mirror of https://github.com/MISP/MISP
fix: [restSearche] Correctly interpret the `deleted` parameter on
`event` and `attribute` scope. -- Pair programming with @iglocksapull/4666/head
parent
6d5fac0a6c
commit
94332afbf6
|
@ -3286,7 +3286,7 @@ class EventsController extends AppController
|
|||
$paramArray = array(
|
||||
'value', 'type', 'category', 'org', 'tag', 'tags', 'searchall', 'from', 'to', 'last', 'eventid', 'withAttachments',
|
||||
'metadata', 'uuid', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly', 'returnFormat',
|
||||
'limit', 'page', 'requested_attributes', 'includeContext', 'headerless', 'includeWarninglistHits', 'attackGalaxy'
|
||||
'limit', 'page', 'requested_attributes', 'includeContext', 'headerless', 'includeWarninglistHits', 'attackGalaxy', 'deleted'
|
||||
);
|
||||
$filterData = array(
|
||||
'request' => $this->request,
|
||||
|
|
|
@ -3017,6 +3017,11 @@ class Attribute extends AppModel
|
|||
}
|
||||
if (!$user['Role']['perm_sync'] || !isset($options['deleted']) || !$options['deleted']) {
|
||||
$params['conditions']['AND']['(Attribute.deleted + 0)'] = 0;
|
||||
} else {
|
||||
if ($options['deleted'] === "only") {
|
||||
$options['deleted'] = 1;
|
||||
}
|
||||
$params['conditions']['AND']['(Attribute.deleted + 0)'] = $options['deleted'];
|
||||
}
|
||||
if (isset($options['group'])) {
|
||||
$params['group'] = empty($options['group']) ? $options['group'] : false;
|
||||
|
@ -3993,12 +3998,8 @@ class Attribute extends AppModel
|
|||
if (isset($filters['page'])) {
|
||||
$params['page'] = $filters['page'];
|
||||
}
|
||||
if (!empty($filtes['deleted'])) {
|
||||
$params['deleted'] = 1;
|
||||
if ($params['deleted'] === 'only') {
|
||||
$params['conditions']['AND'][] = array('Attribute.deleted' => 1);
|
||||
$params['conditions']['AND'][] = array('Object.deleted' => 1);
|
||||
}
|
||||
if (!empty($filters['deleted'])) {
|
||||
$params['deleted'] = $filters['deleted'];
|
||||
}
|
||||
if ($paramsOnly) {
|
||||
return $params;
|
||||
|
|
|
@ -1918,20 +1918,47 @@ class Event extends AppModel
|
|||
$conditionsAttributes['AND'][] = array('Attribute.to_ids' => 1);
|
||||
}
|
||||
$softDeletables = array('Attribute', 'Object', 'ObjectReference');
|
||||
if (isset($options['deleted']) && $options['deleted']) {
|
||||
if (isset($options['deleted'])) {
|
||||
if (!is_array($options['deleted'])) {
|
||||
$options['deleted'] = array($options['deleted']);
|
||||
}
|
||||
foreach ($options['deleted'] as $deleted_key => $deleted_value) {
|
||||
if ($deleted_value === 'only') {
|
||||
$deleted_value = 1;
|
||||
}
|
||||
$options['deleted'][$deleted_key] = intval($deleted_value);
|
||||
}
|
||||
if (!$user['Role']['perm_sync']) {
|
||||
foreach ($softDeletables as $softDeletable) {
|
||||
if (in_array(0, $options['deleted'])) {
|
||||
$deletion_subconditions = array(
|
||||
sprintf('%s.deleted', $softDeletable) => 0
|
||||
);
|
||||
} else {
|
||||
$deletion_subconditions = array(
|
||||
'1=0'
|
||||
);
|
||||
}
|
||||
${'conditions' . $softDeletable . 's'}['AND'][] = array(
|
||||
'OR' => array(
|
||||
'(SELECT events.org_id FROM events WHERE events.id = ' . $softDeletable . '.event_id)' => $user['org_id'],
|
||||
$softDeletable . '.deleted LIKE' => 0
|
||||
'AND' => array(
|
||||
sprintf('(SELECT events.org_id FROM events WHERE events.id = %s.event_id)', $softDeletable) => $user['org_id'],
|
||||
sprintf('%s.deleted', $softDeletable) => $options['deleted']
|
||||
),
|
||||
$deletion_subconditions
|
||||
)
|
||||
);
|
||||
}
|
||||
} else {
|
||||
foreach ($softDeletables as $softDeletable) {
|
||||
${'conditions' . $softDeletable . 's'}['AND'][] = array(
|
||||
sprintf('%s.deleted', $softDeletable) => $options['deleted']
|
||||
);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
foreach ($softDeletables as $softDeletable) {
|
||||
${'conditions' . $softDeletable . 's'}['AND'][$softDeletable . '.deleted LIKE'] = 0;
|
||||
${'conditions' . $softDeletable . 's'}['AND'][$softDeletable . '.deleted'] = 0;
|
||||
}
|
||||
}
|
||||
$proposal_conditions = array('OR' => array('ShadowAttribute.deleted' => 0));
|
||||
|
|
Loading…
Reference in New Issue