mirror of https://github.com/MISP/MISP
new: [internal] Added new internal functions to be used by all export APIs in the future
- authenticate user via URL params if not already authenticated (to support legacy APIs) - harvest parameters in a standardised way for filtering all export APIspull/3551/head
parent
b1e712e726
commit
8907517330
|
@ -535,6 +535,67 @@ class AppController extends Controller
|
||||||
return $this->Auth->user('org_id');
|
return $this->Auth->user('org_id');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function _getApiAuthUser($key, &$exception) {
|
||||||
|
if ($key != 'download') {
|
||||||
|
// check if the key is valid -> search for users based on key
|
||||||
|
$user = $this->checkAuthUser($key);
|
||||||
|
if (!$user) {
|
||||||
|
$exception = $this->RestResponse->throwException(
|
||||||
|
401,
|
||||||
|
__('This authentication key is not authorized to be used for exports. Contact your administrator.')
|
||||||
|
);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (!$this->Auth->user('id')) {
|
||||||
|
$exception = $this->RestResponse->throwException(
|
||||||
|
401,
|
||||||
|
__('You have to be logged in to do that.')
|
||||||
|
);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$user = $this->Auth->user();
|
||||||
|
}
|
||||||
|
return $user;
|
||||||
|
}
|
||||||
|
|
||||||
|
// generic function to standardise on the collection of parameters. Accepts posted request objects, url params, named url params
|
||||||
|
protected function _harvestParameters($options, &$exception)
|
||||||
|
{
|
||||||
|
$data = array();
|
||||||
|
if (!empty($options['request']->is('post'))) {
|
||||||
|
if (empty($options['request']->data)) {
|
||||||
|
$exception = $this->RestResponse->throwException(
|
||||||
|
400,
|
||||||
|
__('Either specify the search terms in the url, or POST a json with the filter parameters.'),
|
||||||
|
'/' . $this->request->params['controller'] . '/' . $this->action
|
||||||
|
);
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
if (isset($options['request']->data['request'])) {
|
||||||
|
$data = $options['request']->data['request'];
|
||||||
|
} else {
|
||||||
|
$data = $options['request']->data;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!empty($options['paramArray'])) {
|
||||||
|
foreach ($options['paramArray'] as $p) {
|
||||||
|
if (
|
||||||
|
isset($options['ordered_url_params'][$p]) &&
|
||||||
|
(!in_array(strtolower($options['ordered_url_params'][$p]), array('null', '0', false, 'false', null)))
|
||||||
|
) {
|
||||||
|
$data[$p] = $options['ordered_url_params'][$p];
|
||||||
|
$data[$p] = str_replace(';', ':', $data[$p]);
|
||||||
|
}
|
||||||
|
if (isset($options['named_params'][$p])) {
|
||||||
|
$data[$p] = $options['named_params'][$p];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $data;
|
||||||
|
}
|
||||||
|
|
||||||
// pass an action to this method for it to check the active user's access to the action
|
// pass an action to this method for it to check the active user's access to the action
|
||||||
public function checkAction($action = 'perm_sync')
|
public function checkAction($action = 'perm_sync')
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue