mirror of https://github.com/MISP/MISP
First steps
parent
176ad85b88
commit
c834715aae
|
@ -76,11 +76,10 @@ class AppController extends Controller {
|
|||
'Security'
|
||||
);
|
||||
|
||||
public $mispVersion = '2.4.0';
|
||||
|
||||
public function beforeFilter() {
|
||||
$versionArray = $this->{$this->modelClass}->checkMISPVersion();
|
||||
$this->mispVersionFull = implode('.', array_values($versionArray));
|
||||
$this->mispVersion = implode('.', array_values($versionArray));
|
||||
$this->Security->blackHoleCallback = 'blackHole';
|
||||
|
||||
// Let us access $baseurl from all views
|
||||
|
@ -240,7 +239,6 @@ class AppController extends Controller {
|
|||
if ($this->Auth->user()) {
|
||||
//$this->_refreshAuth();
|
||||
$this->set('mispVersion', $this->mispVersion);
|
||||
$this->set('mispVersionFull', $this->mispVersionFull);
|
||||
$role = $this->getActions();
|
||||
$this->set('me', $this->Auth->user());
|
||||
$this->set('isAdmin', $role['perm_admin']);
|
||||
|
@ -527,4 +525,8 @@ class AppController extends Controller {
|
|||
$this->redirect(array('controller' => 'pages', 'action' => 'display', 'administration'));
|
||||
}
|
||||
}
|
||||
|
||||
public function test() {
|
||||
$this->{$this->modelClass}->runUpdates();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
<?php
|
||||
App::uses('AppController', 'Controller');
|
||||
|
||||
class EventDelegationsController extends AppController {
|
||||
public $components = array('Session', 'RequestHandler');
|
||||
|
||||
public function beforeFilter() {
|
||||
parent::beforeFilter();
|
||||
}
|
||||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'order' => array(
|
||||
'EventDelegations.id' => 'DESC'
|
||||
),
|
||||
);
|
||||
|
||||
public function index() {
|
||||
}
|
||||
|
||||
public function add() {
|
||||
|
||||
}
|
||||
|
||||
public function edit($id) {
|
||||
|
||||
}
|
||||
|
||||
public function delete($id) {
|
||||
|
||||
}
|
||||
|
||||
public function delegateEvent($id) {
|
||||
debug($this->EventDelegation->find('all'));
|
||||
$event = $this->EventDelegation->Event->find('first', array(
|
||||
'conditions' => array('Event.id' => $id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('Event.id', 'Event.orgc_id', 'Event.distribution')
|
||||
));
|
||||
if (!$this->_isSiteAdmin() || $this->Auth->user('org_id') !== $event['Event']['orgc_id']) throw new MethodNotAllowedException('You are not authorised to do that.');
|
||||
if ($event['Event']['distribution'] != 0) throw new MethodNotAllowedException('Only events with the distribution setting "Your Organisation Only" can be delegated.');
|
||||
if ($this->request->is('Post')) {
|
||||
|
||||
} else {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -633,7 +633,7 @@ class UsersController extends AppController {
|
|||
'description' => 'Automatically generated admin organisation',
|
||||
'type' => 'ADMIN',
|
||||
'uuid' => $this->User->Organisation->generateUuid(),
|
||||
'local' => 1
|
||||
'local' => 1,
|
||||
));
|
||||
$this->User->Organisation->save($org);
|
||||
$org_id = $this->User->Organisation->id;
|
||||
|
|
|
@ -46,6 +46,14 @@ class AppModel extends Model {
|
|||
$this->name = get_class($this);
|
||||
}
|
||||
|
||||
public $db_changes = array(
|
||||
2 => array(
|
||||
4 => array(
|
||||
6 => 'enableEventDelegation'
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
|
||||
public function updateDatabase($command) {
|
||||
$sql = '';
|
||||
|
@ -86,31 +94,31 @@ class AppModel extends Model {
|
|||
$sqlArray[] = 'ALTER TABLE `logs` MODIFY `change` text COLLATE utf8_bin NOT NULL';
|
||||
|
||||
$sqlArray[] = "CREATE TABLE IF NOT EXISTS `taxonomies` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`namespace` varchar(255) COLLATE utf8_bin NOT NULL,
|
||||
`description` text COLLATE utf8_bin NOT NULL,
|
||||
`version` int(11) NOT NULL,
|
||||
`enabled` tinyint(1) NOT NULL DEFAULT '0',
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin ;";
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`namespace` varchar(255) COLLATE utf8_bin NOT NULL,
|
||||
`description` text COLLATE utf8_bin NOT NULL,
|
||||
`version` int(11) NOT NULL,
|
||||
`enabled` tinyint(1) NOT NULL DEFAULT '0',
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin ;";
|
||||
|
||||
$sqlArray[] = "CREATE TABLE IF NOT EXISTS `taxonomy_entries` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`taxonomy_predicate_id` int(11) NOT NULL,
|
||||
`value` text COLLATE utf8_bin NOT NULL,
|
||||
`expanded` text COLLATE utf8_bin NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `taxonomy_predicate_id` (`taxonomy_predicate_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;";
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`taxonomy_predicate_id` int(11) NOT NULL,
|
||||
`value` text COLLATE utf8_bin NOT NULL,
|
||||
`expanded` text COLLATE utf8_bin NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `taxonomy_predicate_id` (`taxonomy_predicate_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;";
|
||||
|
||||
$sqlArray[] = "CREATE TABLE IF NOT EXISTS `taxonomy_predicates` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`taxonomy_id` int(11) NOT NULL,
|
||||
`value` text COLLATE utf8_bin NOT NULL,
|
||||
`expanded` text COLLATE utf8_bin NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `taxonomy_id` (`taxonomy_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;";
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`taxonomy_id` int(11) NOT NULL,
|
||||
`value` text COLLATE utf8_bin NOT NULL,
|
||||
`expanded` text COLLATE utf8_bin NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `taxonomy_id` (`taxonomy_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;";
|
||||
|
||||
$sqlArray[] = 'ALTER TABLE `jobs` ADD `org` text COLLATE utf8_bin NOT NULL;';
|
||||
|
||||
|
@ -163,7 +171,18 @@ class AppModel extends Model {
|
|||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case 'enableEventDelegation':
|
||||
$sqlArray[] = "CREATE TABLE IF NOT EXISTS `event_delegations` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`org_id` int(11) NOT NULL,
|
||||
`event_id` int(11) NOT NULL,
|
||||
`message` text,
|
||||
`distribution` tinyint(4),
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `org_id` (`org_id`),
|
||||
KEY `event_id` (`event_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
|
||||
break;
|
||||
default:
|
||||
return false;
|
||||
break;
|
||||
|
@ -265,4 +284,11 @@ class AppModel extends Model {
|
|||
if (!empty($value[$field])) return true;
|
||||
return ucfirst($field) . ' cannot be empty.';
|
||||
}
|
||||
|
||||
public function runUpdates() {
|
||||
$adminTable = $this->query("SHOW TABLES LIKE 'administration';");
|
||||
if (empty($adminTable)) $dbVersion = '2.4.0';
|
||||
$currentVersion = explode('.', $this->mispVersion);
|
||||
$dbVersion;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1334,7 +1334,6 @@ class Attribute extends AppModel {
|
|||
|
||||
public function hids($user, $type, $tags = '', $from = false, $to = false, $last = false) {
|
||||
if (empty($user)) throw new MethodNotAllowedException('Could not read user.');
|
||||
|
||||
// check if it's a valid type
|
||||
if ($type != 'md5' && $type != 'sha1' && $type != 'sha256') {
|
||||
throw new UnauthorizedException('Invalid hash type.');
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
<?php
|
||||
App::uses('AppModel', 'Model');
|
||||
|
||||
class EventDelegation extends AppModel {
|
||||
|
||||
public $actsAs = array('Containable');
|
||||
|
||||
public $validate = array(
|
||||
'event_id' => array(
|
||||
'valueNotEmpty' => array(
|
||||
'rule' => array('valueNotEmpty'),
|
||||
),
|
||||
),
|
||||
'org_id' => array(
|
||||
'valueNotEmpty' => array(
|
||||
'rule' => array('valueNotEmpty'),
|
||||
),
|
||||
)
|
||||
);
|
||||
|
||||
public $belongsTo = array(
|
||||
'Event' => array(
|
||||
'className' => 'Event',
|
||||
),
|
||||
'Org' => array(
|
||||
'className' => 'Organisation',
|
||||
),
|
||||
);
|
||||
|
||||
public function attachTagToEvent($event_id, $tag_id) {
|
||||
$existingAssociation = $this->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array(
|
||||
'tag_id' => $tag_id,
|
||||
'event_id' => $event_id
|
||||
)
|
||||
));
|
||||
if (empty($existingAssociation)) {
|
||||
$this->create();
|
||||
if (!$this->save(array('event_id' => $event_id, 'tag_id' => $tag_id))) return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
|
@ -361,15 +361,11 @@ class User extends AppModel {
|
|||
}
|
||||
|
||||
public function getOrgs() {
|
||||
$orgs = $this->Organisation->find('all', array(
|
||||
$orgs = $this->Organisation->find('list', array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('name'),
|
||||
));
|
||||
$orgNames = array();
|
||||
foreach ($orgs as $org) {
|
||||
$orgNames[] = $org['Organisation']['name'];
|
||||
}
|
||||
return $orgNames;
|
||||
return $orgs;
|
||||
}
|
||||
|
||||
public function getOrgMemberCount($org) {
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
<div class = "footerText footerCenterText">
|
||||
<?php
|
||||
$footerText = Configure::read('MISP.footerpart1') . ' ' . Configure::read('MISP.footerpart2');
|
||||
if (isset($me['id'])) $footerText = Configure::read('MISP.footerpart1') . ' version ' . $mispVersionFull . ' ' . Configure::read('MISP.footerpart2');
|
||||
if (isset($me['id'])) $footerText = Configure::read('MISP.footerpart1') . ' version ' . $mispVersion . ' ' . Configure::read('MISP.footerpart2');
|
||||
?>
|
||||
<span> <?php echo h($footerText); ?> </span>
|
||||
</div>
|
||||
|
|
|
@ -46,6 +46,9 @@
|
|||
?>
|
||||
<li<?php echo $publishButtons; ?> class="publishButtons"><a href="#" onClick="publishPopup('<?php echo h($event['Event']['id']); ?>', 'alert')">Publish Event</a></li>
|
||||
<li<?php echo $publishButtons; ?> class="publishButtons"><a href="#" onClick="publishPopup('<?php echo h($event['Event']['id']); ?>', 'publish')">Publish (no email)</a></li>
|
||||
<?php if ($isSiteAdmin || (isset($mayModify) && $mayModify)): ?>
|
||||
<li id='lidelegateEvent'><a href="#" onClick="delegatePopup('<?php echo h($event['Event']['id']); ?>');">Delegate Publishing</a></li>
|
||||
<?php endif;?>
|
||||
|
||||
<li id='licontact'><a href="<?php echo $baseurl;?>/events/contact/<?php echo h($event['Event']['id']);?>">Contact Reporter</a></li>
|
||||
<li><a onClick="getPopup('<?php echo h($event['Event']['id']); ?>', 'events', 'exportChoice');" style="cursor:pointer;">Download as...</a></li>
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
<div class="confirmation">
|
||||
<?php
|
||||
echo $this->Form->create('Event', array('style' => 'margin:0px;', 'id' => 'PromptForm', 'url' => '/events/' . $type . '/' . $id));
|
||||
$extraTitle = "";
|
||||
if ($type == 'publish') $extraTitle = ' (no email)';
|
||||
?>
|
||||
<legend>Publish Event<?php echo $extraTitle; ?></legend>
|
||||
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
|
||||
<?php if ($type == 'alert'): ?>
|
||||
<p>Are you sure this event is complete and everyone should be informed?</p>
|
||||
<?php else: ?>
|
||||
<p>Publish but do NOT send alert email? Only for minor changes!</p>
|
||||
<?php endif; ?>
|
||||
<table>
|
||||
<tr>
|
||||
<td style="vertical-align:top">
|
||||
<span id="PromptYesButton" class="btn btn-primary" onClick="submitPublish()">Yes</span>
|
||||
</td>
|
||||
<td style="width:540px;">
|
||||
</td>
|
||||
<td style="vertical-align:top;">
|
||||
<span class="btn btn-inverse" id="PromptNoButton" onClick="cancelPrompt();">No</span>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<?php
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
Loading…
Reference in New Issue