mirror of https://github.com/MISP/MISP
fix: [events:index] Do not show events if org doesn't belong to the SG
Event belonging to an organisation which is not included in the sharing group assigned to the event will not see the event on the index anymore. Fix #6033 Fix #6107pull/6142/head
parent
3d2fd93de2
commit
9d0597528d
|
@ -730,6 +730,7 @@ class EventsController extends AppController
|
|||
),
|
||||
));
|
||||
$this->loadModel('GalaxyCluster');
|
||||
$sgids = $this->Event->cacheSgids($this->Auth->user(), true);
|
||||
|
||||
// for REST, don't use the pagination. With this, we'll escape the limit of events shown on the index.
|
||||
if ($this->_isRest()) {
|
||||
|
@ -839,6 +840,10 @@ class EventsController extends AppController
|
|||
}
|
||||
$events = $this->GalaxyCluster->attachClustersToEventIndex($events);
|
||||
foreach ($events as $key => $event) {
|
||||
if ($event['Event']['distribution'] == 4 && !in_array($event['Event']['sharing_group_id'], $sgids)) {
|
||||
unset($events[$key]);
|
||||
continue;
|
||||
}
|
||||
$temp = $events[$key]['Event'];
|
||||
$temp['Org'] = $event['Org'];
|
||||
$temp['Orgc'] = $event['Orgc'];
|
||||
|
@ -865,6 +870,10 @@ class EventsController extends AppController
|
|||
} else {
|
||||
$events = $this->paginate();
|
||||
foreach ($events as $k => $event) {
|
||||
if ($event['Event']['distribution'] == 4 && !in_array($event['Event']['sharing_group_id'], $sgids)) {
|
||||
unset($events[$k]);
|
||||
continue;
|
||||
}
|
||||
if (empty($event['SharingGroup']['name'])) {
|
||||
unset($events[$k]['SharingGroup']);
|
||||
}
|
||||
|
|
|
@ -38,6 +38,7 @@ class Log extends AppModel
|
|||
'enrichment',
|
||||
'error',
|
||||
'export',
|
||||
'fetchEvent',
|
||||
'file_upload',
|
||||
'galaxy',
|
||||
'include_formula',
|
||||
|
|
Loading…
Reference in New Issue