mirror of https://github.com/MISP/MISP
new: [user] Setting `disable_user_add` to disable user creation by org admins
Jakub Onderka
parent
02b43fff1e
commit
3b8b0019af
|
|
@ -608,7 +608,7 @@ class ACLComponent extends Component
|
|||
),
|
||||
'users' => array(
|
||||
'acceptRegistrations' => array('perm_site_admin'),
|
||||
'admin_add' => array('perm_admin'),
|
||||
'admin_add' => ['AND' => ['perm_admin', 'add_user_enabled']],
|
||||
'admin_delete' => array('perm_admin'),
|
||||
'admin_edit' => array('perm_admin'),
|
||||
'admin_email' => array('perm_admin'),
|
||||
|
|
@ -702,6 +702,12 @@ class ACLComponent extends Component
|
|||
}
|
||||
return true;
|
||||
};
|
||||
$this->dynamicChecks['add_user_enabled'] = function (array $user) {
|
||||
if (Configure::read('MISP.disable_user_add')) {
|
||||
throw new MethodNotAllowedException('Adding users has been disabled on this instance.');
|
||||
}
|
||||
return true;
|
||||
};
|
||||
}
|
||||
|
||||
private function __checkLoggedActions($user, $controller, $action)
|
||||
|
|
|
|||
|
|
@ -338,9 +338,6 @@ class UsersController extends AppController
|
|||
|
||||
public function admin_index()
|
||||
{
|
||||
if (!$this->_isAdmin()) {
|
||||
throw new NotFoundException(__('Invalid user or not authorised.'));
|
||||
}
|
||||
$this->User->virtualFields['org_ci'] = 'UPPER(Organisation.name)';
|
||||
$urlParams = "";
|
||||
$passedArgsArray = array();
|
||||
|
|
@ -496,9 +493,6 @@ class UsersController extends AppController
|
|||
|
||||
public function admin_filterUserIndex()
|
||||
{
|
||||
if (!$this->_isAdmin() && !$this->_isSiteAdmin()) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
$passedArgsArray = array();
|
||||
$booleanFields = array('autoalert', 'contactalert', 'termsaccepted');
|
||||
$textFields = array('role', 'email', 'authkey');
|
||||
|
|
@ -632,9 +626,6 @@ class UsersController extends AppController
|
|||
|
||||
public function admin_add()
|
||||
{
|
||||
if (!$this->_isAdmin()) {
|
||||
throw new Exception('Administrators only.');
|
||||
}
|
||||
$params = null;
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$params = array('conditions' => array('perm_site_admin !=' => 1, 'perm_sync !=' => 1, 'perm_regexp_access !=' => 1));
|
||||
|
|
|
|||
|
|
@ -921,7 +921,7 @@ class Server extends AppModel
|
|||
),
|
||||
'disable_user_login_change' => array(
|
||||
'level' => self::SETTING_RECOMMENDED,
|
||||
'description' => __('When enabled only site admins can change user email.'),
|
||||
'description' => __('When enabled only Site admins can change user email. This should be enabled if you manage user logins by external system.'),
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
|
|
@ -930,7 +930,16 @@ class Server extends AppModel
|
|||
),
|
||||
'disable_user_password_change' => array(
|
||||
'level' => self::SETTING_RECOMMENDED,
|
||||
'description' => __('When enabled only site admins can change user password.'),
|
||||
'description' => __('When enabled only Site admins can change user password. This should be enabled if you manage user passwords by external system.'),
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => false,
|
||||
),
|
||||
'disable_user_add' => array(
|
||||
'level' => self::SETTING_RECOMMENDED,
|
||||
'description' => __('When enabled, Org Admins could not add new users. This should be enabled if you manage users by external system.'),
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
|
|
|
|||
|
|
@ -330,7 +330,8 @@
|
|||
),
|
||||
array(
|
||||
'text' => __('Add User'),
|
||||
'url' => $baseurl . '/admin/users/add'
|
||||
'url' => $baseurl . '/admin/users/add',
|
||||
'requirement' => $canAccess('users', 'admin_add'),
|
||||
),
|
||||
array(
|
||||
'text' => __('Contact Users'),
|
||||
|
|
|
|||
Loading…
Reference in New Issue