MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

same org / site admin restriction on freetext importer added

pull/274/head^2
iglocska 2014-07-19 16:25:43 +02:00
parent d3d578d622
commit c64d6a8c93
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/EventsController.php
View File

@ -2337,12 +2337,16 @@ class EventsController extends AppController {
}
public function saveFreeText($id) {
if (!$this->userRole['perm_add']) {
throw new MethodNotAllowedException('Event not found or you don\'t have permissions to create attributes');
}
if ($this->request->is('post')) {
$event = $this->Event->find('first', array(
'conditions' => array('id' => $id),
'recursive' => -1,
'fields' => array('orgc', 'id', 'distribution'),
));
if (!$this->_isSiteAdmin() && !empty($event) && $event['Event']['orgc'] != $this->Auth->user('org')) throw new MethodNotAllowedException('Event not found or you don\'t have permissions to create attributes');
$saved = 0;
$failed = 0;
foreach ($this->request->data['Attribute'] as $k => $attribute) {