mirror of https://github.com/MISP/MISP
fix: Cannot list users in own org - but button to do so is shown #1749
- normal users saw the option to see their own orgs' users but clicking the button resulted in an exception caused by the ACL - fixed a bug that caused the button to show up in the first placepull/1833/head
parent
2b187d48fc
commit
a455736560
|
@ -128,7 +128,7 @@ class OrganisationsController extends AppController {
|
|||
if (!$this->Organisation->exists()) throw new NotFoundException('Invalid organisation');
|
||||
$fullAccess = false;
|
||||
$fields = array('id', 'name', 'date_created', 'date_modified', 'type', 'nationality', 'sector', 'contacts', 'description', 'local', 'uuid');
|
||||
if ($this->_isSiteAdmin() || $this->Auth->user('Organisation')['id'] == $id) {
|
||||
if ($this->_isSiteAdmin() || ($this->_isAdmin() && $this->Auth->user('Organisation')['id'] == $id)) {
|
||||
$fullAccess = true;
|
||||
$fields = array_merge($fields, array('created_by'));
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue