removed reference to useless user_id.

fixed bug where Contact reporter doesn't work when user does not exist (contact reporter now sends mails to all the org)
2012-06-08 16:57:10 +02:00 · 2012-06-08 16:57:10 +02:00 · 5eb6a89384
parent 0687d3f6f4
commit 5eb6a89384
7 changed files with 65 additions and 88 deletions
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -20,6 +20,8 @@
 * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 */

+// TODO GPG encryption has issues when keys are expired
+
 App::uses('Controller', 'Controller');
 App::uses('Sanitize', 'Utility');

--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -168,7 +168,6 @@ class EventsController extends AppController {
     */
    public function _add(&$data, &$auth, $fromXml) {
        // force check userid and orgname to be from yourself
-        $data['Event']['user_id'] = $auth->user('id');
        $data['Event']['org'] = $auth->user('org');
        unset ($data['Event']['id']);
        $this->Event->create();
@ -192,7 +191,7 @@ class EventsController extends AppController {
        }

        $fieldList = array(
-                'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private'),
+                'Event' => array('org', 'date', 'risk', 'info', 'published', 'uuid', 'private'),
                'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private')
        );
        // this saveAssociated() function will save not only the event, but also the attributes
@ -229,14 +228,10 @@ class EventsController extends AppController {
            }

            // say what fields are to be updated
-            $fieldList=array('user_id', 'date', 'risk', 'info', 'published', 'private');
-            // always force the user and org, but do not force it for admins
-            if (!$this->_isAdmin()) {
-                $this->request->data['Event']['user_id'] = $this->Auth->user('id');
-
-            } else {
-                $this->Event->read();
-                $this->request->data['Event']['user_id'] = $this->Event->data['Event']['user_id'];
+            $fieldList=array('date', 'risk', 'info', 'published', 'private');
+            // always force the org, but do not force it for admins
+            if ($this->_isAdmin()) {
+                $this->Event->read(); // FIXME URGENT this should be deleted? delete and test
                $fieldList[]='org';
                $this->request->data['Event']['org'] = $this->Event->data['Event']['org'];
            }
@ -533,18 +528,19 @@ class EventsController extends AppController {

    /**
     *
-     * Sends out an email with the request to be contacted about a specific event.
+     * Sends out an email to all people within the same group
+     * with the request to be contacted about a specific event.
     * @todo move _sendContactEmail($id, $message) to a better place. (components?)
-     * FIXME this _sendContactEmail() gives bugs when a user is deleted. Maybe we should send emails to everyone?
     *
-     * @param unknown_type $id The id of the event for wich you want to contact the person.
+     * @param unknown_type $id The id of the event for wich you want to contact the org.
     * @param unknown_type $message The custom message that will be appended to the email.
     * @return True if success, False if error
     */
    private function _sendContactEmail($id, $message) {
        // fetch the event
-        $event = $this->Event->read(null, $id);
-        $reporter = $event['User']; // email, gpgkey
+        $event = $this->Event->read(null, $id);
+        $this->loadModel('User');
+        $org_members = $this->User->findAllByOrg($event['Event']['org'], array('email', 'gpgkey'));

        // The mail body, h() is NOT needed as we are sending plain-text mails.
        $body = "";
@ -600,30 +596,8 @@ class EventsController extends AppController {
        $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
        $gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password'));
        $body_signed = $gpg->sign($body, Crypt_GPG::SIGN_MODE_CLEAR);
-
-        if (!empty($reporter['gpgkey'])) {
-            // import the key of the user into the keyring
-            // this isn't really necessary, but it gives it the fingerprint necessary for the next step
-            $key_import_output = $gpg->importKey($reporter['gpgkey']);
-            // say what key should be used to encrypt
-            $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
-            $gpg->addEncryptKey($key_import_output['fingerprint']); // use the key that was given in the import
-
-            $body_enc_sig = $gpg->encrypt($body_signed, true);
-        } else {
-            $body_enc_sig = $body_signed;
-            // FIXME should I allow sending unencrypted "contact" mails to people if they didn't import they GPG key?
-        }
-
-        // prepare the email
-        $this->Email->from = Configure::read('CyDefSIG.email');
-        $this->Email->to = $reporter['email'];
-        $this->Email->subject = "[CyDefSIG] Need info about event ".$id." - TLP Amber";
-        //$this->Email->delivery = 'debug';   // do not really send out mails, only display it on the screen
-        $this->Email->template = 'body';
-        $this->Email->sendAs = 'text';        // both text or html
-        $this->set('body', $body_enc_sig);
-
+
+
        // Add the GPG key of the user as attachment
        // LATER sign the attached GPG key
        if (!empty($me_user['gpgkey'])) {
@ -637,9 +611,45 @@ class EventsController extends AppController {
                    'gpgkey.asc' => $tmpfname
            );
        }
+
+        foreach ($org_members as $reporter) {
+            if (!empty($reporter['User']['gpgkey'])) {
+                // import the key of the user into the keyring
+                // this isn't really necessary, but it gives it the fingerprint necessary for the next step
+                $key_import_output = $gpg->importKey($reporter['User']['gpgkey']);
+                // say what key should be used to encrypt
+                $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
+                $gpg->addEncryptKey($key_import_output['fingerprint']); // use the key that was given in the import

