mirror of https://github.com/MISP/MISP
fix: [sightings] Users with sighting permissions should be able to add sightings even if they don't have event write access
parent
a54a54a31c
commit
c225520f72
|
@ -19,7 +19,7 @@ class SightingsController extends AppController
|
|||
// takes an attribute ID or UUID
|
||||
public function add($id = false)
|
||||
{
|
||||
if (!$this->userRole['perm_add']) {
|
||||
if (!$this->userRole['perm_sighting']) {
|
||||
throw new MethodNotAllowedException('You are not authorised to add sightings data as you don\'t have write access.');
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
|
|
Loading…
Reference in New Issue