mirror of https://github.com/MISP/MISP
new: WIP - change to model aliasing to solve the reserved class name
- Internal name is now MispObject for the model, but it is used Aliased, removing the need to do any data massaging - Added WIP edit functionpull/2489/head
parent
a5d582750e
commit
dd27f118f3
|
@ -49,7 +49,6 @@ class ObjectsController extends AppController {
|
|||
'ObjectTemplateElement'
|
||||
)
|
||||
));
|
||||
$eventId = $event['Event']['id'];
|
||||
$error = false;
|
||||
// If we have received a POST request
|
||||
if ($this->request->is('post')) {
|
||||
|
@ -111,12 +110,115 @@ class ObjectsController extends AppController {
|
|||
$this->set('distributionData', $distributionData);
|
||||
$this->set('event', $event);
|
||||
$this->set('ajax', false);
|
||||
$this->set('action', 'add');
|
||||
$this->set('template', $template);
|
||||
}
|
||||
}
|
||||
|
||||
public function edit($id) {
|
||||
if (!$this->userRole['perm_modify']) {
|
||||
throw new MethodNotAllowedException('You don\'t have permissions to create objects.');
|
||||
}
|
||||
$object = $this->MispObject->find('first', array(
|
||||
'conditions' => array('Object.id' => $id),
|
||||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
'Attribute' => array(
|
||||
'conditions' => array(
|
||||
'Attribute.deleted' => 0
|
||||
)
|
||||
)
|
||||
)
|
||||
));
|
||||
if (empty($object)) {
|
||||
throw new NotFoundException('Invalid object.');
|
||||
}
|
||||
$eventFindParams = array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('Event.id', 'Event.uuid', 'Event.orgc_id'),
|
||||
'conditions' => array('Event.id' => $object['Object']['event_id'])
|
||||
);
|
||||
|
||||
$event = $this->MispObject->Event->find('first', $eventFindParams);
|
||||
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc_id'] != $this->Auth->user('org_id'))) {
|
||||
throw new NotFoundException('Invalid object.');
|
||||
}
|
||||
$template = $this->MispObject->ObjectTemplate->find('first', array(
|
||||
'conditions' => array(
|
||||
'ObjectTemplate.uuid' => $object['Object']['template_uuid'],
|
||||
'ObjectTemplate.version' => $object['Object']['template_version'],
|
||||
),
|
||||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
'ObjectTemplateElement'
|
||||
)
|
||||
));
|
||||
$template = $this->MispObject->prepareTemplate($template);
|
||||
$enabledRows = false;
|
||||
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
if (isset($this->request->data['request'])) {
|
||||
$this->request->data = $this->request->data['request'];
|
||||
}
|
||||
if (!isset($this->request->data['Attribute'])) {
|
||||
$this->request->data = array('Attribute' => $this->request->data);
|
||||
}
|
||||
$objectToSave = $this->MispObject->attributeCleanup($this->request->data);
|
||||
$objectToSave = $this->MispObject->deltaMerge($object, $objectToSave);
|
||||
// we pre-validate the attributes before we create an object at this point
|
||||
// This allows us to stop the process and return an error (API) or return
|
||||
// to the add form
|
||||
if (empty($error)) {
|
||||
if ($this->_isRest()) {
|
||||
if (is_numeric($result)) {
|
||||
$objectToSave = $this->MispObject->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('Object.id' => $result),
|
||||
'contain' => array('Attribute')
|
||||
));
|
||||
return $this->RestResponse->viewData($objectToSave, $this->response->type());
|
||||
} else {
|
||||
return $this->RestResponse->saveFailResponse('Attributes', 'add', false, $result, $this->response->type());
|
||||
}
|
||||
} else {
|
||||
$this->Session->setFlash('Object saved.');
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $object['Object']['id']));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$enabledRows = array();
|
||||
$this->request->data['Object'] = $object['Object'];
|
||||
foreach ($template['ObjectTemplateElement'] as $k => $element) {
|
||||
foreach ($object['Attribute'] as $k2 => $attribute) {
|
||||
if ($attribute['object_relation'] == $element['in-object-name']) {
|
||||
$enabledRows[] = $k;
|
||||
$this->request->data['Attribute'][$k] = $attribute;
|
||||
if (!empty($element['values_list'])) {
|
||||
$this->request->data['Attribute'][$k]['value_select'] = $attribute['value'];
|
||||
} else {
|
||||
if (!empty($element['sane_default'])) {
|
||||
if (in_array($attribute['value'], $element['sane_default'])) {
|
||||
$this->request->data['Attribute'][$k]['value_select'] = $attribute['value'];
|
||||
} else {
|
||||
$this->request->data['Attribute'][$k]['value_select'] = 'Enter value manually';
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$this->set('enabledRows', $enabledRows);
|
||||
$distributionData = $this->MispObject->Event->Attribute->fetchDistributionData($this->Auth->user());
|
||||
$this->set('distributionData', $distributionData);
|
||||
$this->set('event', $event);
|
||||
$this->set('ajax', false);
|
||||
$this->set('template', $template);
|
||||
$this->set('action', 'edit');
|
||||
$this->set('object', $object);
|
||||
$this->render('add');
|
||||
}
|
||||
|
||||
public function delete($id) {
|
||||
|
|
|
@ -4,6 +4,9 @@ App::uses('AppModel', 'Model');
|
|||
|
||||
class MispObject extends AppModel {
|
||||
|
||||
public $name = 'Object';
|
||||
public $alias = 'Object';
|
||||
|
||||
public $useTable = 'objects';
|
||||
|
||||
public $actsAs = array(
|
||||
|
@ -47,25 +50,20 @@ class MispObject extends AppModel {
|
|||
|
||||
public function beforeValidate($options = array()) {
|
||||
parent::beforeValidate();
|
||||
if (isset($this->data['Object'])) {
|
||||
$this->data['MispObject'] = $this->data['Object'];
|
||||
unset($this->data['Object']);
|
||||
}
|
||||
|
||||
if (empty($this->data['MispObject']['comment'])) {
|
||||
$this->data['MispObject']['comment'] = "";
|
||||
if (empty($this->data['Object']['comment'])) {
|
||||
$this->data['Object']['comment'] = "";
|
||||
}
|
||||
// generate UUID if it doesn't exist
|
||||
if (empty($this->data['MispObject']['uuid'])) {
|
||||
$this->data['MispObject']['uuid'] = CakeText::uuid();
|
||||
if (empty($this->data['Object']['uuid'])) {
|
||||
$this->data['Object']['uuid'] = CakeText::uuid();
|
||||
}
|
||||
// generate timestamp if it doesn't exist
|
||||
if (empty($this->data['MispObject']['timestamp'])) {
|
||||
if (empty($this->data['Object']['timestamp'])) {
|
||||
$date = new DateTime();
|
||||
$this->data['MispObject']['timestamp'] = $date->getTimestamp();
|
||||
$this->data['Object']['timestamp'] = $date->getTimestamp();
|
||||
}
|
||||
if (!isset($this->data['MispObject']['distribution']) || $this->data['MispObject']['distribution'] != 4) $this->data['MispObject']['sharing_group_id'] = 0;
|
||||
if (!isset($this->data['MispObject']['distribution'])) $this->data['MispObject']['distribution'] = 5;
|
||||
if (!isset($this->data['Object']['distribution']) || $this->data['Object']['distribution'] != 4) $this->data['Object']['sharing_group_id'] = 0;
|
||||
if (!isset($this->data['Object']['distribution'])) $this->data['Object']['distribution'] = 5;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -79,9 +77,9 @@ class MispObject extends AppModel {
|
|||
'template_uuid' => 'uuid'
|
||||
);
|
||||
foreach ($templateFields as $k => $v) {
|
||||
$object['MispObject'][$k] = $template['ObjectTemplate'][$v];
|
||||
$object['Object'][$k] = $template['ObjectTemplate'][$v];
|
||||
}
|
||||
$object['MispObject']['event_id'] = $eventId;
|
||||
$object['Object']['event_id'] = $eventId;
|
||||
$result = false;
|
||||
if ($this->save($object)) {
|
||||
$id = $this->id;
|
||||
|
@ -323,4 +321,48 @@ class MispObject extends AppModel {
|
|||
}
|
||||
return $attributes;
|
||||
}
|
||||
|
||||
public function deltaMerge($object, $objectToSave) {
|
||||
$object['Object']['comment'] = $objectToSave['Object']['comment'];
|
||||
$object['Object']['distribution'] = $objectToSave['Object']['distribution'];
|
||||
$object['Object']['sharing_group_id'] = $objectToSave['Object']['sharing_group_id'];
|
||||
$date = new DateTime();
|
||||
$object['Object']['timestamp'] = $date->getTimestamp();
|
||||
$this->save($object);
|
||||
foreach ($objectToSave['Attribute'] as $newKey => $newAttribute) {
|
||||
foreach ($object['Attribute'] as $origKey => $originalAttribute) {
|
||||
if (!empty($newAttribute['uuid'])) {
|
||||
if ($newAttribute['uuid'] == $originalAttribute['uuid']) {
|
||||
$newAttribute['id'] = $originalAttribute['id'];
|
||||
$newAttribute['event_id'] = $object['Object']['event_id'];
|
||||
$newAttribute['object_id'] = $object['Object']['id'];
|
||||
$newAttribute['timestamp'] = $date->getTimestamp();
|
||||
$this->Event->Attribute->save($newAttribute, array(
|
||||
'category',
|
||||
'value',
|
||||
'to_ids',
|
||||
'distribution',
|
||||
'sharing_group_id',
|
||||
'comment',
|
||||
'timestamp',
|
||||
'object_id',
|
||||
'event_id'
|
||||
));
|
||||
unset($object['Attribute'][$origKey]);
|
||||
continue 2;
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->Event->Attribute->create();
|
||||
$newAttribute['event_id'] = $object['Object']['event_id'];
|
||||
$newAttribute['object_id'] = $object['Object']['id'];
|
||||
$this->Event->Attribute->save($newAttribute);
|
||||
$attributeArrays['add'][] = $newAttribute;
|
||||
unset($objectToSave['Attribute'][$newKey]);
|
||||
}
|
||||
foreach ($object['Attribute'] as $origKey => $originalAttribute) {
|
||||
$originalAttribute['deleted'] = 1;
|
||||
$this->Event->Attribute->save($originalAttribute);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
<div class="<?php if (!isset($ajax) || !$ajax) echo 'form';?>">
|
||||
<?php
|
||||
echo $this->Form->create('MispObject', array('id', 'url' => '/objects/add/' . $event['Event']['id'] . '/' . $template['ObjectTemplate']['id'], 'enctype' => 'multipart/form-data'));
|
||||
$url = ($action == 'add') ? '/objects/add/' . $event['Event']['id'] . '/' . $template['ObjectTemplate']['id'] : '/objects/edit/' . $object['Object']['id'];
|
||||
echo $this->Form->create('Object', array('id', 'url' => $url, 'enctype' => 'multipart/form-data'));
|
||||
?>
|
||||
<h3><?php echo 'Add ' . Inflector::humanize(h($template['ObjectTemplate']['name'])) . ' Object'; ?></h3>
|
||||
<h3><?php echo ucfirst($action) . ' ' . Inflector::humanize(h($template['ObjectTemplate']['name'])) . ' Object'; ?></h3>
|
||||
<div class="row-fluid" style="margin-bottom:10px;">
|
||||
<dl class="span8">
|
||||
<dt>Object Template</dt>
|
||||
|
@ -40,7 +41,7 @@
|
|||
<dt>Distribution</dt>
|
||||
<dd>
|
||||
<?php
|
||||
echo $this->Form->input('MispObject.distribution', array(
|
||||
echo $this->Form->input('Object.distribution', array(
|
||||
'class' => 'Object_distribution_select',
|
||||
'options' => $distributionData['levels'],
|
||||
'default' => $distributionData['initial'],
|
||||
|
@ -48,7 +49,7 @@
|
|||
'style' => 'margin-bottom:5px;',
|
||||
'div' => false
|
||||
));
|
||||
echo $this->Form->input('MispObject.sharing_group_id', array(
|
||||
echo $this->Form->input('Object.sharing_group_id', array(
|
||||
'class' => 'Object_sharing_group_id_select',
|
||||
'options' => $distributionData['sgs'],
|
||||
'label' => false,
|
||||
|
@ -60,7 +61,7 @@
|
|||
<dt>Comment</dt>
|
||||
<dd>
|
||||
<?php
|
||||
echo $this->Form->input('MispObject.comment', array(
|
||||
echo $this->Form->input('Object.comment', array(
|
||||
'type' => 'textarea',
|
||||
'style' => 'height:20px;width:400px;',
|
||||
'required' => false,
|
||||
|
@ -100,18 +101,29 @@
|
|||
</td>
|
||||
<td class="shortish" title="<?php echo h($element['description']); ?>">
|
||||
<?php
|
||||
echo $this->Form->input('Attribute.' . $k . '.object_relation', array(
|
||||
$formSettings = array(
|
||||
'type' => 'hidden',
|
||||
'value' => $element['in-object-name'],
|
||||
'label' => false,
|
||||
'div' => false
|
||||
));
|
||||
echo $this->Form->input('Attribute.' . $k . '.type', array(
|
||||
);
|
||||
if ($action == 'edit') unset($formSettings['value']);
|
||||
echo $this->Form->input('Attribute.' . $k . '.object_relation', $formSettings);
|
||||
if ($action == 'edit') {
|
||||
echo $this->Form->input('Attribute.' . $k . '.uuid', array(
|
||||
'type' => 'hidden',
|
||||
'label' => false,
|
||||
'div' => false
|
||||
));
|
||||
}
|
||||
$formSettings = array(
|
||||
'type' => 'hidden',
|
||||
'value' => $element['type'],
|
||||
'label' => false,
|
||||
'div' => false
|
||||
));
|
||||
);
|
||||
if ($action == 'edit') unset($formSettings['value']);
|
||||
echo $this->Form->input('Attribute.' . $k . '.type', $formSettings);
|
||||
echo '<span class="bold">' . Inflector::humanize(h($element['in-object-name'])) . '</span>';
|
||||
if (!empty($template['ObjectTemplate']['requirements']['required']) && in_array($element['in-object-name'], $template['ObjectTemplate']['requirements']['required'])) {
|
||||
echo '<span class="bold red">' . '(*)' . '</span>';
|
||||
|
@ -121,13 +133,15 @@
|
|||
</td>
|
||||
<td class="short">
|
||||
<?php
|
||||
echo $this->Form->input('Attribute.' . $k . '.category', array(
|
||||
$formSettings = array(
|
||||
'options' => array_combine($element['categories'], $element['categories']),
|
||||
'default' => $element['default_category'],
|
||||
'style' => 'margin-bottom:0px;',
|
||||
'label' => false,
|
||||
'div' => false
|
||||
));
|
||||
);
|
||||
if ($action == 'edit') unset($formSettings['value']);
|
||||
echo $this->Form->input('Attribute.' . $k . '.category', $formSettings);
|
||||
?>
|
||||
</td>
|
||||
<td>
|
||||
|
@ -267,7 +281,9 @@
|
|||
var rows = <?php echo json_encode($row_list, true); ?>;
|
||||
$(document).ready(function() {
|
||||
enableDisableObjectRows(rows);
|
||||
|
||||
$(".Attribute_value_select").each(function() {
|
||||
checkAndEnable($(this).parent().find('.Attribute_value'), $(this).val() == 'Enter value manually');
|
||||
});
|
||||
$(".Attribute_distribution_select").change(function() {
|
||||
checkAndEnable($(this).parent().find('.Attribute_sharing_group_id_select'), $(this).val() == 4);
|
||||
});
|
||||
|
@ -275,7 +291,6 @@
|
|||
$(".Object_distribution_select").change(function() {
|
||||
checkAndEnable($(this).parent().find('.Object_sharing_group_id_select'), $(this).val() == 4);
|
||||
});
|
||||
|
||||
$(".Attribute_value_select").change(function() {
|
||||
checkAndEnable($(this).parent().find('.Attribute_value'), $(this).val() == 'Enter value manually');
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue