From be62a6b05334e1754770feb816c0a655ac81c39f Mon Sep 17 00:00:00 2001 From: Iglocska Date: Thu, 21 Jan 2016 14:52:06 +0100 Subject: [PATCH] Entering a valid controller/action and an invalid one produced a different result pre-auth - not authenticated users now automatically get redirected to the login page, no matter what action they requested - This as a nice side effect also removed the bug that was caused by a site admin looking at an admin function before logging out / timing out and being incorrectly redirected to /admin/users/login --- VERSION.json | 2 +- app/Controller/AppController.php | 28 ++++++++-------------------- app/Controller/UsersController.php | 1 - 3 files changed, 9 insertions(+), 22 deletions(-) diff --git a/VERSION.json b/VERSION.json index 722fdf0f1..fc2c3d76c 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1 +1 @@ -{"major":2, "minor":4, "hotfix":11} +{"major":2, "minor":4, "hotfix":12} diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index af6935bba..a0a3b3a7d 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -79,8 +79,6 @@ class AppController extends Controller { public $mispVersion = '2.4.0'; public function beforeFilter() { - $versionArray = $this->{$this->modelClass}->checkMISPVersion(); - $this->mispVersionFull = implode('.', array_values($versionArray)); $this->Security->blackHoleCallback = 'blackHole'; // Let us access $baseurl from all views @@ -209,6 +207,8 @@ class AppController extends Controller { $this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false)); } } + } else { + if (!($this->params['controller'] === 'users' && $this->params['action'] === 'login')) $this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false)); } // check if MISP is live @@ -244,6 +244,8 @@ class AppController extends Controller { // getActions returns all the flags in a single SQL query if ($this->Auth->user()) { //$this->_refreshAuth(); + $versionArray = $this->{$this->modelClass}->checkMISPVersion(); + $this->mispVersionFull = implode('.', array_values($versionArray)); $this->set('mispVersion', $this->mispVersion); $this->set('mispVersionFull', $this->mispVersionFull); $role = $this->getActions(); @@ -263,22 +265,12 @@ class AppController extends Controller { $this->set('isAclTemplate', $role['perm_template']); $this->set('isAclSharingGroup', $role['perm_sharing_group']); $this->userRole = $role; + $proposalCount = $this->_getProposalCount(); + $this->set('proposalCount', $proposalCount[0]); + $this->set('proposalEventCount', $proposalCount[1]); + $this->set('mispVersion', $this->mispVersion); } else { $this->set('me', false); - $this->set('isAdmin', false); - $this->set('isSiteAdmin', false); - $this->set('isAclAdd', false); - $this->set('isAclModify', false); - $this->set('isAclModifyOrg', false); - $this->set('isAclPublish', false); - $this->set('isAclSync', false); - $this->set('isAclAdmin', false); - $this->set('isAclAudit', false); - $this->set('isAclAuth', false); - $this->set('isAclRegexp', false); - $this->set('isAclTagger', false); - $this->set('isAclTemplate', false); - $this->set('isAclSharingGroup', false); } if (Configure::read('site_admin_debug') && $this->_isSiteAdmin() && (Configure::read('debug') < 2)) { Configure::write('debug', 1); @@ -287,10 +279,6 @@ class AppController extends Controller { if (Configure::read('debug') > 1) $this->debugMode = 'debugOn'; $this->set('debugMode', $this->debugMode); - $proposalCount = $this->_getProposalCount(); - $this->set('proposalCount', $proposalCount[0]); - $this->set('proposalEventCount', $proposalCount[1]); - $this->set('mispVersion', $this->mispVersion); } public function blackhole($type) { diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index 837ad9654..01df11370 100755 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -625,7 +625,6 @@ class UsersController extends AppController { )); $this->Role->save($siteAdmin); } - if ($this->User->Organisation->find('count', array('conditions' => array('Organisation.local' => true))) == 0) { $org = array('Organisation' => array( 'id' => 1,