new: [publishing] Unpublish function added

- users were jumping through hoops to unpublish an event

app/Controller/AppController.php

@@ -46,7 +46,7 @@ class AppController extends Controller
 
     public $helpers = array('Utility', 'OrgImg');
 
-    private $__queryVersion = '51';
+    private $__queryVersion = '52';
     public $pyMispVersion = '2.4.99';
     public $phpmin = '5.6.5';
     public $phprec = '7.0.16';

app/Controller/Component/ACLComponent.php

@@ -139,6 +139,7 @@ class ACLComponent extends Component
                     'stix2' => array('*'),
                     'strposarray' => array(),
                     'toggleCorrelation' => array('perm_add'),
+                    'unpublish' => array('perm_modify'),
                     'updateGraph' => array('*'),
 					'upload_analysis_file' => array('perm_add'),
                     'upload_sample' => array('AND' => array('perm_auth', 'perm_add')),

app/Controller/EventsController.php

@@ -2145,6 +2145,42 @@ class EventsController extends AppController
         }
     }
 
+    public function unpublish($id = null)
+    {
+        $this->Event->id = $id;
+        if (!$this->Event->exists()) {
+            throw new NotFoundException(__('Invalid event'));
+        }
+        $this->Event->recursive = -1;
+        $event = $this->Event->read(null, $id);
+        if (!$this->_isSiteAdmin()) {
+            if (!$this->userRole['perm_modify'] || $this->Auth->user('org_id') !== $this->Event->data['Event']['orgc_id']) {
+                throw new MethodNotAllowedException(__('You don\'t have the permission to do that.'));
+            }
+        }
+        $this->Event->insertLock($this->Auth->user(), $id);
+        if ($this->request->is('post') || $this->request->is('put')) {
+            $fieldList = array('published', 'id', 'info');
+            $event['Event']['published'] = 0;
+            $result = $this->Event->save($event, array('fieldList' => $fieldList));
+            if ($result) {
+                $message = __('Event unpublished.');
+                if ($this->_isRest()) {
+                    return $this->RestResponse->saveSuccessResponse('events', 'unpublish', $id, false, $message);
+                } else {
+                    $this->Flash->success($message);
+                    $this->redirect(array('action' => 'view', $id));
+                }
+            } else {
+                throw new MethodNotAllowedException('Could not unpublish event.');
+            }
+        } else {
+            $this->set('id', $id);
+            $this->set('type', 'unpublish');
+            $this->render('ajax/eventPublishConfirmationForm');
+        }
+    }
+
     // Publishes the event without sending an alert email
     public function publish($id = null)
     {

app/View/Elements/side_menu.ctp

@@ -122,6 +122,14 @@
                         'class' => 'publishButtons not-published ' . $publishButtons,
                         'text' => __('Publish (no email)')
                     ));
+                    echo $this->element('/side_menu_link', array(
+                        'onClick' => array(
+                            'function' => 'publishPopup',
+                            'params' => array($event['Event']['id'], 'unpublish')
+                        ),
+                        'class' => (1 == $event['Event']['published'] && $mayModify) ? '' : 'hidden',
+                        'text' => __('Unpublish')
+                    ));
                     if (Configure::read('MISP.delegation')) {
                         if ((Configure::read('MISP.unpublishedprivate') || (isset($event['Event']['distribution']) && $event['Event']['distribution'] == 0)) && (!isset($delegationRequest) || !$delegationRequest) && ($isSiteAdmin || (isset($isAclDelegate) && $isAclDelegate))) {
                             echo $this->element('/side_menu_link', array(

app/View/Events/ajax/eventPublishConfirmationForm.ctp

@@ -3,19 +3,22 @@
     echo $this->Form->create('Event', array('style' => 'margin:0px;', 'id' => 'PromptForm', 'url' => '/events/' . $type . '/' . $id));
     $extraTitle = "";
     if ($type == 'publish') $extraTitle = ' (no email)';
+    $message = __('Publish Event%s', $extraTitle);
+    if ($type === 'unpublish') {
+        $message = __('Unpublish Event%s', $extraTitle);
+    }
     ?>
-    <legend><?php echo __('Publish Event%s', $extraTitle);?></legend>
+
+    <legend><?php echo $message;?></legend>
     <div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
         <?php
-            if ($type == 'alert'):
-        ?>
-                <p><?php echo __('Are you sure this event is complete and everyone should be informed?');?></p>
-        <?php
-            else:
-        ?>
-                <p><?php echo __('Publish but do NOT send alert email? Only for minor changes!');?></p>
-        <?php
-            endif;
+            if ($type == 'alert') {
+                echo '<p>' . __('Are you sure this event is complete and everyone should be informed?') . '</p>';
+            } else if ($type === 'unpublish') {
+                echo '<p>' . __('Are you sure you wish to unpublish the event?') . '</p>';
+            } else {
+                echo '<p>' . __('Publish but do NOT send alert email? Only for minor changes!') . '</p>';
+            }
         ?>
         <table>
             <tr>

app/webroot/js/misp.js

@@ -61,6 +61,7 @@ function fetchAddSightingForm(id, onvalue) {
 function publishPopup(id, type) {
 	var action = "alert";
 	if (type == "publish") action = "publish";
+    if (type == "unpublish") action = "unpublish";
 	var destination = 'attributes';
 	$.get( "/events/" + action + "/" + id, function(data) {
 		$("#confirmation_box").html(data);