mirror of https://github.com/MISP/MISP
fix: [internal] Cleanup controller code
parent
a0e8567982
commit
74a2982e1a
|
@ -1,7 +1,9 @@
|
|||
<?php
|
||||
|
||||
App::uses('AppController', 'Controller');
|
||||
|
||||
/**
|
||||
* @property AdminCrudComponent $AdminCrud
|
||||
*/
|
||||
class AllowedlistsController extends AppController
|
||||
{
|
||||
public $components = array(
|
||||
|
@ -9,35 +11,26 @@ class AllowedlistsController extends AppController
|
|||
);
|
||||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'order' => array(
|
||||
'Allowedlist.name' => 'ASC'
|
||||
)
|
||||
'limit' => 60,
|
||||
'order' => array(
|
||||
'Allowedlist.name' => 'ASC'
|
||||
)
|
||||
);
|
||||
|
||||
public function admin_add()
|
||||
{
|
||||
if (!$this->userRole['perm_regexp_access']) {
|
||||
$this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->set('action', 'add');
|
||||
$this->AdminCrud->adminAdd();
|
||||
}
|
||||
|
||||
public function admin_index()
|
||||
{
|
||||
if (!$this->userRole['perm_regexp_access']) {
|
||||
$this->redirect(array('controller' => 'allowedlists', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->AdminCrud->adminIndex();
|
||||
$this->render('index');
|
||||
}
|
||||
|
||||
public function admin_edit($id = null)
|
||||
{
|
||||
if (!$this->userRole['perm_regexp_access']) {
|
||||
$this->redirect(array('controller' => 'allowedlists', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->AdminCrud->adminEdit($id);
|
||||
$this->set('action', 'edit');
|
||||
$this->set('id', $id);
|
||||
|
@ -46,9 +39,6 @@ class AllowedlistsController extends AppController
|
|||
|
||||
public function admin_delete($id = null)
|
||||
{
|
||||
if (!$this->userRole['perm_regexp_access']) {
|
||||
$this->redirect(array('controller' => 'allowedlists', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->AdminCrud->adminDelete($id);
|
||||
}
|
||||
|
||||
|
|
|
@ -1321,18 +1321,21 @@ class AppController extends Controller
|
|||
* Returns true if user can publish the given event.
|
||||
*
|
||||
* @param array $event
|
||||
* @param array|null $user If empty, currently logged user will be used
|
||||
* @return bool
|
||||
*/
|
||||
protected function __canPublishEvent(array $event)
|
||||
protected function __canPublishEvent(array $event, $user = null)
|
||||
{
|
||||
if (!isset($event['Event'])) {
|
||||
throw new InvalidArgumentException('Passed object does not contain an Event.');
|
||||
}
|
||||
|
||||
if ($this->userRole['perm_site_admin']) {
|
||||
$user = $user ?: $this->Auth->user();
|
||||
|
||||
if ($user['Role']['perm_site_admin']) {
|
||||
return true;
|
||||
}
|
||||
if ($this->userRole['perm_publish'] && $event['Event']['orgc_id'] == $this->Auth->user()['org_id']) {
|
||||
if ($user['Role']['perm_publish'] && $event['Event']['orgc_id'] == $user['org_id']) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
|
|
@ -1099,7 +1099,7 @@ class AttributesController extends AppController
|
|||
)
|
||||
)
|
||||
));
|
||||
if (empty($attribute) || !$this->userRole['perm_site_admin'] && $this->Auth->user('org_id') != $attribute['Event']['orgc_id']) {
|
||||
if (empty($attribute) || !$this->__canModifyEvent($attribute)) {
|
||||
if ($this->request->is('ajax')) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Invalid Attribute')), 'type' => 'json', 'status'=>200));
|
||||
} else {
|
||||
|
@ -2061,13 +2061,10 @@ class AttributesController extends AppController
|
|||
|
||||
public function attributeReplace($id)
|
||||
{
|
||||
if (!$this->userRole['perm_add']) {
|
||||
throw new ForbiddenException(__('Event not found or you don\'t have permissions to create attributes'));
|
||||
}
|
||||
$event = $this->Attribute->Event->find('first', array(
|
||||
'conditions' => array('Event.id' => $id),
|
||||
'fields' => array('id', 'orgc_id', 'distribution', 'user_id'),
|
||||
'recursive' => -1
|
||||
'conditions' => array('Event.id' => $id),
|
||||
'fields' => array('id', 'orgc_id', 'distribution', 'user_id'),
|
||||
'recursive' => -1
|
||||
));
|
||||
if (empty($event) || !$this->__canModifyEvent($event)) {
|
||||
throw new MethodNotAllowedException(__('Event not found or you don\'t have permissions to create attributes'));
|
||||
|
@ -2088,8 +2085,8 @@ class AttributesController extends AppController
|
|||
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
|
||||
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
|
||||
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
|
||||
} elseif ($this->request->is('post')) {
|
||||
if (!$this->request->is('ajax')) {
|
||||
throw new MethodNotAllowedException(__('This action can only be accessed via AJAX.'));
|
||||
}
|
||||
|
@ -2099,18 +2096,14 @@ class AttributesController extends AppController
|
|||
$type = $this->request->data['Attribute']['type'];
|
||||
$to_ids = $this->request->data['Attribute']['to_ids'];
|
||||
|
||||
if (!$this->_isSiteAdmin() && $this->Auth->user('org_id') != $event['Event']['orgc_id'] && !$this->userRole['perm_add']) {
|
||||
throw new MethodNotAllowedException(__('You are not authorised to do that.'));
|
||||
}
|
||||
|
||||
$oldAttributes = $this->Attribute->find('all', array(
|
||||
'conditions' => array(
|
||||
'event_id' => $id,
|
||||
'category' => $category,
|
||||
'type' => $type,
|
||||
),
|
||||
'fields' => array('id', 'event_id', 'category', 'type', 'value'),
|
||||
'recursive' => -1,
|
||||
'conditions' => array(
|
||||
'event_id' => $id,
|
||||
'category' => $category,
|
||||
'type' => $type,
|
||||
),
|
||||
'fields' => array('id', 'event_id', 'category', 'type', 'value'),
|
||||
'recursive' => -1,
|
||||
));
|
||||
$results = array('untouched' => count($oldAttributes), 'created' => 0, 'deleted' => 0, 'createdFail' => 0, 'deletedFail' => 0);
|
||||
|
||||
|
@ -2125,12 +2118,12 @@ class AttributesController extends AppController
|
|||
}
|
||||
if (!$found) {
|
||||
$attribute = array(
|
||||
'value' => $value,
|
||||
'event_id' => $id,
|
||||
'category' => $category,
|
||||
'type' => $type,
|
||||
'distribution' => $event['Event']['distribution'],
|
||||
'to_ids' => $to_ids,
|
||||
'value' => $value,
|
||||
'event_id' => $id,
|
||||
'category' => $category,
|
||||
'type' => $type,
|
||||
'distribution' => $event['Event']['distribution'],
|
||||
'to_ids' => $to_ids,
|
||||
);
|
||||
$this->Attribute->create();
|
||||
if ($this->Attribute->save(array('Attribute' => $attribute))) {
|
||||
|
@ -2200,7 +2193,6 @@ class AttributesController extends AppController
|
|||
return '';
|
||||
}
|
||||
|
||||
|
||||
// download a sample by passing along an md5
|
||||
public function downloadSample($hash=false, $allSamples=false, $eventID=false)
|
||||
{
|
||||
|
|
|
@ -482,11 +482,11 @@ class ACLComponent extends Component
|
|||
),
|
||||
'regexp' => array(
|
||||
'admin_add' => array('perm_regexp_access'),
|
||||
'admin_clean' => array('perm_regexp_access'),
|
||||
'admin_clean' => array(),
|
||||
'admin_delete' => array('perm_regexp_access'),
|
||||
'admin_edit' => array('perm_regexp_access'),
|
||||
'admin_index' => array('perm_regexp_access'),
|
||||
'cleanRegexModifiers' => array('perm_regexp_access'),
|
||||
'cleanRegexModifiers' => array(),
|
||||
'index' => array('*'),
|
||||
),
|
||||
'restClientHistory' => array(
|
||||
|
|
|
@ -1371,7 +1371,7 @@ class EventsController extends AppController
|
|||
$this->set('advancedFilteringActive', $advancedFiltering['active'] ? 1 : 0);
|
||||
$this->set('advancedFilteringActiveRules', $advancedFiltering['activeRules']);
|
||||
$this->set('mayModify', $this->__canModifyEvent($event, $user));
|
||||
$this->set('mayPublish', $this->__canPublishEvent($event));
|
||||
$this->set('mayPublish', $this->__canPublishEvent($event, $user));
|
||||
$this->response->disableCache();
|
||||
|
||||
// Remove `focus` attribute from URI
|
||||
|
@ -1418,7 +1418,8 @@ class EventsController extends AppController
|
|||
// set the data for the contributors / history field
|
||||
$contributors = $this->Event->ShadowAttribute->getEventContributors($event['Event']['id']);
|
||||
$this->set('contributors', $contributors);
|
||||
if ($user['Role']['perm_publish'] && $event['Event']['orgc_id'] == $user['org_id']) {
|
||||
|
||||
if ($this->__canPublishEvent($event, $user)) {
|
||||
$proposalStatus = false;
|
||||
if (isset($event['ShadowAttribute']) && !empty($event['ShadowAttribute'])) {
|
||||
$proposalStatus = true;
|
||||
|
@ -1436,6 +1437,7 @@ class EventsController extends AppController
|
|||
$this->Flash->info('This event has active proposals for you to accept or discard.');
|
||||
}
|
||||
}
|
||||
|
||||
// set the pivot data
|
||||
$this->helpers[] = 'Pivot';
|
||||
if ($continue) {
|
||||
|
@ -1624,7 +1626,7 @@ class EventsController extends AppController
|
|||
$this->set('warnings', $this->Event->generateWarnings($event));
|
||||
$this->set('menuData', array('menuList' => 'event', 'menuItem' => 'viewEvent'));
|
||||
$this->set('mayModify', $this->__canModifyEvent($event, $user));
|
||||
$this->set('mayPublish', $this->__canPublishEvent($event));
|
||||
$this->set('mayPublish', $this->__canPublishEvent($event, $user));
|
||||
try {
|
||||
$instanceKey = $event['Event']['protected'] ? $this->Event->CryptographicKey->ingestInstanceKey() : null;
|
||||
} catch (Exception $e) {
|
||||
|
|
|
@ -1,25 +1,25 @@
|
|||
<?php
|
||||
|
||||
App::uses('AppController', 'Controller');
|
||||
|
||||
/**
|
||||
* @property Regexp $Regexp
|
||||
* @property AdminCrudComponent $AdminCrud
|
||||
*/
|
||||
class RegexpController extends AppController
|
||||
{
|
||||
public $components = array('RequestHandler', 'AdminCrud');
|
||||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'order' => array(
|
||||
'Regexp.id' => 'ASC'
|
||||
)
|
||||
'limit' => 60,
|
||||
'order' => array(
|
||||
'Regexp.id' => 'ASC'
|
||||
)
|
||||
);
|
||||
|
||||
public function admin_add()
|
||||
{
|
||||
$this->loadModel('Attribute');
|
||||
$types = array_keys($this->Attribute->typeDefinitions);
|
||||
if (!$this->userRole['perm_regexp_access']) {
|
||||
$this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
if ($this->request->data['Regexp']['all'] == 1) {
|
||||
$this->Regexp->create();
|
||||
|
@ -54,9 +54,6 @@ class RegexpController extends AppController
|
|||
|
||||
public function admin_index()
|
||||
{
|
||||
if (!$this->userRole['perm_regexp_access']) {
|
||||
$this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->AdminCrud->adminIndex();
|
||||
}
|
||||
|
||||
|
@ -67,10 +64,6 @@ class RegexpController extends AppController
|
|||
// for ip-src and ip-dst attribute entry, but not for url.
|
||||
$this->loadModel('Attribute');
|
||||
$types = array_keys($this->Attribute->typeDefinitions);
|
||||
// send the user away if he/she's no admin
|
||||
if (!$this->userRole['perm_regexp_access']) {
|
||||
$this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->Regexp->id = $id;
|
||||
if (!$this->Regexp->exists()) {
|
||||
throw new NotFoundException('Invalid Regexp');
|
||||
|
@ -159,9 +152,6 @@ class RegexpController extends AppController
|
|||
|
||||
public function admin_delete($id = null)
|
||||
{
|
||||
if (!$this->userRole['perm_regexp_access']) {
|
||||
$this->redirect(array('controller' => 'regexp', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->AdminCrud->adminDelete($id);
|
||||
}
|
||||
|
||||
|
@ -173,9 +163,8 @@ class RegexpController extends AppController
|
|||
|
||||
public function admin_clean()
|
||||
{
|
||||
if (!$this->_isSiteAdmin() || !$this->request->is('post')) {
|
||||
throw new MethodNotAllowedException('This action is only accessible via a POST request.');
|
||||
}
|
||||
$this->request->allowMethod(['post']);
|
||||
|
||||
$allRegexp = $this->Regexp->find('all');
|
||||
$deletable = array();
|
||||
$modifications = 0;
|
||||
|
@ -215,9 +204,8 @@ class RegexpController extends AppController
|
|||
|
||||
public function cleanRegexModifiers()
|
||||
{
|
||||
if (!$this->_isSiteAdmin() || !$this->request->is('post')) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
$this->request->allowMethod(['post']);
|
||||
|
||||
$entries = $this->Regexp->find('all', array());
|
||||
$changes = 0;
|
||||
foreach ($entries as $entry) {
|
||||
|
|
|
@ -224,12 +224,8 @@ class SharingGroupsController extends AppController
|
|||
|
||||
public function delete($id)
|
||||
{
|
||||
if (!$this->userRole['perm_sharing_group']) {
|
||||
throw new MethodNotAllowedException('You don\'t have the required privileges to do that.');
|
||||
}
|
||||
if (!$this->request->is('post') && !$this->request->is('delete')) {
|
||||
throw new MethodNotAllowedException(__('Action not allowed, post or delete request expected.'));
|
||||
}
|
||||
$this->request->allowMethod(['post', 'delete']);
|
||||
|
||||
$deletedSg = $this->SharingGroup->find('first', array(
|
||||
'conditions' => Validation::uuid($id) ? ['uuid' => $id] : ['id' => $id],
|
||||
'recursive' => -1,
|
||||
|
|
Loading…
Reference in New Issue