mirror of https://github.com/MISP/MISP
Addition of the Event History
- uses the logs to generate a list of actions affecting the selected event and all of its attributes - view is very minimalistic, not to show anything restrictedpull/217/head
parent
dbf1065b3b
commit
441c6c94f4
|
@ -58,6 +58,59 @@ class LogsController extends AppController {
|
|||
}
|
||||
}
|
||||
|
||||
// Shows a minimalistic history for the currently selected event
|
||||
public function event_index($id) {
|
||||
// check if the user has access to this event...
|
||||
$mayModify = false;
|
||||
$mineOrAdmin = false;
|
||||
// send unauthorised people away. Only site admins and users of the same org may see events that are "your org only". Everyone else can proceed for all other levels of distribution
|
||||
if ($this->Auth->user('org') != 'ADMIN') {
|
||||
$this->loadModel('Event');
|
||||
$this->Event->recursive = -1;
|
||||
$this->Event->read(null, $id);
|
||||
if ($this->Event->data['Event']['distribution'] == 0) {
|
||||
if ($this->Event->data['Event']['org'] != $this->Auth->user('org')) {
|
||||
$this->Session->setFlash(__('You don\'t have access to view this event.'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
} else {
|
||||
$mineOrAdmin = true;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$mineOrAdmin = true;
|
||||
}
|
||||
if ($mineOrAdmin && $this->checkAction('perm_modify')) $mayModify = true;
|
||||
// get a list of the attributes that belong to the event
|
||||
$this->loadModel('Attribute');
|
||||
$this->Attribute->recursive = -1;
|
||||
$attributes = $this->Attribute->find('all', array(
|
||||
'conditions' => array('event_id' => $id),
|
||||
'fields' => array ('id', 'event_id', 'distribution'),
|
||||
'contain' => 'Event.distribution'
|
||||
));
|
||||
// get a list of all log entries that affect the current event or any of the attributes found above
|
||||
$conditions['OR'][] = array('AND' => array('Log.model LIKE' => 'Event', 'Log.model_id LIKE' => $id));
|
||||
$conditions['OR'][] = array('AND' => array ('Log.model LIKE' => 'Attribute'));
|
||||
// set a condition for the attribute, otherwise an empty event will show all attributes in the log
|
||||
$conditions['OR'][1]['AND']['OR'][0] = array('Log.model_id LIKE' => null);
|
||||
foreach ($attributes as $a) {
|
||||
// Hop over the attributes that are private if the user should is not of the same org and not an admin
|
||||
if ($mineOrAdmin || ($a['Event']['distribution'] != 0 && $a['Attribute']['distribution'] != 0)) {
|
||||
$conditions['OR'][1]['AND']['OR'][] = array('Log.model_id LIKE' => $a['Attribute']['id']);
|
||||
}
|
||||
}
|
||||
$fieldList = array('title', 'created', 'model', 'model_id', 'action', 'change');
|
||||
$this->paginate = array(
|
||||
'limit' => 60,
|
||||
'conditions' => $conditions,
|
||||
'order' => array('Log.id' => 'DESC'),
|
||||
'fields' => $fieldList
|
||||
);
|
||||
$this->set('list', $this->paginate());
|
||||
$this->set('eventId', $id);
|
||||
$this->set('mayModify', $mayModify);
|
||||
}
|
||||
|
||||
public $helpers = array('Js' => array('Jquery'), 'Highlight');
|
||||
|
||||
public function admin_search() {
|
||||
|
|
|
@ -48,6 +48,7 @@ echo $this->Form->end();
|
|||
<div class="actions">
|
||||
<ul class="nav nav-list">
|
||||
<li><a href="/events/view/<?php echo $this->request->data['Attribute']['event_id']; ?>">View Event</a></li>
|
||||
<li><a href="/logs/event_index/<?php echo $this->request->data['Attribute']['event_id'];?>">View Event History</a></li>
|
||||
<li><a href="/events/edit/<?php echo $this->request->data['Attribute']['event_id']; ?>">Edit Event</a></li>
|
||||
<li><?php echo $this->Form->postLink('Delete Event', array('controller' => 'events', 'action' => 'delete', $this->request->data['Attribute']['event_id']), null, __('Are you sure you want to delete # %s?', $this->request->data['Attribute']['event_id'])); ?></li>
|
||||
<li class="divider"></li>
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
if ('true' == Configure::read('CyDefSIG.sync')) {
|
||||
echo $this->Form->input('distribution', array(
|
||||
'options' => $distributionLevels,
|
||||
'label' => 'Distribution',
|
||||
'label' => 'Distribution',
|
||||
'selected' => $currentDist,
|
||||
'after' => $this->Html->div('forminfo', '', array('id' => 'AttributeDistributionDiv')),
|
||||
