mirror of https://github.com/MISP/MISP
Copy pasta fail on the populate from template action
- the lookup for valid event access was comparing the user's org name to the event's org id which always failedpull/897/head
parent
7e12f3b693
commit
c4cf4eca9c
|
@ -267,7 +267,7 @@ class TemplatesController extends AppController {
|
|||
if (empty($event)) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
|
||||
if (empty($template)) throw new MethodNotAllowedException('Template not found or you are not authorised to edit it.');
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($event['Event']['orgc_id'] != $this->Auth->user('Organisation')['name']) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
|
||||
if ($event['Event']['orgc_id'] != $this->Auth->user('org_id')) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
|
||||
if ($template['Template']['org'] != $this->Auth->user('Organisation')['name'] && !$template['Template']['share']) throw new MethodNotAllowedException('Template not found or you are not authorised to use it.');
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue