new: [security setting] disable admin file management

- for compliance reasons, disable the upload of images for the various logos / decorations - setting can be enabled/disabled via CLI only
2022-11-22 13:24:46 +01:00 · 2022-11-22 13:24:46 +01:00 · 6393e993bf
parent d73151a5cf
commit 6393e993bf
3 changed files with 22 additions and 6 deletions
--- a/app/Controller/ServersController.php
+++ b/app/Controller/ServersController.php
@ -1075,6 +1075,9 @@ class ServersController extends AppController
            $this->set('correlation_metrics', $correlation_metrics);
        }
        if ($tab === 'files') {
+            if (!empty(Configure::read('Security.disable_instance_file_uploads'))) {
+                throw new MethodNotAllowedException(__('This functionality is disabled.'));
+            }
            $files = $this->Server->grabFiles();
            $this->set('files', $files);
        }
@ -1624,6 +1627,9 @@ class ServersController extends AppController
        if (!$this->request->is('post')) {
            throw new MethodNotAllowedException();
        }
+        if (!empty(Configure::read('Security.disable_instance_file_uploads'))) {
+            throw new MethodNotAllowedException(__('Feature disabled.'));
+        }
        $validItems = $this->Server->getFileRules();

        // Check if there were problems with the file upload
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@ -6523,6 +6523,15 @@ class Server extends AppModel
                    'test' => 'testBool',
                    'type' => 'boolean',
                    'null' => true
+                ],
+                'disable_instance_file_uploads' => [
+                    'level' => self::SETTING_RECOMMENDED,
+                    'description' => __('When enabled, the "Manage files" menu is disabled on the server settings. You can still copy files via ssh to the appropriate location and link them using MISP.settings.'),
+                    'value' => false,
+                    'test' => 'testBool',
+                    'type' => 'boolean',
+                    'null' => true,
+                    'cli_only' => true
                ]
            ),
            'SecureAuth' => array(
--- a/app/View/Elements/healthElements/tabs.ctp
+++ b/app/View/Elements/healthElements/tabs.ctp
@ -50,12 +50,13 @@
        ),
        'active' => $active_tab === 'diagnostics'
    );
-
-    $data['children'][0]['children'][] = array(
-        'url' => $baseurl . '/servers/serverSettings/files',
-        'text' => __('Manage files'),
-        'active' => $active_tab === 'files'
-    );
+    if (empty(Configure::read('Security.disable_instance_file_uploads'))) {
+        $data['children'][0]['children'][] = array(
+            'url' => $baseurl . '/servers/serverSettings/files',
+            'text' => __('Manage files'),
+            'active' => $active_tab === 'files'
+        );
+    }
    $data['children'][0]['children'][] = array(
        'url' => $baseurl . '/servers/serverSettings/workers',
        'title' => __('Workers'),