mirror of https://github.com/MISP/MISP
new: Allow further role settings
- exclude a role from non site admin assignment - set max memory usage and execution time / rolepull/3071/head
parent
86cc300225
commit
41fdf6da8b
|
@ -282,6 +282,18 @@ class AppController extends Controller {
|
|||
$this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false));
|
||||
}
|
||||
}
|
||||
$this->set('default_memory_limit', ini_get('memory_limit'));
|
||||
if (isset($this->Auth->user('Role')['memory_limit'])) {
|
||||
if ($this->Auth->user('Role')['memory_limit'] !== '') {
|
||||
ini_set('memory_limit', $this->Auth->user('Role')['memory_limit']);
|
||||
}
|
||||
}
|
||||
$this->set('default_max_execution_time', ini_get('max_execution_time'));
|
||||
if (isset($this->Auth->user('Role')['max_execution_time'])) {
|
||||
if ($this->Auth->user('Role')['max_execution_time'] !== '') {
|
||||
ini_set('max_execution_time', $this->Auth->user('Role')['max_execution_time']);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (!($this->params['controller'] === 'users' && $this->params['action'] === 'login')) $this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false));
|
||||
}
|
||||
|
|
|
@ -490,7 +490,12 @@ class UsersController extends AppController {
|
|||
$this->loadModel('Role');
|
||||
$this->Role->recursive = -1;
|
||||
$chosenRole = $this->Role->findById($this->request->data['User']['role_id']);
|
||||
if ($chosenRole['Role']['perm_site_admin'] == 1 || $chosenRole['Role']['perm_regexp_access'] == 1 || $chosenRole['Role']['perm_sync'] == 1) {
|
||||
if (
|
||||
$chosenRole['Role']['perm_site_admin'] == 1 ||
|
||||
$chosenRole['Role']['perm_regexp_access'] == 1 ||
|
||||
$chosenRole['Role']['perm_sync'] == 1 ||
|
||||
$chosenRole['Role']['restricted_to_site_admin'] == 1
|
||||
) {
|
||||
throw new Exception('You are not authorised to assign that role to a user.');
|
||||
}
|
||||
}
|
||||
|
@ -617,7 +622,7 @@ class UsersController extends AppController {
|
|||
$params = array('conditions' => array(
|
||||
'OR' => array(
|
||||
'AND' => array(
|
||||
'perm_site_admin' => 0, 'perm_sync' => 0, 'perm_regexp_access' => 0
|
||||
'perm_site_admin' => 0, 'perm_sync' => 0, 'perm_regexp_access' => 0, 'restricted_to_site_admin' => 0
|
||||
),
|
||||
'id' => $allowedRole,
|
||||
)
|
||||
|
|
|
@ -60,7 +60,7 @@ class AppModel extends Model {
|
|||
);
|
||||
|
||||
public $db_changes = array(
|
||||
1 => false, 2 => false, 3 => false
|
||||
1 => false, 2 => false, 3 => false, 4 => true
|
||||
);
|
||||
|
||||
function afterSave($created, $options = array()) {
|
||||
|
@ -862,7 +862,6 @@ class AppModel extends Model {
|
|||
$indexArray[] = array('attributes', 'deleted');
|
||||
break;
|
||||
case '2.4.86':
|
||||
|
||||
break;
|
||||
case '2.4.87':
|
||||
$sqlArray[] = "ALTER TABLE `feeds` ADD `headers` TEXT COLLATE utf8_bin;";
|
||||
|
@ -886,6 +885,11 @@ class AppModel extends Model {
|
|||
$this->__addIndex('fuzzy_correlate_ssdeep', 'chunk');
|
||||
$this->__addIndex('fuzzy_correlate_ssdeep', 'attribute_id');
|
||||
break;
|
||||
case 4:
|
||||
$sqlArray[] = 'ALTER TABLE `roles` ADD `memory_limit` VARCHAR(255) COLLATE utf8_bin DEFAULT "";';
|
||||
$sqlArray[] = 'ALTER TABLE `roles` ADD `max_execution_time` VARCHAR(255) COLLATE utf8_bin DEFAULT "";';
|
||||
$sqlArray[] = "ALTER TABLE `roles` ADD `restricted_to_site_admin` tinyint(1) NOT NULL DEFAULT 0;";
|
||||
break;
|
||||
case 'fixNonEmptySharingGroupID':
|
||||
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
||||
$sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
||||
|
|
|
@ -67,7 +67,7 @@ class Role extends AppModel {
|
|||
'perm_sharing_group' => array('id' => 'RolePermSharingGroup', 'text' => 'Sharing Group Editor', 'readonlyenabled' => false),
|
||||
'perm_delegate' => array('id' => 'RolePermDelegate', 'text' => 'Delegations Access', 'readonlyenabled' => false),
|
||||
'perm_sighting' => array('id' => 'RolePermSighting', 'text' => 'Sighting Creator', 'readonlyenabled' => true),
|
||||
'perm_object_template' => array('id' => 'RolePermObjectTemplate', 'text' => 'Object Template Editor', 'readonlyenabled' => false),
|
||||
'perm_object_template' => array('id' => 'RolePermObjectTemplate', 'text' => 'Object Template Editor', 'readonlyenabled' => false)
|
||||
);
|
||||
|
||||
public $premissionLevelName = array('Read Only', 'Manage Own Events', 'Manage Organisation Events', 'Manage and Publish Organisation Events');
|
||||
|
@ -119,6 +119,20 @@ class Role extends AppModel {
|
|||
$this->data['Role'][$permFlag] = 0;
|
||||
}
|
||||
}
|
||||
if (!isset($this->data['Role']['max_execution_time'])) {
|
||||
$this->data['Role']['max_execution_time'] = '';
|
||||
} else if ($this->data['Role']['max_execution_time'] !== '') {
|
||||
$this->data['Role']['max_execution_time'] = intval($this->data['Role']['max_execution_time']);
|
||||
}
|
||||
if (!isset($this->data['Role']['memory_limit'])) {
|
||||
$this->data['Role']['memory_limit'] = '';
|
||||
} else if (
|
||||
$this->data['Role']['memory_limit'] !== '' &&
|
||||
!preg_match('/^[0-9]+[MG]$/i', $this->data['Role']['memory_limit']) &&
|
||||
$this->data['Role']['memory_limit'] != -1
|
||||
) {
|
||||
$this->data['Role']['memory_limit'] = '';
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -2,9 +2,23 @@
|
|||
<?php echo $this->Form->create('Role'); ?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Add Role');?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('name');?>
|
||||
<?php echo $this->Form->input('permission', array('type' => 'select', 'options' => $options), array('value' => '3'));?>
|
||||
<?php
|
||||
echo $this->Form->input('restricted_to_site_admin', array(
|
||||
'type' => 'checkbox',
|
||||
'class' => 'checkbox readonlyenabled',
|
||||
'label' => __('Restrict to site admins')
|
||||
));
|
||||
?>
|
||||
<div class = 'input clear'></div>
|
||||
<?php
|
||||
echo $this->Form->input('name');
|
||||
echo $this->Form->input('permission', array('type' => 'select', 'options' => $options), array('value' => '3'));
|
||||
?>
|
||||
<div class = 'input clear'></div>
|
||||
<?php
|
||||
echo $this->Form->input('memory_limit', array('label' => __('Memory limit') . ' (' . h($default_memory_limit) . ')'));
|
||||
echo $this->Form->input('max_execution_time', array('label' => __('Maximum execution time') . ' (' . h($default_max_execution_time) . ')'));
|
||||
?>
|
||||
<div class = 'input clear'></div>
|
||||
<?php
|
||||
$counter = 1;
|
||||
|
|
|
@ -2,10 +2,23 @@
|
|||
<?php echo $this->Form->create('Role');?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Edit Role'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('restricted_to_site_admin', array(
|
||||
'type' => 'checkbox',
|
||||
'class' => 'checkbox readonlyenabled',
