mirror of https://github.com/MISP/MISP
fix: Fix to invalid role check preventing users from seeing the org index, even if they should have access
parent
838eae0654
commit
45d1ca3451
|
@ -283,7 +283,7 @@ class LogsController extends AppController {
|
|||
}
|
||||
|
||||
public function returnDates($org = 'all') {
|
||||
if (!$role['perm_sharing_group'] && !empty(Configure::read('Security.hide_organisation_index_from_users'))) {
|
||||
if (!$this->Auth->user('Role')['perm_sharing_group'] && !empty(Configure::read('Security.hide_organisation_index_from_users'))) {
|
||||
if ($org !== 'all' && $org !== $this->Auth->user('Organisation')['name']) {
|
||||
throw new MethodNotAllowedException('Invalid organisation.');
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@ class OrganisationsController extends AppController {
|
|||
);
|
||||
|
||||
public function index() {
|
||||
if (!$role['perm_sharing_group'] && Configure::read('Security.hide_organisation_index_from_users')) {
|
||||
if (!$this->Auth->user('Role')['perm_sharing_group'] && Configure::read('Security.hide_organisation_index_from_users')) {
|
||||
throw new MethodNotAllowedException('This feature is disabled on this instance for normal users.');
|
||||
}
|
||||
$conditions = array();
|
||||
|
|
Loading…
Reference in New Issue