mirror of https://github.com/MISP/MISP
fix: [acl] Event graph
parent
6461d7c8cd
commit
5299f50e20
|
@ -10,11 +10,6 @@ class EventGraphController extends AppController
|
|||
'RequestHandler'
|
||||
);
|
||||
|
||||
public function beforeFilter()
|
||||
{
|
||||
parent::beforeFilter();
|
||||
}
|
||||
|
||||
public function view($event_id = false, $graph_id = null)
|
||||
{
|
||||
if ($event_id === false) {
|
||||
|
@ -75,18 +70,20 @@ class EventGraphController extends AppController
|
|||
if (empty($eventGraph)) {
|
||||
throw new MethodNotAllowedException('Invalid event graph');
|
||||
}
|
||||
$eventGraph = $eventGraph;
|
||||
$imageData = $this->EventGraph->getPictureData($eventGraph);
|
||||
return new CakeResponse(array('body' => $imageData, 'type' => 'png'));
|
||||
}
|
||||
|
||||
public function add($event_id = false)
|
||||
{
|
||||
if (empty($event_id)) {
|
||||
throw new MethodNotAllowedException(__('No event ID set.'));
|
||||
}
|
||||
|
||||
if ($this->request->is('get')) {
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->describe('EventGraph', 'add', false, $this->response->type());
|
||||
}
|
||||
$formURL = 'eventGraph_add_form';
|
||||
|
||||
if (!$this->_isSiteAdmin() && (!$this->userRole['perm_modify'] && !$this->userRole['perm_modify_org'])) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
|
@ -94,30 +91,30 @@ class EventGraphController extends AppController
|
|||
|
||||
$this->set('action', 'add');
|
||||
$this->set('event_id', $event_id);
|
||||
$this->render('ajax/' . $formURL);
|
||||
$this->render('ajax/eventGraph_add_form');
|
||||
} else {
|
||||
if (empty($event_id)) {
|
||||
throw new MethodNotAllowedException(__('No event ID set.'));
|
||||
}
|
||||
|
||||
$this->loadModel('Event');
|
||||
$event = $this->Event->fetchSimpleEvent($this->Auth->user(), $event_id);
|
||||
if (empty($event)) {
|
||||
throw new NotFoundException('Invalid event');
|
||||
}
|
||||
|
||||
$eventGraph = array();
|
||||
if (!$this->_isSiteAdmin() && ($event['Event']['orgc_id'] != $this->Auth->user('org_id') && !$this->userRole['perm_modify'])) {
|
||||
throw new UnauthorizedException(__('You do not have permission to do that.'));
|
||||
} else {
|
||||
$eventGraph['EventGraph']['event_id'] = $event['Event']['id'];
|
||||
if (!$this->ACL->canModifyEvent($this->Auth->user(), $event)) {
|
||||
throw new ForbiddenException(__('You do not have permission to do that.'));
|
||||
}
|
||||
|
||||
if (!isset($this->request->data['EventGraph']['network_json'])) {
|
||||
throw new MethodNotAllowedException('No network data set');
|
||||
} else {
|
||||
$eventGraph['EventGraph']['network_json'] = $this->request->data['EventGraph']['network_json'];
|
||||
}
|
||||
if (!JsonTool::isValid($this->request->data['EventGraph']['network_json'])) {
|
||||
throw new MethodNotAllowedException('Network data is not valid JSON.');
|
||||
}
|
||||
|
||||
$eventGraph = ['EventGraph' => [
|
||||
'event_id' => $event['Event']['id'],
|
||||
'network_json' => $this->request->data['EventGraph']['network_json'],
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'org_id' => $this->Auth->user('org_id'),
|
||||
]];
|
||||
|
||||
if (!isset($this->request->data['EventGraph']['network_name'])) {
|
||||
$eventGraph['EventGraph']['network_name'] = null;
|
||||
} else {
|
||||
|
@ -128,10 +125,6 @@ class EventGraphController extends AppController
|
|||
$eventGraph['EventGraph']['preview_img'] = $this->request->data['EventGraph']['preview_img'];
|
||||
}
|
||||
|
||||
// Network pushed will be the owner of the authentication key
|
||||
$eventGraph['EventGraph']['user_id'] = $this->Auth->user('id');
|
||||
$eventGraph['EventGraph']['org_id'] = $this->Auth->user('org_id');
|
||||
|
||||
$result = $this->EventGraph->save(
|
||||
$eventGraph,
|
||||
true,
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
<?php
|
||||
App::uses('AppModel', 'Model');
|
||||
|
||||
class EventGraph extends AppModel
|
||||
{
|
||||
public $useTable = 'event_graph';
|
||||
|
@ -27,7 +28,6 @@ class EventGraph extends AppModel
|
|||
)
|
||||
);
|
||||
|
||||
|
||||
public $validate = array(
|
||||
'network_json' => array(
|
||||
'rule' => 'valueIsJson',
|
||||
|
@ -39,8 +39,7 @@ class EventGraph extends AppModel
|
|||
public function beforeValidate($options = array())
|
||||
{
|
||||
parent::beforeValidate();
|
||||
$date = new DateTime();
|
||||
$this->data['EventGraph']['timestamp'] = $date->getTimestamp();
|
||||
$this->data['EventGraph']['timestamp'] = time();
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue