Merge branch 'hotfix-2.3.118'

pull/626/head v2.3.120
Iglocska 2015-08-27 12:39:32 +02:00
commit 21decf0ecf
2 changed files with 38 additions and 20 deletions

View File

@ -2835,21 +2835,27 @@ class EventsController extends AppController {
$this->redirect(array('controller' => 'pages', 'action' => 'display', 'administration'));
public function addTag($id = null) {
public function addTag($id = false, $tag_id = false) {
if (!$this->request->is('post')) {
throw new MethodNotAllowedException('You don\'t have permission to do that.');
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status'=>200));
$tag_id = $this->request->data['Event']['tag'];
$id = $this->request->data['Event']['id'];
if (isset($this->request->data['request'])) $this->request->data = $this->request->data['request'];
if ($tag_id === false) $tag_id = $this->request->data['Event']['tag'];
if (!is_numeric($tag_id)) {
$tag = $this->Event->EventTag->Tag->find('first', array('recursive' => -1, 'conditions' => array('' => trim($tag_id))));
if (empty($tag)) return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Invalid Tag.')), 'status'=>200));
$tag_id = $tag['Tag']['id'];
if (!is_numeric($id)) $id = $this->request->data['Event']['id'];
$this->Event->recurisve = -1;
$event = $this->Event->read(array('id', 'org', 'orgc', 'distribution'), $id);
// org should allow to tag too, so that an event that gets pushed can be tagged locally by the owning org
if ((($this->Auth->user('org') !== $event['Event']['org'] && $this->Auth->user('org') !== $event['Event']['orgc'] && $event['Event']['distribution'] == 0) || (!$this->userRole['perm_tagger'])) && !$this->_isSiteAdmin()) {
throw new MethodNotAllowedException('You don\'t have permission to do that.');
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status'=>200));
$this->Event->EventTag->Tag->id = $tag_id;
if(!$this->Event->EventTag->Tag->exists()) {
throw NotFoundException('Invalid tag.');
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Invalid Tag.')), 'status'=>200));
$found = $this->Event->EventTag->find('first', array(
'conditions' => array(
@ -2859,27 +2865,27 @@ class EventsController extends AppController {
'recursive' => -1,
$this->autoRender = false;
if (!empty($found)) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Tag is already attached to this event.')), 'status'=>200));
//$this->Session->setFlash('Tag already assigned to this event.');
//$this->redirect(array('action' => 'view', $id));
if (!empty($found)) return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Tag is already attached to this event.')), 'status'=>200));
if ($this->Event->EventTag->save(array('event_id' => $id, 'tag_id' => $tag_id))) {
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Tag added.')), 'status'=>200));
} else {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Tag could not be added.')),'status'=>200));
if ($this->Event->EventTag->save(array('event_id' => $id, 'tag_id' => $tag_id))) return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Tag added.')), 'status'=>200));
else return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Tag could not be added.')),'status'=>200));
public function removeTag($id, $tag_id) {
if (!$this->request->is('post') || !$this->request->is('ajax')) {
throw new MethodNotAllowedException('You don\'t have permission to do that.');
public function removeTag($id = false, $tag_id = false) {
if (!$this->request->is('post')) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status'=>200));
if ($tag_id === false) $tag_id = $this->request->data['Event']['tag'];
if (!is_numeric($tag_id)) {
$tag = $this->Event->EventTag->Tag->find('first', array('recursive' => -1, 'conditions' => array('' => trim($tag_id))));
$tag_id = $tag['Tag']['id'];
if (!is_numeric($id)) $id = $this->request->data['Event']['id'];
$this->Event->recurisve = -1;
$event = $this->Event->read(array('id', 'org', 'orgc', 'distribution'), $id);
// org should allow to tag too, so that an event that gets pushed can be tagged locally by the owning org
if (($this->Auth->user('org') !== $event['Event']['org'] && $this->Auth->user('org') !== $event['Event']['orgc'] && $event['Event']['distribution'] == 0) || (!$this->userRole['perm_tagger']) && !$this->_isSiteAdmin()) {
if ((($this->Auth->user('org') !== $event['Event']['org'] && $this->Auth->user('org') !== $event['Event']['orgc'] && $event['Event']['distribution'] == 0) || (!$this->userRole['perm_tagger'])) && !$this->_isSiteAdmin()) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')),'status'=>200));
$eventTag = $this->Event->EventTag->find('first', array(

View File

@ -356,6 +356,18 @@ The event ID is optional. MISP will accept either a JSON or an XML object posted
<b>info</b>: Used to populate the event info field if no event ID supplied. Alternatively, if not set, MISP will simply generate a message showing that it's a malware sample collection generated on the given day.<br />
<b>analysis</b>: The analysis level of the newly created event, if applicatble. [0-2]<br />
<b>threat_level_id</b>: The threat level ID of the newly created event, if applicatble. [0-3]<br />
<h3>Add or remove tags from events</h3>
<p>You can add or remove an existing tag from an event in the following way:</p>
<?php echo Configure::read('MISP.baseurl').'/attributes/addTag'; ?>
<?php echo Configure::read('MISP.baseurl').'/attributes/removeTag'; ?>
<p>Just POST a json object in the following format (to the appropriate API depending on whether you want to add or delete a tag from an event):</p>
<code>{"request": {"Event": {"id": "228", "tag": "8"}}}</code><br /><br />
<p>Where "tag" is the ID of the tag. You can also use the name of the tag the following way (has to be an exact match):</p>
<code>{"request": {"Event": {"id": "228", "tag": "OSINT"}}}</code>
echo $this->element('side_menu', array('menuList' => 'event-collection', 'menuItem' => 'automation'));