mirror of https://github.com/MISP/MISP
Fix for the org admin privileges
Editing / creating users and the organisation permissions for org adminspull/63/head
parent
d4c5460d9e
commit
9739cd1e35
|
@ -189,24 +189,20 @@ class UsersController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function admin_add() {
|
||||
$this->set('currentOrg', $this->Auth->User('org'));
|
||||
if ($this->request->is('post')) {
|
||||
if ($this->request->data['User']['org'] == $this->Auth->user('org')) {
|
||||
$this->User->create();
|
||||
// set invited by
|
||||
$this->request->data['User']['invited_by'] = $this->Auth->user('id');
|
||||
$this->request->data['User']['change_pw'] = 1;
|
||||
if ($this->User->save($this->request->data)) {
|
||||
$this->Session->setFlash(__('The user has been saved'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
} else {
|
||||
// reset auth key for a new user
|
||||
$this->set('authkey', $this->newkey);
|
||||
$this->Session->setFlash(__('The user could not be saved. Please, try again.'));
|
||||
}
|
||||
$this->User->create();
|
||||
// set invited by
|
||||
$this->request->data['User']['invited_by'] = $this->Auth->user('id');
|
||||
$this->request->data['User']['change_pw'] = 1;
|
||||
if($this->Auth->User('org')!='ADMIN')$this->request->data['User']['org'] = $this->Auth->User('org');
|
||||
if ($this->User->save($this->request->data)) {
|
||||
$this->Session->setFlash(__('The user has been saved'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
} else {
|
||||
$this->newkey = $this->User->generateAuthKey();
|
||||
// reset auth key for a new user
|
||||
$this->set('authkey', $this->newkey);
|
||||
$this->Session->setFlash(__('The user could not be saved, not your organisation. Please, try again.'));
|
||||
$this->Session->setFlash(__('The user could not be saved. Please, try again.'));
|
||||
}
|
||||
} else {
|
||||
// generate auth key for a new user
|
||||
|
@ -227,6 +223,7 @@ class UsersController extends AppController {
|
|||
*/
|
||||
public function admin_edit($id = null) {
|
||||
// debug($fields);debug(tru);
|
||||
$this->set('currentOrg', $this->Auth->User('org'));
|
||||
$this->User->id = $id;
|
||||
if (!$this->User->exists()) {
|
||||
throw new NotFoundException(__('Invalid user'));
|
||||
|
|
|
@ -1,23 +1,25 @@
|
|||
<div class="users form">
|
||||
<?php echo $this->Form->create('User');?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Admin Add User'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('email');
|
||||
echo $this->Form->input('password');
|
||||
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
|
||||
echo $this->Form->input('org');
|
||||
echo $this->Form->input('role_id', array('label' => 'Role'));
|
||||
echo $this->Form->input('autoalert');
|
||||
echo $this->Form->input('authkey', array('value' => $authkey));
|
||||
echo $this->Form->input('nids_sid');
|
||||
echo $this->Form->input('gpgkey');
|
||||
?>
|
||||
</fieldset>
|
||||
<?php echo $this->Form->end(__('Submit'));?>
|
||||
</div>
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="users form">
|
||||
<?php echo $this->Form->create('User');?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Admin Add User'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('email');
|
||||
echo $this->Form->input('password');
|
||||
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
|
||||
if($currentOrg == 'ADMIN'){
|
||||
echo $this->Form->input('org');
|
||||
}
|
||||
echo $this->Form->input('role_id', array('label' => 'Role'));
|
||||
echo $this->Form->input('autoalert');
|
||||
echo $this->Form->input('authkey', array('value' => $authkey));
|
||||
echo $this->Form->input('nids_sid');
|
||||
echo $this->Form->input('gpgkey');
|
||||
?>
|
||||
</fieldset>
|
||||
<?php echo $this->Form->end(__('Submit'));?>
|
||||
</div>
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
|
@ -1,26 +1,28 @@
|
|||
<div class="users form">
|
||||
<?php echo $this->Form->create('User');?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Admin Edit User'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('email');
|
||||
echo $this->Form->input('password');
|
||||
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
|
||||
echo $this->Form->input('org');
|
||||
echo $this->Form->input('role_id', array('label' => 'Role')); // TODO ACL, User edit role_id.
|
||||
echo $this->Form->input('autoalert');
|
||||
echo $this->Form->input('authkey');
|
||||
echo $this->Form->input('nids_sid');
|
||||
echo $this->Form->input('termsaccepted');
|
||||
echo $this->Form->input('change_pw', array('type' => 'checkbox', 'label' => 'Change Password'));
|
||||
echo $this->Form->input('newsread');
|
||||
echo $this->Form->input('gpgkey');
|
||||
?>
|
||||
</fieldset>
|
||||
<?php echo $this->Form->end(__('Submit'));?>
|
||||
</div>
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="users form">
|
||||
<?php echo $this->Form->create('User');?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Admin Edit User'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('email');
|
||||
echo $this->Form->input('password');
|
||||
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
|
||||
if($currentOrg == 'ADMIN'){
|
||||
echo $this->Form->input('org');
|
||||
}
|
||||
echo $this->Form->input('role_id', array('label' => 'Role')); // TODO ACL, User edit role_id.
