mirror of https://github.com/MISP/MISP
fix: Several fixes to the sharing group behavious
- New setting roaming: - Until now, users could unselect "Limit instances to which data in this sharing group should be pushed to" - This lead to no servers added to the distribution list, and MISP would simply determine, based on the sync rules, whether the host organisation of the remote instance is eligible for the event - This works well in most cases, but in some cases, the local instance is not kept after a sync (aliases for the local instance baseurl vs remote instance's view of the url) - In these cases the sharing groups ended up being "unlimited", which was not the intent - Generally this shouldn't cause any issues as MISP still requires the sync link's organisation to be directly contained in an SG before it would push the event further - However, introducing the roaming setting this can be more clearly defined - By default, sharing groups are set to non roaming - Some further fixes to the sharing group update procedure for 2.4.49 - Update the roaming status of existing sharing groups. Local sharing groups with no instances attached will become roaming by default, all others are assumed to be non-roamingpull/1387/head
Iglocska
parent
835694c814
commit
313aba17cb
|
|
@ -49,7 +49,7 @@ class AppModel extends Model {
|
|||
// major -> minor -> hotfix -> requires_logout
|
||||
public $db_changes = array(
|
||||
2 => array(
|
||||
4 => array(18 => false, 19 => false, 20 => false, 25 => false, 27 => false, 32 => false, 33 => true, 38 => true, 39 => true, 40 => false, 42 => false, 44 => false, 45 => false)
|
||||
4 => array(18 => false, 19 => false, 20 => false, 25 => false, 27 => false, 32 => false, 33 => true, 38 => true, 39 => true, 40 => false, 42 => false, 44 => false, 45 => false, 49 => false)
|
||||
)
|
||||
);
|
||||
|
||||
|
|
@ -80,6 +80,7 @@ class AppModel extends Model {
|
|||
$this->updateDatabase($command);
|
||||
$this->SharingGroup = ClassRegistry::init('SharingGroup');
|
||||
$this->SharingGroup->correctSyncedSharingGroups();
|
||||
$this->SharingGroup->updateRoaming();
|
||||
break;
|
||||
default:
|
||||
$this->updateDatabase($command);
|
||||
|
|
@ -427,6 +428,8 @@ class AppModel extends Model {
|
|||
// DB changes to solve https://github.com/MISP/MISP/issues/1354
|
||||
$sqlArray[] = "ALTER TABLE `taxonomy_entries` MODIFY `expanded` text COLLATE utf8_bin;";
|
||||
$sqlArray[] = "ALTER TABLE `taxonomy_predicates` MODIFY `expanded` text COLLATE utf8_bin;";
|
||||
// Sharing group propagate to instances freely setting
|
||||
$sqlArray[] = "ALTER TABLE `sharing_groups` ADD `roaming` tinyint(1) NOT NULL DEFAULT 0;";
|
||||
break;
|
||||
case 'fixNonEmptySharingGroupID':
|
||||
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
||||
|
|
|
|||
|
|
@ -449,16 +449,17 @@ class SharingGroup extends AppModel {
|
|||
// This could happen if a sharing group visible to all organisations on the remote end gets pulled and for some reason (mismatch in the baseurl string for example)
|
||||
// the instance cannot be associated with a local sync link. This method checks all non-local sharing groups if the assigned sync user has access to it, if not
|
||||
// it adds the organisation of the sync user (as the only way for them to pull the event is if it is visible to them in the first place remotely).
|
||||
public function correctSyncedSharingGroups($sgs) {
|
||||
$sgs = $this->SharingGroup->find('all', array(
|
||||
public function correctSyncedSharingGroups() {
|
||||
$sgs = $this->find('all', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('local' => 0),
|
||||
));
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
$this->User = ClassRegistry::init('User');
|
||||
$syncUsers = array();
|
||||
foreach ($sgs as &$sg) {
|
||||
if (!isset($syncUsers[$sg['SharingGroup']['sync_user_id']])) {
|
||||
$user = $this->SharingGroup->User->getAuthUser($sg['SharingGroup']['sync_user_id']);
|
||||
$user = $this->User->getAuthUser($sg['SharingGroup']['sync_user_id']);
|
||||
if (empty($user)) {
|
||||
$this->Log->create();
|
||||
$entry = array(
|
||||
|
|
@ -473,7 +474,7 @@ class SharingGroup extends AppModel {
|
|||
$this->Log->save($entry);
|
||||
continue;
|
||||
}
|
||||
$syncUser[$sg['SharingGroup']['sync_user_id']] = $this->SharingGroup->User->getAuthUser($sg['SharingGroup']['sync_user_id']);
|
||||
$syncUser[$sg['SharingGroup']['sync_user_id']] = $this->User->getAuthUser($sg['SharingGroup']['sync_user_id']);
|
||||
}
|
||||
$sg['SharingGroup']['org_id'] = $syncUsers[$sg['SharingGroup']['sync_user_id']]['org_id'];
|
||||
$result = $this->save($sg);
|
||||
|
|
@ -492,4 +493,18 @@ class SharingGroup extends AppModel {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function updateRoaming() {
|
||||
$sgs = $this->find('all', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('local' => 1, 'roaming' => 0),
|
||||
'contain' => array('SharingGroupServer')
|
||||
));
|
||||
foreach ($sgs as &$sg) {
|
||||
if (empty($sg['SharingGroupServer'])) {
|
||||
$sg['SharingGroup']['roaming'] = 1;
|
||||
$this->save($sg);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue