mirror of https://github.com/MISP/MISP
new: [acl] canEditEventReport
parent
813a228059
commit
a1a2109360
|
@ -991,6 +991,25 @@ class ACLComponent extends Component
|
|||
return $sighting['Sighting']['org_id'] == $user['org_id'];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $user
|
||||
* @param array $eventReport
|
||||
* @return bool
|
||||
*/
|
||||
public function canEditEventReport(array $user, array $eventReport)
|
||||
{
|
||||
if (!isset($report['Event'])) {
|
||||
throw new InvalidArgumentException('Passed object does not contain an Event.');
|
||||
}
|
||||
if ($user['Role']['perm_site_admin']) {
|
||||
return true;
|
||||
}
|
||||
if ($eventReport['Event']['orgc_id'] == $user['org_id']) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private function __checkLoggedActions($user, $controller, $action)
|
||||
{
|
||||
$loggedActions = array(
|
||||
|
|
|
@ -93,8 +93,8 @@
|
|||
'EventReport.id'
|
||||
),
|
||||
'icon' => 'edit',
|
||||
'complex_requirement' => function (array $row) use ($me) {
|
||||
return $me['Role']['perm_site_admin'] || $me['org_id'] == $row['Event']['orgc_id'];
|
||||
'complex_requirement' => function (array $row) {
|
||||
return $this->Acl->canEditEventReport($row);
|
||||
}
|
||||
),
|
||||
array(
|
||||
|
@ -102,8 +102,8 @@
|
|||
'icon' => 'trash',
|
||||
'onclick' => 'simplePopup(\'' . $baseurl . '/event_reports/delete/[onclick_params_data_path]\');',
|
||||
'onclick_params_data_path' => 'EventReport.id',
|
||||
'complex_requirement' => function (array $row) use ($me) {
|
||||
return ($me['Role']['perm_site_admin'] || $me['org_id'] == $row['Event']['orgc_id']) && !$row['EventReport']['deleted'];
|
||||
'complex_requirement' => function (array $row) {
|
||||
return $this->Acl->canEditEventReport($row) && !$row['EventReport']['deleted'];
|
||||
}
|
||||
),
|
||||
array(
|
||||
|
@ -113,8 +113,8 @@
|
|||
'icon' => 'trash-restore',
|
||||
'postLink' => true,
|
||||
'postLinkConfirm' => __('Are you sure you want to restore the Report?'),
|
||||
'complex_requirement' => function (array $row) use ($me) {
|
||||
return ($me['Role']['perm_site_admin'] || $me['org_id'] == $row['Event']['orgc_id']) && $row['EventReport']['deleted'];
|
||||
'complex_requirement' => function (array $row) {
|
||||
return $this->Acl->canEditEventReport($row) && $row['EventReport']['deleted'];
|
||||
}
|
||||
),
|
||||
)
|
||||
|
|
|
@ -83,4 +83,14 @@ class AclHelper extends Helper
|
|||
$me = $this->_View->viewVars['me'];
|
||||
return $this->ACL->canDeleteSighting($me, $sighting);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $eventReport
|
||||
* @return bool
|
||||
*/
|
||||
public function canEditEventReport(array $eventReport)
|
||||
{
|
||||
$me = $this->_View->viewVars['me'];
|
||||
return $this->ACL->canEditReport($me, $eventReport);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue