mirror of https://github.com/MISP/MISP
First stab at the push filters influencing the pull of a remote instance
parent
e66c38d6f9
commit
fa7fa322cb
|
@ -73,27 +73,35 @@ class EventsController extends AppController {
|
|||
// if not admin or own org, check private as well..
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$sgids = $this->Event->SharingGroup->fetchAllAuthorised($this->Auth->user());
|
||||
$this->paginate = Set::merge($this->paginate,array(
|
||||
'conditions' =>
|
||||
array("OR" => array(
|
||||
array(
|
||||
'Event.org_id' => $this->Auth->user('org_id')
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Event.distribution >' => 0,
|
||||
'Event.distribution <' => 4,
|
||||
Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
|
||||
$conditions = array(
|
||||
'AND' => array(
|
||||
array(
|
||||
"OR" => array(
|
||||
array(
|
||||
'Event.org_id' => $this->Auth->user('org_id')
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Event.distribution' => 4,
|
||||
'Event.sharing_group_id' => $sgids,
|
||||
Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
|
||||
),
|
||||
)
|
||||
))));
|
||||
array(
|
||||
'AND' => array(
|
||||
'Event.distribution >' => 0,
|
||||
'Event.distribution <' => 4,
|
||||
Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Event.distribution' => 4,
|
||||
'Event.sharing_group_id' => $sgids,
|
||||
Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
|
||||
),
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
if ($this->userRole['perm_sync'] && $this->Auth->user('Server')['push_rules']) {
|
||||
$conditions['AND'][] = $this->Event->filterRulesToConditions($this->Auth->user('Server')['push_rules']);
|
||||
}
|
||||
$this->paginate = Set::merge($this->paginate,array('conditions' => $conditions));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -554,7 +562,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
$conditions = array();
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$eIds = $this->Event->fetchEventIds($this->Auth->user(), 0, 0, true);
|
||||
$eIds = $this->Event->fetchEventIds($this->Auth->user(), false, false, false, true);
|
||||
$conditions['AND'][] = array('Event.id' => $eIds);
|
||||
}
|
||||
$events = $this->Event->find('all', array(
|
||||
|
|
|
@ -91,40 +91,20 @@ class ThreadsController extends AppController {
|
|||
if (isset($this->passedArgs['post_id'])) $post_id = $this->passedArgs['post_id'];
|
||||
if ($eventView) {
|
||||
$id = $thread_id;
|
||||
$this->loadModel('Event');
|
||||
$result = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $id));
|
||||
if (empty($result)) throw new MethodNotAllowedException('You are not authorised to see that.');
|
||||
$result = $result[0];
|
||||
// Show the discussion
|
||||
|
||||
$this->Thread->Behaviors->unload('SysLogLogable.SysLogLogable');
|
||||
$params = array('conditions' => array('event_id' => $id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'event_id', 'distribution', 'title', 'sharing_group_id')
|
||||
);
|
||||
$thread = $this->Thread->find('first', $params);
|
||||
if (empty($thread)) {
|
||||
$newThread = array(
|
||||
'date_created' => date('Y/m/d H:i:s'),
|
||||
'date_modified' => date('Y/m/d H:i:s'),
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'event_id' => $id,
|
||||
'title' => 'Discussion about Event #' . $result['Event']['id'] . ' (' . $result['Event']['info'] . ')',
|
||||
'distribution' => $result['Event']['distribution'],
|
||||
'sharing_group_id' => $result['Event']['sharing_group_id'],
|
||||
'post_count' => 0,
|
||||
'org_id' => $result['Event']['orgc_id']
|
||||
);
|
||||
$this->Thread->save($newThread);
|
||||
$thread = ($this->Thread->read());
|
||||
} else {
|
||||
if ($thread['Thread']['distribution'] != $result['Event']['distribution']) {
|
||||
$thread['Thread']['distribution'] = $result['Event']['distribution'];
|
||||
$this->Thread->save($thread);
|
||||
if (empty($thread)) new NotFoundException('Invalid thread.');
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($thread['Thread']['distribution'] == 0 && $thread['Thread']['org_id'] != $this->Auth->user('org_id')) {
|
||||
throw new MethodNotAllowedException('Invalid Thread.');
|
||||
}
|
||||
if ($thread['Thread']['sharing_group_id'] != $result['Event']['sharing_group_id']) {
|
||||
$thread['Thread']['sharing_group_id'] = $result['Event']['sharing_group_id'];
|
||||
$this->Thread->save($thread);
|
||||
if ($thread['Thread']['distribution'] == 4) {
|
||||
if (!$this->Thread->SharingGroup->checkIfAuthorised($this->Auth->user(), $thread['Thread']['sharing_group_id'])) new NotFoundException('Invalid thread.');
|
||||
}
|
||||
}
|
||||
$thread_id = $thread['Thread']['id'];
|
||||
|
@ -158,10 +138,10 @@ class ThreadsController extends AppController {
|
|||
// If the user shouldn't be allowed to see the event send him away.
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($thread['Thread']['distribution'] == 0 && $thread['Thread']['org_id'] != $this->Auth->user('org_id')) {
|
||||
throw new MethodNotAllowedException('You are not authorised to view this.');
|
||||
throw new MethodNotAllowedException('Invalid Thread.');
|
||||
}
|
||||
if ($thread['Thread']['distribution'] == 4) {
|
||||
if (!$this->Thread->SharingGroup->checkIfAuthorised($this->Auth->user(), $thread['Thread']['sharing_group_id'])) throw new MethodNotAllowedException('You are not authorised to view this');
|
||||
if (!$this->Thread->SharingGroup->checkIfAuthorised($this->Auth->user(), $thread['Thread']['sharing_group_id'])) new NotFoundException('Invalid thread.');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -699,7 +699,6 @@ class Event extends AppModel {
|
|||
* @return bool true if success, false or error message if failed
|
||||
*/
|
||||
public function restfullEventToServer($event, $server, $urlPath, &$newLocation, &$newTextBody, $HttpSocket = null) {
|
||||
|
||||
if ($event['Event']['distribution'] == 4) {
|
||||
if (!empty($event['SharingGroup']['SharingGroupServer'])) {
|
||||
$found = false;
|
||||
|
@ -1069,6 +1068,10 @@ class Event extends AppModel {
|
|||
$conditionsAttributes['AND'][] = array('Attribute.to_ids' => 1);
|
||||
}
|
||||
|
||||
if ($user['Server']['push_rules']) {
|
||||
$conditions['AND'][] = $this->filterRulesToConditions($user['Server']['push_rules']);
|
||||
}
|
||||
|
||||
// removing this for now, we export the to_ids == 0 attributes too, since there is a to_ids field indicating it in the .xml
|
||||
// $conditionsAttributes['AND'] = array('Attribute.to_ids =' => 1);
|
||||
// Same idea for the published. Just adjust the tools to check for this
|
||||
|
@ -1130,6 +1133,7 @@ class Event extends AppModel {
|
|||
$params['contain']['User'] = array('fields' => 'email');
|
||||
}
|
||||
$results = $this->find('all', $params);
|
||||
if (empty($results)) throw new NotFoundException(__('Invalid event'));
|
||||
// Do some refactoring with the event
|
||||
$sgsids = $this->SharingGroup->fetchAllAuthorised($user);
|
||||
foreach ($results as $eventKey => &$event) {
|
||||
|
@ -2322,4 +2326,30 @@ class Event extends AppModel {
|
|||
$event['objects'] = $eventArrayWithProposals;
|
||||
return $params;
|
||||
}
|
||||
|
||||
// pass along a json from the server filter rules
|
||||
// returns a conditions set to be merged into pagination / event fetch / etc
|
||||
public function filterRulesToConditions($rules) {
|
||||
$rules = json_decode($rules, true);
|
||||
$operators = array('OR', 'NOT');
|
||||
foreach ($operators as $op) {
|
||||
if (!empty($rules['tags'][$op])) {
|
||||
$event_ids = $this->EventTag->find('list', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('EventTag.tag_id' => $rules['tags'][$op]),
|
||||
'fields' => array('EventTag.event_id')
|
||||
));
|
||||
$rules['events'][$op] = $event_ids;
|
||||
}
|
||||
}
|
||||
$conditions = array();
|
||||
$fields = array('events' => 'Event.id', 'orgs' => 'Event.orgc_id');
|
||||
foreach ($fields as $k => $field) {
|
||||
$temp = array();
|
||||
if (!empty($rules[$k]['OR'])) $temp['OR'][$field] = $rules[$k]['OR'];
|
||||
if (!empty($rules[$k]['NOT'])) $temp['AND'][$field . ' !='] = $rules[$k]['NOT'];
|
||||
$conditions['AND'][] = $temp;
|
||||
}
|
||||
return $conditions;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2258,6 +2258,7 @@ class Server extends AppModel {
|
|||
// Loops through all servers and checks which servers' push rules don't conflict with the given event.
|
||||
// returns the server objects that would allow the event to be pushed
|
||||
public function eventFilterPushableServers($event, $servers) {
|
||||
debug($event);
|
||||
$eventTags = array();
|
||||
$validServers = array();
|
||||
foreach ($event['EventTag'] as $tag) $eventTags[] = $tag['tag_id'];
|
||||
|
|
|
@ -200,7 +200,7 @@ class User extends AppModel {
|
|||
'className' => 'Server',
|
||||
'foreignKey' => 'server_id',
|
||||
'conditions' => '',
|
||||
'fields' => '',
|
||||
'fields' => array('Server.id', 'Server.url', 'Server.push_rules'),
|
||||
'order' => ''
|
||||
)
|
||||
);
|
||||
|
@ -437,12 +437,13 @@ class User extends AppModel {
|
|||
|
||||
// get the current user and rearrange it to be in the same format as in the auth component
|
||||
public function getAuthUser($id) {
|
||||
$user = $this->find('first', array('conditions' => array('OR' => array('User.id' => $id, 'User.authkey' => $id)), 'recursive' => -1,'contain' => array('Organisation', 'Role')));
|
||||
$user = $this->find('first', array('conditions' => array('OR' => array('User.id' => $id, 'User.authkey' => $id)), 'recursive' => -1,'contain' => array('Organisation', 'Role', 'Server')));
|
||||
if (empty($user)) return $user;
|
||||
// Rearrange it a bit to match the Auth object created during the login
|
||||
$user['User']['Role'] = $user['Role'];
|
||||
$user['User']['Organisation'] = $user['Organisation'];
|
||||
unset($user['Organisation'], $user['Role']);
|
||||
$user['User']['Server'] = $user['Server'];
|
||||
unset($user['Organisation'], $user['Role'], $user['Server']);
|
||||
return $user['User'];
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue