MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: New APIs to add/remove orgs and servers from sharing groups, fixes #2888 

- added functions to manage the additions/removals of objects from sharing groups
- the following APIs are included:
  - /sharingGroups/addOrg/[sg_id]/[org_id]/[extend]
  - /sharingGroups/removeOrg/[sg_id]/[org_id]
  - /sharingGroups/addServer/[sg_id]/[server_id]/[all_orgs]
  - /sharingGroups/removeServer/[sg_id]/[server_id]

- All parameters are optional and can instead be passed as JSON objects such as:

  {
    "org_uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f",
    "sg_id": "49",
    "extend": 1
  }

- The API is extremely flexible with how to name objects, the following parameters are allowed:
  - Organisations:
    - org_id (The organisation's local instance ID)
    - org_uuid (The organisation's global UUID)
    - org_name (The organisation's identifier as known to the curent instance)
  - Server:
    - server_id (The server's local instance ID)
    - server_url (The URL of the server)
    - server_name (The local name of the server as assigned when adding the server)

The sharing groups can also be addressed by ID or UUID.
pull/2902/head
iglocska 2018-02-02 08:46:14 +01:00
parent 8b7ce009ef
commit 9760f1144f
4 changed files with 213 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
app/Controller/SharingGroupsController.php
View File

@ -285,4 +285,157 @@ class SharingGroupsController extends AppController {
$this->set('id', $id);
$this->set('sg', $sg);
}
private function __initialiseSGQuickEdit($id, $request) {
if (!$this->request->is('post') || !$this->_isRest()) {
//throw new MethodNotAllowedException('This action only accepts POST requests coming from the API.');
}
// allow passing the sg_id via a JSON object
if (!$id) {
$validParams = array('sg_id', 'sg_uuid', 'id', 'uuid');
foreach ($validParams as $param) {
if (!empty($request[$param])) {
$id = $request[$param];
break;
}
}
if (empty($id)) throw new MethodNotAllowedException('No valid sharing group ID provided.');
}
$sg = $this->SharingGroup->fetchSG($id, $this->Auth->user(), false);
if (empty($sg)) {
throw new MethodNotAllowedException('Invalid sharing group or no editing rights.');
}
return $sg;
}
private function __initialiseSGQuickEditObject($id, $request, $type = 'org') {
$params = array(
'org' => array(
'org_id', 'org_uuid', 'org_name'
),
'server' => array(
'server_id', 'server_url', 'server_baseurl', 'server_name'
)
);
if (!empty($id)) {
if ($type == 'org') {
return $this->SharingGroup->SharingGroupOrg->Organisation->fetchOrg($id);
} else {
return $this->SharingGroup->SharingGroupServer->Server->fetchServer($id);
}
}
if ($type !== 'org' && $type !== 'server') return false;
foreach ($params[$type] as $param) {
if (!empty($request[$param])) {
if ($type == 'org') {
return $this->SharingGroup->SharingGroupOrg->Organisation->fetchOrg($request[$param]);
} else {
return $this->SharingGroup->SharingGroupServer->Server->fetchServer($request[$param]);
}
}
}
}
public function addOrg($sg_id = false, $object_id = false, $extend = false) {
$sg = $this->__initialiseSGQuickEdit($sg_id, $this->request->data);
$org = $this->__initialiseSGQuickEditObject($object_id, $this->request->data, $type = 'org');
if (empty($org)) throw new MethodNotAllowedException('Invalid organisation.');
if (isset($this->request->data['extend'])) {
$extend = $this->request->data['extend'];
}
$addOrg = true;
if (!empty($sg['SharingGroupOrg'])) {
foreach ($sg['SharingGroupOrg'] as $sgo) {
if ($sgo['org_id'] == $org['Organisation']['id']) {
$addOrg = false;
}
}
}
if (!$addOrg) return $this->RestResponse->saveFailResponse('SharingGroup', $this->action, false, 'Organisation is already in the sharing group.', $this->response->type());
$this->SharingGroup->SharingGroupOrg->create();
$sgo = array(
'SharingGroupOrg' => array(
'org_id' => $org['Organisation']['id'],
'sharing_group_id' => $sg['SharingGroup']['id'],
'extend' => $extend ? 1:0
)
);
$result = $this->SharingGroup->SharingGroupOrg->save($sgo);
return $this->__sendQuickSaveResponse($this->action, $result, 'Organisation');
}
public function removeOrg($sg_id = false, $object_id = false) {
$sg = $this->__initialiseSGQuickEdit($sg_id, $this->request->data);
$org = $this->__initialiseSGQuickEditObject($object_id, $this->request->data, $type = 'org');
if (empty($org)) throw new MethodNotAllowedException('Invalid organisation.');
$removeOrg = false;
if (!empty($sg['SharingGroupOrg'])) {
foreach ($sg['SharingGroupOrg'] as $sgo) {
if ($sgo['org_id'] == $org['Organisation']['id']) {
$removeOrg = $sgo['id'];
break;
}
}
}
if (false === $removeOrg) return $this->RestResponse->saveFailResponse('SharingGroup', $this->action, false, 'Organisation is not in the sharing group.', $this->response->type());
$result = $this->SharingGroup->SharingGroupOrg->delete($removeOrg);
return $this->__sendQuickSaveResponse($this->action, $result, 'Organisation');
}
public function addServer($sg_id = false, $object_id = false, $all = false) {
$sg = $this->__initialiseSGQuickEdit($sg_id, $this->request->data);
$server = $this->__initialiseSGQuickEditObject($object_id, $this->request->data, $type = 'server');
if (empty($server)) throw new MethodNotAllowedException('Invalid Server.');
if (isset($this->request->data['all'])) $all = $this->request->data['all'];
if (isset($this->request->data['all_orgs'])) $all = $this->request->data['all_orgs'];
$addServer = true;
if (!empty($sg['SharingGroupServer'])) {
foreach ($sg['SharingGroupServer'] as $sgs) {
if ($sgs['server_id'] == $server['Server']['id']) {
$addServer = false;
}
}
}
if (!$addServer) return $this->RestResponse->saveFailResponse('SharingGroup', $this->action, false, 'Server is already in the sharing group.', $this->response->type());
$this->SharingGroup->SharingGroupServer->create();
$sgs = array(
'SharingGroupServer' => array(
'server_id' => $server['Server']['id'],
'sharing_group_id' => $sg['SharingGroup']['id'],
'all_orgs' => $all ? 1:0
)
);
$result = $this->SharingGroup->SharingGroupServer->save($sgs);
return $this->__sendQuickSaveResponse($this->action, $result);
}
public function removeServer($sg_id = false, $object_id = false) {
$sg = $this->__initialiseSGQuickEdit($sg_id, $this->request->data);
$server = $this->__initialiseSGQuickEditObject($object_id, $this->request->data, $type = 'server');
if (empty($server)) throw new MethodNotAllowedException('Invalid Server.');
$removeServer = false;
if (!empty($sg['SharingGroupServer'])) {
foreach ($sg['SharingGroupServer'] as $sgs) {
if ($sgs['server_id'] == $server['Server']['id']) {
$removeServer = $server['Server']['id'];
break;
}
}
}
if (false === $addServer) return $this->RestResponse->saveFailResponse('SharingGroup', $this->action, false, 'Server is not in the sharing group.', $this->response->type());
$result = $this->SharingGroup->SharingGroupServer->delete($removeServer);
return $this->__sendQuickSaveResponse($this->action, $result);
}
private function __sendQuickSaveResponse($action, $result, $object_type = 'Server') {
$actionType = 'added to';
if (strpos($action, 'remove') !== false) {
$actionType = 'removed from';
}
if ($result) {
return $this->RestResponse->saveSuccessResponse('SharingGroup', $action, false, $this->response->type(), $object_type . ' ' . $actionType . ' the sharing group.');
} else {
return $this->RestResponse->saveFailResponse('SharingGroup', $action, false, $object_type . ' could not be ' . $actionType . ' the sharing group.', $this->response->type());
}
}
}

15
app/Model/Organisation.php
View File

@ -304,4 +304,19 @@ class Organisation extends AppModel{
$logFile->close();
return $success;
}
public function fetchOrg($id) {
if (empty($id)) return false;
$conditions = array('Organisation.id' => $id);
if (Validation::uuid($id)) {
$conditions = array('Organisation.uuid' => $id);
} else if (!is_numeric($id)) {
$conditions = array('LOWER(Organisation.name)' => strtolower($id));
}
$org = $this->find('first', array(
'conditions' => $conditions,
'recursive' => -1
));
return (empty($org)) ? false : $org;
}
}

16
app/Model/Server.php
View File

@ -3679,4 +3679,20 @@ class Server extends AppModel {
public function getDefaultAttachments_dir() {
return APP . 'files';
}
public function fetchServer($id) {
if (empty($id)) return false;
$conditions = array('Server.id' => $id);
if (!is_numeric($id)) {
$conditions = array('OR' => array(
'LOWER(Server.name)' => strtolower($id),
'LOWER(Server.url)' => strtolower($id)
));
}
$server = $this->find('first', array(
'conditions' => $conditions,
'recursive' => -1
));
return (empty($server)) ? false : $server;
}
}

29
app/Model/SharingGroup.php
View File

@ -625,4 +625,33 @@ class SharingGroup extends AppModel {
}
}
}
// Fetch the Sharing Group passed as ID/uuid. Can be queried for read only and for write operations.
public function fetchSG($id, $user, $readOnly = true) {
if (empty($id)) return false;
if (Validation::uuid($id)) {
$id = $this->find('first', array(
'conditions' => array('SharingGroup.uuid' => $id),
'recursive' => -1,
'fields' => array('SharingGroup.id')
));
if (empty($id)) return false;
else $id = $id['SharingGroup']['id'];
} else {
$temp = $this->find('first', array(
'conditions' => array('SharingGroup.id' => $id),
'recursive' => -1,
'fields' => array('SharingGroup.id')
));
if (empty($temp)) return false;
}
if ($readOnly) {
if (!$this->checkIfAuthorised($user, $id)) return false;
} else {
if (!$this->checkIfAuthorisedExtend($user, $id)) return false;
}
$sg = $this->fetchAllAuthorised($user, 'full', false, $id);
if (empty($sg)) return false;
return $sg[0];
}
}