mirror of https://github.com/MISP/MISP
chg: [eventGraph] Usage of fetchEvent function, refacto + sorting on
creation date + disabling button if user is not authorized to save/delete/.. the networkpull/3449/head
Sami Mokaddem
parent
5a20dedd69
commit
f45e49e451
|
|
@ -17,9 +17,6 @@ class EventNetworkHistoryController extends AppController {
|
|||
throw new MethodNotAllowedException(__('Invalid method.'));
|
||||
}
|
||||
if ($event_id === false) throw new MethodNotAllowedException(__('No event ID set.'));
|
||||
if (!$this->userRole['perm_add']) {
|
||||
throw new MethodNotAllowedException(__('You don\'t have permissions to add a new network'));
|
||||
}
|
||||
|
||||
// retreive current org_id
|
||||
$org_id = $this->_checkOrg();
|
||||
|
|
@ -33,18 +30,13 @@ class EventNetworkHistoryController extends AppController {
|
|||
} else if (!is_numeric($event_id)) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
$this->Event->id = $event_id;
|
||||
if (!$this->Event->exists()) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
|
||||
$this->Event->read(null, $event_id);
|
||||
if (!$this->_isSiteAdmin() && ($this->Event->data['Event']['orgc_id'] != $this->_checkOrg() || !$this->userRole['perm_modify'])) {
|
||||
throw new UnauthorizedException(__('You do not have permission to do that.'));
|
||||
}
|
||||
$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $event_id));
|
||||
if (empty($event)) throw new NotFoundException('Invalid event');
|
||||
|
||||
// fetch networks
|
||||
$networks = $this->EventNetworkHistory->find('all', array(
|
||||
'order' => 'EventNetworkHistory.timestamp DESC',
|
||||
'conditions' => array(
|
||||
'EventNetworkHistory.event_id' => $event_id,
|
||||
'EventNetworkHistory.org_id' => $org_id
|
||||
|
|
@ -84,25 +76,13 @@ class EventNetworkHistoryController extends AppController {
|
|||
|
||||
} else {
|
||||
if ($event_id === false) throw new MethodNotAllowedException(__('No event ID set.'));
|
||||
if (!$this->userRole['perm_add']) {
|
||||
throw new MethodNotAllowedException(__('You don\'t have permissions to add a new network'));
|
||||
}
|
||||
|
||||
$this->loadModel('Event');
|
||||
if (Validation::uuid($event_id)) {
|
||||
$temp = $this->Event->find('first', array('recursive' => -1, 'fields' => array('Event.id'), 'conditions' => array('Event.uuid' => $event_id)));
|
||||
if (empty($temp)) throw new NotFoundException(__('Invalid event'));
|
||||
$event_id = $temp['Event']['id'];
|
||||
} else if (!is_numeric($event_id)) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
$this->Event->id = $event_id;
|
||||
if (!$this->Event->exists()) {
|
||||
throw new NotFoundException(__('Invalid event'));
|
||||
}
|
||||
$event = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $event_id));
|
||||
if (empty($event)) throw new NotFoundException('Invalid event');
|
||||
|
||||
$networkHistory = array();
|
||||
$this->Event->read(null, $event_id);
|
||||
if (!$this->_isSiteAdmin() && ($this->Event->data['Event']['orgc_id'] != $this->_checkOrg() || !$this->userRole['perm_modify'])) {
|
||||
if (!$this->_isSiteAdmin() && ($event['Event']['orgc_id'] != $this->_checkOrg() && !$this->userRole['perm_modify'])) {
|
||||
throw new UnauthorizedException(__('You do not have permission to do that.'));
|
||||
} else {
|
||||
$networkHistory['EventNetworkHistory']['event_id'] = $event_id;
|
||||
|
|
@ -143,7 +123,7 @@ class EventNetworkHistoryController extends AppController {
|
|||
}
|
||||
|
||||
public function edit($id) {
|
||||
$this->EventNetworkHistory->edit();
|
||||
//$this->EventNetworkHistory->edit();
|
||||
}
|
||||
|
||||
public function delete($id) {
|
||||
|
|
@ -168,7 +148,7 @@ class EventNetworkHistoryController extends AppController {
|
|||
if ($this->request->is('ajax')) {
|
||||
if ($this->request->is('post')) {
|
||||
// only creator can delete its network
|
||||
if ($networkHistory['EventNetworkHistory']['user_id'] != $this->Auth->user()['id']) throw new MethodNotAllowedException('This network does not belong to you.');
|
||||
if (($networkHistory['EventNetworkHistory']['user_id'] != $this->Auth->user()['id']) && !$this->_isSiteAdmin()) throw new MethodNotAllowedException('This network does not belong to you.');
|
||||
$result = $this->EventNetworkHistory->delete($id);
|
||||
if ($result) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Network history deleted.')), 'status'=>200, 'type' => 'json'));
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
<span id="fullscreen-btn-eventgraph" class="fullscreen-btn btn btn-xs btn-primary" data-toggle="tooltip" data-placement="top" data-title="<?php echo __('Toggle fullscreen');?>"><span class="fa fa-desktop"></span></span>
|
||||
|
||||
<div id="eventgraph_shortcuts_background" class="eventgraph_network_background"></div>
|
||||
<div id="eventgraph_network" class="eventgraph_network" data-event-id="<?php echo h($event['Event']['id']); ?>" data-event-timestamp="<?php echo h($event['Event']['timestamp']); ?>" data-user-manipulation="<?php echo $mayModify || $isSiteAdmin ? 'true' : 'false'; ?>" data-extended="<?php echo $extended; ?>" data-user-email="<?php echo h($me['email']);?>"></div>
|
||||
<div id="eventgraph_network" class="eventgraph_network" data-event-id="<?php echo h($event['Event']['id']); ?>" data-event-timestamp="<?php echo h($event['Event']['timestamp']); ?>" data-user-manipulation="<?php echo $mayModify || $isSiteAdmin ? 'true' : 'false'; ?>" data-extended="<?php echo $extended; ?>" data-user-email="<?php echo h($me['email']);?>" data-is-site-admin="<?php echo $isSiteAdmin ? 'true' : 'false'; ?>"></div>
|
||||
<div class="loading-network-div" id="refecences_network_loading_div" style="display: none;">
|
||||
<div class="spinner-network" data-original-title="" title=""></div>
|
||||
<div class="loadingText-network" data-original-title="" title=""></div>
|
||||
|
|
|
|||
|
|
@ -15,12 +15,14 @@ class ActionTable {
|
|||
this.tr_id_mapping = {};
|
||||
this.control_items = options.control_items;
|
||||
this.header_action_button = options.header_action_button === undefined ? {} : options.header_action_button;
|
||||
if (options.header_action_button === undefined) {
|
||||
if (options.header_action_button !== undefined) {
|
||||
this.header_action_button_style = this.header_action_button.style === undefined ? {} : this.header_action_button.style;
|
||||
this.additionEnabled = this.header_action_button.additionEnabled === undefined ? false : this.header_action_button.additionEnabled;
|
||||
this.additionButtonDisabled = this.header_action_button.disabled === undefined ? false : this.header_action_button.disabled;
|
||||
} else {
|
||||
this.header_action_button_style = {};
|
||||
this.additionEnabled = false;
|
||||
this.additionButtonDisabled = false;
|
||||
}
|
||||
|
||||
this.row_action_button = options.row_action_button === undefined ? {} : options.row_action_button;
|
||||
|
|
@ -189,6 +191,7 @@ class ActionTable {
|
|||
btn.innerHTML = '<span class="fa fa-plus-square"></span>';
|
||||
}
|
||||
btn.type = "button";
|
||||
btn.disabled = this.additionButtonDisabled;
|
||||
|
||||
var that = this;
|
||||
btn.addEventListener("click", function(evt) {
|
||||
|
|
@ -315,6 +318,9 @@ class ActionTable {
|
|||
if (options.placeholder !== undefined) {
|
||||
input.placeholder = options.placeholder;
|
||||
}
|
||||
if (options.disabled !== undefined) {
|
||||
input.disabled = options.disabled;
|
||||
}
|
||||
if (options.typeahead !== undefined) {
|
||||
var typeaheadOption = options.typeahead;
|
||||
$('#'+input.id).typeahead(typeaheadOption);
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ var scope_id = $('#eventgraph_network').data('event-id');
|
|||
var user_email = $('#eventgraph_network').data('user-email');
|
||||
var container = document.getElementById('eventgraph_network');
|
||||
var user_manipulation = $('#eventgraph_network').data('user-manipulation');
|
||||
var is_siteadmin = $('#eventgraph_network').data('is-site-admin');
|
||||
var root_id_attr = "rootNode:attribute";
|
||||
var root_id_object = "rootNode:object";
|
||||
var root_id_tag = "rootNode:tag";
|
||||
|
|
@ -550,7 +551,8 @@ class EventGraph {
|
|||
item_options: {
|
||||
style: "width: 98%;",
|
||||
placeholder: "Network's name",
|
||||
id: "networkHistory_input_name_save"
|
||||
id: "networkHistory_input_name_save",
|
||||
disabled: !user_manipulation
|
||||
}
|
||||
}
|
||||
],
|
||||
|
|
@ -561,6 +563,7 @@ class EventGraph {
|
|||
icon: "fa-save",
|
||||
tooltip: "Save network"
|
||||
},
|
||||
disabled: !user_manipulation
|
||||
},
|
||||
row_action_button: {
|
||||
removalEnabled: false,
|
||||
|
|
@ -600,7 +603,7 @@ class EventGraph {
|
|||
for(var i=0; i<history_formatted.length; i++) {
|
||||
var history = history_formatted[i];
|
||||
var cur_email = history[2];
|
||||
if (cur_email != user_email) {
|
||||
if (!(cur_email == user_email || is_siteadmin)) {
|
||||
// disable delete button
|
||||
var tr = eventGraph.menu_history.items.table_graph_history_actiontable.get_DOM_row(i);
|
||||
var btn_del = $(tr).find('.btn-danger');
|
||||
|
|
@ -1448,6 +1451,7 @@ class DataHandler {
|
|||
$.getJSON( "/eventNetworkHistory/get/"+scope_id, function( history ) {
|
||||
var history_formatted = [];
|
||||
history.forEach(function(item) {
|
||||
console.log(item['EventNetworkHistory']['timestamp']);
|
||||
history_formatted.push([
|
||||
item['EventNetworkHistory']['id'],
|
||||
item['EventNetworkHistory']['network_name'],
|
||||
|
|
@ -1848,7 +1852,7 @@ function reset_graph_history() {
|
|||
for(var i=0; i<history_formatted.length; i++) {
|
||||
var history = history_formatted[i];
|
||||
var cur_email = history[2];
|
||||
if (cur_email != user_email) {
|
||||
if (!(cur_email == user_email || is_siteadmin)) {
|
||||
// disable delete button
|
||||
var tr = eventGraph.menu_history.items.table_graph_history_actiontable.get_DOM_row(i);
|
||||
var btn_del = $(tr).find('.btn-danger');
|
||||
|
|
|
|||
Loading…
Reference in New Issue