mirror of https://github.com/MISP/MISP
chg: [internal] Move module perms to one place
parent
0ed444a4d1
commit
beab72d61d
|
@ -1,10 +1,14 @@
|
|||
<?php
|
||||
App::uses('AppController', 'Controller');
|
||||
|
||||
/**
|
||||
* @property Module $Module
|
||||
*/
|
||||
class ModulesController extends AppController
|
||||
{
|
||||
public $components = array(
|
||||
'RequestHandler'
|
||||
);
|
||||
'RequestHandler'
|
||||
);
|
||||
|
||||
public function queryEnrichment()
|
||||
{
|
||||
|
@ -18,11 +22,7 @@ class ModulesController extends AppController
|
|||
if (!Configure::read('Plugin.Enrichment_' . $modname . '_enabled')) {
|
||||
throw new MethodNotAllowedException('Module not found or not available.');
|
||||
}
|
||||
if (
|
||||
!$this->_isSiteAdmin &&
|
||||
Configure::read('Plugin.Enrichment_' . $modname . '_restrict') &&
|
||||
Configure::read('Plugin.Enrichment_' . $modname . '_restrict') != $this->Auth->user('org_id')
|
||||
) {
|
||||
if (!$this->Module->canUse($this->Auth->user(), 'Enrichment', $modname)) {
|
||||
throw new MethodNotAllowedException('Module not found or not available.');
|
||||
}
|
||||
$options = array();
|
||||
|
|
|
@ -14,7 +14,7 @@ class Module extends AppModel
|
|||
'Cortex' => array('cortex')
|
||||
);
|
||||
|
||||
private $__typeToFamily = array(
|
||||
const TYPE_TO_FAMILY = array(
|
||||
'Import' => 'Import',
|
||||
'Export' => 'Export',
|
||||
'Action' => 'Action',
|
||||
|
@ -113,11 +113,7 @@ class Module extends AppModel
|
|||
unset($modules[$k]);
|
||||
continue;
|
||||
}
|
||||
if (
|
||||
!$user['Role']['perm_site_admin'] &&
|
||||
Configure::read('Plugin.' . $moduleFamily . '_' . $module['name'] . '_restrict') &&
|
||||
Configure::read('Plugin.' . $moduleFamily . '_' . $module['name'] . '_restrict') != $user['org_id']
|
||||
) {
|
||||
if (!$this->canUse($user, $moduleFamily, $module)) {
|
||||
unset($modules[$k]);
|
||||
}
|
||||
}
|
||||
|
@ -156,10 +152,10 @@ class Module extends AppModel
|
|||
*/
|
||||
public function getEnabledModule($name, $type)
|
||||
{
|
||||
if (!isset($this->__typeToFamily[$type])) {
|
||||
if (!isset(self::TYPE_TO_FAMILY[$type])) {
|
||||
throw new InvalidArgumentException("Invalid type '$type'.");
|
||||
}
|
||||
$moduleFamily = $this->__typeToFamily[$type];
|
||||
$moduleFamily = self::TYPE_TO_FAMILY[$type];
|
||||
$modules = $this->getModules($moduleFamily);
|
||||
if (!Configure::read('Plugin.' . $moduleFamily . '_' . $name . '_enabled')) {
|
||||
return 'The requested module is not enabled.';
|
||||
|
@ -375,14 +371,13 @@ class Module extends AppModel
|
|||
$name = is_string($key) ? $key : $value['name'];
|
||||
$moduleSettings[] = [
|
||||
'name' => $name,
|
||||
'type' => isset($value['type']) ? $value['type'] : 'string',
|
||||
'test' => isset($value['test']) ? $value['test'] : null,
|
||||
'description' => isset($value['description']) ? $value['description'] : null,
|
||||
'null' => isset($value['null']) ? $value['null'] : null,
|
||||
'test' => isset($value['test']) ? $value['test'] : null,
|
||||
'bigField' => isset($value['bigField']) ? $value['bigField'] : false,
|
||||
'cli_only' => isset($value['cli_only']) ? $value['cli_only'] : false,
|
||||
'redacted' => isset($value['redacted']) ? $value['redacted'] : false
|
||||
'type' => $value['type'] ?? 'string',
|
||||
'description' => $value['description'] ?? null,
|
||||
'null' => $value['null'] ?? null,
|
||||
'test' => $value['test'] ?? null,
|
||||
'bigField' => $value['bigField'] ?? false,
|
||||
'cli_only' => $value['cli_only'] ?? false,
|
||||
'redacted' => $value['redacted'] ?? false
|
||||
];
|
||||
} else if (is_string($key)) {
|
||||
$moduleSettings[] = [
|
||||
|
@ -402,4 +397,27 @@ class Module extends AppModel
|
|||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $user
|
||||
* @param string $moduleFamily
|
||||
* @param array $module
|
||||
* @return bool
|
||||
*/
|
||||
public function canUse(array $user, $moduleFamily, array $module)
|
||||
{
|
||||
if ($user['Role']['perm_site_admin']) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$config = Configure::read('Plugin.' . $moduleFamily . '_' . $module['name'] . '_restrict');
|
||||
if (empty($config)) {
|
||||
return true;
|
||||
}
|
||||
if ($config == $user['org_id']) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue