From 77e028dd9c812cc5511fbcfb6a49d00af60fd4b8 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jun 2013 15:23:21 +0200
Subject: [PATCH] Several smaller changes

- Fix to the proposed attribute edit that got broken in a previous
commit

- Fix to the org filters for non admin users

- Some changes to the documentation
---
 app/Controller/EventsController.php |   4 +
 app/View/Events/index.ctp           |  10 ++
 app/View/Pages/administration.ctp   | 128 ++++++++++----------
 app/View/Pages/documentation.ctp    |  16 +--
 app/View/ShadowAttributes/edit.ctp  | 173 ++++++++++++++++++++++++++++
 app/webroot/img/doc/publish.png     | Bin 6361 -> 5280 bytes
 6 files changed, 259 insertions(+), 72 deletions(-)
 create mode 100644 app/View/ShadowAttributes/edit.ctp

diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 9d2c7c407..d268c64e3 100755
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -117,6 +117,10 @@ class EventsController extends AppController {
 						if (!$v) continue 2;
 						$this->paginate['conditions'][] = array('Event.date' . ' <' => $v);
 						break;
+					case 'org' :
+						if (!$v) continue 2;
+						$this->paginate['conditions'][] = array('Event.orgc' . ' =' => $v);
+						break;
 					default:
 						if (!$v) continue 2;
 						$this->paginate['conditions'][] = array('Event.' . substr($k, 6) . ' LIKE' => '%' . $v . '%');
diff --git a/app/View/Events/index.ctp b/app/View/Events/index.ctp
index faa3e2922..c2087d9d2 100755
--- a/app/View/Events/index.ctp
+++ b/app/View/Events/index.ctp
@@ -1,5 +1,6 @@
 <?php if(empty($this->passedArgs['searchinfo'])) $this->passedArgs['searchinfo'] = '';?>
 <?php if(empty($this->passedArgs['searchorgc'])) $this->passedArgs['searchorgc'] = '';?>
+<?php if(empty($this->passedArgs['searchorg'])) $this->passedArgs['searchorg'] = '';?>
 <?php if(empty($this->passedArgs['searchDatefrom'])) $this->passedArgs['searchDatefrom'] = '';?>
 <?php if(empty($this->passedArgs['searchDateuntil'])) $this->passedArgs['searchDateuntil'] = '';?>
 <div class="events index">
@@ -93,6 +94,14 @@
 					} else { ?>
 			<th class="filter"><?php echo $this->Paginator->sort('org'); ?>
 				<a onclick="toggleField('#searchorg')" class="icon-search"></a>
+				<span id="searchorg"><br/>
+				<?php
+					echo $this->Form->input('searchorg', array(
+							'value' => $this->passedArgs['searchorg'],
+							'label' => '',
+							'class' => 'input-mini'));
+				?>
+				</span>
 			</th>
 				<?php
 					}
@@ -283,6 +292,7 @@ $(document).ready( function () {
 	// onload hide all buttons
 	$('#searchinfo').hide();
 	$('#searchorgc').hide();
+	$('#searchorg').hide();
 	$('#searchdate').hide();
 	$('#searchpublished').hide();
 
diff --git a/app/View/Pages/administration.ctp b/app/View/Pages/administration.ctp
index 1e32dbff0..d85e7bc5a 100755
--- a/app/View/Pages/administration.ctp
+++ b/app/View/Pages/administration.ctp
@@ -47,70 +47,70 @@ As an admin, you can set up new accounts for users, edit the profiles of users,
 To add a new user, click on the New User button in the administration menu to the left and fill out the following fields in the view that is loaded:<br />
 <img src="/img/doc/add_user.png" alt = "Add user" title = "Fill this form out to add a new user. Keep in mind that the drop-down menu titled Role controls the privileges the user will have."/>
 <ul>
-	<li><em>Email:</em> The user's e-mail address, this will be used as his/her login name and as an address to send all the automatic e-mails and e-mails sent by contacting the user as the reporter of an event.<br /></li>
-	<li><em>Password:</em> A temporary password for the user that he/she should change after the first login. Make sure that it is at least 6 characters long, includes a digit or a special character and contains at least one upper-case and at least one lower-case character.<br /></li>
-	<li><em>Confirm Password:</em> This should be an exact copy of the Password field.<br /></li>
-	<li><em>Org:</em>The organisation of the user. Entering ADMIN into this field will give administrator privileges to the user. If you are an organisation admin, then this field will be unchangeable and be set to your own organisation.<br /></li>
-	<li><em>Roles:</em> A drop-down list allows you to choose a role-group that the user should belong to. Roles define the privileges of the user. To learn more about roles, <a href=#roles>click here</a>.<br /></li>
-	<li><em>Receive alerts when events are published:</em> This option will subscribe the new user to automatically generated e-mails whenever an event is published.<br /></li>
-	<li><em>Receive alerts from "contact reporter" requests:</em> This option will subscribe the new user to e-mails that are generated when another user tries to get in touch with an event's reporting organisation that matches that of the new user.<br /></li>
-	<li><em>Authkey:</em> This is assigned automatically and is the unique authentication key of the user (he/she will be able to reset this and receive a new key). It is used for exports and for connecting one server to another, but it requires the user to be assigned to a role that has auth permission enabled.<br /></li>
-	<li><em>NIDS Sid:</em> Nids ID, not yet implemented.<br /></li>
-	<li><em>Gpgkey:</em> The key used for encrypting e-mails sent through the system. <br /></li>
+	<li><b>Email:</b> The user's e-mail address, this will be used as his/her login name and as an address to send all the automatic e-mails and e-mails sent by contacting the user as the reporter of an event.<br /></li>
+	<li><b>Password:</b> A temporary password for the user that he/she should change after the first login. Make sure that it is at least 6 characters long, includes a digit or a special character and contains at least one upper-case and at least one lower-case character.<br /></li>
+	<li><b>Confirm Password:</b> This should be an exact copy of the Password field.<br /></li>
+	<li><b>Org:</b>The organisation of the user. Entering ADMIN into this field will give administrator privileges to the user. If you are an organisation admin, then this field will be unchangeable and be set to your own organisation.<br /></li>
+	<li><b>Roles:</b> A drop-down list allows you to choose a role-group that the user should belong to. Roles define the privileges of the user. To learn more about roles, <a href=#roles>click here</a>.<br /></li>
+	<li><b>Receive alerts when events are published:</b> This option will subscribe the new user to automatically generated e-mails whenever an event is published.<br /></li>
+	<li><b>Receive alerts from "contact reporter" requests:</b> This option will subscribe the new user to e-mails that are generated when another user tries to get in touch with an event's reporting organisation that matches that of the new user.<br /></li>
+	<li><b>Authkey:</b> This is assigned automatically and is the unique authentication key of the user (he/she will be able to reset this and receive a new key). It is used for exports and for connecting one server to another, but it requires the user to be assigned to a role that has auth permission enabled.<br /></li>
+	<li><b>NIDS Sid:</b> Nids ID, not yet implemented.<br /></li>
+	<li><b>Gpgkey:</b> The key used for encrypting e-mails sent through the system. <br /></li>
 </ul>
 <h3>Listing all users:</h3>
 To list all current users of the system, just click on List Users under the administration menu to the left. A view will be loaded with a list of all users and the following columns of information:<br />
 <img src="/img/doc/list_users.png" alt = "List users" title = "View, Edit or Delete a user using the action buttons to the right."/><br />
 <ul>
-	<li><em>Id:</em> The user's automatically assigned ID number.<br /></li>
-	<li><em>Org:</em> The organisation that the user belongs to.<br /></li>
-	<li><em>Email:</em> The e-mail address (and login name) of the user.<br /></li>
-	<li><em>Autoalert:</em> Shows whether the user has subscribed to auto-alerts and is always receiving the mass-emails regarding newly published events that he/she is eligible for.<br /></li>
-	<li><em>ontactalert:</em> Shows whether the user has the subscription to contact reporter e-mails directed at his/her organisation turned on or off.<br /></li>
-	<li><em>Gpgkey:</em> Shows whether the user has entered a Gpgkey yet.<br /></li>
-	<li><em>Nids Sid:</em> Shows the currently assigned NIDS ID.<br /></li>
-	<li><em>Termsaccepted:</em> This flag indicates whether the user has accepted the terms of use or not.<br /></li>
-	<li><em>Newsread:</em> The last point in time when the user has looked at the news section of the system.<br /></li>
-	<li><em>Action Buttons:</em> Here you can view a detailed view of a user, edit the basic details of a user (same view as the one used for creating a new user, but all the fields come filled out by default) or remove a user completely. <br /></li>
+	<li><b>Id:</b> The user's automatically assigned ID number.<br /></li>
+	<li><b>Org:</b> The organisation that the user belongs to.<br /></li>
+	<li><b>Email:</b> The e-mail address (and login name) of the user.<br /></li>
+	<li><b>Autoalert:</b> Shows whether the user has subscribed to auto-alerts and is always receiving the mass-emails regarding newly published events that he/she is eligible for.<br /></li>
+	<li><b>ontactalert:</b> Shows whether the user has the subscription to contact reporter e-mails directed at his/her organisation turned on or off.<br /></li>
+	<li><b>Gpgkey:</b> Shows whether the user has entered a Gpgkey yet.<br /></li>
+	<li><b>Nids Sid:</b> Shows the currently assigned NIDS ID.<br /></li>
+	<li><b>Termsaccepted:</b> This flag indicates whether the user has accepted the terms of use or not.<br /></li>
+	<li><b>Newsread:</b> The last point in time when the user has looked at the news section of the system.<br /></li>
+	<li><b>Action Buttons:</b> Here you can view a detailed view of a user, edit the basic details of a user (same view as the one used for creating a new user, but all the fields come filled out by default) or remove a user completely. <br /></li>
 </ul>
 <h3>Editing a user:</h3>
 To add a new user, click on the New User button in the administration menu to the left and fill out the following fields in the view that is loaded:<br />
 <ul>
-	<li><em>Email:</em> The user's e-mail address, this will be used as his/her login name and as an address to send all the automatic e-mails and e-mails sent by contacting the user as the reporter of an event.<br /></li>
-	<li><em>Password:</em> It is possible to assign a new password manually for a user. For example, in case that he/she forgot the old one a new temporary one can be assigned. Make sure to check the "Change password" field if you do give out a temporary password, so that the user will be forced to change it after login.<br /></li>
-	<li><em>Confirm Password:</em> This should be an exact copy of the Password field.<br /></li>
-	<li><em>Org:</em>The organisation of the user. Entering ADMIN into this field will give administrator privileges to the user. If you are an organisation admin, then this field will be unchangeable and be set to your own organisation.<br /></li>
-	<li><em>Roles:</em> A drop-down list allows you to choose a role-group that the user should belong to. Roles define the privileges of the user. To learn more about roles, <a href=#roles>click here</a>.<br /></li>
-	<li><em>Receive alerts when events are published:</em> This option will subscribe the user to automatically generated e-mails whenever an event is published.<br /></li>
-	<li><em>Receive alerts from "contact reporter" requests:</em> This option will subscribe the user to e-mails that are generated when another user tries to get in touch with an event's reporting organisation that matches that of the user.<br /></li>
-	<li><em>Authkey:</em> It is possible to request a new authentication key for the user. <br /></li>
-	<li><em>NIDS Sid:</em> Nids ID, not yet implemented.<br /></li>
-	<li><em>Termsaccepted:</em> Indicates whether the user has accepted the terms of use already or not.<br /></li>
-	<li><em>Change Password:</em> Setting this flag will require the user to change password after the next login.<br /></li>
-	<li><em>Gpgkey:</em> The key used for encrypting e-mails sent through the system. <br /></li>
+	<li><b>Email:</b> The user's e-mail address, this will be used as his/her login name and as an address to send all the automatic e-mails and e-mails sent by contacting the user as the reporter of an event.<br /></li>
+	<li><b>Password:</b> It is possible to assign a new password manually for a user. For example, in case that he/she forgot the old one a new temporary one can be assigned. Make sure to check the "Change password" field if you do give out a temporary password, so that the user will be forced to change it after login.<br /></li>
+	<li><b>Confirm Password:</b> This should be an exact copy of the Password field.<br /></li>
+	<li><b>Org:</b>The organisation of the user. Entering ADMIN into this field will give administrator privileges to the user. If you are an organisation admin, then this field will be unchangeable and be set to your own organisation.<br /></li>
+	<li><b>Roles:</b> A drop-down list allows you to choose a role-group that the user should belong to. Roles define the privileges of the user. To learn more about roles, <a href=#roles>click here</a>.<br /></li>
+	<li><b>Receive alerts when events are published:</b> This option will subscribe the user to automatically generated e-mails whenever an event is published.<br /></li>
+	<li><b>Receive alerts from "contact reporter" requests:</b> This option will subscribe the user to e-mails that are generated when another user tries to get in touch with an event's reporting organisation that matches that of the user.<br /></li>
+	<li><b>Authkey:</b> It is possible to request a new authentication key for the user. <br /></li>
+	<li><b>NIDS Sid:</b> Nids ID, not yet implemented.<br /></li>
+	<li><b>Termsaccepted:</b> Indicates whether the user has accepted the terms of use already or not.<br /></li>
+	<li><b>Change Password:</b> Setting this flag will require the user to change password after the next login.<br /></li>
+	<li><b>Gpgkey:</b> The key used for encrypting e-mails sent through the system. <br /></li>
 </ul>
 <h3>Contacting a user:</h3>
 Site admins can use the "Contact users" feature to send all or an individual user an e-mail. Users that have a PGP key set will receive their e-mails encrypted. When clicking this button on the left, you'll be presented with a form that allows you to specify the type of the e-mail, who it should reach and what the content is using the following options:<br />
 <img src="/img/doc/contact.png" alt = "Contact" title = "Contact your users here."/><br />
 <ul>
-	<li><em>Action:</em> This defines the type of the e-mail, which can be a custom message or a password reset. Password resets automatically include a new temporary password at the bottom of the message and will automatically change the user's password accordingly.<br /></li>
-	<li><em>Recipient:</em> The recipient toggle lets you contact all your users, a single user (which creates a second drop-down list with all the e-mail addresses of the users) and potential future users (which opens up a text field for the e-mail address and a text area field for a PGP public key).<br /></li>
-	<li><em>Subject:</em> In the case of a custom e-mail, you can enter a subject line here.<br /></li>
-	<li><em>Subject:</em> In the case of a custom e-mail, you can enter a subject line here.<br /></li>
-	<li><em>Custom message checkbox:</em> This is available for password resets, you can either write your own message (which will be appended with a temporary key and the signature), or let the system generate one automatically.<br /></li>
+	<li><b>Action:</b> This defines the type of the e-mail, which can be a custom message or a password reset. Password resets automatically include a new temporary password at the bottom of the message and will automatically change the user's password accordingly.<br /></li>
+	<li><b>Recipient:</b> The recipient toggle lets you contact all your users, a single user (which creates a second drop-down list with all the e-mail addresses of the users) and potential future users (which opens up a text field for the e-mail address and a text area field for a PGP public key).<br /></li>
+	<li><b>Subject:</b> In the case of a custom e-mail, you can enter a subject line here.<br /></li>
+	<li><b>Subject:</b> In the case of a custom e-mail, you can enter a subject line here.<br /></li>
+	<li><b>Custom message checkbox:</b> This is available for password resets, you can either write your own message (which will be appended with a temporary key and the signature), or let the system generate one automatically.<br /></li>
 </ul>
 Keep in mind that all e-mails sent through this system will, in addition to your own message, will be signed in the name of the instance's host organisation's support team, will include the e-mail address of the instance's support (if the contact field is set in the bootstrap file), and will include the instance's PGP signature for users that have a PGP key set (and thus are eligible for an encrypted e-mail).
