mirror of https://github.com/MISP/MISP
chg: only show API/authkey to user with API key rights, fixes #1311
- code improvements as per @iglocska 's comments. thanks.pull/1467/head
parent
139de84952
commit
c19fa90e92
|
@ -56,7 +56,7 @@ class UsersController extends AppController {
|
|||
}
|
||||
|
||||
public function request_API(){
|
||||
$responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user('id'));
|
||||
$responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user());
|
||||
$message = "Something went wrong, please try again later.";
|
||||
if(isset($responsibleAdmin['email']) && !empty($responsibleAdmin['email'])){
|
||||
$subject = "[MISP ".Configure::read('MISP.org')."] User requesting API access";
|
||||
|
|
|
@ -936,27 +936,17 @@ class User extends AppModel {
|
|||
return $usersPerOrg;
|
||||
}
|
||||
|
||||
public function findAdminsResponsibleForUser($id){
|
||||
$userOrg = $this->find('first', array(
|
||||
'conditions' => array(
|
||||
'User.id' => $id,
|
||||
),
|
||||
'contain' => array(
|
||||
'Organisation' => array('fields' => array('id')),
|
||||
),
|
||||
'fields' => array('Organisation.id')
|
||||
));
|
||||
|
||||
public function findAdminsResponsibleForUser($user){
|
||||
$admin = $this->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array(
|
||||
'Role.perm_site_admin' => 0,
|
||||
'Role.perm_admin' => 1,
|
||||
'User.disabled' => 0,
|
||||
'User.org_id' => $userOrg['Organisation']['id']
|
||||
'User.org_id' => $user['org_id']
|
||||
),
|
||||
'contain' => array(
|
||||
'Role' => array('fields' => array('perm_admin'))
|
||||
'Role' => array('fields' => array('perm_admin', 'perm_site_admin'))
|
||||
),
|
||||
'fields' => array('User.id', 'User.email', 'User.org_id')
|
||||
));
|
||||
|
|
|
@ -2495,9 +2495,7 @@ $(".queryPopover").click(function() {
|
|||
});
|
||||
|
||||
function requestAPIAccess() {
|
||||
var destination = 'users';
|
||||
var action = 'request_API';
|
||||
url = "/" + destination + "/" + action + "/";
|
||||
url = "/users/request_API/";
|
||||
$.ajax({
|
||||
type:"get",
|
||||
url:url,
|
||||
|
|
Loading…
Reference in New Issue