MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: Viewing the public attributes of an event 

- new named parameter /public:1 for the event view to view the public information of an event
  - it will filter out all attributes that are not visible to all or inherit the event
  - if an event is not set to distribution all, the view will throw an exception if the parameter is passed
  - it can be used for data views by accessing /events/view/event_id/public:1.json or /events/view/event_id/public:1.xml

- Also some fixes to the fetchEvent algorithm that ignored optional sharing group and distribution settings for site admins
pull/1387/head
Iglocska 2016-07-26 18:33:02 +02:00
parent 6cc81a011a
commit 23fca68d17
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/EventsController.php
View File

@ -866,7 +866,6 @@ class EventsController extends AppController {
if (!$this->Event->exists()) {
throw new NotFoundException(__('Invalid event.'));
}
$conditions = array('eventid' => $id);
if (!$this->_isRest()) {
$conditions['includeAllTags'] = true;
@ -876,6 +875,9 @@ class EventsController extends AppController {
if (isset($this->params['named']['deleted']) && $this->params['named']['deleted']) {
$conditions['deleted'] = 1;
}
if (isset($this->params['named']['public']) && $this->params['named']['public']) {
$conditions['distribution'] = array(3, 5);
}
$results = $this->Event->fetchEvent($this->Auth->user(), $conditions);
if (empty($results)) throw new NotFoundException('Invalid event');
$event = &$results[0];

14
app/Model/Event.php
View File

@ -1127,15 +1127,13 @@ class Event extends AppModel {
'Event.distribution >' => 0,
'Event.distribution <' => 4,
Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
$options['distribution'] !== false ? array('Event.distribution =' => $options['distribution']) : array(),
),
),
array(
'AND' => array(
'Event.sharing_group_id' => $sgids,
'Event.distribution' => 4,
Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
$options['sharing_group_id'] !== false ? array('Event.sharing_group_id =' => $options['sharing_group_id']) : array(),
Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array()
)
)
);
@ -1153,16 +1151,22 @@ class Event extends AppModel {
array('AND' => array(
'Attribute.distribution >' => 0,
'Attribute.distribution !=' => 4,
$options['distribution'] !== false ? array('Attribute.distribution =' => $options['distribution']) : array(),
)),
array('AND' => array(
'Attribute.distribution' => 4,
'Attribute.sharing_group_id' => $sgids,
$options['sharing_group_id'] !== false ? array('Attribute.sharing_group_id =' => $options['sharing_group_id']) : array(),
)),
'(SELECT events.org_id FROM events WHERE events.id = Attribute.event_id)' => $user['org_id']
);
}
if ($options['distribution']) {
$conditions['AND'][] = array('Event.distribution' => $options['distribution']);
$conditionsAttributes['AND'][] = array('Attribute.distribution' => $options['distribution']);
}
if ($options['sharing_group_id']) {
$conditions['AND'][] = array('Event.sharing_group_id' => $options['sharing_group_id']);
$conditionsAttributes['AND'][] = array('Attribute.sharing_group_id' => $options['sharing_group_id']);
}
if ($options['from']) $conditions['AND'][] = array('Event.date >=' => $options['from']);
if ($options['to']) $conditions['AND'][] = array('Event.date <=' => $options['to']);
if ($options['last']) $conditions['AND'][] = array('Event.publish_timestamp >=' => $options['last']);