First stab at the push filters influencing the pull of a remote instance

app/Controller/EventsController.php

@@ -73,27 +73,35 @@ class EventsController extends AppController {
 		// if not admin or own org, check private as well..
 		if (!$this->_isSiteAdmin()) {
 			$sgids = $this->Event->SharingGroup->fetchAllAuthorised($this->Auth->user());
-			$this->paginate = Set::merge($this->paginate,array(
-					'conditions' =>
-					array("OR" => array(
-						array(
-							'Event.org_id' => $this->Auth->user('org_id')
-						),
-						array(
-							'AND' => array(
-								'Event.distribution >' => 0,
-								'Event.distribution <' => 4,
-								Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
+			$conditions = array(
+				'AND' => array(
+					array(
+						"OR" => array(
+							array(
+								'Event.org_id' => $this->Auth->user('org_id')
 							),
-						),
-						array(
-							'AND' => array(
-								'Event.distribution' => 4,
-								'Event.sharing_group_id' => $sgids,
-								Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
-							),	
-						)
-			))));
+							array(
+								'AND' => array(
+										'Event.distribution >' => 0,
+										'Event.distribution <' => 4,
+										Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
+								),
+							),
+							array(
+								'AND' => array(
+										'Event.distribution' => 4,
+										'Event.sharing_group_id' => $sgids,
+										Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
+								),
+							)
+						)		
+					)
+				)
+			);
+			if ($this->userRole['perm_sync'] && $this->Auth->user('Server')['push_rules']) {
+				$conditions['AND'][] = $this->Event->filterRulesToConditions($this->Auth->user('Server')['push_rules']);
+			}
+			$this->paginate = Set::merge($this->paginate,array('conditions' => $conditions));
 		}
 	}
 	
@@ -554,7 +562,7 @@ class EventsController extends AppController {
 		}
 		$conditions = array();
 		if (!$this->_isSiteAdmin()) {
-			$eIds = $this->Event->fetchEventIds($this->Auth->user(), 0, 0, true);
+			$eIds = $this->Event->fetchEventIds($this->Auth->user(), false, false, false, true);
 			$conditions['AND'][] = array('Event.id' => $eIds);
 		}
 		$events = $this->Event->find('all', array(

app/Controller/ThreadsController.php

@@ -91,40 +91,20 @@ class ThreadsController extends AppController {
 		if (isset($this->passedArgs['post_id'])) $post_id = $this->passedArgs['post_id'];
 		if ($eventView) {
 			$id = $thread_id;
-			$this->loadModel('Event');
-			$result = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $id));
-			if (empty($result)) throw new MethodNotAllowedException('You are not authorised to see that.');
-			$result = $result[0];
 			// Show the discussion
-			
 			$this->Thread->Behaviors->unload('SysLogLogable.SysLogLogable');
 			$params = array('conditions' => array('event_id' => $id),
 					'recursive' => -1,
 					'fields' => array('id', 'event_id', 'distribution', 'title', 'sharing_group_id')
 			);
 			$thread = $this->Thread->find('first', $params);
-			if (empty($thread)) {
-				$newThread = array(
-						'date_created' => date('Y/m/d H:i:s'),
-						'date_modified' => date('Y/m/d H:i:s'),
-						'user_id' => $this->Auth->user('id'),
-						'event_id' => $id,
-						'title' => 'Discussion about Event #' . $result['Event']['id'] . ' (' . $result['Event']['info'] . ')',
-						'distribution' => $result['Event']['distribution'],
-						'sharing_group_id' => $result['Event']['sharing_group_id'],
-						'post_count' => 0,
-						'org_id' => $result['Event']['orgc_id']
-				);
-				$this->Thread->save($newThread);
-				$thread = ($this->Thread->read());
-			} else {
-				if ($thread['Thread']['distribution'] != $result['Event']['distribution']) {
-					$thread['Thread']['distribution'] = $result['Event']['distribution'];
-					$this->Thread->save($thread);
+			if (empty($thread)) new NotFoundException('Invalid thread.');
+			if (!$this->_isSiteAdmin()) {
+				if ($thread['Thread']['distribution'] == 0 && $thread['Thread']['org_id'] != $this->Auth->user('org_id')) {
+					throw new MethodNotAllowedException('Invalid Thread.');
 				}
-				if ($thread['Thread']['sharing_group_id'] != $result['Event']['sharing_group_id']) {
-					$thread['Thread']['sharing_group_id'] = $result['Event']['sharing_group_id'];
-					$this->Thread->save($thread);
+				if ($thread['Thread']['distribution'] == 4) {
+					if (!$this->Thread->SharingGroup->checkIfAuthorised($this->Auth->user(), $thread['Thread']['sharing_group_id'])) new NotFoundException('Invalid thread.');
 				}
 			}
 			$thread_id = $thread['Thread']['id'];
@@ -158,10 +138,10 @@ class ThreadsController extends AppController {
 			// If the user shouldn't be allowed to see the event send him away.
 			if (!$this->_isSiteAdmin()) {
 				if ($thread['Thread']['distribution'] == 0 && $thread['Thread']['org_id'] != $this->Auth->user('org_id')) {
-					throw new MethodNotAllowedException('You are not authorised to view this.');
+					throw new MethodNotAllowedException('Invalid Thread.');
 				}
 				if ($thread['Thread']['distribution'] == 4) {
-					if (!$this->Thread->SharingGroup->checkIfAuthorised($this->Auth->user(), $thread['Thread']['sharing_group_id'])) throw new MethodNotAllowedException('You are not authorised to view this');
+					if (!$this->Thread->SharingGroup->checkIfAuthorised($this->Auth->user(), $thread['Thread']['sharing_group_id'])) new NotFoundException('Invalid thread.');
 				}
 			}
 		}

app/Model/Event.php

@@ -699,7 +699,6 @@ class Event extends AppModel {
  * @return bool true if success, false or error message if failed
  */
 	public function restfullEventToServer($event, $server, $urlPath, &$newLocation, &$newTextBody, $HttpSocket = null) {
-		
 		if ($event['Event']['distribution'] == 4) {
 			if (!empty($event['SharingGroup']['SharingGroupServer'])) {
 				$found = false;
@@ -1069,6 +1068,10 @@ class Event extends AppModel {
 			$conditionsAttributes['AND'][] = array('Attribute.to_ids' => 1);
 		}
 		
+		if ($user['Server']['push_rules']) {
+			$conditions['AND'][] = $this->filterRulesToConditions($user['Server']['push_rules']);
+		}
+
 		// removing this for now, we export the to_ids == 0 attributes too, since there is a to_ids field indicating it in the .xml
 		// $conditionsAttributes['AND'] = array('Attribute.to_ids =' => 1);
 		// Same idea for the published. Just adjust the tools to check for this
@@ -1130,6 +1133,7 @@ class Event extends AppModel {
 			$params['contain']['User'] = array('fields' => 'email');
 		}
 		$results = $this->find('all', $params);
+		if (empty($results)) throw new NotFoundException(__('Invalid event'));
 		// Do some refactoring with the event
 		$sgsids = $this->SharingGroup->fetchAllAuthorised($user);
 		foreach ($results as $eventKey => &$event) {
@@ -2322,4 +2326,30 @@ class Event extends AppModel {
 		$event['objects'] = $eventArrayWithProposals;
 		return $params;
 	}
+	
+	// pass along a json from the server filter rules
+	// returns a conditions set to be merged into pagination / event fetch / etc
+	public function filterRulesToConditions($rules) {
+		$rules = json_decode($rules, true);
+		$operators = array('OR', 'NOT');
+		foreach ($operators as $op) {
+			if (!empty($rules['tags'][$op])) {
+				$event_ids = $this->EventTag->find('list', array(
+					'recursive' => -1,
+					'conditions' => array('EventTag.tag_id' => $rules['tags'][$op]),
+					'fields' => array('EventTag.event_id')	
+				));
+				$rules['events'][$op] = $event_ids;
+			}
+		}
+		$conditions = array();
+		$fields = array('events' => 'Event.id', 'orgs' => 'Event.orgc_id');
+		foreach ($fields as $k => $field) {
+			$temp = array();
+			if (!empty($rules[$k]['OR'])) $temp['OR'][$field] = $rules[$k]['OR'];
+			if (!empty($rules[$k]['NOT'])) $temp['AND'][$field . ' !='] = $rules[$k]['NOT'];
+			$conditions['AND'][] = $temp;
+		}
+		return $conditions;
+	}
 }

app/Model/Server.php

@@ -2258,6 +2258,7 @@ class Server extends AppModel {
 	// Loops through all servers and checks which servers' push rules don't conflict with the given event.
 	// returns the server objects that would allow the event to be pushed
 	public function eventFilterPushableServers($event, $servers) {
+		debug($event);
 		$eventTags = array();
 		$validServers = array();
 		foreach ($event['EventTag'] as $tag) $eventTags[] = $tag['tag_id'];

app/Model/User.php

@@ -200,7 +200,7 @@ class User extends AppModel {
 			'className' => 'Server',
 			'foreignKey' => 'server_id',
 			'conditions' => '',
-			'fields' => '',
+			'fields' => array('Server.id', 'Server.url', 'Server.push_rules'),
 			'order' => ''
 		)
 	);
@@ -437,12 +437,13 @@ class User extends AppModel {
 	
 	// get the current user and rearrange it to be in the same format as in the auth component
 	public function getAuthUser($id) {
-		$user = $this->find('first', array('conditions' => array('OR' => array('User.id' => $id, 'User.authkey' => $id)), 'recursive' => -1,'contain' => array('Organisation', 'Role')));
+		$user = $this->find('first', array('conditions' => array('OR' => array('User.id' => $id, 'User.authkey' => $id)), 'recursive' => -1,'contain' => array('Organisation', 'Role', 'Server')));
 		if (empty($user)) return $user;
 		// Rearrange it a bit to match the Auth object created during the login
 		$user['User']['Role'] = $user['Role'];
 		$user['User']['Organisation'] = $user['Organisation'];
-		unset($user['Organisation'], $user['Role']);
+		$user['User']['Server'] = $user['Server'];
+		unset($user['Organisation'], $user['Role'], $user['Server']);
 		return $user['User'];
 	}