mirror of https://github.com/MISP/MISP
new: [UI] Site admin can create SG with specific UUID
Jakub Onderka
parent
82caf0e770
commit
5940187b33
|
|
@ -41,9 +41,8 @@ class SharingGroupsController extends AppController
|
|||
|
||||
public function add()
|
||||
{
|
||||
if (!$this->userRole['perm_sharing_group']) {
|
||||
throw new MethodNotAllowedException('You don\'t have the required privileges to do that.');
|
||||
}
|
||||
$canModifyUuid = $this->Auth->user()['Role']['perm_site_admin'];
|
||||
|
||||
if ($this->request->is('post')) {
|
||||
if ($this->_isRest()) {
|
||||
if (isset($this->request->data['SharingGroup'])) {
|
||||
|
|
@ -79,6 +78,9 @@ class SharingGroupsController extends AppController
|
|||
}
|
||||
}
|
||||
$this->SharingGroup->create();
|
||||
if (!$canModifyUuid) {
|
||||
unset($sg['uuid']);
|
||||
}
|
||||
$sg['active'] = $sg['active'] ? 1: 0;
|
||||
$sg['roaming'] = $sg['roaming'] ? 1: 0;
|
||||
$sg['organisation_uuid'] = $this->Auth->user('Organisation')['uuid'];
|
||||
|
|
@ -124,23 +126,15 @@ class SharingGroupsController extends AppController
|
|||
} elseif ($this->_isRest()) {
|
||||
return $this->RestResponse->describe('SharingGroup', 'add', false, $this->response->type());
|
||||
}
|
||||
|
||||
$orgs = $this->SharingGroup->Organisation->find('all', array(
|
||||
'conditions' => array('local' => 1),
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'name', 'uuid')
|
||||
));
|
||||
$this->set('orgs', $orgs);
|
||||
|
||||
$this->set('localInstance', empty(Configure::read('MISP.external_baseurl')) ? Configure::read('MISP.baseurl') : Configure::read('MISP.external_baseurl'));
|
||||
// We just pass true and allow the user to edit, since he/she is just about to create the SG. This is needed to reuse the view for the edit
|
||||
$this->set('user', $this->Auth->user());
|
||||
$this->set('canModifyUuid', $canModifyUuid);
|
||||
}
|
||||
|
||||
public function edit($id = false)
|
||||
{
|
||||
if (!$this->userRole['perm_sharing_group']) {
|
||||
throw new MethodNotAllowedException('You don\'t have the required privileges to do that.');
|
||||
}
|
||||
if (empty($id)) {
|
||||
throw new NotFoundException('Invalid sharing group.');
|
||||
}
|
||||
|
|
@ -163,6 +157,10 @@ class SharingGroupsController extends AppController
|
|||
),
|
||||
),
|
||||
));
|
||||
if (empty($sharingGroup)) {
|
||||
throw new NotFoundException('Invalid sharing group.');
|
||||
}
|
||||
|
||||
if (!$this->SharingGroup->checkIfAuthorisedExtend($this->Auth->user(), $sharingGroup['SharingGroup']['id'])) {
|
||||
throw new MethodNotAllowedException('Action not allowed.');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -306,14 +306,19 @@ class SharingGroup extends AppModel
|
|||
return $sharingGroups;
|
||||
}
|
||||
|
||||
// Who can create a new sharing group with the elements pre-defined (via REST for example)?
|
||||
// 1. site admins
|
||||
// 2. Sharing group enabled users
|
||||
// a. as long as they are creator or extender of the SG object
|
||||
// 3. Sync users
|
||||
// a. as long as they are at least users of the SG (they can circumvent the extend rule to
|
||||
// avoid situations where no one can create / edit an SG on an instance after a push)
|
||||
public function checkIfAuthorisedToSave($user, $sg)
|
||||
/**
|
||||
* Who can create a new sharing group with the elements pre-defined (via REST for example)?
