MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Minor changes 

- some changes to the access control

- re-renabled regexp and blacklists, will need a closer look though

- editing a role should update ACL

- some other minor things
pull/63/head
Andras Iklody 2013-02-21 17:24:41 +01:00
parent fcd91b1654
commit fad8e809ad
5 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Controller/AppController.php
View File

@ -126,6 +126,7 @@ class AppController extends Controller {
// These variables are required for every view
$this->set('me', Sanitize::clean($this->Auth->user()));
$this->set('isAdmin', $this->_isAdmin());
$this->set('isSiteAdmin', $this->_isSiteAdmin());
// TODO ACL: 5: from Controller to Views
$this->set('isAclAdd', $this->checkAcl('add'));
@ -396,7 +397,7 @@ class AppController extends Controller {
public function generateACL($inc) {
if (!self::_isAdmin()) throw new NotFoundException();
if($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
if ($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
switch ($inc['Role']['permission']) {
case '0':
$permAdd = false;

3
app/Controller/RolesController.php
View File

@ -65,7 +65,6 @@ class RolesController extends AppController {
$this->Session->setFlash(__(sprintf('The Role has been saved.')));
$this->set('options', $this->options);
$passAlong = $this->Role->read(null, $this->Role->getInsertID());
debug($passAlong);
$this->generateACL($passAlong);
$this->redirect(array('action' => 'index'));
} else {
@ -99,6 +98,8 @@ class RolesController extends AppController {
public function admin_edit($id = null) {
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
$this->AdminCrud->adminEdit($id);
$passAlong = $this->Role->read(null, $id);
$this->generateACL($passAlong);
$this->set('options', $this->options);
}

8
app/Controller/ServersController.php
View File

@ -79,7 +79,7 @@ class ServersController extends AppController {
* @return void
*/
public function add() {
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->request->is('post')) {
// force check userid and orgname to be from yourself
$this->request->data['Server']['org'] = $this->Auth->user('org');
@ -102,7 +102,7 @@ class ServersController extends AppController {
* @throws NotFoundException
*/
public function edit($id = null) {
if($this->Auth->user('org') != 'ADMIN' && $this->Server->id != $this->Auth->user('org')) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));
@ -155,7 +155,7 @@ class ServersController extends AppController {
public function pull($id = null, $full=false) {
// TODO should we de-activate data validation for type and category / and or mapping? Maybe other instances have other configurations that are incompatible.
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}
@ -310,7 +310,7 @@ class ServersController extends AppController {
}
public function push($id = null, $full=false) {
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}

4
app/Model/Attribute.php
View File

@ -21,8 +21,8 @@ class Attribute extends AppModel {
'userKey' => 'user_id',
'change' => 'full'),
'Trim',
//'Regexp' => array('fields' => array('value', 'value2')),
//'Blacklist' => array('fields' => array('value'))
'Regexp' => array('fields' => array('value', 'value2')),
'Blacklist' => array('fields' => array('value'))
);
/**

10
app/View/Elements/actions_menu.ctp
View File

@ -25,7 +25,7 @@ endif;?>
<?php
//Site admin
if($isAdmin && $isAclAdmin && $me['org'] == 'ADMIN'): ?>
if($isSiteAdmin): ?>
<li>&nbsp;</li>
<h3><?php echo __('Input Filters'); ?></h3>
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index', 'admin' => true)); ?> </li>
@ -43,7 +43,7 @@ endif;?>
<?php
//org admin
if($isAdmin && $isAclAdmin && $me['org'] != 'ADMIN'): ?>
if($isAdmin && !$isSiteAdmin): ?>
<li>&nbsp;</li>
<h3><?php echo __('Input Filters'); ?></h3>
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?> </li>
@ -60,7 +60,7 @@ endif;?>
<?php
//normal user
if(!$isAdmin && !$isAclAdmin): ?>
if(!$isSiteAdmin && !$isAclAdmin): ?>
<li>&nbsp;</li>
<h3><?php echo __('Input Filters'); ?></h3>
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?> </li>
@ -70,9 +70,9 @@ if(!$isAdmin && !$isAclAdmin): ?>
endif;?>
<?php
if($isAdmin || $isAclAudit): ?>
if($isAclAudit): ?>
<h3><?php echo __('Audit'); ?></h3>
<li><?php echo $this->Html->link(__('List Logs', true), array('controller' => 'logs', 'action' => 'index', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link(__('Search Logs', true), array('controller' => 'logs', 'action' => 'admin_search', 'admin' => true)); ?> </li>
<?php
endif;?>
endif;