From 7cd21755dd512c15575c1a1ce824b896fe2bed69 Mon Sep 17 00:00:00 2001 From: mokaddem Date: Fri, 17 Apr 2020 11:22:15 +0200 Subject: [PATCH 01/10] fix: [event:fetchEvent] Block viewing the event if user does not belong to the sharing_group Even if the event belongs to the user. This scenario can happen if a remote sync is badly configured where the remote sync user have site_admin right, thus allowing the user to see the event even though he is not part of the SG --- app/Model/Event.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/app/Model/Event.php b/app/Model/Event.php index c1cddda5a..c962886d3 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -2150,6 +2150,22 @@ class Event extends AppModel 'Object' => array('name', 'meta-category') ); foreach ($results as $eventKey => &$event) { + if ($event['Event']['distribution'] == 4 && !in_array($event['Event']['sharing_group_id'], $sgids)) { + $this->Log = ClassRegistry::init('Log'); + $this->Log->create(); + $this->Log->save(array( + 'org' => $user['Organisation']['name'], + 'model' => 'Event', + 'model_id' => $event['Event']['id'], + 'email' => $user['email'], + 'action' => 'fetchEvent', + 'user_id' => $user['id'], + 'title' => 'User was able to fetch the event but not the sharing_group it belongs to', + 'change' => '' + )); + unset($results[$eventKey]); // Current user cannot access sharing_group associated to this event + continue; + } $this->__attachReferences($user, $event, $sgids, $fields); $event = $this->Orgc->attachOrgsToEvent($event, $fieldsOrg); if (!$options['sgReferenceOnly'] && $event['Event']['sharing_group_id']) { From c9481b23140d5f2ef3460e02574dae233493aacb Mon Sep 17 00:00:00 2001 From: mokaddem Date: Fri, 17 Apr 2020 11:26:22 +0200 Subject: [PATCH 02/10] fix: [event:fetchEvent] Block viewing Objects/Attributes if the user does not belong to the sharing_group Even if these elements belong to the user. Similar explanation than for 7cd2175 --- app/Model/Event.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/Model/Event.php b/app/Model/Event.php index c962886d3..93e008f8d 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -2464,7 +2464,11 @@ class Event extends AppModel } foreach ($data as $k => $v) { if ($v['distribution'] == 4) { - $data[$k]['SharingGroup'] = $sharingGroupData[$v['sharing_group_id']]['SharingGroup']; + if (isset($sharingGroupData[$v['sharing_group_id']])) { + $data[$k]['SharingGroup'] = $sharingGroupData[$v['sharing_group_id']]['SharingGroup']; + } else { + unset($data[$k]); // current user could not fetch the sharing_group + } } } return $data; From 3547a8a888c899f43c8ce7c603119787db511f03 Mon Sep 17 00:00:00 2001 From: mokaddem Date: Fri, 17 Apr 2020 11:29:09 +0200 Subject: [PATCH 03/10] fix: [correlations] Update correlations on Attribute or Event `distribution` change --- app/Model/Attribute.php | 6 ++++-- app/Model/Event.php | 6 ++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 6f6b5e982..74972365c 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -698,7 +698,7 @@ class Attribute extends AppModel * Only recorrelate if: * - We are dealing with a new attribute OR * - The existing attribute's previous state is known AND - * value, type or disable correlation have changed + * value, type, disable correlation or distribution have changed * This will avoid recorrelations when it's not really needed, such as adding a tag */ if (!$created) { @@ -706,7 +706,9 @@ class Attribute extends AppModel empty($this->old) || $this->data['Attribute']['value'] != $this->old['Attribute']['value'] || $this->data['Attribute']['disable_correlation'] != $this->old['Attribute']['disable_correlation'] || - $this->data['Attribute']['type'] != $this->old['Attribute']['type'] + $this->data['Attribute']['type'] != $this->old['Attribute']['type'] || + $this->data['Attribute']['distribution'] != $this->old['Attribute']['distribution'] || + $this->data['Attribute']['sharing_group_id'] != $this->old['Attribute']['sharing_group_id'] ) { $this->__beforeSaveCorrelation($this->data['Attribute']); $this->__afterSaveCorrelation($this->data['Attribute'], false, $passedEvent); diff --git a/app/Model/Event.php b/app/Model/Event.php index 93e008f8d..8fe3d4cfe 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -641,6 +641,12 @@ class Event extends AppModel if (isset($this->data['Event']['info'])) { $this->Correlation->updateAll(array('Correlation.info' => $db->value($this->data['Event']['info'])), array('Correlation.event_id' => intval($this->data['Event']['id']))); } + if (isset($this->data['Event']['distribution'])) { + $this->Correlation->updateAll(array('Correlation.distribution' => $db->value($this->data['Event']['distribution'])), array('Correlation.event_id' => intval($this->data['Event']['id']))); + } + if (isset($this->data['Event']['sharing_group_id'])) { + $this->Correlation->updateAll(array('Correlation.sharing_group_id' => $db->value($this->data['Event']['sharing_group_id'])), array('Correlation.event_id' => intval($this->data['Event']['id']))); + } } if (empty($this->data['Event']['unpublishAction']) && empty($this->data['Event']['skip_zmq']) && Configure::read('Plugin.ZeroMQ_enable') && Configure::read('Plugin.ZeroMQ_event_notifications_enable')) { $pubSubTool = $this->getPubSubTool(); From 549028c7af7fcacf1f6d5113583155ab02a45eed Mon Sep 17 00:00:00 2001 From: mokaddem Date: Fri, 17 Apr 2020 14:59:25 +0200 Subject: [PATCH 04/10] fix: [event:view] Restored disabled_correlation toggle --- app/View/Events/view.ctp | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/app/View/Events/view.ctp b/app/View/Events/view.ctp index baee82ee6..cc35bd3f0 100644 --- a/app/View/Events/view.ctp +++ b/app/View/Events/view.ctp @@ -301,27 +301,27 @@ ) ) ); - if (!Configure::read('MISP.completely_disable_correlation') && Configure::read('MISP.allow_disabling_correlation')) { - $table_data[] = array( - 'key' => __('Correlation'), - 'class' => $event['Event']['disable_correlation'] ? 'background-red bold' : '', - 'html' => sprintf( - '%s%s', - $event['Event']['disable_correlation'] ? __('Disabled') : __('Enabled'), - (!$mayModify && !$isSiteAdmin) ? '' : sprintf( + } + if (!Configure::read('MISP.completely_disable_correlation') && Configure::read('MISP.allow_disabling_correlation')) { + $table_data[] = array( + 'key' => __('Correlation'), + 'class' => $event['Event']['disable_correlation'] ? 'background-red bold' : '', + 'html' => sprintf( + '%s%s', + $event['Event']['disable_correlation'] ? __('Disabled') : __('Enabled'), + (!$mayModify && !$isSiteAdmin) ? '' : sprintf( + sprintf( + ' (%s)', sprintf( - ' (%s)', - sprintf( - "'%s', 'events', 'toggleCorrelation', '', '#confirmation_box'", - h($event['Event']['id']) - ), - $event['Event']['disable_correlation'] ? 'color:white;' : '', - $event['Event']['disable_correlation'] ? __('enable') : __('disable') - ) + "'%s', 'events', 'toggleCorrelation', '', '#confirmation_box'", + h($event['Event']['id']) + ), + $event['Event']['disable_correlation'] ? 'color:white;' : '', + $event['Event']['disable_correlation'] ? __('enable') : __('disable') ) ) - ); - } + ) + ); } ?> From e9dc28fda7292fd49113e6b027f2fd3b88f81222 Mon Sep 17 00:00:00 2001 From: mokaddem Date: Mon, 20 Apr 2020 08:51:01 +0200 Subject: [PATCH 05/10] chg: [sharingGroup:capture] Prevent capture of SG in some specific cases - Need more testing Should fix #5784 --- app/Model/Event.php | 81 +++++++++++++++++++++----------------- app/Model/SharingGroup.php | 21 +++++++++- 2 files changed, 65 insertions(+), 37 deletions(-) diff --git a/app/Model/Event.php b/app/Model/Event.php index 8fe3d4cfe..d5ad62957 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -3263,10 +3263,10 @@ class Event extends AppModel return array($bodyevent, $body); } - private function __captureSGForElement($element, $user) + private function __captureSGForElement($element, $user, $syncLocal=false) { if (isset($element['SharingGroup'])) { - $sg = $this->SharingGroup->captureSG($element['SharingGroup'], $user); + $sg = $this->SharingGroup->captureSG($element['SharingGroup'], $user, $syncLocal); unset($element['SharingGroup']); } elseif (isset($element['sharing_group_id'])) { $sg = $this->SharingGroup->checkIfAuthorised($user, $element['sharing_group_id']) ? $element['sharing_group_id'] : false; @@ -3283,17 +3283,17 @@ class Event extends AppModel // When we receive an event via REST, we might end up with organisations, sharing groups, tags that we do not know // or which we need to update. All of that is controlled in this method. - private function __captureObjects($data, $user) + private function __captureObjects($data, $user, $syncLocal=false) { // First we need to check whether the event or any attributes are tied to a sharing group and whether the user is even allowed to create the sharing group / is part of it if (isset($data['Event']['distribution']) && $data['Event']['distribution'] == 4) { - $data['Event'] = $this->__captureSGForElement($data['Event'], $user); + $data['Event'] = $this->__captureSGForElement($data['Event'], $user, $syncLocal); } if (!empty($data['Event']['Attribute'])) { foreach ($data['Event']['Attribute'] as $k => $a) { unset($data['Event']['Attribute']['id']); if (isset($a['distribution']) && $a['distribution'] == 4) { - $data['Event']['Attribute'][$k] = $this->__captureSGForElement($a, $user); + $data['Event']['Attribute'][$k] = $this->__captureSGForElement($a, $user, $syncLocal); if ($data['Event']['Attribute'][$k] === false) { unset($data['Event']['Attribute']); } @@ -3303,7 +3303,7 @@ class Event extends AppModel if (!empty($data['Event']['Object'])) { foreach ($data['Event']['Object'] as $k => $o) { if (isset($o['distribution']) && $o['distribution'] == 4) { - $data['Event']['Object'][$k] = $this->__captureSGForElement($o, $user); + $data['Event']['Object'][$k] = $this->__captureSGForElement($o, $user, $syncLocal); if ($data['Event']['Object'][$k] === false) { unset($data['Event']['Object'][$k]); continue; @@ -3311,7 +3311,7 @@ class Event extends AppModel } foreach ($o['Attribute'] as $k2 => $a) { if (isset($a['distribution']) && $a['distribution'] == 4) { - $data['Event']['Object'][$k]['Attribute'][$k2] = $this->__captureSGForElement($a, $user); + $data['Event']['Object'][$k]['Attribute'][$k2] = $this->__captureSGForElement($a, $user, $syncLocal); if ($data['Event']['Object'][$k]['Attribute'][$k2] === false) { unset($data['Event']['Object'][$k]['Attribute'][$k2]); } @@ -3479,6 +3479,24 @@ class Event extends AppModel return 'blocked'; } } + if ($passAlong) { + $this->Server = ClassRegistry::init('Server'); + $server = $this->Server->find('first', array( + 'conditions' => array( + 'Server.id' => $passAlong + ), + 'recursive' => -1, + 'fields' => array( + 'Server.name', + 'Server.id', + 'Server.unpublish_event', + 'Server.publish_without_email', + 'Server.internal' + ) + )); + } else { + $server['Server']['internal'] = false; + } if ($fromXml) { // Workaround for different structure in XML/array than what CakePHP expects $data = $this->cleanupEventArrayFromXML($data); @@ -3505,7 +3523,7 @@ class Event extends AppModel return $existingEvent['Event']['id']; } else { if ($fromXml) { - $data = $this->__captureObjects($data, $user); + $data = $this->__captureObjects($data, $user, $server['Server']['internal']); } if ($data === false) { $failedCapture = true; @@ -3513,7 +3531,7 @@ class Event extends AppModel } } else { if ($fromXml) { - $data = $this->__captureObjects($data, $user); + $data = $this->__captureObjects($data, $user, $server['Server']['internal']); } if ($data === false) { $failedCapture = true; @@ -3574,19 +3592,6 @@ class Event extends AppModel $this->Log = ClassRegistry::init('Log'); if ($saveResult) { if ($passAlong) { - $this->Server = ClassRegistry::init('Server'); - $server = $this->Server->find('first', array( - 'conditions' => array( - 'Server.id' => $passAlong - ), - 'recursive' => -1, - 'fields' => array( - 'Server.name', - 'Server.id', - 'Server.unpublish_event', - 'Server.publish_without_email' - ) - )); if ($server['Server']['publish_without_email'] == 0) { $st = "enabled"; } else { @@ -3729,6 +3734,23 @@ class Event extends AppModel } else { $existingEvent = $this->findById($id); } + if ($passAlong) { + $this->Server = ClassRegistry::init('Server'); + $server = $this->Server->find('first', array( + 'conditions' => array( + 'Server.id' => $passAlong + ), + 'recursive' => -1, + 'fields' => array( + 'Server.name', + 'Server.id', + 'Server.unpublish_event', + 'Server.publish_without_email' + ) + )); + } else { + $server['Server']['internal'] = false; + } // If the event exists... $dateObj = new DateTime(); $date = $dateObj->getTimestamp(); @@ -3751,7 +3773,7 @@ class Event extends AppModel return(array('error' => 'Event could not be saved: Invalid sharing group or you don\'t have access to that sharing group.')); } } else { - $data['Event']['sharing_group_id'] = $this->SharingGroup->captureSG($data['Event']['SharingGroup'], $user); + $data['Event']['sharing_group_id'] = $this->SharingGroup->captureSG($data['Event']['SharingGroup'], $user, $server['Server']['internal']); unset($data['Event']['SharingGroup']); if ($data['Event']['sharing_group_id'] === false) { return (array('error' => 'Event could not be saved: User not authorised to create the associated sharing group.')); @@ -3872,19 +3894,6 @@ class Event extends AppModel if ((!empty($data['Event']['published']) && 1 == $data['Event']['published'])) { // The edited event is from a remote server ? if ($passAlong) { - $this->Server = ClassRegistry::init('Server'); - $server = $this->Server->find('first', array( - 'conditions' => array( - 'Server.id' => $passAlong - ), - 'recursive' => -1, - 'fields' => array( - 'Server.name', - 'Server.id', - 'Server.unpublish_event', - 'Server.publish_without_email' - ) - )); if ($server['Server']['publish_without_email'] == 0) { $st = "enabled"; } else { diff --git a/app/Model/SharingGroup.php b/app/Model/SharingGroup.php index 89c51a1aa..2e15f5182 100644 --- a/app/Model/SharingGroup.php +++ b/app/Model/SharingGroup.php @@ -485,7 +485,7 @@ class SharingGroup extends AppModel return $results; } - public function captureSG($sg, $user) + public function captureSG($sg, $user, $syncLocal=false) { $existingSG = !isset($sg['uuid']) ? null : $this->find('first', array( 'recursive' => -1, @@ -501,6 +501,25 @@ class SharingGroup extends AppModel if (!$user['Role']['perm_sharing_group']) { return false; } + // check if current user is contained in the SG and we are in a local sync setup + $authorizedToSave = $this->checkIfAuthorisedToSave($user, $sg); + if (!$user['Role']['perm_site_admin'] && + !($user['Role']['perm_sync'] && $syncLocal ) && + !$authorizedToSave + ) { + $this->Log->create(); + $entry = array( + 'org' => $user['Organisation']['name'], + 'model' => 'SharingGroup', + 'model_id' => $sg['SharingGroup']['uuid'], + 'email' => $user['email'], + 'action' => 'error', + 'user_id' => $user['id'], + 'title' => 'Tried to save a sharing group but the user does not belong to it.' + ); + $this->Log->save($entry); + return false; + } $this->create(); $newSG = array(); $attributes = array( From a99c96adcfdfbadc652a14cab392dc61638073b1 Mon Sep 17 00:00:00 2001 From: mokaddem Date: Mon, 20 Apr 2020 09:43:53 +0200 Subject: [PATCH 06/10] fix: [attribute:add] Prevent save for invalid sharing_groups ids --- app/Controller/AttributesController.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index 80006607d..13d89201e 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -148,6 +148,12 @@ class AttributesController extends AppController if (!isset($this->request->data['Attribute'])) { $this->request->data = array('Attribute' => $this->request->data); } + if ($this->request->data['Attribute']['distribution'] == 4) { + $sg = $this->Event->SharingGroup->fetchAllAuthorised($this->Auth->user(), 'name', 1, $this->request->data['Attribute']['sharing_group_id']); + if (empty($sg)) { + throw new MethodNotAllowedException(__('Invalid Sharing Group or not authorised.')); + } + } // // multiple attributes in batch import // From f29474325d6e2d94302373474662dab0d9ce444c Mon Sep 17 00:00:00 2001 From: mokaddem Date: Mon, 20 Apr 2020 09:49:12 +0200 Subject: [PATCH 07/10] fix: [attribute:edit] Prevent save for invalid sharing_groups ids --- app/Controller/AttributesController.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php index 13d89201e..95766179a 100644 --- a/app/Controller/AttributesController.php +++ b/app/Controller/AttributesController.php @@ -858,6 +858,12 @@ class AttributesController extends AppController if (!isset($this->request->data['Attribute'])) { $this->request->data = array('Attribute' => $this->request->data); } + if ($this->request->data['Attribute']['distribution'] == 4) { + $sg = $this->Attribute->Event->SharingGroup->fetchAllAuthorised($this->Auth->user(), 'name', 1, $this->request->data['Attribute']['sharing_group_id']); + if (empty($sg)) { + throw new MethodNotAllowedException(__('Invalid Sharing Group or not authorised.')); + } + } $existingAttribute = $this->Attribute->findByUuid($this->Attribute->data['Attribute']['uuid']); // check if the attribute has a timestamp already set (from a previous instance that is trying to edit via synchronisation) // check which attribute is newer From 4ac89bec8650dfbbabe85f32c0094b33943ce602 Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Thu, 30 Apr 2020 14:56:06 +0900 Subject: [PATCH 08/10] fix: [installer] Bug where the wrong php deps would get installed --- INSTALL/INSTALL.tpl.sh | 8 ++++---- docs/generic/supportFunctions.md | 10 +++++++++- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/INSTALL/INSTALL.tpl.sh b/INSTALL/INSTALL.tpl.sh index d10970406..3c5132e49 100755 --- a/INSTALL/INSTALL.tpl.sh +++ b/INSTALL/INSTALL.tpl.sh @@ -278,16 +278,16 @@ installSupported () { if [[ "$1" =~ ^PHP= ]]; then PHP_VER=$(echo $1 |cut -f2 -d=) - if [[ "$PHP_VER" == "7.2" ]]; then + if [[ "$PHP_VER" == 7.2 ]]; then # Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md') [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72 - elif [[ "$PHP_VER" == "7.3" ]]; then + elif [[ "$PHP_VER" == 7.3 ]]; then # Install PHP 7.4 Dependencies - functionLocation('INSTALL.ubuntu2004.md') [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp74 - elif [[ "$PHP_VER" == "7.4" ]]; then + elif [[ "$PHP_VER" == 7.4 ]]; then # Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md') [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp73 - elif [[ "$PHP_VER" == "7.0" ]]; then + elif [[ "$PHP_VER" == 7.0 ]]; then # Install PHP 7.0 Dependencies - functionLocation('generic/supportFunctions.md') [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp70 fi diff --git a/docs/generic/supportFunctions.md b/docs/generic/supportFunctions.md index 2d8766fe9..a88afd4a2 100644 --- a/docs/generic/supportFunctions.md +++ b/docs/generic/supportFunctions.md @@ -541,12 +541,20 @@ setBaseURL () { MISP_BASEURL="https://misp.local" # Webserver configuration FQDN='misp.local' - else + elif [[ "$(checkManufacturer)" == "innotek GmbH" ]]; then MISP_BASEURL='https://localhost:8443' IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1) sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443 # Webserver configuration FQDN='localhost.localdomain' + elif [[ "$(checkManufacturer)" == "VMware, Inc." ]]; then + MISP_BASEURL='""' + # Webserver configuration + FQDN='misp.local' + else + MISP_BASEURL='""' + # Webserver configuration + FQDN='misp.local' fi } From adadaba0646a7425035601cb744d7572d95c58aa Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Thu, 30 Apr 2020 15:20:30 +0900 Subject: [PATCH 09/10] chg: [installer] Version bump --- INSTALL/INSTALL.sh | 18 +++++++++++++----- INSTALL/INSTALL.sh.sfv | 6 +++--- INSTALL/INSTALL.sh.sha1 | 2 +- INSTALL/INSTALL.sh.sha256 | 2 +- INSTALL/INSTALL.sh.sha384 | 2 +- INSTALL/INSTALL.sh.sha512 | 2 +- 6 files changed, 20 insertions(+), 12 deletions(-) diff --git a/INSTALL/INSTALL.sh b/INSTALL/INSTALL.sh index 13e26bd45..d497e26cf 100755 --- a/INSTALL/INSTALL.sh +++ b/INSTALL/INSTALL.sh @@ -702,12 +702,20 @@ setBaseURL () { MISP_BASEURL="https://misp.local" # Webserver configuration FQDN='misp.local' - else + elif [[ "$(checkManufacturer)" == "innotek GmbH" ]]; then MISP_BASEURL='https://localhost:8443' IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1) sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443 # Webserver configuration FQDN='localhost.localdomain' + elif [[ "$(checkManufacturer)" == "VMware, Inc." ]]; then + MISP_BASEURL='""' + # Webserver configuration + FQDN='misp.local' + else + MISP_BASEURL='""' + # Webserver configuration + FQDN='misp.local' fi } @@ -2652,16 +2660,16 @@ installSupported () { if [[ "$1" =~ ^PHP= ]]; then PHP_VER=$(echo $1 |cut -f2 -d=) - if [[ "$PHP_VER" == "7.2" ]]; then + if [[ "$PHP_VER" == 7.2 ]]; then # Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md') [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72 - elif [[ "$PHP_VER" == "7.3" ]]; then + elif [[ "$PHP_VER" == 7.3 ]]; then # Install PHP 7.4 Dependencies - functionLocation('INSTALL.ubuntu2004.md') [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp74 - elif [[ "$PHP_VER" == "7.4" ]]; then + elif [[ "$PHP_VER" == 7.4 ]]; then # Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md') [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp73 - elif [[ "$PHP_VER" == "7.0" ]]; then + elif [[ "$PHP_VER" == 7.0 ]]; then # Install PHP 7.0 Dependencies - functionLocation('generic/supportFunctions.md') [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp70 fi diff --git a/INSTALL/INSTALL.sh.sfv b/INSTALL/INSTALL.sh.sfv index c5212a214..a8bdaeace 100644 --- a/INSTALL/INSTALL.sh.sfv +++ b/INSTALL/INSTALL.sh.sfv @@ -1,5 +1,5 @@ -; Generated by RHash v1.3.8 on 2020-04-30 at 13:42.00 +; Generated by RHash v1.3.8 on 2020-04-30 at 15:20.13 ; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/ ; -; 130750 13:42.00 2020-04-30 INSTALL.sh -INSTALL.sh 5B66DBA7E71771AA95A12413E661E00688C03610 18F6997170191327CD2B9E40C1C0120E48EC425D533C4624EB050594B99833CE 6C1DB0EEEE105E73F1125905FD48D057C15DC05794C8ABD2EC24DD31270423B8580992B5EFBBF0E1CDD54228A6899F39 BD545DB6BC3B746A99E2CB738D178C1812EB5AFB9E8D53A172AF282E225CC2644A4AD1A84277FDCCD2C53C3F1FC0EF04758E25226AC1960470D0A4565E21CAB1 +; 131010 15:20.13 2020-04-30 INSTALL.sh +INSTALL.sh 660E0D51D88B57CE5BE725117482207E39371038 DCF69118CD37B43C308FD25E6BADAF03549BAF0FFA2AC11A1E919005D700F4AC 74E03A8054AF2E4BCB90426A3B813F57BF032734AB7B4E9D4F6F96961D7371FB051180BEE8357642EB9CC58603C13DA3 C4D1D02980808A92E8E11C72A49AA354DDEFA71C6E85FAC739645CEDEB4B36415243F7FB4B8BC75B6AE7B5D9660E0F88A35E884EBD51EA107128B0D7FB20C946 diff --git a/INSTALL/INSTALL.sh.sha1 b/INSTALL/INSTALL.sh.sha1 index 6ed16a3ad..46b782d89 100644 --- a/INSTALL/INSTALL.sh.sha1 +++ b/INSTALL/INSTALL.sh.sha1 @@ -1 +1 @@ -5b66dba7e71771aa95a12413e661e00688c03610 INSTALL.sh +660e0d51d88b57ce5be725117482207e39371038 INSTALL.sh diff --git a/INSTALL/INSTALL.sh.sha256 b/INSTALL/INSTALL.sh.sha256 index bad463300..8da70f5ba 100644 --- a/INSTALL/INSTALL.sh.sha256 +++ b/INSTALL/INSTALL.sh.sha256 @@ -1 +1 @@ -18f6997170191327cd2b9e40c1c0120e48ec425d533c4624eb050594b99833ce INSTALL.sh +dcf69118cd37b43c308fd25e6badaf03549baf0ffa2ac11a1e919005d700f4ac INSTALL.sh diff --git a/INSTALL/INSTALL.sh.sha384 b/INSTALL/INSTALL.sh.sha384 index ac1e9d9ad..7fb05a8a5 100644 --- a/INSTALL/INSTALL.sh.sha384 +++ b/INSTALL/INSTALL.sh.sha384 @@ -1 +1 @@ -6c1db0eeee105e73f1125905fd48d057c15dc05794c8abd2ec24dd31270423b8580992b5efbbf0e1cdd54228a6899f39 INSTALL.sh +74e03a8054af2e4bcb90426a3b813f57bf032734ab7b4e9d4f6f96961d7371fb051180bee8357642eb9cc58603c13da3 INSTALL.sh diff --git a/INSTALL/INSTALL.sh.sha512 b/INSTALL/INSTALL.sh.sha512 index 540ccf94a..15701f93f 100644 --- a/INSTALL/INSTALL.sh.sha512 +++ b/INSTALL/INSTALL.sh.sha512 @@ -1 +1 @@ -bd545db6bc3b746a99e2cb738d178c1812eb5afb9e8d53a172af282e225cc2644a4ad1a84277fdccd2c53c3f1fc0ef04758e25226ac1960470d0a4565e21cab1 INSTALL.sh +c4d1d02980808a92e8e11c72a49aa354ddefa71c6e85fac739645cedeb4b36415243f7fb4b8bc75b6ae7b5d9660e0f88a35e884ebd51ea107128b0d7fb20c946 INSTALL.sh From 4e0ef6f28ea4db42bc57be1afc9bf62bba8f5356 Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 30 Apr 2020 08:29:17 +0200 Subject: [PATCH 10/10] new: [internal] cache the sharing group access lookups - should reduce the number of queries drastically for events heavy on object/attribute level sharing groups --- app/Model/SharingGroup.php | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/app/Model/SharingGroup.php b/app/Model/SharingGroup.php index 2e15f5182..ba9605411 100644 --- a/app/Model/SharingGroup.php +++ b/app/Model/SharingGroup.php @@ -54,6 +54,10 @@ class SharingGroup extends AppModel ); private $__sgoCache = array(); + private $__sgAuthorisationCache = array( + 'save' => array(), + 'access' => array() + ); public function beforeValidate($options = array()) @@ -353,6 +357,9 @@ class SharingGroup extends AppModel // returns true if the SG exists and the user is allowed to see it public function checkIfAuthorised($user, $id, $adminCheck = true) { + if (isset($this->__sgAuthorisationCache['access'][boolval($adminCheck)][$id])) { + return $this->__sgAuthorisationCache['access'][boolval($adminCheck)][$id]; + } if (Validation::uuid($id)) { $sgid = $this->SharingGroup->find('first', array( 'conditions' => array('SharingGroup.uuid' => $id), @@ -372,8 +379,10 @@ class SharingGroup extends AppModel return false; } if (($adminCheck && $user['Role']['perm_site_admin']) || $this->SharingGroupServer->checkIfAuthorised($id) || $this->SharingGroupOrg->checkIfAuthorised($id, $user['org_id'])) { + $this->__sgAuthorisationCache['access'][boolval($adminCheck)][$id] = true; return true; } + $this->__sgAuthorisationCache['access'][boolval($adminCheck)][$id] = false; return false; } @@ -502,10 +511,19 @@ class SharingGroup extends AppModel return false; } // check if current user is contained in the SG and we are in a local sync setup - $authorizedToSave = $this->checkIfAuthorisedToSave($user, $sg); + if (!empty($sg['uuid'])) { + if (isset($this->__sgAuthorisationCache['save'][boolval($syncLocal)][$sg['uuid']])) { + $authorisedToSave = $this->__sgAuthorisationCache['save'][boolval($syncLocal)][$sg['uuid']]; + } else { + $authorisedToSave = $this->checkIfAuthorisedToSave($user, $sg); + $this->__sgAuthorisationCache['save'][boolval($syncLocal)][$sg['uuid']] = $authorisedToSave; + } + } else { + $authorisedToSave = $this->checkIfAuthorisedToSave($user, $sg); + } if (!$user['Role']['perm_site_admin'] && !($user['Role']['perm_sync'] && $syncLocal ) && - !$authorizedToSave + !$authorisedToSave ) { $this->Log->create(); $entry = array(