MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: [Dashboard] added hook to check for permissions on module load 

- allows for modules to have role / host org restrictions
pull/5635/head
iglocska 2020-03-01 23:56:40 +01:00
parent ffda2b8778
commit 750843725f
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
2 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Controller/DashboardsController.php
View File

@ -48,7 +48,7 @@ class DashboardsController extends AppController
}
$widgets = array();
foreach ($userSettings['UserSetting']['value'] as $widget) {
$dashboardWidget = $this->Dashboard->loadWidget($widget['widget']);
$dashboardWidget = $this->Dashboard->loadWidget($this->Auth->user(), $widget['widget']);
$widget['width'] = $dashboardWidget->width;
$widget['height'] = $dashboardWidget->height;
$widget['title'] = $dashboardWidget->title;
@ -71,7 +71,7 @@ class DashboardsController extends AppController
if ($action === 'add') {
$data['widget_options'] = $this->Dashboard->loadAllWidgets();
} else {
$dashboardWidget = $this->Dashboard->loadWidget($data['widget']);
$dashboardWidget = $this->Dashboard->loadWidget($this->Auth->user(), $data['widget']);
$data['description'] = empty($dashboardWidget->description) ? '' : $dashboardWidget->description;
$data['params'] = empty($dashboardWidget->params) ? array() : $dashboardWidget->params;
$data['params'] = array_merge(array('alias' => __('Alias to use as the title of the widget')), $data['params']);
@ -106,7 +106,7 @@ class DashboardsController extends AppController
public function getEmptyWidget($widget, $k = 1)
{
$dashboardWidget = $this->Dashboard->loadWidget($widget);
$dashboardWidget = $this->Dashboard->loadWidget($this->Auth->user(), $widget);
if (empty($dashboardWidget)) {
throw new NotFoundException(__('Invalid widget.'));
}
@ -132,7 +132,7 @@ class DashboardsController extends AppController
throw new MethodNotAllowedException(__('You need to specify the widget to use along with the configuration.'));
}
$value = $this->request->data['data'];
$dashboardWidget = $this->Dashboard->loadWidget($value['widget']);
$dashboardWidget = $this->Dashboard->loadWidget($this->Auth->user(), $value['widget']);
$this->layout = false;
$this->set('title', $dashboardWidget->title);
$redis = $this->Dashboard->setupRedis();

22
app/Model/Dashboard.php
View File

@ -4,7 +4,7 @@ class Dashboard extends AppModel
{
public $useTable = false;
public function loadWidget($name)
public function loadWidget($user, $name)
{
if (file_exists(APP . 'Lib/Dashboard/' . $name . '.php')) {
App::uses($name, 'Dashboard');
@ -14,6 +14,11 @@ class Dashboard extends AppModel
throw new NotFoundException(__('Invalid widget or widget not found.'));
}
$widget = new $name();
if (method_exists($widget, 'checkPermissions')) {
if (!$widget->checkPermissions($user)) {
throw new NotFoundException(__('Invalid widget or widget not found.'));
}
}
return $widget;
}
@ -26,11 +31,17 @@ class Dashboard extends AppModel
$widgets = array();
foreach ($widgetFiles as $widgetFile) {
$className = substr($widgetFile, 0, strlen($widgetFile) -4);
$widgets[$className] = $this->__extractMeta($className, false);
$temp = $this->__extractMeta($className, false);
if ($temp !== false) {
$widgets[$className] = $temp;
}
}
foreach ($customWidgetFiles as $widgetFile) {
$className = substr($widgetFile, 0, strlen($widgetFile) -4);
$widgets[$className] = $this->__extractMeta($className, true);
$temp = $this->__extractMeta($className, true);
if ($temp !== false) {
$widgets[$className] = $temp;
}
}
return $widgets;
}
@ -39,6 +50,11 @@ class Dashboard extends AppModel
{
App::uses($className, 'Dashboard' . ($custom ? '/Custom' : ''));
$widgetClass = new $className();
if (method_exists($widgetClass, 'checkPermissions')) {
if (!$widgetClass->checkPermissions($user)) {
return false;
}
}
$widget = array(
'widget' => $className,
'title' => $widgetClass->title,