diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql index b724239e1..e802b55e4 100644 --- a/INSTALL/MYSQL.sql +++ b/INSTALL/MYSQL.sql @@ -711,6 +711,7 @@ CREATE TABLE IF NOT EXISTS `roles` ( `restricted_to_site_admin` tinyint(1) NOT NULL DEFAULT 0, `perm_publish_zmq` tinyint(1) NOT NULL DEFAULT 0, `perm_publish_kafka` tinyint(1) NOT NULL DEFAULT 0, + `perm_decaying` tinyint(1) NOT NULL DEFAULT 0, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; @@ -1262,23 +1263,23 @@ INSERT INTO `feeds` (`id`, `provider`, `name`, `url`, `distribution`, `default`, -- 7. Read Only - read -- -INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`) -VALUES (1, 'admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0); +INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) +VALUES (1, 'admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0); -INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`) -VALUES (2, 'Org Admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0); +INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) +VALUES (2, 'Org Admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0); -INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`) -VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1); +INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) +VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1); -INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`) -VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0); +INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) +VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0); -INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`) -VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0); +INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) +VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0); -INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `default_role`) -VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); +INSERT INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`) +VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); -- -------------------------------------------------------- diff --git a/INSTALL/POSTGRESQL-data-initial.sql b/INSTALL/POSTGRESQL-data-initial.sql index ab18b77d5..715e320a9 100644 --- a/INSTALL/POSTGRESQL-data-initial.sql +++ b/INSTALL/POSTGRESQL-data-initial.sql @@ -309,13 +309,13 @@ COPY public.regexp (id, regexp, replacement, type) FROM stdin; -- Data for Name: roles; Type: TABLE DATA; Schema: public; Owner: - -- -COPY public.roles (id, name, created, modified, perm_add, perm_modify, perm_modify_org, perm_publish, perm_delegate, perm_sync, perm_admin, perm_audit, perm_full, perm_auth, perm_site_admin, perm_regexp_access, perm_tagger, perm_template, perm_sharing_group, perm_tag_editor, perm_sighting, perm_object_template, default_role, memory_limit, max_execution_time, restricted_to_site_admin, perm_publish_zmq, perm_publish_kafka) FROM stdin; -1 admin 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t t t t t t t t t t t t t t f f t t -2 Org Admin 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t f t t f t f f t t t t t f f f t t -3 User 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t f f f f f f t f f f f f f t f t f f f -4 Publisher 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t f f f f t f f f f f f t f f f t t -5 Sync user 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t t f f f t f f f f t f t f f f t t -6 Read Only 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 f f f f f f f f f t f f f f f f f f f f f f +COPY public.roles (id, name, created, modified, perm_add, perm_modify, perm_modify_org, perm_publish, perm_delegate, perm_sync, perm_admin, perm_audit, perm_full, perm_auth, perm_site_admin, perm_regexp_access, perm_tagger, perm_template, perm_sharing_group, perm_tag_editor, perm_sighting, perm_object_template, default_role, memory_limit, max_execution_time, restricted_to_site_admin, perm_publish_zmq, perm_publish_kafka, perm_decaying) FROM stdin; +1 admin 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t t t t t t t t t t t t t t f f t t t +2 Org Admin 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t f t t f t f f t t t t t f f f t t t +3 User 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t f f f f f f t f f f f f f t f t f f f t +4 Publisher 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t f f f f t f f f f f f t f f f t t t +5 Sync user 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 t t t t t t f f f t f f f f t f t f f f t t f +6 Read Only 2018-11-27 06:22:00+00 2018-11-27 06:22:00+00 f f f f f f f f f t f f f f f f f f f f f f f \. diff --git a/INSTALL/POSTGRESQL-structure.sql b/INSTALL/POSTGRESQL-structure.sql index fe7b16db1..f7daa9875 100644 --- a/INSTALL/POSTGRESQL-structure.sql +++ b/INSTALL/POSTGRESQL-structure.sql @@ -1135,7 +1135,8 @@ CREATE TABLE public.roles ( max_execution_time character varying(255) DEFAULT ''::character varying, restricted_to_site_admin boolean DEFAULT false NOT NULL, perm_publish_zmq boolean DEFAULT false NOT NULL, - perm_publish_kafka boolean DEFAULT false NOT NULL + perm_publish_kafka boolean DEFAULT false NOT NULL, + perm_decaying boolean DEFAULT false NOT NULL ); diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 11740765e..da7ae6225 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -448,6 +448,7 @@ class AppController extends Controller $this->set('isAclSighting', isset($role['perm_sighting']) ? $role['perm_sighting'] : false); $this->set('isAclZmq', isset($role['perm_publish_zmq']) ? $role['perm_publish_zmq'] : false); $this->set('isAclKafka', isset($role['perm_publish_kafka']) ? $role['perm_publish_kafka'] : false); + $this->set('isAclDecaying', isset($role['perm_decaying']) ? $role['perm_decaying'] : false); $this->userRole = $role; if (Configure::read('MISP.log_paranoid')) { $this->Log = ClassRegistry::init('Log'); diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index 85cfa3662..16add2a43 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -76,12 +76,12 @@ class ACLComponent extends Component "import" => array('*'), "view" => array('*'), "index" => array('*'), - "add" => array('perm_admin'), - "edit" => array('perm_admin'), - "delete" => array('perm_admin'), - "enable" => array('perm_admin'), - "disable" => array('perm_admin'), - "decayingTool" => array('perm_admin'), + "add" => array('perm_admin', 'perm_decaying'), + "edit" => array('perm_admin', 'perm_decaying'), + "delete" => array('perm_admin', 'perm_decaying'), + "enable" => array('perm_admin', 'perm_decaying'), + "disable" => array('perm_admin', 'perm_decaying'), + "decayingTool" => array('perm_admin', 'perm_decaying'), "getAllDecayingModels" => array('*'), "decayingToolBasescore" => array('*'), "decayingToolSimulation" => array('*'), @@ -90,7 +90,7 @@ class ACLComponent extends Component ), 'decayingModelMapping' => array( "viewAssociatedTypes" => array('*'), - "linkAttributeTypeToModel" => array('perm_admin') + "linkAttributeTypeToModel" => array('perm_admin', 'perm_decaying') ), 'eventBlacklists' => array( 'add' => array(), diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index cb5e8c75d..71ac48aa1 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -1194,6 +1194,10 @@ class AppModel extends Model KEY `type` (`type`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;"; case 36: + $sqlArray[] = "ALTER TABLE `event_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;"; + $sqlArray[] = "ALTER TABLE `attribute_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;"; + break; + case 37: $sqlArray[] = "CREATE TABLE IF NOT EXISTS decaying_models ( `id` int(11) NOT NULL AUTO_INCREMENT, `uuid` varchar(40) COLLATE utf8_bin DEFAULT NULL, @@ -1216,10 +1220,8 @@ class AppModel extends Model `model_id` int(11) NOT NULL, PRIMARY KEY (id) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;"; - break; - case 36: - $sqlArray[] = "ALTER TABLE `event_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;"; - $sqlArray[] = "ALTER TABLE `attribute_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;"; + $sqlArray[] = "ALTER TABLE `roles` ADD `perm_decaying` tinyint(1) NOT NULL DEFAULT 0;"; + $sqlArray[] = "UPDATE `roles` SET `perm_decaying`=1 WHERE `name` IN ('admin', 'Org Admin', 'User', 'Publisher');"; break; case 'fixNonEmptySharingGroupID': $sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;'; diff --git a/app/Model/DecayingModel.php b/app/Model/DecayingModel.php index cc881c908..8cc6fde7e 100644 --- a/app/Model/DecayingModel.php +++ b/app/Model/DecayingModel.php @@ -235,13 +235,13 @@ class DecayingModel extends AppModel // if not found return false if (empty($decayingModel)) { - throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.')); + throw new NotFoundException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.')); } if ( !$user['Role']['perm_site_admin'] && // if the user is a site admin, return the model without question !($user['Organisation']['id'] == $decayingModel['DecayingModel']['org_id'] || $decayingModel['DecayingModel']['all_orgs']) ) { - throw new MethodNotAllowedException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.')); + throw new NotFoundException(__('No Decaying Model with the provided ID exists, or you are not authorised to view it.')); } if ($full) { @@ -388,9 +388,6 @@ class DecayingModel extends AppModel unset($attribute['AttributeTag']); } $model = $this->fetchModel($user, $model_id, true); - if ($model === false) { - throw new NotFoundException(__('Model not found')); - } if (!empty($model_overrides)) { $this->overrideModelParameters($model, $model_overrides); } @@ -402,7 +399,6 @@ class DecayingModel extends AppModel } // get start time $start_time = $attribute['Attribute']['timestamp']; - // $start_time = $attribute['Attribute']['first_seen'] < $start_time ? $attribute['Attribute']['first_seen'] : $start_time; $start_time = $sightings[0]['Sighting']['date_sighting'] < $start_time ? $sightings[0]['Sighting']['date_sighting'] : $start_time; $start_time = intval($start_time); $start_time = $this->round_timestamp_to_hour($start_time); diff --git a/app/Model/Role.php b/app/Model/Role.php index e7c5999a9..41d5b9e95 100644 --- a/app/Model/Role.php +++ b/app/Model/Role.php @@ -131,9 +131,15 @@ class Role extends AppModel 'perm_object_template' => array( 'id' => 'RolePermObjectTemplate', 'text' => 'Object Template Editor', - 'readonlyenabled' => false, + 'readonlyenabled' => true, 'title' => 'Create or modify MISP Object templates' ), + 'perm_decaying' => array( + 'id' => 'RolePermDecaying', + 'text' => 'Decaying Model Editor', + 'readonlyenabled' => true, + 'title' => 'Create or modify MISP Decaying Models' + ), // Urgently needed permission flag to avoid waking up next to a decapitated horse head sent by Enrico 'perm_publish_zmq' => array( 'id' => 'RolePermPublishZmq',