|
||||
* 1. site admins
|
||||
* 2. Sharing group enabled users
|
||||
* a. as long as they are creator or extender of the SG object
|
||||
* 3. Sync users
|
||||
* a. as long as they are at least users of the SG (they can circumvent the extend rule to
|
||||
* avoid situations where no one can create / edit an SG on an instance after a push)
|
||||
* @param array $user
|
||||
* @param array $sg
|
||||
* @return bool
|
||||
*/
|
||||
private function checkIfAuthorisedToSave(array $user, array $sg)
|
||||
{
|
||||
if (isset($sg[0])) {
|
||||
$sg = $sg[0];
|
||||
|
|
@ -379,7 +384,7 @@ class SharingGroup extends AppModel
|
|||
// a. Belong to the organisation that created the SG
|
||||
// b. Have an organisation entry in the SG with the extend flag set
|
||||
// 3. Sync users that have synced the SG to the local instance
|
||||
public function checkIfAuthorisedExtend($user, $id)
|
||||
public function checkIfAuthorisedExtend(array $user, $id)
|
||||
{
|
||||
if ($user['Role']['perm_site_admin']) {
|
||||
return true;
|
||||
|
|
@ -644,15 +649,16 @@ class SharingGroup extends AppModel
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
/**
|
||||
* Capture a new sharing group, rather than update an existing one
|
||||
*
|
||||
* @param array $user
|
||||
* @param array $sg
|
||||
* @param boolean syncLocal
|
||||
* @return int || false
|
||||
* @param boolean $syncLocal
|
||||
* @return int|false
|
||||
* @throws Exception
|
||||
*/
|
||||
private function captureSGNew($user, $sg, $syncLocal)
|
||||
private function captureSGNew(array $user, array $sg, $syncLocal)
|
||||
{
|
||||
// check if current user is contained in the SG and we are in a local sync setup
|
||||
if (!empty($sg['uuid'])) {
|
||||
|
|
@ -666,7 +672,7 @@ class SharingGroup extends AppModel
|
|||
$authorisedToSave = $this->checkIfAuthorisedToSave($user, $sg);
|
||||
}
|
||||
if (!$user['Role']['perm_site_admin'] &&
|
||||
!($user['Role']['perm_sync'] && $syncLocal ) &&
|
||||
!($user['Role']['perm_sync'] && $syncLocal) &&
|
||||
!$authorisedToSave
|
||||
) {
|
||||
$this->loadLog()->createLogEntry($user, 'error', 'SharingGroup', 0, "Tried to save a sharing group with UUID '{$sg['uuid']}' but the user does not belong to it.");
|
||||
|
|
|
|||
|
|
@ -48,6 +48,10 @@
|
|||
}
|
||||
?>
|
||||
<div id="page1_content" class="multi-page-form-div tabContent" style="width:544px;">
|
||||
<?php if ($canModifyUuid): ?>
|
||||
<label for="SharingGroupUuid"><?php echo __('UUID');?></label>
|
||||
<input type="text" class="input-xxlarge" placeholder="<?= __('If not provided, random UUID will be generated') ?>" id="SharingGroupUuid">
|
||||
<?php endif; ?>
|
||||
<label for="SharingGroupName"><?php echo __('Name');?></label>
|
||||
<input type="text" class="input-xxlarge" placeholder="<?php echo __('Example: Multinational sharing group');?>" id="SharingGroupName">
|
||||
<label for="SharingGroupReleasability"><?php echo __('Releasable to');?></label>
|
||||
|
|
|
|||
|
|
@ -3204,15 +3204,16 @@ function cancelPicklistValues() {
|
|||
|
||||
function sgSubmitForm(action) {
|
||||
var ajax = {
|
||||
'organisations': organisations,
|
||||
'servers': servers,
|
||||
'sharingGroup': {
|
||||
'name': $('#SharingGroupName').val(),
|
||||
'releasability': $('#SharingGroupReleasability').val(),
|
||||
'description': $('#SharingGroupDescription').val(),
|
||||
'active': $('#SharingGroupActive').is(":checked"),
|
||||
'roaming': $('#SharingGroupRoaming').is(":checked"),
|
||||
}
|
||||
'organisations': organisations,
|
||||
'servers': servers,
|
||||
'sharingGroup': {
|
||||
'uuid': $('#SharingGroupUuid').val(),
|
||||
'name': $('#SharingGroupName').val(),
|
||||
'releasability': $('#SharingGroupReleasability').val(),
|
||||
'description': $('#SharingGroupDescription').val(),
|
||||
'active': $('#SharingGroupActive').is(":checked"),
|
||||
'roaming': $('#SharingGroupRoaming').is(":checked"),
|
||||
}
|
||||
};
|
||||
$('#SharingGroupJson').val(JSON.stringify(ajax));
|
||||
var formName = "#SharingGroup" + action + "Form";
|
||||
|
|
@ -3274,6 +3275,7 @@ function sharingGroupPopulateFromJson() {
|
|||
}
|
||||
$('#SharingGroupName').attr('value', jsonparsed.sharingGroup.name);
|
||||
$('#SharingGroupReleasability').attr('value', jsonparsed.sharingGroup.releasability);
|
||||
$('#SharingGroupUuid').attr('value', jsonparsed.sharingGroup.uuid);
|
||||
$('#SharingGroupDescription').text(jsonparsed.sharingGroup.description);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue