mirror of https://github.com/MISP/MISP
security: [feeds] Hide headers for non-site admin users
parent
bcf128c442
commit
bc2c58abe9
|
@ -296,7 +296,10 @@ class ACLComponent extends Component
|
|||
'perm_site_admin',
|
||||
]],
|
||||
'toggleSelected' => array('perm_site_admin'),
|
||||
'view' => array('*'),
|
||||
'view' => ['OR' => [
|
||||
'host_org_user',
|
||||
'perm_site_admin',
|
||||
]],
|
||||
),
|
||||
'galaxies' => array(
|
||||
'attachCluster' => array('perm_tagger'),
|
||||
|
|
|
@ -95,6 +95,11 @@ class FeedsController extends AppController
|
|||
} else {
|
||||
$data = $this->paginate();
|
||||
}
|
||||
foreach ($data as $i => $entry) {
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
unset($data[$i]['Feed']['headers']);
|
||||
}
|
||||
}
|
||||
$this->loadModel('Event');
|
||||
foreach ($data as $key => $value) {
|
||||
if ($value['Feed']['event_id'] != 0 && $value['Feed']['fixed_event']) {
|
||||
|
@ -130,6 +135,9 @@ class FeedsController extends AppController
|
|||
'recursive' => -1,
|
||||
'contain' => array('Tag')
|
||||
));
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
unset($feed['Feed']['headers']);
|
||||
}
|
||||
$feed['Feed']['cached_elements'] = $this->Feed->getCachedElements($feed['Feed']['id']);
|
||||
$feed['Feed']['coverage_by_other_feeds'] = $this->Feed->getFeedCoverage($feed['Feed']['id'], 'feed', 'all') . '%';
|
||||
if ($this->_isRest()) {
|
||||
|
|
|
@ -144,7 +144,8 @@
|
|||
array(
|
||||
'name' => __('Headers'),
|
||||
'class' => 'shortish',
|
||||
'data_path' => 'Feed.headers'
|
||||
'data_path' => 'Feed.headers',
|
||||
'requirement' => $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'name' => __('Target'),
|
||||
|
|
Loading…
Reference in New Issue