mirror of https://github.com/MISP/MISP
RBAC
just edit your own did still give edit org as well. can be tested if now correct.pull/63/head
parent
4cc6b8055f
commit
55f9b594d7
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
$buttonModifyStatus = ($isAclModify || $isAclModifyOrg) ? 'button_on':'button_off';
|
||||
$mayModify = (($isAclModify && $event['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $event['Event']['org'] == $me['org']));
|
||||
?>
|
||||
<div class="attributes form">
|
||||
<?php echo $this->Form->create('Attribute');?>
|
||||
|
@ -50,8 +50,7 @@ $this->Js->get('#AttributeDistribution')->event('change', 'showFormInfo("#Attrib
|
|||
<ul>
|
||||
<li><?php
|
||||
$attribute = ClassRegistry::init('Attribute')->findById($this->Form->value('Attribute.id')); // TODO ACL $attribute??
|
||||
if ($isAclModify || ($isAclModifyOrg && $attribute['Event']['user_id'] == $me['id'])) echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), null, __('Are you sure you want to delete # %s?', $this->Form->value('Attribute.id')));
|
||||
else echo $this->Html->link(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), array('class' => $buttonModifyStatus)); ?></li>
|
||||
if ($mayModify) echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $this->Form->value('Attribute.id')), null, __('Are you sure you want to delete # %s?', $this->Form->value('Attribute.id'))); ?></li>
|
||||
<li> </li>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
</ul>
|
||||
|
|
|
@ -1,6 +1,3 @@
|
|||
<?php
|
||||
$buttonModifyStatus = ($isAclModify || $isAclModifyOrg) ? 'button_on':'button_off';
|
||||
?>
|
||||
<div class="attributes index">
|
||||
<h2><?php echo __('Attributes');?></h2>
|
||||
<table cellpadding="0" cellspacing="0">
|
||||
|
@ -39,10 +36,9 @@ if ('attachment' == $attribute['Attribute']['type'] || 'malware-sample' == $attr
|
|||
<td class="short" style="text-align: center;" onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true);?>';">
|
||||
<?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No'; ?> </td>
|
||||
<td class="actions"><?php
|
||||
if ($isAdmin || $attribute['Event']['org'] == $me['org']) {
|
||||
echo $this->Html->link(__('Edit'), array('action' => 'edit', $attribute['Attribute']['id']), $isAclModify || ($isAclModifyOrg && ($attribute['Event']['user_id'] == $me['id'])) ? null : array('class' => $buttonModifyStatus));
|
||||
if ($isAclModify || ($isAclModifyOrg && ($attribute['Event']['user_id'] == $me['id']))) echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
|
||||
else echo $this->Html->link(__('Delete'), array('action' => 'delete', $attribute['Attribute']['id']), array('class' => $buttonModifyStatus));
|
||||
if ($isAdmin || ($isAclModify && $attribute['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $attribute['Event']['org'] == $me['org'])) {
|
||||
echo $this->Html->link(__('Edit'), array('action' => 'edit', $attribute['Attribute']['id']), null);
|
||||
echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $attribute['Attribute']['id']), null, __('Are you sure you want to delete this attribute?'));
|
||||
}
|
||||
echo $this->Html->link(__('View'), array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']));
|
||||
?>
|
||||
|
|
|
@ -1,8 +1,3 @@
|
|||
<?php
|
||||
$buttonAddStatus = $isAclAdd ? 'button_on':'button_off';
|
||||
$buttonModifyStatus = ($isAclModify || $isAclModifyOrg) ? 'button_on':'button_off';
|
||||
$buttonPublishStatus = $isAclPublish ? 'button_on':'button_off';
|
||||
?>
|
||||
<div class="events index">
|
||||
<h2>Events</h2>
|
||||
<table cellpadding="0" cellspacing="0">
|
||||
|
@ -65,16 +60,14 @@ $buttonPublishStatus = $isAclPublish ? 'button_on':'button_off';
|
|||
<?php endif; ?>
|
||||
<td class="actions">
|
||||
<?php
|
||||
if (0 == $event['Event']['published'] && ($isAdmin || $event['Event']['org'] == $me['org']))
|
||||
if ($isAclPublish) echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), array('action' => 'alert', $event['Event']['id']), 'Are you sure this event is complete and everyone should be informed?');
|
||||
else echo $this->Html->link('Publish Event', array('class' => $buttonPublishStatus, 'action' => 'alert', $event['Event']['id']), array('class' => $buttonPublishStatus, 'action' => 'alert', $event['Event']['id']));
|
||||
if (0 == $event['Event']['published'] && ($isAdmin || ($isAclPublish && $event['Event']['org'] == $me['org'])))
|
||||
echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), array('action' => 'alert', $event['Event']['id']), 'Are you sure this event is complete and everyone should be informed?');
|
||||
elseif (0 == $event['Event']['published']) echo 'Not published';
|
||||
?>
|
||||
<?php
|
||||
if ($isAdmin || $event['Event']['org'] == $me['org']) {
|
||||
echo $this->Html->link(__('Edit', true), array('action' => 'edit', $event['Event']['id']), $isAclModify ? null : array('class' => $buttonModifyStatus));
|
||||
if ($isAclModify || ($isAclModifyOrg && $event['Event']['org'] == $me['org'])) echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id']));
|
||||
else echo $this->Html->link(__('Delete'), array('action' => 'delete', $event['Event']['id']), array('class' => $buttonModifyStatus));
|
||||
if ($isAdmin || ($isAclModify && $event['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $event['Event']['org'] == $me['org'])) {
|
||||
echo $this->Html->link(__('Edit', true), array('action' => 'edit', $event['Event']['id']), null);
|
||||
echo $this->Form->postLink(__('Delete'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id']));
|
||||
}
|
||||
?>
|
||||
<?php echo $this->Html->link(__('View', true), array('controller' => 'events', 'action' => 'view', $event['Event']['id'])); ?>
|
||||
|
|
|
@ -1,22 +1,16 @@
|
|||
<?php
|
||||
$buttonAddStatus = $isAclAdd ? 'button_on':'button_off';
|
||||
$mayModify = ($isAclModify || $isAclModifyOrg);
|
||||
$buttonModifyStatus = $mayModify ? 'button_on':'button_off';
|
||||
$mayPublish = $isAclPublish;
|
||||
$buttonPublishStatus = $mayPublish ? 'button_on':'button_off';
|
||||
$mayModify = (($isAclModify && $event['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $event['Event']['org'] == $me['org']));
|
||||
$mayPublish = ($isAclPublish && $event['Event']['org'] == $me['org']);
|
||||
?>
|
||||
<div class="events view">
|
||||
<div class="actions" style="float:right;">
|
||||
<?php if ( 0 == $event['Event']['published'] && ($isAdmin || $event['Event']['org'] == $me['org'])):
|
||||
<?php if ( 0 == $event['Event']['published'] && ($isAdmin || $mayPublish)):
|
||||
// only show button if alert has not been sent // LATER show the ALERT button in red-ish
|
||||
?>
|
||||
<ul><li><?php
|
||||
if ($mayPublish) {
|
||||
echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), null, 'Are you sure this event is complete and everyone should be informed?');
|
||||
echo $this->Form->postLink('Publish (no email)', array('action' => 'publish', $event['Event']['id']), null, 'Publish but do NOT send alert email? Only for minor changes!');
|
||||
} else {
|
||||
echo $this->Html->link('Publish Event', array('action' => 'alert', $event['Event']['id']), array('class' => $buttonPublishStatus));
|
||||
echo $this->Html->link('Publish (no email)', array('action' => 'publish', $event['Event']['id']), array('class' => $buttonPublishStatus));
|
||||
}
|
||||
?> </li></ul>
|
||||
<?php elseif (0 == $event['Event']['published']): ?>
|
||||
|
@ -118,7 +112,7 @@ if ($mayPublish) {
|
|||
<th <?php echo "title='" . $attrDescriptions['private']['desc'] . "'";?>>Private</th>
|
||||
<?php endif;?>
|
||||
<?php endif;?>
|
||||
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
|
||||
<?php if ($isAdmin || $mayModify): ?>
|
||||
<th class="actions">Actions</th>
|
||||
<?php endif;?>
|
||||
</tr><?php
|
||||
|
@ -182,16 +176,11 @@ if (isset($relatedAttributes[$attribute['id']]) && (null != $relatedAttributes[$
|
|||
<td class="short" style="text-align: center;"><?php echo $attribute['private'] ? 'Private' : ' ';?></td>
|
||||
<?php endif;?>
|
||||
<?php endif;?>
|
||||
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
|
||||
<?php if ($isAdmin || $mayModify): ?>
|
||||
<td class="actions">
|
||||
<?php
|
||||
if ($isAclModify) {
|
||||
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']));
|
||||
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?'));
|
||||
} else {
|
||||
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']), array('class' => $buttonModifyStatus));
|
||||
echo $this->Html->link(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), array('class' => $buttonModifyStatus));
|
||||
}
|
||||
echo $this->Html->link(__('Edit', true), array('controller' => 'attributes', 'action' => 'edit', $attribute['id']));
|
||||
echo $this->Form->postLink(__('Delete'), array('controller' => 'attributes', 'action' => 'delete', $attribute['id']), null, __('Are you sure you want to delete this attribute?'));
|
||||
?>
|
||||
</td>
|
||||
<?php endif;?>
|
||||
|
@ -200,11 +189,11 @@ if ($isAclModify) {
|
|||
<?php endforeach; ?>
|
||||
</table>
|
||||
<?php endif; ?>
|
||||
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
|
||||
<?php if ($isAdmin || $mayModify): ?>
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']), array('class' => $buttonAddStatus));?> </li>
|
||||
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']), array('class' => $buttonAddStatus));?> </li>
|
||||
<li><?php echo $this->Html->link('Add Attribute', array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
|
||||
<li><?php echo $this->Html->link('Add Attachment', array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
|
||||
</ul>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
@ -214,14 +203,11 @@ if ($isAclModify) {
|
|||
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
|
||||
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']), array('class' => $buttonAddStatus));?> </li>
|
||||
<li><?php echo $this->Html->link(__('Add Attachment', true), array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']), array('class' => $buttonAddStatus));?> </li>
|
||||
<li><?php echo $this->Html->link(__('Edit Event', true), array('action' => 'edit', $event['Event']['id']), array('class' => $buttonModifyStatus)); ?> </li>
|
||||
<li><?php
|
||||
if ($mayModify) echo $this->Form->postLink(__('Delete Event'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id']));
|
||||
else echo $this->Html->link(__('Delete Event'), array('action' => 'delete', $event['Event']['id']), array('class' => $buttonModifyStatus));
|
||||
?></li>
|
||||
<?php if ($isAdmin || $mayModify): ?>
|
||||
<li><?php echo $this->Html->link(__('Add Attribute', true), array('controller' => 'attributes', 'action' => 'add', $event['Event']['id']));?> </li>
|
||||
<li><?php echo $this->Html->link(__('Add Attachment', true), array('controller' => 'attributes', 'action' => 'add_attachment', $event['Event']['id']));?> </li>
|
||||
<li><?php echo $this->Html->link(__('Edit Event', true), array('action' => 'edit', $event['Event']['id'])); ?> </li>
|
||||
<li><?php echo $this->Form->postLink(__('Delete Event'), array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id'])); ?></li>
|
||||
<li> </li>
|
||||
<?php endif; ?>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
|
|
Loading…
Reference in New Issue