mirror of https://github.com/MISP/MISP
fix: [internal] Do not load all attributes and sightings when editing event
parent
557c4f59e3
commit
19c13dc5a9
|
@ -2254,22 +2254,13 @@ class EventsController extends AppController
|
|||
if ($this->request->is('get') && $this->_isRest()) {
|
||||
return $this->RestResponse->describe('Events', 'edit', false, $this->response->type());
|
||||
}
|
||||
if (Validation::uuid($id)) {
|
||||
$temp = $this->Event->find('first', array('recursive' => -1, 'fields' => array('Event.id'), 'conditions' => array('Event.uuid' => $id)));
|
||||
if (empty($temp)) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
$id = $temp['Event']['id'];
|
||||
} elseif (!is_numeric($id)) {
|
||||
$event = $this->Event->fetchSimpleEvent($this->Auth->user(), $id);
|
||||
if (!$event) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
$this->Event->id = $id;
|
||||
if (!$this->Event->exists()) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
$this->Event->read(null, $id);
|
||||
$id = $event['Event']['id']; // change possible event UUID with real ID
|
||||
// check if private and user not authorised to edit
|
||||
if (!$this->__canModifyEvent($this->Event->data) && !($this->userRole['perm_sync'] && $this->_isRest())) {
|
||||
if (!$this->__canModifyEvent($event) && !($this->userRole['perm_sync'] && $this->_isRest())) {
|
||||
$message = __('You are not authorised to do that.');
|
||||
if ($this->_isRest()) {
|
||||
throw new ForbiddenException($message);
|
||||
|
@ -2282,6 +2273,7 @@ class EventsController extends AppController
|
|||
$this->Event->insertLock($this->Auth->user(), $id);
|
||||
}
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
$this->Event->set($event);
|
||||
if ($this->_isRest()) {
|
||||
if (isset($this->request->data['response'])) {
|
||||
$this->request->data = $this->Event->updateXMLArray($this->request->data, true);
|
||||
|
@ -2323,11 +2315,10 @@ class EventsController extends AppController
|
|||
// say what fields are to be updated
|
||||
$fieldList = array('date', 'threat_level_id', 'analysis', 'info', 'published', 'distribution', 'timestamp', 'sharing_group_id', 'extends_uuid');
|
||||
|
||||
$this->Event->read();
|
||||
// always force the org, but do not force it for admins
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
// set the same org as existed before
|
||||
$this->request->data['Event']['org_id'] = $this->Event->data['Event']['org_id'];
|
||||
$this->request->data['Event']['org_id'] = $event['Event']['org_id'];
|
||||
}
|
||||
// we probably also want to remove the published flag
|
||||
$this->request->data['Event']['published'] = 0;
|
||||
|
@ -2340,10 +2331,7 @@ class EventsController extends AppController
|
|||
$this->Flash->error(__('The event could not be saved. Please, try again.'));
|
||||
}
|
||||
} else {
|
||||
if (!$this->userRole['perm_modify']) {
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->request->data = $this->Event->read(null, $id);
|
||||
$this->request->data = $event;
|
||||
}
|
||||
|
||||
// combobox for distribution
|
||||
|
@ -2381,7 +2369,7 @@ class EventsController extends AppController
|
|||
$this->set('analysisLevels', $analysisLevels);
|
||||
$this->set('fieldDesc', $fieldDesc);
|
||||
$this->set('eventDescriptions', $this->Event->fieldDescriptions);
|
||||
$this->set('event', $this->Event->data);
|
||||
$this->set('event', $event);
|
||||
$this->render('add');
|
||||
}
|
||||
|
||||
|
|
|
@ -4054,12 +4054,14 @@ class Event extends AppModel
|
|||
|
||||
// reposition to get the event.id with given uuid
|
||||
if (isset($data['Event']['uuid'])) {
|
||||
$existingEvent = $this->findByUuid($data['Event']['uuid']);
|
||||
$conditions = ['Event.uuid' => $data['Event']['uuid']];
|
||||
} elseif ($id) {
|
||||
$existingEvent = $this->findById($id);
|
||||
$conditions = ['Event.id' => $id];
|
||||
} else {
|
||||
throw new InvalidArgumentException("No event UUID or ID provided.");
|
||||
}
|
||||
$existingEvent = $this->find('first', ['conditions' => $conditions, 'recursive' => -1]);
|
||||
|
||||
if ($passAlong) {
|
||||
$this->Server = ClassRegistry::init('Server');
|
||||
$server = $this->Server->find('first', array(
|
||||
|
|
Loading…
Reference in New Issue