mirror of https://github.com/MISP/MISP
Auth users should only be able to create events for their org
- Sync users should be able to create an event for another orgc, but auth users should not - Fixedpull/541/head
parent
a54c1a3943
commit
1386fb627a
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":75}
|
||||
{"major":2, "minor":3, "hotfix":76}
|
||||
|
|
|
@ -938,7 +938,10 @@ class EventsController extends AppController {
|
|||
is_uploaded_file($this->data['Event']['submittedgfi']['tmp_name'])) {
|
||||
$this->Session->setFlash(__('You may only upload GFI Sandbox zip files.'));
|
||||
} else {
|
||||
if ($this->_isRest()) $this->request->data = $this->Event->updateXMLArray($this->request->data, false);
|
||||
if ($this->_isRest()) {
|
||||
$this->request->data = $this->Event->updateXMLArray($this->request->data, false);
|
||||
if (isset($this->request->data['Event']['orgc']) && !$this->userRole['perm_sync']) $this->request->data['Event']['orgc'] = $this->Auth->user('org');
|
||||
}
|
||||
$add = $this->Event->_add($this->request->data, $this->_isRest(), $this->Auth->user(), '');
|
||||
if ($add && !is_numeric($add)) {
|
||||
if ($this->_isRest()) {
|
||||
|
|
Loading…
Reference in New Issue