mirror of https://github.com/MISP/MISP
chg: [eventGraph] refacto after comments from the Overmind
parent
61cab26e18
commit
692b410f92
|
@ -483,7 +483,7 @@ class ACLComponent extends Component {
|
|||
'index' => array('*'),
|
||||
),
|
||||
'eventGraph' => array(
|
||||
'get' => array('*'),
|
||||
'view' => array('*'),
|
||||
'add' => array('perm_add'),
|
||||
'delete' => array('perm_modify'),
|
||||
)
|
||||
|
|
|
@ -12,10 +12,7 @@ class EventGraphController extends AppController {
|
|||
parent::beforeFilter();
|
||||
}
|
||||
|
||||
public function get($event_id = false) {
|
||||
if (!$this->request->is('get')) {
|
||||
throw new MethodNotAllowedException(__('Invalid method.'));
|
||||
}
|
||||
public function view($event_id = false) {
|
||||
if ($event_id === false) throw new MethodNotAllowedException(__('No event ID set.'));
|
||||
|
||||
// retreive current org_id
|
||||
|
@ -23,9 +20,14 @@ class EventGraphController extends AppController {
|
|||
|
||||
// validate event
|
||||
$this->loadModel('Event');
|
||||
if (!is_numeric($event_id)) {
|
||||
if (Validation::uuid($event_id)) {
|
||||
$temp = $this->Event->find('first', array('recursive' => -1, 'fields' => array('Event.id'), 'conditions' => array('Event.uuid' => $eventId)));
|
||||
if (empty($temp)) throw new NotFoundException('Invalid event');
|
||||
$event_id = $temp['Event']['id'];
|
||||
} else if (!is_numeric($event_id)) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
|
||||
$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $event_id));
|
||||
if (empty($event)) throw new NotFoundException('Invalid event');
|
||||
|
||||
|
@ -38,9 +40,6 @@ class EventGraphController extends AppController {
|
|||
),
|
||||
'contain' => array(
|
||||
'User' => array(
|
||||
'conditions' => array(
|
||||
'User.id = EventGraph.user_id'
|
||||
),
|
||||
'fields' => array(
|
||||
'User.email'
|
||||
)
|
||||
|
@ -51,17 +50,14 @@ class EventGraphController extends AppController {
|
|||
}
|
||||
|
||||
public function add($event_id = false) {
|
||||
if ($this->request->is('get') && $this->_isRest()) {
|
||||
return $this->RestResponse->describe('EventGraph', 'add', false, $this->response->type());
|
||||
} else if ($this->request->is('get')) { // retreive form
|
||||
if ($this->request->is('get')) {
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->describe('EventGraph', 'add', false, $this->response->type());
|
||||
}
|
||||
$formURL = 'eventGraph_add_form';
|
||||
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($this->userRole['perm_modify'] || $this->userRole['perm_modify_org']) {
|
||||
// Allow the edit
|
||||
} else {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
if (!$this->_isSiteAdmin() && (!$this->userRole['perm_modify'] && !$this->userRole['perm_modify_org']) ) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
|
||||
$this->set('action', 'add');
|
||||
|
@ -69,20 +65,19 @@ class EventGraphController extends AppController {
|
|||
$this->render('ajax/' . $formURL);
|
||||
|
||||
} else {
|
||||
if ($event_id === false) throw new MethodNotAllowedException(__('No event ID set.'));
|
||||
if (empty($event_id)) throw new MethodNotAllowedException(__('No event ID set.'));
|
||||
|
||||
$this->loadModel('Event');
|
||||
$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $event_id));
|
||||
if (empty($event)) throw new NotFoundException('Invalid event');
|
||||
|
||||
$eventGraph = array();
|
||||
if (!$this->_isSiteAdmin() && ($event['Event']['orgc_id'] != $this->_checkOrg() && !$this->userRole['perm_modify'])) {
|
||||
if (!$this->_isSiteAdmin() && ($event['Event']['orgc_id'] != $this->Auth->user('org_id') && !$this->userRole['perm_modify'])) {
|
||||
throw new UnauthorizedException(__('You do not have permission to do that.'));
|
||||
} else {
|
||||
$eventGraph['EventGraph']['event_id'] = $event_id;
|
||||
}
|
||||
|
||||
$date = new DateTime();
|
||||
if (!isset($this->request->data['EventGraph']['network_json'])) {
|
||||
throw new MethodNotAllowedException('No network data set');
|
||||
} else {
|
||||
|
@ -98,8 +93,6 @@ class EventGraphController extends AppController {
|
|||
$eventGraph['EventGraph']['preview_img'] = $this->request->data['EventGraph']['preview_img'];
|
||||
}
|
||||
|
||||
$eventGraph['EventGraph']['timestamp'] = $date->getTimestamp();
|
||||
|
||||
// Network pushed will be the owner of the authentication key
|
||||
$eventGraph['EventGraph']['user_id'] = $this->Auth->user('id');
|
||||
$eventGraph['EventGraph']['org_id'] = $this->Auth->user('org_id');
|
||||
|
@ -129,22 +122,23 @@ class EventGraphController extends AppController {
|
|||
} else {
|
||||
$this->set('id', $id);
|
||||
$conditions = array('id' => $id);
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$conditions['org_id'] = $this->Auth->user('org_id');
|
||||
}
|
||||
$eventGraph = $this->EventGraph->find('first', array(
|
||||
'conditions' => $conditions,
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'event_id', 'user_id'),
|
||||
));
|
||||
if (empty($eventGraph)) throw new NotFoundException('Invalid EventGraph');
|
||||
if ($this->request->is('ajax')) {
|
||||
if ($this->request->is('post')) {
|
||||
// only creator (or siteAdmin) can delete the eventGraph
|
||||
if (($eventGraph['EventGraph']['user_id'] != $this->Auth->user()['id']) && !$this->_isSiteAdmin()) throw new MethodNotAllowedException('This eventGraph does not belong to you.');
|
||||
$result = $this->EventGraph->delete($id);
|
||||
if ($result) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'EventGraph deleted.')), 'status'=>200, 'type' => 'json'));
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'EventGraph not deleted.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
// only creator (or siteAdmin) can delete the eventGraph
|
||||
if (($eventGraph['EventGraph']['user_id'] != $this->Auth->user()['id']) && !$this->_isSiteAdmin()) throw new MethodNotAllowedException('This eventGraph does not belong to you.');
|
||||
$result = $this->EventGraph->delete($id);
|
||||
if ($result) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'EventGraph deleted.')), 'status'=>200, 'type' => 'json'));
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'EventGraph not deleted.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -975,6 +975,7 @@ class AppModel extends Model {
|
|||
INDEX `event_id` (`event_id`),
|
||||
INDEX `user_id` (`user_id`),
|
||||
INDEX `org_id` (`org_id`)
|
||||
INDEX `timestamp` (`timestamp`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
|
||||
break;
|
||||
case 'fixNonEmptySharingGroupID':
|
||||
|
|
|
@ -29,21 +29,24 @@ class EventGraph extends AppModel{
|
|||
|
||||
|
||||
public $validate = array(
|
||||
'is_json' => array(
|
||||
'rule' => array('isValidJson'),
|
||||
'message' => 'The provided eventGraph is not a valid json format',
|
||||
'required' => true,
|
||||
'network_json' => array(
|
||||
'rule' => array('isValidJson'),
|
||||
'message' => 'The provided eventGraph is not a valid json format',
|
||||
'required' => true,
|
||||
),
|
||||
);
|
||||
|
||||
public function beforeValidate($options = array()) {
|
||||
parent::beforeValidate();
|
||||
$date = new DateTime();
|
||||
$this->data['EventGraph']['timestamp'] = $date->getTimestamp();
|
||||
return true;
|
||||
}
|
||||
|
||||
public function isValidJson($text) {
|
||||
$check = json_decode($text);
|
||||
if ($check === null) {
|
||||
public function isValidJson($fields) {
|
||||
$text = $fields['network_json'];
|
||||
$check = json_decode($text);
|
||||
if ($check === null) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
|
|
@ -1456,7 +1456,7 @@ class DataHandler {
|
|||
}
|
||||
|
||||
fetch_graph_history(callback) {
|
||||
$.getJSON( "/eventGraph/get/"+scope_id, function( history ) {
|
||||
$.getJSON( "/eventGraph/view/"+scope_id, function( history ) {
|
||||
var history_formatted = [];
|
||||
var network_previews = [];
|
||||
history.forEach(function(item) {
|
||||
|
|
Loading…
Reference in New Issue