new: [restsearch] added optional ordering

- available on event/attribute restsearch - uses the new findOrder() internal function to have consistent filtering
2022-11-27 11:15:47 +01:00 · 2022-11-27 11:15:47 +01:00 · 24f656ac3f
parent 7802291f21
commit 24f656ac3f
3 changed files with 38 additions and 4 deletions
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@ -3887,4 +3887,23 @@ class AppModel extends Model
            );
        ");
    }
+
+    public function findOrder($order, $order_model, $valid_order_fields)
+    {
+        if (!is_array($order)) {
+            $order_rules = explode(' ', strtolower($order));
+            $order_field = explode('.', $order_rules[0]);
+            $order_field = end($order_field);
+            if (in_array($order_field, $valid_order_fields)) {
+                $direction = 'asc';
+                if (!empty($order_rules[1]) && trim($order_rules[1]) === 'desc') {
+                    $direction = 'desc';
+                }
+            } else {
+                return null;
+            }
+            return $order_model . '.' . $order_field . ' ' . $direction;
+        }
+        return null;
+    }
 }
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -2920,6 +2920,13 @@ class Attribute extends AppModel
        if (!empty($filters['score'])) {
            $params['score'] = $filters['score'];
        }
+        if (!empty($filters['order'])) {
+            $params['order'] = $this->findOrder(
+                $filters['order'],
+                'Attribute',
+                ['id', 'event_id', 'object_id', 'type', 'category', 'value', 'distribution', 'timestamp', 'object_relation']
+            );
+        }
        if ($paramsOnly) {
            return $params;
        }
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@ -1526,7 +1526,11 @@ class Event extends AppModel
            'recursive' => -1,
        );
        if (isset($params['order'])) {
-            $find_params['order'] = $params['order'];
+            $find_params['order'] = $this->findOrder(
+                $params['order'],
+                'Event',
+                ['id', 'info', 'analysis', 'threat_level_id', 'distribution', 'timestamp', 'publish_timestamp']
+            );
        }
        if (isset($params['limit'])) {
            // Get the count (but not the actual data) of results for paginators
@ -2006,7 +2010,11 @@ class Event extends AppModel
            $params['page'] = $options['page'];
        }
        if (!empty($options['order'])) {
-            $params['order'] = $options['order'];
+            $options['order'] = $this->findOrder(
+                $options['order'],
+                'Event',
+                ['id', 'info', 'analysis', 'threat_level_id', 'distribution', 'timestamp', 'publish_timestamp']
+            );
        }
        $results = $this->find('all', $params);
        if (empty($results)) {
@ -7048,7 +7056,7 @@ class Event extends AppModel
    }


-    public function restSearchFilterMassage($filters, $non_restrictive_export)
+    public function restSearchFilterMassage($filters, $non_restrictive_export, $user)
    {
        if (!empty($filters['ignore'])) {
            $filters['to_ids'] = array(0, 1);
@ -7120,7 +7128,7 @@ class Event extends AppModel
            $renderView = $exportTool->renderView;
        }
        $non_restrictive_export = !empty($exportTool->non_restrictive_export);
-        $filters = $this->restSearchFilterMassage($filters, $non_restrictive_export);
+        $filters = $this->restSearchFilterMassage($filters, $non_restrictive_export, $user);

        $filters = $this->addFiltersFromUserSettings($user, $filters);
        if (empty($exportTool->mock_query_only)) {