));
|
||||
|
@ -46,6 +46,7 @@ echo $this->Form->end();
|
|||
<div class="actions">
|
||||
<ul class="nav nav-list">
|
||||
<li><a href="/events/view/<?php echo $this->request->data['Attribute']['event_id']; ?>">View Event</a></li>
|
||||
<li><a href="/logs/event_index/<?php echo $this->request->data['Attribute']['event_id'];?>">View Event History</a></li>
|
||||
<li><a href="/events/edit/<?php echo $this->request->data['Attribute']['event_id']; ?>">Edit Event</a></li>
|
||||
<li><?php echo $this->Form->postLink('Delete Event', array('controller' => 'events', 'action' => 'delete', $this->request->data['Attribute']['event_id']), null, __('Are you sure you want to delete # %s?', $this->request->data['Attribute']['event_id'])); ?></li>
|
||||
<li class="divider"></li>
|
||||
|
|
|
@ -17,6 +17,7 @@ echo $this->Form->end();
|
|||
<div class="actions">
|
||||
<ul class="nav nav-list">
|
||||
<li><a href="/events/view/<?php echo $id;?>">View Event</a></li>
|
||||
<li><a href="/logs/event_index/<?php echo $id;?>">View Event History</a></li>
|
||||
<?php if ($isSiteAdmin || $mayModify): ?>
|
||||
<li><a href="/events/edit/<?php echo $id;?>">Edit Event</a></li>
|
||||
<li><?php echo $this->Form->postLink('Delete Event', array('action' => 'delete', $id), null, __('Are you sure you want to delete # %s?', $id)); ?></li>
|
||||
|
|
|
@ -36,6 +36,7 @@ $mayPublish = ($isAclPublish && $this->request->data['Event']['orgc'] == $me['or
|
|||
<div class="actions">
|
||||
<ul class="nav nav-list">
|
||||
<li><a href="/events/view/<?php echo $this->data['Event']['id'];?>">View Event</a></li>
|
||||
<li><a href="/logs/event_index/<?php echo $this->data['Event']['id'];?>">View Event History</a></li>
|
||||
<?php if ($isSiteAdmin || $mayModify): ?>
|
||||
<li><a href="/events/edit/<?php echo $this->data['Event']['id'];?>">Edit Event</a></li>
|
||||
<li><?php echo $this->Form->postLink('Delete Event', array('action' => 'delete', $this->data['Event']['id']), null, __('Are you sure you want to delete # %s?', $this->data['Event']['id'])); ?></li>
|
||||
|
|
|
@ -36,6 +36,7 @@ echo $this->Form->end();
|
|||
<div class="actions">
|
||||
<ul class="nav nav-list">
|
||||
<li><a href="/events/view/<?php echo $this->request->data['Event']['id'];?>">View Event</a></li>
|
||||
<li><a href="/logs/event_index/<?php echo $this->request->data['Event']['id'];?>">View Event History</a></li>
|
||||
<?php if ($isSiteAdmin || $mayModify): ?>
|
||||
<li class="active"><a href="/events/edit/<?php echo $this->request->data['Event']['id'];?>">Edit Event</a></li>
|
||||
<li><?php echo $this->Form->postLink('Delete Event', array('action' => 'delete', $this->request->data['Event']['id']), null, __('Are you sure you want to delete # %s?', $this->request->data['Event']['id'])); ?></li>
|
||||
|
|
|
@ -5,6 +5,7 @@ $mayPublish = ($isAclPublish && $event['Event']['orgc'] == $me['org']);
|
|||
<div class="actions">
|
||||
<ul class="nav nav-list">
|
||||
<li class="active"><a href="/events/view/<?php echo $event['Event']['id'];?>">View Event</a></li>
|
||||
<li><a href="/logs/event_index/<?php echo $event['Event']['id'];?>">View Event History</a></li>
|
||||
<?php if ($isSiteAdmin || $mayModify): ?>
|
||||
<li><a href="/events/edit/<?php echo $event['Event']['id'];?>">Edit Event</a></li>
|
||||
<li><?php echo $this->Form->postLink('Delete Event', array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id'])); ?></li>
|
||||
|
|
|
@ -0,0 +1,77 @@
|
|||
<div class="logs index">
|
||||
<h2>Logs</h2>
|
||||
<div class="pagination">
|
||||
<ul>
|
||||
<?php
|
||||
$this->Paginator->options(array(
|
||||
'update' => '.span12',
|
||||
'evalScripts' => true,
|
||||
'before' => '$(".progress").show()',
|
||||
'complete' => '$(".progress").hide()',
|
||||
));
|
||||
|
||||
echo $this->Paginator->prev('« ' . __('previous'), array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'prev disabled', 'escape' => false, 'disabledTag' => 'span'));
|
||||
echo $this->Paginator->numbers(array('modulus' => 20, 'separator' => '', 'tag' => 'li', 'currentClass' => 'active', 'currentTag' => 'span'));
|
||||
echo $this->Paginator->next(__('next') . ' »', array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'next disabled', 'escape' => false, 'disabledTag' => 'span'));
|
||||
?>
|
||||
</ul>
|
||||
</div>
|
||||
<table class="table table-striped table-hover table-condensed">
|
||||
<tr>
|
||||
<th><?php echo $this->Paginator->sort('model');?></th>
|
||||
<th><?php echo $this->Paginator->sort('action');?></th>
|
||||
<th><?php echo $this->Paginator->sort('created');?></th>
|
||||
<th><?php echo $this->Paginator->sort('title');?></th>
|
||||
</tr>
|
||||
<?php foreach ($list as $item): ?>
|
||||
<tr>
|
||||
<td class="short"><?php echo (h($item['Log']['model']) . '(' . h($item['Log']['model_id']) . ')'); ?> </td>
|
||||
<td class="short"><?php echo h($item['Log']['action']); ?> </td>
|
||||
<td class="short"><?php echo (h($item['Log']['created'])); ?> </td>
|
||||
<td><?php echo h($item['Log']['title']); ?> </td>
|
||||
</tr>
|
||||
<?php endforeach; ?>
|
||||
</table>
|
||||
<p>
|
||||
<?php
|
||||
echo $this->Paginator->counter(array(
|
||||
'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}')
|
||||
));
|
||||
?>
|
||||
</p>
|
||||
<div class="pagination">
|
||||
<ul>
|
||||
<?php
|
||||
echo $this->Paginator->prev('« ' . __('previous'), array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'prev disabled', 'escape' => false, 'disabledTag' => 'span'));
|
||||
echo $this->Paginator->numbers(array('modulus' => 20, 'separator' => '', 'tag' => 'li', 'currentClass' => 'active', 'currentTag' => 'span'));
|
||||
echo $this->Paginator->next(__('next') . ' »', array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'next disabled', 'escape' => false, 'disabledTag' => 'span'));
|
||||
?>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<div class="actions">
|
||||
<ul class="nav nav-list">
|
||||
<li><a href="/events/view/<?php echo $eventId;?>">View Event</a></li>
|
||||
<li class="active"><a href="/logs/event_index/<?php echo $eventId;?>">View Event History</a></li>
|
||||
<?php if ($isSiteAdmin || $mayModify): ?>
|
||||
<li><a href="/events/edit/<?php echo $eventId;?>">Edit Event</a></li>
|
||||
<li><?php echo $this->Form->postLink('Delete Event', array('controller' => 'events', 'action' => 'delete', $eventId), null, __('Are you sure you want to delete # %s?', $eventId)); ?></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="/attributes/add/<?php echo $eventId;?>">Add Attribute</a></li>
|
||||
<li><a href="/attributes/add_attachment/<?php echo $eventId;?>">Add Attachment</a></li>
|
||||
<li><a href="/events/addIOC/<?php echo $eventId;?>">Populate event from IOC</a></li>
|
||||
<?php else: ?>
|
||||
<li><a href="/shadow_attributes/add/<?php echo $eventId;?>">Propose Attribute</a></li>
|
||||
<li><a href="/shadow_attributes/add_attachment/<?php echo $eventId;?>">Propose Attachment</a></li>
|
||||
<?php endif; ?>
|
||||
<li class="divider"></li>
|
||||
<li><a href="/events/contact/<?php echo $eventId;?>">Contact reporter</a></li>
|
||||
<li><a href="/events/xml/download/<?php echo $eventId;?>">Download as XML</a></li>
|
||||
<li><a href="/events/downloadOpenIOCEvent/<?php echo $eventId;?>">Download as IOC</a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="/events/index">List Events</a></li>
|
||||
<?php if ($isAclAdd): ?>
|
||||
<li><a href="/events/add">Add Event</a></li>
|
||||
<?php endif; ?>
|
||||
</ul>
|
||||
</div>
|
|
@ -30,7 +30,7 @@
|
|||
foreach ($list as $item): ?>
|
||||
<tr>
|
||||
<td class="short"><?php echo $this->Html->link(h($item['Role']['id']), array('admin' => true, 'action' => 'edit', $item['Role']['id'])); ?> </td>
|
||||
<td class="short"><?php echo h($item['Role']['name']); ?> </td>
|
||||
<td><?php echo h($item['Role']['name']); ?> </td>
|
||||
<td class="short"><?php echo h($options[$item['Role']['permission']]); ?> </td>
|
||||
<td class="short"><?php echo h($item['Role']['perm_sync']); ?> </td>
|
||||
<td class="short"><?php echo h($item['Role']['perm_admin']); ?> </td>
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
foreach ($list as $item): ?>
|
||||
<tr>
|
||||
<td class="short"><?php echo h($item['Role']['id']); ?> </td>
|
||||
<td class="short"><?php echo h($item['Role']['name']); ?> </td>
|
||||
<td><?php echo h($item['Role']['name']); ?> </td>
|
||||
<td class="short"><?php echo h($options[$item['Role']['permission']]); ?> </td>
|
||||
<td class="short"><?php echo h($item['Role']['perm_sync']); ?> </td>
|
||||
<td class="short"><?php echo h($item['Role']['perm_admin']); ?> </td>
|
||||
|
|
Loading…
Reference in New Issue