MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

RBAC 

just edit your own did still give edit org as well.
can be tested if now correct.
pull/63/head
noud 2012-11-09 10:14:40 +01:00
parent 4cc6b8055f
commit 55f9b594d7
4 changed files with 25 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/View/Attributes/edit.ctp
View File

@ -1,5 +1,5 @@
<?php
$buttonModifyStatus = ($isAclModify || $isAclModifyOrg) ? 'button_on':'button_off';
$mayModify = (($isAclModify && $event['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $event['Event']['org'] == $me['org']));
?>
<div class="attributes form">
<?php echo $this->Form->create('Attribute');?>
@ -50,8 +50,7 @@ $this->Js->get('#AttributeDistribution')->event('change', 'showFormInfo("#Attrib
<ul>
<li><?php
$attribute = ClassRegistry::init('Attribute')->findById($this->Form->value('Attribute.id')); // TODO ACL $attribute??
if ($isAclModify || ($isAclModifyOrg && $attribute['Event']['user_id'] == $me['id'])) echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), null, __('Are you sure you want to delete # %s?', $this->Form->value('Attribute.id')));
else echo $this->Html->link(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), array('class' => $buttonModifyStatus)); ?></li>
if ($mayModify) echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), null, __('Are you sure you want to delete # %s?', $this->Form->value('Attribute.id'))); ?></li>
<li>&nbsp;</li>
<?php echo $this->element('actions_menu'); ?>
</ul>

10
app/View/Attributes/index.ctp
View File

@ -1,6 +1,3 @@
<?php
$buttonModifyStatus = ($isAclModify || $isAclModifyOrg) ? 'button_on':'button_off';
?>
<div class="attributes index">
<h2><?php echo __('Attributes');?></h2>
<table cellpadding="0" cellspacing="0">
@ -39,10 +36,9 @@ if ('attachment' == $attribute['Attribute']['type'] || 'malware-sample' == $attr
<td class="short" style="text-align: center;" onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
<?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No'; ?>&nbsp;</td>
<td class="actions"><?php
if ($isAdmin || $attribute['Event']['org'] == $me['org']) {
echo $this->Html->link(__('Edit'), array('action' => 'edit', $attribute['Attribute']['id']), $isAclModify || ($isAclModifyOrg && ($attribute['Event']['user_id'] == $me['id'])) ? null : array('class' => $buttonModifyStatus));
if ($isAclModify || ($isAclModifyOrg && ($attribute['Event']['user_id'] == $me['id']))) echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
else echo $this->Html->link(__('Delete'), array('action' => 'delete', $attribute['Attribute']['id']), array('class' => $buttonModifyStatus));
if ($isAdmin || ($isAclModify && $attribute['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $attribute['Event']['org'] == $me['org'])) {
echo $this->Html->link(__('Edit'), array('action' => 'edit', $attribute['Attribute']['id']), null);
echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
}
echo $this->Html->link(__('View'), array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']));
?>

17
app/View/Events/index.ctp
View File

@ -1,8 +1,3 @@
<?php
$buttonAddStatus = $isAclAdd ? 'button_on':'button_off';
$buttonModifyStatus = ($isAclModify || $isAclModifyOrg) ? 'button_on':'button_off';
$buttonPublishStatus = $isAclPublish ? 'button_on':'button_off';
?>
<div class="events index">
<h2>Events</h2>
<table cellpadding="0" cellspacing="0">
@ -65,16 +60,14 @@ $buttonPublishStatus = $isAclPublish ? 'button_on':'button_off';
<?php endif; ?>
<td class="actions">
<?php
if (0 == $event['Event']['published'] && ($isAdmin || $event['Event']['org'] == $me['org']))
if ($isAclPublish) echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), array('action' => 'alert', $event['Event']['id']), 'Are you sure this event is complete and everyone should be informed?');
else echo $this->Html->link('Publish Event', array('class' => $buttonPublishStatus, 'action' => 'alert', $event['Event']['id']), array('class' => $buttonPublishStatus, 'action' => 'alert', $event['Event']['id']));
if (0 == $event['Event']['published'] && ($isAdmin || ($isAclPublish && $event['Event']['org'] == $me['org'])))
echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), array('action' => 'alert', $event['Event']['id']), 'Are you sure this event is complete and everyone should be informed?');
elseif (0 == $event['Event']['published']) echo 'Not published';
?>
<?php
if ($isAdmin || $event['Event']['org'] == $me['org']) {
echo $this->Html->link(__('Edit', true), array('action' => 'edit', $event['Event']['id']), $isAclModify ? null : array('class' => $buttonModifyStatus));
if ($isAclModify || ($isAclModifyOrg && $event['Event']['org'] == $me['org'])) echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id']));
else echo $this->Html->link(__('Delete'), array('action' => 'delete', $event['Event']['id']), array('class' => $buttonModifyStatus));
if ($isAdmin || ($isAclModify && $event['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $event['Event']['org'] == $me['org'])) {
echo $this->Html->link(__('Edit', true), array('action' => 'edit', $event['Event']['id']), null);
echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id']));
}
?>
<?php echo $this->Html->link(__('View', true), array('controller' => 'events', 'action' => 'view', $event['Event']['id'])); ?>

44
app/View/Events/view.ctp
View File

@ -1,22 +1,16 @@
<?php
$buttonAddStatus = $isAclAdd ? 'button_on':'button_off';
$mayModify = ($isAclModify || $isAclModifyOrg);
$buttonModifyStatus = $mayModify ? 'button_on':'button_off';
$mayPublish = $isAclPublish;
$buttonPublishStatus = $mayPublish ? 'button_on':'button_off';
$mayModify = (($isAclModify && $event['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $event['Event']['org'] == $me['org']));
$mayPublish = ($isAclPublish && $event['Event']['org'] == $me['org']);
?>
<div class="events view">
<div class="actions" style="float:right;">
<?php if ( 0 == $event['Event']['published'] && ($isAdmin || $event['Event']['org'] == $me['org'])):
<?php if ( 0 == $event['Event']['published'] && ($isAdmin || $mayPublish)):
// only show button if alert has not been sent // LATER show the ALERT button in red-ish
?>
<ul><li><?php
if ($mayPublish) {
echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
echo $this->Form->postLink('Publish (no email)', array('action' => 'publish', $event['Event']['id']), null, 'Publish but do NOT send alert email? Only for minor changes!');
} else {
echo $this->Html->link('Publish Event', array('action' => 'alert', $event['Event']['id']), array('class' => $buttonPublishStatus));
echo $this->Html->link('Publish (no email)', array('action' => 'publish', $event['Event']['id']), array('class' => $buttonPublishStatus));
}
?> </li></ul>
<?php elseif (0 == $event['Event']['published']): ?>
@ -118,7 +112,7 @@ if ($mayPublish) {
<th <?php echo "title='" . $attrDescriptions['private']['desc'] . "'";?>>Private</th>
<?php endif;?>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<?php if ($isAdmin || $mayModify): ?>
<th class="actions">Actions</th>
<?php endif;?>
</tr><?php
@ -182,16 +176,11 @@ if (isset($relatedAttributes[$attribute['id']]) && (null != $relatedAttributes[$
<td class="short" style="text-align: center;"><?php echo $attribute['private'] ? 'Private' : '&nbsp;';?></td>
<?php endif;?>
<?php endif;?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<?php if ($isAdmin || $mayModify): ?>
<td class="actions">
<?php
if ($isAclModify) {
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?'));
} else {
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']), array('class' => $buttonModifyStatus));
echo $this->Html->link(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), array('class' => $buttonModifyStatus));
}
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']));
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?'));
?>
</td>
<?php endif;?>
@ -200,11 +189,11 @@ if ($isAclModify) {
<?php endforeach; ?>
</table>
<?php endif; ?>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<?php if ($isAdmin || $mayModify): ?>
<div class="actions">
<ul>
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']), array('class' => $buttonAddStatus));?> </li>
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']), array('class' => $buttonAddStatus));?> </li>
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
</ul>
</div>
<?php endif; ?>
@ -214,14 +203,11 @@ if ($isAclModify) {
<div class="actions">
<ul>
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']), array('class' => $buttonAddStatus));?> </li>
<li><?php echo $this->Html->link(__('Add Attachment', true), array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']), array('class' => $buttonAddStatus));?> </li>
<li><?php echo $this->Html->link(__('Edit Event', true), array('action' => 'edit', $event['Event']['id']), array('class' => $buttonModifyStatus)); ?> </li>
<li><?php
if ($mayModify) echo $this->Form->postLink(__('Delete Event'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id']));
else echo $this->Html->link(__('Delete Event'), array('action' => 'delete', $event['Event']['id']), array('class' => $buttonModifyStatus));
?></li>
<?php if ($isAdmin || $mayModify): ?>
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Add Attachment', true), array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
<li><?php echo $this->Html->link(__('Edit Event', true), array('action' => 'edit', $event['Event']['id'])); ?> </li>
<li><?php echo $this->Form->postLink(__('Delete Event'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id'])); ?></li>
<li>&nbsp;</li>
<?php endif; ?>
<?php echo $this->element('actions_menu'); ?>