mirror of https://github.com/MISP/MISP
Merge branch '2.4' into develop
commit
aeb927fa29
|
@ -21,10 +21,40 @@ class AuthKeysController extends AppController
|
||||||
public function index($id = false)
|
public function index($id = false)
|
||||||
{
|
{
|
||||||
$conditions = $this->__prepareConditions();
|
$conditions = $this->__prepareConditions();
|
||||||
if ($id !== false) {
|
$canCreateAuthkey = true;
|
||||||
|
if ($id) {
|
||||||
$this->set('user_id', $id);
|
$this->set('user_id', $id);
|
||||||
|
if ($this->_isAdmin()) {
|
||||||
|
if ($this->_isSiteAdmin()) {
|
||||||
|
$canCreateAuthkey = true;
|
||||||
|
} else {
|
||||||
|
$user = $this->AuthKey->User->find('first', [
|
||||||
|
'recursive' => -1,
|
||||||
|
'conditions' => [
|
||||||
|
'User.id' => $id,
|
||||||
|
'User.disabled' => false
|
||||||
|
],
|
||||||
|
'fields' => ['User.id', 'User.org_id', 'User.disabled'],
|
||||||
|
'contain' => [
|
||||||
|
'Role' => [
|
||||||
|
'fields' => [
|
||||||
|
'Role.perm_site_admin', 'Role.perm_admin'
|
||||||
|
]
|
||||||
|
]
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
if ($user['Role']['perm_site_admin'] || ($user['Role']['perm_admin'] && $user['User']['id'] !== $this->Auth->user('id'))) {
|
||||||
|
$canCreateAuthkey = false;
|
||||||
|
} else {
|
||||||
|
$canCreateAuthkey = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$canCreateAuthkey = (int)$id === (int)$this->Auth->user('id');
|
||||||
|
}
|
||||||
$conditions['AND'][] = ['AuthKey.user_id' => $id];
|
$conditions['AND'][] = ['AuthKey.user_id' => $id];
|
||||||
}
|
}
|
||||||
|
$this->set('canCreateAuthkey', $canCreateAuthkey);
|
||||||
$keyUsageEnabled = Configure::read('MISP.log_user_ips') && Configure::read('MISP.log_user_ips_authkeys');
|
$keyUsageEnabled = Configure::read('MISP.log_user_ips') && Configure::read('MISP.log_user_ips_authkeys');
|
||||||
$this->CRUD->index([
|
$this->CRUD->index([
|
||||||
'filters' => ['User.email', 'authkey_start', 'authkey_end', 'comment', 'User.id'],
|
'filters' => ['User.email', 'authkey_start', 'authkey_end', 'comment', 'User.id'],
|
||||||
|
@ -123,8 +153,40 @@ class AuthKeysController extends AppController
|
||||||
}
|
}
|
||||||
$selectConditions = [];
|
$selectConditions = [];
|
||||||
if (!$this->_isSiteAdmin()) {
|
if (!$this->_isSiteAdmin()) {
|
||||||
$selectConditions['AND'][] = ['User.id' => $this->Auth->user('id')];
|
if ($this->_isAdmin()) {
|
||||||
$params['override']['user_id'] = $this->Auth->user('id');
|
$role_ids = $this->AuthKey->User->Role->find('column', [
|
||||||
|
'fields' => ['Role.id'],
|
||||||
|
'conditions' => [
|
||||||
|
'AND' => [
|
||||||
|
'Role.perm_site_admin' => false,
|
||||||
|
'Role.perm_auth' => true,
|
||||||
|
'Role.perm_admin' => false
|
||||||
|
]
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
$user_ids = $this->AuthKey->User->find('column', [
|
||||||
|
'fields' => ['User.id'],
|
||||||
|
'conditions' => [
|
||||||
|
'User.org_id' => $this->Auth->user('org_id'),
|
||||||
|
'OR' => [
|
||||||
|
'User.role_id' => $role_ids,
|
||||||
|
'User.id' => $this->Auth->user('id')
|
||||||
|
]
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
if (!empty($user_id)) {
|
||||||
|
if (in_array($user_id, $user_ids)) {
|
||||||
|
$user_ids = [$user_id];
|
||||||
|
} else {
|
||||||
|
throw new MethodNotAllowedException(__('Invalid user or insufficient privileges to create an authkey for the given user.'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$selectConditions['AND'][] = ['User.id' => $user_ids];
|
||||||
|
$params['override']['user_id'] = $user_ids;
|
||||||
|
} else {
|
||||||
|
$selectConditions['AND'][] = ['User.id' => $this->Auth->user('id')];
|
||||||
|
$params['override']['user_id'] = $this->Auth->user('id');
|
||||||
|
}
|
||||||
} else if ($user_id) {
|
} else if ($user_id) {
|
||||||
$selectConditions['AND'][] = ['User.id' => $user_id];
|
$selectConditions['AND'][] = ['User.id' => $user_id];
|
||||||
$params['override']['user_id'] = $user_id;
|
$params['override']['user_id'] = $user_id;
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
'text' => __('Add authentication key'),
|
'text' => __('Add authentication key'),
|
||||||
'class' => 'btn-primary modal-open',
|
'class' => 'btn-primary modal-open',
|
||||||
'url' => "$baseurl/auth_keys/add" . (empty($user_id) ? '' : ('/' . $user_id)),
|
'url' => "$baseurl/auth_keys/add" . (empty($user_id) ? '' : ('/' . $user_id)),
|
||||||
|
'requirement' => $canCreateAuthkey
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
|
Loading…
Reference in New Issue