mirror of https://github.com/MISP/MISP
Changes to the sync action pages
- fixed access control - any admin can now encode new servers. Org admins can pull/push for their own instances. - Upload certificates during an editpull/217/head
parent
89bf5f06b6
commit
a9d945ff19
|
@ -65,34 +65,13 @@ class ServersController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function add() {
|
||||
if ((!$this->_IsSiteAdmin()) && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!$this->_isAdmin()) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ($this->request->is('post')) {
|
||||
// force check userid and orgname to be from yourself
|
||||
$this->request->data['Server']['org'] = $this->Auth->user('org');
|
||||
if ($this->Server->save($this->request->data)) {
|
||||
if (isset($this->data['Server']['submitted_cert'])) {
|
||||
$ext = '';
|
||||
App::uses('File', 'Utility');
|
||||
$file = new File($this->data['Server']['submitted_cert']['name']);
|
||||
$ext = $file->ext();
|
||||
if (($ext != 'pem') || !$this->data['Server']['submitted_cert']['size'] > 0) {
|
||||
$this->Session->setFlash('Incorrect extension of empty file.');
|
||||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
}
|
||||
if (isset($this->data['Server']['submitted_cert']) && ($ext != 'pem') && $this->data['Server']['submitted_cert']['size'] > 0 &&
|
||||
is_uploaded_file($this->data['Event']['submittedgfi']['tmp_name'])) {
|
||||
$this->Session->setFlash(__('You may only upload GFI Sandbox zip files.'));
|
||||
} else {
|
||||
$pemData = fread(fopen($this->data['Server']['submitted_cert']['tmp_name'], "r"),
|
||||
$this->data['Server']['submitted_cert']['size']);
|
||||
$destpath = APP . "files" . DS . "certs" . DS;
|
||||
if (!preg_match('@^[\w-,\s,\.]+\.[A-Za-z0-9_]{2,4}$@', $this->data['Server']['submitted_cert']['name'])) throw new Exception ('Filename not allowed');
|
||||
$pemfile = new File ($destpath . $this->Server->id . '.' . $ext);
|
||||
$result = $pemfile->write($pemData);
|
||||
$s = $this->Server->read(null, $this->Server->id);
|
||||
$s['Server']['cert_file'] = $s['Server']['id'] . '.' . $ext;
|
||||
if ($result) $this->Server->save($s);
|
||||
if (isset($this->request->data['Server']['submitted_cert'])) {
|
||||
$this->__saveCert($this->request->data, $this->Server->id);
|
||||
}
|
||||
$this->Session->setFlash(__('The server has been saved'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
|
@ -110,11 +89,12 @@ class ServersController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function edit($id = null) {
|
||||
if (!$this->_IsSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
$this->Server->id = $id;
|
||||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
}
|
||||
$s = $this->Server->read(null, $id);
|
||||
if (!$this->_isSiteAdmin() && !($s['Server']['org'] == $this->Auth->user('org') && $this->_isAdmin())) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
// say what fields are to be updated
|
||||
$fieldList = array('id', 'url', 'push', 'pull', 'organization');
|
||||
|
@ -123,6 +103,9 @@ class ServersController extends AppController {
|
|||
$fieldList[] = 'authkey';
|
||||
// Save the data
|
||||
if ($this->Server->save($this->request->data, true, $fieldList)) {
|
||||
if (isset($this->request->data['Server']['submitted_cert'])) {
|
||||
$this->__saveCert($this->request->data, $this->Server->id);
|
||||
}
|
||||
$this->Session->setFlash(__('The server has been saved'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
} else {
|
||||
|
@ -144,7 +127,6 @@ class ServersController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function delete($id = null) {
|
||||
if(!$this->_IsSiteAdmin() && !($this->Server->id == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!$this->request->is('post')) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
|
@ -152,6 +134,8 @@ class ServersController extends AppController {
|
|||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
}
|
||||
$s = $this->Server->read(null, $id);
|
||||
if (!$this->_isSiteAdmin() || !($s['Server']['org'] == $this->Auth->user('org') && $this->_isSiteAdmin())) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ($this->Server->delete()) {
|
||||
$this->Session->setFlash(__('Server deleted'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
|
@ -173,13 +157,17 @@ class ServersController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function pull($id = null, $technique=false) {
|
||||
if (!$this->_isSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
$this->Server->id = $id;
|
||||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
}
|
||||
$s = $this->Server->read(null, $id);
|
||||
if (!$this->_isSiteAdmin() && !($s['Server']['org'] == $this->Auth->user('org') && $this->_isSiteAdmin())) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
$this->Server->id = $id;
|
||||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
}
|
||||
|
||||
$s = $this->Server->read(null, $id);
|
||||
if (false == $this->Server->data['Server']['pull']) {
|
||||
$this->Session->setFlash(__('Pull setting not enabled for this server.'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
|
@ -238,11 +226,12 @@ class ServersController extends AppController {
|
|||
}
|
||||
|
||||
public function push($id = null, $technique=false) {
|
||||
if (!$this->_isSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
$this->Server->id = $id;
|
||||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
}
|
||||
$s = $this->Server->read(null, $id);
|
||||
if (!$this->_isSiteAdmin() && !($s['Server']['org'] == $this->Auth->user('org') && $this->_isSiteAdmin())) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!Configure::read('MISP.background_jobs')) {
|
||||
$server = $this->Server->read(null, $id);
|
||||
App::uses('SyncTool', 'Tools');
|
||||
|
@ -275,4 +264,24 @@ class ServersController extends AppController {
|
|||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
}
|
||||
|
||||
public function __saveCert($server, $id) {
|
||||
$ext = '';
|
||||
App::uses('File', 'Utility');
|
||||
$file = new File($server['Server']['submitted_cert']['name']);
|
||||
$ext = $file->ext();
|
||||
if (($ext != 'pem') || !$server['Server']['submitted_cert']['size'] > 0) {
|
||||
$this->Session->setFlash('Incorrect extension of empty file.');
|
||||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
$pemData = fread(fopen($server['Server']['submitted_cert']['tmp_name'], "r"),
|
||||
$server['Server']['submitted_cert']['size']);
|
||||
$destpath = APP . "files" . DS . "certs" . DS;
|
||||
if (!preg_match('@^[\w-,\s,\.]+\.[A-Za-z0-9_]{2,4}$@', $server['Server']['submitted_cert']['name'])) throw new Exception ('Filename not allowed');
|
||||
$pemfile = new File ($destpath . $id . '.' . $ext);
|
||||
$result = $pemfile->write($pemData);
|
||||
$s = $this->Server->read(null, $id);
|
||||
$s['Server']['cert_file'] = $s['Server']['id'] . '.' . $ext;
|
||||
if ($result) $this->Server->save($s);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -119,7 +119,7 @@
|
|||
<li class="divider"></li>
|
||||
<?php endif; ?>
|
||||
<li <?php if ($menuItem === 'index') echo 'class="active";'?>><?php echo $this->Html->link('List Servers', array('controller' => 'servers', 'action' => 'index'));?></li>
|
||||
<li <?php if ($menuItem === 'add') echo 'class="active";'?>><?php if ($isSiteAdmin) echo $this->Html->link(__('New Server'), array('controller' => 'servers', 'action' => 'add')); ?></li>
|
||||
<li <?php if ($menuItem === 'add') echo 'class="active";'?>><?php echo $this->Html->link(__('New Server'), array('controller' => 'servers', 'action' => 'add')); ?></li>
|
||||
<?php
|
||||
break;
|
||||
|
||||
|
|
|
@ -1,20 +1,16 @@
|
|||
<div class="servers form">
|
||||
<?php echo $this->Form->create('Server', array('novalidate'=>true));?>
