MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Attribute and event access 

- Updated the check for authorisation to view an event and attribute as
  the system hid some valid combinations (such as a server only attribute
  in a higher distribution level event).
pull/63/head
Andras Iklody 2013-03-07 18:16:00 +01:00
parent 3646bca059
commit 0e18aa099b
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app/Controller/AttributesController.php
View File

@ -49,12 +49,16 @@ class AttributesController extends AppController {
if (!$this->_IsSiteAdmin()) {
$this->paginate = Set::merge($this->paginate,array(
'conditions' =>
array("OR" => array(
array('Event.org =' => $this->Auth->user('org')),
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1), array('Attribute.private !=' => 1)),
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private =' => 1), array('Event.cluster =' => 1), array('Attribute.private =' => 1), array('Attribute.cluster =' => 1)))),
)
);
array('OR' =>
array(
'Event.org =' => $this->Auth->user('org'),
'AND' => array(
array('Attribute.distribution !=' => 'Your organization only'),
array('OR' => array(
array('Event.private !=' => 1),
array('Event.cluster =' => 1),
)),
)))));
}
}

4
app/Controller/EventsController.php
View File

@ -75,8 +75,8 @@ class EventsController extends AppController {
'conditions' =>
array("OR" => array(
array('Event.org =' => $this->Auth->user('org')),
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1)),
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private =' => 1), array('Event.cluster =' => 1)))),
array('Event.private !=' => 1),
array('Event.cluster =' => 1))),
)
);
}