 <hr />
 <h2><a id="roles"></a>Managing the roles</h2>
 Privileges are assigned to users by assigning them to rule groups, which use one of four options determining what they can do with events and four additional privilege elevating settings. The four options for event manipulation are: Read Only, Manage My Own Events, Manage Organisation Events, Manage &amp; Publish Organisation Events. The extra privileges are admin, sync, authentication key usage and audit permission<br />
-<em>Read Only:</em> This allows the user to browse events that his organisation has access to, but doesn't allow any changes to be made to the database. <br />
-<em>Manage My Own Events:</em> The second option, gives its users rights to create, modify or delete their own events, but they cannot publish them. <br />
-<em>Manage Organization Events:</em> allows users to create events or modify and delete events created by a member of their organisation. <br />
-<em>Manage &amp; Publish Organisation Events:</em> This last setting, gives users the right to do all of the above and also to publish the events of their organisation.<br />
-<em>Perm sync:</em> This setting allows the users of the role to be used as a synchronisation user. The authentication key of this user can be handed out to the administrator of a remote MISP instance to allow the synchronisation features to work.<br />
-<em>Perm admin:</em> Gives the user administrator privileges, this setting is used for the organisation admins. <br />
-<em>Perm audit:</em> Grants access to the logs. With the exception of site admins, only logs generated by the user's own org are visible. <br />
-<em>Perm auth:</em> This setting enables the authentication key of the role's users to be used for rest requests. <br />
+<b>Read Only:</b> This allows the user to browse events that his organisation has access to, but doesn't allow any changes to be made to the database. <br />
+<b>Manage My Own Events:</b> The second option, gives its users rights to create, modify or delete their own events, but they cannot publish them. <br />
+<b>Manage Organization Events:</b> allows users to create events or modify and delete events created by a member of their organisation. <br />
+<b>Manage &amp; Publish Organisation Events:</b> This last setting, gives users the right to do all of the above and also to publish the events of their organisation.<br />
+<b>Perm sync:</b> This setting allows the users of the role to be used as a synchronisation user. The authentication key of this user can be handed out to the administrator of a remote MISP instance to allow the synchronisation features to work.<br />
+<b>Perm admin:</b> Gives the user administrator privileges, this setting is used for the organisation admins. <br />
+<b>Perm audit:</b> Grants access to the logs. With the exception of site admins, only logs generated by the user's own org are visible. <br />
+<b>Perm auth:</b> This setting enables the authentication key of the role's users to be used for rest requests. <br />
 <h3>Creating roles:</h3>
 When creating a new role, you will have to enter a name for the role to be created and set up the permissions (as described above) using the radio toggle and the four check-boxes.<br />
 <h3>Listing roles:</h3>
@@ -121,26 +121,26 @@ By clicking on the List Roles button, you can view a list of all the currently r
 Users with audit permissions are able to browse or search the logs that MISP automatically appends each time certain actions are taken (actions that modify data or if a user logs in and out).<br />
 Generally, the following actions are logged:<br />
 <ul>
-<li><em>User:</em> Creation, deletion, modification, Login / Logout<br /></li>
-<li><em>Event:</em>Creation, deletion, modification, publishing<br /></li>
-<li><em>Attribute:</em> Creation, deletion, modification<br /></li>
-<li><em>Roles:</em> Creation, deletion, modification<br /></li>
-<li><em>Blacklist:</em> Creation, deletion, modification<br /></li>
-<li><em>Whitelist:</em> Creation, deletion, modification<br /></li>
-<li><em>Regexp:</em> Creation, deletion, modification</li>
+<li><b>User:</b> Creation, deletion, modification, Login / Logout<br /></li>
+<li><b>Event:</b>Creation, deletion, modification, publishing<br /></li>
+<li><b>Attribute:</b> Creation, deletion, modification<br /></li>
+<li><b>Roles:</b> Creation, deletion, modification<br /></li>
+<li><b>Blacklist:</b> Creation, deletion, modification<br /></li>
+<li><b>Whitelist:</b> Creation, deletion, modification<br /></li>
+<li><b>Regexp:</b> Creation, deletion, modification</li>
 </ul>
 <br />
 <h3>Browsing the logs:</h3>
 Listing all the log entries will show the following columns generated by the users of your organisation (or all organisations in the case of site admins):<br />
 <img src="/img/doc/list_logs.png" alt = "List logs" title = "Here you can view a list of all logged actions."/><br />
 <ul>
-	<li><em>Id:</em> The automatically assigned ID number of the entry.<br /></li>
-	<li><em>Email:</em> The e-mail address of the user whose actions triggered the entry.<br /></li>
-	<li><em>Org:</em> The organisation of the above mentioned user.<br /></li>
-	<li><em>Created:</em> The date and time when the entry originated.<br /></li>
-	<li><em>Action:</em> The action's type. This can include: login/logout for users, add, edit, delete for events, attributes, users and servers.<br /></li>
-	<li><em>Title:</em> The title of an event always includes the target type (Event, User, Attribute, Server), the target's ID and the target's name (for example: e-mail address for users, event description for events).<br /></li>
-	<li><em>Change:</em> This field is only filled out for entries with the action being add or edit. The changes are detailed in the following format:<br />
+	<li><b>Id:</b> The automatically assigned ID number of the entry.<br /></li>
+	<li><b>Email:</b> The e-mail address of the user whose actions triggered the entry.<br /></li>
+	<li><b>Org:</b> The organisation of the above mentioned user.<br /></li>
+	<li><b>Created:</b> The date and time when the entry originated.<br /></li>
+	<li><b>Action:</b> The action's type. This can include: login/logout for users, add, edit, delete for events, attributes, users and servers.<br /></li>
+	<li><b>Title:</b> The title of an event always includes the target type (Event, User, Attribute, Server), the target's ID and the target's name (for example: e-mail address for users, event description for events).<br /></li>
+	<li><b>Change:</b> This field is only filled out for entries with the action being add or edit. The changes are detailed in the following format:<br />
 			<i>variable (initial_value)</i> =&gt; <i>(new_value)</i>,...<br />
 			When the entry is about the creation of a new item (such as adding a new event) then the change will look like this for example:<br />
 			<i>org()</i> =&gt; <i>(ADMIN)</i>, <i>date()</i> =&gt; <i>(20012-10-19)</i>,... <br />
@@ -149,11 +149,11 @@ Listing all the log entries will show the following columns generated by the use
 <h3>Searching the Logs:</h3>
 Another way to browse the logs is to search it by filtering the results according to the following fields (the search is a sub-string search, the sub-string has to be an exact match for the entry in the field that is being searched for):<br />
 <ul>
-	<li><em>Email:</em> By searching by Email, it is possible to view the log entries of a single user.<br /></li>
-	<li><em>Org:</em> Searching for an organisation allows you to see all actions taken by any member of the organisation.<br /></li>
-	<li><em>Action:</em> With the help of this drop down menu, you can search for various types of actions taken (such as logins, deletions, etc).<br /></li>
-	<li><em>Title:</em> There are several ways in which to use this field, since the title fields contain several bits of information and the search searches for any substrings contained within the field, it is possible to just search for the ID number of a logged event, the username / server's name / event's name / attribute's name of the event target.<br /></li>
-	<li><em>Change:</em> With the help of this field, you can search for various specific changes or changes to certain variables (such as published will find all the log entries where an event has gotten published, ip-src will find all attributes where a source IP address has been entered / edited, etc).<br /></li>
+	<li><b>Email:</b> By searching by Email, it is possible to view the log entries of a single user.<br /></li>
+	<li><b>Org:</b> Searching for an organisation allows you to see all actions taken by any member of the organisation.<br /></li>
+	<li><b>Action:</b> With the help of this drop down menu, you can search for various types of actions taken (such as logins, deletions, etc).<br /></li>
+	<li><b>Title:</b> There are several ways in which to use this field, since the title fields contain several bits of information and the search searches for any substrings contained within the field, it is possible to just search for the ID number of a logged event, the username / server's name / event's name / attribute's name of the event target.<br /></li>
+	<li><b>Change:</b> With the help of this field, you can search for various specific changes or changes to certain variables (such as published will find all the log entries where an event has gotten published, ip-src will find all attributes where a source IP address has been entered / edited, etc).<br /></li>
 </ul>
 
 </div>
\ No newline at end of file
diff --git a/app/View/Pages/documentation.ctp b/app/View/Pages/documentation.ctp
index f18050d6a..fc7d85796 100644
--- a/app/View/Pages/documentation.ctp
+++ b/app/View/Pages/documentation.ctp
@@ -55,22 +55,22 @@
 
 	<h5>Sync Actions</h5>
 	<ul>
-		<li><em>List Servers:</em> Connect your MISP instance to other instances, or view and modify the currently established connections.</li>
+		<li><b>List Servers:</b> Connect your MISP instance to other instances, or view and modify the currently established connections.</li>
 	</ul>
 
 	<h5>Administration</h5>
 	<ul>
-		<li><em>New User:</em> Create an account for a new user for your organisation. Site administrators can create users for any organisation.</li>
-		<li><em>List Users:</em> View, modify or delete the currently registered users.</li>
-		<li><em>New Role:</em> Create a new role group for the users of this instance, controlling their privileges to create, modify, delete and to publish events and to access certain features such as the logs or automation.</li>
-		<li><em>List Roles:</em> List, modify or delete currently existing roles.</li>
-		<li><em>Contact Users:</em> You can use this view to send messages to your current or future users or send them a new temporary password.</li>
+		<li><b>New User:</b> Create an account for a new user for your organisation. Site administrators can create users for any organisation.</li>
+		<li><b>List Users:</b> View, modify or delete the currently registered users.</li>
+		<li><b>New Role:</b> Create a new role group for the users of this instance, controlling their privileges to create, modify, delete and to publish events and to access certain features such as the logs or automation.</li>
+		<li><b>List Roles:</b> List, modify or delete currently existing roles.</li>
+		<li><b>Contact Users:</b> You can use this view to send messages to your current or future users or send them a new temporary password.</li>
 	</ul>
 
 	<h5>Audit</h5>
 	<ul>
-		<li><em>List Logs:</em> View the logs of the instance.</li>
-		<li><em>Search Logs:</em> Search the logs by various attributes.</li>
+		<li><b>List Logs:</b> View the logs of the instance.</li>
+		<li><b>Search Logs:</b> Search the logs by various attributes.</li>
 	</ul>
 <h3>The left bar</h3>
 	<p>This bar changes based on each page-group. The blue selection shows you what page you are on.</p>
diff --git a/app/View/ShadowAttributes/edit.ctp b/app/View/ShadowAttributes/edit.ctp
new file mode 100644
index 000000000..beeca67fe
--- /dev/null
+++ b/app/View/ShadowAttributes/edit.ctp
@@ -0,0 +1,173 @@
+<div class="shadowAttributes form">
+<?php echo $this->Form->create('ShadowAttribute');?>
+	<fieldset>
+		<legend><?php echo __('Add ShadowAttribute'); ?></legend>
+	<?php
+		echo $this->Form->input('id');
+		echo $this->Form->input('category', array(
+				'empty' => '(choose one)',
+				'div' => 'input',
+				));
+		if (!$attachment) {
+			echo $this->Form->input('type', array(
+					'empty' => '(first choose category)'
+					));
+		}
+		?>
+		<div class="input clear"></div>
+		<?php
+		echo $this->Form->input('value', array(
+				'type' => 'textarea',
+				'error' => array('escape' => false),
+				'class' => 'input-xxlarge clear'
+		));
+		?>
+		<div class="input clear"></div>
+		<?php
+		echo $this->Form->input('batch_import', array(
+				'type' => 'checkbox',
+		));
+		echo $this->Form->input('to_ids', array(
+				'checked' => true,
+				'label' => 'IDS Signature?',
+		));
+		// link an onchange event to the form elements
+		$this->Js->get('#ShadowAttributeCategory')->event('change', 'formCategoryChanged("#ShadowAttributeCategory")');
+		$this->Js->get('#ShadowAttributeType')->event('change', 'showFormInfo("#ShadowAttributeType")');
+	?>
+	</fieldset>
+<?php
+	echo $this->Form->button('Propose', array('class' => 'btn btn-primary'));
+	echo $this->Form->end();
+?>
+</div>
+<div class="actions">
+	<ul class="nav nav-list">
+		<li><?php echo $this->Html->link('View Event', array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id'])); ?> </li>
+		<li class="active"><?php echo $this->Html->link('Propose Attribute', array('controller' => 'shadow_attributes', 'action' => 'add', $this->request->data['ShadowAttribute']['event_id']));?> </li>
+		<li><?php echo $this->Html->link('Propose Attachment', array('controller' => 'shadow_attributes', 'action' => 'add_attachment', $this->request->data['ShadowAttribute']['event_id']));?> </li>
+		<li class="divider"></li>
+		<li><?php echo $this->Html->link('Contact reporter', array('controller' => 'events', 'action' => 'contact', $this->request->data['ShadowAttribute']['event_id'])); ?> </li>
+		<li><?php echo $this->Html->link('Download as XML', array('controller' => 'events', 'action' => 'xml', 'download', $this->request->data['ShadowAttribute']['event_id'])); ?></li>
+		<li><?php echo $this->Html->link('Download as IOC', array('controller' => 'events', 'action' => 'downloadOpenIOCEvent', $this->request->data['ShadowAttribute']['event_id'])); ?> </li>
+		<li class="divider"></li>
+		<li><?php echo $this->Html->link('List Events', array('controller' => 'events', 'action' => 'index')); ?></li>
+		<?php if ($isAclAdd): ?>
+		<li><?php echo $this->Html->link('Add Event', array('controller' => 'events', 'action' => 'add')); ?></li>
+		<?php endif; ?>
+	</ul>
+</div>
+
+<script type="text/javascript">
+//
+//Generate Category / Type filtering array
+//
+var category_type_mapping = new Array();
+<?php
+foreach ($categoryDefinitions as $category => $def) {
+  echo "category_type_mapping['" . addslashes($category) . "'] = {";
+  $first = true;
+  foreach ($def['types'] as $type) {
+    if ($first) $first = false;
+    else echo ', ';
+    echo "'" . addslashes($type) . "' : '" . addslashes($type) . "'";
+  }
+  echo "}; \n";
+}
+?>
+
+function formCategoryChanged(id) {
+  showFormInfo(id); // display the tooltip
+  // fill in the types
