MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Fix for the org admin privileges 

Editing / creating users and the organisation permissions for org admins
pull/63/head
Andras Iklody 2013-01-25 12:22:55 +01:00
parent d4c5460d9e
commit 9739cd1e35
4 changed files with 135 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
app/Controller/UsersController.php
View File

@ -189,24 +189,20 @@ class UsersController extends AppController {
* @return void
*/
public function admin_add() {
$this->set('currentOrg', $this->Auth->User('org'));
if ($this->request->is('post')) {
if ($this->request->data['User']['org'] == $this->Auth->user('org')) {
$this->User->create();
// set invited by
$this->request->data['User']['invited_by'] = $this->Auth->user('id');
$this->request->data['User']['change_pw'] = 1;
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been saved'));
$this->redirect(array('action' => 'index'));
} else {
// reset auth key for a new user
$this->set('authkey', $this->newkey);
$this->Session->setFlash(__('The user could not be saved. Please, try again.'));
}
$this->User->create();
// set invited by
$this->request->data['User']['invited_by'] = $this->Auth->user('id');
$this->request->data['User']['change_pw'] = 1;
if($this->Auth->User('org')!='ADMIN')$this->request->data['User']['org'] = $this->Auth->User('org');
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been saved'));
$this->redirect(array('action' => 'index'));
} else {
$this->newkey = $this->User->generateAuthKey();
// reset auth key for a new user
$this->set('authkey', $this->newkey);
$this->Session->setFlash(__('The user could not be saved, not your organisation. Please, try again.'));
$this->Session->setFlash(__('The user could not be saved. Please, try again.'));
}
} else {
// generate auth key for a new user
@ -227,6 +223,7 @@ class UsersController extends AppController {
*/
public function admin_edit($id = null) {
// debug($fields);debug(tru);
$this->set('currentOrg', $this->Auth->User('org'));
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));

48
app/View/Users/admin_add.ctp
View File

@ -1,23 +1,25 @@
<div class="users form">
<?php echo $this->Form->create('User');?>
<fieldset>
<legend><?php echo __('Admin Add User'); ?></legend>
<?php
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
echo $this->Form->input('org');
echo $this->Form->input('role_id', array('label' => 'Role'));
echo $this->Form->input('autoalert');
echo $this->Form->input('authkey', array('value' => $authkey));
echo $this->Form->input('nids_sid');
echo $this->Form->input('gpgkey');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
<div class="users form">
<?php echo $this->Form->create('User');?>
<fieldset>
<legend><?php echo __('Admin Add User'); ?></legend>
<?php
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
if($currentOrg == 'ADMIN'){
echo $this->Form->input('org');
}
echo $this->Form->input('role_id', array('label' => 'Role'));
echo $this->Form->input('autoalert');
echo $this->Form->input('authkey', array('value' => $authkey));
echo $this->Form->input('nids_sid');
echo $this->Form->input('gpgkey');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

54
app/View/Users/admin_edit.ctp
View File

@ -1,26 +1,28 @@
<div class="users form">
<?php echo $this->Form->create('User');?>
<fieldset>
<legend><?php echo __('Admin Edit User'); ?></legend>
<?php
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
echo $this->Form->input('org');
echo $this->Form->input('role_id', array('label' => 'Role')); // TODO ACL, User edit role_id.
echo $this->Form->input('autoalert');
echo $this->Form->input('authkey');
echo $this->Form->input('nids_sid');
echo $this->Form->input('termsaccepted');
echo $this->Form->input('change_pw', array('type' => 'checkbox', 'label' => 'Change Password'));
echo $this->Form->input('newsread');
echo $this->Form->input('gpgkey');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
<div class="users form">
<?php echo $this->Form->create('User');?>
<fieldset>
<legend><?php echo __('Admin Edit User'); ?></legend>
<?php
echo $this->Form->input('email');
echo $this->Form->input('password');
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
if($currentOrg == 'ADMIN'){
echo $this->Form->input('org');
}
echo $this->Form->input('role_id', array('label' => 'Role')); // TODO ACL, User edit role_id.
echo $this->Form->input('autoalert');
echo $this->Form->input('authkey');
echo $this->Form->input('nids_sid');
echo $this->Form->input('termsaccepted');
echo $this->Form->input('change_pw', array('type' => 'checkbox', 'label' => 'Change Password'));
echo $this->Form->input('newsread');
echo $this->Form->input('gpgkey');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>

140
app/View/Users/view.ctp
View File

@ -1,71 +1,71 @@
<div class="users view">
<div class="actions" style="float:right;">
<ul><li><?php if ($isAclModify) echo $this->Html->link(__('Edit Profile', true), array('action' => 'edit', $user['User']['id'])); ?> </li></ul>
</div>
<h2><?php echo __('User');?></h2>
<dl>
<dt><?php echo __('Id'); ?></dt>
<dd>
<?php echo h($user['User']['id']); ?>
&nbsp;
</dd>
<dt><?php echo __('Email'); ?></dt>
<dd>
<?php echo h($user['User']['email']); ?>
&nbsp;
</dd>
<dt><?php echo __('Org'); ?></dt>
<dd>
<?php echo h($user['User']['org']); ?>
&nbsp;
</dd>
<dt><?php echo __('Role'); ?></dt>
<dd>
<?php echo h($user['Role']['name']); ?> <!-- TODO ACL, check, My Profile not edit role_id. -->
&nbsp;
</dd>
<dt><?php echo __('Autoalert'); ?></dt>
<dd>
<?php echo h(0 == ($user['User']['autoalert'])) ? 'No' : 'Yes'; ?>
&nbsp;
</dd>
<dt><?php echo __('Authkey'); ?></dt>
<dd>
<?php echo h($user['User']['authkey']); ?>
(<?php echo $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id']));?>)
&nbsp;
</dd>
<dt><?php echo __('NIDS Start SID'); ?></dt>
<dd>
<?php echo h($user['User']['nids_sid']); ?>
&nbsp;
</dd>
<dt><?php echo __('Termsaccepted'); ?></dt>
<dd>
<?php echo h((0 == $user['User']['termsaccepted'])? 'No' : 'Yes'); ?>
&nbsp;
</dd>
<dt><?php echo __('GPG Key'); ?></dt>
<dd>
<?php
if (h($user['User']['gpgkey']) != 0) {
echo "<code>" + nl2br(h($user['User']['gpgkey'])) + "</code>";
} else {
echo "N/A";
}
?>
&nbsp;
</dd>
</dl>
</div>
<div class="actions">
<ul>
<?php
if ($isAclModify): ?>
<li><?php echo $this->Html->link(__('Edit User', true), array('action' => 'edit', $user['User']['id'])); ?></li>
<li>&nbsp;</li>
<?php
endif; ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
<div class="users view">
<div class="actions" style="float:right;">
<ul><li><?php if ($isAclModify && ($me['org'] == $user['User']['org'] || $me['org'] == 'ADMIN')) echo $this->Html->link(__('Edit Profile', true), array('action' => 'edit', $user['User']['id'])); ?> </li></ul>
</div>
<h2><?php echo __('User');?></h2>
<dl>
<dt><?php echo __('Id'); ?></dt>
<dd>
<?php echo h($user['User']['id']); ?>
&nbsp;
</dd>
<dt><?php echo __('Email'); ?></dt>
<dd>
<?php echo h($user['User']['email']); ?>
&nbsp;
</dd>
<dt><?php echo __('Org'); ?></dt>
<dd>
<?php echo h($user['User']['org']); ?>
&nbsp;
</dd>
<dt><?php echo __('Role'); ?></dt>
<dd>
<?php echo h($user['Role']['name']); ?> <!-- TODO ACL, check, My Profile not edit role_id. -->
&nbsp;
</dd>
<dt><?php echo __('Autoalert'); ?></dt>
<dd>
<?php echo h(0 == ($user['User']['autoalert'])) ? 'No' : 'Yes'; ?>
&nbsp;
</dd>
<dt><?php echo __('Authkey'); ?></dt>
<dd>
<?php echo h($user['User']['authkey']); ?>
(<?php echo $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id']));?>)
&nbsp;
</dd>
<dt><?php echo __('NIDS Start SID'); ?></dt>
<dd>
<?php echo h($user['User']['nids_sid']); ?>
&nbsp;
</dd>
<dt><?php echo __('Termsaccepted'); ?></dt>
<dd>
<?php echo h((0 == $user['User']['termsaccepted'])? 'No' : 'Yes'); ?>
&nbsp;
</dd>
<dt><?php echo __('GPG Key'); ?></dt>
<dd>
<?php
if (h($user['User']['gpgkey']) != 0) {
echo "<code>" + nl2br(h($user['User']['gpgkey'])) + "</code>";
} else {
echo "N/A";
}
?>
&nbsp;
</dd>
</dl>
</div>
<div class="actions">
<ul>
<?php
if ($isAclModify && ($me['org'] == $user['User']['org'] || $me['org'] == 'ADMIN')): ?>
<li><?php echo $this->Html->link(__('Edit User', true), array('action' => 'edit', $user['User']['id'])); ?></li>
<li>&nbsp;</li>
<?php
endif; ?>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>