mirror of https://github.com/MISP/MISP
iglocska
parent
8cdf97ff66
commit
5948a7c329
|
|
@ -465,7 +465,7 @@ class AttributesController extends AppController {
|
|||
}
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
// check for non-private and re-read
|
||||
if (($this->Attribute->data['Event']['org'] != $this->Auth->user('org')) || (($this->Attribute->data['Event']['org'] == $this->Auth->user('org')) && ($this->Attribute->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->this->userRole['perm_modify'] || !$this->userRole['perm_modify_org']))) {
|
||||
if (($this->Attribute->data['Event']['org'] != $this->Auth->user('org')) || (($this->Attribute->data['Event']['org'] == $this->Auth->user('org')) && ($this->Attribute->data['Event']['user_id'] != $this->Auth->user('id')) && (!$this->userRole['perm_modify'] || !$this->userRole['perm_modify_org']))) {
|
||||
$this->Session->setFlash(__('Invalid attribute.'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -674,7 +674,7 @@ class EventsController extends AppController {
|
|||
$this->Session->setFlash(__('The event could not be saved. Please, try again.'));
|
||||
}
|
||||
} else {
|
||||
if(!$this->this->userRole['perm_modify']) $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_modify']) $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
$this->request->data = $this->Event->read(null, $id);
|
||||
}
|
||||
|
||||
|
|
@ -1254,7 +1254,7 @@ class EventsController extends AppController {
|
|||
|
||||
public function automation() {
|
||||
// Simply display a static view
|
||||
if (!$this->this->userRole['perm_auth']) {
|
||||
if (!$this->userRole['perm_auth']) {
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
}
|
||||
// generate the list of Attribute types
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ class LogsController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function admin_index() {
|
||||
if(!$this->this->userRole['perm_audit']) $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_audit']) $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
$this->set('isSearch', 0);
|
||||
if ($this->Auth->user('org') == 'ADMIN') {
|
||||
$this->AdminCrud->adminIndex();
|
||||
|
|
@ -80,7 +80,7 @@ class LogsController extends AppController {
|
|||
$mineOrAdmin = true;
|
||||
}
|
||||
$this->set('published', $this->Event->data['Event']['published']);
|
||||
if ($mineOrAdmin && $this->this->userRole['perm_modify']) $mayModify = true;
|
||||
if ($mineOrAdmin && $this->userRole['perm_modify']) $mayModify = true;
|
||||
// get a list of the attributes that belong to the event
|
||||
$this->loadModel('Attribute');
|
||||
$this->Attribute->recursive = -1;
|
||||
|
|
@ -115,7 +115,7 @@ class LogsController extends AppController {
|
|||
public $helpers = array('Js' => array('Jquery'), 'Highlight');
|
||||
|
||||
public function admin_search() {
|
||||
if(!$this->this->userRole['perm_audit']) $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
if(!$this->userRole['perm_audit']) $this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
$fullAddress = array('/admin/logs/search', '/logs/admin_search'); // FIXME remove this crap check
|
||||
$orgRestriction = null;
|
||||
if ($this->Auth->user('org') == 'ADMIN') {
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ class ServersController extends AppController {
|
|||
'conditions' => array(),
|
||||
);
|
||||
} else {
|
||||
if (!$this->this->userRole['perm_sync']) $this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
if (!$this->userRole['perm_sync']) $this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
$conditions['Server.org LIKE'] = $this->Auth->user('org');
|
||||
$this->paginate = array(
|
||||
'conditions' => array($conditions),
|
||||
|
|
@ -65,7 +65,7 @@ class ServersController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function add() {
|
||||
if ((!$this->_IsSiteAdmin()) && !($this->Server->organization == $this->Auth->user('org') && $$this->this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ((!$this->_IsSiteAdmin()) && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ($this->request->is('post')) {
|
||||
// force check userid and orgname to be from yourself
|
||||
$this->request->data['Server']['org'] = $this->Auth->user('org');
|
||||
|
|
@ -88,7 +88,7 @@ class ServersController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function edit($id = null) {
|
||||
if (!$this->_IsSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!$this->_IsSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
$this->Server->id = $id;
|
||||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
|
|
@ -121,7 +121,7 @@ class ServersController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function delete($id = null) {
|
||||
if(!$this->_IsSiteAdmin() && !($this->Server->id == $this->Auth->user('org') && $this->this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if(!$this->_IsSiteAdmin() && !($this->Server->id == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!$this->request->is('post')) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
|
|
@ -151,7 +151,7 @@ class ServersController extends AppController {
|
|||
*/
|
||||
public function pull($id = null, $technique=false) {
|
||||
// TODO should we de-activate data validation for type and category / and or mapping? Maybe other instances have other configurations that are incompatible.
|
||||
if (!$this->_IsSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!$this->_IsSiteAdmin() && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
$this->Server->id = $id;
|
||||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
|
|
@ -309,7 +309,7 @@ class ServersController extends AppController {
|
|||
}
|
||||
|
||||
public function push($id = null, $technique=false) {
|
||||
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->userRole['perm_sync'])) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!$this->request->is('post')) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue