MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Fix to an invalid permission lookup denying users from mass deleting attributes due to a copy pasta fail

pull/865/head
Iglocska 2016-01-18 15:37:07 +01:00
parent 427da7d579
commit 5ddaee7678
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Controller/AttributesController.php
View File

@ -941,11 +941,10 @@ class AttributesController extends AppController {
'recursive' => -1,
'fields' => array('id', 'orgc_id', 'user_id')
));
if ($event['Event']['orgc_id'] != $this->Auth->user('org_id') || (!$this->userRole['perm_modify_org_id'] && !($this->userRole['perm_modify'] && $event['Event']['user_id'] == $this->Auth->user('id')))) {
if ($event['Event']['orgc_id'] != $this->Auth->user('org_id') || (!$this->userRole['perm_modify_org'] && !($this->userRole['perm_modify'] && $event['Event']['user_id'] == $this->Auth->user('id')))) {
throw new MethodNotAllowedException('Invalid Event.');
}
}
// find all attributes from the ID list that also match the provided event ID.
$attributes = $this->Attribute->find('all', array(
'recursive' => -1,