+  var options = $('#ShadowAttributeType').prop('options');
+  $('option', $('#ShadowAttributeType')).remove();
+  $.each(category_type_mapping[$('#ShadowAttributeCategory').val()], function(val, text) {
+    options[options.length] = new Option(text, val);
+  });
+  // enable the form element
+  $('#ShadowAttributeType').prop('disabled', false);
+}
+
+$(document).ready(function() {
+
+	$("#ShadowAttributeType, #ShadowAttributeCategory, #ShadowAttribute").on('mouseleave', function(e) {
+	    $('#'+e.currentTarget.id).popover('destroy');
+	});
+
+	$("#ShadowAttributeType, #ShadowAttributeCategory, #ShadowAttribute").on('mouseover', function(e) {
+	    var $e = $(e.target);
+	    if ($e.is('option')) {
+	        $('#'+e.currentTarget.id).popover('destroy');
+	        $('#'+e.currentTarget.id).popover({
+	            trigger: 'manual',
+	            placement: 'right',
+	            content: formInfoValues[$e.val()],
+	        }).popover('show');
+	    }
+	});
+
+	$("input, label").on('mouseleave', function(e) {
+	    $('#'+e.currentTarget.id).popover('destroy');
+	});
+
+	$("input, label").on('mouseover', function(e) {
+		var $e = $(e.target);
+		$('#'+e.currentTarget.id).popover('destroy');
+        $('#'+e.currentTarget.id).popover({
+            trigger: 'manual',
+            placement: 'right',
+        }).popover('show');
+	});
+
+	// workaround for browsers like IE and Chrome that do now have an onmouseover on the 'options' of a select.
+	// disadvangate is that user needs to click on the item to see the tooltip.
+	// no solutions exist, except to generate the select completely using html.
+	$("#ShadowAttributeType, #ShadowAttributeCategory, #ShadowAttribute").on('change', function(e) {
+	    var $e = $(e.target);
+        $('#'+e.currentTarget.id).popover('destroy');
+        $('#'+e.currentTarget.id).popover({
+            trigger: 'manual',
+            placement: 'right',
+            content: formInfoValues[$e.val()],
+        }).popover('show');
+	});
+
+});
+
+//
+//Generate tooltip information
+//
+var formInfoValues = new Array();
+<?php
+foreach ($typeDefinitions as $type => $def) {
+  $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
+  echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n";  // as we output JS code we need to add slashes
+}
+foreach ($categoryDefinitions as $category => $def) {
+  $info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
+  echo "formInfoValues['" . addslashes($category) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
+}
+?>
+
+function showFormInfo(id) {
+  idDiv = id+'Div';
+  // LATER use nice animations
+  //$(idDiv).hide('fast');
+  // change the content
+  var value = $(id).val();  // get the selected value
+  $(idDiv).html(formInfoValues[value]);  // search in a lookup table
+
+  // show it again
+  $(idDiv).fadeIn('slow');
+}
+
+//hide the formInfo things
+$('#ShadowAttributeTypeDiv').hide();
+$('#ShadowAttributeCategoryDiv').hide();
+// fix the select box based on what was selected
+var type_value = $('#ShadowAttributeType').val();
+formCategoryChanged("#ShadowAttributeCategory");
+$('#ShadowAttributeType').val(type_value);
+
+</script>
+<?php echo $this->Js->writeBuffer(); // Write cached scripts
\ No newline at end of file
diff --git a/app/webroot/img/doc/publish.png b/app/webroot/img/doc/publish.png
index 11a1ffc7270b3726ea8f022678a87129b1599fc2..7d07521f4b06be080e698549cae7191aa331615a 100644
GIT binary patch
literal 5280
zcmaJ_Wm6Ok7hSqTc121-x;vy<1O$YoyW6E(8l*dRk?sy@0qIz}ySpW%8{zf+1J8$Z
z&p9*q!<{)Z_s-l1WymKyY%**B0DvbaE2a96gZ{w)6Zv1o8kV&GM@TNJpCkd5V-&yt
z8B{B<A{YRuiNkp^LHmD?qpXe#0DzD9KalzzO3VQO5TBeBSlz?$MBm17d(Q2q>iM{%
zDDx+eUD5P;G{bdVgSZf6*}Sh}mEQ>lC1bG5P=M`i^2X8E)Y)g~2)7utJYH1JKc4-u
z{#wtX!Xck1r9w@22$oA^Odwi!0QjKL%EqIfQ)3aLdLbRwG?=MDf3R9yMu!H3M|l&p
zpJusqxj3H1uY4bq*vK7I&MyyHvB*=S2Pa3wngpK8TTz`U*RW)M>-@M|>57hQKra*&
z=G=q_<V6fg;yv+cAKEd)%|nU?+c=og%Hj(y?&sWb|K0$HEou$59#H+eg`0f^j2T1y
z^u{xhHy;c7y}7_V>Ydz|3%7<Z+g9WLHd7p0udDU8RY7pD=w(B&wpBTAPC+ZQ{(Z>P
z-jFV>R*8BE*>J!fYm5?`eUe=0eu}{y0I%maJo$MC!@=ix@pAp`C4X7;5>u%=Brudu
zCKq_7o6G1(t@j=pd!72m?3($nn1MTn`=y}*0M`;vEz9H8$^p184U3i%la8@Wl{%a;
zBYb-qK{Lk!$MJP9&^042-j^haEu0XMI~UxEp7U|zn=09T#68NbsDJag--bHO91ou*
zbHCk^GHCKn+(E|(3(`)t99le)RW-i|a!H!EH25G#H^EEn+Frty{wi>o&hPo+s6W|9
zFt61i^eyJTLyjsr{Rq$W4HYvE^7kxCcaN$YJsXXpcrXL*9%{q=(|A}|V_PwVz%~c%
z=omS%f1g3ok$qN}OVAWYi4=GEgP3ROe*e;S1lwiAOX{a1;|CP_+P13S+#(p^CQx@z
zPjen{ozrcFqLHn|&Fcy`A4}-en>upzj`K7VXYZ3cI$$rck@&jHXg00<P8b}^+D-oU
zNdr;dyqjDF^-;fhm_RqOz{E}GVwd!6G!bNvkVN4&T7xW)Y>=;T^H3tV;JqH!9wsAk
z!-`v#ei|DeRKBp|#&lBXF~KEiUe?8ht`9iu#l5V}`Bg?x^<65fZI-vb)#f*6WkXN2
zT=U2As}>FTX$`F-^UNG)mO+ge{oRzNr&4T6F&+HY<Oa98Y6UCdMy;HPLCN}n@e$T;
z&*ZV_0o5QJ5{{Osh9+X*o^mDQe7FvQNa<VB81qniHnhAEO`Uw1s1gOhX@MtVLcJBv
z=xmEeu&VF8m_$!qz$rTG4MpR!3u)vI`HmOG5??VVSS~|ONPhG;UnO_!34L#Uv$)|L
z(l_W-E<mSFS|rJ>-z(&?-{F;Pba*0KQBzpk@FuI{^043@g8>~`%4v|3ywBy*3kZ|D
zinUR)PL5ljO_@&h&cE~w!LmOb0~By~T{gkT4Ll%Lo}R{<+u@gzZZ5}ji;Lk@j_=Yp
zwW~HYPFm?A*(=#>AFHj~tebc?pyBQ3<VN#NF1-Z1LP+|~^g$L*l5V4Pj=~7lrbUhM
z0s)QpIMOg#8M6nsQ*M|U6nl6lvXCfgkXSAf!2>*611mN6!6IBM)tTY6sftBdvx91&
z-<Rn1M}8-1^Vn9<$h<T2R$N);AVG&~baXA0Ns5HwO^;kD%>jLG1He}mDeEb$eesN=
zVCQ@k^Yt<$Qd&UfYFlcB^6N7W&ScHuHl;IyyR3ZO_2UeGe<gqqK5q__uAtWYGF5aR
zCfguk?bynIs#}b;MH-z$looxI=;n?ZVT=0%?#X`(h426*`i|MHkcaS}ClyJQUp<EQ
zn=1)RClIu~Ge|#3WSX$p3g=XLFTbx@{U(VAfqBdS-SeB=mUR+%ly^fg(uTiAA(d!m
zV=XqEQ#WDFv!=D0khx=>gg1{6D=)H?S50nzf4cs*<ppt46{BeTAyD)t4{!e`aFVcU
z&)q%5Ty=U*wQcc7*+5lQHxvGjcDY-<T;W;{x$&?K@n+Ek>wM2+70s(iMT}J9kixWq
z)0?4L^4+DsQbVwUj20Jt*g<p274}$Jq_C*`=<2&PG~^tkS;aoG+Mm3XDCsn`b}7|%
zpPmFmkWv+t?rXA2Q5Wp0TcNMn_-d`Hg0tVn`Q;KY55Qb#l7PW68XtxQB-011>L&#F
zl#9B?*`*<P!IYG4*?J|%TT{Hu#)B%f&VLkNfZJVFxW!%XXGkBeRu|y9w<%x8pUbTN
zG(Fpcn(7RRcaJ%YaC|gyd}Ro(6~S?FUPhcmwX7?157`qTeg&g|IX58J88jsp1%}Dn
z1p1QT%Ugg4OdkuU>(lH?%*Nw*o$9BCt)Dc26-6!>*dLnongD@8^jCRwKOBX=!S-A=
z#v4IGjpXZ-&xF$)A`8=~=8OT~zf}m&`c1JA(_`GGhcs*!;6mi$BU1U!ft|H?tIQ^0
zYk;o`&=C5XgemVYj{Lj%cCvS$0Wmv#qPRjm-xGFD1W90M+qfx=*uaepvM%;t?ieE2
z`aey&_pyEV?60QHCP)PW;7yar<?NOAdlw=N)rAljUT<OT+f&Y0!vK<<!;asZ*$M^Q
z8YVty3F`Z`+%X{CaLh#@54OxVj}b~WPCT;hQf4=kiW#9lPKeDsXZ*(3zS?jPFXa37
z5Jtz8wKBrfuMArj7QRdTeVi&DE+4LRe78RPZvI^1T<u3yni=`?q$grvbvYS|RZauy
zdHqGBG>+i@M|6e^QSpdJVV0n1B9lBGoavY31%w>78#2mAtK@<>B9(_ZVXR<i^(Vgv
zUmrxl3EQWY&J`<6_54uX!I3l<hnv4fZmm~3`woQs>{t~Wb@$-=NdY*pqie7F$QW%<
znZBN^whn>$qbshQ$^Lv7sMPuoT7IqZL{Nlkc8XL$pLvb36EnZ7`o9PxT*Vasa3Qfb
zUHvsVSl_Ru!WfcEv=jV0%XM&<6sRYpQXs{JCe~#uGi*c_^z6rvBa(_iFXd)Q4K^LO
z6DEEyfu_Qo7rdoc3znpdc=*kEwNvuII#_AzK@>-TC>Bj*oHo3E#v2A*{-`A`4(v@^
z;pFHMFI3d+4uP?T1_qSLP?fmG<I~v4xrGQ*Ul{u-#Sg-`p4!)Y*9Zg!jZtmxRA3kg
z)RZRj=a2f3%LH!sL~UhPUu6Xfz6^Y$b#`D_+<BMG0k;!p27ZS|as;CP&X~qE^#chc
zY`tu_XVc85`c<<61#U6IVb)^nj7w|*6T>+04RxXJ@pDRli!0j<`0Uz1nuw0>Lko*y
zJJR<f$EGBkT>(EuD0U9vhE_q2->AJ%iKj5Vb^S0R*DAWSN(s%1#;*Hs7Sk6FwDYmg
zJ1#3;t_(}qTPikQFZ;#tbzb@xGj1ZQb=W5%Oc80TvEjFc)vC);)`*@49%~gi5|!91
z2#7q-+z?aDXZH3roJes2x1fmOW5?G~H$kd_((dd`cOUsUInX2AZyeDmS)M|Lv*ME9
z{>fhY*i%K|@G<jpEWJyUST;kTi)|OX=8mj;NaJvrY~AQel5;h98v57xj%HrON?+bq
zMFO7PeC&VMAl@@X6tOl<m;ElPZRP0U?-7{g{ht2Bsp0uwTP#O~oAJE$1Dy9yFZ}~c
z)NTuSYw1{n&1hBwz6_mt0}(oOQ#u#a+o@@Gq6_6a^J(yWm1?Z<zD@=WYG<l1tLA$K
zh4BK`vH`!KX5=QQc@1xAZZqJkpa(6p3%$M_mnf&Q_hI^zoScFQq&2_<N2zUfZo)a0
z4!8;ACTzC#RYj__3hVg~{9q4@p=5$tX&vUZEVb^vL>%|xv(wd><KSrm@`jHG9eBWU
zd`87TN?c<Eam*hAMzqh@WK4R2Rv&gte94eZ?D~203bthbh@X0iyN|vgu2n~pFi)Ea
zi7kk`y^$Q87D4q|cf4%+JYmFxdk5i{1P-B;zt2TQgJ|TGU30V0d;1!P1XhI4?0><#
z9FGr+BpI4Bm(5WHGrg~5&bAv-C_8}vrf`~m71gn(^o9I15vzy8;m?P!VU59sTMS?A
zOsUoCY-vzsDF$lou+bHMC`o|}yuGJvP@WZ7@qd62YX^y@KvTdjV`A3LF%Opj(2h-b
zQA#L&lOp}qMxO50O{i5~q~ed5dxPV4#jErQP*Q7kQSdYmzH1@lQ2i5>udodB<CA(7
zZBA^-PrVuoPXzAYNw*i8#=vq$N43#8q4Q`M8ca(xf~bOXQ(qRD5=ofazp!_}=iyQd
z+24hs1V=;S<gtcpopJ?pEy|@<`(-ZR5$0f(scjJ1m~<=O%uAYM9{X^Z^OCRi6x5_k
zi++8DD(;22eBwqU<E>6?hM;z5=(7}f>oP4npF5nQvNg%{q4@8lz0~BQYJW83qioW?
zd;SR>?{V;tH0kATxuu$Q@V~?0HD%yF56JQ8M7XDVbfO;Pty|;`OBGX1FnPJ!{g?V#
z6Jg8v98ta|-uC+?joo)WXb58_i-!b`A&8R|6GAXWXK??MScRNFRN)mvl7}BvJvqN^
zED7=vUzgRllf%p5Pmm?fR~HPr<B`eK5ub<U=>b^9Vgjg{7l8{IJL))^Igb2Dhjj}>
z^kXzSL`(8w{D4xsa$qPbX4?G4Vig{E-9VM{W&fUs{ve8nRAEq@FKKQ&o7YkXgPJYi
zwcM^a7m07v>pitwCEHUg<Ooa=(mfkT(*=$JqK6r$#yG7@U%Z>%&&!&no0)M-VkHWw
zXPUlBE>Kcwx#Jz#<_X(M-EQL6<}Xn-ZcdI1&*;?QT_dJ74ZQn;HTw2LJBoJ5iQEUp
z;FL5GPZpxmVZvzKUr^eFrGc|uT1)KdUh|7NFP%zmrM6Agp_TyNMHb@fW&QMMON+e}
z&B3Ex1L(Nlb)Gq|XS--_k3K1WCK=up8c3d{wCAK<N{UznXQB@yBckZ%FBo{GCP8zf
zNoK`8K1G-(E>Xnhn-=TBo@R#43?4a`TxLG`v@8}#H+9Mxzm3pVgJ}-Ef`rjT#3nHN
z7$@6x^0^|sEr&L3s!03GI6YBFf4}LAE8<PbaF*f${Nto|X`_hXh6~y_`S<-1D7~m9
ziwCi(U{li<$OFYMr5*831zNa8Zz(V4Q*5C!q>tUUG)oZv8?C+s*U68o8GSb4{!EmP
zay~=%lXktwj1V4oVQW`PQtEMyPOrwGhVy_N`#}(~B$0E7iNIStnUj?6<p&SmDN|&Y
zchmXCM|__IzBH+7gvOEtnGJo7<P4b^uq?#w^?s^HkBenZ{>9yH94MnoT@&L;h7J7I
zm*BIPZ=jff;Z-JZwL|iBB8I850`T_jeC%-q%>?9O%V!kzzX1T~Hlr*#m82`^B+HdX
zSr2pa^eJb*nJPmer_cRJJ4P~3V=#)_;P#0({zdDagDMHXpLFaFoD8l~dGsnwKc!Z!
zP(+A{y%TjeTkhq>aLr|K9T2|?i>z?#&=%xFEeGbhds80|^gZl#=1lR$2+$8Q*?4^}
z340UdUlH+CN9?7Wt<cdH>@)sH$f@|`6e|KKmA1~2imrtpnRm-vQm83NL+I9W>tJJb
zYZS37ZU41Q)3c_zg(G4Vdwt~;HDlUVQzGFOve_s#D{aXUw`RL0Ug?}BbTD@QR*^RL
z4e7OmQauFq`K?gB#g?poF9vv!9hli|njG<u0wszMChPxG_0fL;y_ovnah!(wnfS*!
z=YDM=@mp4;ptXTt?-1O4so8MfpCts{epWmiKb7`M48)W6nOo@h{+OLEq%Dw%{H%BN
zC7J1>SMMI{RQ2xKZg<cwt$?B1qJ<1T95fFIWQK8n3R29^+D-%Y^LWYwnazf1`Z6Gt
zS}7%U8>4)Cni3FL1CfPjNsDq|HBnkcbiv|v&4J%oYz2Ps5V>c)U*IOXB%Pj(Q9`p}
zT!8X)0ecA~dJoHYLQdef#MXDW-9_K#=o_}}Pqld^C*<l9W9$n<putv8tiqk45bv&O
zy}QrbCMlIlti9H-8G)^dEf~eeFjbA=z|-Q7=ku#)snD~)I?bZ+`73Y3CB}9k$`qvw
z=m$S%b{BUs>sYOHx~JLmJHAhQH7;YT)nBh4JPt-BZVJUPTbusGiaF03wHAlv2@5Vf
z{N#E+|5=>>gkNbdl=?UjkG*jXh3WGw+4@s`)QwQL%+g}8cn!P`m`?v$=rD3sQr%yz
z>(nDPg<%&A-Ot!xkY76q*CM-yl6RN)+o2b%41r!xBp;XYh3mgGUr4e!gibk_G`6Y_
z0NqMY!=lEh9{Isq#cI(qlukU?dUe%Y;MH3{_3v0kS9NHG?sBh?PcQ3+^#+GtdDH!_
z+GrOA5>A#`Y+OZ=5KDRi50A}o1SEzS;llf}whvK9MF${{#thnaQ8m<*&Ph0XeVC<N
zkD+5l52V7ps>-tR@gPU|P}Rl#ye;Exui*^1QF5ngGX7&t(2}%3Zfb0cJ8|g)ug7$@
z_QU23q*f!+ydKlWFa{Ls*CtI)PsQQvDJt+TzY-t4h%<o9>A_G6<vRx?RDWoz^XA&)
zBv2nuT8Rztb%sJOmfN~$fEy{f(;J0>2r!!7wk8mCWoI)$QvRs<QJ{4tW%jF6h3X)E
z6?>i+=F8YUTfB;DfqJV5oX-lUYTdax;;^YSMG&!;ifw-kN|~jnr;;EvkI6D9Cy@-{
zhzqOhe6t(H5#8IL5IGmJ&bc4Q$YhtY!BjM!+EE=cZt2b*-}yQD<PLYq8AA~?!x|{L
ziXO(~a0OQmMEc$xx!frsY6?Uo;-(L1+Ap7r)w8Srm`1_(VU);|Uo(oN?txlOVrl7q
z@7wr5#_?Pg<XFtIaU(IHF}8GWb7uJVSGY-ZGdAWW<Y`6IPjB=XnThuEKE)lLLxd<S
xRc)83x#QTqs1s$~HPvGSbj&#MpEvi3lBMlOq*d-g-@mUSKu#JWRVis4_&-l_DnkGO

literal 6361
zcmV;~7$)b5P)<h;3K|Lk000e1NJLTq0040S002S=0ssI2@A9sM00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D7;Z^KK~#8N?Ogd=
z6j!>Q|Kk2K^UT~kGtb-`6HPQ`GHS+XjETmW#YCgg8;y!PN|b<r?EBJyfPlLMHx^}w
zW^0gr-$7ZM-mAN+y1Lfh>weYEE=GvPxiiD}`0!NKS-w;6IepHl_dTD#;g{@XBk-G-
zUExxF{1T=we-O;VRH;-xdi1EGqN2RK9R4oZa}jU?RaaL>lH^q9Ok;{52ms1)+{^E{
zfAtz^ny#v<A_&6yqSKhx)YPynYqeU<OSVV^>~_0KrRwPDfQxBN;ijyt4DO9fws-`f
z3ve8-t*tegOw*Xc@Dz*1@E3;aqKxC93EYe#oY5rQKlR*^W&Wp&a`^u-GeCf%DE!dj
zViu;QrKJEfHOpv*Gny?9Gn+Vuo}Eg;JYv8x6eFmKB${DKol0w983IK#8VsIKm4VDO
zrPpdOl6|To3JOj-0#{}eJJ;15&-2~VtjWavf^rL}`Z-w`hJn>+eoSG3GE5suF{Glu
zu^{{Y{rmUs=1Yb(B*#!QGjL{o_4VkG@B+kYbR;lVzQ=dPu~I8NP?nW`yH;yt$jJf}
zZPJY1J@aw&6W&74s0A)5nnGk<;>-*%aP^?5VnoN$Qzd6-p8t-dS^Y?LbuZ3Ndt6Al
zmy!n-eT_ylKc;{;EMAjlV9ol9@Z)>k{8Cd=g8jYyQtm5Jqs4BbgdC*NYBrhh`t+2f
zOSQs?=j}#@G4lhF>pjX@R+y`K3#r$$=809`YO)~GhyJ^-sT~ijoTD0t(VU^}Vbr1R
z$D=Q&BwmcaoSrqHv+)+_V23BhXfd+z^7Ld~(1QeFV2qsE>Zr?Z<yaGs<?r|+g$Az-
zIpZx}#U->2)~NY01-!9o!zm+H9_F3+NGh~j+jue{x=m3Z|6Nj##bh)Oq#lfEvJx#B
z={|e*eE!w?jazr#Xor2+K=^u(DwCnR=+2E>RVdFt3fsKq?;F;w{X$eWj4H+MYmOc~
zv0>f2>%5C(c7||x!wodv{NP4vQq$C?i)s1kyU5#m9Dp=RtCG*g-@_^MlZvR%)~<j5
zy)~z^#(7>-bt^m8^P9~dzW4E7H}ROEDe>^C*WX(E`Tr(}2U*Hl^D8n~pcD$lJeb0|
z4}GeeHq5~4$|JqPGi%gp`J=mm=R?y}mbSAieA?_5v#l%WowHRoy5)}dG1u!F8_#MU
zoZ05xX&Q~$;8|rRnr>f;j;>(aqgJ>T2uP`l6N{gyr5VRIeP4s~ys7x>x7?eo9D#yA
zl%Vt-MbV%9@xR|({q|eSUthoD=p$5}yxlEBf!R#5`xnA)mJguF1GlXaeZ19XSHym{
zJriNXAqS2GOQ7zajF2-vxg1xvZ_i~4wk`&I##_9KOXxbeTn_90+%*a?g*2FJCrzuT
zv{mu0pKSYd*VkX|^N4R(z%Q-#+)BT8tC6$zM6UCww&?3`UA~l1sy347_;})l&$0*m
zV>h0ca9GprWKmR!-ZBunZ_nW~5otx`{Zd>xoD=ZPl_48NTXa`<@63{NgbuuEF+y9P
zaV0saVQQRmv~@i9;5N4+Wq+Puu&7<b>oQOOVZ&Dk_wL@g^PBxgPglyYg24E+qE?(G
z2kZ0Vf|I2(@xE`9<s2zg`D#t8)k>w(`7wn)RZp7+GpI{Kyprk^j#sr1C`Os8PA+q8
zfyt7n-oM(l+KkuTOifCxg6}dyE(zR!w1JXFZ}6yObPegrvC-oG<_E1T&$9!!&wRE$
zIA1=T>-$wg9}BDBSi-K|4`mF7fIp26*8rv$BT7)1L>Y!64LU7i<do4nws>BO3%*#Y
zqgX{p;@)Fd9TPXtkCoI)m3e_tm$T}16wxoa9}|))l^5)MKVpoxQ>akst29`k#>U3x
z#}s-OKKUn2rPC|&yiWyW*6Fkwm@kw{6-p9WC)O-q`_Y!;d$#?@feI5=f79oqzr6jy
zmMtG``yj3WWvp!%-Z)WYP*-1x3HC4045e;(^MkFQezx_?6E|x5#vkAPVN+x$O&F-5
zh%KMo9i>n;cvB&$x;`Ut%O6*6+`47+rj1`7JS*-eP=i^Tw&Qny+jXy-CbViDt|*Gw
zxAvV)n?L^Gz2*DLjYy`uf80;i8Ux-Xz7^;h*+-btzgxa+`~HN2UQDZ*@gl$aB`i=Q
zBO~)*3UmOZ$!3`XraE}<8P60rXSTpTmgP(~4wcIh7`ws-z+^I-2vjAPX$&R?l`9a8
zFc3PGhA^7pBLM!ffQwRv(;VTbPDOGYrktu+uF;Vut57i*Y@@V}hNuYGTrikM4%c#-
z5+ga2!xgyK$(1_T7N7{Esk9hn(5saSJ!`QT8NIXcD>Rr)hlYmc#}o!5%nQ%4F)565
z$DfIe!tM0kQ>7>KKd)X#wNKYH>BUjpS=X#bbE^H>#OF5Q7iJhAAAj=X39wUh*Qo01
zY8b#m!<TH42mq$Ny}gZ%jdL*_7#ILpVGRGm&iZ#P2KYaI{1~`CfNmCt0=yJ#P9Y5_
z)RK}C;8T`t;RwL59*_k9Z8qC1{uD^5_V)HBhruvjvV|i6h{14l0y+!R(b3WF?ruPK
zYU90hu|NcXKW%AgfgSN&OeGQtqyekv+^sCx!V!Rh2%k#;>#W~C+yH+Hv+CkW?xhk&
zKp#Hq=k8Boc*2wne}V2>lyN4L*=%H|%W!5J?7QKUV9s+P2Mffr)ifjXY*(BSy4K7+
zGksAFTR>)^shmKD!-oWTHCpX9Al`q0f%X97bbhW6hTI%Rdy=6PNJ{WGCly$IX?JsD
z^AItSL>tZOx;qu4CR*B2S5?)AbL?~xV2#l}NlvrYJRciR8+l?l^ZKn?xxjq?`Ua%z
zcyVHZlxK&V8d`efta<3+rL+NpH!fZ(00rZjJU`$)lg4L^hTfvoGv9yv?VjB`Plr}L
z(ObBg3_S^?b<NHA$f#oNG|%4`xZ1VM%pil^9ql7H4SdLiIe7jI_igb*z#7k`*GbMs
zbY2T`@wn8jb&x2(x{(a0Y|LrY@>p?1Wc*L{G><$Gc}B-KVs>t(n6Z$C{2b2@c<ZN)
zV9a=V=vn`)2ECr>E4}XKAJ(tnEOsNX_j*0a!D41~@cc>Dz*<_(K*n<xzCQwZeul9K
zs~u+mIl$z&1eM8XcJll{bJ;EMZBG-EzJSW7M(bRE^eFAoSpZQQejcDoK_RQjAqSAG
z5gs^HF(XY*m4osG#d6N2)dE?;ABX{yWx=HpW+1^AW6%@8hB-Aa$j{OSLQliq$7)7O
zL~$v18uVrhqv(te^$|ZYu(MpufaDpM&_dv8=I5lLPeA{hG@vZd@-Ux-%0Xd^Ad|QT
zC3S1X$NuQn$Xl)UHqX}%i*00E=2h2iTR+^o=CAMl&GY7<jei1|R-1|18<7ElIhciv
zIlOA!`uE@cpOwebJ5g21sa0R?_;%g9%YXl|Ukz&_F~J!|kcRG(i@v_`k5LQF;EfOB
z_pjNsdHdRTR=s}W+8}48b-4kry|ZS`yKjDcz*o|*H|QPZpdf1)DU9B__U|8TSo6Wr
zgi)O8DNEY_&WBsRSogQLU*F?@>-_F_-dXWq>wYLO@l5+e(Vh?2ZP>VR^R~~g*HSjV
z(e)2UYI(9eCN4R>R>x2rCCf^RP04D-Kqi<0#B(oUfdZ;zey$I?VFoRZ8W^2Kbnd7}
zU`k42fcI%p+9Q&0`*D?Dhs|uVc89L@cx0uT(}T|Y<p^h2*cR`v4@uBL5%BybqWMlr
ztf-QE9KY<-u&!Z9SJ(BaRihbhpLz}mUG(_On#1Lk(aH1cNnJzc<+#v7rHM3<cxz6i
z$GLO^<if<Kb_5QpAMO3(WS!%XN7s!D9`OYTZV<|0q*<5$<$r!2S6N<GmgBv3jaR91
zSaR{llUH<*)tJBg-Gi+{q3#o}pQ`3<JcoBSROS~HTsrS^=v;=D@AF^j*~SxP(Q(N?
