MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [acl] Move site admin check as last check

pull/9690/head
Jakub Onderka 2024-04-20 13:35:03 +02:00
parent d5ba5af530
commit 0ca6a47ef8
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Controller/Component/ACLComponent.php
View File

@ -1137,6 +1137,7 @@ class ACLComponent extends Component
*
* @param array $user
* @param array $analystData
* @param string $modelType
* @return bool
*/
public function canEditAnalystData(array $user, array $analystData, $modelType): bool
@ -1251,7 +1252,7 @@ class ACLComponent extends Component
$this->checkAccess($user, $controller, $action, false);
} catch (NotFoundException $e) {
throw new RuntimeException("Invalid controller '$controller' specified.", 0, $e);
} catch (MethodNotAllowedException $e) {
} catch (ForbiddenException $e) {
return false;
}
return true;
@ -1271,7 +1272,7 @@ class ACLComponent extends Component
* @param bool $checkLoggedActions
* @return true
* @throws NotFoundException
* @throws MethodNotAllowedException
* @throws ForbiddenException
*/
public function checkAccess($user, $controller, $action, $checkLoggedActions = true)
{
@ -1280,9 +1281,6 @@ class ACLComponent extends Component
if ($checkLoggedActions) {
$this->__checkLoggedActions($user, $controller, $action);
}
if ($user && $user['Role']['perm_site_admin']) {
return true;
}
if (!isset(self::ACL_LIST[$controller])) {
throw new NotFoundException('Invalid controller.');
}
@ -1328,7 +1326,12 @@ class ACLComponent extends Component
return true;
}
}
throw new MethodNotAllowedException('You do not have permission to use this functionality.');
// Dynamic checks can raise forbidden exception even for site admins, so we have to check permission for site
// admin as last thing.
if ($user && $user['Role']['perm_site_admin']) {
return true;
}
throw new ForbiddenException('You do not have permission to use this functionality.');
}
private function __findAllFunctions()