mirror of https://github.com/MISP/MISP
fix: Fix to invalid role check preventing users from seeing the org index, even if they should have access
parent
838eae0654
commit
45d1ca3451
|
@ -283,7 +283,7 @@ class LogsController extends AppController {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function returnDates($org = 'all') {
|
public function returnDates($org = 'all') {
|
||||||
if (!$role['perm_sharing_group'] && !empty(Configure::read('Security.hide_organisation_index_from_users'))) {
|
if (!$this->Auth->user('Role')['perm_sharing_group'] && !empty(Configure::read('Security.hide_organisation_index_from_users'))) {
|
||||||
if ($org !== 'all' && $org !== $this->Auth->user('Organisation')['name']) {
|
if ($org !== 'all' && $org !== $this->Auth->user('Organisation')['name']) {
|
||||||
throw new MethodNotAllowedException('Invalid organisation.');
|
throw new MethodNotAllowedException('Invalid organisation.');
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,7 @@ class OrganisationsController extends AppController {
|
||||||
);
|
);
|
||||||
|
|
||||||
public function index() {
|
public function index() {
|
||||||
if (!$role['perm_sharing_group'] && Configure::read('Security.hide_organisation_index_from_users')) {
|
if (!$this->Auth->user('Role')['perm_sharing_group'] && Configure::read('Security.hide_organisation_index_from_users')) {
|
||||||
throw new MethodNotAllowedException('This feature is disabled on this instance for normal users.');
|
throw new MethodNotAllowedException('This feature is disabled on this instance for normal users.');
|
||||||
}
|
}
|
||||||
$conditions = array();
|
$conditions = array();
|
||||||
|
|
Loading…
Reference in New Issue