mirror of https://github.com/MISP/MISP
Attribute and event access
- Updated the check for authorisation to view an event and attribute as the system hid some valid combinations (such as a server only attribute in a higher distribution level event).pull/63/head
parent
3646bca059
commit
0e18aa099b
|
@ -49,12 +49,16 @@ class AttributesController extends AppController {
|
|||
if (!$this->_IsSiteAdmin()) {
|
||||
$this->paginate = Set::merge($this->paginate,array(
|
||||
'conditions' =>
|
||||
array("OR" => array(
|
||||
array('Event.org =' => $this->Auth->user('org')),
|
||||
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1), array('Attribute.private !=' => 1)),
|
||||
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private =' => 1), array('Event.cluster =' => 1), array('Attribute.private =' => 1), array('Attribute.cluster =' => 1)))),
|
||||
)
|
||||
);
|
||||
array('OR' =>
|
||||
array(
|
||||
'Event.org =' => $this->Auth->user('org'),
|
||||
'AND' => array(
|
||||
array('Attribute.distribution !=' => 'Your organization only'),
|
||||
array('OR' => array(
|
||||
array('Event.private !=' => 1),
|
||||
array('Event.cluster =' => 1),
|
||||
)),
|
||||
)))));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -75,8 +75,8 @@ class EventsController extends AppController {
|
|||
'conditions' =>
|
||||
array("OR" => array(
|
||||
array('Event.org =' => $this->Auth->user('org')),
|
||||
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private !=' => 1)),
|
||||
array("AND" => array('Event.org !=' => $this->Auth->user('org')), array('Event.private =' => 1), array('Event.cluster =' => 1)))),
|
||||
array('Event.private !=' => 1),
|
||||
array('Event.cluster =' => 1))),
|
||||
)
|
||||
);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue