mirror of https://github.com/MISP/MISP
chg: [roles] Added `perm_decaying` role
mokaddem
parent
cd5c9f7d1d
commit
26afe1765d
|
|
@ -711,6 +711,7 @@ CREATE TABLE IF NOT EXISTS `roles` (
|
|||
`restricted_to_site_admin` tinyint(1) NOT NULL DEFAULT 0,
|
||||
`perm_publish_zmq` tinyint(1) NOT NULL DEFAULT 0,
|
||||
`perm_publish_kafka` tinyint(1) NOT NULL DEFAULT 0,
|
||||
`perm_decaying` tinyint(1) NOT NULL DEFAULT 0,
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
|
||||
|
||||
|
|
@ -1262,23 +1263,23 @@ INSERT INTO `feeds` (`id`, `provider`, `name`, `url`, `distribution`, `default`,
|
|||
-- 7. Read Only - read
|
||||
--
|
||||
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`)
|
||||
VALUES (1, 'admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0);
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (1, 'admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0);
|
||||
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`)
|
||||
VALUES (2, 'Org Admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0);
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (2, 'Org Admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0);
|
||||
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`)
|
||||
VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1);
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1);
|
||||
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`)
|
||||
VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0);
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0);
|
||||
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`)
|
||||
VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0);
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0);
|
||||
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`)
|
||||
VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
|
||||
INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -309,13 +309,13 @@ COPY public.regexp (id, regexp, replacement, type) FROM stdin;
|
|||
-- Data for Name: roles; Type: TABLE DATA; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
COPY public.roles (id, name, created, modified, perm_add, perm_modify, perm_modify_org, perm_publish, perm_delegate, perm_sync, perm_admin, perm_audit, perm_full, perm_auth, perm_site_admin, perm_regexp_access, perm_tagger, perm_template, perm_sharing_group, perm_tag_editor, perm_sighting, perm_object_template, default_role, memory_limit, max_execution_time, restricted_to_site_admin, perm_publish_zmq, perm_publish_kafka) FROM stdin;
|
||||
1 admin 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t t t t t t t t t t t t t t f f t t
|
||||
2 Org Admin 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t f t t f t f f t t t t t f f f t t
|
||||
3 User 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t f f f f f f t f f f f f f t f t f f f
|
||||
4 Publisher 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t f f f f t f f f f f f t f f f t t
|
||||
5 Sync user 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t t f f f t f f f f t f t f f f t t
|
||||
6 Read Only 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 f f f f f f f f f t f f f f f f f f f f f f
|
||||
COPY public.roles (id, name, created, modified, perm_add, perm_modify, perm_modify_org, perm_publish, perm_delegate, perm_sync, perm_admin, perm_audit, perm_full, perm_auth, perm_site_admin, perm_regexp_access, perm_tagger, perm_template, perm_sharing_group, perm_tag_editor, perm_sighting, perm_object_template, default_role, memory_limit, max_execution_time, restricted_to_site_admin, perm_publish_zmq, perm_publish_kafka, perm_decaying) FROM stdin;
|
||||
1 admin 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t t t t t t t t t t t t t t f f t t t
|
||||
2 Org Admin 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t f t t f t f f t t t t t f f f t t t
|
||||
3 User 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t f f f f f f t f f f f f f t f t f f f t
|
||||
4 Publisher 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t f f f f t f f f f f f t f f f t t t
|
||||
5 Sync user 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t t f f f t f f f f t f t f f f t t f
|
||||
6 Read Only 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 f f f f f f f f f t f f f f f f f f f f f f f
|
||||
\.
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1135,7 +1135,8 @@ CREATE TABLE public.roles (
|
|||
max_execution_time character varying(255) DEFAULT ''::character varying,
|
||||
restricted_to_site_admin boolean DEFAULT false NOT NULL,
|
||||
perm_publish_zmq boolean DEFAULT false NOT NULL,
|
||||
perm_publish_kafka boolean DEFAULT false NOT NULL
|
||||
perm_publish_kafka boolean DEFAULT false NOT NULL,
|
||||
perm_decaying boolean DEFAULT false NOT NULL
|
||||
);
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -448,6 +448,7 @@ class AppController extends Controller
|
|||
$this->set('isAclSighting', isset($role['perm_sighting']) ? $role['perm_sighting'] : false);
|
||||
$this->set('isAclZmq', isset($role['perm_publish_zmq']) ? $role['perm_publish_zmq'] : false);
|
||||
$this->set('isAclKafka', isset($role['perm_publish_kafka']) ? $role['perm_publish_kafka'] : false);
|
||||
$this->set('isAclDecaying', isset($role['perm_decaying']) ? $role['perm_decaying'] : false);
|
||||
$this->userRole = $role;
|
||||
if (Configure::read('MISP.log_paranoid')) {
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
|
|
|
|||
|
|
@ -76,12 +76,12 @@ class ACLComponent extends Component
|
|||
"import" => array('*'),
|
||||
"view" => array('*'),
|
||||
"index" => array('*'),
|
||||
"add" => array('perm_admin'),
|
||||
"edit" => array('perm_admin'),
|
||||
"delete" => array('perm_admin'),
|
||||
"enable" => array('perm_admin'),
|
||||
"disable" => array('perm_admin'),
|
||||
"decayingTool" => array('perm_admin'),
|
||||
"add" => array('perm_admin', 'perm_decaying'),
|
||||
"edit" => array('perm_admin', 'perm_decaying'),
|
||||
"delete" => array('perm_admin', 'perm_decaying'),
|
||||
"enable" => array('perm_admin', 'perm_decaying'),
|
||||
"disable" => array('perm_admin', 'perm_decaying'),
|
||||
"decayingTool" => array('perm_admin', 'perm_decaying'),
|
||||
"getAllDecayingModels" => array('*'),
|
||||
"decayingToolBasescore" => array('*'),
|
||||
"decayingToolSimulation" => array('*'),
|
||||
|
|
@ -90,7 +90,7 @@ class ACLComponent extends Component
|
|||
),
|
||||
'decayingModelMapping' => array(
|
||||
"viewAssociatedTypes" => array('*'),
|
||||
"linkAttributeTypeToModel" => array('perm_admin')
|
||||
"linkAttributeTypeToModel" => array('perm_admin', 'perm_decaying')
|
||||
),
|
||||
'eventBlacklists' => array(
|
||||
'add' => array(),
|
||||
|
|
|
|||
|
|
@ -1194,6 +1194,10 @@ class AppModel extends Model
|
|||
KEY `type` (`type`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;";
|
||||
case 36:
|
||||
$sqlArray[] = "ALTER TABLE `event_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;";
|
||||
$sqlArray[] = "ALTER TABLE `attribute_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;";
|
||||
break;
|
||||
case 37:
|
||||
$sqlArray[] = "CREATE TABLE IF NOT EXISTS decaying_models (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`uuid` varchar(40) COLLATE utf8_bin DEFAULT NULL,
|
||||
|
|
@ -1216,10 +1220,8 @@ class AppModel extends Model
|
|||
`model_id` int(11) NOT NULL,
|
||||
PRIMARY KEY (id)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
|
||||
break;
|
||||
case 36:
|
||||
$sqlArray[] = "ALTER TABLE `event_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;";
|
||||
$sqlArray[] = "ALTER TABLE `attribute_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;";
|
||||
$sqlArray[] = "ALTER TABLE `roles` ADD `perm_decaying` tinyint(1) NOT NULL DEFAULT 0;";
|
||||
$sqlArray[] = "UPDATE `roles` SET `perm_decaying`=1 WHERE `name` IN ('admin', 'Org Admin', 'User', 'Publisher');";
|
||||
break;
|
||||
case 'fixNonEmptySharingGroupID':
|
||||
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
||||
|
|
|
|||
|
|
@ -235,13 +235,13 @@ class DecayingModel extends AppModel
|
|||
|
||||
// if not found return false
|
||||
if (empty($decayingModel)) {
|
||||
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
|
||||
throw new NotFoundException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
|
||||
}
|
||||
if (
|
||||
!$user['Role']['perm_site_admin'] && // if the user is a site admin, return the model without question
|
||||
!($user['Organisation']['id'] == $decayingModel['DecayingModel']['org_id'] || $decayingModel['DecayingModel']['all_orgs'])
|
||||
) {
|
||||
throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
|
||||
throw new NotFoundException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.'));
|
||||
}
|
||||
|
||||
if ($full) {
|
||||
|
|
@ -388,9 +388,6 @@ class DecayingModel extends AppModel
|
|||
unset($attribute['AttributeTag']);
|
||||
}
|
||||
$model = $this->fetchModel($user, $model_id, true);
|
||||
if ($model === false) {
|
||||
throw new NotFoundException(__('Model not found'));
|
||||
}
|
||||
if (!empty($model_overrides)) {
|
||||
$this->overrideModelParameters($model, $model_overrides);
|
||||
}
|
||||
|
|
@ -402,7 +399,6 @@ class DecayingModel extends AppModel
|
|||
}
|
||||
// get start time
|
||||
$start_time = $attribute['Attribute']['timestamp'];
|
||||
// $start_time = $attribute['Attribute']['first_seen'] < $start_time ? $attribute['Attribute']['first_seen'] : $start_time;
|
||||
$start_time = $sightings[0]['Sighting']['date_sighting'] < $start_time ? $sightings[0]['Sighting']['date_sighting'] : $start_time;
|
||||
$start_time = intval($start_time);
|
||||
$start_time = $this->round_timestamp_to_hour($start_time);
|
||||
|
|
|
|||
|
|
@ -131,9 +131,15 @@ class Role extends AppModel
|
|||
'perm_object_template' => array(
|
||||
'id' => 'RolePermObjectTemplate',
|
||||
'text' => 'Object Template Editor',
|
||||
'readonlyenabled' => false,
|
||||
'readonlyenabled' => true,
|
||||
'title' => 'Create or modify MISP Object templates'
|
||||
),
|
||||
'perm_decaying' => array(
|
||||
'id' => 'RolePermDecaying',
|
||||
'text' => 'Decaying Model Editor',
|
||||
'readonlyenabled' => true,
|
||||
'title' => 'Create or modify MISP Decaying Models'
|
||||
),
|
||||
// Urgently needed permission flag to avoid waking up next to a decapitated horse head sent by Enrico
|
||||
'perm_publish_zmq' => array(
|
||||
'id' => 'RolePermPublishZmq',
|
||||
|
|
|
|||
Loading…
Reference in New Issue