MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Redirect for ServersController 

Added redirect for index in case of non sync users
pull/63/head
Andras Iklody 2013-02-06 08:34:41 +01:00
parent e976242878
commit 5706fe183f
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controller/ServersController.php
View File

@ -64,6 +64,7 @@ class ServersController extends AppController {
'conditions' => array(),
);
} else {
if (!$this->checkAction('perm_sync')) $this->redirect(array('controller' => 'events', 'action' => 'index'));
$conditions['Server.organization LIKE'] = $this->Auth->user('org');
$this->paginate = array(
'conditions' => array($conditions),
@ -78,7 +79,7 @@ class ServersController extends AppController {
* @return void
*/
public function add() {
if($this->Auth->user('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if ($this->request->is('post')) {
// force check userid and orgname to be from yourself
$this->request->data['Server']['org'] = $this->Auth->user('org');
@ -136,7 +137,7 @@ class ServersController extends AppController {
* @throws NotFoundException
*/
public function delete($id = null) {
if($this->Auth->user('org') != 'ADMIN' && $this->Server->id != $this->Auth->user('org')) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if($this->Auth->user('org') != 'ADMIN' && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
if (!$this->request->is('post')) {
throw new MethodNotAllowedException();
}