mirror of https://github.com/MISP/MISP
new: [Dashboard] added hook to check for permissions on module load
- allows for modules to have role / host org restrictionspull/5635/head
parent
ffda2b8778
commit
750843725f
|
@ -48,7 +48,7 @@ class DashboardsController extends AppController
|
|||
}
|
||||
$widgets = array();
|
||||
foreach ($userSettings['UserSetting']['value'] as $widget) {
|
||||
$dashboardWidget = $this->Dashboard->loadWidget($widget['widget']);
|
||||
$dashboardWidget = $this->Dashboard->loadWidget($this->Auth->user(), $widget['widget']);
|
||||
$widget['width'] = $dashboardWidget->width;
|
||||
$widget['height'] = $dashboardWidget->height;
|
||||
$widget['title'] = $dashboardWidget->title;
|
||||
|
@ -71,7 +71,7 @@ class DashboardsController extends AppController
|
|||
if ($action === 'add') {
|
||||
$data['widget_options'] = $this->Dashboard->loadAllWidgets();
|
||||
} else {
|
||||
$dashboardWidget = $this->Dashboard->loadWidget($data['widget']);
|
||||
$dashboardWidget = $this->Dashboard->loadWidget($this->Auth->user(), $data['widget']);
|
||||
$data['description'] = empty($dashboardWidget->description) ? '' : $dashboardWidget->description;
|
||||
$data['params'] = empty($dashboardWidget->params) ? array() : $dashboardWidget->params;
|
||||
$data['params'] = array_merge(array('alias' => __('Alias to use as the title of the widget')), $data['params']);
|
||||
|
@ -106,7 +106,7 @@ class DashboardsController extends AppController
|
|||
|
||||
public function getEmptyWidget($widget, $k = 1)
|
||||
{
|
||||
$dashboardWidget = $this->Dashboard->loadWidget($widget);
|
||||
$dashboardWidget = $this->Dashboard->loadWidget($this->Auth->user(), $widget);
|
||||
if (empty($dashboardWidget)) {
|
||||
throw new NotFoundException(__('Invalid widget.'));
|
||||
}
|
||||
|
@ -132,7 +132,7 @@ class DashboardsController extends AppController
|
|||
throw new MethodNotAllowedException(__('You need to specify the widget to use along with the configuration.'));
|
||||
}
|
||||
$value = $this->request->data['data'];
|
||||
$dashboardWidget = $this->Dashboard->loadWidget($value['widget']);
|
||||
$dashboardWidget = $this->Dashboard->loadWidget($this->Auth->user(), $value['widget']);
|
||||
$this->layout = false;
|
||||
$this->set('title', $dashboardWidget->title);
|
||||
$redis = $this->Dashboard->setupRedis();
|
||||
|
|
|
@ -4,7 +4,7 @@ class Dashboard extends AppModel
|
|||
{
|
||||
public $useTable = false;
|
||||
|
||||
public function loadWidget($name)
|
||||
public function loadWidget($user, $name)
|
||||
{
|
||||
if (file_exists(APP . 'Lib/Dashboard/' . $name . '.php')) {
|
||||
App::uses($name, 'Dashboard');
|
||||
|
@ -14,6 +14,11 @@ class Dashboard extends AppModel
|
|||
throw new NotFoundException(__('Invalid widget or widget not found.'));
|
||||
}
|
||||
$widget = new $name();
|
||||
if (method_exists($widget, 'checkPermissions')) {
|
||||
if (!$widget->checkPermissions($user)) {
|
||||
throw new NotFoundException(__('Invalid widget or widget not found.'));
|
||||
}
|
||||
}
|
||||
return $widget;
|
||||
}
|
||||
|
||||
|
@ -26,11 +31,17 @@ class Dashboard extends AppModel
|
|||
$widgets = array();
|
||||
foreach ($widgetFiles as $widgetFile) {
|
||||
$className = substr($widgetFile, 0, strlen($widgetFile) -4);
|
||||
$widgets[$className] = $this->__extractMeta($className, false);
|
||||
$temp = $this->__extractMeta($className, false);
|
||||
if ($temp !== false) {
|
||||
$widgets[$className] = $temp;
|
||||
}
|
||||
}
|
||||
foreach ($customWidgetFiles as $widgetFile) {
|
||||
$className = substr($widgetFile, 0, strlen($widgetFile) -4);
|
||||
$widgets[$className] = $this->__extractMeta($className, true);
|
||||
$temp = $this->__extractMeta($className, true);
|
||||
if ($temp !== false) {
|
||||
$widgets[$className] = $temp;
|
||||
}
|
||||
}
|
||||
return $widgets;
|
||||
}
|
||||
|
@ -39,6 +50,11 @@ class Dashboard extends AppModel
|
|||
{
|
||||
App::uses($className, 'Dashboard' . ($custom ? '/Custom' : ''));
|
||||
$widgetClass = new $className();
|
||||
if (method_exists($widgetClass, 'checkPermissions')) {
|
||||
if (!$widgetClass->checkPermissions($user)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
$widget = array(
|
||||
'widget' => $className,
|
||||
'title' => $widgetClass->title,
|
||||
|
|
Loading…
Reference in New Issue