z)o3XL$*RP$@kuwU5z5i71si}4EZ8%7exO$;4Z$g-BI@kPki-X>8Cl{wsTLN>nsY1t
z+pQdD>y26m8VO#1D>WgmSiun5v5}O(uM4HaqK%#s7HdpT7DW~zcA}*qGd14dW#6IX
z(h=22uK&)I$7Yf;s#14<^FYRdHm%Vhm>#LSpDGH<lQ9IYM;f!Q#s=k%vj#-j5qHA9
zv#s!x;JXGvW8sDigM2P$DYSa6Aa#?LnwZxPM@tH_@7=qfm0Q>+$GVDdMtOmNK<l(6
zKAU6vtS}9=UU>U_i%DG^?tLo!;=P>glo($>j|W=5+jpf$GmncSV=tvut6@f=<i*jk
zNjD^F0)y%oZm>Wtl;=kc>f&Gzk+=^uJs>D`2uhhGNB{g?4Y2L<+)Zz|0MB20JvlL<
z3g%N>n)SmcXIhOT5%0N|)4IB}BvEvEXO{cLPGP8^CBa_@XGjMh`g{@JEAafI@n7xC
z9(VHmYAuF#7AAUmM06`)Lf6z~q(ofE9HU9icthmjvu%ndm-oNC(#!I8<c|CP(@8~Y
z6x9gjP}*F7WW{^gj_(&^eN<S9theM^sQaA}n%1fd+&6@E!QRN!==r8cJJIVG;Gf+M
zx+>q3ditBQSz5l!d&Rj%Sfj#Y5^qS91a8m`--(I2lG&`qwTqGop2_nACk<&ZFHD+J
zgUTxtBQJ|v5sljMP_9AkJ?Z<FFI)cRVV4UZ1vk*Tj{MkNtKVMr_Nq0TJ}cDlcCIt=
zoA7E})s&TX<x-`AssC>ETPs(+`Nn4V1}P#RDvCLNqYpGq{pgL;XNshHL?zS<Og}bM
zbJo)>qh{DZsGIWAQ(_B7aa1wda@i~3kpNk%%X@!)WBKwuL3iZ18Bxle?NO*Wp3L9&
z+Ok!v-(0rrIQZ=;yL%}-XBfv-^0J71soe%xO<SV3hc%gPy2ebGPu^IuYSl+)qwYl&
z$}C;6+ap@c>WWKO(=uumxL(yO2@moU_k)6@oPophFJXZi9v+^blZLbz>^QK3a*Q#u
zxCXAA&&Q=>=;XOSJ8wayGDJTi5y5*K)T3i#8iqGv<1(#qHU-o~&`6zT$Dv<TdZV3I
z3#_1$w%hdzsk37Et0q+4X_5Pn1eFgcaRQE|;7aK@$OWv`q?3=0PSs<f)sv+h1*PL^
z_>oK)E|;rO*dyqbQmIUi!Mfz|r8V+q?bsM7Ka*`SGaRlMLyWvhHzq?Fh9)qLx+B%=
zL~L@i(x4F<v>0>p{Bt>J*kQmpg|w$=^SQM8*cgy469$AkBv0Q81U%deT>B(rKToRD
z1tiSm>&K)DTs2sdlT$k&m5)!6`BSw1R6S1-`7;|Z$*4O$Kue}BCYm<Ya%UT-n+hOy
zlw{=ftD!%BPDhxRC4MH)58Epc0RC}2|LCYxu0?e!nee8s+`y+CL3Il0$S?2?n09q_
zH8(dqPw!5gKZOr%NPr{1Jv}`@`2VA<zrX(<<r@6{V(*=uogk6G%n4r;)0hGy1>6A)
zQlM9X^joq;A>brW0l-;YA7Bdi@NEj)*M;xPmU0TaYXkw%;8zbA&N?SOu{JxN0=UlP
zC0jTGQ+to;-~P-;OV=-mz*2nF3j#P#@mZJxhXTtV$p5hVFWCYS0JvZeIx_}p8dD&o
zVM72PV$Y?vmNLvl0N5+ohSt~DI}c3EnonUD1w5d0jasrrApkhSM+$6jXJNV&AN3;g
zFKqQ;+Jx`@S$lp^s6mT{&VhMh$rg*iGvlK`iw2m5D5jYP0<v-9$cl4dgIYZ|&r|oD
z2~JX5*yrYBI2%Y)aNhJ+F~(%E^ET7-oBP7vVJU*+=L?CCG8jk-#BZA{<HJ9{wqoVV
zm8+Kj>9@NjaBP+aE>4Kwg9tua&=@HOWOCN=0K|FDs%T6&<0qzhD~QSvwdOQXm`Tt>
zNs4xsHCcFOC^=M=+a|Y~*(s%z1i~8P{e*}=INK}ao+=K7Y3Sn#&)`}p1ft$#2FNZH
zfTlocI4RJUD+*0%V0rV?^*}CXi@Dh$Ukg!5pUwly`9kBPC?k!Q#;t$<z;ujFTa;I}
zlsDpit<?nu1;wRRQo?5Bw2vDHJK75K^9w86o{%PE<E<Zd?T^f9>_YTdZ&g8lVG(3*
z9swDRh6umW?uO!gC@blI(iH0I8gl7&d6$d@ITQ?zKI@U;ww9LW>YNAF;}nC*I!p5k
z3i9$AMhJ^hFMB-F(^6SnR8S&m7z5&yHJXsVg8Y2=*YHFG9SVoKN4wi<YAVIzN9hS?
zj-E}(ZR`Wx6<2nZ=0Uc+nnBdUQR>kl=|G3Lq^P{Q7lA;!7mK0-l;L}S0r63|fus9l
zPk7wz((#PmxqHw9m1QFbi;|BYIqnq_73hCBNYsGygW+qpAB~C>1-b3qeZFKwRT8>u
z(<g_0ujP*EG?MEv@kyzdMQ;0#Tz<^4>dxF?S2v%asDO~8=K`<!?cZ_G^~adJZa6pq
zyABYHF?Eyshii`q#{~J^>eBaRK-QF$)ReGu?kQsyeO`dufkS7)qQl(J9SKcoB3bF(
zle@n1ijIkNJLVGkXq=KY-8uf{=kB3V(UDg}y}tfp*9qTS6&N*?;T;$$)D!-L+r=TH
zr7bOR-*+y4Az_JED#lq#|6+kuus|(Li^d2JX$$tgSlKTp34CHlhT$|SO^fx6&JzS`
z6V?~)`hBflA=+>tSI{}RvM}G6q5)mc4fnt*D{rSwytV84u5b3a9Qgc=-|elU(Zb8V
z;rDwXtJO+qM!K#<C5wA>yp=|E4sjU-QDt+`0he-(Fn8k>0k8kz-CaixA3nTy?VtX9
zb=W8l@r%vsh9rGop~qRT-s;pfhpswLBGv`(@F`Ym+OmB-!}|qB-`-V}6nUi$u9&9C
zWxri5)Z?;m&F_DgFu?cSi#QjT4FbQ-!ss2YU&MYcJ__Q|V6L4s)WD6TpE~J(ubmZ+
z7&w2LdV^}@TB3hk=_nkLz~uwUzI!BEY0P@h3W}g<U8Tr3wxCN|mvqXj2#1|+WAv(b
zFF3^Kq3Dmit59WTvQKE?kOczm473UFjSq~;t{<Vu3BNiN*T|bh$IjJhIS76n&-rm%
zJb+>o&OU(9Xp}$j6WuKApv-1<XHis4z>~@=Z=KKQtt@n2TjF-le3_!@L2O83FG_<Z
zS(6zRc(KM{vtdPE8zNx>v%_gII9tKM5rSKyxU^y=1ZHU=KI=uzx$R#_d=$hj(PV#)
z%l41G(#y+=iwec%WnnIdvj@7eB2S$O%M@4N7ajWE^{&j`AGF%F7{?%zwItLtGN)D6
ze8*+`$s0|5`quRAJ}FHVl~oU8HvHv)n7}%-V@{n4x?5P8ogES&5@-8){U}Nmw+&-D
zN2C;jD#z-=51f!FDNKtZcwNBOtwCv$3Q1+^@lTWb@sg0BfQW12%95M$=YzwFG=}!T
zFLniHR9EN4?%#egYXBL3bU*w;bf;Q~*KWy-KXK6OPD8(rZ4do;li!UhsOQ>=Ezw<E
z>y3!;D>*V9XwHjLNaxS|bMaBoUl7hSZAztDZ{qEP2|nI_0bsu8z3#{?6iexv@~#E?
z_yk8Mb)h_C7!qH~>p~EnPSsUjSkXEFrywLh0a)q1h;8U$;CXLf-)q;iV{>~D9ZO?v
z#W#a|F8BvUlnm17<I3c4kDz-^dK3}-sx?a4Kt*OwuTrN`skDeeIZzzs<KyS=6B1E^
z@XEZ9^M}4a?HA}Dm2!IkwO|-+CtF45y?lHw{8Tqa6ZmLvb9u33SOw<>5RGCq|MGeF
zgoko9sT(PE)N{c<I8R~49@mza*S0Iv;N&G3APqv-{JJTmfy_7CWaA1gI}w!xhmR<Y
z5UZp@2^xM!@Sh*(RG^Nj^o#)!iYX9W5861W%Qy{(k_>>5mUP54!ND>ki74bUxzbq{
z3hNPt62ajR6Gv!elU@}H4Q?Pbiivx*&H%?Q9oZ=yd;F7I@Rj^-Gt34IsRfZ2>QiBy
z;J{4d&;*$Zf&y_&<tVOz@GQn`X7oyhT%{!(*}zEkILNCQj%p{JJoVCxd;lcLGqq?)
zgL&a8o2?ZJ$upl!-a3jo6J}(Xl@$`^l%1+*hSP~EoKI%?9*590RI8c_;+mUdI{%!)
zbL*LE=X|fb_-8Q8=82C2EgBS<36=Pji<bZF4xtx-BW-ACm>VAjYAQrpK-k$o`y0Oc
z_B#(u053HQQ(#YEfof}O1F#`PYRMLb0DuMrHteXJQ9BcyG;n=DpnwDj^8zG8P|uPr
z5CMQ|aBvW|_Ar0W)lHp2C$o>BF8BoIzi~$R0E4d~0CY;3TGIG_WsUFUSO0HW<I*^N
b`Q841DfkpHFDS|k00000NkvXXu0mjff*o^T