mirror of https://github.com/MISP/MISP
security: [feeds] Hide headers for non-site admin users
parent
bcf128c442
commit
bc2c58abe9
|
@ -296,7 +296,10 @@ class ACLComponent extends Component
|
||||||
'perm_site_admin',
|
'perm_site_admin',
|
||||||
]],
|
]],
|
||||||
'toggleSelected' => array('perm_site_admin'),
|
'toggleSelected' => array('perm_site_admin'),
|
||||||
'view' => array('*'),
|
'view' => ['OR' => [
|
||||||
|
'host_org_user',
|
||||||
|
'perm_site_admin',
|
||||||
|
]],
|
||||||
),
|
),
|
||||||
'galaxies' => array(
|
'galaxies' => array(
|
||||||
'attachCluster' => array('perm_tagger'),
|
'attachCluster' => array('perm_tagger'),
|
||||||
|
|
|
@ -95,6 +95,11 @@ class FeedsController extends AppController
|
||||||
} else {
|
} else {
|
||||||
$data = $this->paginate();
|
$data = $this->paginate();
|
||||||
}
|
}
|
||||||
|
foreach ($data as $i => $entry) {
|
||||||
|
if (!$this->_isSiteAdmin()) {
|
||||||
|
unset($data[$i]['Feed']['headers']);
|
||||||
|
}
|
||||||
|
}
|
||||||
$this->loadModel('Event');
|
$this->loadModel('Event');
|
||||||
foreach ($data as $key => $value) {
|
foreach ($data as $key => $value) {
|
||||||
if ($value['Feed']['event_id'] != 0 && $value['Feed']['fixed_event']) {
|
if ($value['Feed']['event_id'] != 0 && $value['Feed']['fixed_event']) {
|
||||||
|
@ -130,6 +135,9 @@ class FeedsController extends AppController
|
||||||
'recursive' => -1,
|
'recursive' => -1,
|
||||||
'contain' => array('Tag')
|
'contain' => array('Tag')
|
||||||
));
|
));
|
||||||
|
if (!$this->_isSiteAdmin()) {
|
||||||
|
unset($feed['Feed']['headers']);
|
||||||
|
}
|
||||||
$feed['Feed']['cached_elements'] = $this->Feed->getCachedElements($feed['Feed']['id']);
|
$feed['Feed']['cached_elements'] = $this->Feed->getCachedElements($feed['Feed']['id']);
|
||||||
$feed['Feed']['coverage_by_other_feeds'] = $this->Feed->getFeedCoverage($feed['Feed']['id'], 'feed', 'all') . '%';
|
$feed['Feed']['coverage_by_other_feeds'] = $this->Feed->getFeedCoverage($feed['Feed']['id'], 'feed', 'all') . '%';
|
||||||
if ($this->_isRest()) {
|
if ($this->_isRest()) {
|
||||||
|
|
|
@ -144,7 +144,8 @@
|
||||||
array(
|
array(
|
||||||
'name' => __('Headers'),
|
'name' => __('Headers'),
|
||||||
'class' => 'shortish',
|
'class' => 'shortish',
|
||||||
'data_path' => 'Feed.headers'
|
'data_path' => 'Feed.headers',
|
||||||
|
'requirement' => $isSiteAdmin
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'name' => __('Target'),
|
'name' => __('Target'),
|
||||||
|
|
Loading…
Reference in New Issue