MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: [UI] Added warning for users not to edit events as site admins

pull/3924/head
iglocska 2018-12-05 09:34:46 +01:00
parent 48b84a04fd
commit 3c227f0621
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controller/EventsController.php
View File

@ -1417,6 +1417,9 @@ class EventsController extends AppController
$this->set('deleted', isset($this->params['named']['deleted']) && $this->params['named']['deleted']);
$this->set('includeRelatedTags', (!empty($this->params['named']['includeRelatedTags'])) ? 1 : 0);
if (!$this->_isRest()) {
if ($this->_isSiteAdmin() && $this->Event->data['Event']['orgc_id'] !== $this->Auth->user('org_id')) {
$this->Flash->info(__('You are currently logged in as a site administrator and editing an event not belonging to your organisation, which goes against the sharing model of MISP. Please only use this as a last resort and use normal user account for day to day work.'));
}
$this->__viewUI($event, $continue, $fromEvent);
}
}
@ -2026,7 +2029,7 @@ class EventsController extends AppController
foreach ($this->Event->analysisLevels as $key => $value) {
$info['analysis'][$key] = array('key' => $value, 'desc' => $this->Event->analysisDescriptions[$key]['formdesc']);
}
$this->set('analysisLevels', $this->Event->analysisLevels);
$this->set('analysisLevels', $this->Event->analysisLevels);
$this->set('info', $info);
$this->set('eventDescriptions', $this->Event->fieldDescriptions);