Add locked field to feeds for sync user permission control#3
Open
chorsley wants to merge 5 commits into
Open
Conversation
- Add database migration case 141 for feeds.locked field - Modify feed processing to set event locked status from feed config - Add locked checkbox to feed add/edit UI forms - Update controller to handle locked field in save operations Fixes sync user permission issue where users could pull feed events but not update them. Events from locked feeds can now be edited by sync users, while unlocked feeds remain local-only. Addresses GitHub issue MISP#10047 Co-Authored-By: Chris Horsley <chris.horsley@falconmouse.com>
microblag
pushed a commit
that referenced
this pull request
May 15, 2026
Decision recorded: events created from a template will NOT carry the originating template's uuid + version on the event row. Once the event is created, the template is no longer load-bearing for any v1 flow. The audit-log row written when an event is instantiated (Phase 4 #4) captures the template uuid + version for the rare audit need. Rationale documented in the tracker. Avoids: - tag pollution (would need a `misp-galaxy:template_uuid="…"` or custom tag on every event from a template), - a migration on `events` (would need column adds + REST/sync contract change + care around event_reports payloads), - the "event note" middle ground (clean for humans, opaque to queries — gains us little if we don't actually query it). If a future analytics or index-filter use case demands persistence, it can be added at that time without breaking existing data — anything we add later attaches only to events created after the change. PRD: docs/dev/event-templating-prd.md §5.3 F3.4 (audit log behaviour unchanged; only the on-event persistence is dropped) Task: docs/dev/event-templating-progress.md — Phase 4 / Events created from a template record template_uuid + template_version in event metadata Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
microblag
pushed a commit
that referenced
this pull request
May 15, 2026
Phase 4 #4 (PRD §5.3 F3.4). When an event is created from a template, the instantiator now writes a post-commit audit-log row that ties the new event back to its source template: action : 'instantiate' (new constant, see below) model : 'EventTemplate' model_id : <template id> model_title: <template name> event_id : <new event id> change : { event_template_id, event_template_uuid, event_template_version, event_template_name, event_uuid } This is the canonical record of "user X created event Y from template Z (uuid+version)" — Phase 4 #3 already decided we will not persist the originating template on the event row itself; this audit row carries the metadata for any future audit need without polluting the event payload. Audit failures (e.g. AuditLog disabled, brotli unavailable, transient DB error) are demoted to a CakeLog warning so they never affect the already-committed event. Files: - app/Model/AuditLog.php — add `ACTION_INSTANTIATE = 'instantiate'` to the action enum. Single-line additive change to a shared model; needed because the existing constants do not capture the semantic "event was instantiated from this template" cleanly. Reusing ACTION_ADD would have produced misleading "Added EventTemplate #N" titles in the audit log view. - app/Controller/AuditLogsController.php — add the new constant to both action label maps (the per-row `action_human` mapping at line 89-105, and the filter dropdown at line 153-164). Without this, any audit-log view that paginates over an instantiate row throws an undefined-index notice on `$this->actions[...]`, and the action filter would have no entry for it. - app/Lib/Tools/EventTemplateInstantiator.php — `writeInstantiationAuditRow()` helper, called after `$db->commit()` and the post-add count verification. Wraps `AuditLog::insert(...)` in a try/Throwable so any failure is swallowed with a warning rather than affecting the live event. Skips the row entirely when `$options['template']` is absent — useful for tests and programmatic callers that don't want the audit row. - app/Controller/EventTemplatesController.php — `instantiate()` now passes `$options['template'] = {id, uuid, version, name}` to the instantiator, drawn from the `$source['EventTemplate']` row that was already fetched for read-auth. Verified live: template 463 → event 6699 → audit row 5295774. The test event + audit row were cleaned up after verification. Existing 7 EventTemplateInstantiator unit tests still pass (the audit-row write is skipped when no template metadata is supplied, which is the case in the unit suite). PRD: docs/dev/event-templating-prd.md §5.3 F3.4 Task: docs/dev/event-templating-progress.md — Phase 4 / Audit log entry on "event created from template" Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes sync user permission issue where users could pull feed events but not update them. Events from locked feeds can now be edited by sync users, while unlocked feeds remain local-only.
Addresses GitHub issue MISP#10047
Generic requirements in order to contribute to MISP:
What does it do?
If it fixes an existing issue, please use github syntax:
#<IssueID>Questions