|
||||
echo $this->Form->input('autoalert');
|
||||
echo $this->Form->input('authkey');
|
||||
echo $this->Form->input('nids_sid');
|
||||
echo $this->Form->input('termsaccepted');
|
||||
echo $this->Form->input('change_pw', array('type' => 'checkbox', 'label' => 'Change Password'));
|
||||
echo $this->Form->input('newsread');
|
||||
echo $this->Form->input('gpgkey');
|
||||
?>
|
||||
</fieldset>
|
||||
<?php echo $this->Form->end(__('Submit'));?>
|
||||
</div>
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
|
@ -1,71 +1,71 @@
|
|||
<div class="users view">
|
||||
<div class="actions" style="float:right;">
|
||||
<ul><li><?php if ($isAclModify) echo $this->Html->link(__('Edit Profile', true), array('action' => 'edit', $user['User']['id'])); ?> </li></ul>
|
||||
</div>
|
||||
<h2><?php echo __('User');?></h2>
|
||||
<dl>
|
||||
<dt><?php echo __('Id'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['id']); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Email'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['email']); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Org'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['org']); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Role'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['Role']['name']); ?> <!-- TODO ACL, check, My Profile not edit role_id. -->
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Autoalert'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h(0 == ($user['User']['autoalert'])) ? 'No' : 'Yes'; ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Authkey'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['authkey']); ?>
|
||||
(<?php echo $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id']));?>)
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('NIDS Start SID'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['nids_sid']); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Termsaccepted'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h((0 == $user['User']['termsaccepted'])? 'No' : 'Yes'); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('GPG Key'); ?></dt>
|
||||
<dd>
|
||||
<?php
|
||||
if (h($user['User']['gpgkey']) != 0) {
|
||||
echo "<code>" + nl2br(h($user['User']['gpgkey'])) + "</code>";
|
||||
} else {
|
||||
echo "N/A";
|
||||
}
|
||||
?>
|
||||
|
||||
</dd>
|
||||
</dl>
|
||||
</div>
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<?php
|
||||
if ($isAclModify): ?>
|
||||
<li><?php echo $this->Html->link(__('Edit User', true), array('action' => 'edit', $user['User']['id'])); ?></li>
|
||||
<li> </li>
|
||||
<?php
|
||||
endif; ?>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
</ul>
|
||||
<div class="users view">
|
||||
<div class="actions" style="float:right;">
|
||||
<ul><li><?php if ($isAclModify && ($me['org'] == $user['User']['org'] || $me['org'] == 'ADMIN')) echo $this->Html->link(__('Edit Profile', true), array('action' => 'edit', $user['User']['id'])); ?> </li></ul>
|
||||
</div>
|
||||
<h2><?php echo __('User');?></h2>
|
||||
<dl>
|
||||
<dt><?php echo __('Id'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['id']); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Email'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['email']); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Org'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['org']); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Role'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['Role']['name']); ?> <!-- TODO ACL, check, My Profile not edit role_id. -->
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Autoalert'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h(0 == ($user['User']['autoalert'])) ? 'No' : 'Yes'; ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Authkey'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['authkey']); ?>
|
||||
(<?php echo $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id']));?>)
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('NIDS Start SID'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h($user['User']['nids_sid']); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('Termsaccepted'); ?></dt>
|
||||
<dd>
|
||||
<?php echo h((0 == $user['User']['termsaccepted'])? 'No' : 'Yes'); ?>
|
||||
|
||||
</dd>
|
||||
<dt><?php echo __('GPG Key'); ?></dt>
|
||||
<dd>
|
||||
<?php
|
||||
if (h($user['User']['gpgkey']) != 0) {
|
||||
echo "<code>" + nl2br(h($user['User']['gpgkey'])) + "</code>";
|
||||
} else {
|
||||
echo "N/A";
|
||||
}
|
||||
?>
|
||||
|
||||
</dd>
|
||||
</dl>
|
||||
</div>
|
||||
<div class="actions">
|
||||
<ul>
|
||||
<?php
|
||||
if ($isAclModify && ($me['org'] == $user['User']['org'] || $me['org'] == 'ADMIN')): ?>
|
||||
<li><?php echo $this->Html->link(__('Edit User', true), array('action' => 'edit', $user['User']['id'])); ?></li>
|
||||
<li> </li>
|
||||
<?php
|
||||
endif; ?>
|
||||
<?php echo $this->element('actions_menu'); ?>
|
||||
</ul>
|
||||
</div>
|
Loading…
Reference in New Issue