MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [posts] Allow to add comment to any user that can see event

pull/6136/head
Jakub Onderka 2020-07-24 15:26:09 +02:00
parent 84527d5de4
commit 13cdc55512
2 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/Controller/PostsController.php
View File

@ -49,28 +49,21 @@ class PostsController extends AppController
switch ($target_type) {
case 'event':
$this->loadModel('Event');
$this->Event->recursive = -1;
$this->Event->read(null, $target_id);
$eventDiscussionTitle = __('Discussion about Event #') . $this->Event->data['Event']['id'] . ' (' . $this->Event->data['Event']['info'] . ')';
if (!$this->Event->exists()) {
$event = $this->Event->fetchSimpleEvent($this->Auth->user(), $target_id);
if (!$event) {
throw new NotFoundException(__('Invalid event'));
}
if (!$this->_isSiteAdmin()) {
if ($this->Event->data['Event']['distribution'] == 0 && $this->Event->data['Event']['org_id'] != $this->Auth->user('org_id')) {
throw new MethodNotAllowedException(__('You don\'t have permission to do that.'));
}
}
$thread = $this->Thread->find('first', array('conditions' => array('event_id' => $target_id)));
$eventDiscussionTitle = __('Discussion about Event #%s (%s)', $event['Event']['id'], $event['Event']['info']);
$thread = $this->Thread->find('first', array('conditions' => array('event_id' => $event['Event']['id'])));
$title = $eventDiscussionTitle;
if (isset($thread['Thread']['id'])) {
$target_thread_id = $thread['Thread']['id'];
} else {
$target_thread_id = null;
}
$distribution = $this->Event->data['Event']['distribution'];
$sgid = $this->Event->data['Event']['sharing_group_id'];
$org = $this->Event->data['Event']['org_id'];
$event_id = $this->Event->data['Event']['id'];
$distribution = $event['Event']['distribution'];
$sgid = $event['Event']['sharing_group_id'];
$event_id = $event['Event']['id'];
break;
case 'thread':
$target_thread_id = $target_id;
@ -208,7 +201,7 @@ class PostsController extends AppController
throw new NotFoundException(__('Invalid post'));
}
if (!$this->_isSiteAdmin() && $this->Auth->user('id') != $post['Post']['user_id']) {
throw new MethodNotAllowedException(__('This is not your event.'));
throw new MethodNotAllowedException(__('This is not your post.'));
}
if ($this->request->is('post') || $this->request->is('put')) {

1
app/webroot/js/misp.js
View File

@ -319,6 +319,7 @@ function submitGenericForm(url, form, target) {
complete:function() {
$(".loading").hide();
},
error: xhrFailCallback,
type:"post",
cache: false,
url:url,