mirror of https://github.com/MISP/MISP
chg: [cleanup] of temporary paths
parent
babf2b73b0
commit
f66c336c7c
|
@ -2574,134 +2574,6 @@ class Attribute extends AppModel
|
|||
}
|
||||
|
||||
public function editAttribute($attribute, array $event, $user, $objectId, $log = false, $force = false, &$nothingToChange = false, $server = null)
|
||||
{
|
||||
if ($this->fast_update) {
|
||||
$this->Behaviors->unload('SysLogLogable.SysLogLogable');
|
||||
}
|
||||
$eventId = $event['Event']['id'];
|
||||
$attribute['event_id'] = $eventId;
|
||||
$attribute['object_id'] = $objectId;
|
||||
if (isset($attribute['encrypt'])) {
|
||||
$attribute = $this->onDemandEncrypt($attribute);
|
||||
}
|
||||
unset($attribute['id']);
|
||||
if (isset($attribute['uuid'])) {
|
||||
$existingAttribute = $this->find('first', array(
|
||||
'conditions' => array('Attribute.uuid' => $attribute['uuid']),
|
||||
'recursive' => -1,
|
||||
));
|
||||
if (!empty($existingAttribute)) {
|
||||
if ($existingAttribute['Attribute']['event_id'] != $eventId || $existingAttribute['Attribute']['object_id'] != $objectId) {
|
||||
$change = 'An attribute was blocked from being saved due to a duplicate UUID. The uuid in question is: ' . $attribute['uuid'] . '. This can also be due to the same attribute (or an attribute with the same UUID) existing in a different event / object)';
|
||||
$this->loadLog()->createLogEntry($user, 'edit', 'Attribute', 0, 'Duplicate UUID found in attribute', $change);
|
||||
return true;
|
||||
}
|
||||
// If a field is not set in the request, just reuse the old value
|
||||
$recoverFields = array('value', 'to_ids', 'distribution', 'category', 'type', 'comment', 'sharing_group_id', 'object_id', 'object_relation', 'first_seen', 'last_seen');
|
||||
foreach ($recoverFields as $rF) {
|
||||
if (!isset($attribute[$rF])) {
|
||||
$attribute[$rF] = $existingAttribute['Attribute'][$rF];
|
||||
}
|
||||
}
|
||||
$attribute['id'] = $existingAttribute['Attribute']['id'];
|
||||
// Check if the attribute's timestamp is bigger than the one that already exists.
|
||||
// If yes, it means that it's newer, so insert it. If no, it means that it's the same attribute or older - don't insert it, insert the old attribute.
|
||||
// Alternatively, we could unset this attribute from the request, but that could lead with issues if we decide that we want to start deleting attributes that don't exist in a pushed event.
|
||||
if (isset($attribute['timestamp'])) {
|
||||
if (!$force && $attribute['timestamp'] <= $existingAttribute['Attribute']['timestamp']) {
|
||||
$nothingToChange = true;
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
$attribute['timestamp'] = time();
|
||||
}
|
||||
} else {
|
||||
$this->create();
|
||||
}
|
||||
} else {
|
||||
$this->create();
|
||||
}
|
||||
$attribute['event_id'] = $eventId;
|
||||
if (isset($attribute['distribution']) && $attribute['distribution'] == 4) {
|
||||
if (!empty($attribute['SharingGroup'])) {
|
||||
$attribute['sharing_group_id'] = $this->SharingGroup->captureSG($attribute['SharingGroup'], $user);
|
||||
} elseif (!empty($attribute['sharing_group_id'])) {
|
||||
if (!$this->SharingGroup->checkIfAuthorised($user, $attribute['sharing_group_id'])) {
|
||||
unset($attribute['sharing_group_id']);
|
||||
}
|
||||
}
|
||||
if (empty($attribute['sharing_group_id'])) {
|
||||
$attribute_short = (isset($attribute['category']) ? $attribute['category'] : 'N/A') . '/' . (isset($attribute['type']) ? $attribute['type'] : 'N/A') . ' ' . (isset($attribute['value']) ? $attribute['value'] : 'N/A');
|
||||
$this->loadLog()->createLogEntry($user, 'edit', 'Attribute', 0,
|
||||
'Attribute dropped due to invalid sharing group for Event ' . $eventId . ' failed: ' . $attribute_short,
|
||||
'Validation errors: ' . json_encode($this->validationErrors) . ' Full Attribute: ' . json_encode($attribute)
|
||||
);
|
||||
return 'Invalid sharing group choice.';
|
||||
}
|
||||
} else if (!isset($attribute['distribution'])) {
|
||||
$attribute['distribution'] = $this->defaultDistribution();
|
||||
}
|
||||
$fieldList = self::EDITABLE_FIELDS;
|
||||
if (empty($existingAttribute)) {
|
||||
$addableFieldList = array('event_id', 'type', 'uuid');
|
||||
$fieldList = array_merge($fieldList, $addableFieldList);
|
||||
}
|
||||
if ($objectId) {
|
||||
$fieldList[] = 'object_id';
|
||||
$fieldList[] = 'object_relation';
|
||||
}
|
||||
|
||||
$saveOptions = [
|
||||
'fieldList' => $fieldList,
|
||||
'parentEvent' => $event,
|
||||
'atomic' => false
|
||||
];
|
||||
|
||||
// This is somewhat dangerous, fast_update assumes that you are just updating an existing attribute's
|
||||
// non uniqueness modifying fields (first/last seen, comment, tags, timestamp, etc)
|
||||
// By ignoring this warning, you are introducing potential duplicates.
|
||||
if ($this->fast_update) {
|
||||
$saveOptions['skipAuditLog'] = true;
|
||||
}
|
||||
if (!$this->save(['Attribute' => $attribute], $saveOptions)) {
|
||||
$this->logDropped($user, $attribute, 'edit');
|
||||
return $this->validationErrors;
|
||||
}
|
||||
if (!empty($attribute['Sighting'])) {
|
||||
$this->Sighting->captureSightings($attribute['Sighting'], $this->id, $eventId, $user);
|
||||
}
|
||||
if ($user['Role']['perm_tagger']) {
|
||||
/*
|
||||
We should unwrap the line below and remove the server option in the future once we have tag soft-delete
|
||||
A solution to still keep the behavior for previous instance could be to not soft-delete the Tag if the remote instance
|
||||
has a version below x
|
||||
*/
|
||||
if (isset($server) && isset($server['Server']['remove_missing_tags']) && $server['Server']['remove_missing_tags']) {
|
||||
$this->AttributeTag->pruneOutdatedAttributeTagsFromSync(isset($attribute['Tag']) ? $attribute['Tag'] : array(), $existingAttribute['AttributeTag']);
|
||||
}
|
||||
|
||||
if (isset($attribute['Tag'])) {
|
||||
foreach ($attribute['Tag'] as $tag) {
|
||||
$tag_id = $this->AttributeTag->Tag->captureTag($tag, $user);
|
||||
if ($tag_id) {
|
||||
$tag['id'] = $tag_id;
|
||||
// fix the IDs here
|
||||
$this->AttributeTag->handleAttributeTag($this->id, $attribute['event_id'], $tag);
|
||||
} else {
|
||||
// If we couldn't attach the tag it is most likely because we couldn't create it - which could have many reasons
|
||||
// However, if a tag couldn't be added, it could also be that the user is a tagger but not a tag editor
|
||||
// In which case if no matching tag is found, no tag ID is returned. Logging these is pointless as it is the correct behaviour.
|
||||
if ($user['Role']['perm_tag_editor']) {
|
||||
$this->loadLog()->createLogEntry($user, 'edit', 'Attribute', $this->id, 'Failed create or attach Tag ' . $tag['name'] . ' to the attribute.');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function editAttribute2($attribute, array $event, $user, $objectId, $log = false, $force = false, &$nothingToChange = false, $server = null)
|
||||
{
|
||||
if ($this->fast_update) {
|
||||
$this->Behaviors->unload('SysLogLogable.SysLogLogable');
|
||||
|
|
|
@ -4116,29 +4116,15 @@ class Event extends AppModel
|
|||
if (isset($data['Event']['Attribute'])) {
|
||||
$data['Event']['Attribute'] = array_values($data['Event']['Attribute']);
|
||||
$attributes = [];
|
||||
if (false) {
|
||||
foreach ($data['Event']['Attribute'] as $k => $attribute) {
|
||||
$nothingToChange = false;
|
||||
$attributes[] = $this->Attribute->editAttribute2($attribute, $saveResult, $user, 0, false, $force, $nothingToChange, $server);
|
||||
if (!$nothingToChange) {
|
||||
$changed = true;
|
||||
}
|
||||
}
|
||||
$result = $this->Attribute->editAttributeBulk($attributes, $saveResult, $user);
|
||||
$result = $this->Attribute->editAttributePostProcessing($attributes, $saveResult, $user);
|
||||
} else {
|
||||
foreach ($data['Event']['Attribute'] as $k => $attribute) {
|
||||
$nothingToChange = false;
|
||||
$result = $this->Attribute->editAttribute($attribute, $saveResult, $user, 0, false, $force, $nothingToChange, $server);
|
||||
if ($result !== true) {
|
||||
$validationErrors['Attribute'][] = $result;
|
||||
}
|
||||
if (!$nothingToChange) {
|
||||
$changed = true;
|
||||
}
|
||||
foreach ($data['Event']['Attribute'] as $k => $attribute) {
|
||||
$nothingToChange = false;
|
||||
$attributes[] = $this->Attribute->editAttribute2($attribute, $saveResult, $user, 0, false, $force, $nothingToChange, $server);
|
||||
if (!$nothingToChange) {
|
||||
$changed = true;
|
||||
}
|
||||
}
|
||||
|
||||
$result = $this->Attribute->editAttributeBulk($attributes, $saveResult, $user);
|
||||
$result = $this->Attribute->editAttributePostProcessing($attributes, $saveResult, $user);
|
||||
}
|
||||
if (isset($data['Event']['Object'])) {
|
||||
$data['Event']['Object'] = array_values($data['Event']['Object']);
|
||||
|
|
Loading…
Reference in New Issue