mirror of https://github.com/MISP/MISP
new: [security] Check org list when accessing distribution graph
parent
800da386ff
commit
bf27358584
|
@ -1,12 +1,15 @@
|
|||
<?php
|
||||
class DistributionGraphTool
|
||||
{
|
||||
private $__user = false;
|
||||
/** @var array */
|
||||
private $__user;
|
||||
private $__json = array();
|
||||
/** @var Event */
|
||||
private $__eventModel;
|
||||
/** @var Organisation */
|
||||
private $__organisationModel;
|
||||
/** @var array */
|
||||
private $__serverList;
|
||||
|
||||
public function construct(Event $eventModel, array $servers, array $user, $extended_view=0)
|
||||
{
|
||||
|
@ -76,27 +79,27 @@ class DistributionGraphTool
|
|||
$this->__addAdditionalDistributionInfo(3, "All other communities"); // add current community
|
||||
|
||||
// connected
|
||||
$servers = $this->__serverList;
|
||||
$this->__addAdditionalDistributionInfo(2, "This community"); // add current community
|
||||
foreach ($servers as $server) {
|
||||
foreach ($this->__serverList as $server) {
|
||||
$this->__addAdditionalDistributionInfo(2, $server);
|
||||
}
|
||||
|
||||
// community
|
||||
$orgConditions = $this->__organisationModel->createConditions($this->__user);
|
||||
$orgConditions['local'] = true;
|
||||
$orgs = $this->__organisationModel->find('list', array(
|
||||
'fields' => array('name'),
|
||||
'conditions' => array('local' => true)
|
||||
'fields' => ['id', 'name'],
|
||||
'conditions' => $orgConditions,
|
||||
));
|
||||
$thisOrg = $this->__user['Organisation']['name'];
|
||||
$this->__addAdditionalDistributionInfo(1, $thisOrg); // add current community
|
||||
foreach ($orgs as $org) {
|
||||
if ($thisOrg != $org) {
|
||||
$this->__addAdditionalDistributionInfo(1, $org);
|
||||
foreach ($orgs as $orgId => $orgName) {
|
||||
if ($thisOrg != $orgName) {
|
||||
$this->__addAdditionalDistributionInfo(1, $orgName);
|
||||
}
|
||||
}
|
||||
|
||||
// org only
|
||||
$thisOrg = $this->__user['Organisation']['name'];
|
||||
$this->__addAdditionalDistributionInfo(0, $thisOrg); // add current community
|
||||
}
|
||||
|
||||
|
|
|
@ -486,6 +486,7 @@ class Organisation extends AppModel
|
|||
/**
|
||||
* Hide organisation view from users if they haven't yet contributed data and Security.hide_organisation_index_from_users is enabled
|
||||
*
|
||||
* @see Organisation::canSee if you want to check multiple orgs
|
||||
* @param array $user
|
||||
* @param int $orgId
|
||||
* @return bool
|
||||
|
@ -521,6 +522,42 @@ class Organisation extends AppModel
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create conditions for fetching orgs based on user permission.
|
||||
* @see Organisation::canSee if you want to check just one org
|
||||
* @param array $user
|
||||
* @return array|array[]
|
||||
*/
|
||||
public function createConditions(array $user)
|
||||
{
|
||||
if (!$user['Role']['perm_sharing_group'] && Configure::read('Security.hide_organisation_index_from_users')) {
|
||||
$allowedOrgs = [$user['org_id']];
|
||||
|
||||
$eventConditions = $this->Event->createEventConditions($user);
|
||||
$orgsWithEvent = array_column(array_column($this->Event->find('all', [
|
||||
'fields' => ['DISTINCT Event.orgc_id'],
|
||||
'recursive' => -1,
|
||||
'conditions' => $eventConditions,
|
||||
]), 'Event'), 'orgc_id');
|
||||
$allowedOrgs = array_merge($allowedOrgs, $orgsWithEvent);
|
||||
|
||||
$proposalConditions = $this->Event->ShadowAttribute->buildConditions($user);
|
||||
// Do not check orgs that we already can see
|
||||
$proposalConditions['AND'][]['NOT'] = ['ShadowAttribute.org_id' => $allowedOrgs];
|
||||
$orgsWithProposal = array_column(array_column($this->Event->ShadowAttribute->find('all', [
|
||||
'fields' => ['DISTINCT ShadowAttribute.org_id'],
|
||||
'recursive' => -1,
|
||||
'conditions' => $proposalConditions,
|
||||
'contain' => ['Event', 'Attribute'],
|
||||
]), 'ShadowAttribute'), 'org_id');
|
||||
|
||||
$allowedOrgs = array_merge($allowedOrgs, $orgsWithProposal);
|
||||
return ['AND' => ['id' => $allowedOrgs]];
|
||||
}
|
||||
|
||||
return [];
|
||||
}
|
||||
|
||||
private function getCountryGalaxyCluster()
|
||||
{
|
||||
static $list;
|
||||
|
|
Loading…
Reference in New Issue