MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' of github.com:MISP/MISP into develop

pull/8610/merge
Sami Mokaddem 2022-11-15 11:43:15 +01:00
parent 376b160d93 e53d291f07
commit b887d23c8b
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
4 changed files with 58 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/Controller/Component/ACLComponent.php
View File

@ -974,27 +974,6 @@ class ACLComponent extends Component
return $user['org_id'] == $tagCollection['TagCollection']['org_id'];
}
/**
* Only site admin and event creator can modify an eventReport
*
* @param array $user
* @param array $report
* @return boolean
*/
public function canEditReport(array $user, array $report): bool
{
if ($user['Role']['perm_site_admin']) {
return true;
}
if (empty($report['Event'])) {
return __('Could not find associated event');
}
if ($report['Event']['orgc_id'] != $user['org_id']) {
return __('Only the creator organisation of the event can modify the report');
}
return true;
}
/**
* Only users that can modify organisation can delete sightings as sighting is not linked to user.
*
@ -1024,7 +1003,7 @@ class ACLComponent extends Component
*/
public function canEditEventReport(array $user, array $eventReport)
{
if (!isset($report['Event'])) {
if (!isset($eventReport['Event'])) {
throw new InvalidArgumentException('Passed object does not contain an Event.');
}
if ($user['Role']['perm_site_admin']) {

4
app/Controller/EventReportsController.php
View File

@ -492,9 +492,9 @@ class EventReportsController extends AppController
$this->set('sharingGroups', $sgs);
}
private function __injectPermissionsToViewContext($user, $report)
private function __injectPermissionsToViewContext(array $user, array $report)
{
$canEdit = $this->ACL->canEditReport($user, $report) === true;
$canEdit = $this->ACL->canEditEventReport($user, $report);
$this->set('canEdit', $canEdit);
}

61
app/View/Elements/genericElements/SideMenu/side_menu.ctp
View File

@ -436,17 +436,19 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'url' => '/eventReports/view/' . h($id),
'text' => __('View Event Report')
));
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'edit',
'url' => '/eventReports/edit/' . h($id),
'text' => __('Edit Event Report'),
'requirement' => $canEdit,
));
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'url' => '/admin/audit_logs/index/model:EventReport/model_id:' . h($id),
'text' => __('View report history'),
'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'),
));
if ($canEdit) {
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'edit',
'url' => '/eventReports/edit/' . h($id),
'text' => __('Edit Event Report'),
));
}
if (Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index')) {
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'url' => '/admin/audit_logs/index/model:EventReport/model_id:' . h($id),
'text' => __('View report history'),
));
}
}
break;
@ -1094,12 +1096,13 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'url' => $baseurl . '/admin/logs/index',
'text' => __('Application Logs')
));
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'listAuditLogs',
'url' => $baseurl . '/admin/audit_logs/index',
'text' => __('Audit Logs'),
'requirement' => Configure::read('MISP.log_new_audit'),
));
if (Configure::read('MISP.log_new_audit')) {
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'listAuditLogs',
'url' => $baseurl . '/admin/audit_logs/index',
'text' => __('Audit Logs'),
));
}
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'listAccessLogs',
'url' => $baseurl . '/admin/access_logs/index',
@ -1451,7 +1454,7 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'text' => __('View Cluster')
));
}
if ($menuItem !== 'add_cluster' && $this->Acl->canModifyCluster($cluster)) {
if ($menuItem !== 'add_cluster' && $this->Acl->canModifyGalaxyCluster($cluster)) {
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'edit_cluster',
'url' => $baseurl . '/galaxy_clusters/edit/' . h($id),
@ -1665,11 +1668,12 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'text' => __('Edit Workflow Blueprint')
));
}
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'url' => '/admin/audit_logs/index/model:WorkflowBlueprint/model_id:' . h($id),
'text' => __('View workflow blueprint history'),
'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'),
));
if (Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index')) {
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'url' => '/admin/audit_logs/index/model:WorkflowBlueprint/model_id:' . h($id),
'text' => __('View workflow blueprint history'),
));
}
}
echo $divider;
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
@ -1714,11 +1718,12 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'text' => __('Edit Workflow')
));
}
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'url' => '/admin/audit_logs/index/model:Workflow/model_id:' . h($id),
'text' => __('View worflow history'),
'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'),
));
if (Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index')) {
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'url' => '/admin/audit_logs/index/model:Workflow/model_id:' . h($id),
'text' => __('View workflow history'),
));
}
}
break;

42
app/View/Helper/AclHelper.php
View File

@ -6,10 +6,22 @@ class AclHelper extends Helper
/** @var ACLComponent */
private $ACL;
/** @var array */
private $me;
public function __construct(View $View, $settings = [])
{
parent::__construct($View, $settings);
$this->ACL = $View->viewVars['aclComponent'];
if (!$this->ACL instanceof ACLComponent) {
throw new InvalidArgumentException('ACL not provided.');
}
$this->me = $View->viewVars['me'];
if (empty($this->me)) {
throw new InvalidArgumentException('Me variable not provided.');
}
}
/**
@ -19,8 +31,7 @@ class AclHelper extends Helper
*/
public function canAccess($controller, $action)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canUserAccess($me, $controller, $action);
return $this->ACL->canUserAccess($this->me, $controller, $action);
}
/**
@ -29,8 +40,7 @@ class AclHelper extends Helper
*/
public function canModifyEvent(array $event)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canModifyEvent($me, $event);
return $this->ACL->canModifyEvent($this->me, $event);
}
/**
@ -39,8 +49,7 @@ class AclHelper extends Helper
*/
public function canPublishEvent(array $event)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canPublishEvent($me, $event);
return $this->ACL->canPublishEvent($this->me, $event);
}
/**
@ -50,8 +59,7 @@ class AclHelper extends Helper
*/
public function canModifyTag(array $event, $isTagLocal = false)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canModifyTag($me, $event, $isTagLocal);
return $this->ACL->canModifyTag($this->me, $event, $isTagLocal);
}
/**
@ -60,8 +68,7 @@ class AclHelper extends Helper
*/
public function canDisableCorrelation(array $event)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canDisableCorrelation($me, $event);
return $this->ACL->canDisableCorrelation($this->me, $event);
}
/**
@ -70,8 +77,7 @@ class AclHelper extends Helper
*/
public function canModifyTagCollection(array $tagCollection)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canModifyTagCollection($me, $tagCollection);
return $this->ACL->canModifyTagCollection($this->me, $tagCollection);
}
/**
@ -80,8 +86,7 @@ class AclHelper extends Helper
*/
public function canDeleteSighting(array $sighting)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canDeleteSighting($me, $sighting);
return $this->ACL->canDeleteSighting($this->me, $sighting);
}
/**
@ -90,8 +95,7 @@ class AclHelper extends Helper
*/
public function canEditEventReport(array $eventReport)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canEditReport($me, $eventReport);
return $this->ACL->canEditEventReport($this->me, $eventReport);
}
/**
@ -100,8 +104,7 @@ class AclHelper extends Helper
*/
public function canModifyGalaxyCluster(array $cluster)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canModifyGalaxyCluster($me, $cluster);
return $this->ACL->canModifyGalaxyCluster($this->me, $cluster);
}
/**
@ -110,7 +113,6 @@ class AclHelper extends Helper
*/
public function canPublishGalaxyCluster(array $cluster)
{
$me = $this->_View->viewVars['me'];
return $this->ACL->canModifyGalaxyCluster($me, $cluster);
return $this->ACL->canModifyGalaxyCluster($this->me, $cluster);
}
}