MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Copy pasta fail on the populate from template action 

- the lookup for valid event access was comparing the user's org name to the event's org id which always failed
pull/897/head
Iglocska 2016-01-22 09:28:33 +01:00
parent 7e12f3b693
commit c4cf4eca9c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/TemplatesController.php
View File

@ -267,7 +267,7 @@ class TemplatesController extends AppController {
if (empty($event)) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
if (empty($template)) throw new MethodNotAllowedException('Template not found or you are not authorised to edit it.');
if (!$this->_isSiteAdmin()) {
if ($event['Event']['orgc_id'] != $this->Auth->user('Organisation')['name']) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
if ($event['Event']['orgc_id'] != $this->Auth->user('org_id')) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
if ($template['Template']['org'] != $this->Auth->user('Organisation')['name'] && !$template['Template']['share']) throw new MethodNotAllowedException('Template not found or you are not authorised to use it.');
}