mirror of https://github.com/MISP/MISP
fix: [security] Make cluster's elements adhere to ACL
parent
83ce94ac70
commit
423750573d
|
@ -14,9 +14,11 @@ class GalaxyElementsController extends AppController
|
|||
)
|
||||
);
|
||||
|
||||
public function index($id)
|
||||
public function index($clusterId)
|
||||
{
|
||||
$this->paginate['conditions'] = array('GalaxyElement.galaxy_cluster_id' => $id);
|
||||
$aclConditions = $this->GalaxyElement->buildClusterConditions($this->Auth->user(), $clusterId);
|
||||
$this->paginate['conditions'] = [$aclConditions];
|
||||
$this->paginate['contain'] = ['GalaxyCluster' => ['fields' => ['id', 'distribution', 'org_id']]];
|
||||
$clusters = $this->paginate();
|
||||
$this->set('list', $clusters);
|
||||
if ($this->request->is('ajax')) {
|
||||
|
|
|
@ -95,4 +95,37 @@ class GalaxyElement extends AppModel
|
|||
}
|
||||
$this->saveMany($tempElements);
|
||||
}
|
||||
|
||||
public function buildACLConditions($user)
|
||||
{
|
||||
$conditions = [];
|
||||
if (!$user['Role']['perm_site_admin']) {
|
||||
$conditions = $this->GalaxyCluster->buildConditions($user);
|
||||
}
|
||||
return $conditions;
|
||||
}
|
||||
|
||||
public function buildClusterConditions($user, $clusterId)
|
||||
{
|
||||
return [
|
||||
$this->buildACLConditions($user),
|
||||
'GalaxyCluster.id' => $clusterId
|
||||
];
|
||||
}
|
||||
|
||||
public function fetchElements(array $user, $clusterId)
|
||||
{
|
||||
$params = array(
|
||||
'conditions' => $this->buildClusterConditions($user, $clusterId),
|
||||
'contain' => ['GalaxyCluster' => ['fields' => ['id', 'distribution', 'org_id']]],
|
||||
'recursive' => -1
|
||||
);
|
||||
$elements = $this->find('all', $params);
|
||||
foreach ($elements as $i => $element) {
|
||||
$elements[$i] = $elements[$i]['GalaxyElement'];
|
||||
unset($elements[$i]['GalaxyCluster']);
|
||||
unset($elements[$i]['GalaxyElement']);
|
||||
}
|
||||
return $elements;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue