mirror of https://github.com/MISP/MISP
Merge branch 'hotfix-2.3.56' into develop
Iglocska
commit
70beae4958
|
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":55}
|
||||
{"major":2, "minor":3, "hotfix":56}
|
||||
|
|
|
|||
|
|
@ -165,19 +165,19 @@ class LogsController extends AppController {
|
|||
|
||||
// search the db
|
||||
$conditions = array();
|
||||
if ($email) {
|
||||
if (isset($email) && !empty($email)) {
|
||||
$conditions['LOWER(Log.email) LIKE'] = '%' . strtolower($email) . '%';
|
||||
}
|
||||
if (isset($org)) {
|
||||
if (isset($org) && !empty($org)) {
|
||||
$conditions['LOWER(Log.org) LIKE'] = '%' . strtolower($org) . '%';
|
||||
}
|
||||
if ($action != 'ALL') {
|
||||
$conditions['Log.action ='] = $action;
|
||||
}
|
||||
if (isset($title)) {
|
||||
if (isset($title) && !empty($title)) {
|
||||
$conditions['LOWER(Log.title) LIKE'] = '%' . strtolower($title) . '%';
|
||||
}
|
||||
if (isset($change)) {
|
||||
if (isset($change) && !empty($change)) {
|
||||
$conditions['LOWER(Log.change) LIKE'] = '%' . strtolower($change) . '%';
|
||||
}
|
||||
$this->{$this->defaultModel}->recursive = 0;
|
||||
|
|
|
|||
|
|
@ -271,7 +271,7 @@ class ShadowAttributesController extends AppController {
|
|||
'recursive' => -1,
|
||||
'fields' => array('id', 'orgc', 'distribution', 'org'),
|
||||
));
|
||||
if ((($event['Event']['distribution'] == 0 && $event['Event']['org'] != $this->Auth->user('org'))) || ($event['Event']['orgc'] == $this->Auth->user('org'))) {
|
||||
if (!$this->_isSiteAdmin() && (($event['Event']['distribution'] == 0 && $event['Event']['org'] != $this->Auth->user('org'))) || ($event['Event']['orgc'] == $this->Auth->user('org'))) {
|
||||
$this->Session->setFlash(__('Invalid Event.'));
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -326,14 +326,20 @@ class UsersController extends AppController {
|
|||
if ($this->request->is('post')) {
|
||||
$this->User->create();
|
||||
// set invited by
|
||||
$this->loadModel('Role');
|
||||
$this->Role->recursive = -1;
|
||||
$chosenRole = $this->Role->findById($this->request->data['User']['role_id']);
|
||||
$this->request->data['User']['invited_by'] = $this->Auth->user('id');
|
||||
$this->request->data['User']['change_pw'] = 1;
|
||||
if ($chosenRole['Role']['perm_sync']) {
|
||||
$this->request->data['User']['change_pw'] = 0;
|
||||
$this->request->data['User']['termsaccepted'] = 1;
|
||||
} else {
|
||||
$this->request->data['User']['change_pw'] = 1;
|
||||
$this->request->data['User']['termsaccepted'] = 0;
|
||||
}
|
||||
$this->request->data['User']['newsread'] = '2000-01-01';
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$this->request->data['User']['org'] = $this->Auth->User('org');
|
||||
$this->loadModel('Role');
|
||||
$this->Role->recursive = -1;
|
||||
$chosenRole = $this->Role->findById($this->request->data['User']['role_id']);
|
||||
if ($chosenRole['Role']['perm_site_admin'] == 1 || $chosenRole['Role']['perm_regexp_access'] == 1 || $chosenRole['Role']['perm_sync'] == 1) {
|
||||
throw new Exception('You are not authorised to assign that role to a user.');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -228,15 +228,16 @@
|
|||
<td class="short action-links <?php echo $extra;?>">
|
||||
<?php
|
||||
if ($object['objectType'] == 0) {
|
||||
if ($isSiteAdmin || !$mayModify) {
|
||||
?>
|
||||
<a href="/shadow_attributes/edit/<?php echo $object['id']; ?>" title="Propose Edit" class="icon-share useCursorPointer"></a>
|
||||
<?php
|
||||
}
|
||||
if ($isSiteAdmin || $mayModify) {
|
||||
?>
|
||||
<a href="/attributes/edit/<?php echo $object['id']; ?>" title="Edit" class="icon-edit useCursorPointer"></a>
|
||||
<span class="icon-trash useCursorPointer" onClick="deleteObject('attributes', 'delete', '<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
|
||||
<?php
|
||||
} else {
|
||||
?>
|
||||
<a href="/shadow_attributes/edit/<?php echo $object['id']; ?>" title="Propose Edit" class="icon-edit useCursorPointer"></a>
|
||||
<?php
|
||||
}
|
||||
} else {
|
||||
if (($event['Event']['orgc'] == $me['org'] && $mayModify) || $isSiteAdmin) {
|
||||
|
|
|
|||
|
|
@ -16,19 +16,19 @@
|
|||
?>
|
||||
<li <?php if ($menuItem === 'viewEvent') echo 'class="active"';?>><a href="/events/view/<?php echo $event['Event']['id'];?>">View Event</a></li>
|
||||
<li <?php if ($menuItem === 'eventLog') echo 'class="active"';?>><a href="/logs/event_index/<?php echo $event['Event']['id'];?>">View Event History</a></li>
|
||||
<li class="divider"></li>
|
||||
<?php if ($isSiteAdmin || (isset($mayModify) && $mayModify)): ?>
|
||||
<li <?php if ($menuItem === 'editEvent') echo 'class="active"';?>><a href="/events/edit/<?php echo $event['Event']['id'];?>">Edit Event</a></li>
|
||||
<li><?php echo $this->Form->postLink('Delete Event', array('action' => 'delete', $event['Event']['id']), null, __('Are you sure you want to delete # %s?', $event['Event']['id'])); ?></li>
|
||||
<li class="divider"></li>
|
||||
<li <?php if ($menuItem === 'addAttribute') echo 'class="active"';?>><a href="/attributes/add/<?php echo $event['Event']['id'];?>">Add Attribute</a></li>
|
||||
<li <?php if ($menuItem === 'addAttachment') echo 'class="active"';;?>><a href="/attributes/add_attachment/<?php echo $event['Event']['id'];?>">Add Attachment</a></li>
|
||||
<li <?php if ($menuItem === 'addIOC') echo 'class="active"';?>><a href="/events/addIOC/<?php echo $event['Event']['id'];?>">Populate from OpenIOC</a></li>
|
||||
<li <?php if ($menuItem === 'addThreatConnect') echo 'class="active"';?>><a href="/attributes/add_threatconnect/<?php echo $event['Event']['id']; ?>">Populate from ThreatConnect</a></li>
|
||||
<?php if ($menuItem === 'populateFromtemplate'): ?>
|
||||
<li class="active"><a href="/templates/populateEventFromTemplate/<?php echo $template_id . '/' . $event['Event']['id']; ?>">Populate From Template</a></li>
|
||||
<?php if ($menuItem === 'populateFromtemplate'): ?>
|
||||
<li class="active"><a href="/templates/populateEventFromTemplate/<?php echo $template_id . '/' . $event['Event']['id']; ?>">Populate From Template</a></li>
|
||||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
<?php elseif (!isset($mayModify) || !$mayModify): ?>
|
||||
<li class="divider"></li>
|
||||
<?php if (($isSiteAdmin && (!isset($mayModify) || !$mayModify)) || (!isset($mayModify) || !$mayModify)): ?>
|
||||
<li <?php if ($menuItem === 'proposeAttribute') echo 'class="active"';?>><a href="/shadow_attributes/add/<?php echo $event['Event']['id'];?>">Propose Attribute</a></li>
|
||||
<li <?php if ($menuItem === 'proposeAttachment') echo 'class="active"';?>><a href="/shadow_attributes/add_attachment/<?php echo $event['Event']['id'];?>">Propose Attachment</a></li>
|
||||
<?php endif; ?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue