mirror of https://github.com/MISP/MISP
new: [event:view] Added new option `show_server_correlations_for_all_users` allowing non-privileged users to view server correlations
parent
34105dba0f
commit
24cfb3c987
|
@ -2077,7 +2077,10 @@ class Event extends AppModel
|
|||
if ((!empty($options['includeDecayScore']) || !empty($options['includeScoresOnEvent'])) && !isset($this->DecayingModel)) {
|
||||
$this->DecayingModel = ClassRegistry::init('DecayingModel');
|
||||
}
|
||||
if ($options['includeServerCorrelations'] && !$isSiteAdmin && $user['org_id'] != Configure::read('MISP.host_org_id')) {
|
||||
if (
|
||||
$options['includeServerCorrelations'] &&
|
||||
(!$isSiteAdmin && $user['org_id'] != Configure::read('MISP.host_org_id') && !Configure::read('MISP.show_correlation_for_all_users', false))
|
||||
) {
|
||||
$options['includeServerCorrelations'] = false; // not permission to see server correlations
|
||||
}
|
||||
if (($options['includeFeedCorrelations'] || $options['includeServerCorrelations']) && !isset($this->Feed)) {
|
||||
|
|
|
@ -556,6 +556,13 @@ class Feed extends AppModel
|
|||
}
|
||||
|
||||
$sources = $this->getCachedFeedsOrServers($user, $scope);
|
||||
if (!$user['Role']['perm_site_admin'] && $user['org_id'] != Configure::read('MISP.host_org_id')) {
|
||||
// Filter fields that shouldn't be visible to everyone
|
||||
$allowedFieldsForAllUsers = array_flip(['id', 'name',]);
|
||||
$sources = array_map(function($source) use($scope, $allowedFieldsForAllUsers) {
|
||||
return [$scope => array_intersect_key($source[$scope], $allowedFieldsForAllUsers)];
|
||||
}, $sources);
|
||||
}
|
||||
foreach ($sources as $source) {
|
||||
$sourceId = $source[$scope]['id'];
|
||||
|
||||
|
@ -583,6 +590,9 @@ class Feed extends AppModel
|
|||
// Append also exact MISP feed or server event UUID
|
||||
// TODO: This can be optimised in future to do that in one pass
|
||||
if ($sourceHasHit && ($scope === 'Server' || $source[$scope]['source_format'] === 'misp')) {
|
||||
if (!$user['Role']['perm_site_admin'] && $user['org_id'] != Configure::read('MISP.host_org_id')) {
|
||||
continue;
|
||||
}
|
||||
$pipe = $redis->pipeline();
|
||||
$eventUuidHitPosition = [];
|
||||
foreach ($hitIds as $sourceHitPos => $k) {
|
||||
|
|
|
@ -5959,6 +5959,14 @@ class Server extends AppModel
|
|||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'show_correlation_for_all_users' => array(
|
||||
'level' => 1,
|
||||
'description' => __('This setting will reveal correlations from other remote servers visible to all users.'),
|
||||
'value' => false,
|
||||
'test' => 'testBoolFalse',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'redis_host' => array(
|
||||
'level' => 0,
|
||||
'description' => __('The host running the redis server to be used for generic MISP tasks such as caching. This is not to be confused by the redis server used by the background processing.'),
|
||||
|
|
|
@ -265,23 +265,18 @@
|
|||
}
|
||||
$popover .= '<span class=\'bold black\'>' . Inflector::humanize(h($k)) . '</span>: <span class="blue">' . $v . '</span><br />';
|
||||
}
|
||||
if (empty($server['event_uuids'])) {
|
||||
$server['event_uuids'] = [0 => 1]; // Make sure to print the content once
|
||||
}
|
||||
foreach ($server['event_uuids'] as $k => $event_uuid) {
|
||||
$liContents = '';
|
||||
if ($isSiteAdmin) {
|
||||
$liContents .= sprintf(
|
||||
'<a href="%s/servers/previewEvent/%s/%s" data-toggle="popover" data-content="%s" data-trigger="hover">%s</a> ',
|
||||
$baseurl,
|
||||
h($server['id']),
|
||||
h($event_uuid),
|
||||
h($popover),
|
||||
'S' . h($server['id']) . ':' . ($k + 1)
|
||||
);
|
||||
} else {
|
||||
$liContents .= sprintf(
|
||||
'<span>%s</span>',
|
||||
'S' . h($server['id']) . ':' . ($k + 1)
|
||||
);
|
||||
}
|
||||
$url = $isSiteAdmin ? sprintf('%s/servers/previewEvent/%s/%s', $baseurl, h($server['id']), h($event_uuid)) : '#';
|
||||
$liContents .= sprintf(
|
||||
'<a href="%s" data-toggle="popover" data-content="%s" data-trigger="hover">%s</a> ',
|
||||
$url,
|
||||
h($popover),
|
||||
'S' . h($server['id']) . ':' . ($k + 1)
|
||||
);
|
||||
echo "<li>$liContents</li>";
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,8 +7,10 @@
|
|||
}
|
||||
$relatedData = [
|
||||
'Name' => $relatedServer['name'],
|
||||
'URL' => $relatedServer['url']
|
||||
];
|
||||
if (!empty($relatedServer['url'])) {
|
||||
$relatedData['url'] = $relatedServer['url'];
|
||||
}
|
||||
$popover = '';
|
||||
foreach ($relatedData as $k => $v) {
|
||||
$popover .= sprintf(
|
||||
|
@ -16,17 +18,17 @@
|
|||
h($k),
|
||||
h($v)
|
||||
);
|
||||
$serverHtml[] = sprintf(
|
||||
'<span style="white-space: nowrap; display: inline-block">%s</span>',
|
||||
sprintf(
|
||||
'<a href="%s/servers/previewIndex/%s" class="linkButton useCursorPointer" data-toggle="popover" data-content="%s" data-trigger="hover">%s</a> ',
|
||||
$baseurl,
|
||||
h($relatedServer['id']),
|
||||
h($popover),
|
||||
h($relatedServer['name']) . ' (' . $relatedServer['id'] . ')'
|
||||
)
|
||||
);
|
||||
}
|
||||
$serverHtml[] = sprintf(
|
||||
'<span style="white-space: nowrap; display: inline-block">%s</span>',
|
||||
sprintf(
|
||||
'<a href="%s/servers/previewIndex/%s" class="linkButton useCursorPointer" data-toggle="popover" data-content="%s" data-trigger="hover">%s</a> ',
|
||||
$baseurl,
|
||||
h($relatedServer['id']),
|
||||
h($popover),
|
||||
h($relatedServer['name']) . ' (' . $relatedServer['id'] . ')'
|
||||
)
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$relatedData[] = __(
|
||||
|
|
Loading…
Reference in New Issue