-        // send it
-        $result = $this->Email->send();
+                $body_enc_sig = $gpg->encrypt($body_signed, true);
+            } else {
+                $body_enc_sig = $body_signed;
+                // FIXME should I allow sending unencrypted "contact" mails to people if they didn't import they GPG key?
+            }
+
+            // prepare the email
+            $this->Email->from = Configure::read('CyDefSIG.email');
+            $this->Email->to = $reporter['User']['email'];
+            $this->Email->subject = "[CyDefSIG] Need info about event ".$id." - TLP Amber";
+            //$this->Email->delivery = 'debug';   // do not really send out mails, only display it on the screen
+            $this->Email->template = 'body';
+            $this->Email->sendAs = 'text';        // both text or html
+            $this->set('body', $body_enc_sig);
+            // Add the GPG key of the user as attachment
+            // LATER sign the attached GPG key
+            if (!empty($me_user['gpgkey'])) {
+                // attach the gpg key
+                $this->Email->attachments = array(
+                        'gpgkey.asc' => $tmpfname
+                );
+            }
+            // send it
+            $result = $this->Email->send();
+            // If you wish to send multiple emails using a loop, you'll need
+            // to reset the email fields using the reset method of the Email component.
+            $this->Email->reset();
+
+        }

        // remove the temporary gpg file
        if (!empty($me_user['gpgkey']))
@ -680,7 +690,7 @@ class EventsController extends AppController {
        } else {
            $conditions = array();
        }
-        // do not expose all the data like user_id, ...
+        // do not expose all the data ...
        $fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.info', 'Event.published', 'Event.uuid');
        if ('true' == Configure::read('CyDefSIG.showorg')) {
            $fields[] = 'Event.org';
--- a/app/MYSQL.txt
+++ b/app/MYSQL.txt
@ -47,9 +47,9 @@ CREATE TABLE `events` (
  `date` date NOT NULL,
  `risk` enum('Undefined','Low','Medium','High') COLLATE utf8_bin NOT NULL,
  `info` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
-  `user_id` int(11) NOT NULL,
  `published` tinyint(1) NOT NULL DEFAULT '0',
  `uuid` varchar(40) COLLATE utf8_bin NOT NULL,
+  `revision` int(11) NOT NULL DEFAULT '0',
  `private` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `uuid` (`uuid`),
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@ -69,16 +69,6 @@ class Event extends AppModel {
 				//'on' => 'create', // Limit validation to 'create' or 'update' operations
 			),
 		),
-		'user_id' => array(
-			'numeric' => array(
-				'rule' => array('numeric'),
-				//'message' => 'Your custom message here',
-				//'allowEmpty' => false,
-				//'required' => false,
-				//'last' => false, // Stop validation after this rule
-				//'on' => 'create', // Limit validation to 'create' or 'update' operations
-			),
-		),
 		'published' => array(
 			'boolean' => array(
 				'rule' => array('boolean'),
@ -126,15 +116,15 @@ class Event extends AppModel {
 *
 * @var array
 */
-	public $belongsTo = array(
-		'User' => array(
-			'className' => 'User',
-			'foreignKey' => 'user_id',
-			'conditions' => '',
-			'fields' => '',
-			'order' => ''
-		)
-	);
+// 	public $belongsTo = array(
+// 		'Org' => array(
+// 			'className' => 'Org',
+// 			'foreignKey' => 'org',
+// 			'conditions' => '',
+// 			'fields' => '',
+// 			'order' => ''
+// 		)
+// 	);

 /**
 * hasMany associations
@ -258,7 +248,6 @@ class Event extends AppModel {
 	    unset($event['Attribute']);

 	    // cleanup the array from things we do not want to expose
-	    unset($event['Event']['user_id']);
 	    unset($event['Event']['org']);
 	    // remove value1 and value2 from the output
 	    foreach($event['Event']['Attribute'] as $key => $attribute) {
--- a/app/Model/User.php
+++ b/app/Model/User.php
@ -155,27 +155,6 @@ class User extends AppModel {

 	//The Associations below have been created with all possible keys, those that are not needed can be removed

-/**
- * hasMany associations
- *
- * @var array
- */
-	public $hasMany = array(
-		'Event' => array(
-			'className' => 'Event',
-			'foreignKey' => 'user_id',
-			'dependent' => false,
-			'conditions' => '',
-			'fields' => '',
-			'order' => '',
-			'limit' => '',
-			'offset' => '',
-			'exclusive' => '',
-			'finderQuery' => '',
-			'counterQuery' => ''
-		)
-	);
-

 	public function beforeSave() {
 	    if (isset($this->data[$this->alias]['password'])) {
--- a/app/View/Events/xml/index.ctp
+++ b/app/View/Events/xml/index.ctp
@ -5,10 +5,8 @@ foreach ($events as $key => $event) {
    // rearrange things to be compatible with the Xml::fromArray()
    $events[$key] = $events[$key]['Event'];

-    // cleanup the array from things we do not want to expose
-    unset($events[$key]['User']);
+    // cleanup the array from things we do not want to expose
    unset($events[$key]['Event']);
-    unset($events[$key]['user_id']);
    // hide the private field is we are not in sync mode
    if ('true' != Configure::read('CyDefSIG.sync')) {
        unset($events[$key]['private']);
--- a/app/View/Events/xml/view.ctp
+++ b/app/View/Events/xml/view.ctp
@ -5,7 +5,6 @@ $event['Event']['Attribute'] = $event['Attribute'];
 unset($event['Attribute']);

 // cleanup the array from things we do not want to expose
-unset($event['Event']['user_id']);
 // remove value1 and value2 from the output
 foreach($event['Event']['Attribute'] as $key => $value) {
    unset($event['Event']['Attribute'][$key]['value1']);