mirror of https://github.com/MISP/MISP
RESTfull sync
RESTfull attribute add, edit and view, to be usefull in sync.pull/61/head
noud
parent
e24ff690bb
commit
e4dafd3882
|
|
@ -31,7 +31,7 @@
|
|||
Router::connect('/users/admin_index/*', array('controller' => 'users', 'action' => 'index', 'admin' => true));
|
||||
|
||||
// Activate REST
|
||||
Router::mapResources(array('events'));
|
||||
Router::mapResources(array('events', 'attributes'));
|
||||
Router::parseExtensions('xml');
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ class AttributesController extends AppController {
|
|||
return true;
|
||||
}
|
||||
// Only on own attributes for these actions
|
||||
if (in_array($this->action, array('edit', 'delete'))) {
|
||||
if (in_array($this->action, array('edit', 'delete', 'view'))) {
|
||||
$attributeid = $this->request->params['pass'][0];
|
||||
return $this->Attribute->isOwnedByOrg($attributeid, $this->Auth->user('org'));
|
||||
}
|
||||
|
|
@ -77,6 +77,16 @@ class AttributesController extends AppController {
|
|||
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
|
||||
}
|
||||
|
||||
public function view($id = null) {
|
||||
$this->Attribute->id = $id;
|
||||
if (!$this->Attribute->exists()) {
|
||||
throw new NotFoundException(__('Invalid attribute'));
|
||||
}
|
||||
$this->Attribute->read(null, $id);
|
||||
|
||||
$this->set('attribute', $this->Attribute->data);
|
||||
}
|
||||
|
||||
/**
|
||||
* add method
|
||||
*
|
||||
|
|
@ -101,7 +111,7 @@ class AttributesController extends AppController {
|
|||
//
|
||||
// multiple attributes in batch import
|
||||
//
|
||||
if ($this->request->data['Attribute']['batch_import'] == 1) {
|
||||
if ((isset($this->request->data['Attribute']['batch_import']) && $this->request->data['Attribute']['batch_import'] == 1)) {
|
||||
// make array from value field
|
||||
$attributes = explode("\n", $this->request->data['Attribute']['value']);
|
||||
|
||||
|
|
@ -141,9 +151,15 @@ class AttributesController extends AppController {
|
|||
$this->Attribute->create();
|
||||
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
// inform the user and redirect
|
||||
$this->Session->setFlash(__('The attribute has been saved'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['Attribute']['event_id']));
|
||||
if ($this->_isRest()) {
|
||||
// REST users want to see the newly created event
|
||||
$this->view($this->Attribute->getId());
|
||||
$this->render('view');
|
||||
} else {
|
||||
// inform the user and redirect
|
||||
$this->Session->setFlash(__('The attribute has been saved'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['Attribute']['event_id']));
|
||||
}
|
||||
} else {
|
||||
$this->Session->setFlash(__('The attribute could not be saved. Please, try again.'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,24 @@
|
|||
<?php
|
||||
$xmlArray = array();
|
||||
|
||||
// cleanup the array from things we do not want to expose
|
||||
// remove value1 and value2 from the output
|
||||
unset($attribute['Attribute']['value1']);
|
||||
unset($attribute['Attribute']['value2']);
|
||||
|
||||
// hide the private fields is we are not in sync mode
|
||||
if ('true' != Configure::read('CyDefSIG.sync')) {
|
||||
unset($attribute['Attribute']['private']);
|
||||
unset($attribute['Attribute']['cluster']);
|
||||
unset($attribute['Attribute']['communitie']);
|
||||
unset($attribute['Attribute']['category_order']);
|
||||
}
|
||||
// hide the org field is we are not in showorg mode
|
||||
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
|
||||
unset($attribute['Attribute']['org']);
|
||||
}
|
||||
|
||||
// display the XML to the user
|
||||
$xmlArray['response']['Attribute'][] = $attribute['Attribute'];
|
||||
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
|
||||
echo $xmlObject->asXML();
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
curl -i -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
|
||||
--data "@input/33529.xml" -X POST http://localhost/attributes
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
#curl -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
|
||||
#--data "@input/event.xml" -X PUT http://localhost/events/14'
|
||||
#http://bel_mod1.local.net:80/events/29
|
||||
|
||||
# POST can be used as well..
|
||||
curl -H "Accept: application/xml" -H "content-type: text/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
|
||||
--data "@input/33529.xml" -X POST http://localhost/attributes/33529
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
curl -H "Accept: application/xml" -H "Authorization: vlf4o42bYSVVWLm28jLB85my4HBZWXTri8vGdySb" \
|
||||
-X GET http://localhost/attributes/$1
|
||||
Loading…
Reference in New Issue