MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: Permissions for non-auth enabled users to use the API fixed

pull/1435/head
iglocska 2016-08-11 16:14:26 +02:00
parent 80e1c61fb5
commit 4dd4e16b20
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/AppController.php
View File

@ -325,6 +325,7 @@ class AppController extends Controller {
if (Configure::read('site_admin_debug') && $this->_isSiteAdmin() && (Configure::read('debug') < 2)) {
Configure::write('debug', 1);
}
$this->debugMode = 'debugOff';
if (Configure::read('debug') > 1) $this->debugMode = 'debugOn';
$this->set('loggedInUserName', $this->__convertEmailToName($this->Auth->user('email')));
@ -438,6 +439,7 @@ class AppController extends Controller {
public function checkAuthUser($authkey) {
$this->loadModel('User');
$user = $this->User->getAuthUserByUuid($authkey);
if (!$user['Role']['perm_auth']) return false;
if (empty($user)) return false;
if ($user['Role']['perm_site_admin']) $user['siteadmin'] = true;
return $user;