mirror of https://github.com/MISP/MISP
parent
3cb87fcf9b
commit
cc4ef95da2
|
@ -41,7 +41,7 @@ class ObjectReferencesController extends AppController
|
|||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
'Event' => array(
|
||||
'fields' => array('Event.id', 'Event.orgc_id', 'Event.user_id')
|
||||
'fields' => array('Event.id', 'Event.orgc_id', 'Event.user_id', 'Event.extends_uuid')
|
||||
)
|
||||
)
|
||||
));
|
||||
|
@ -54,7 +54,7 @@ class ObjectReferencesController extends AppController
|
|||
if (!isset($this->request->data['ObjectReference'])) {
|
||||
$this->request->data['ObjectReference'] = $this->request->data;
|
||||
}
|
||||
list($referenced_id, $referenced_uuid, $referenced_type) = $this->ObjectReference->getReferencedInfo($this->request->data['ObjectReference']['referenced_uuid'], $object);
|
||||
list($referenced_id, $referenced_uuid, $referenced_type) = $this->ObjectReference->getReferencedInfo($this->request->data['ObjectReference']['referenced_uuid'], $object, true, $this->Auth->user());
|
||||
$relationship_type = empty($this->request->data['ObjectReference']['relationship_type']) ? '' : $this->request->data['ObjectReference']['relationship_type'];
|
||||
if (!empty($this->request->data['ObjectReference']['relationship_type_select']) && $this->request->data['ObjectReference']['relationship_type_select'] !== 'custom') {
|
||||
$relationship_type = $this->request->data['ObjectReference']['relationship_type_select'];
|
||||
|
|
|
@ -6444,7 +6444,8 @@ class Event extends AppModel
|
|||
list($referenced_id, $referenced_uuid, $referenced_type) = $this->Object->ObjectReference->getReferencedInfo(
|
||||
$reference['referenced_uuid'],
|
||||
array('Event' => array('id' => $id)),
|
||||
false
|
||||
false,
|
||||
$user
|
||||
);
|
||||
if (!$referenced_id && !$referenced_uuid && !$referenced_type) {
|
||||
continue;
|
||||
|
|
|
@ -265,7 +265,7 @@ class ObjectReference extends AppModel
|
|||
return true;
|
||||
}
|
||||
|
||||
public function getReferencedInfo($referencedUuid, $object, $strict = true)
|
||||
public function getReferencedInfo($referencedUuid, $object, $strict = true, $user=[])
|
||||
{
|
||||
$referenced_type = 1;
|
||||
$target_object = $this->Object->find('first', array(
|
||||
|
@ -277,7 +277,9 @@ class ObjectReference extends AppModel
|
|||
$referenced_id = $target_object['Object']['id'];
|
||||
$referenced_uuid = $target_object['Object']['uuid'];
|
||||
if ($target_object['Object']['event_id'] != $object['Event']['id']) {
|
||||
throw new NotFoundException('Invalid target. Target has to be within the same event.');
|
||||
if (!$this->checkIfValidExtendedEvent($object, $target_object['Object']['event_id'], $user)) {
|
||||
throw new NotFoundException('Invalid target. Target has to be within the same event.');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$target_attribute = $this->Object->Attribute->find('first', array(
|
||||
|
@ -293,7 +295,9 @@ class ObjectReference extends AppModel
|
|||
}
|
||||
}
|
||||
if ($target_attribute['Attribute']['event_id'] != $object['Event']['id']) {
|
||||
throw new NotFoundException('Invalid target. Target has to be within the same event.');
|
||||
if (!$this->checkIfValidExtendedEvent($object, $target_attribute['Attribute']['event_id'], $user)) {
|
||||
throw new NotFoundException('Invalid target. Target has to be within the same event.');
|
||||
}
|
||||
}
|
||||
$referenced_id = $target_attribute['Attribute']['id'];
|
||||
$referenced_uuid = $target_attribute['Attribute']['uuid'];
|
||||
|
@ -301,4 +305,18 @@ class ObjectReference extends AppModel
|
|||
}
|
||||
return array($referenced_id, $referenced_uuid, $referenced_type);
|
||||
}
|
||||
|
||||
function checkIfValidExtendedEvent($sourceEvent, $targetEventID, $user) {
|
||||
if ($sourceEvent['Event']['orgc_id'] != $user['org_id']) {
|
||||
return false;
|
||||
}
|
||||
$targetEventFromExtension = $this->Object->Event->find('first', [
|
||||
'conditions' => [
|
||||
'Event.uuid' => $sourceEvent['Event']['extends_uuid'],
|
||||
],
|
||||
'recursive' => -1,
|
||||
'fields' => ['id']
|
||||
]);
|
||||
return !empty($targetEventFromExtension) && $targetEventFromExtension['Event']['id'] == $targetEventID;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -707,6 +707,7 @@ class EventGraph {
|
|||
id: node.id,
|
||||
uuid: node.uuid,
|
||||
Attribute: node.Attribute,
|
||||
event_id: node.event_id,
|
||||
label: striped_value,
|
||||
title: label,
|
||||
group: group,
|
||||
|
@ -1614,16 +1615,23 @@ class MispInteraction {
|
|||
}
|
||||
|
||||
can_create_reference(id) {
|
||||
return this.nodes.get(id).group == "object";
|
||||
var node = this.nodes.get(id)
|
||||
return node.group == "object";
|
||||
}
|
||||
|
||||
can_be_referenced(id) {
|
||||
var res;
|
||||
if (this.nodes.get(id).group == "object") {
|
||||
var node = this.nodes.get(id)
|
||||
if (node.event_id != scope_id) {
|
||||
showMessage('fail', 'Cannot reference a node not belonging in this event')
|
||||
return false;
|
||||
}
|
||||
if (node.group == "object") {
|
||||
res = true;
|
||||
} else if (this.nodes.get(id).group.slice(0, 9) == "attribute") {
|
||||
} else if (node.group.slice(0, 9) == "attribute") {
|
||||
res = true;
|
||||
} else {
|
||||
showMessage('fail', 'This node cannot be referenced')
|
||||
res = false;
|
||||
}
|
||||
return res;
|
||||
|
|
Loading…
Reference in New Issue