mirror of https://github.com/MISP/MISP
new: [User] Add setting to limit site admin roles to instance's host org.
parent
b6386674c4
commit
02e173b769
|
@ -6407,6 +6407,14 @@ class Server extends AppModel
|
|||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'limit_site_admins_to_host_org' => array(
|
||||
'level' => self::SETTING_RECOMMENDED,
|
||||
'description' => __('If enabled, it will only be possible to assign site admin roles to users belonging to the instance\'s host org.'),
|
||||
'value' => false,
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'disable_browser_cache' => array(
|
||||
'level' => 0,
|
||||
'description' => __('If enabled, HTTP headers that block browser cache will be send. Static files (like images or JavaScripts) will still be cached, but not generated pages.'),
|
||||
|
|
|
@ -262,6 +262,16 @@ class User extends AppModel
|
|||
if (empty($user['nids_sid'])) {
|
||||
$user['nids_sid'] = mt_rand(1000000, 9999999);
|
||||
}
|
||||
if (!empty(Configure::read('Security.limit_site_admins_to_host_org'))){
|
||||
if (!empty($user['role_id']) and !empty($user['org_id'] and $user['org_id'] != Configure::read('MISP.host_org_id'))){
|
||||
$role = $this->Role->find('first', array(
|
||||
'conditions' => array('Role.id' => $user['role_id'])
|
||||
));
|
||||
if (!empty($role) and $role['Role']['perm_site_admin'] === true){
|
||||
$this->invalidate('role_id', "Site admin roles can only be assigned to users of the host org on this instance.");
|
||||
}
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue