mirror of https://github.com/MISP/MISP
new: [security setting] disable admin file management
- for compliance reasons, disable the upload of images for the various logos / decorations - setting can be enabled/disabled via CLI onlypull/8778/head
parent
d73151a5cf
commit
6393e993bf
|
@ -1075,6 +1075,9 @@ class ServersController extends AppController
|
|||
$this->set('correlation_metrics', $correlation_metrics);
|
||||
}
|
||||
if ($tab === 'files') {
|
||||
if (!empty(Configure::read('Security.disable_instance_file_uploads'))) {
|
||||
throw new MethodNotAllowedException(__('This functionality is disabled.'));
|
||||
}
|
||||
$files = $this->Server->grabFiles();
|
||||
$this->set('files', $files);
|
||||
}
|
||||
|
@ -1624,6 +1627,9 @@ class ServersController extends AppController
|
|||
if (!$this->request->is('post')) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
if (!empty(Configure::read('Security.disable_instance_file_uploads'))) {
|
||||
throw new MethodNotAllowedException(__('Feature disabled.'));
|
||||
}
|
||||
$validItems = $this->Server->getFileRules();
|
||||
|
||||
// Check if there were problems with the file upload
|
||||
|
|
|
@ -6523,6 +6523,15 @@ class Server extends AppModel
|
|||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
],
|
||||
'disable_instance_file_uploads' => [
|
||||
'level' => self::SETTING_RECOMMENDED,
|
||||
'description' => __('When enabled, the "Manage files" menu is disabled on the server settings. You can still copy files via ssh to the appropriate location and link them using MISP.settings.'),
|
||||
'value' => false,
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true,
|
||||
'cli_only' => true
|
||||
]
|
||||
),
|
||||
'SecureAuth' => array(
|
||||
|
|
|
@ -50,12 +50,13 @@
|
|||
),
|
||||
'active' => $active_tab === 'diagnostics'
|
||||
);
|
||||
|
||||
$data['children'][0]['children'][] = array(
|
||||
'url' => $baseurl . '/servers/serverSettings/files',
|
||||
'text' => __('Manage files'),
|
||||
'active' => $active_tab === 'files'
|
||||
);
|
||||
if (empty(Configure::read('Security.disable_instance_file_uploads'))) {
|
||||
$data['children'][0]['children'][] = array(
|
||||
'url' => $baseurl . '/servers/serverSettings/files',
|
||||
'text' => __('Manage files'),
|
||||
'active' => $active_tab === 'files'
|
||||
);
|
||||
}
|
||||
$data['children'][0]['children'][] = array(
|
||||
'url' => $baseurl . '/servers/serverSettings/workers',
|
||||
'title' => __('Workers'),
|
||||
|
|
Loading…
Reference in New Issue