|
||||
<?php echo $this->Form->create('Server', array('type' => 'file', 'novalidate'=>true));?>
|
||||
<fieldset>
|
||||
<legend>Edit Server</legend>
|
||||
<legend>Add Server</legend>
|
||||
<?php
|
||||
echo $this->Form->input('url', array(
|
||||
'label' => 'Base URL',
|
||||
));
|
||||
?>
|
||||
<div class = "input clear"></div>
|
||||
<?php
|
||||
|
||||
echo $this->Form->input('organization', array(
|
||||
'label' => 'Organization',
|
||||
));
|
||||
?>
|
||||
<div class = "input clear"></div>
|
||||
<?php
|
||||
|
||||
echo $this->Form->input('authkey', array(
|
||||
));
|
||||
?>
|
||||
|
@ -22,10 +18,20 @@
|
|||
<?php
|
||||
echo $this->Form->input('push', array(
|
||||
));
|
||||
|
||||
echo $this->Form->input('pull', array(
|
||||
));
|
||||
?>
|
||||
<div class = "input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('pull', array(
|
||||
<?php
|
||||
echo $this->Form->input('self_signed', array(
|
||||
'type' => 'checkbox',
|
||||
));
|
||||
|
||||
echo $this->Form->input('Server.submitted_cert', array(
|
||||
'label' => '<b>Certificate file</b>',
|
||||
'type' => 'file',
|
||||
'div' => 'clear'
|
||||
));
|
||||
?>
|
||||
</fieldset>
|
||||
|
|
|
@ -22,17 +22,8 @@
|
|||
<th><?php echo $this->Paginator->sort('pull');?></th>
|
||||
<th><?php echo $this->Paginator->sort('url');?></th>
|
||||
<th>From</th>
|
||||
<?php
|
||||
if ($isSiteAdmin): ?>
|
||||
<th><?php echo $this->Paginator->sort('cert_file');?></th>
|
||||
<?php
|
||||
endif;
|
||||
if ($isAdmin):
|
||||
?>
|
||||
<th><?php echo $this->Paginator->sort('cert_file');?></th>
|
||||
<th><?php echo $this->Paginator->sort('org');?></th>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
<th>Last Pulled ID</th>
|
||||
<th>Last Pushed ID</th>
|
||||
<th class="actions">Actions</th>
|
||||
|
@ -44,27 +35,20 @@ foreach ($servers as $server): ?>
|
|||
<td class="short" style="text-align: center;"><?php echo ($server['Server']['pull'])? 'Yes' : 'No'; ?> </td>
|
||||
<td><?php echo h($server['Server']['url']); ?> </td>
|
||||
<td><?php echo h($server['Server']['organization']); ?> </td>
|
||||
<?php
|
||||
if ($isSiteAdmin): ?>
|
||||
<td class="short"><?php echo h($server['Server']['cert_file']); ?> </td>
|
||||
<?php
|
||||
endif;
|
||||
if ($isAdmin): ?>
|
||||
<td class="short"><?php echo h($server['Server']['cert_file']); ?> </td>
|
||||
<td class="short"><?php echo h($server['Server']['org']); ?> </td>
|
||||
<?php
|
||||
endif; ?>
|
||||
<td class="short"><?php echo $server['Server']['lastpulledid']; ?></td>
|
||||
<td class="short"><?php echo $server['Server']['lastpushedid']; ?></td>
|
||||
<td class="short action-links">
|
||||
<?php
|
||||
if ($server['Server']['pull'] && $isSiteAdmin)
|
||||
if ($server['Server']['pull'])
|
||||
echo $this->Html->link('', array('action' => 'pull', $server['Server']['id'], 'full'), array('class' => 'icon-download', 'title' => 'Pull all'));
|
||||
if ($server['Server']['push'] && $isSiteAdmin)
|
||||
if ($server['Server']['push'])
|
||||
echo $this->Html->link('', array('action' => 'push', $server['Server']['id'], 'full'), array('class' => 'icon-upload', 'title' => 'Push all'));
|
||||
?>
|
||||
|
||||
<?php
|
||||
$mayModify = ($isSiteAdmin || $me['org'] == $server['Server']['organization']) || ($isAdmin && ($server['Server']['organization'] == $me['org']));
|
||||
$mayModify = ($isSiteAdmin || ($isAdmin && ($server['Server']['org'] == $me['org'])));
|
||||
if ($mayModify) echo $this->Html->link('', array('action' => 'edit', $server['Server']['id']), array('class' => 'icon-edit', 'title' => 'Edit'));
|
||||
if ($mayModify) echo $this->Form->postLink('', array('action' => 'delete', $server['Server']['id']), array('class' => 'icon-trash', 'title' => 'Delete'), __('Are you sure you want to delete # %s?', $server['Server']['id']));
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue