mirror of https://github.com/MISP/MISP
fix: [security] auditlogs's fullChange lack of ACL controls
Added proper ACL handling - As reported by Jeroen Pinoypull/9543/head
parent
cb610a7931
commit
9da67879d4
|
@ -223,8 +223,14 @@ class AuditLogsController extends AppController
|
|||
|
||||
public function fullChange($id)
|
||||
{
|
||||
$acl = $this->__applyAuditACL($this->Auth->user());
|
||||
$log = $this->AuditLog->find('first', [
|
||||
'conditions' => ['id' => $id],
|
||||
'conditions' => [
|
||||
'AND' => [
|
||||
$acl,
|
||||
'id' => $id
|
||||
]
|
||||
],
|
||||
'recursive' => -1,
|
||||
'fields' => ['change', 'action'],
|
||||
]);
|
||||
|
|
Loading…
Reference in New Issue