MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: Cannot list users in own org - but button to do so is shown #1749 

- normal users saw the option to see their own orgs' users but clicking the button resulted in an exception caused by the ACL
- fixed a bug that caused the button to show up in the first place
pull/1833/head
iglocska 2017-01-09 21:13:05 +01:00
parent 2b187d48fc
commit a455736560
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/OrganisationsController.php
View File

@ -128,7 +128,7 @@ class OrganisationsController extends AppController {
if (!$this->Organisation->exists()) throw new NotFoundException('Invalid organisation');
$fullAccess = false;
$fields = array('id', 'name', 'date_created', 'date_modified', 'type', 'nationality', 'sector', 'contacts', 'description', 'local', 'uuid');
if ($this->_isSiteAdmin() || $this->Auth->user('Organisation')['id'] == $id) {
if ($this->_isSiteAdmin() || ($this->_isAdmin() && $this->Auth->user('Organisation')['id'] == $id)) {
$fullAccess = true;
$fields = array_merge($fields, array('created_by'));
}