MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Further progress

pull/762/head
iglocska 2015-03-21 14:27:53 +01:00
parent 29a6f10048
commit f7f200deb8
10 changed files with 309 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Controller/JobsController.php
View File

@ -65,7 +65,7 @@ class JobsController extends AppController {
}
public function getProgress($type) {
$org = $this->Auth->user('org');
$org = $this->Auth->user('Organisation')['name'];
if ($this->_isSiteAdmin()) $org = 'ADMIN';
$progress = $this->Job->find('first', array(
'conditions' => array(
@ -88,10 +88,10 @@ class JobsController extends AppController {
$target = 'All events.';
$jobOrg = 'ADMIN';
} else {
$target = 'Events visible to: '.$this->Auth->user('org');
$jobOrg = $this->Auth->user('org');
$target = 'Events visible to: '.$this->Auth->user('Organisation')['name'];
$jobOrg = $this->Auth->user('Organisation')['name'];
}
$id = $this->Job->cache($type, $this->_isSiteAdmin(), $this->Auth->user('org'), $target, $jobOrg, $this->Auth->user('nids_sid'));
$id = $this->Job->cache($type, $this->_isSiteAdmin(), $this->Auth->user('Organisation')['name'], $target, $jobOrg, $this->Auth->user('nids_sid'));
return new CakeResponse(array('body' => json_encode($id)));
}
}

36
app/Controller/OrganisationsController.php
View File

@ -97,4 +97,40 @@ class OrganisationsController extends AppController {
$this->set('uuid', String::uuid());
$this->set('_serialize', array('uuid'));
}
public function view($id) {
$this->Organisation->id = $id;
if (!$this->Organisation->exists()) throw new NotFoundException('Invalid organisation');
$fullAccess = false;
$fields = array('id', 'name', 'date_created', 'date_modified', 'type', 'nationality', 'sector', 'contacts', 'description');
if ($this->_isSiteAdmin() || $this->Auth->user('Organisation')['id'] == $id) {
$fullAccess = true;
$fields = array_merge($fields, array('created_by', 'uuid'));
}
$org = $this->Organisation->find('first', array(
'conditions' => array('id' => $id),
'fields' => $fields
));
$member_count = $this->Organisation->User->find('count', array('conditions' => array('organisation_id' => $id)));
if ($fullAccess) {
$creator = $this->Organisation->User->find('first', array('conditions' => array('User.id' => $org['Organisation']['created_by'])));
$this->set('creator', $creator);
}
$this->set('fullAccess', $fullAccess);
$this->set('org', $org);
$this->set('member_count', $member_count);
$this->set('id', $id);
}
public function landingpage($id) {
$this->Organisation->id = $id;
if (!$this->Organisation->exists()) throw new NotFoundException('Invalid organisation');
$org = $this->Organisation->find('first', array('conditions' => array('id' => $id), 'fields' => array('landingpage', 'name')));
$landingpage = $org['Organisation']['landingpage'];
if (empty($landingpage)) $landingpage = "No landing page has been created for this organisation.";
$this->set('landingPage', $landingpage);
$this->set('org', $org['Organisation']['name']);
$this->render('ajax/landingpage');
}
}

73
app/Controller/UsersController.php
View File

@ -63,7 +63,7 @@ class UsersController extends AppController {
$me = true;
}
$this->User->read(null, $id);
if (!$this->User->exists() && !$me && !$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('org') == $this->User->data['User']['org'])) {
if (!$this->User->exists() && !$me && !$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('organisation_id') == $this->User->data['User']['organisation_id'])) {
throw new NotFoundException(__('Invalid user or not authorised.'));
}
if ($this->request->is('post') || $this->request->is('put')) {
@ -82,7 +82,7 @@ class UsersController extends AppController {
} else {
$this->User->recursive = 0;
$this->User->read(null, $id);
if (!$this->User->exists() || (!$this->_isSiteAdmin() && $this->Auth->user('org') != $this->User->data['User']['org'])) {
if (!$this->User->exists() || (!$this->_isSiteAdmin() && $this->Auth->user('organisation_id') != $this->User->data['User']['organisation_id'])) {
throw new NotFoundException(__('Invalid user or not authorised.'));
}
$this->User->set('password', '');
@ -202,13 +202,45 @@ class UsersController extends AppController {
$this->set('users', $this->paginate());
} else {
if (!($this->_isAdmin())) throw new NotFoundException(__('Invalid user or not authorised.'));
$conditions['User.org LIKE'] = $this->Auth->User('org');
$conditions['User.organisation_id'] = $this->Auth->User('organisation_id');
$this->paginate = array(
'conditions' => array($conditions),
);
$this->set('users', $this->paginate());
}
}
public function index($id) {
$this->autoRender = false;
$this->layout = false;
$org = $this->User->Organisation->read(null, $id);
if (!$this->User->Organisation->exists() || !($this->_isSiteAdmin() || $this->Auth->user('organisation_id') == $id)) {
throw MethodNotAllowedException('Organisation not found or no authorisation to view it.');
}
$user_fields = array('id', 'email', 'gpgkey', 'nids_sid');
$conditions = array('organisation_id' => $id);
if ($this->_isSiteAdmin()) {
$user_fields = array_merge($user_fields, array('newsread', 'termsaccepted', 'change_pw', 'authkey'));
}
$this->paginate = array(
'conditions' => $conditions,
'recursive' => -1,
'fields' => $user_fields,
'contain' => array(
'Role' => array(
'fields' => array('id', 'name'),
),
),
);
// add roles to the list even though it is not used for the query itself, we can reuse the user_fields array in the view to build the table
$user_fields = array_merge(array_slice($user_fields, 0, 2), array('role'), array_slice($user_fields, 2));
$this->set('user_fields', $user_fields);
$this->set('users', $this->paginate());
$this->set('org', $org['Organisation']['name']);
$this->render('ajax/index');
//return new CakeResponse(array('body'=> json_encode(array('users' => $users, 'status' => 200))));
}
public function admin_filterUserIndex() {
if (!$this->_isAdmin() && !$this->_isSiteAdmin()) throw new MethodNotAllowedException();
@ -303,7 +335,7 @@ class UsersController extends AppController {
throw new NotFoundException(__('Invalid user'));
}
$this->set('user', $this->User->read(null, $id));
if (!$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('org') == $this->User->data['User']['org'])) throw new MethodNotAllowedException();
if (!$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('organisation_id') == $this->User->data['User']['organisation_id'])) throw new MethodNotAllowedException();
$temp = $this->User->field('invited_by');
$this->set('id', $id);
$this->set('user2', $this->User->read(null, $temp));
@ -316,7 +348,7 @@ class UsersController extends AppController {
*/
public function admin_add() {
if (!$this->_isAdmin()) throw new Exception('Administrators only.');
$this->set('currentOrg', $this->Auth->User('org'));
$this->set('currentOrg', $this->Auth->User('organisation_id'));
$this->set('isSiteAdmin', $this->_isSiteAdmin());
$params = null;
if (!$this->_isSiteAdmin()) {
@ -330,7 +362,7 @@ class UsersController extends AppController {
$this->request->data['User']['change_pw'] = 1;
$this->request->data['User']['newsread'] = '2000-01-01';
if (!$this->_isSiteAdmin()) {
$this->request->data['User']['org'] = $this->Auth->User('org');
$this->request->data['User']['organisation_id'] = $this->Auth->User('organisation_id');
$this->loadModel('Role');
$this->Role->recursive = -1;
$chosenRole = $this->Role->findById($this->request->data['User']['role_id']);
@ -348,6 +380,15 @@ class UsersController extends AppController {
}
} else {
// generate auth key for a new user
$temp = $this->User->Organisation->find('all', array(
'fields' => array('name', 'id'),
'recursive' => -1,
));
$orgs = array();
foreach ($temp as $org) {
$orgs[$org['Organisation']['id']] = $org['Organisation']['name'];
}
$this->set('orgs', $orgs);
$this->newkey = $this->User->generateAuthKey();
$this->set('authkey', $this->newkey);
}
@ -363,12 +404,13 @@ class UsersController extends AppController {
*/
public function admin_edit($id = null) {
//debug($fields);debug(tru);
$this->set('currentOrg', $this->Auth->User('org'));
$this->set('currentOrg', $this->Auth->User('organisation_id'));
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
$params = null;
$paramsOrgs = null;
if (!$this->_isSiteAdmin()) {
// Org admins should be able to select the role that is already assigned to an org user when editing them.
// What happened previously:
@ -391,8 +433,15 @@ class UsersController extends AppController {
'id' => $allowedRole,
)
));
$paramsOrgs = array('conditions' => array(
'id' => $this->Auth->user('organisation_id'),
'fields' => array('Organisation.id', 'Organisation.name'),
));
}
$roles = $this->User->Role->find('list', $params);
$organisations = $this->User->Organisation->find('list', $paramsOrgs);
debug($organisations);
$this->set('currentId', $id);
if ($this->request->is('post') || $this->request->is('put')) {
$fields = array();
@ -459,7 +508,7 @@ class UsersController extends AppController {
} else {
$this->User->recursive = 0;
$this->User->read(null, $id);
if (!$this->_isSiteAdmin() && $this->Auth->User('org') != $this->User->data['User']['org']) $this->redirect(array('controller' => 'users', 'action' => 'index', 'admin' => true));
if (!$this->_isSiteAdmin() && $this->Auth->user('organisation_id') != $this->User->data['User']['organisation_id']) $this->redirect(array('controller' => 'users', 'action' => 'index', 'admin' => true));
$this->User->set('password', '');
$this->request->data = $this->User->data; // TODO CHECK
@ -590,7 +639,7 @@ class UsersController extends AppController {
}
$this->User->read();
if ('me' == $id ) $id = $this->Auth->user('id');
else if (!$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('org') == $this->User->data['User']['org']) && ($this->Auth->user('id') != $id)) throw new MethodNotAllowedException();
else if (!$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('organisation_id') == $this->User->data('organisation_id')) && ($this->Auth->user('id') != $id)) throw new MethodNotAllowedException();
$newkey = $this->User->generateAuthKey();
$this->User->saveField('authkey', $newkey);
$this->Session->setFlash(__('New authkey generated.', true));
@ -757,7 +806,7 @@ class UsersController extends AppController {
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$this->Log->save(array(
'org' => $this->Auth->user('org'),
'org' => $this->Auth->user('Organisation')['name'],
'email' => $this->Auth->user('email'),
'action' => $action,
'title' => $description,
@ -919,7 +968,7 @@ class UsersController extends AppController {
$this->Log->create();
if ($result) {
$this->Log->save(array(
'org' => $this->Auth->user('org'),
'org' => $this->Auth->user('Organisation')['name'],
'model' => 'User',
'model_id' => $this->Auth->user('id'),
'email' => $this->Auth->user('email'),
@ -929,7 +978,7 @@ class UsersController extends AppController {
));
} else {
$this->Log->save(array(
'org' => $this->Auth->user('org'),
'org' => $this->Auth->user('Organisation')['name'],
'model' => 'User',
'model_id' => $this->Auth->user('id'),
'email' => $this->Auth->user('email'),

