chg: only show API/authkey to user with API key rights, fixes #1311

- code improvements as per @iglocska 's comments.  thanks.

app/Controller/UsersController.php

@@ -56,7 +56,7 @@ class UsersController extends AppController {
 	}
 
 	public function request_API(){
-		$responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user('id'));
+		$responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user());
 		$message = "Something went wrong, please try again later.";
 		if(isset($responsibleAdmin['email']) && !empty($responsibleAdmin['email'])){
 			$subject = "[MISP ".Configure::read('MISP.org')."] User requesting API access";

app/Model/User.php

@@ -936,27 +936,17 @@ class User extends AppModel {
 		return $usersPerOrg;
 	}
 
-	public function findAdminsResponsibleForUser($id){
+	public function findAdminsResponsibleForUser($user){
-		$userOrg = $this->find('first', array(
-			'conditions' => array(
-				'User.id' => $id,
-			),
-			'contain' => array(
-				'Organisation' => array('fields' => array('id')),
-			),
-			'fields' => array('Organisation.id')
-		));
-
 		$admin = $this->find('first', array(
 			'recursive' => -1,
 			'conditions' => array(
 				'Role.perm_site_admin' => 0,
 				'Role.perm_admin' => 1,
 				'User.disabled' => 0,
-				'User.org_id' => $userOrg['Organisation']['id']
+				'User.org_id' => $user['org_id']
 			),
 			'contain' => array(
-				'Role' => array('fields' => array('perm_admin'))
+				'Role' => array('fields' => array('perm_admin', 'perm_site_admin'))
 			),
 			'fields' => array('User.id', 'User.email', 'User.org_id')
 		));

app/webroot/js/misp2.4.50.js

@@ -2495,9 +2495,7 @@ $(".queryPopover").click(function() {
 });
 
 function requestAPIAccess() {
-	var destination = 'users';
+	url = "/users/request_API/";
-	var action = 'request_API';
-	url = "/" + destination + "/" + action + "/";
 	$.ajax({
 		type:"get",
 		url:url,