mirror of https://github.com/MISP/MISP
chg: [sighting] Speedups list all sightings
parent
b1a5770ce9
commit
8df9bc9116
|
@ -164,19 +164,17 @@ class Sighting extends AppModel
|
|||
$event = array('Event' => $sighting['Event']);
|
||||
}
|
||||
|
||||
$ownEvent = false;
|
||||
if ($user['Role']['perm_site_admin'] || $event['Event']['org_id'] == $user['org_id']) {
|
||||
$ownEvent = true;
|
||||
}
|
||||
$ownEvent = $user['Role']['perm_site_admin'] || $event['Event']['org_id'] == $user['org_id'];
|
||||
if (!$ownEvent) {
|
||||
$sightingPolicy = $this->sightingsPolicy();
|
||||
// if sighting policy == 0 then return false if the sighting doesn't belong to the user
|
||||
if (!Configure::read('Plugin.Sightings_policy') || Configure::read('Plugin.Sightings_policy') == 0) {
|
||||
if ($sightingPolicy === self::SIGHTING_POLICY_EVENT_OWNER) {
|
||||
if ($sighting['Sighting']['org_id'] != $user['org_id']) {
|
||||
return array();
|
||||
}
|
||||
}
|
||||
// if sighting policy == 1, the user can only see the sighting if they've sighted something in the event once
|
||||
if (Configure::read('Plugin.Sightings_policy') == 1) {
|
||||
else if ($sightingPolicy === self::SIGHTING_POLICY_SIGHTING_REPORTER) {
|
||||
if (!$this->isReporter($sighting['Sighting']['event_id'], $user['org_id'])) {
|
||||
return array();
|
||||
}
|
||||
|
@ -689,7 +687,7 @@ class Sighting extends AppModel
|
|||
$objectIds = [];
|
||||
$eventOwnerOrgIdList = [];
|
||||
if ($context === 'attribute') {
|
||||
$objects = $this->Event->Attribute->fetchAttributes($user, array('conditions' => array('Attribute.id' => $ids, 'Attribute.deleted' => 0), 'flatten' => 1));
|
||||
$objects = $this->Event->Attribute->fetchAttributes($user, ['conditions' => ['Attribute.id' => $ids, 'Attribute.deleted' => 0], 'flatten' => 1]);
|
||||
foreach ($objects as $object) {
|
||||
$objectIds[] = $object['Attribute']['id'];
|
||||
$eventOwnerOrgIdList[$object['Event']['id']] = $object['Event']['orgc_id'];
|
||||
|
@ -697,7 +695,7 @@ class Sighting extends AppModel
|
|||
} elseif ($context === 'event') {
|
||||
// let's set the context to event here, since we reuse the variable later on for some additional lookups.
|
||||
// Passing $context = 'org' could have interesting results otherwise...
|
||||
$objects = $this->Event->fetchEvent($user, ['eventid' => $ids, 'metadata' => true]);
|
||||
$objects = $this->Event->fetchSimpleEvents($user, ['conditions' => ['Event.id' => $ids]]);
|
||||
foreach ($objects as $object) {
|
||||
$objectIds[] = $object['Event']['id'];
|
||||
$eventOwnerOrgIdList[$object['Event']['id']] = $object['Event']['orgc_id'];
|
||||
|
@ -745,13 +743,12 @@ class Sighting extends AppModel
|
|||
foreach ($sightings as $k => $sighting) {
|
||||
$eventId = $sighting['Sighting']['event_id'];
|
||||
if (!isset($eventsWithOwnSightings[$eventId])) {
|
||||
$eventsWithOwnSightings[$eventId] = false;
|
||||
$isReporter = $this->isReporter($eventId, $user['org_id']);
|
||||
if (!$isReporter) {
|
||||
$ownEvent = $eventOwnerOrgIdList[$eventId] == $user['org_id'];;
|
||||
$eventsWithOwnSightings[$eventId] = $ownEvent;
|
||||
} else {
|
||||
if ($isReporter) {
|
||||
$eventsWithOwnSightings[$eventId] = true;
|
||||
} else {
|
||||
$ownEvent = $eventOwnerOrgIdList[$eventId] == $user['org_id'];
|
||||
$eventsWithOwnSightings[$eventId] = $ownEvent;
|
||||
}
|
||||
}
|
||||
if (!$eventsWithOwnSightings[$eventId]) {
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
<?php
|
||||
// Calling `__` method for every sighting can be surprisingly quite slow, so better to call just once
|
||||
$deleteSightingTitle = __('Delete sighting');
|
||||
?>
|
||||
<div>
|
||||
<div id="org_id" class="hidden"><?php echo h($org_id); ?></div>
|
||||
<table class="table table-striped table-hover table-condensed" style="display:block; overflow-y:auto;max-height:500px;">
|
||||
|
@ -21,15 +25,15 @@
|
|||
}
|
||||
?>
|
||||
</td>
|
||||
<td class="short"><?= $types[$item['Sighting']['type']]; ?></td>
|
||||
<td class="short"><?php echo h($item['Sighting']['source']);?></td>
|
||||
<td class="short"><?php echo h($item['Sighting']['event_id']);?></td>
|
||||
<td class="short"><?php echo h($item['Sighting']['attribute_id']);?></td>
|
||||
<td class="short"><?= $types[$item['Sighting']['type']] ?></td>
|
||||
<td class="short"><?= h($item['Sighting']['source']) ?></td>
|
||||
<td class="short"><?= h($item['Sighting']['event_id']) ?></td>
|
||||
<td class="short"><?= h($item['Sighting']['attribute_id']) ?></td>
|
||||
<td class="short action-links">
|
||||
<?php
|
||||
if ($isSiteAdmin || ($item['Sighting']['org_id'] == $me['org_id'] && $isAclAdd)):
|
||||
?>
|
||||
<span class="fa fa-trash useCursorPointer" title="<?= __('Delete sighting');?>" role="button" tabindex="0" aria-label="<?php echo __('Delete sighting');?>" onClick="quickDeleteSighting('<?php echo h($item['Sighting']['id']); ?>', '<?php echo h($rawId); ?>', '<?php echo h($context); ?>');"></span>
|
||||
<span class="fa fa-trash useCursorPointer" title="<?= $deleteSightingTitle ?>" role="button" tabindex="0" aria-label="<?= $deleteSightingTitle ?>" onClick="quickDeleteSighting('<?= h($item['Sighting']['id']) ?>', '<?= h($rawId) ?>', '<?= h($context) ?>');"></span>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue