MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8751 from JakubOnderka/disable-discussion 

new: [UI] Add ability to disable discussion
pull/8826/head
Jakub Onderka 2022-12-02 10:44:51 +01:00 committed by GitHub
parent faf9c58e57 0888578063
commit e6c174fc58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Controller/Component/ACLComponent.php
View File

@ -482,9 +482,9 @@ class ACLComponent extends Component
'display' => array('*'),
),
'posts' => array(
'add' => array('not_read_only_authkey'),
'delete' => array('not_read_only_authkey'),
'edit' => array('not_read_only_authkey'),
'add' => ['AND' => ['not_read_only_authkey', 'discussion_enabled']],
'delete' => ['AND' => ['not_read_only_authkey', 'discussion_enabled']],
'edit' => ['AND' => ['not_read_only_authkey', 'discussion_enabled']],
'pushMessageToZMQ' => array()
),
'regexp' => array(
@ -716,9 +716,9 @@ class ACLComponent extends Component
'view' => array('*'),
),
'threads' => array(
'index' => array('*'),
'view' => array('*'),
'viewEvent' => array('*'),
'index' => array('discussion_enabled'),
'view' => array('discussion_enabled'),
'viewEvent' => array('discussion_enabled'),
),
'users' => array(
'acceptRegistrations' => array(),
@ -868,6 +868,9 @@ class ACLComponent extends Component
$this->dynamicChecks['delegation_enabled'] = function (array $user) {
return (bool)Configure::read('MISP.delegation');
};
$this->dynamicChecks['discussion_enabled'] = function (array $user) {
return !Configure::read('MISP.discussion_disable');
};
// Returns true if current user is not using advanced auth key or if authkey is not read only
$this->dynamicChecks['not_read_only_authkey'] = function (array $user) {
return !isset($user['authkey_read_only']) || !$user['authkey_read_only'];

4
app/Controller/EventsController.php
View File

@ -990,7 +990,7 @@ class EventsController extends AppController
$possibleColumns[] = 'proposals';
}
if (Configure::read('MISP.showDiscussionsCountOnIndex')) {
if (Configure::read('MISP.showDiscussionsCountOnIndex') && !Configure::read('MISP.discussion_disable')) {
$possibleColumns[] = 'discussion';
}
@ -1037,7 +1037,7 @@ class EventsController extends AppController
$events = $this->Event->attachProposalsCountToEvents($user, $events);
}
if (in_array('discussion', $columns, true)) {
if (in_array('discussion', $columns, true) && !Configure::read('MISP.discussion_disable')) {
$events = $this->Event->attachDiscussionsCountToEvents($user, $events);
}

8
app/Model/Server.php
View File

@ -5657,6 +5657,14 @@ class Server extends AppModel
'type' => 'boolean',
'null' => true
),
'discussion_disable' => [
'level' => 1,
'description' => __('Completely disable ability for user to add discussion to events.'),
'value' => false,
'test' => 'testBool',
'type' => 'boolean',
'null' => true
],
'showCorrelationsOnIndex' => array(
'level' => 1,
'description' => __('When enabled, the number of correlations visible to the currently logged in user will be visible on the event index UI. This comes at a performance cost but can be very useful to see correlating events at a glance.'),

7
app/View/Elements/Events/View/event_contents.ctp
View File

@ -1,3 +1,4 @@
<?php $canAccessDiscussion = $this->Acl->canAccess('threads', 'view') ?>
<div id="eventToggleButtons">
<button class="btn btn-inverse toggle-left qet" id="pivots_toggle" data-toggle-type="pivots">
<span class="fas fa-minus" title="<?php echo __('Toggle pivot graph');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle pivot graph');?>"></span><?php echo __('Pivots');?>
@ -20,12 +21,14 @@
<button class="btn btn-inverse toggle qet" id="eventreport_toggle" data-toggle-type="eventreport">
<span class="fas fa-plus" title="<?php echo __('Toggle reports');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle reports');?>"></span><?php echo __('Event reports');?>
</button>
<button class="btn btn-inverse toggle qet" id="attributes_toggle" data-toggle-type="attributes">
<button class="btn btn-inverse <?= $canAccessDiscussion ? 'toggle' : 'toggle-right' ?> qet" id="attributes_toggle" data-toggle-type="attributes">
<span class="fas fa-minus" title="<?php echo __('Toggle attributes');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle attributes');?>"></span><?php echo __('Attributes');?>
</button>
<?php if ($canAccessDiscussion): ?>
<button class="btn btn-inverse toggle-right qet" id="discussions_toggle" data-toggle-type="discussions">
<span class="fas fa-minus" title="<?php echo __('Toggle discussions');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle discussions');?>"></span><?php echo __('Discussion');?>
</button>
<?php endif; ?>
</div>
<br>
<br>
@ -83,9 +86,11 @@ $(document.body).tooltip({
$('.tooltip').not(":last").remove();
});
<?php if ($this->Acl->canAccess('threads', 'view')): ?>
$.get("<?php echo $baseurl; ?>/threads/view/<?php echo h($event['Event']['id']); ?>/true", function(data) {
$("#discussions_div").html(data);
});
<?php endif; ?>
$.get("<?php echo $baseurl; ?>/eventReports/index/event_id:<?= h($event['Event']['id']); ?>/index_for_event:1<?= $extended ? '/extended_event:1' : ''?>", function(data) {
$("#eventreport_content").html(data);

9
app/View/Elements/global_menu.ctp
View File

@ -253,15 +253,18 @@
'url' => $baseurl . '/users/statistics'
),
array(
'type' => 'separator'
'type' => 'separator',
'requirement' => $this->Acl->canAccess('threads', 'index'),
),
array(
'text' => __('List Discussions'),
'url' => $baseurl . '/threads/index'
'url' => $baseurl . '/threads/index',
'requirement' => $this->Acl->canAccess('threads', 'index'),
),
array(
'text' => __('Start Discussion'),
'url' => $baseurl . '/posts/add'
'url' => $baseurl . '/posts/add',
'requirement' => $this->Acl->canAccess('posts', 'add'),
)
)
),