From 5011b50c656dce9d38b51b51f1f95a41ec427699 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 6 Aug 2013 09:43:00 +0200
Subject: [PATCH] Notification on rest add of published events. Fixes #138

---
 app/Config/bootstrap.default.php    | 1 +
 app/Controller/EventsController.php | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Config/bootstrap.default.php b/app/Config/bootstrap.default.php
index 01f69ffdb..0fd38c230 100755
--- a/app/Config/bootstrap.default.php
+++ b/app/Config/bootstrap.default.php
@@ -141,6 +141,7 @@ Configure::write('CyDefSIG.dns', 'false');				// there is a nameserver available
 //Configure::write('MISP.welcome_text_top', 'Welcome to the Organisation community\'s');     // used in Events::login before the MISP logo
 //Configure::write('MISP.welcome_text_bottom', 'instance');     // used in Events::login after the MISP logo
 //Configure::write('MISP.welcome_logo', 'organisation');     // used in Events::login to the left of the MISP logo, place a .png file in app/webroot/img with the name specified here. In this case it would be organisation.png
+Configure::write('MISP.disablerestalert', 'true');
 
 /**
  * The settings below can be used to set additional paths to models, views and controllers.
diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 560162b1b..c72b07a16 100755
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -83,7 +83,7 @@ class EventsController extends AppController {
 	 */
 	public function index() {
 		// list the events
-
+		
 		// TODO information exposure vulnerability - as we don't limit the filter depending on the CyDefSIG.showorg parameter
 		// this filter will work if showorg=false and users will be able to perform the filtering and see what events were posted by what org.
 		// same goes for orgc in all cases
@@ -562,6 +562,9 @@ class EventsController extends AppController {
 		if ($saveResult) {
 			if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
 				// do the necessary actions to publish the event (email, upload,...)
+				if ('true' != Configure::read('MISP.disablerestalert')) {
+					$this->__sendAlertEmail($this->Event->getId());
+				}
 				$this->__publish($this->Event->getId(), $passAlong);
 			}
 			return true;
@@ -2057,7 +2060,6 @@ class EventsController extends AppController {
 			array_push($temp2, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $org));
 			$conditionsAttributes['OR'] = $temp2;
 		}
-		$conditionsAttributes['AND'] = array('Attribute.to_ids =' => 1);
 
 		// do not expose all the data ...
 		$fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.analysis', 'Event.info', 'Event.published', 'Event.uuid');