mirror of https://github.com/MISP/MISP
REST POST of event and signatures works (basics, no error-handling)
parent
87e12448ab
commit
a2d073b7b9
|
@ -59,12 +59,12 @@ class AppController extends Controller {
|
|||
function beforeFilter() {
|
||||
|
||||
// REST things
|
||||
if (isset($this->RequestHandler) && $this->RequestHandler->isXml()) {
|
||||
if ($this->_isRest()) {
|
||||
// disable CSRF for REST access
|
||||
$this->Security->csrfCheck = false;
|
||||
|
||||
// Authenticate user with authkey in Authorization HTTP header
|
||||
if ($this->RequestHandler->isXml() && !empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||
$authkey = $_SERVER['HTTP_AUTHORIZATION'];
|
||||
$this->loadModel('User');
|
||||
$params = array(
|
||||
|
@ -91,6 +91,10 @@ class AppController extends Controller {
|
|||
$this->set('isAdmin', $this->_isAdmin());
|
||||
}
|
||||
|
||||
|
||||
protected function _isRest() {
|
||||
return (isset($this->RequestHandler) && $this->RequestHandler->isXml());
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an array to the same array but with the values also as index instead of an interface_exists
|
||||
|
|
|
@ -96,7 +96,6 @@ class AttributesController extends AppController {
|
|||
|
||||
$this->Attribute->create();
|
||||
$this->request->data['Attribute']['value'] = $attribute; // set the value as the content of the single line
|
||||
$this->request->data['Attribute']['uuid'] = String::uuid();
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
$successes .= " ".($key+1);
|
||||
} else {
|
||||
|
@ -124,7 +123,6 @@ class AttributesController extends AppController {
|
|||
//
|
||||
// create the attribute
|
||||
$this->Attribute->create();
|
||||
$this->request->data['Attribute']['uuid'] = String::uuid();
|
||||
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
// inform the user and redirect
|
||||
|
|
|
@ -121,13 +121,30 @@ class EventsController extends AppController {
|
|||
// force check userid and orgname to be from yourself
|
||||
$this->request->data['Event']['user_id'] = $this->Auth->user('id');
|
||||
$this->request->data['Event']['org'] = $this->Auth->user('org');
|
||||
$this->request->data['Event']['uuid'] = String::uuid();
|
||||
$this->Event->create();
|
||||
if ($this->Event->save($this->request->data)) {
|
||||
$this->Session->setFlash(__('The event has been saved'));
|
||||
$this->redirect(array('action' => 'view', $this->Event->getId()));
|
||||
|
||||
if ($this->_isRest()) {
|
||||
// Workaround for different structure in XML than what CakePHP expects
|
||||
$this->request->data['Attribute'] = $this->request->data['Event']['Attribute'];
|
||||
unset($this->request->data['Event']['Attribute']);
|
||||
// the event_id field is not set (normal) so make sure no validation errors are thrown
|
||||
unset($this->Event->Attribute->validate['event_id']);
|
||||
unset($this->Event->Attribute->validate['value']['unique']); // otherwise gives bugs because event_id is not set
|
||||
}
|
||||
|
||||
if ($this->Event->saveAssociated($this->request->data)) {
|
||||
if ($this->_isRest()) {
|
||||
// REST users want to see the newly created event
|
||||
$this->view($this->Event->getId());
|
||||
$this->render('view');
|
||||
} else {
|
||||
// redirect to the view of the newly created event
|
||||
$this->Session->setFlash(__('The event has been saved'));
|
||||
$this->redirect(array('action' => 'view', $this->Event->getId()));
|
||||
}
|
||||
} else {
|
||||
$this->Session->setFlash(__('The event could not be saved. Please, try again.'), 'default', array(), 'error');
|
||||
// TODO return error if REST
|
||||
}
|
||||
}
|
||||
// combobox for risks
|
||||
|
@ -181,6 +198,7 @@ class EventsController extends AppController {
|
|||
$this->set('risks',compact('risks'));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* delete method
|
||||
*
|
||||
|
@ -206,6 +224,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Publishes the event without sending an alert email
|
||||
*/
|
||||
|
@ -231,6 +250,7 @@ class EventsController extends AppController {
|
|||
$this->redirect(array('action' => 'view', $id));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Send out an alert email to all the users that wanted to be notified.
|
||||
* Users with a GPG key will get the mail encrypted, other users will get the mail unencrypted
|
||||
|
@ -371,6 +391,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Send out an contact email to the person who posted the event.
|
||||
* Users with a GPG key will get the mail encrypted, other users will get the mail unencrypted
|
||||
|
@ -398,7 +419,8 @@ class EventsController extends AppController {
|
|||
if (empty($this->data)) {
|
||||
$this->data = $this->Event->read(null, $id);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
|
@ -515,7 +537,8 @@ class EventsController extends AppController {
|
|||
unlink($tmpfname);
|
||||
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
public function export() {
|
||||
|
@ -852,21 +875,7 @@ class EventsController extends AppController {
|
|||
// and append |00| to terminate the name
|
||||
return $rawName;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Shortcut so you can check in your Controllers wether
|
||||
* REST Component is currently active.
|
||||
*
|
||||
* Use it in your ->flash() methods
|
||||
* to forward errors to REST with e.g. $this->Rest->error()
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
protected function _isRest() {
|
||||
return !empty($this->Rest) && is_object($this->Rest) && $this->Rest->isActive();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -99,6 +99,14 @@ class Attribute extends AppModel {
|
|||
//'last' => false, // Stop validation after this rule
|
||||
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
||||
),
|
||||
'unique' => array(
|
||||
'rule' => array('valueIsUnique'),
|
||||
'message' => 'A similar attribute already exists for this event.',
|
||||
//'allowEmpty' => false,
|
||||
//'required' => true,
|
||||
//'last' => false, // Stop validation after this rule
|
||||
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
||||
),
|
||||
),
|
||||
'to_ids' => array(
|
||||
'boolean' => array(
|
||||
|
@ -198,31 +206,42 @@ class Attribute extends AppModel {
|
|||
break;
|
||||
}
|
||||
|
||||
// generate UUID if it doesn't exist
|
||||
if (empty($this->data['Attribute']['uuid']))
|
||||
$this->data['Attribute']['uuid']= String::uuid();
|
||||
|
||||
// always return true, otherwise the object cannot be saved
|
||||
return true;
|
||||
}
|
||||
|
||||
function valueIsUnique ($fields) {
|
||||
$value = $fields['value'];
|
||||
$event_id = $this->data['Attribute']['event_id'];
|
||||
$type = $this->data['Attribute']['type'];
|
||||
$to_ids = $this->data['Attribute']['to_ids'];
|
||||
$category = $this->data['Attribute']['category'];
|
||||
|
||||
// check if the attribute already exists in the same event
|
||||
$conditions = array('Attribute.event_id' => $event_id,
|
||||
'Attribute.type' => $type,
|
||||
'Attribute.category' => $category,
|
||||
'Attribute.value' => $value
|
||||
);
|
||||
if (isset($this->data['Attribute']['id']))
|
||||
$conditions['Attribute.id !='] = $this->data['Attribute']['id'];
|
||||
|
||||
$params = array('recursive' => 0,
|
||||
'conditions' => $conditions,
|
||||
);
|
||||
if (0 != $this->find('count', $params) )
|
||||
return false;
|
||||
|
||||
// Say everything is fine
|
||||
return true;
|
||||
}
|
||||
|
||||
function validateAttributeValue ($fields) {
|
||||
$value = $fields['value'];
|
||||
$event_id = $this->data['Attribute']['event_id'];
|
||||
$type = $this->data['Attribute']['type'];
|
||||
$to_ids = $this->data['Attribute']['to_ids'];
|
||||
$category = $this->data['Attribute']['category'];
|
||||
|
||||
// check if the attribute already exists in the same event
|
||||
$conditions = array('Attribute.event_id' => $event_id,
|
||||
'Attribute.type' => $type,
|
||||
'Attribute.category' => $category,
|
||||
'Attribute.value' => $value
|
||||
);
|
||||
if (isset($this->data['Attribute']['id']))
|
||||
$conditions['Attribute.id !='] = $this->data['Attribute']['id'];
|
||||
|
||||
$params = array('recursive' => 0,
|
||||
'conditions' => $conditions,
|
||||
);
|
||||
if (0 != $this->find('count', $params) )
|
||||
return 'Attribute already exists for this event.';
|
||||
|
||||
// check data validation
|
||||
switch($this->data['Attribute']['type']) {
|
||||
|
|
|
@ -138,6 +138,12 @@ class Event extends AppModel {
|
|||
);
|
||||
|
||||
|
||||
function beforeValidate() {
|
||||
// generate UUID if it doesn't exist
|
||||
if (empty($this->data['Event']['uuid']))
|
||||
$this->data['Event']['uuid']= String::uuid();
|
||||
}
|
||||
|
||||
public function isOwnedByOrg($eventid, $org) {
|
||||
return $this->field('id', array('id' => $eventid, 'org' => $org)) === $eventid;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue