Private.

Add "Pull only" as a sharing state where,
everybody does see an event, is pullable,
but will never be pushed.

Has a generatePrivate for db conversion now.

app/Controller/AppController.php

@@ -366,4 +366,29 @@ class AppController extends Controller {
 			return true;
 		}
 	}
+
+	public function generatePrivate() {
+		if (!self::_isAdmin()) throw new NotFoundException();
+
+		$this->loadModel('Correlation');
+		$this->loadModel('Attribute');
+		$attributes = $this->Attribute->find('all',array('recursive' => 0));
+		foreach ($attributes as $attribute) {
+			if ($attribute['Attribute']['private']) {
+				$attribute['Attribute']['private'] = false;
+				$attribute['Attribute']['pull'] = true;
+			}
+			$this->Attribute->save($attribute);
+		}
+
+		$this->loadModel('Event');
+		$events = $this->Event->find('all',array('recursive' => 0));
+		foreach ($events as $event) {
+			if ($event['Event']['private']) {
+				$event['Event']['private'] = false;
+				$event['Event']['pull'] = true;
+			}
+			$this->Event->save($event);
+		}
+	}
 }

app/Controller/AttributesController.php

@@ -195,7 +195,7 @@ class AttributesController extends AppController {
 		$this->set('categories',compact('categories'));
 
 		if ('true' == Configure::read('CyDefSIG.private')) {
-			$sharings = array('Org','Server','All');
+			$sharings = array('Org', 'Server', 'Pull only', 'All');
 			$sharings = $this->_arrayToValuesIndexArray($sharings);
 			$this->set('sharings',compact('sharings'));
 		}
@@ -372,7 +372,7 @@ class AttributesController extends AppController {
 		$this->set('uploadDefinitions', $this->Attribute->uploadDefinitions);
 
 		if ('true' == Configure::read('CyDefSIG.private')) {
-			$sharings = array('Org','Server','All');
+			$sharings = array('Org', 'Server', 'Pull only', 'All');
 			$sharings = $this->_arrayToValuesIndexArray($sharings);
 			$this->set('sharings',compact('sharings'));
 		}
@@ -410,7 +410,7 @@ class AttributesController extends AppController {
 			}
 
 			// say what fields are to be updated
-			$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster');
+			$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster', 'pull');
 			if ($this->Attribute->save($this->request->data)) {
 				$this->Session->setFlash(__('The attribute has been saved'));
 
@@ -437,7 +437,7 @@ class AttributesController extends AppController {
 		$this->set('categories',compact('categories'));
 
 		if ('true' == Configure::read('CyDefSIG.private')) {
-			$sharings = array('Org','Server','All');
+			$sharings = array('Org', 'Server', 'Pull only', 'All');
 			$sharings = $this->_arrayToValuesIndexArray($sharings);
 			$this->set('sharings',compact('sharings'));
 		}

app/Controller/EventsController.php

@@ -324,7 +324,7 @@ class EventsController extends AppController {
 		$this->set('risks',compact('risks'));
 
 		if ('true' == Configure::read('CyDefSIG.private')) {
-			$sharings = array('Org','Server','All');
+			$sharings = array('Org', 'Server', 'Pull only', 'All');
 			$sharings = $this->_arrayToValuesIndexArray($sharings);
 			$this->set('sharings',compact('sharings'));
 		}
@@ -382,8 +382,8 @@ class EventsController extends AppController {
 		}
 
 		$fieldList = array(
-				'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster'),
-				'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster')
+				'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'pull'),
+				'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'pull')
 		);
 
 		if ('true' == Configure::read('CyDefSIG.private')) {
@@ -455,7 +455,7 @@ class EventsController extends AppController {
 			}
 
 			// say what fields are to be updated
-			$fieldList = array('date', 'risk', 'info', 'published', 'private', 'cluster');
+			$fieldList = array('date', 'risk', 'info', 'published', 'private', 'cluster', 'pull');
 			// always force the org, but do not force it for admins
 			if ($this->_isAdmin()) {
 				// set the same org as existed before
@@ -485,7 +485,7 @@ class EventsController extends AppController {
 		$this->set('risks',compact('risks'));
 
 		if ('true' == Configure::read('CyDefSIG.private')) {
-			$sharings = array('Org', 'Server', 'All');
+			$sharings = array('Org', 'Server', 'Pull only', 'All');
 			$sharings = $this->_arrayToValuesIndexArray($sharings);
 			$this->set('sharings', compact('sharings'));
 		}

app/MYSQL.private.sql

@@ -1,5 +1,8 @@
 ALTER TABLE `events` ADD `cluster` tinyint(1) NOT NULL;
 ALTER TABLE `attributes` ADD `cluster` tinyint(1) NOT NULL;
 
+ALTER TABLE `events` ADD `pull` tinyint(1) NOT NULL;
+ALTER TABLE `attributes` ADD `pull` tinyint(1) NOT NULL;
+
 ALTER TABLE `correlations` ADD private tinyint(1) NOT NULL;
 ALTER TABLE `correlations` ADD org varchar(255) COLLATE utf8_bin NOT NULL;

app/Model/Attribute.php

@@ -279,7 +279,7 @@ class Attribute extends AppModel {
 		if ('true' == Configure::read('CyDefSIG.private')) {
 
