MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Update TemplatesController.php

pull/796/head
Fafner [_KeyZee_] 2015-12-28 15:40:09 +01:00
parent 728425aedd
commit 01756dd261
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Controller/TemplatesController.php
View File

@ -261,13 +261,13 @@ class TemplatesController extends AppController {
$event = $this->Event->find('first', array(
'conditions' => array('id' => $event_id),
'recursive' => -1,
'fields' => array('id', 'orgc', 'distribution'),
'fields' => array('id', 'orgc_id', 'distribution'),
));
if (empty($event)) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
if (empty($template)) throw new MethodNotAllowedException('Template not found or you are not authorised to edit it.');
if (!$this->_isSiteAdmin()) {
if ($event['Event']['orgc'] != $this->Auth->user('Organisation')['name']) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
if ($event['Event']['orgc_id'] != $this->Auth->user('Organisation')['name']) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
if ($template['Template']['org'] != $this->Auth->user('Organisation')['name'] && !$template['Template']['share']) throw new MethodNotAllowedException('Template not found or you are not authorised to use it.');
}
@ -305,7 +305,7 @@ class TemplatesController extends AppController {
$event = $this->Event->find('first', array(
'conditions' => array('id' => $event_id),
'recursive' => -1,
'fields' => array('id', 'orgc', 'distribution', 'published'),
'fields' => array('id', 'orgc_id', 'distribution', 'published'),
'contain' => 'EventTag',
));
if (empty($event)) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');