|
||||
'label' => __('Restrict to site admins')
|
||||
));
|
||||
?>
|
||||
<div class = 'input clear'></div>
|
||||
<?php
|
||||
echo $this->Form->input('name');?>
|
||||
<?php echo $this->Form->input('permission', array('label' => __('Permissions'), 'type' => 'select', 'options' => $options), array('value' => '3'));?>
|
||||
<div class = 'input clear'></div>
|
||||
<?php
|
||||
echo $this->Form->input('memory_limit', array('label' => __('Memory limit') . ' (' . h($default_memory_limit) . ')'));
|
||||
echo $this->Form->input('max_execution_time', array('label' => __('Maximum execution time') . ' (' . h($default_max_execution_time) . ')'));
|
||||
?>
|
||||
<div class = 'input clear'></div>
|
||||
<?php
|
||||
$counter = 1;
|
||||
foreach ($permFlags as $k => $flag):
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
<th><?php echo $this->Paginator->sort('id');?></th>
|
||||
<th><?php echo __('Default');?></th>
|
||||
<th><?php echo $this->Paginator->sort('name');?></th>
|
||||
<th><?php echo $this->Paginator->sort('restricted_to_site_admin');?></th>
|
||||
<th><?php echo $this->Paginator->sort('permission', 'Permission');?></th>
|
||||
<?php
|
||||
foreach ($permFlags as $k => $flags):
|
||||
|
@ -29,6 +30,8 @@
|
|||
<?php
|
||||
endforeach;
|
||||
?>
|
||||
<th><?php echo $this->Paginator->sort('memory_limit');?></th>
|
||||
<th><?php echo $this->Paginator->sort('max_execution_time');?></th>
|
||||
<th class="actions"><?php echo __('Actions');?></th>
|
||||
</tr><?php
|
||||
foreach ($list as $item): ?>
|
||||
|
@ -36,10 +39,29 @@ foreach ($list as $item): ?>
|
|||
<td><?php echo $this->Html->link(h($item['Role']['id']), array('admin' => true, 'action' => 'edit', $item['Role']['id'])); ?> </td>
|
||||
<td class="short" style="text-align:center;width:20px;"><input class="servers_default_role_checkbox" type="checkbox" data-id="<?php echo h($item['Role']['id']); ?>" <?php if ($default_role_id && $default_role_id == $item['Role']['id']) echo 'checked'; ?>></td>
|
||||
<td><?php echo h($item['Role']['name']); ?> </td>
|
||||
<td class="short"><span class="<?php if ($item['Role']['restricted_to_site_admin']) echo 'icon-ok'; ?>"></span> </td>
|
||||
<td><?php echo h($options[$item['Role']['permission']]); ?> </td>
|
||||
<?php foreach ($permFlags as $k => $flags): ?>
|
||||
<td class="short"><span class="<?php if ($item['Role'][$k]) echo 'icon-ok'; ?>"></span> </td>
|
||||
<?php endforeach; ?>
|
||||
<td class="short">
|
||||
<?php
|
||||
if (empty($item['Role']['memory_limit'])) {
|
||||
echo h($default_memory_limit);
|
||||
} else {
|
||||
echo h($item['Role']['memory_limit']);
|
||||
}
|
||||
?>
|
||||
</td>
|
||||
<td class="short">
|
||||
<?php
|
||||
if (empty($item['Role']['max_execution_time'])) {
|
||||
echo h($default_max_execution_time);
|
||||
} else {
|
||||
echo h($item['Role']['max_execution_time']);
|
||||
}
|
||||
?>
|
||||
</td>
|
||||
<td class="short action-links">
|
||||
<?php echo $this->Html->link('', array('admin' => true, 'action' => 'edit', $item['Role']['id']), array('class' => 'icon-edit', 'title' => 'Edit')); ?>
|
||||
<?php echo $this->Form->postLink('', array('admin' => true, 'action' => 'delete', $item['Role']['id']), array('class' => 'icon-trash', 'title' => __('Delete')), __('Are you sure you want to delete %s?', $item['Role']['name'])); ?>
|
||||
|
|
Loading…
Reference in New Issue