new: Cleanup of role permissions

- fixed name of admin -> org admin
- changed order of org admin <-> site admin
- descriptions updated and now visible by hovering over any permissions' titles

app/Model/Role.php

@@ -55,19 +55,84 @@ class Role extends AppModel {
 	);
 
 	public $permFlags = array(
-		'perm_admin' => array('id' => 'RolePermAdmin', 'text' => 'Admin', 'readonlyenabled' => false),
-		'perm_site_admin' => array('id' => 'RolePermSiteAdmin', 'text' => 'Site Admin', 'readonlyenabled' => false),
-		'perm_sync' => array('id' => 'RolePermSync', 'text' => 'Sync Actions', 'readonlyenabled' => true),
-		'perm_audit' => array('id' => 'RolePermAudit', 'text' => 'Audit Actions', 'readonlyenabled' => true),
-		'perm_auth' => array('id' => 'RolePermAuth', 'text' => 'Auth key access', 'readonlyenabled' => true),
-		'perm_regexp_access' => array('id' => 'RolePermRegexpAccess', 'text' => 'Regex Actions', 'readonlyenabled' => false),
-		'perm_tagger' => array('id' => 'RolePermTagger', 'text' => 'Tagger', 'readonlyenabled' => false),
-		'perm_tag_editor' => array('id' => 'RolePermTagEditor', 'text' => 'Tag Editor', 'readonlyenabled' => false),
-		'perm_template' => array('id' => 'RolePermTemplate', 'text' => 'Template Editor', 'readonlyenabled' => false),
-		'perm_sharing_group' => array('id' => 'RolePermSharingGroup', 'text' => 'Sharing Group Editor', 'readonlyenabled' => false),
-		'perm_delegate' => array('id' => 'RolePermDelegate', 'text' => 'Delegations Access', 'readonlyenabled' => false),
-		'perm_sighting' => array('id' => 'RolePermSighting', 'text' => 'Sighting Creator', 'readonlyenabled' => true),
-		'perm_object_template' => array('id' => 'RolePermObjectTemplate', 'text' => 'Object Template Editor', 'readonlyenabled' => false)
+		'perm_site_admin' => array(
+			'id' => 'RolePermSiteAdmin',
+			'text' => 'Site Admin',
+			'readonlyenabled' => false,
+			'title' => 'Unrestricted access to any data and functionality on this instance.'
+		),
+		'perm_admin' => array(
+			'id' => 'RolePermAdmin',
+			'text' => 'Org Admin',
+			'readonlyenabled' => false,
+			'title' => 'Limited organisation admin - create, manage users of their own organisation'
+		),
+		'perm_sync' => array(
+			'id' => 'RolePermSync',
+			'text' => 'Sync Actions',
+			'readonlyenabled' => true,
+			'title' => 'Synchronisation permission, can be used to connect two MISP instances create data on behalf of other users. Make sure that the role with this permission has also access to tagging and tag editing rights.'
+		),
+		'perm_audit' => array(
+			'id' => 'RolePermAudit',
+			'text' => 'Audit Actions',
+			'readonlyenabled' => true,
+			'title' => 'Access to the audit logs of the user\'s organisation.'
+		),
+		'perm_auth' => array(
+			'id' => 'RolePermAuth',
+			'text' => 'Auth key access',
+			'readonlyenabled' => true,
+			'title' => 'Users with this permission have access to authenticating via their Auth keys, granting them access to the API.'
+		),
+		'perm_regexp_access' => array(
+			'id' => 'RolePermRegexpAccess',
+			'text' => 'Regex Actions',
+			'readonlyenabled' => false,
+			'title' => 'Users with this role can modify the regex rules affecting how data is fed into MISP. Make sure that caution is advised with handing out roles that include this permission, user controlled executed regexes are dangerous.'
+		),
+		'perm_tagger' => array(
+			'id' => 'RolePermTagger',
+			'text' => 'Tagger',
+			'readonlyenabled' => false,
+			'title' => 'Users with roles that include this permission can attach or detach existing tags to and from events/attributes.'
+		),
+		'perm_tag_editor' => array(
+			'id' => 'RolePermTagEditor',
+			'text' => 'Tag Editor',
+			'readonlyenabled' => false,
+			'title' => 'This permission gives users the ability to create, modify or remove tags.'
+		),
+		'perm_template' => array(
+			'id' => 'RolePermTemplate',
+			'text' => 'Template Editor',
+			'readonlyenabled' => false,
+			'title' => 'Create or modify templates, to be used when populating events.'
+		),
+		'perm_sharing_group' => array(
+			'id' => 'RolePermSharingGroup',
+			'text' => 'Sharing Group Editor',
+			'readonlyenabled' => false,
+			'title' => 'Permission to create or modify sharing groups.'
+		),
+		'perm_delegate' => array(
+			'id' => 'RolePermDelegate',
+			'text' => 'Delegations Access',
+			'readonlyenabled' => false,
+			'title' => 'Allow users to create delegation requests for their own org only events to trusted third parties.'
+		),
+		'perm_sighting' => array(
+			'id' => 'RolePermSighting',
+			'text' => 'Sighting Creator',
+			'readonlyenabled' => true,
+			'title' => 'Permits the user to push feedback on attributes into MISP by providing sightings.'
+		),
+		'perm_object_template' => array(
+			'id' => 'RolePermObjectTemplate',
+			'text' => 'Object Template Editor',
+			'readonlyenabled' => false,
+			'title' => 'Create or modify MISP Object templates'
+		)
 	);
 
 	public $premissionLevelName = array('Read Only', 'Manage Own Events', 'Manage Organisation Events', 'Manage and Publish Organisation Events');

app/View/Roles/admin_index.ctp

@@ -26,7 +26,7 @@
 			<?php
 				foreach ($permFlags as $k => $flags):
 			?>
-				<th><?php echo $this->Paginator->sort($k, $flags['text']);?></th>
+				<th title="<?php echo h($flags['title']); ?>"><?php echo $this->Paginator->sort($k, $flags['text']);?></th>
 			<?php
 				endforeach;
 			?>

app/View/Roles/index.ctp

@@ -25,7 +25,7 @@
 			<?php
 				foreach ($permFlags as $k => $flags):
 			?>
-				<th><?php echo $this->Paginator->sort($k, $flags['text']);?></th>
+				<th title="<?php echo h($flags['title']); ?>"><?php echo $this->Paginator->sort($k, $flags['text']);?></th>
 			<?php
 				endforeach;
 			?>