Christophe Vandeplas
27c809e5f2
further cleanup
2013-02-14 17:01:49 +01:00
Christophe Vandeplas
fd1a985251
updated LICENSE from copyright to AGPL and first cleanup of files
2013-02-14 13:32:48 +01:00
Andras Iklody
f754eec840
Minor change to the validation
...
- Some types didn't have any validation info, defaulting in an incorrect
input - fixed
- re-enabled the sanitization of file names
2013-02-11 17:23:07 +01:00
Andras Iklody
e17228490b
Minor changes to the validation
2013-02-11 15:56:10 +01:00
Andras Iklody
afed0f2046
Changes to link validation and minor fixes
...
- Links get validated now to filter malicios code
- removed a double edit button in the case of an admin editing himself
- fixed an error with adding new attributes
2013-02-11 11:26:34 +01:00
Andras Iklody
e88a3a9cf7
Updates to security
...
- perm_auth new toggle, can disable auth key usage for a role
- prevents sync / rest with a perm_auth == false key
- some changes to sync to provide better feedback on why it failed
- rewording of distribution options
2013-02-06 17:45:43 +01:00
Andras Iklody
5706fe183f
Redirect for ServersController
...
Added redirect for index in case of non sync users
2013-02-06 08:34:41 +01:00
Andras Iklody
e976242878
Reworked aros_acos creation
...
- moved and fixed the aros_acos creation on the new role creation
- new method in appController that sets all the aros_acos from scratch
(for example for a new instance, or a changed acos / aros table)
- some minor changes, redirects to the terms page on invalid events
removed, etc.
2013-02-05 17:22:37 +01:00
Andras Iklody
6ef3ea7050
Missing file from the last commit
...
Missed a file from the package
2013-02-05 09:21:29 +01:00
Andras Iklody
7f6f166838
Fixes to access rights, some sanitization, etc
...
- Admins cannot manually change anyone's authkey, they need to generate a
new one via the reset link
- Some pages could be accessed by changing the url - fixed (though needs
further testing)
- Edited a change in the manual that may have been confusing
- Some changes to the way ACL is set up - still needs more work
2013-02-04 17:55:35 +01:00
Andras Iklody
879a5fb282
Temporary fix for file-uploads under windows
...
Added an alternate file-upload/download path creation for PHP_OS ==
'WINNT'
Also removed autofill for the login field
2013-01-31 10:25:03 +01:00
Andras Iklody
4d0fe60347
Corrected a typo preventing the sync from working
2013-01-30 14:02:36 +01:00
Andras Iklody
29295e1380
changes to the admin org access and sanitization
...
1. Some errors fixed in the way redirects worked for org admins
2. fixed some double sanitization resulting in incorrect characters
displayed in certain fields
2013-01-30 11:49:55 +01:00
Andras Iklody
6333055cfc
Added hover over event IDs in search attributes view
...
Hovering over the event IDs now shows the event info in the list generated
by the search attributes page
2013-01-29 13:33:07 +01:00
Andras Iklody
66b9969d29
Security for UsersController
...
org admins could edit users of other orgs by accessing the edit page
through the URL. Fixed.
2013-01-29 10:51:18 +01:00
Andras Iklody
97f56a2275
Further changes to org admins
...
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
2013-01-29 08:56:38 +01:00
Andras Iklody
cd78baeb14
Issue with uploading attachments fixed
...
Uploading an attachment would fail while trying to set the event to
unpublished. Fixed.
2013-01-28 15:51:54 +01:00
Andras Iklody
2d6d806cca
Small update to the regular import regexp view
...
An empty table cell caused a cosmetic misalignment of the cell border.
2013-01-28 15:11:48 +01:00
Noud de Brouwer
b7464db288
coding standards
...
Coding Standards.
2013-01-28 11:13:51 +00:00
Noud de Brouwer
9d9dd7b4af
coding standards
...
Coding Standards.
2013-01-28 11:05:23 +00:00
Andras Iklody
504599fbcc
Org admin privileges
...
Added restrictions for org admins and regular users to be able to see
regexp/whitelist/blacklist information without being able to edit them.
Org admins can also see the roles but not edit them.
2013-01-28 11:44:09 +01:00
Noud de Brouwer
729e1e2206
coding standards
...
Coding Standards.
2013-01-28 08:57:30 +00:00
Noud de Brouwer
ce430a2005
coding standards
...
Coding Standards.
2013-01-28 08:43:44 +00:00
Noud de Brouwer
4c83ad3cfe
coding standards
...
Coding Standards.
2013-01-28 08:42:20 +00:00
Noud de Brouwer
a6371f5ad8
coding standards
...
Coding Standards.
2013-01-28 08:32:01 +00:00
Andras
8d88bcb2b5
Fix for the synchronisation
...
An error in the pull fix broke the push/publish feature. Fixed.
2013-01-27 21:27:58 +01:00
Noud de Brouwer
78f0d7ce93
coding standards
...
Coding Standards.
2013-01-25 13:02:58 +00:00
Noud de Brouwer
940df96aa5
coding standards
...
Coding Standards.
2013-01-25 12:58:19 +00:00
Andras Iklody
6afc1e993f
Attribute distributions
...
Added feature to block distribution levels that would get overruled by the
event distribution. The distribution of the event will be the currently
selected distribution when creating an attribute.
2013-01-25 13:44:43 +01:00
Andras Iklody
b0448c4a92
Merge branch 'develop' of ssh://172.29.79.164/home/git/cydefsig into develop
2013-01-25 12:24:37 +01:00
Noud de Brouwer
3b07348849
distribution
...
attributes inherit distribution from event.
2013-01-25 11:25:18 +00:00
Andras Iklody
9739cd1e35
Fix for the org admin privileges
...
Editing / creating users and the organisation permissions for org admins
2013-01-25 12:22:55 +01:00
Andras Iklody
d4c5460d9e
Org admin can only see org logs
...
Added check for the above
2013-01-25 11:21:39 +01:00
Noud de Brouwer
d6adb11f52
RBAC
...
only create users within own organisation.
2013-01-25 07:52:32 +00:00
Noud de Brouwer
3d40095547
coding standards
...
Coding Standards.
2013-01-25 07:51:20 +00:00
Andras Iklody
24b10579ad
Pull fixed
...
Fixed the issues with pull, should work fine now
2013-01-24 17:32:57 +01:00
Noud de Brouwer
3917e93ae6
coding standards
...
Coding Standards.
2013-01-24 14:35:13 +00:00
Andras Iklody
ce4bf4bd1b
Fixed push/publish
...
Fixed a few issues that caused push/publish not to work
2013-01-24 15:10:59 +01:00
Noud de Brouwer
01c0dc0e71
RBAC
...
org admin and RBAC admin.
2013-01-24 10:35:59 +00:00
deresz
b1b47bc56f
Better fix to Sanitize::clean() problem
...
'escape' option was removed.
2013-01-24 10:38:51 +01:00
Noud de Brouwer
f8b9d85c62
Sanitize
...
Sanitize can not be used in PGP key.
2013-01-24 08:19:47 +00:00
Noud de Brouwer
48ad60eb61
GPG
...
start of check/correct.
2013-01-23 15:22:21 +00:00
Noud de Brouwer
e4a812f0ff
DB
...
in conversion create Blacklist table as well.
2013-01-23 14:44:41 +00:00
Noud de Brouwer
ef0f2201ac
PGP
...
clean key remark.
2013-01-23 13:41:34 +00:00
Noud de Brouwer
9da93c51a6
PGP
...
direction-like-out-commented try.
2013-01-23 12:31:55 +00:00
Noud de Brouwer
8bf8ef17ca
RBAC
...
so role is editable.
(i will not commit/push during after hours ;) )
2013-01-22 18:37:30 +00:00
Noud de Brouwer
732ac3609f
Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig into develop
2013-01-22 15:25:51 +00:00
Noud de Brouwer
7e5c34770e
RBAC
...
role editable on user page (by admin).
2013-01-22 15:25:08 +00:00
deresz
355e9a435e
Roles controller Jquery helper added
...
For some reason I needed it
2013-01-22 16:15:32 +01:00
Noud de Brouwer
125869c1d8
RBAC
...
roles/view/<id>.
2013-01-22 15:12:36 +00:00