MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Auth users should only be able to create events for their org 

- Sync users should be able to create an event for another orgc, but auth users should not
- Fixed
pull/541/head
Iglocska 2015-06-04 15:41:18 +02:00
parent a54c1a3943
commit 1386fb627a
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":75}
{"major":2, "minor":3, "hotfix":76}

5
app/Controller/EventsController.php
View File

@ -938,7 +938,10 @@ class EventsController extends AppController {
is_uploaded_file($this->data['Event']['submittedgfi']['tmp_name'])) {
$this->Session->setFlash(__('You may only upload GFI Sandbox zip files.'));
} else {
if ($this->_isRest()) $this->request->data = $this->Event->updateXMLArray($this->request->data, false);
if ($this->_isRest()) {
$this->request->data = $this->Event->updateXMLArray($this->request->data, false);
if (isset($this->request->data['Event']['orgc']) && !$this->userRole['perm_sync']) $this->request->data['Event']['orgc'] = $this->Auth->user('org');
}
$add = $this->Event->_add($this->request->data, $this->_isRest(), $this->Auth->user(), '');
if ($add && !is_numeric($add)) {
if ($this->_isRest()) {