cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' into main

pull/92/head v1.4
iglocska 2022-01-27 22:12:57 +01:00
parent 1086e41086 788feab011
commit 4563a397bb
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
72 changed files with 1109 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Controller/AppController.php
View File

@ -110,6 +110,7 @@ class AppController extends Controller
}
unset($user['password']);
$this->ACL->setUser($user);
$this->Navigation->genBreadcrumbs($user);
$this->request->getSession()->write('authUser', $user);
$this->isAdmin = $user['role']['perm_admin'];
if (!$this->ParamHandler->isRest()) {

37
src/Controller/Component/ACLComponent.php
View File

@ -188,12 +188,12 @@ class ACLComponent extends Component
'add' => ['*'],
'edit' => ['*'],
'delete' => ['*'],
'getSettingByName' => ['*'],
'setSetting' => ['*'],
'getMySettingByName' => ['*'],
'setMySetting' => ['*'],
'saveSetting' => ['*'],
'getBookmarks' => ['*'],
'saveBookmark' => ['*'],
'deleteBookmark' => ['*']
'getMyBookmarks' => ['*'],
'saveMyBookmark' => ['*'],
'deleteMyBookmark' => ['*']
],
'Api' => [
'index' => ['*']
@ -277,9 +277,32 @@ class ACLComponent extends Component
$this->user = $user;
}
public function getUser(): User
public function getUser(): ?User
{
return $this->user;
if (!empty($this->user)) {
return $this->user;
}
return null;
}
public function canEditUser(User $currentUser, User $user): bool
{
if (empty($user) || empty($currentUser)) {
return false;
}
if (!$currentUser['role']['perm_admin']) {
if ($user['role']['perm_admin']) {
return false; // org_admins cannot edit admins
}
if (!$currentUser['role']['perm_org_admin']) {
return false;
} else {
if ($currentUser['organisation_id'] !== $user['organisation_id']) {
return false;
}
}
}
return true;
}
/*

6
src/Controller/Component/CRUDComponent.php
View File

@ -307,6 +307,9 @@ class CRUDComponent extends Component
'associated' => []
];
$input = $this->__massageInput($params);
if (!empty($params['fields'])) {
$patchEntityParams['fields'] = $params['fields'];
}
$data = $this->Table->patchEntity($data, $input, $patchEntityParams);
if (isset($params['beforeSave'])) {
$data = $params['beforeSave']($data);
@ -964,6 +967,9 @@ class CRUDComponent extends Component
}
$data = $this->Table->get($id, $params);
if (isset($params['afterFind'])) {
$data = $params['afterFind']($data, $params);
}
if ($this->request->is(['post', 'put'])) {
if (isset($params['force_state'])) {
$data->{$fieldName} = $params['force_state'];

5
src/Controller/Component/Navigation/Users.php
View File

@ -1,7 +1,7 @@
<?php
namespace BreadcrumbNavigation;
require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 'base.php');
require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 'base.php');
class UsersNavigation extends BaseNavigation
{
@ -24,7 +24,8 @@ class UsersNavigation extends BaseNavigation
$bcf = $this->bcf;
$request = $this->request;
$passedData = $this->request->getParam('pass');
$this->bcf->addLink('Users', 'view', 'UserSettings', 'index', function ($config) use ($bcf, $request, $passedData) {
$currentUser = $this->currentUser;
$this->bcf->addLink('Users', 'view', 'UserSettings', 'index', function ($config) use ($bcf, $request, $passedData, $currentUser) {
if (!empty($passedData[0])) {
$user_id = $passedData[0];
$linkData = [

8
src/Controller/Component/Navigation/base.php
View File

@ -5,6 +5,7 @@ class BaseNavigation
{
protected $bcf;
protected $request;
public $currentUser;
public function __construct($bcf, $request)
{
@ -12,8 +13,13 @@ class BaseNavigation
$this->request = $request;
}
public function setCurrentUser($currentUser)
{
$this->currentUser = $currentUser;
}
public function addRoutes() {}
public function addParents() {}
public function addLinks() {}
public function addActions() {}
}
}

16
src/Controller/Component/NavigationComponent.php
View File

@ -17,8 +17,9 @@ require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 's
class NavigationComponent extends Component
{
private $user = null;
private $currentUser = null;
public $breadcrumb = null;
public $fullBreadcrumb = null;
public $iconToTableMapping = [
'Individuals' => 'address-book',
'Organisations' => 'building',
@ -42,10 +43,10 @@ class NavigationComponent extends Component
$this->request = $config['request'];
}
public function beforeFilter($event)
public function genBreadcrumbs(\App\Model\Entity\User $user)
{
$this->fullBreadcrumb = $this->genBreadcrumb();
$this->breadcrumb = $this->getBreadcrumb();
$this->currentUser = $user;
$this->breadcrumb = $this->fullBreadcrumb = $this->genBreadcrumb();
}
public function getSideMenu(): array
@ -56,7 +57,7 @@ class NavigationComponent extends Component
return $sidemenu;
}
public function addUserBookmarks($sidemenu): array
{
$bookmarks = $this->getUserBookmarks();
@ -81,7 +82,7 @@ class NavigationComponent extends Component
}, $bookmarks);
return $links;
}
public function getBreadcrumb(): array
{
$controller = $this->request->getParam('controller');
@ -141,6 +142,7 @@ class NavigationComponent extends Component
require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . $navigationFile);
$reflection = new \ReflectionClass("BreadcrumbNavigation\\{$navigationClassname}Navigation");
$navigationClasses[$navigationClassname] = $reflection->newInstance($bcf, $request);
$navigationClasses[$navigationClassname]->setCurrentUser($this->currentUser);
}
return $navigationClasses;
}
@ -284,7 +286,7 @@ class BreadcrumbFactory
$this->addLink($controller, 'view', $controller, 'edit');
$this->addLink($controller, 'edit', $controller, 'view');
$this->addSelfLink($controller, 'edit');
$this->addAction($controller, 'view', $controller, 'add');
$this->addAction($controller, 'view', $controller, 'delete');
$this->addAction($controller, 'edit', $controller, 'add');

2
src/Controller/Component/ParamHandlerComponent.php
View File

@ -48,7 +48,7 @@ class ParamHandlerComponent extends Component
return $this->isRest;
}
if ($this->request->is('json')) {
if (!empty((string)$this->request->getBody()) && empty($this->request->getParsedBody())) {
if (!empty((string)$this->request->getBody()) && !is_array($this->request->getParsedBody())) {
throw new MethodNotAllowedException('Invalid JSON input. Make sure that the JSON input is a correctly formatted JSON string. This request has been blocked to avoid an unfiltered request.');
}
$this->isRest = true;

20
src/Controller/RolesController.php
View File

@ -31,7 +31,15 @@ class RolesController extends AppController
public function add()
{
$this->CRUD->add();
$rolesModel = $this->Roles;
$this->CRUD->add([
'afterSave' => function ($data) use ($rolesModel) {
if ($data['is_default']) {
$rolesModel->query()->update()->set(['is_default' => false])->where(['id !=' => $data->id])->execute();
}
return true;
}
]);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {
return $responsePayload;
@ -51,7 +59,15 @@ class RolesController extends AppController
public function edit($id)
{
$this->CRUD->edit($id);
$rolesModel = $this->Roles;
$this->CRUD->edit($id, [
'afterSave' => function ($data) use ($rolesModel) {
if ($data['is_default']) {
$rolesModel->query()->update()->set(['is_default' => false])->where(['id !=' => $data->id])->execute();
}
return true;
}
]);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {
return $responsePayload;

1
src/Controller/SharingGroupsController.php
View File

@ -71,6 +71,7 @@ class SharingGroupsController extends AppController
if (empty($currentUser['role']['perm_admin'])) {
$params['conditions'] = ['organisation_id' => $currentUser['organisation_id']];
}
$params['fields'] = ['name', 'releasability', 'description', 'active'];
$this->CRUD->edit($id, $params);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {

53
src/Controller/UserSettingsController.php
View File

@ -57,7 +57,7 @@ class UserSettingsController extends AppController
}
}
public function add($user_id = false)
public function add($user_id=null)
{
$currentUser = $this->ACL->getUser();
$this->CRUD->add([
@ -77,6 +77,8 @@ class UserSettingsController extends AppController
if (empty($currentUser['role']['perm_admin'])) {
$allUsers->where(['id' => $currentUser->id]);
$user_id = $currentUser->id;
} else if (!is_null($user_id)) {
$allUsers->where(['id' => $user_id]);
}
$dropdownData = [
'user' => $allUsers->all()->toArray(),
@ -124,7 +126,13 @@ class UserSettingsController extends AppController
}
}
public function getSettingByName($settingsName)
/**
* Get a setting by name for the currently logged-in user
*
* @param [type] $settingsName
* @return void
*/
public function getMySettingByName($settingsName)
{
$setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $settingsName);
if (is_null($setting)) {
@ -140,7 +148,7 @@ class UserSettingsController extends AppController
$this->render('view');
}
public function setSetting($settingsName = false)
public function setMySetting($settingsName = false)
{
if (!$this->request->is('get')) {
$setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $settingsName);
@ -160,22 +168,23 @@ class UserSettingsController extends AppController
$this->set('settingName', $settingsName);
}
public function saveSetting()
public function saveSetting($user_id = false)
{
$user = $this->getRequestedUserIfAllowed($user_id);
if ($this->request->is('post')) {
$data = $this->ParamHandler->harvestParams([
'name',
'value'
]);
$setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $data['name']);
$setting = $this->UserSettings->getSettingByName($user, $data['name']);
if (is_null($setting)) { // setting not found, create it
$result = $this->UserSettings->createSetting($this->ACL->getUser(), $data['name'], $data['value']);
$result = $this->UserSettings->createSetting($user, $data['name'], $data['value']);
} else {
$result = $this->UserSettings->editSetting($this->ACL->getUser(), $data['name'], $data['value']);
$result = $this->UserSettings->editSetting($user, $data['name'], $data['value']);
}
$success = !empty($result);
$message = $success ? __('Setting saved') : __('Could not save setting');
$this->CRUD->setResponseForController('setSetting', $success, $message, $result);
$this->CRUD->setResponseForController('saveSetting', $success, $message, $result);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {
return $responsePayload;
@ -183,7 +192,7 @@ class UserSettingsController extends AppController
}
}
public function getBookmarks($forSidebar = false)
public function getMyBookmarks($forSidebar = false)
{
$bookmarks = $this->UserSettings->getSettingByName($this->ACL->getUser(), $this->UserSettings->BOOKMARK_SETTING_NAME);
$bookmarks = json_decode($bookmarks['value'], true);
@ -193,7 +202,7 @@ class UserSettingsController extends AppController
$this->render('/element/UserSettings/saved-bookmarks');
}
public function saveBookmark()
public function saveMyBookmark()
{
if (!$this->request->is('get')) {
$result = $this->UserSettings->saveBookmark($this->ACL->getUser(), $this->request->getData());
@ -208,7 +217,7 @@ class UserSettingsController extends AppController
$this->set('user_id', $this->ACL->getUser()->id);
}
public function deleteBookmark()
public function deleteMyBookmark()
{
if (!$this->request->is('get')) {
$result = $this->UserSettings->deleteBookmark($this->ACL->getUser(), $this->request->getData());
@ -248,4 +257,26 @@ class UserSettingsController extends AppController
}
return $isAllowed;
}
/**
* Return the requested user if user permissions allow it. Otherwise, return the user currently logged-in
*
* @param bool|int $user_id
* @return void
*/
private function getRequestedUserIfAllowed($user_id = false)
{
$currentUser = $this->ACL->getUser();
if (is_bool($user_id)) {
return $currentUser;
}
if (!empty($currentUser['role']['perm_admin'])) {
$user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations']
]);
} else {
$user = $currentUser;
}
return $user;
}
}

51
src/Controller/UsersController.php
View File

@ -49,9 +49,13 @@ class UsersController extends AppController
} else {
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
}
$defaultRole = $this->Users->Roles->find()->select(['id'])->first()->toArray();
$this->CRUD->add([
'beforeSave' => function($data) use ($currentUser, $validRoles) {
'beforeSave' => function($data) use ($currentUser, $validRoles, $defaultRole) {
if (!isset($data['role_id']) && !empty($defaultRole)) {
$data['role_id'] = $defaultRole['id'];
}
if (!$currentUser['role']['perm_admin']) {
$data['organisation_id'] = $currentUser['organisation_id'];
if (!in_array($data['role_id'], array_keys($validRoles))) {
@ -89,12 +93,14 @@ class UsersController extends AppController
])
];
$this->set(compact('dropdownData'));
$this->set('defaultRole', $defaultRole['id'] ?? null);
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
}
public function view($id = false)
{
if (empty($id) || empty($this->ACL->getUser()['role']['perm_admin'])) {
$currentUser = $this->ACL->getUser();
if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
$id = $this->ACL->getUser()['id'];
}
$this->CRUD->view($id, [
@ -152,10 +158,11 @@ class UsersController extends AppController
$params['fields'][] = 'disabled';
if (!$currentUser['role']['perm_admin']) {
$params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) {
if (!$currentUser['role']['perm_admin'] && $currentUser['role']['perm_org_admin']) {
if (!in_array($data['role_id'], array_keys($validRoles))) {
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
}
if (!in_array($data['role_id'], array_keys($validRoles))) {
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
}
if ($data['organisation_id'] !== $currentUser['organisation_id']) {
throw new MethodNotAllowedException(__('You cannot edit the given user.'));
}
return $data;
};
@ -182,7 +189,19 @@ class UsersController extends AppController
public function toggle($id, $fieldName = 'disabled')
{
$this->CRUD->toggle($id, $fieldName);
$params = [
'contain' => 'Roles'
];
$currentUser = $this->ACL->getUser();
if (!$currentUser['role']['perm_admin']) {
$params['afterFind'] = function ($user, &$params) use ($currentUser) {
if (!$this->ACL->canEditUser($currentUser, $user)) {
throw new MethodNotAllowedException(__('You cannot edit the given user.'));
}
return $user;
};
}
$this->CRUD->toggle($id, $fieldName, $params);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {
return $responsePayload;
@ -191,6 +210,7 @@ class UsersController extends AppController
public function delete($id)
{
$currentUser = $this->ACL->getUser();
$validRoles = [];
if (!$currentUser['role']['perm_admin']) {
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
@ -265,10 +285,21 @@ class UsersController extends AppController
}
}
public function settings()
public function settings($user_id=false)
{
$this->set('user', $this->ACL->getUser());
$all = $this->Users->UserSettings->getSettingsFromProviderForUser($this->ACL->getUser()['id'], true);
$editingAnotherUser = false;
$currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_admin']) || $user_id == $currentUser->id) {
$user = $currentUser;
} else {
$user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations', 'Organisations', 'UserSettings']
]);
$editingAnotherUser = true;
}
$this->set('editingAnotherUser', $editingAnotherUser);
$this->set('user', $user);
$all = $this->Users->UserSettings->getSettingsFromProviderForUser($user->id, true);
$this->set('settingsProvider', $all['settingsProvider']);
$this->set('settings', $all['settings']);
$this->set('settingsFlattened', $all['settingsFlattened']);

2
src/Lib/default/local_tool_connectors/MispConnector.php
View File

@ -526,6 +526,7 @@ class MispConnector extends CommonConnectorTools
]
],
'actions' => [
/*
[
'open_modal' => '/localTools/action/' . h($params['connection']['id']) . '/editUser?id={{0}}',
'modal_params_data_path' => ['User.id'],
@ -538,6 +539,7 @@ class MispConnector extends CommonConnectorTools
'icon' => 'trash',
'reload_url' => '/localTools/action/' . h($params['connection']['id']) . '/serversAction'
]
*/
],
'title' => false,
'description' => false,

5
src/Model/Entity/Organisation.php
View File

@ -10,5 +10,10 @@ class Organisation extends AppModel
protected $_accessible = [
'*' => true,
'id' => false,
'created' => false
];
protected $_accessibleOnNew = [
'created' => true
];
}

5
src/Model/Table/AppTable.php
View File

@ -46,4 +46,9 @@ class AppTable extends Table
}
}
}
public function isValidUrl($value, array $context): bool
{
return filter_var($value, FILTER_VALIDATE_URL);
}
}

6
src/Model/Table/BroodsTable.php
View File

@ -33,7 +33,11 @@ class BroodsTable extends AppTable
->requirePresence(['name', 'url', 'organisation_id'], 'create')
->notEmptyString('name')
->notEmptyString('url')
->url('url', __('The provided value is not a valid URL'))
->add('url', 'isValidUrl', [
'rule' => 'isValidUrl',
'message' => __('The provided value is not a valid URL'),
'provider' => 'table'
])
->naturalNumber('organisation_id', false);
}

2
src/Model/Table/SettingProviders/BaseSettingsProvider.php
View File

@ -188,7 +188,7 @@ class BaseSettingsProvider
* @param array $setting
* @return mixed
*/
public function evaluateFunctionForSetting($fun, $setting)
public function evaluateFunctionForSetting($fun, &$setting)
{
$functionResult = true;
if (is_callable($fun)) { // Validate with anonymous function

6
src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
View File

@ -188,7 +188,11 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
'severity' => 'info',
'default' => '',
'description' => __('The baseurl of the keycloak authentication endpoint, such as https://foo.bar/baz/auth.'),
'dependsOn' => 'keycloak.enabled'
'dependsOn' => 'keycloak.enabled',
'beforeSave' => function (&$value, $setting, $validator) {
$value = rtrim($value, '/');
return true;
}
],
'keycloak.authoritative' => [
'name' => 'Authoritative',

4
src/Model/Table/SettingsTable.php
View File

@ -72,15 +72,15 @@ class SettingsTable extends AppTable
}
}
}
$setting['value'] = $value ?? '';
if (empty($errors) && !empty($setting['beforeSave'])) {
$setting['value'] = $value ?? '';
$beforeSaveResult = $this->SettingsProvider->evaluateFunctionForSetting($setting['beforeSave'], $setting);
if ($beforeSaveResult !== true) {
$errors[] = $beforeSaveResult;
}
}
if (empty($errors)) {
$saveResult = $this->saveSettingOnDisk($name, $value);
$saveResult = $this->saveSettingOnDisk($name, $setting['value']);
if ($saveResult) {
if (!empty($setting['afterSave'])) {
$this->SettingsProvider->evaluateFunctionForSetting($setting['afterSave'], $setting);

2
src/VERSION.json
View File

@ -1,4 +1,4 @@
{
"version": "1.3",
"version": "1.4",
"application": "Cerebrate"
}

6
templates/AuthKeys/index.php
View File

@ -10,7 +10,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
'data' => [
'type' => 'simple',
'text' => __('Add authentication key'),
'popover_url' => '/authKeys/add'
'popover_url' => '/authKeys/add',
'reload_url' => $this->request->getRequestTarget()
]
]
],
@ -65,7 +66,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
[
'open_modal' => '/authKeys/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id',
'icon' => 'trash'
'icon' => 'trash',
'reload_url' => $this->request->getRequestTarget()
]
]
]

3
templates/SharingGroups/add.php
View File

@ -11,7 +11,8 @@
'field' => 'organisation_id',
'type' => 'dropdown',
'label' => __('Owner organisation'),
'options' => $dropdownData['organisation']
'options' => $dropdownData['organisation'],
'default' => $loggedUser['organisation_id']
],
array(
'field' => 'releasability',

3
templates/UserSettings/add.php
View File

@ -9,8 +9,7 @@
'type' => 'dropdown',
'label' => __('User'),
'options' => $dropdownData['user'],
'value' => !empty($user_id) ? $user_id : '',
'disabled' => !empty($user_id),
'value' => !is_null($user_id) ? $user_id : '',
],
[
'field' => 'name',

6
templates/Users/add.php
View File

@ -18,7 +18,8 @@
'field' => 'organisation_id',
'type' => 'dropdown',
'label' => __('Associated organisation'),
'options' => $dropdownData['organisation']
'options' => $dropdownData['organisation'],
'default' => $loggedUser['organisation_id']
],
[
'field' => 'password',
@ -39,7 +40,8 @@
'field' => 'role_id',
'type' => 'dropdown',
'label' => __('Role'),
'options' => $dropdownData['role']
'options' => $dropdownData['role'],
'default' => $defaultRole ?? null
],
[
'field' => 'disabled',

2
templates/Users/login.php
View File

@ -30,7 +30,7 @@ use Cake\Core\Configure;
echo '</div>';
}
if (!empty(Configure::read('keycloak'))) {
if (!empty(Configure::read('keycloak.enabled'))) {
echo sprintf('<div class="d-flex align-items-center my-2"><hr class="d-inline-block flex-grow-1"/><span class="mx-3 fw-light">%s</span><hr class="d-inline-block flex-grow-1"/></div>', __('Or'));
echo $this->Form->create(null, [
'url' => Cake\Routing\Router::url([

28
templates/Users/settings.php
View File

@ -10,10 +10,12 @@ foreach ($settingsProvider as $settingTitle => $settingContent) {
]);
}
$navLinks[] = __('Bookmarks');
$tabContents[] = $this->element('UserSettings/saved-bookmarks', [
'bookmarks' => !empty($user->user_settings_by_name['ui.bookmarks']['value']) ? json_decode($user->user_settings_by_name['ui.bookmarks']['value'], true) : []
]);
if (empty($editingAnotherUser)) {
$navLinks[] = __('Bookmarks');
$tabContents[] = $this->element('UserSettings/saved-bookmarks', [
'bookmarks' => !empty($user->user_settings_by_name['ui.bookmarks']['value']) ? json_decode($user->user_settings_by_name['ui.bookmarks']['value'], true) : []
]);
}
$tabsOptions = [
'vertical' => true,
@ -29,11 +31,15 @@ $tabsOptions = [
];
$tabs = $this->Bootstrap->tabs($tabsOptions);
echo $this->Html->script('settings');
$saveUrl = '/userSettings/saveSetting';
if(!empty($editingAnotherUser)) {
$saveUrl .= '/' . h($user->id);
}
?>
<script>
window.settingsFlattened = <?= json_encode($settingsFlattened) ?>;
window.saveSettingURL = '/userSettings/saveSetting'
window.saveSettingURL = '<?= $saveUrl ?>'
</script>
<h2 class="fw-light"><?= __('Account settings') ?></h2>
@ -43,7 +49,17 @@ echo $this->Html->script('settings');
<span class="fw-bold font-monospace me-2 fs-5"><?= h($user->username) ?></span>
<span><?= h($user->individual->full_name) ?></span>
</div>
<div class="fw-light"><?= __('Your personnal account') ?></div>
<?php if (!empty($editingAnotherUser)): ?>
<?=
$this->Bootstrap->alert([
'text' => __('Currently editing the account settings of another user.'),
'variant' => 'warning',
'dismissible' => false
])
?>
<?php else: ?>
<div class="fw-light"><?= __('Your personnal account') ?></div>
<?php endif; ?>
</div>
<div class="mt-2">
<?= $tabs ?>

2
templates/element/Settings/category.php
View File

@ -57,6 +57,6 @@ $mainPanelHeight = 'calc(100vh - 42px - 1rem - 56px - 38px - 1rem)';
</div>
<?php else: ?>
<div>
<?= $contentHtml ?>
<?= !empty($contentHtml) ? $contentHtml : sprintf('<p class="text-center mt-3">%s</p>', __('No settings available for this category')) ?>
</div>
<?php endif; ?>

3
templates/element/genericElements/Form/Fields/dropdownField.php
View File

@ -5,6 +5,7 @@
'value' => $fieldData['value'] ?? null,
'multiple' => $fieldData['multiple'] ?? false,
'disabled' => $fieldData['disabled'] ?? false,
'class' => ($fieldData['class'] ?? '') . ' formDropdown form-select'
'class' => ($fieldData['class'] ?? '') . ' formDropdown form-select',
'default' => ($fieldData['default'] ?? null)
];
echo $this->FormFieldMassage->prepareFormElement($this->Form, $controlParams, $fieldData);

6
templates/element/genericElements/ListTopBar/element_simple.php
View File

@ -1,8 +1,10 @@
<?php
$seed = 'f_' . mt_rand();
if (!isset($data['requirement']) || $data['requirement']) {
if (!empty($data['popover_url'])) {
$onClick = sprintf(
'onClick="openModalForButton(this, \'%s\', \'%s\')"',
'onClick="openModalForButton%s(this, \'%s\', \'%s\')"',
$seed,
h($data['popover_url']),
h(!empty($data['reload_url']) ? $data['reload_url'] : '')
);
@ -70,7 +72,7 @@
?>
<script>
function openModalForButton(clicked, url, reloadUrl='') {
function openModalForButton<?= $seed ?>(clicked, url, reloadUrl='') {
const fallbackReloadUrl = '<?= $this->Url->build(['action' => 'index']); ?>'
reloadUrl = reloadUrl != '' ? reloadUrl : fallbackReloadUrl
UI.overlayUntilResolve(clicked, UI.submissionModalForIndex(url, reloadUrl, '<?= $tableRandomValue ?>'))

20
tests/Fixture/LocalToolsFixture.php Normal file
View File

@ -0,0 +1,20 @@
<?php
declare(strict_types=1);
namespace App\Test\Fixture;
use Cake\TestSuite\Fixture\TestFixture;
class LocalToolsFixture extends TestFixture
{
public $connection = 'test';
public function init(): void
{
$faker = \Faker\Factory::create();
$this->records = [];
parent::init();
}
}

7
tests/Fixture/OrganisationsFixture.php
View File

@ -11,7 +11,10 @@ class OrganisationsFixture extends TestFixture
public $connection = 'test';
public const ORGANISATION_A_ID = 1;
public const ORGANISATION_A_UUID = 'dce5017e-b6a5-4d0d-a0d7-81e9af56c82c';
public const ORGANISATION_B_ID = 2;
public const ORGANISATION_B_UUID = '36d22d9a-851e-4838-a655-9999c1d19497';
public function init(): void
{
@ -20,7 +23,7 @@ class OrganisationsFixture extends TestFixture
$this->records = [
[
'id' => self::ORGANISATION_A_ID,
'uuid' => $faker->uuid(),
'uuid' => self::ORGANISATION_A_UUID,
'name' => 'Organisation A',
'url' => $faker->url,
'nationality' => $faker->countryCode,
@ -33,7 +36,7 @@ class OrganisationsFixture extends TestFixture
[
'id' => self::ORGANISATION_B_ID,
'uuid' => $faker->uuid(),
'name' => 'Organisation B',
'name' => self::ORGANISATION_B_UUID,
'url' => $faker->url,
'nationality' => $faker->countryCode,
'sector' => 'IT',

20
tests/Fixture/RemoteToolConnectionsFixture.php Normal file
View File

@ -0,0 +1,20 @@
<?php
declare(strict_types=1);
namespace App\Test\Fixture;
use Cake\TestSuite\Fixture\TestFixture;
class RemoteToolConnectionsFixture extends TestFixture
{
public $connection = 'test';
public function init(): void
{
$faker = \Faker\Factory::create();
$this->records = [];
parent::init();
}
}

5
tests/Helper/ApiTestTrait.php
View File

@ -240,7 +240,10 @@ trait ApiTestTrait
protected function _sendRequest($url, $method, $data = []): void
{
// Adding Content-Type: application/json $this->configRequest() prevents this from happening somehow
if (in_array($method, ['POST', 'PATCH', 'PUT']) && $this->_request['headers']['Content-Type'] === 'application/json') {
if (
in_array($method, ['POST', 'PATCH', 'PUT'])
&& $this->_request['headers']['Content-Type'] === 'application/json'
) {
$data = json_encode($data);
}

44
tests/Helper/WireMockTestTrait.php
View File

@ -5,7 +5,9 @@ declare(strict_types=1);
namespace App\Test\Helper;
use \WireMock\Client\WireMock;
use Exception;
use \WireMock\Client\ValueMatchingStrategy;
use \WireMock\Client\RequestPatternBuilder;
use \WireMock\Stubbing\StubMapping;
trait WireMockTestTrait
{
@ -26,7 +28,7 @@ trait WireMockTestTrait
);
if (!$this->wiremock->isAlive()) {
throw new Exception('Failed to connect to WireMock server.');
throw new \Exception('Failed to connect to WireMock server.');
}
$this->clearWireMockStubs();
@ -46,4 +48,42 @@ trait WireMockTestTrait
{
return sprintf('http://%s:%s', $this->config['hostname'], $this->config['port']);
}
/**
* Verify all WireMock stubs were called.
*
* @return void
*/
public function verifyAllStubsCalled(): void
{
$stubs = $this->wiremock->listAllStubMappings()->getMappings();
foreach ((array)$stubs as $stub) {
$this->verifyStubCalled($stub);
}
}
/**
* Verify the WireMock stub was called.
*
* @param StubMapping $stub
* @return void
*/
public function verifyStubCalled(StubMapping $stub): void
{
$validator = new RequestPatternBuilder($stub->getRequest()->getMethod(), $stub->getRequest()->getUrlMatchingStrategy());
// validate headers
$headers = $stub->getRequest()->getHeaders();
if (is_array($headers)) {
foreach ($headers as $header => $rule) {
$validator = $validator->withHeader($header, ValueMatchingStrategy::fromArray($rule));
}
}
// TODO: Add body matching
// TODO: Add query matching
// TODO: Add cookie matching
$this->wiremock->verify($validator);
}
}

1
tests/Helper/wiremock/stop.sh
View File

@ -17,7 +17,6 @@ if [ -e $pidFile ]; then
rm $pidFile
else
echo WireMock is not started 2>&1
exit 1
fi
echo WireMock $instance stopped

2
tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\AuthKeys;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

10
tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\AuthKeys;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
@ -19,7 +19,7 @@ class DeleteAuthKeyApiTest extends TestCase
'app.Individuals',
'app.Roles',
'app.Users',
'app.AuthKeys',
'app.AuthKeys'
];
public function testDeleteAdminAuthKey(): void
@ -34,12 +34,14 @@ class DeleteAuthKeyApiTest extends TestCase
public function testDeleteOrgAdminAuthKeyNotAllowedAsRegularUser(): void
{
$this->skipOpenApiValidations();
$this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
$url = sprintf('%s/%d', self::ENDPOINT, AuthKeysFixture::ORG_ADMIN_API_ID);
$this->delete($url);
$this->assertResponseCode(405);
$this->assertDbRecordExists('AuthKeys', ['id' => AuthKeysFixture::ORG_ADMIN_API_ID]);
$this->markTestIncomplete('FIXME: this test returns string(4) "null", which is not a valid JSON object with 405 status code.');
$this->assertResponseCode(405);
}
}

2
tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\AuthKeys;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Broods/AddBroodApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Broods;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\OrganisationsFixture;

2
tests/TestCase/Api/Broods/DeleteBroodApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Broods;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

3
tests/TestCase/Api/Broods/EditBroodApiTest.php
View File

@ -2,9 +2,8 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Broods;
use Cake\TestSuite\IntegrationTestTrait;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
use App\Test\Fixture\BroodsFixture;

2
tests/TestCase/Api/Broods/IndexBroodsApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Broods;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

31
tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Broods;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
@ -31,17 +31,12 @@ class TestBroodConnectionApiTest extends TestCase
{
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->initializeWireMock();
$this->mockCerebrateStatusResponse();
$stub = $this->mockCerebrateStatusResponse();
$url = sprintf('%s/%d', self::ENDPOINT, BroodsFixture::BROOD_WIREMOCK_ID);
$this->get($url);
$this->getWireMock()->verify(
WireMock::getRequestedFor(WireMock::urlEqualTo('/instance/status.json'))
->withHeader('Content-Type', WireMock::equalTo('application/json'))
->withHeader('Authorization', WireMock::equalTo(BroodsFixture::BROOD_WIREMOCK_API_KEY))
);
$this->verifyStubCalled($stub);
$this->assertResponseOk();
$this->assertResponseContains('"user": "wiremock"');
}
@ -52,17 +47,19 @@ class TestBroodConnectionApiTest extends TestCase
WireMock::get(WireMock::urlEqualTo('/instance/status.json'))
->willReturn(WireMock::aResponse()
->withHeader('Content-Type', 'application/json')
->withBody((string)json_encode([
"version" => "0.1",
"application" => "Cerebrate",
"user" => [
"id" => 1,
"username" => "wiremock",
"role" => [
"id" => 1
->withBody((string)json_encode(
[
"version" => "0.1",
"application" => "Cerebrate",
"user" => [
"id" => 1,
"username" => "wiremock",
"role" => [
"id" => 1
]
]
]
])))
)))
);
}
}

2
tests/TestCase/Api/Broods/ViewBroodApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Broods;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\EncryptionKeys;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\EncryptionKeys;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\EncryptionKeys;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\EncryptionKeys;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\EncryptionKeys;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

34
tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
View File

@ -2,11 +2,12 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Inbox;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
use App\Test\Helper\ApiTestTrait;
use Authentication\PasswordHasher\DefaultPasswordHasher;
class CreateInboxEntryApiTest extends TestCase
{
@ -31,24 +32,31 @@ class CreateInboxEntryApiTest extends TestCase
$_SERVER['REMOTE_ADDR'] = '::1';
$url = sprintf("%s/%s/%s", self::ENDPOINT, 'User', 'Registration');
$password = 'Password12345!';
$email = 'john@example.com';
$this->post(
$url,
[
'email' => 'john@example.com',
'password' => 'Password12345!'
'email' => $email,
'password' => $password
]
);
$this->assertResponseOk();
$response = $this->getJsonResponseAsArray();
$userId = $response['data']['id'];
$createdInboxMessage = $this->getRecordFromDb(
'Inbox',
[
'id' => $userId,
'scope' => 'User',
'action' => 'Registration'
]
);
$this->assertResponseOk();
$this->assertResponseContains('"email": "john@example.com"');
$this->assertDbRecordExists(
'Inbox',
[
'id' => 3, // hacky, but `data` is json string cannot verify the value because of the hashed password
'scope' => 'User',
'action' => 'Registration',
]
);
$this->assertTrue((new DefaultPasswordHasher())->check($password, $createdInboxMessage['data']['password']));
$this->assertEquals($email, $createdInboxMessage['data']['email']);
}
public function testAddUserRegistrationInboxNotAllowedAsRegularUser(): void

2
tests/TestCase/Api/Inbox/IndexInboxApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Inbox;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Individuals/AddIndividualApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Individuals;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Individuals;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Individuals/EditIndividualApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Individuals;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Individuals;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Individuals;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

405
tests/TestCase/Api/LocalTools/MispInterConnectionTest.php Normal file
View File

@ -0,0 +1,405 @@
<?php
declare(strict_types=1);
namespace App\Test\TestCase\Api\LocalTools;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\OrganisationsFixture;
use App\Test\Fixture\AuthKeysFixture;
use App\Test\Fixture\UsersFixture;
use App\Test\Fixture\RolesFixture;
use App\Test\Helper\ApiTestTrait;
use App\Test\Helper\WireMockTestTrait;
use \WireMock\Client\WireMock;
class MispInterConnectionTest extends TestCase
{
use ApiTestTrait;
use WireMockTestTrait;
protected $fixtures = [
'app.Organisations',
'app.Individuals',
'app.Roles',
'app.Users',
'app.AuthKeys',
'app.Broods',
'app.LocalTools',
'app.RemoteToolConnections',
'app.Inbox'
];
/** constants related to the local Cerebrate instance */
private const LOCAL_CEREBRATE_URL = 'http://127.0.0.1';
/** constants related to the local MISP instance */
private const LOCAL_MISP_INSTANCE_URL = 'http://localhost:8080/MISP_LOCAL';
private const LOCAL_MISP_ADMIN_USER_AUTHKEY = 'b17ce79ac0f05916f382ab06ea4790665dbc174c';
/** constants related to the remote Cerebrate instance */
private const REMOTE_CEREBRATE_URL = 'http://127.0.0.1:8080/CEREBRATE_REMOTE';
private const REMOTE_CEREBRATE_AUTHKEY = 'a192ba3c749b545f9cec6b6bba0643736f6c3022';
/** constants related to the remote MISP instance */
private const REMOTE_MISP_SYNC_USER_ID = 333;
private const REMOTE_MISP_SYNC_USER_EMAIL = 'sync@misp.remote';
private const REMOTE_MISP_INSTANCE_URL = 'http://localhost:8080/MISP_REMOTE';
private const REMOTE_MISP_AUTHKEY = '19ca57ecebd2fe34c1c17d729980678eb648d541';
public function testInterConnectMispViaCerebrate(): void
{
$this->initializeWireMock();
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$faker = \Faker\Factory::create();
/**
* 1. Create LocalTool connection to `MISP LOCAL` (local MISP instance)
*/
$this->post(
sprintf('%s/localTools/add', self::LOCAL_CEREBRATE_URL),
[
'name' => 'MISP_LOCAL',
'connector' => 'MispConnector',
'settings' => json_encode([
'url' => self::LOCAL_MISP_INSTANCE_URL,
'authkey' => self::LOCAL_MISP_ADMIN_USER_AUTHKEY,
'skip_ssl' => true,
]),
'description' => 'MISP local instance',
'exposed' => true
]
);
$this->assertResponseOk();
$this->assertDbRecordExists('LocalTools', ['name' => 'MISP_LOCAL']);
/**
* 2. Create a new Brood (connect to a remote Cerebrate instance)
* This step assumes that the remote Cerebrate instance is already
* running and has a user created for the local Cerebrate instance.
*
* NOTE: Uses OrganisationsFixture::ORGANISATION_A_ID from the
* fixtures as the local Organisation.
*/
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$LOCAL_BROOD_UUID = $faker->uuid;
$this->post(
'/broods/add',
[
'uuid' => $LOCAL_BROOD_UUID,
'name' => 'Local Brood',
'url' => self::REMOTE_CEREBRATE_URL,
'description' => $faker->text,
'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
'trusted' => true,
'pull' => true,
'skip_proxy' => true,
'authkey' => self::REMOTE_CEREBRATE_AUTHKEY,
]
);
$this->assertResponseOk();
$this->assertDbRecordExists('Broods', ['uuid' => $LOCAL_BROOD_UUID]);
$brood = $this->getJsonResponseAsArray();
/**
* 3. Create a new Cerebrate local user for the remote Cerebrate
* These includes:
* - 3.a: Create a new Organisation
* - 3.b: Create a new Individual
* - 3.c: Create a new User
* - 3.d: Create a new Authkey
*/
// Create Organisation
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$remoteOrgUuid = $faker->uuid;
$this->post(
'/organisations/add',
[
'name' => 'Remote Organisation',
'description' => $faker->text,
'uuid' => $remoteOrgUuid,
'url' => 'http://cerebrate.remote',
'nationality' => 'US',
'sector' => 'sector',
'type' => 'type',
]
);
$this->assertResponseOk();
$this->assertDbRecordExists('Organisations', ['uuid' => $remoteOrgUuid]);
$remoteOrg = $this->getJsonResponseAsArray();
// Create Individual
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->post(
'/individuals/add',
[
'email' => 'sync@cerebrate.remote',
'first_name' => 'Remote',
'last_name' => 'Cerebrate'
]
);
$this->assertResponseOk();
$this->assertDbRecordExists('Individuals', ['email' => 'sync@cerebrate.remote']);
$remoteIndividual = $this->getJsonResponseAsArray();
// Create User
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->post(
'/users/add',
[
'individual_id' => $remoteIndividual['id'],
'organisation_id' => $remoteOrg['id'],
'role_id' => RolesFixture::ROLE_SYNC_ID,
'disabled' => false,
'username' => 'remote_cerebrate',
'password' => 'Password123456!',
]
);
$this->assertResponseOk();
$this->assertDbRecordExists('Users', ['username' => 'remote_cerebrate']);
$user = $this->getJsonResponseAsArray();
// Create Authkey
$remoteCerebrateAuthkey = $faker->sha1;
$remoteAuthkeyUuid = $faker->uuid;
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->post(
'/authKeys/add',
[
'uuid' => $remoteAuthkeyUuid,
'authkey' => $remoteCerebrateAuthkey,
'expiration' => 0,
'user_id' => $user['id'],
'comment' => $faker->text
]
);
$this->assertResponseOk();
$this->assertDbRecordExists('AuthKeys', ['uuid' => $remoteAuthkeyUuid]);
/**
* 4. Get remote Cerebrate exposed tools
*/
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->mockCerebrateGetExposedToolsResponse('CEREBRATE_REMOTE', self::REMOTE_CEREBRATE_AUTHKEY);
$this->get(sprintf('/localTools/broodTools/%s', $brood['id']));
$this->assertResponseOk();
$tools = $this->getJsonResponseAsArray();
/**
* 5. Issue a connection request to the remote MISP instance
*/
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->mockCerebrateGetExposedToolsResponse('CEREBRATE_REMOTE', self::REMOTE_CEREBRATE_AUTHKEY);
$this->mockMispViewOrganisationByUuid(
'MISP_LOCAL',
self::LOCAL_MISP_ADMIN_USER_AUTHKEY,
OrganisationsFixture::ORGANISATION_A_UUID,
OrganisationsFixture::ORGANISATION_A_ID
);
$this->mockMispCreateSyncUser(
'MISP_LOCAL',
self::LOCAL_MISP_ADMIN_USER_AUTHKEY,
self::REMOTE_MISP_SYNC_USER_ID,
self::REMOTE_MISP_SYNC_USER_EMAIL
);
$this->mockCerebrateCreateMispIncommingConnectionRequest(
'CEREBRATE_REMOTE',
UsersFixture::USER_ADMIN_ID,
self::LOCAL_CEREBRATE_URL,
self::REMOTE_CEREBRATE_AUTHKEY,
self::LOCAL_MISP_INSTANCE_URL
);
$this->post(
sprintf('/localTools/connectionRequest/%s/%s', $brood['id'], $tools[0]['id']),
[
'local_tool_id' => 1
]
);
$this->assertResponseOk();
/**
* 6. Remote Cerebrate accepts the connection request
*/
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->post(
'/inbox/createEntry/LocalTool/AcceptedRequest',
[
'email' => self::REMOTE_MISP_SYNC_USER_EMAIL,
'authkey' => self::REMOTE_MISP_AUTHKEY,
'url' => self::REMOTE_MISP_INSTANCE_URL,
'reflected_user_id' => self::REMOTE_MISP_SYNC_USER_ID,
'connectorName' => 'MispConnector',
'cerebrateURL' => self::REMOTE_CEREBRATE_URL,
'local_tool_id' => 1,
'remote_tool_id' => 1,
'tool_name' => 'MISP_REMOTE'
]
);
$this->assertResponseOk();
$acceptRequest = $this->getJsonResponseAsArray();
/**
* 7. Finalize the connection
*/
$this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
$this->mockEnableMispSyncUser('MISP_LOCAL', self::LOCAL_MISP_ADMIN_USER_AUTHKEY, self::REMOTE_MISP_SYNC_USER_ID);
$this->mockAddMispServer(
'MISP_LOCAL',
self::LOCAL_MISP_ADMIN_USER_AUTHKEY,
[
'authkey' => self::REMOTE_MISP_AUTHKEY,
'url' => self::REMOTE_MISP_INSTANCE_URL,
'name' => 'MISP_REMOTE',
'remote_org_id' => OrganisationsFixture::ORGANISATION_A_ID
]
);
$this->post(sprintf('/inbox/process/%s', $acceptRequest['data']['id']));
$this->assertResponseOk();
$this->assertResponseContains('"success": true');
$this->verifyAllStubsCalled();
}
private function mockCerebrateGetExposedToolsResponse(string $instance, string $cerebrateAuthkey): \WireMock\Stubbing\StubMapping
{
return $this->getWireMock()->stubFor(
WireMock::get(WireMock::urlEqualTo("/$instance/localTools/exposedTools"))
->withHeader('Authorization', WireMock::equalTo($cerebrateAuthkey))
->willReturn(WireMock::aResponse()
->withHeader('Content-Type', 'application/json')
->withBody((string)json_encode(
[
[
"id" => 1,
"name" => "MISP ($instance)",
"connector" => "MispConnector",
]
]
)))
);
}
private function mockMispViewOrganisationByUuid(string $instance, string $mispAuthkey, string $orgUuid, int $orgId): \WireMock\Stubbing\StubMapping
{
return $this->getWireMock()->stubFor(
WireMock::get(WireMock::urlEqualTo("/$instance/organisations/view/$orgUuid/limit:50"))
->withHeader('Authorization', WireMock::equalTo($mispAuthkey))
->willReturn(WireMock::aResponse()
->withHeader('Content-Type', 'application/json')
->withBody((string)json_encode(
[
"Organisation" => [
"id" => $orgId,
"name" => $instance . ' Organisation',
"uuid" => $orgUuid,
"local" => true
]
]
)))
);
}
private function mockMispCreateSyncUser(string $instance, string $mispAuthkey, int $userId, string $email): \WireMock\Stubbing\StubMapping
{
$faker = \Faker\Factory::create();
return $this->getWireMock()->stubFor(
WireMock::post(WireMock::urlEqualTo("/$instance/admin/users/add"))
->withHeader('Authorization', WireMock::equalTo($mispAuthkey))
->willReturn(WireMock::aResponse()
->withHeader('Content-Type', 'application/json')
->withBody((string)json_encode(
[
"User" => [
"id" => $userId,
"email" => $email,
"authkey" => $faker->sha1
]
]
)))
);
}
private function mockCerebrateCreateMispIncommingConnectionRequest(
string $instance,
int $userId,
string $cerebrateUrl,
string $cerebrateAuthkey,
string $mispUrl
): \WireMock\Stubbing\StubMapping {
$faker = \Faker\Factory::create();
return $this->getWireMock()->stubFor(
WireMock::post(WireMock::urlEqualTo("/$instance/inbox/createEntry/LocalTool/IncomingConnectionRequest"))
->withHeader('Authorization', WireMock::equalTo($cerebrateAuthkey))
->willReturn(WireMock::aResponse()
->withHeader('Content-Type', 'application/json')
->withBody((string)json_encode(
[
'data' => [
'id' => $faker->randomNumber(),
'uuid' => $faker->uuid,
'origin' => $cerebrateUrl,
'user_id' => $userId,
'data' => [
'connectorName' => 'MispConnector',
'cerebrateURL' => $cerebrateUrl,
'url' => $mispUrl,
'tool_connector' => 'MispConnector',
'local_tool_id' => 1,
'remote_tool_id' => 1,
],
'title' => 'Request for MISP Inter-connection',
'scope' => 'LocalTool',
'action' => 'IncomingConnectionRequest',
'description' => 'Handle Phase I of inter-connection when another cerebrate instance performs the request.',
'local_tool_connector_name' => 'MispConnector',
'created' => date('c'),
'modified' => date('c')
],
'success' => true,
'message' => 'LocalTool request for IncomingConnectionRequest created',
'errors' => [],
]
)))
);
}
private function mockEnableMispSyncUser(string $instance, string $mispAuthkey, int $userId): \WireMock\Stubbing\StubMapping
{
return $this->getWireMock()->stubFor(
WireMock::post(WireMock::urlEqualTo("/$instance/admin/users/edit/$userId"))
->withHeader('Authorization', WireMock::equalTo($mispAuthkey))
->withRequestBody(WireMock::equalToJson(json_encode(['disabled' => false])))
->willReturn(WireMock::aResponse()
->withHeader('Content-Type', 'application/json')
->withBody((string)json_encode(
[
"User" => [
"id" => $userId,
]
]
)))
);
}
private function mockAddMispServer(string $instance, string $mispAuthkey, array $body): \WireMock\Stubbing\StubMapping
{
$faker = \Faker\Factory::create();
return $this->getWireMock()->stubFor(
WireMock::post(WireMock::urlEqualTo("/$instance/servers/add"))
->withHeader('Authorization', WireMock::equalTo($mispAuthkey))
->withRequestBody(WireMock::equalToJson(json_encode($body)))
->willReturn(WireMock::aResponse()
->withHeader('Content-Type', 'application/json')
->withBody((string)json_encode(
[
'Server' => [
'id' => $faker->randomNumber()
]
]
)))
);
}
}

2
tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Organisations;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

3
tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
View File

@ -2,9 +2,8 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Organisations;
use Cake\TestSuite\IntegrationTestTrait;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;
use App\Test\Fixture\OrganisationsFixture;

2
tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Organisations;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Organisations;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Organisations;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Organisations;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Organisations;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\SharingGroups;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\OrganisationsFixture;

2
tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\SharingGroups;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\SharingGroups;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\SharingGroups;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\SharingGroups;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

2
tests/TestCase/Api/Tags/IndexTagsApiTest.php
View File

@ -2,7 +2,7 @@
declare(strict_types=1);
namespace App\Test\TestCase\Api\Users;
namespace App\Test\TestCase\Api\Tags;
use Cake\TestSuite\TestCase;
use App\Test\Fixture\AuthKeysFixture;

314
webroot/docs/openapi.yaml
View File

@ -27,6 +27,8 @@ tags:
description: "Assign encryption keys to the user, used to securely communicate or validate messages coming from the user."
- name: AuthKeys
description: "Authkeys are used for API access. A user can have more than one authkey, so if you would like to use separate keys per tool that queries Cerebrate, add additional keys. Use the comment field to make identifying your keys easier."
- name: LocalTools
description: "Cerebrate can connect to local tools via individual connectors, built to expose the various functionalities of the given tool via Cerebrate. Simply view the connectors' details and the accompanying instance list to manage the connections using the given connector."
paths:
/individuals/index:
@ -418,7 +420,7 @@ paths:
/inbox/createEntry/User/Registration:
post:
summary: "Create user registration inbox entry"
operationId: createInboxEntry
operationId: createUserRegistrationInboxEntry
tags:
- Inbox
requestBody:
@ -433,6 +435,42 @@ paths:
default:
$ref: "#/components/responses/ApiErrorResponse"
/inbox/createEntry/LocalTool/AcceptedRequest:
post:
summary: "Create accepted connection request inbox entry"
operationId: createAcceptedRequestInboxEntry
tags:
- Inbox
requestBody:
$ref: "#/components/requestBodies/CreateAcceptedRequestInboxEntryRequest"
responses:
"200":
$ref: "#/components/responses/AcceptedRequestInboxResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"405":
$ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/inbox/process/{inboxId}:
post:
summary: "Process inbox entry"
operationId: processInboxEntry
tags:
- Inbox
parameters:
- $ref: "#/components/parameters/inboxId"
responses:
"200":
$ref: "#/components/responses/ProcessInboxResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"405":
$ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/sharingGroups/index:
get:
summary: "Get a sharing groups list"
@ -783,6 +821,63 @@ paths:
default:
$ref: "#/components/responses/ApiErrorResponse"
/localTools/add:
post:
summary: "Add a local tool connection"
operationId: addLocalTool
tags:
- LocalTools
requestBody:
$ref: "#/components/requestBodies/CreateLocalToolConnectionRequest"
responses:
"200":
$ref: "#/components/responses/LocalToolResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"405":
$ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/localTools/broodTools/{broodId}:
get:
summary: "Get brood exposed tools"
operationId: getBroodExposedTools
tags:
- LocalTools
parameters:
- $ref: "#/components/parameters/broodId"
responses:
"200":
$ref: "#/components/responses/GetExposedBroodToolsResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"405":
$ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/localTools/connectionRequest/{broodId}/{localToolId}:
post:
summary: "Issue a local tool connection request"
operationId: issueLocalToolConnectionRequest
tags:
- LocalTools
parameters:
- $ref: "#/components/parameters/broodId"
- $ref: "#/components/parameters/localToolId"
requestBody:
$ref: "#/components/requestBodies/IssueLocalToolConnectionRequest"
responses:
"200":
$ref: "#/components/responses/IncomingConnectionRequestInboxResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"405":
$ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
components:
schemas:
# General
@ -1129,8 +1224,37 @@ components:
user:
$ref: "#/components/schemas/User"
local_tool_connector_name:
type: string
nullable: true
$ref: "#/components/schemas/LocalToolConnector"
AcceptedRequestInbox:
type: object
allOf:
- $ref: "#/components/schemas/Inbox"
- type: object
properties:
data:
type: object
properties:
email:
$ref: "#/components/schemas/Email"
authkey:
$ref: "#/components/schemas/AuthKeyRaw"
url:
type: string
reflected_user_id:
$ref: "#/components/schemas/ID"
connectorName:
$ref: "#/components/schemas/LocalToolConnector"
cerebrateURL:
type: string
local_tool_id:
$ref: "#/components/schemas/ID"
remote_tool_id:
$ref: "#/components/schemas/ID"
tool_name:
type: string
local_tool_connector_name:
$ref: "#/components/schemas/LocalToolConnector"
IncomingConnectionRequestInbox:
type: object
@ -1142,9 +1266,7 @@ components:
type: object
properties:
connectorName:
type: string
enum:
- "MispConnector"
$ref: "#/components/schemas/LocalToolConnector"
cerebrateURL:
type: string
example: "http://192.168.0.1"
@ -1159,6 +1281,7 @@ components:
anyOf:
- $ref: "#/components/schemas/UserRegistrationInbox"
- $ref: "#/components/schemas/IncomingConnectionRequestInbox"
- $ref: "#/components/schemas/AcceptedRequestInbox"
# SharingGroups
SharingGroupName:
@ -1362,6 +1485,45 @@ components:
items:
$ref: "#/components/schemas/AuthKey"
# LocalTools
LocalToolName:
type: string
LocalToolConnector:
type: string
nullable: true
enum:
- "MispConnector"
LocalToolSettings:
type: string
description: "Stringified JSON representing tool settings"
LocalToolDescription:
type: string
LocalToolIsExposed:
type: boolean
LocalTool:
type: object
properties:
name:
$ref: "#/components/schemas/LocalToolName"
connector:
$ref: "#/components/schemas/LocalToolConnector"
settings:
$ref: "#/components/schemas/LocalToolSettings"
description:
$ref: "#/components/schemas/LocalToolDescription"
exposed:
$ref: "#/components/schemas/LocalToolIsExposed"
LocalToolList:
type: array
items:
$ref: "#/components/schemas/LocalTool"
# Errors
ApiError:
type: object
@ -1487,6 +1649,22 @@ components:
schema:
$ref: "#/components/schemas/ID"
localToolId:
name: localToolId
in: path
description: "Numeric ID of the local tool"
required: true
schema:
$ref: "#/components/schemas/ID"
inboxId:
name: inboxId
in: path
description: "Numeric ID of the local tool"
required: true
schema:
$ref: "#/components/schemas/ID"
quickFilter:
name: quickFilter
in: query
@ -1669,6 +1847,32 @@ components:
password:
type: string
CreateAcceptedRequestInboxEntryRequest:
description: "Create accepted connection request inbox entry request"
content:
application/json:
schema:
type: object
properties:
email:
$ref: "#/components/schemas/Email"
authkey:
$ref: "#/components/schemas/AuthKeyRaw"
url:
type: string
reflected_user_id:
$ref: "#/components/schemas/ID"
connectorName:
$ref: "#/components/schemas/LocalToolConnector"
cerebrateURL:
type: string
local_tool_id:
$ref: "#/components/schemas/ID"
remote_tool_id:
$ref: "#/components/schemas/ID"
tool_name:
type: string
# SharingGroups
CreateSharingGroupRequest:
required: true
@ -1834,6 +2038,34 @@ components:
comment:
$ref: "#/components/schemas/AuthKeyComment"
# LocalTools
CreateLocalToolConnectionRequest:
required: true
content:
application/json:
schema:
type: object
properties:
name:
$ref: "#/components/schemas/LocalToolName"
connector:
$ref: "#/components/schemas/LocalToolConnector"
settings:
$ref: "#/components/schemas/LocalToolSettings"
description:
$ref: "#/components/schemas/LocalToolDescription"
exposed:
$ref: "#/components/schemas/LocalToolIsExposed"
IssueLocalToolConnectionRequest:
required: true
content:
application/json:
schema:
type: object
properties:
local_tool_id:
type: integer
responses:
# Individuals
IndividualResponse:
@ -1910,6 +2142,34 @@ components:
schema:
$ref: "#/components/schemas/IncomingConnectionRequestInbox"
AcceptedRequestInboxResponse:
description: "Accepted connection request inbox response"
content:
application/json:
schema:
$ref: "#/components/schemas/IncomingConnectionRequestInbox"
ProcessInboxResponse:
description: "Process inbox response"
content:
application/json:
schema:
type: object
properties:
data:
type: object
properties:
success:
type: boolean
success:
type: boolean
message:
type: string
example: "Interconnection for `http://cerebrate.remote`'s finalised"
errors:
type: string
nullable: true
InboxListResponse:
description: "Inbox list response"
content:
@ -1918,7 +2178,7 @@ components:
$ref: "#/components/schemas/InboxList"
CreateUserRegistrationInboxEntryResponse:
description: "Inbox response"
description: "Create user registration inbox response"
content:
application/json:
schema:
@ -1942,6 +2202,31 @@ components:
type: object
# TODO: describe
AcceptedRequestInboxEntryResponse:
description: "Accepted request inbox response"
content:
application/json:
schema:
type: object
properties:
data:
allOf:
- $ref: "#/components/schemas/AcceptedRequestInbox"
- properties:
local_tool_connector_name:
type: string
nullable: true
success:
type: boolean
message:
type: string
example: "User account creation requested. Please wait for an admin to approve your account."
errors:
type: array
items:
type: object
# TODO: describe
# SharingGroups
SharingGroupResponse:
description: "Sharing group response"
@ -2029,6 +2314,21 @@ components:
schema:
$ref: "#/components/schemas/AuthKeyList"
# LocalTools
LocalToolResponse:
description: "Local tool response"
content:
application/json:
schema:
$ref: "#/components/schemas/LocalTool"
GetExposedBroodToolsResponse:
description: "Local tool response"
content:
application/json:
schema:
$ref: "#/components/schemas/LocalToolList"
# Errors
ApiErrorResponse:
description: "Unexpected API error"

12
webroot/js/main.js
View File

@ -167,7 +167,7 @@ function saveSetting(statusNode, settingName, settingValue) {
}
function openSaveBookmarkModal(bookmark_url = '') {
const url = '/user-settings/saveBookmark';
const url = '/user-settings/saveMyBookmark';
UI.submissionModal(url).then(([modalFactory, ajaxApi]) => {
const $input = modalFactory.$modal.find('input[name="bookmark_url"]')
$input.val(bookmark_url)
@ -175,7 +175,7 @@ function openSaveBookmarkModal(bookmark_url = '') {
}
function deleteBookmark(bookmark, forSidebar=false) {
const url = '/user-settings/deleteBookmark'
const url = '/user-settings/deleteMyBookmark'
AJAXApi.quickFetchAndPostForm(url, {
bookmark_name: bookmark.name,
bookmark_url: bookmark.url,
@ -183,7 +183,7 @@ function deleteBookmark(bookmark, forSidebar=false) {
provideFeedback: true,
statusNode: $('.bookmark-table-container'),
}).then((apiResult) => {
const url = `/userSettings/getBookmarks/${forSidebar ? '1' : '0'}`
const url = `/userSettings/getMyBookmarks/${forSidebar ? '1' : '0'}`
UI.reload(url, $('.bookmark-table-container').parent())
const theToast = UI.toast({
variant: 'success',
@ -191,7 +191,7 @@ function deleteBookmark(bookmark, forSidebar=false) {
bodyHtml: $('<div/>').append(
$('<span/>').text('Cancel deletion operation.'),
$('<button/>').addClass(['btn', 'btn-primary', 'btn-sm', 'ms-3']).text('Restore bookmark').click(function () {
const urlRestore = '/user-settings/saveBookmark'
const urlRestore = '/user-settings/saveMyBookmark'
AJAXApi.quickFetchAndPostForm(urlRestore, {
bookmark_label: bookmark.label,
bookmark_name: bookmark.name,
@ -200,7 +200,7 @@ function deleteBookmark(bookmark, forSidebar=false) {
provideFeedback: true,
statusNode: $('.bookmark-table-container')
}).then(() => {
const url = `/userSettings/getBookmarks/${forSidebar ? '1' : '0'}`
const url = `/userSettings/getMyBookmarks/${forSidebar ? '1' : '0'}`
UI.reload(url, $('.bookmark-table-container').parent())
})
}),
@ -297,7 +297,7 @@ $(document).ready(() => {
$sidebar.addClass('expanded')
}
const settingName = 'ui.sidebar.expanded';
const url = `/user-settings/setSetting/${settingName}`
const url = `/user-settings/setMySetting/${settingName}`
AJAXApi.quickFetchAndPostForm(url, {
value: expanded ? 0 : 1
}, { provideFeedback: false})

4
webroot/js/table-settings.js
View File

@ -1,7 +1,7 @@
// function saveHiddenColumns(table_setting_id, newTableSettings) {
function mergeAndSaveSettings(table_setting_id, newTableSettings) {
const settingName = 'ui.table_setting'
const urlGet = `/user-settings/getSettingByName/${settingName}`
const urlGet = `/user-settings/getMySettingByName/${settingName}`
AJAXApi.quickFetchJSON(urlGet).then(tableSettings => {
tableSettings = JSON.parse(tableSettings.value)
newTableSettings = mergeNewTableSettingsIntoOld(table_setting_id, tableSettings, newTableSettings)
@ -19,7 +19,7 @@ function mergeNewTableSettingsIntoOld(table_setting_id, oldTableSettings, newTab
}
function saveTableSetting(settingName, newTableSettings) {
const urlSet = `/user-settings/setSetting/${settingName}`
const urlSet = `/user-settings/setMySetting/${settingName}`
AJAXApi.quickFetchAndPostForm(urlSet, {
value: JSON.stringify(newTableSettings)
}, {