mirror of https://github.com/MISP/MISP
Redirect for ServersController
Added redirect for index in case of non sync userspull/63/head
parent
e976242878
commit
5706fe183f
|
@ -64,6 +64,7 @@ class ServersController extends AppController {
|
||||||
'conditions' => array(),
|
'conditions' => array(),
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
|
if (!$this->checkAction('perm_sync')) $this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||||
$conditions['Server.organization LIKE'] = $this->Auth->user('org');
|
$conditions['Server.organization LIKE'] = $this->Auth->user('org');
|
||||||
$this->paginate = array(
|
$this->paginate = array(
|
||||||
'conditions' => array($conditions),
|
'conditions' => array($conditions),
|
||||||
|
@ -78,7 +79,7 @@ class ServersController extends AppController {
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function add() {
|
public function add() {
|
||||||
if($this->Auth->user('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||||
if ($this->request->is('post')) {
|
if ($this->request->is('post')) {
|
||||||
// force check userid and orgname to be from yourself
|
// force check userid and orgname to be from yourself
|
||||||
$this->request->data['Server']['org'] = $this->Auth->user('org');
|
$this->request->data['Server']['org'] = $this->Auth->user('org');
|
||||||
|
@ -136,7 +137,7 @@ class ServersController extends AppController {
|
||||||
* @throws NotFoundException
|
* @throws NotFoundException
|
||||||
*/
|
*/
|
||||||
public function delete($id = null) {
|
public function delete($id = null) {
|
||||||
if($this->Auth->user('org') != 'ADMIN' && $this->Server->id != $this->Auth->user('org')) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
if($this->Auth->user('org') != 'ADMIN' && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||||
if (!$this->request->is('post')) {
|
if (!$this->request->is('post')) {
|
||||||
throw new MethodNotAllowedException();
|
throw new MethodNotAllowedException();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue