MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [internal] Conditions when object distribution is set to org only

pull/6327/head
Jakub Onderka 2020-09-21 11:33:19 +02:00
parent ae5434fbc6
commit 73cc4b7044
1 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
app/Model/MispObject.php
View File

@ -393,23 +393,28 @@ class MispObject extends AppModel
public function buildConditions(array $user)
{
$conditions = array();
if (!$user['Role']['perm_site_admin']) {
$sgids = $this->Event->cacheSgids($user, true);
$conditions = array(
'AND' => array(
$this->Event->createEventConditions($user),
'OR' => array(
'Object.distribution' => array(1, 2, 3, 5),
'AND' => array(
'Object.distribution' => 4,
'Object.sharing_group_id' => $sgids,
)
)
)
);
if ($user['Role']['perm_site_admin']) {
return [];
}
return $conditions;
$sgids = $this->Event->cacheSgids($user, true);
return [
'AND' => [
'OR' => [
'Event.org_id' => $user['org_id'], // if event is owned by current user org, allow access to all objects
'AND' => [
$this->Event->createEventConditions($user),
'OR' => [
'Object.distribution' => array(1, 2, 3, 5),
'AND' => [
'Object.distribution' => 4,
'Object.sharing_group_id' => $sgids,
]
]
]
]
]
];
}
public function fetchObjectSimple($user, $options = array())