MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: Fix to invalid role check preventing users from seeing the org index, even if they should have access

pull/2831/head
iglocska 2018-01-15 09:50:11 +01:00
parent 838eae0654
commit 45d1ca3451
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/LogsController.php
View File

@ -283,7 +283,7 @@ class LogsController extends AppController {
} }
public function returnDates($org = 'all') { public function returnDates($org = 'all') {
if (!$role['perm_sharing_group'] && !empty(Configure::read('Security.hide_organisation_index_from_users'))) { if (!$this->Auth->user('Role')['perm_sharing_group'] && !empty(Configure::read('Security.hide_organisation_index_from_users'))) {
if ($org !== 'all' && $org !== $this->Auth->user('Organisation')['name']) { if ($org !== 'all' && $org !== $this->Auth->user('Organisation')['name']) {
throw new MethodNotAllowedException('Invalid organisation.'); throw new MethodNotAllowedException('Invalid organisation.');
} }

2
app/Controller/OrganisationsController.php
View File

@ -18,7 +18,7 @@ class OrganisationsController extends AppController {
); );
public function index() { public function index() {
if (!$role['perm_sharing_group'] && Configure::read('Security.hide_organisation_index_from_users')) { if (!$this->Auth->user('Role')['perm_sharing_group'] && Configure::read('Security.hide_organisation_index_from_users')) {
throw new MethodNotAllowedException('This feature is disabled on this instance for normal users.'); throw new MethodNotAllowedException('This feature is disabled on this instance for normal users.');
} }
$conditions = array(); $conditions = array();