MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' of github.com:MISP/MISP into develop

pull/8610/merge
Sami Mokaddem 2022-11-15 11:43:15 +01:00
parent 376b160d93 e53d291f07
commit b887d23c8b
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
4 changed files with 58 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/Controller/Component/ACLComponent.php
View File

@ -974,27 +974,6 @@ class ACLComponent extends Component
return $user['org_id'] == $tagCollection['TagCollection']['org_id']; return $user['org_id'] == $tagCollection['TagCollection']['org_id'];
} }
/**
* Only site admin and event creator can modify an eventReport
*
* @param array $user
* @param array $report
* @return boolean
*/
public function canEditReport(array $user, array $report): bool
{
if ($user['Role']['perm_site_admin']) {
return true;
}
if (empty($report['Event'])) {
return __('Could not find associated event');
}
if ($report['Event']['orgc_id'] != $user['org_id']) {
return __('Only the creator organisation of the event can modify the report');
}
return true;
}
/** /**
* Only users that can modify organisation can delete sightings as sighting is not linked to user. * Only users that can modify organisation can delete sightings as sighting is not linked to user.
* *
@ -1024,7 +1003,7 @@ class ACLComponent extends Component
*/ */
public function canEditEventReport(array $user, array $eventReport) public function canEditEventReport(array $user, array $eventReport)
{ {
if (!isset($report['Event'])) { if (!isset($eventReport['Event'])) {
throw new InvalidArgumentException('Passed object does not contain an Event.'); throw new InvalidArgumentException('Passed object does not contain an Event.');
} }
if ($user['Role']['perm_site_admin']) { if ($user['Role']['perm_site_admin']) {

4
app/Controller/EventReportsController.php
View File

@ -492,9 +492,9 @@ class EventReportsController extends AppController
$this->set('sharingGroups', $sgs); $this->set('sharingGroups', $sgs);
} }
private function __injectPermissionsToViewContext($user, $report) private function __injectPermissionsToViewContext(array $user, array $report)
{ {
$canEdit = $this->ACL->canEditReport($user, $report) === true; $canEdit = $this->ACL->canEditEventReport($user, $report);
$this->set('canEdit', $canEdit); $this->set('canEdit', $canEdit);
} }

61
app/View/Elements/genericElements/SideMenu/side_menu.ctp
View File

@ -436,17 +436,19 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'url' => '/eventReports/view/' . h($id), 'url' => '/eventReports/view/' . h($id),
'text' => __('View Event Report') 'text' => __('View Event Report')
)); ));
echo $this->element('/genericElements/SideMenu/side_menu_link', array( if ($canEdit) {
'element_id' => 'edit', echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'url' => '/eventReports/edit/' . h($id), 'element_id' => 'edit',
'text' => __('Edit Event Report'), 'url' => '/eventReports/edit/' . h($id),
'requirement' => $canEdit, 'text' => __('Edit Event Report'),
)); ));
echo $this->element('/genericElements/SideMenu/side_menu_link', array( }
'url' => '/admin/audit_logs/index/model:EventReport/model_id:' . h($id), if (Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index')) {
'text' => __('View report history'), echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'), 'url' => '/admin/audit_logs/index/model:EventReport/model_id:' . h($id),
)); 'text' => __('View report history'),
));
}
} }
break; break;
@ -1094,12 +1096,13 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'url' => $baseurl . '/admin/logs/index', 'url' => $baseurl . '/admin/logs/index',
'text' => __('Application Logs') 'text' => __('Application Logs')
)); ));
echo $this->element('/genericElements/SideMenu/side_menu_link', array( if (Configure::read('MISP.log_new_audit')) {
'element_id' => 'listAuditLogs', echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'url' => $baseurl . '/admin/audit_logs/index', 'element_id' => 'listAuditLogs',
'text' => __('Audit Logs'), 'url' => $baseurl . '/admin/audit_logs/index',
'requirement' => Configure::read('MISP.log_new_audit'), 'text' => __('Audit Logs'),
)); ));
}
echo $this->element('/genericElements/SideMenu/side_menu_link', array( echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'listAccessLogs', 'element_id' => 'listAccessLogs',
'url' => $baseurl . '/admin/access_logs/index', 'url' => $baseurl . '/admin/access_logs/index',
@ -1451,7 +1454,7 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'text' => __('View Cluster') 'text' => __('View Cluster')
)); ));
} }
if ($menuItem !== 'add_cluster' && $this->Acl->canModifyCluster($cluster)) { if ($menuItem !== 'add_cluster' && $this->Acl->canModifyGalaxyCluster($cluster)) {
echo $this->element('/genericElements/SideMenu/side_menu_link', array( echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'edit_cluster', 'element_id' => 'edit_cluster',
'url' => $baseurl . '/galaxy_clusters/edit/' . h($id), 'url' => $baseurl . '/galaxy_clusters/edit/' . h($id),
@ -1665,11 +1668,12 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'text' => __('Edit Workflow Blueprint') 'text' => __('Edit Workflow Blueprint')
)); ));
} }
echo $this->element('/genericElements/SideMenu/side_menu_link', array( if (Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index')) {
'url' => '/admin/audit_logs/index/model:WorkflowBlueprint/model_id:' . h($id), echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'text' => __('View workflow blueprint history'), 'url' => '/admin/audit_logs/index/model:WorkflowBlueprint/model_id:' . h($id),
'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'), 'text' => __('View workflow blueprint history'),
)); ));
}
} }
echo $divider; echo $divider;
echo $this->element('/genericElements/SideMenu/side_menu_link', array( echo $this->element('/genericElements/SideMenu/side_menu_link', array(
@ -1714,11 +1718,12 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
'text' => __('Edit Workflow') 'text' => __('Edit Workflow')
)); ));
} }
echo $this->element('/genericElements/SideMenu/side_menu_link', array( if (Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index')) {
'url' => '/admin/audit_logs/index/model:Workflow/model_id:' . h($id), echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'text' => __('View worflow history'), 'url' => '/admin/audit_logs/index/model:Workflow/model_id:' . h($id),
'requirement' => Configure::read('MISP.log_new_audit') && $this->Acl->canAccess('auditLogs', 'admin_index'), 'text' => __('View workflow history'),
)); ));
}
} }
break; break;

42
app/View/Helper/AclHelper.php
View File

@ -6,10 +6,22 @@ class AclHelper extends Helper
/** @var ACLComponent */ /** @var ACLComponent */
private $ACL; private $ACL;
/** @var array */
private $me;
public function __construct(View $View, $settings = []) public function __construct(View $View, $settings = [])
{ {
parent::__construct($View, $settings); parent::__construct($View, $settings);
$this->ACL = $View->viewVars['aclComponent']; $this->ACL = $View->viewVars['aclComponent'];
if (!$this->ACL instanceof ACLComponent) {
throw new InvalidArgumentException('ACL not provided.');
}
$this->me = $View->viewVars['me'];
if (empty($this->me)) {
throw new InvalidArgumentException('Me variable not provided.');
}
} }
/** /**
@ -19,8 +31,7 @@ class AclHelper extends Helper
*/ */
public function canAccess($controller, $action) public function canAccess($controller, $action)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canUserAccess($this->me, $controller, $action);
return $this->ACL->canUserAccess($me, $controller, $action);
} }
/** /**
@ -29,8 +40,7 @@ class AclHelper extends Helper
*/ */
public function canModifyEvent(array $event) public function canModifyEvent(array $event)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canModifyEvent($this->me, $event);
return $this->ACL->canModifyEvent($me, $event);
} }
/** /**
@ -39,8 +49,7 @@ class AclHelper extends Helper
*/ */
public function canPublishEvent(array $event) public function canPublishEvent(array $event)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canPublishEvent($this->me, $event);
return $this->ACL->canPublishEvent($me, $event);
} }
/** /**
@ -50,8 +59,7 @@ class AclHelper extends Helper
*/ */
public function canModifyTag(array $event, $isTagLocal = false) public function canModifyTag(array $event, $isTagLocal = false)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canModifyTag($this->me, $event, $isTagLocal);
return $this->ACL->canModifyTag($me, $event, $isTagLocal);
} }
/** /**
@ -60,8 +68,7 @@ class AclHelper extends Helper
*/ */
public function canDisableCorrelation(array $event) public function canDisableCorrelation(array $event)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canDisableCorrelation($this->me, $event);
return $this->ACL->canDisableCorrelation($me, $event);
} }
/** /**
@ -70,8 +77,7 @@ class AclHelper extends Helper
*/ */
public function canModifyTagCollection(array $tagCollection) public function canModifyTagCollection(array $tagCollection)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canModifyTagCollection($this->me, $tagCollection);
return $this->ACL->canModifyTagCollection($me, $tagCollection);
} }
/** /**
@ -80,8 +86,7 @@ class AclHelper extends Helper
*/ */
public function canDeleteSighting(array $sighting) public function canDeleteSighting(array $sighting)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canDeleteSighting($this->me, $sighting);
return $this->ACL->canDeleteSighting($me, $sighting);
} }
/** /**
@ -90,8 +95,7 @@ class AclHelper extends Helper
*/ */
public function canEditEventReport(array $eventReport) public function canEditEventReport(array $eventReport)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canEditEventReport($this->me, $eventReport);
return $this->ACL->canEditReport($me, $eventReport);
} }
/** /**
@ -100,8 +104,7 @@ class AclHelper extends Helper
*/ */
public function canModifyGalaxyCluster(array $cluster) public function canModifyGalaxyCluster(array $cluster)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canModifyGalaxyCluster($this->me, $cluster);
return $this->ACL->canModifyGalaxyCluster($me, $cluster);
} }
/** /**
@ -110,7 +113,6 @@ class AclHelper extends Helper
*/ */
public function canPublishGalaxyCluster(array $cluster) public function canPublishGalaxyCluster(array $cluster)
{ {
$me = $this->_View->viewVars['me']; return $this->ACL->canModifyGalaxyCluster($this->me, $cluster);
return $this->ACL->canModifyGalaxyCluster($me, $cluster);
} }
} }