mirror of https://github.com/MISP/MISP
Merge branch 'feature/roleChanges' into feature/XML_and_UI
Conflicts: app/Controller/UsersController.php app/View/Regexp/admin_add.ctp app/View/Regexp/admin_edit.ctp app/View/Regexp/admin_index.ctp app/View/Roles/admin_add.ctp app/View/Servers/add.ctp app/View/Servers/edit.ctp app/View/Servers/index.ctp app/View/Servers/pull.ctp app/View/Servers/push.ctppull/217/head
commit
2b11a78e22
|
@ -0,0 +1,2 @@
|
|||
ALTER TABLE `roles` ADD `perm_site_admin` TINYINT( 1 ) NOT NULL DEFAULT '0',
|
||||
ADD `perm_regexp_access` TINYINT( 1 ) NOT NULL DEFAULT '0'
|
|
@ -107,7 +107,7 @@ class AppController extends Controller {
|
|||
$role = $this->getActions();
|
||||
$this->set('me', $this->Auth->user());
|
||||
$this->set('isAdmin', $role['perm_admin']);
|
||||
$this->set('isSiteAdmin', $this->_isSiteAdmin());
|
||||
$this->set('isSiteAdmin', $role['perm_site_admin']);
|
||||
$this->set('isAclAdd', $role['perm_add']);
|
||||
$this->set('isAclModify', $role['perm_modify']);
|
||||
$this->set('isAclModifyOrg', $role['perm_modify_org']);
|
||||
|
@ -116,6 +116,7 @@ class AppController extends Controller {
|
|||
$this->set('isAclAdmin', $role['perm_admin']);
|
||||
$this->set('isAclAudit', $role['perm_audit']);
|
||||
$this->set('isAclAuth', $role['perm_auth']);
|
||||
$this->set('isAclRegexp', $role['perm_regexp_access']);
|
||||
$this->userRole = $role;
|
||||
} else {
|
||||
$this->set('me', false);
|
||||
|
@ -129,6 +130,7 @@ class AppController extends Controller {
|
|||
$this->set('isAclAdmin', false);
|
||||
$this->set('isAclAudit', false);
|
||||
$this->set('isAclAuth', false);
|
||||
$this->set('isAclRegexp', false);
|
||||
}
|
||||
if (Configure::read('debug') > 0) {
|
||||
$this->debugMode = 'debugOn';
|
||||
|
@ -165,7 +167,7 @@ class AppController extends Controller {
|
|||
*/
|
||||
protected function _isAdmin() {
|
||||
$org = $this->Auth->user('org');
|
||||
if ((isset($org) && $org === 'ADMIN') || $this->userRole['perm_admin']) {
|
||||
if ($this->userRole['perm_site_admin'] || $this->userRole['perm_admin']) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
@ -175,11 +177,7 @@ class AppController extends Controller {
|
|||
* checks if the currently logged user is a site administrator (an admin that can manage any user or event on the instance and create / edit the roles).
|
||||
*/
|
||||
protected function _isSiteAdmin() {
|
||||
$org = $this->Auth->user('org');
|
||||
if (isset($org) && $org === 'ADMIN') {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
return $this->userRole['perm_site_admin'];
|
||||
}
|
||||
|
||||
protected function _checkOrg() {
|
||||
|
@ -296,7 +294,7 @@ class AppController extends Controller {
|
|||
$this->Role->recursive = -1;
|
||||
$role = $this->Role->findById($user['User']['role_id']);
|
||||
$user['User']['siteAdmin'] = false;
|
||||
if ($role['Role']['perm_admin'] && $user['User']['org'] == 'ADMIN') $user['User']['siteAdmin'] = true;
|
||||
if ($role['Role']['perm_site_admin']) $user['User']['siteAdmin'] = true;
|
||||
if ($role['Role']['perm_auth']) {
|
||||
return $user;
|
||||
}
|
||||
|
|
|
@ -1013,7 +1013,7 @@ class EventsController extends AppController {
|
|||
$body .= 'Analysis : ' . $this->Event->analysisLevels[$event['Event']['analysis']] . "\n";
|
||||
$body .= 'Info : ' . "\n";
|
||||
$body .= $event['Event']['info'] . "\n";
|
||||
$relatedEvents = $this->Event->getRelatedEvents($this->Auth->user());
|
||||
$relatedEvents = $this->Event->getRelatedEvents($this->Auth->user(), $this->_isSiteAdmin());
|
||||
if (!empty($relatedEvents)) {
|
||||
$body .= '----------------------------------------------' . "\n";
|
||||
$body .= 'Related to : '. "\n";
|
||||
|
@ -1228,7 +1228,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
$body .= 'Risk : ' . $event['Event']['risk'] . "\n";
|
||||
$body .= 'Analysis : ' . $event['Event']['analysis'] . "\n";
|
||||
$relatedEvents = $this->Event->getRelatedEvents($this->Auth->user());
|
||||
$relatedEvents = $this->Event->getRelatedEvents($this->Auth->user(), $this->_isSiteAdmin());
|
||||
if (!empty($relatedEvents)) {
|
||||
foreach ($relatedEvents as &$relatedEvent) {
|
||||
$body .= 'Related to : ' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $relatedEvent['Event']['id'] . ' (' . $relatedEvent['Event']['date'] . ')' . "\n";
|
||||
|
@ -1382,7 +1382,7 @@ class EventsController extends AppController {
|
|||
|
||||
// Grab an event or a list of events for the event view or any of the XML exports. The returned object includes an array of events (or an array that only includes a single event if an ID was given)
|
||||
// Included with the event are the attached attributes, shadow attributes, related events, related attribute information for the event view and the creating user's email address where appropriate
|
||||
private function __fetchEvent($eventid = null, $idList = null, $orgFromFetch = null) {
|
||||
private function __fetchEvent($eventid = null, $idList = null, $orgFromFetch = null, $isSiteAdmin = false) {
|
||||
if (isset($eventid)) {
|
||||
$this->Event->id = $eventid;
|
||||
if (!$this->Event->exists()) {
|
||||
|
@ -1395,8 +1395,6 @@ class EventsController extends AppController {
|
|||
// if we come from automation, we may not be logged in - instead we used an auth key in the URL.
|
||||
if (!empty($orgFromFetch)) {
|
||||
$org = $orgFromFetch;
|
||||
if ($orgFromFetch == 'ADMIN') $isSiteAdmin = true;
|
||||
else $isSiteAdmin = false;
|
||||
} else {
|
||||
$org = $this->_checkOrg();
|
||||
$isSiteAdmin = $this->_isSiteAdmin();
|
||||
|
@ -1458,9 +1456,9 @@ class EventsController extends AppController {
|
|||
// Do some refactoring with the event
|
||||
foreach ($results as $eventKey => &$event) {
|
||||
// Let's find all the related events and attach it to the event itself
|
||||
$results[$eventKey]['RelatedEvent'] = $this->Event->getRelatedEvents($this->Auth->user(), $event['Event']['id']);
|
||||
$results[$eventKey]['RelatedEvent'] = $this->Event->getRelatedEvents($this->Auth->user(), $this->_isSiteAdmin(), $event['Event']['id']);
|
||||
// Let's also find all the relations for the attributes - this won't be in the xml export though
|
||||
$results[$eventKey]['RelatedAttribute'] = $this->Event->getRelatedAttributes($this->Auth->user(), $event['Event']['id']);
|
||||
$results[$eventKey]['RelatedAttribute'] = $this->Event->getRelatedAttributes($this->Auth->user(), $this->_isSiteAdmin(), $event['Event']['id']);
|
||||
foreach ($event['Attribute'] as $key => &$attribute) {
|
||||
$attribute['ShadowAttribute'] = array();
|
||||
// If a shadowattribute can be linked to an attribute, link it to it then remove it from the event
|
||||
|
@ -2186,7 +2184,7 @@ class EventsController extends AppController {
|
|||
if (!in_array($attribute['Attribute']['event_id'], $eventIds)) $eventIds[] = $attribute['Attribute']['event_id'];
|
||||
}
|
||||
if (!empty($eventIds)) {
|
||||
$results = $this->__fetchEvent(null, $eventIds, $user['User']['org']);
|
||||
$results = $this->__fetchEvent(null, $eventIds, $user['User']['org'], true);
|
||||
} else {
|
||||
throw new NotFoundException('No matches.');
|
||||
}
|
||||
|
|
|
@ -41,7 +41,7 @@ class LogsController extends AppController {
|
|||
public function admin_index() {
|
||||
if(!$this->userRole['perm_audit']) $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
$this->set('isSearch', 0);
|
||||
if ($this->Auth->user('org') == 'ADMIN') {
|
||||
if ($this->_isSiteAdmin()) {
|
||||
$this->AdminCrud->adminIndex();
|
||||
} else {
|
||||
$orgRestriction = null;
|
||||
|
@ -67,7 +67,7 @@ class LogsController extends AppController {
|
|||
$this->Event->recursive = -1;
|
||||
$this->Event->read(null, $id);
|
||||
// send unauthorised people away. Only site admins and users of the same org may see events that are "your org only". Everyone else can proceed for all other levels of distribution
|
||||
if ($this->Auth->user('org') != 'ADMIN') {
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($this->Event->data['Event']['distribution'] == 0) {
|
||||
if ($this->Event->data['Event']['org'] != $this->Auth->user('org')) {
|
||||
$this->Session->setFlash(__('You don\'t have access to view this event.'));
|
||||
|
@ -118,7 +118,7 @@ class LogsController extends AppController {
|
|||
if(!$this->userRole['perm_audit']) $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
$fullAddress = array('/admin/logs/search', '/logs/admin_search'); // FIXME remove this crap check
|
||||
$orgRestriction = null;
|
||||
if ($this->Auth->user('org') == 'ADMIN') {
|
||||
if ($this->_isSiteAdmin()) {
|
||||
$orgRestriction = false;
|
||||
} else {
|
||||
$orgRestriction = $this->Auth->user('org');
|
||||
|
|
|
@ -30,7 +30,7 @@ class RegexpController extends AppController {
|
|||
public function admin_add() {
|
||||
$this->loadModel('Attribute');
|
||||
$types = array_keys($this->Attribute->typeDefinitions);
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_regexp_access']) $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
if ($this->request->is('post')) {
|
||||
if ($this->request->data['Regexp']['all'] == 1) {
|
||||
$this->Regexp->create();
|
||||
|
@ -63,7 +63,7 @@ class RegexpController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function admin_index() {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_regexp_access']) $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminIndex();
|
||||
}
|
||||
|
||||
|
@ -81,7 +81,7 @@ class RegexpController extends AppController {
|
|||
$this->loadModel('Attribute');
|
||||
$types = array_keys($this->Attribute->typeDefinitions);
|
||||
// send the user away if he/she's no admin
|
||||
if ($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
if (!$this->userRole['perm_regexp_access']) $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
$this->Regexp->id = $id;
|
||||
if (!$this->Regexp->exists()) {
|
||||
throw new NotFoundException('Invalid Regexp');
|
||||
|
@ -159,7 +159,7 @@ class RegexpController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function admin_delete($id = null) {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_regexp_access']) $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminDelete($id);
|
||||
}
|
||||
|
||||
|
@ -176,9 +176,8 @@ class RegexpController extends AppController {
|
|||
/**
|
||||
*
|
||||
*/
|
||||
|
||||
public function admin_clean() {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
$allRegexp = $this->Regexp->find('all');
|
||||
$deletable = array();
|
||||
$modifications = 0;
|
||||
|
|
|
@ -53,7 +53,7 @@ class RolesController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function admin_add() {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
|
||||
if ($this->request->is('post')) {
|
||||
$this->Role->create();
|
||||
if ($this->Role->save($this->request->data)) {
|
||||
|
@ -77,7 +77,7 @@ class RolesController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function admin_index() {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminIndex();
|
||||
$this->set('options', $this->options);
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ class RolesController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function admin_edit($id = null) {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminEdit($id);
|
||||
$passAlong = $this->Role->read(null, $id);
|
||||
$this->set('options', $this->options);
|
||||
|
|
|
@ -307,7 +307,7 @@ class ServersController extends AppController {
|
|||
}
|
||||
|
||||
public function push($id = null, $technique=false) {
|
||||
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!$this->_isSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
$this->Server->id = $id;
|
||||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
|
|
|
@ -196,13 +196,27 @@ class UsersController extends AppController {
|
|||
public function admin_add() {
|
||||
if (!$this->_isAdmin()) throw new Exception('Administrators only.');
|
||||
$this->set('currentOrg', $this->Auth->User('org'));
|
||||
$this->set('isSiteAdmin', $this->_isSiteAdmin());
|
||||
$params = null;
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$params = array('conditions' => array('perm_site_admin !=' => 1, 'perm_sync !=' => 1, 'perm_regexp_access !=' => 1));
|
||||
}
|
||||
$roles = $this->User->Role->find('list', $params);
|
||||
if ($this->request->is('post')) {
|
||||
$this->User->create();
|
||||
// set invited by
|
||||
$this->request->data['User']['invited_by'] = $this->Auth->user('id');
|
||||
$this->request->data['User']['change_pw'] = 1;
|
||||
$this->request->data['User']['newsread'] = '2000-01-01';
|
||||
if ($this->Auth->User('org') != 'ADMIN') $this->request->data['User']['org'] = $this->Auth->User('org');
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$this->request->data['User']['org'] = $this->Auth->User('org');
|
||||
$this->loadModel('Role');
|
||||
$this->Role->recursive = -1;
|
||||
$chosenRole = $this->Role->findById($this->request->data['User']['role_id']);
|
||||
if ($chosenRole['Role']['perm_site_admin'] == 1 || $chosenRole['Role']['perm_regexp_access'] == 1 || $chosenRole['Role']['perm_sync'] == 1) {
|
||||
throw new Exception('You are not authorised to assign that role to a user.');
|
||||
}
|
||||
}
|
||||
if ($this->User->save($this->request->data)) {
|
||||
$this->Session->setFlash(__('The user has been saved'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
|
@ -216,8 +230,6 @@ class UsersController extends AppController {
|
|||
$this->newkey = $this->User->generateAuthKey();
|
||||
$this->set('authkey', $this->newkey);
|
||||
}
|
||||
// XXX ACL roles
|
||||
$roles = $this->User->Role->find('list');
|
||||
$this->set(compact('roles'));
|
||||
}
|
||||
|
||||
|
@ -235,6 +247,11 @@ class UsersController extends AppController {
|
|||
if (!$this->User->exists()) {
|
||||
throw new NotFoundException(__('Invalid user'));
|
||||
}
|
||||
$params = null;
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$params = array('conditions' => array('perm_site_admin !=' => 1, 'perm_sync !=' => 1, 'perm_regexp_access !=' => 1));
|
||||
}
|
||||
$roles = $this->User->Role->find('list', $params);
|
||||
$this->set('currentId', $id);
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
$fields = array();
|
||||
|
@ -251,7 +268,14 @@ class UsersController extends AppController {
|
|||
if ("" != $this->request->data['User']['password'])
|
||||
$fields[] = 'password';
|
||||
$fields[] = 'role_id';
|
||||
//debug($fields);debug(tru);
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$this->loadModel('Role');
|
||||
$this->Role->recursive = -1;
|
||||
$chosenRole = $this->Role->findById($this->request->data['User']['role_id']);
|
||||
if ($chosenRole['Role']['perm_site_admin'] == 1 || $chosenRole['Role']['perm_regexp_access'] == 1 || $chosenRole['Role']['perm_sync'] == 1) {
|
||||
throw new Exception('You are not authorised to assign that role to a user.');
|
||||
}
|
||||
}
|
||||
if ($this->User->save($this->request->data, true, $fields)) {
|
||||
// TODO Audit, extraLog, fields compare
|
||||
// newValues to array
|
||||
|
@ -294,18 +318,11 @@ class UsersController extends AppController {
|
|||
} else {
|
||||
$this->User->recursive = 0;
|
||||
$this->User->read(null, $id);
|
||||
if ($this->Auth->User('org') != 'ADMIN' && $this->Auth->User('org') != $this->User->data['User']['org']) $this->redirect(array('controller' => 'users', 'action' => 'index', 'admin' => true));
|
||||
if (!$this->_isSiteAdmin() && $this->Auth->User('org') != $this->User->data['User']['org']) $this->redirect(array('controller' => 'users', 'action' => 'index', 'admin' => true));
|
||||
$this->User->set('password', '');
|
||||
$this->request->data = $this->User->data; // TODO CHECK
|
||||
|
||||
}
|
||||
// TODO ACL CLEANUP combobox for orgs
|
||||
$orgIds = array('ADMIN', 'NCIRC', 'Other MOD');
|
||||
$orgIds = $this->_arrayToValuesIndexArray($orgIds);
|
||||
$this->set('orgIds', compact('orgIds'));
|
||||
$this->set('id', $id);
|
||||
// XXX ACL, Roles in Users
|
||||
$roles = $this->User->Role->find('list');
|
||||
$this->set(compact('roles'));
|
||||
}
|
||||
|
||||
|
@ -352,20 +369,39 @@ class UsersController extends AppController {
|
|||
if($this->request->is('post')) {
|
||||
$this->Session->setFlash(__('Invalid username or password, try again'));
|
||||
}
|
||||
|
||||
// populate the DB with the first role (site admin) if it's empty
|
||||
$this->loadModel('Role');
|
||||
if ($this->Role->find('count') == 0 ) {
|
||||
$siteAdmin = array('Role' => array(
|
||||
'id' => 1,
|
||||
'name' => 'Site Admin',
|
||||
'perm_add' => 1,
|
||||
'perm_modify' => 1,
|
||||
'perm_modify_org' => 1,
|
||||
'perm_publish' => 1,
|
||||
'perm_sync' => 1,
|
||||
'perm_admin' => 1,
|
||||
'perm_audit' => 1,
|
||||
'perm_auth' => 1,
|
||||
'perm_site_admin' => 1,
|
||||
'perm_regexp_access' => 1,
|
||||
));
|
||||
$this->Role->save($siteAdmin);
|
||||
}
|
||||
// populate the DB with the first user if it's empty
|
||||
if ($this->User->find('count') == 0 ) {
|
||||
$admin = array('User' => array(
|
||||
'email' => 'admin@admin.test',
|
||||
'org' => 'ADMIN',
|
||||
'password' => 'admin',
|
||||
'confirm_password' => 'admin',
|
||||
'authkey' => $this->User->generateAuthKey(),
|
||||
'nids_sid' => 4000000,
|
||||
'date' => date('YYY-mm-dd'),
|
||||
'role_id' => 1,
|
||||
'change_pw' => 1
|
||||
));
|
||||
'id' => 1,
|
||||
'email' => 'admin@admin.test',
|
||||
'org' => 'ADMIN',
|
||||
'password' => 'admin',
|
||||
'confirm_password' => 'admin',
|
||||
'authkey' => $this->User->generateAuthKey(),
|
||||
'nids_sid' => 4000000,
|
||||
'newsread' => date('Y-m-d'),
|
||||
'role_id' => 1,
|
||||
'change_pw' => 1
|
||||
));
|
||||
$this->User->validator()->remove('password'); // password is to simple, remove validation
|
||||
$this->User->save($admin);
|
||||
}
|
||||
|
|
|
@ -33,7 +33,7 @@ class WhitelistsController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function admin_add() {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_regexp_access']) $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminAdd();
|
||||
}
|
||||
|
||||
|
@ -43,7 +43,7 @@ class WhitelistsController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function admin_index() {
|
||||
if(!$this->_IsSiteAdmin()) $this->redirect(array('controller' => 'whitelists', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_regexp_access']) $this->redirect(array('controller' => 'whitelists', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminIndex();
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,7 @@ class WhitelistsController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function admin_edit($id = null) {
|
||||
if(!$this->_IsSiteAdmin()) $this->redirect(array('controller' => 'whitelists', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_regexp_access']) $this->redirect(array('controller' => 'whitelists', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminEdit($id);
|
||||
}
|
||||
|
||||
|
@ -68,7 +68,7 @@ class WhitelistsController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function admin_delete($id = null) {
|
||||
if(!$this->_IsSiteAdmin()) $this->redirect(array('controller' => 'whitelists', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_regexp_access']) $this->redirect(array('controller' => 'whitelists', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminDelete($id);
|
||||
}
|
||||
|
||||
|
|
|
@ -318,11 +318,11 @@ class Event extends AppModel {
|
|||
return $this->field('id', array('id' => $eventid, 'org' => $org)) === $eventid;
|
||||
}
|
||||
|
||||
public function getRelatedEvents($me, $eventId = null) {
|
||||
public function getRelatedEvents($me, $isSiteAdmin = false, $eventId = null) {
|
||||
if ($eventId == null) $eventId = $this->data['Event']['id'];
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
// search the correlation table for the event ids of the related events
|
||||
if ('ADMIN' != $me['org']) {
|
||||
if (!$isSiteAdmin) {
|
||||
$conditionsCorrelation = array('AND' =>
|
||||
array('Correlation.1_event_id' => $eventId),
|
||||
array("OR" => array(
|
||||
|
@ -355,11 +355,11 @@ class Event extends AppModel {
|
|||
return $relatedEvents;
|
||||
}
|
||||
|
||||
public function getRelatedAttributes($me, $id = null) {
|
||||
public function getRelatedAttributes($me, $isSiteAdmin = false, $id = null) {
|
||||
if ($id == null) $id = $this->data['Event']['id'];
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
// search the correlation table for the event ids of the related attributes
|
||||
if ('ADMIN' != $me['org']) {
|
||||
if (!$isSiteAdmin) {
|
||||
$conditionsCorrelation = array('AND' =>
|
||||
array('Correlation.1_event_id' => $id),
|
||||
array("OR" => array(
|
||||
|
|
|
@ -66,7 +66,7 @@ class Regexp extends AppModel {
|
|||
}
|
||||
|
||||
public function replaceSpecific($string, $allRegexp = null, $type) {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->_isSiteAdmin()) $this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
$orig = $string;
|
||||
foreach ($allRegexp as $regexp) {
|
||||
if (strlen($regexp['Regexp']['replacement']) && strlen($regexp['Regexp']['regexp']) && ($regexp['Regexp']['type'] === 'ALL' || $regexp['Regexp']['type'] === $type)) {
|
||||
|
|
|
@ -37,11 +37,11 @@
|
|||
<b class="caret"></b>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<?php if ($isSiteAdmin): ?>
|
||||
<?php if ($isAclRegexp): ?>
|
||||
<li><a href="/admin/regexp/index">Import Regexp</a></li>
|
||||
<li><a href="/admin/whitelists/index">Signature Whitelist</a></li>
|
||||
<?php endif;?>
|
||||
<?php if (!$isSiteAdmin): ?>
|
||||
<?php if (!$isAclRegexp): ?>
|
||||
<li><a href="/regexp/index">Import Regexp</a></li>
|
||||
<li><a href="/whitelists/index">Signature Whitelist</a></li>
|
||||
<?php endif;?>
|
||||
|
@ -112,7 +112,7 @@
|
|||
</ul>
|
||||
</li>
|
||||
<?php endif;?>
|
||||
|
||||
<li style="margin-top:15px;margin-left:20px;font-size:16px;color:white;text-shadow: 0 0 4px white, 0 -5px 4px #ff3, 2px -10px 6px #fd3, -2px -15px 11px #f80, 2px -25px 18px #f20;font-weight:bold">EXCERCISE EXCERCISE EXCERCISE</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="nav-collapse collapse pull-right">
|
||||
|
|
|
@ -35,4 +35,4 @@ echo $this->Form->end();
|
|||
</div>
|
||||
<?php
|
||||
echo $this->element('side_menu', array('menuList' => 'regexp', 'menuItem' => 'add'));
|
||||
?>
|
||||
?>
|
||||
|
|
|
@ -46,3 +46,4 @@ echo $this->Form->end();
|
|||
<?php
|
||||
echo $this->element('side_menu', array('menuList' => 'regexp', 'menuItem' => 'edit', 'id' => $this->Form->value('Regexp.id')));
|
||||
?>
|
||||
|
||||
|
|
|
@ -6,13 +6,13 @@
|
|||
echo $this->Form->input('name');?>
|
||||
<?php echo $this->Form->input('permission', array('type' => 'select', 'options' => $options), array('value' => '3'));?>
|
||||
<div class = 'input clear'></div>
|
||||
<?php echo $this->Form->input('perm_sync', array(
|
||||
'type' => 'checkbox',
|
||||
'checked' => false,
|
||||
));?>
|
||||
<?php echo $this->Form->input('perm_sync', array('type' => 'checkbox', 'checked' => false));?>
|
||||
<?php echo $this->Form->input('perm_admin', array('type' => 'checkbox', 'checked' => false));?>
|
||||
<?php echo $this->Form->input('perm_audit', array('type' => 'checkbox', 'checked' => false));?>
|
||||
<div class = 'input clear'></div>
|
||||
<?php echo $this->Form->input('perm_auth', array('type' => 'checkbox', 'checked' => false));?>
|
||||
<?php echo $this->Form->input('perm_site_admin', array('type' => 'checkbox', 'checked' => false));?>
|
||||
<?php echo $this->Form->input('perm_regexp_access', array('type' => 'checkbox', 'checked' => false));?>
|
||||
</fieldset>
|
||||
<?php
|
||||
echo $this->Form->button('Add', array('class' => 'btn btn-primary'));
|
||||
|
@ -22,11 +22,14 @@ echo $this->Form->end();
|
|||
<?php
|
||||
echo $this->element('side_menu', array('menuList' => 'admin', 'menuItem' => 'addRole'));
|
||||
|
||||
|
||||
$this->Js->get('#RolePermission')->event('change', 'deactivateActions()');
|
||||
|
||||
$this->Js->get('#RolePermSync')->event('change', 'checkPerms("RolePermSync")');
|
||||
$this->Js->get('#RolePermAdmin')->event('change', 'checkPerms("RolePermAdmin")');
|
||||
$this->Js->get('#RolePermAudit')->event('change', 'checkPerms("RolePermAudit")');
|
||||
|
||||
$this->Js->get('#RolePermSync')->event('change', 'checkPerms("RolePermSync")');
|
||||
$this->Js->get('#RolePermAdmin')->event('change', 'checkPerms("RolePermAdmin")');
|
||||
$this->Js->get('#RolePermAudit')->event('change', 'checkPerms("RolePermAudit")');
|
||||
$this->Js->get('#RolePermSiteAdmin')->event('change', 'checkPerms("RolePermSiteAdmin");activateAll();');
|
||||
$this->Js->get('#RolePermRegexpAccess')->event('change', 'checkPerms("RolePermRegexpAccess")');
|
||||
?>
|
||||
|
||||
<script type="text/javascript">
|
||||
|
@ -38,6 +41,18 @@ function deactivateActions() {
|
|||
document.getElementById("RolePermSync").checked = false;
|
||||
document.getElementById("RolePermAdmin").checked = false;
|
||||
document.getElementById("RolePermAudit").checked = false;
|
||||
document.getElementById("RolePermSiteAdmin").checked = false;
|
||||
document.getElementById("RolePermRegexpAccess").checked = false;
|
||||
}
|
||||
}
|
||||
|
||||
function activateAll() {
|
||||
if (document.getElementById("RolePermSiteAdmin").checked) {
|
||||
document.getElementById("RolePermSync").checked = true;
|
||||
document.getElementById("RolePermAdmin").checked = true;
|
||||
document.getElementById("RolePermAudit").checked = true;
|
||||
document.getElementById("RolePermAuth").checked = true;
|
||||
document.getElementById("RolePermRegexpAccess").checked = true;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -64,4 +64,4 @@ $(document).ready(function() {
|
|||
}).popover('show');
|
||||
});
|
||||
});
|
||||
</script>
|
||||
</script>
|
||||
|
|
|
@ -66,4 +66,4 @@ $(document).ready(function() {
|
|||
}).popover('show');
|
||||
});
|
||||
});
|
||||
</script>
|
||||
</script>
|
||||
|
|
|
@ -48,14 +48,14 @@ foreach ($servers as $server): ?>
|
|||
<td class="short"><?php echo $server['Server']['lastpushedid']; ?></td>
|
||||
<td class="short action-links">
|
||||
<?php
|
||||
if ($server['Server']['pull'] && $me['org'] == 'ADMIN')
|
||||
if ($server['Server']['pull'] && $isSiteAdmin)
|
||||
echo $this->Html->link('', array('action' => 'pull', $server['Server']['id'], 'full'), array('class' => 'icon-download', 'title' => 'Pull all'));
|
||||
if ($server['Server']['push'] && $me['org'] == 'ADMIN')
|
||||
if ($server['Server']['push'] && $isSiteAdmin)
|
||||
echo $this->Html->link('', array('action' => 'push', $server['Server']['id'], 'full'), array('class' => 'icon-upload', 'title' => 'Push all'));
|
||||
?>
|
||||
|
||||
<?php
|
||||
$mayModify = ($me['org'] == 'ADMIN' || $me['org'] == $server['Server']['organization']) || ($isAdmin && ($server['Server']['organization'] == $me['org']));
|
||||
$mayModify = ($isSiteAdmin || $me['org'] == $server['Server']['organization']) || ($isAdmin && ($server['Server']['organization'] == $me['org']));
|
||||
if ($mayModify) echo $this->Html->link('', array('action' => 'edit', $server['Server']['id']), array('class' => 'icon-edit', 'title' => 'Edit'));
|
||||
if ($mayModify) echo $this->Form->postLink('', array('action' => 'delete', $server['Server']['id']), array('class' => 'icon-trash', 'title' => 'Delete'), __('Are you sure you want to delete # %s?', $server['Server']['id']));
|
||||
?>
|
||||
|
@ -85,4 +85,4 @@ endforeach; ?>
|
|||
</div>
|
||||
<?php
|
||||
echo $this->element('side_menu', array('menuList' => 'sync', 'menuItem' => 'index'));
|
||||
?>
|
||||
?>
|
||||
|
|
|
@ -22,6 +22,7 @@ else:?>
|
|||
<?php
|
||||
endif;?>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
echo $this->element('side_menu', array('menuList' => 'sync', 'menuItem' => 'push'));
|
||||
?>
|
||||
?>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
echo $this->Form->input('email');
|
||||
echo $this->Form->input('password');
|
||||
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
|
||||
if ($currentOrg == 'ADMIN') {
|
||||
if ($isSiteAdmin) {
|
||||
echo $this->Form->input('org', array('label' => 'Organisation'));
|
||||
}
|
||||
echo $this->Form->input('role_id', array('label' => 'Role', 'div' => 'input clear'));
|
||||
|
@ -23,4 +23,4 @@
|
|||
</div>
|
||||
<?php
|
||||
echo $this->element('side_menu', array('menuList' => 'admin', 'menuItem' => 'addUser'));
|
||||
?>
|
||||
?>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
echo $this->Form->input('email');
|
||||
echo $this->Form->input('password');
|
||||
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
|
||||
if ($currentOrg == 'ADMIN') {
|
||||
if ($isSiteAdmin) {
|
||||
echo $this->Form->input('org', array('label' => 'Organisation'));
|
||||
}
|
||||
echo $this->Form->input('role_id', array('label' => 'Role', 'div' => 'input clear')); // TODO ACL, User edit role_id.
|
||||
|
|
|
@ -61,7 +61,7 @@ foreach ($users as $user): ?>
|
|||
<?php echo h($user['User']['newsread']); ?> </td>
|
||||
<td class="short action-links">
|
||||
<?php
|
||||
if (($isAclAdmin && (($user['User']['org'] == $me['org'])) || ('1' == $me['id'])) || ($me['org'] == 'ADMIN')) {
|
||||
if (($isAclAdmin && (($user['User']['org'] == $me['org'])) || ('1' == $me['id'])) || ($isSiteAdmin)) {
|
||||
echo $this->Html->link('', array('admin' => true, 'action' => 'edit', $user['User']['id']), array('class' => 'icon-edit', 'title' => 'Edit'));
|
||||
echo $this->Form->postLink('', array('admin' => true, 'action' => 'delete', $user['User']['id']), array('class' => 'icon-trash', 'title' => 'Delete'), __('Are you sure you want to delete # %s?', $user['User']['id']));
|
||||
}?>
|
||||
|
@ -91,4 +91,4 @@ endforeach; ?>
|
|||
</div>
|
||||
<?php
|
||||
echo $this->element('side_menu', array('menuList' => 'admin', 'menuItem' => 'indexUser'));
|
||||
?>
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue