mirror of https://github.com/MISP/MISP
Upgrade script for 2.1.8
- we have introduced the "locked" flag for events to protect events of the original creator from being edited by a sync user - IMPORTANT: before running the script below, make sure to create the locked field for the event table (see INSTALL/LOCKED.sql) - This script (generateLocked found in the Administrative tools menu) will attempt to set the locked value for existing events to ease the transition - The default value for locked is 0, and all events created on the instance should be set to this value - events that were synced from another instance should have their locked value set to 1 - this script checks for local organisations and sets the locked field to 1 for all events not created by them - a local organisation, as defined for the scope of this scrips is: an organisation with at least 2 members or an organisation with a single member that is not a sync user. - The script is only accessible by site admins and will return a notification about the number of events altered.pull/195/head
parent
994b701fe0
commit
b7d95ed743
|
@ -0,0 +1 @@
|
|||
ALTER TABLE `events` ADD `locked` tinyint(1) NOT NULL DEFAULT '0';
|
|
@ -213,6 +213,51 @@ class AppController extends Controller {
|
|||
$this->Session->setFlash(__('All done.'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
|
||||
public function generateLocked() {
|
||||
if (!self::_isSiteAdmin()) throw new NotFoundException();
|
||||
$this->loadModel('User');
|
||||
$this->User->recursive = -1;
|
||||
$localOrgs = array();
|
||||
$conditions = array();
|
||||
$orgs = $this->User->find('all', array('fields' => array('DISTINCT org')));
|
||||
foreach ($orgs as $k => $org) {
|
||||
$orgs[$k]['User']['count'] = $this->User->find('count', array(
|
||||
'conditions' => array(
|
||||
'org =' => $orgs[$k]['User']['org'],
|
||||
)));
|
||||
if ($orgs[$k]['User']['count'] > 1) {
|
||||
$localOrgs[] = $orgs[$k]['User']['org'];
|
||||
$conditions['AND'][] = array('orgc !=' => $orgs[$k]['User']['org']);
|
||||
} else if ($orgs[$k]['User']['count'] == 1) {
|
||||
// If we only have a single user for an org, check if that user is a sync user. If not, then it is a valid local org and the events created by him/her should be unlocked.
|
||||
$this->User->recursive = 1;
|
||||
$user = ($this->User->find('first', array(
|
||||
'fields' => array('id', 'role_id'),
|
||||
'conditions' => array('org' => $org['User']['org']),
|
||||
'contain' => array('Role' => array(
|
||||
'fields' => array('id', 'perm_sync'),
|
||||
))
|
||||
)));
|
||||
if (!$user['Role']['perm_sync']) {
|
||||
$conditions['AND'][] = array('orgc !=' => $orgs[$k]['User']['org']);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Don't lock stuff that's already locked
|
||||
$conditions['AND'][] = array('locked !=' => true);
|
||||
$this->loadModel('Event');
|
||||
$this->Event->recursive = -1;
|
||||
$toBeUpdated = $this->Event->find('count', array(
|
||||
'conditions' => $conditions
|
||||
));
|
||||
$this->Event->updateAll(
|
||||
array('Event.locked' => 1),
|
||||
$conditions
|
||||
);
|
||||
$this->Session->setFlash('Events updated, '. $toBeUpdated . ' record(s) altered.');
|
||||
$this->redirect(array('controller' => 'pages', 'action' => 'display', 'administration'));
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
|
@ -19,6 +19,7 @@ class User extends AppModel {
|
|||
|
||||
public $orgField = 'org'; // TODO Audit, LogableBehaviour + org
|
||||
|
||||
|
||||
/**
|
||||
* Validation rules
|
||||
*
|
||||
|
@ -237,6 +238,7 @@ class User extends AppModel {
|
|||
'change' => 'full'
|
||||
),
|
||||
'Trim',
|
||||
'Containable'
|
||||
//'RemoveNewline' => array('fields' => array('gpgkey')),
|
||||
);
|
||||
|
||||
|
|
|
@ -13,5 +13,6 @@ if (!$isSiteAdmin) exit();
|
|||
<li><a href="/events/reportValidationIssuesAttributes">reportValidationIssuesAttributes</a></li>
|
||||
<li><a href="/events/generateCount">generateCount</a> (Events need to have no validation issues)</li>
|
||||
<li><a href="/events/generateCorrelation">generateCorrelation</a></li>
|
||||
<li><a href="/events/generateLocked">generateLocked</a> (This is for upgrading to hotfix 2.1.8 or later, all events that were created by an organisation that doesn't have users on this instance, or only has a single sync user will have their locked setting set to 1)</li>
|
||||
</ul>
|
||||
</div>
|
Loading…
Reference in New Issue