def __process_observable_get(self, event, requested_object, details,
inflated):
user = self.get_user()
try:
event_permission = self.get_event_user_permissions(event, user)
uuid = requested_object['object_uuid']
if uuid:
# return the given observable
# TODO: Check if observable belongs to event
observable = self.observable_controller.get_observable_by_uuid(
uuid)
self.check_item_is_viewable(event, observable)
if is_object_viewable(observable, event_permission, user):
return observable.to_dict(details, inflated,
event_permission, user)
else:
raise ControllerNothingFoundException(
u'Cannot find observable with uuid {0}'.format(uuid))
else:
# return all observables from the event
result = list()
for observable in event.get_observables_for_permissions(
event_permission, user):
if self.is_item_viewable(event, observable):
result.append(
observable.to_dict(details, inflated,
event_permission, user))
return result
except ControllerException as error:
raise RestHandlerException(error)
def get_observables_for_permissions(self, event_permissions, user):
rel_objs = list()
# TODO take into account owner
for rel_obj in self.observables:
if is_object_viewable(rel_obj, event_permissions, user):
rel_objs.append(rel_obj)
return rel_objs
def get_related_objects_for_permissions(self, event_permissions, user):
rel_objs = list()
for rel_obj in self.related_objects:
if is_object_viewable(rel_obj.object, event_permissions, user):
rel_objs.append(rel_obj)
return rel_objs
def get_attributes_for_permissions(self, event_permissions, user):
attributes = list()
for attribute in self.attributes:
if is_object_viewable(attribute, event_permissions, user):
attributes.append(attribute)
else:
if attribute.originating_group_id == user.group.identifier:
attributes.append(attribute)
return attributes
def get_reports_for_permissions(self, event_permissions, user):
rel_objs = list()
# TODO take into account owner
for rel_obj in self.reports:
if is_object_viewable(rel_obj, event_permissions, user):
rel_objs.append(rel_obj)
else:
if rel_obj.originating_group_id == user.group_id:
rel_objs.append(rel_obj)
return rel_objs
def is_item_viewable(self, event, item, user=None):
if not user:
user = self.get_user()
if self.is_event_owner(event, user):
return True
else:
# check is the event is viewable then process to the iem
if self.is_event_viewable(event, user):
permissions = self.get_event_user_permissions(event, user)
if is_object_viewable(item, permissions, user):
return True
else:
return False
else:
return False
def __process_event_report(self, method, event, requested_object, details,
inflated, json, headers):
user = self.get_user()
if method == 'GET':
event_permission = self.get_event_user_permissions(event, user)
uuid = requested_object['object_uuid']
if uuid:
# return the given observable
# TODO: Check if observable belongs to event
report = self.report_controller.get_report_by_uuid(uuid)
self.check_item_is_viewable(event, report)
if is_object_viewable(report, event_permission):
return report.to_dict(details, inflated, event_permission,
user)
else:
raise ControllerNothingFoundException(
u'Cannot find observable with uuid {0}'.format(uuid))
else:
# return all observables from the event
result = list()
for report in event.get_reports_for_permissions(
event_permission, user):
if self.is_item_viewable(event, report):
result.append(
report.to_dict(details, inflated, event_permission,
user))
return result
if method == 'POST':
event_permission = self.get_event_user_permissions(event, user)
self.check_if_user_can_add(event)
report = self.assembler.assemble_report(
event, json, user, self.is_event_owner(event, user),
self.is_rest_insert(headers))
self.report_controller.insert_report(report, user)
return report.to_dict(details, inflated, event_permission, user)
else:
raise RestHandlerException('Operation not supported')
return list()
def __get_attributes(self, event, user, group, update, proposal=False):
try:
flat_attributes = self.relation_controller.get_flat_attributes_for_event(
event)
# return only visible attribtues
event_permissions = None
if user:
event_permissions = self.event_broker.get_event_user_permissions(
event, user)
if group:
event_permissions = self.event_broker.get_event_group_permissions(
event, group)
if event_permissions:
result = ''
for attribute in flat_attributes:
if is_object_viewable(attribute, event_permissions, user):
if update:
if attribute.created_at <= event.last_publish_date:
# skip the ones we are not intreseted
continue
if proposal:
if not attribute.properties.is_proposal:
continue
if attribute.is_ioc:
text = u'{0}/{1}: {2} - IOC'.format(
attribute.object.definition.name,
attribute.definition.name, attribute.value)
else:
text = u'{0}/{1}: {2}'.format(
attribute.object.definition.name,
attribute.definition.name, attribute.value)
result = result + text + '\n'
return result
except BrokerException as error:
raise MailerException(error)
def get_related_reports_for_permissions(self, event_permissions, user):
rel_reps = list()
for rel_rep in self.related_reports:
if is_object_viewable(rel_rep, event_permissions, user):
rel_reps.append(rel_rep)
return rel_reps
def get_references_for_permissions(self, event_permissions, user):
references = list()
for ref in self.references:
if is_object_viewable(ref, event_permissions, user):
references.append(ref)
return references