mirror of https://github.com/MISP/MISP
Reworked aros_acos creation
- moved and fixed the aros_acos creation on the new role creation - new method in appController that sets all the aros_acos from scratch (for example for a new instance, or a changed acos / aros table) - some minor changes, redirects to the terms page on invalid events removed, etc.pull/63/head
parent
6ef3ea7050
commit
e976242878
|
@ -372,6 +372,91 @@ class AppController extends Controller {
|
|||
$this->generateHop($yourOrg);
|
||||
}
|
||||
|
||||
public function generateArosAcos() {
|
||||
if (!self::_isAdmin()) throw new NotFoundException();
|
||||
$this->loadModel('Role');
|
||||
$roles = $this->Role->find('all',array('recursive' => 0));
|
||||
foreach ($roles as $role) {
|
||||
$this->generateACL($role);
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
public function generateACL($inc) {
|
||||
if (!self::_isAdmin()) throw new NotFoundException();
|
||||
if($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
|
||||
switch ($inc['Role']['permission']) {
|
||||
case '0':
|
||||
$permAdd = false;
|
||||
$permModify = false;
|
||||
$PermModifyOrg = false;
|
||||
$permPublish = false;
|
||||
break;
|
||||
case '1':
|
||||
$permAdd = true;
|
||||
$permModify = true;
|
||||
$PermModifyOrg = false;
|
||||
$permPublish = false;
|
||||
break;
|
||||
case '2':
|
||||
$permAdd = true;
|
||||
$permModify = true;
|
||||
$PermModifyOrg = true;
|
||||
$permPublish = false;
|
||||
break;
|
||||
case '3':
|
||||
$permAdd = true;
|
||||
$permModify = true;
|
||||
$PermModifyOrg = true;
|
||||
$permPublish = true;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
if ($permAdd) {
|
||||
$this->Acl->allow($inc, 'controllers/Events/add');
|
||||
$this->Acl->allow($inc, 'controllers/Attributes/add');
|
||||
} else {
|
||||
$this->Acl->deny($inc, 'controllers/Events/add');
|
||||
$this->Acl->deny($inc, 'controllers/Attributes/add');
|
||||
}
|
||||
if ($permModify) {
|
||||
$this->Acl->allow($inc, 'controllers/Events/edit');
|
||||
$this->Acl->allow($inc, 'controllers/Attributes/edit');
|
||||
} else {
|
||||
$this->Acl->deny($inc, 'controllers/Events/edit');
|
||||
$this->Acl->deny($inc, 'controllers/Attributes/edit');
|
||||
}
|
||||
if ($permPublish) {
|
||||
$this->Acl->allow($inc, 'controllers/Events/publish');
|
||||
} else {
|
||||
$this->Acl->deny($inc, 'controllers/Events/publish');
|
||||
}
|
||||
if (isset($inc['Role']['perm_sync'])) {
|
||||
if ($inc['Role']['perm_sync']) {
|
||||
$this->Acl->allow($inc, 'controllers/Servers');
|
||||
}
|
||||
} else {
|
||||
$this->Acl->deny($inc, 'controllers/Servers');
|
||||
}
|
||||
|
||||
if (isset($inc['Role']['perm_audit'])) {
|
||||
if ($inc['Role']['perm_audit']) {
|
||||
$this->Acl->allow($inc, 'controllers/Logs');
|
||||
}
|
||||
} else {
|
||||
$this->Acl->deny($inc, 'controllers/Logs');
|
||||
}
|
||||
|
||||
if (isset($inc['Role']['perm_admin'])) {
|
||||
if ($inc['Role']['perm_admin']) {
|
||||
//$this->Acl->allow($inc, 'controllers/Logs');
|
||||
}
|
||||
} else {
|
||||
$this->Acl->deny($inc, 'controllers/Roles');
|
||||
}
|
||||
}
|
||||
|
||||
public function generateCorrelation() {
|
||||
if (!self::_isAdmin()) throw new NotFoundException();
|
||||
|
||||
|
|
|
@ -528,7 +528,7 @@ class AttributesController extends AppController {
|
|||
// check for non-private and re-read
|
||||
if (($this->Attribute->data['Event']['org'] != $this->Auth->user('org')) || (($this->Attribute->data['Event']['org'] == $this->Auth->user('org')) && ($this->Attribute->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->checkAcl('edit') || !$this->checkRole() || !$this->checkAcl('publish')))) {
|
||||
$this->Session->setFlash(__('Invalid attribute.'));
|
||||
$this->redirect(array('controller' => 'users', 'action' => 'terms'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -173,7 +173,7 @@ class EventsController extends AppController {
|
|||
// check private
|
||||
if (($this->Event->data['Event']['private'] && !$this->Event->data['Event']['cluster']) && ($this->Event->data['Event']['org'] != $this->Auth->user('org'))) {
|
||||
$this->Session->setFlash(__('Invalid event.'));
|
||||
$this->redirect(array('controller' => 'users', 'action' => 'terms'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
}
|
||||
}
|
||||
$this->set('analysisLevels', $this->Event->analysisLevels);
|
||||
|
|
|
@ -9,13 +9,13 @@ App::uses('AppController', 'Controller');
|
|||
*/
|
||||
class RolesController extends AppController {
|
||||
|
||||
public $options = array('0' => 'Read Only', '1' => 'Manage My Own Events', '2' => 'Manage Organization Events', '3' => 'Manage & Publish Organization Events');
|
||||
public $options = array('0' => 'Read Only', '1' => 'Manage My Own Events', '2' => 'Manage Organization Events', '3' => 'Manage & Publish Organization Events');
|
||||
|
||||
public $components = array(
|
||||
'Acl',
|
||||
'Auth' => array(
|
||||
'authorize' => array(
|
||||
'Actions' => array('actionPath' => 'controllers/Roles')
|
||||
'Actions' => array('actionPath' => 'controllers')
|
||||
)
|
||||
),
|
||||
'Security',
|
||||
|
@ -45,6 +45,8 @@ class RolesController extends AppController {
|
|||
*/
|
||||
public function view($id = null) {
|
||||
$this->Role->id = $id;
|
||||
//$this->Acl->allow($this->Role, 'controllers/Events/add');
|
||||
debug('here');
|
||||
if (!$this->Role->exists()) {
|
||||
throw new NotFoundException(__('Invalid role'));
|
||||
}
|
||||
|
@ -58,8 +60,23 @@ class RolesController extends AppController {
|
|||
*/
|
||||
public function admin_add() {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminAdd();
|
||||
if ($this->request->is('post')) {
|
||||
$this->Role->create();
|
||||
if ($this->Role->save($this->request->data)) {
|
||||
$this->Session->setFlash(__(sprintf('The Role has been saved.')));
|
||||
$this->set('options', $this->options);
|
||||
$passAlong = $this->Role->read(null, $this->Role->getInsertID());
|
||||
debug($passAlong);
|
||||
$this->generateACL($passAlong);
|
||||
$this->redirect(array('action' => 'index'));
|
||||
} else {
|
||||
if (!($this->Session->check('Message.flash'))) {
|
||||
$this->Role->Session->setFlash(__(sprintf('The Role could not be saved. Please, try again.')));
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->set('options', $this->options);
|
||||
//$this->AdminCrud->adminAdd();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -7,6 +7,8 @@ App::uses('AppModel', 'Model');
|
|||
*/
|
||||
class Role extends AppModel {
|
||||
|
||||
public $components = array('Acl');
|
||||
|
||||
/**
|
||||
* Validation rules
|
||||
*
|
||||
|
@ -100,39 +102,4 @@ class Role extends AppModel {
|
|||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function afterSava($created) {
|
||||
$this->saveAcl($this, $this->data['Role']['perm_add'], $this->data['Role']['perm_modify'], $this->data['Role']['perm_publish']); // save to ACL as well
|
||||
}
|
||||
|
||||
/**
|
||||
* saveAcl method
|
||||
*
|
||||
* @param string $id
|
||||
* @return void
|
||||
*/
|
||||
public function saveAcl($role, $permAdd = false, $permModify = false, $permPublish = false) {
|
||||
$acl = new Acl();
|
||||
// this all could need some 'if-changed then do'
|
||||
|
||||
if ($permAdd) {
|
||||
$acl->allow($role, 'controllers/Events/add');
|
||||
$acl->allow($role, 'controllers/Attributes/add');
|
||||
} else {
|
||||
$acl->deny($role, 'controllers/Events/add');
|
||||
$aAcl->deny($role, 'controllers/Attributes/add');
|
||||
}
|
||||
if ($permModify) {
|
||||
$acl->allow($role, 'controllers/Events/edit');
|
||||
$acl->allow($role, 'controllers/Attributes/edit');
|
||||
} else {
|
||||
$acl->deny($role, 'controllers/Events/edit');
|
||||
$acl->deny($role, 'controllers/Attributes/edit');
|
||||
}
|
||||
if ($permPublish) {
|
||||
$acl->allow($role, 'controllers/Events/publish');
|
||||
} else {
|
||||
$acl->deny($role, 'controllers/Events/publish');
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue