mirror of https://github.com/MISP/MISP
chg: only show API/authkey to user with API key rights, fixes #1311
- code improvements as per @iglocska 's comments. thanks.pull/1467/head
parent
139de84952
commit
c19fa90e92
|
@ -56,7 +56,7 @@ class UsersController extends AppController {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function request_API(){
|
public function request_API(){
|
||||||
$responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user('id'));
|
$responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user());
|
||||||
$message = "Something went wrong, please try again later.";
|
$message = "Something went wrong, please try again later.";
|
||||||
if(isset($responsibleAdmin['email']) && !empty($responsibleAdmin['email'])){
|
if(isset($responsibleAdmin['email']) && !empty($responsibleAdmin['email'])){
|
||||||
$subject = "[MISP ".Configure::read('MISP.org')."] User requesting API access";
|
$subject = "[MISP ".Configure::read('MISP.org')."] User requesting API access";
|
||||||
|
|
|
@ -936,27 +936,17 @@ class User extends AppModel {
|
||||||
return $usersPerOrg;
|
return $usersPerOrg;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function findAdminsResponsibleForUser($id){
|
public function findAdminsResponsibleForUser($user){
|
||||||
$userOrg = $this->find('first', array(
|
|
||||||
'conditions' => array(
|
|
||||||
'User.id' => $id,
|
|
||||||
),
|
|
||||||
'contain' => array(
|
|
||||||
'Organisation' => array('fields' => array('id')),
|
|
||||||
),
|
|
||||||
'fields' => array('Organisation.id')
|
|
||||||
));
|
|
||||||
|
|
||||||
$admin = $this->find('first', array(
|
$admin = $this->find('first', array(
|
||||||
'recursive' => -1,
|
'recursive' => -1,
|
||||||
'conditions' => array(
|
'conditions' => array(
|
||||||
'Role.perm_site_admin' => 0,
|
'Role.perm_site_admin' => 0,
|
||||||
'Role.perm_admin' => 1,
|
'Role.perm_admin' => 1,
|
||||||
'User.disabled' => 0,
|
'User.disabled' => 0,
|
||||||
'User.org_id' => $userOrg['Organisation']['id']
|
'User.org_id' => $user['org_id']
|
||||||
),
|
),
|
||||||
'contain' => array(
|
'contain' => array(
|
||||||
'Role' => array('fields' => array('perm_admin'))
|
'Role' => array('fields' => array('perm_admin', 'perm_site_admin'))
|
||||||
),
|
),
|
||||||
'fields' => array('User.id', 'User.email', 'User.org_id')
|
'fields' => array('User.id', 'User.email', 'User.org_id')
|
||||||
));
|
));
|
||||||
|
|
|
@ -2495,9 +2495,7 @@ $(".queryPopover").click(function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
function requestAPIAccess() {
|
function requestAPIAccess() {
|
||||||
var destination = 'users';
|
url = "/users/request_API/";
|
||||||
var action = 'request_API';
|
|
||||||
url = "/" + destination + "/" + action + "/";
|
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type:"get",
|
type:"get",
|
||||||
url:url,
|
url:url,
|
||||||
|
|
Loading…
Reference in New Issue