28
app/Model/User.php
View File

@ -62,24 +62,14 @@ class User extends AppModel {
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'org' => array(
'organisation_id' => array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Please specify the organisation where you are working.',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
'message' => 'Please choose an organisation.',
),
),
'org_id' => array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Please specify the organisation ID where you are working.',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
'numeric' => array(
'rule' => array('notempty'),
'message' => 'The organisation ID has to be a numeric value.',
),
),
'email' => array(
@ -380,13 +370,13 @@ class User extends AppModel {
}
public function getOrgs() {
$this->recursive = -1;
$orgs = $this->find('all', array(
'fields' => array('DISTINCT (User.org) AS org'),
$orgs = $this->Organisation->find('all', array(
'recursive' => -1,
'fields' => array('name'),
));
$orgNames = array();
foreach ($orgs as $org) {
$orgNames[] = $org['User']['org'];
$orgNames[] = $org['Organisation']['name'];
}
return $orgNames;
}

6
app/View/Organisations/ajax/landingpage.ctp Normal file
View File

@ -0,0 +1,6 @@
<div>
<h3>Landing page for <?php echo $org;?></h3>
<div>
<?php echo h($landingPage);?>
</div>
</div>

64
app/View/Organisations/view.ctp Normal file
View File

@ -0,0 +1,64 @@
<div class="organisations view">
<h2><?php echo 'Organisation ' . $org['Organisation']['name'];?></h2>
<dl style="width:600px;">
<dt><?php echo 'Id'; ?></dt>
<dd>
<?php echo h($org['Organisation']['id']); ?>
&nbsp;
</dd>
<dt><?php echo 'Organisation name'; ?></dt>
<dd>
<?php echo h($org['Organisation']['name']); ?>
&nbsp;
</dd>
<dt><?php echo 'Description'; ?></dt>
<dd>
<?php echo h($org['Organisation']['description']); ?>
&nbsp;
</dd>
<?php if ($fullAccess): ?>
<dt><?php echo 'Uuid'; ?></dt>
<dd>
<?php echo h($org['Organisation']['uuid']); ?>
&nbsp;
</dd>
<?php endif;?>
<?php if ($isSiteAdmin): ?>
<dt><?php echo 'Created by'; ?></dt>
<dd>
<?php echo h($creator['User']['email']); ?>
&nbsp;
</dd>
<?php endif;?>
<?php
$optionalFields = array('sector' => 'Sector', 'nationality' => 'Nationality', 'type' => 'Organisation type', 'contacts' => 'Contact information');
foreach ($optionalFields as $k => $field):
if (!empty($org['Organisation'][$k])):
?>
<dt><?php echo $field; ?></dt>
<dd>
<?php echo h($org['Organisation'][$k]); ?>
&nbsp;
</dd>
<?php
endif;
endforeach;
?>
</dl>
<br />
<button id="button_description" class="btn btn-inverse toggle-left qet orgViewButton" onClick="organisationViewContent('description', '<?php echo $id;?>');">Description</button>
<button id="button_description_active" style="display:none;" class="btn btn-primary toggle-left qet orgViewButtonActive" onClick="organisationViewContent('description', '<?php echo $id;?>');">Description</button>
<button id="button_members" class="btn btn-inverse toggle qet orgViewButton" onClick="organisationViewContent('members', '<?php echo $id;?>');">Members</button>
<button id="button_members_active" style="display:none;" class="btn btn-primary toggle qet orgViewButtonActive" onClick="organisationViewContent('members', '<?php echo $id;?>');">Members</button>
<button id="button_events" class="btn btn-inverse toggle-right qet orgViewButton" onClick="organisationViewContent('events', '<?php echo $id;?>');">Events</button>
<button id="button_events_active" style="display:none;" class="btn btn-primary toggle-right qet orgViewButtonActive" onClick="organisationViewContent('events', '<?php echo $id;?>');">Events</button>
<br /><br />
<div id="ajaxContent" style="width:100%;"></div>
</div>
<script type="text/javascript">
$(document).ready(function () {
organisationViewContent('members', '<?php echo $id;?>');
});
</script>

6
app/View/Users/admin_add.ctp
View File

@ -7,7 +7,11 @@
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
if ($isSiteAdmin) {
echo $this->Form->input('org', array('label' => 'Organisation'));
echo $this->Form->input('organisation_id', array(
'options' => $orgs,
'label' => 'Organisation',
'empty' => 'Choose organisation',
));
}
echo $this->Form->input('role_id', array('label' => 'Role', 'div' => 'input clear'));
echo $this->Form->input('authkey', array('value' => $authkey, 'readonly' => 'readonly'));

2
app/View/Users/admin_index.ctp
View File

@ -58,7 +58,7 @@ foreach ($users as $user): ?>
<td class="short" ondblclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo h($user['User']['id']); ?>&nbsp;</td>
<td class="short" ondblclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo h($user['User']['org']); ?>&nbsp;</td>
<a href="/organisations/view/<?php echo $user['Organisation']['id'];?>"><?php echo h($user['Organisation']['name']); ?>&nbsp;</a></td>
<td class="short" ondblclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">
<?php echo $this->Html->link($user['Role']['name'], array('controller' => 'roles', 'action' => 'view', $user['Role']['id'])); ?></td>
<td ondblclick="document.location ='<?php echo $this->Html->url(array('admin' => true, 'action' => 'view', $user['User']['id']), true);?>';">

89
app/View/Users/ajax/index.ctp Normal file
View File

@ -0,0 +1,89 @@
<div>
<h3>Members of <?php echo $org;?></h3>
<div class="pagination">
<ul>
<?php
$this->Paginator->options(array(
'update' => '.span12',
'evalScripts' => true,
'before' => '$(".progress").show()',
'complete' => '$(".progress").hide()',
));
echo $this->Paginator->prev('&laquo; ' . __('previous'), array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'prev disabled', 'escape' => false, 'disabledTag' => 'span'));
echo $this->Paginator->numbers(array('modulus' => 20, 'separator' => '', 'tag' => 'li', 'currentClass' => 'active', 'currentTag' => 'span'));
echo $this->Paginator->next(__('next') . ' &raquo;', array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'next disabled', 'escape' => false, 'disabledTag' => 'span'));
?>
</ul>
</div>
<table class="table table-striped table-hover table-condensed">
<tr>
<th><?php echo $this->Paginator->sort('id');?></th>
<th><?php echo $this->Paginator->sort('email');?></th>
<th>Role</th>
<th>GPGKey set</th>
<th><?php echo $this->Paginator->sort('nids_sid');?></th>
<?php
if ($isSiteAdmin):
?>
<th>News read</th>
<th>Terms accepted</th>
<th>Change password</th>
<th>API key</th>
<?php
endif;
?>
</tr>
<?php
$boolean_field = array('termsaccepted', 'change_pw');
foreach ($users as $user):
?>
<tr>
<?php
foreach ($user_fields as $field):
?>
<td class="short" ondblclick="document.location ='/admin/users/view/$user['User']['id']'">
<?php
// here I am
switch ($field) {
case 'gpgkey':
if (!empty($user['User'][$field])) echo 'Yes';
else echo 'No';
break;
case 'termsaccepted':
case 'change_pw':
if ($user['User'][$field]) echo 'Yes';
else echo 'No';
break;
case 'role':
echo h($user['Role']['name']);
break;
default:
echo h($user['User'][$field]);
}
?>&nbsp;
</td>
<?php
endforeach;
?>
</tr>
<?php
endforeach; ?>
</table>
<p>
<?php
echo $this->Paginator->counter(array(
'format' => __('Page {:page} of {:pages}, showing {:current} records out of {:count} total, starting on record {:start}, ending on {:end}')
));
?>
</p>
<div class="pagination">
<ul>
<?php
echo $this->Paginator->prev('&laquo; ' . __('previous'), array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'prev disabled', 'escape' => false, 'disabledTag' => 'span'));
echo $this->Paginator->numbers(array('modulus' => 20, 'separator' => '', 'tag' => 'li', 'currentClass' => 'active', 'currentTag' => 'span'));
echo $this->Paginator->next(__('next') . ' &raquo;', array('tag' => 'li', 'escape' => false), null, array('tag' => 'li', 'class' => 'next disabled', 'escape' => false, 'disabledTag' => 'span'));
?>
</ul>
</div>
</div>

34
app/webroot/js/ajaxification.js
View File

@ -1404,3 +1404,37 @@ function freetextImportResultsSubmit(id, count) {
},
});
}
function organisationViewContent(context, id) {
organisationViewButtonHighlight(context);
var action = "/organisations/landingpage/";
if (context == 'members') {
action = "/users/index/";
}
if (context == 'events') {
action = "/events/index/";
}
$.ajax({
url: action + id,
type:'GET',
beforeSend: function (XMLHttpRequest) {
$(".loading").show();
},
error: function(){
$('#ajaxContent').html('An error has occured, please reload the page.');
},
success: function(response){
$('#ajaxContent').html(response);
},
complete: function() {
$(".loading").hide();
},
});
}
function organisationViewButtonHighlight(context) {
$(".orgViewButtonActive").hide();
$(".orgViewButton").show();
$("#button_" + context).hide();
$("#button_" + context + "_active").show();
}