) && $user !== false) {
$model = $this->checkAuthorisation($user, $model);
$model = $this->fetchModel($user, $model);
}
$this->Computation = $this->getModelClass($model);
return $this->Computation->computeCurrentScore($user, $model, $attribute);