 			$this->virtualFields = Set::merge($this->virtualFields,array(
-				'sharing' => 'IF (Attribute.private=true, "Org", IF (Attribute.cluster=true, "Server", "All"))',
+				'sharing' => 'IF (Attribute.private=true, "Org", IF (Attribute.cluster=true, "Server", IF (Attribute.pull=true, "Pull only", "All")))',
 			));
 
 			$this->fieldDescriptions = Set::merge($this->fieldDescriptions,array(
@@ -297,8 +297,18 @@ class Attribute extends AppModel {
 						//'on' => 'create', // Limit validation to 'create' or 'update' operations
 					),
 				),
+				'pull' => array(
+					'boolean' => array(
+						'rule' => array('boolean'),
+						//'message' => 'Your custom message here',
+						//'allowEmpty' => false,
+						'required' => false,
+						//'last' => false, // Stop validation after this rule
+						//'on' => 'create', // Limit validation to 'create' or 'update' operations
+					),
+				),
 				'sharing' => array(
-					'rule' => array('inList', array('Org','Server','All')),
+					'rule' => array('inList', array('Org', 'Server', 'Pull only')),
 						//'message' => 'Your custom message here',
 						'allowEmpty' => false,
 						'required' => false,
@@ -402,14 +412,22 @@ class Attribute extends AppModel {
 			case 'Org':
 				$data['Attribute']['private'] = true;
 				$data['Attribute']['cluster'] = false;
+				$data['Attribute']['pull'] = false;
 				break;
 			case 'Server':
 				$data['Attribute']['private'] = false;
 				$data['Attribute']['cluster'] = true;
+				$data['Attribute']['pull'] = false;
+				break;
+			case 'Pull only':
+				$data['Attribute']['private'] = false;
+				$data['Attribute']['cluster'] = false;
+				$data['Attribute']['pull'] = true;
 				break;
 			case 'All':
 				$data['Attribute']['private'] = false;
 				$data['Attribute']['cluster'] = false;
+				$data['Attribute']['pull'] = false;
 				break;
 		}
 		return $data;

app/Model/Event.php

@@ -147,7 +147,7 @@ class Event extends AppModel {
 		if ('true' == Configure::read('CyDefSIG.private')) {
 
 			$this->virtualFields = Set::merge($this->virtualFields,array(
-				'sharing' => 'IF (Event.private=true, "Org", IF (Event.cluster=true, "Server", "All"))',
+				'sharing' => 'IF (Event.private=true, "Org", IF (Event.cluster=true, "Server", IF (Event.pull=true, "Pull only", "All")))',
 			));
 
 			$this->fieldDescriptions = Set::merge($this->fieldDescriptions,array(
@@ -165,8 +165,18 @@ class Event extends AppModel {
 						//'on' => 'create', // Limit validation to 'create' or 'update' operations
 					),
 				),
+				'pull' => array(
+					'boolean' => array(
+						'rule' => array('boolean'),
+						//'message' => 'Your custom message here',
+						//'allowEmpty' => false,
+						'required' => false,
+						//'last' => false, // Stop validation after this rule
+						//'on' => 'create', // Limit validation to 'create' or 'update' operations
+					),
+				),
 				'sharing' => array(
-					'rule' => array('inList', array('Org','Server')),
+					'rule' => array('inList', array('Org', 'Server', 'Pull only')),
 						//'message' => 'Your custom message here',
 						'allowEmpty' => false,
 						'required' => false,
@@ -262,14 +272,22 @@ class Event extends AppModel {
 			case 'Org':
 				$data['Event']['private'] = true;
 				$data['Event']['cluster'] = false;
+				$data['Event']['pull'] = false;
 				break;
 			case 'Server':
 				$data['Event']['private'] = false;
 				$data['Event']['cluster'] = true;
+				$data['Event']['pull'] = false;
+				break;
+			case 'Pull only':
+				$data['Event']['private'] = false;
+				$data['Event']['cluster'] = false;
+				$data['Event']['pull'] = true;
 				break;
 			case 'All':
 				$data['Event']['private'] = false;
 				$data['Event']['cluster'] = false;
+				$data['Event']['pull'] = false;
 				break;
 		}
 		return $data;
@@ -342,9 +360,12 @@ class Event extends AppModel {
  * @return bool true if success, error message if failed
  */
 	public function uploadEventToServer($event, $server, $HttpSocket=null) {
-		if (true == $event['Event']['private']) { // never upload private events
+		if (('true' != Configure::read('CyDefSIG.private')) && (true == $event['Event']['private'])) { // never upload private events
 			return "Event is private and non exportable";
 		}
+		if (('true' == Configure::read('CyDefSIG.private')) && (true == $event['Event']['pull'])) {
+			return "Event is pull only and non exportable";
+		}
 
 		$url = $server['Server']['url'];
 		$authkey = $server['Server']['authkey'];