MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

RBAC 

check if $user exists, if no, not logged in.
pull/63/head
noud 2012-11-08 15:12:20 +01:00
parent 91f96427db
commit c722205ddf
1 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
app/Controller/AppController.php
View File

@ -22,7 +22,6 @@
// TODO GPG encryption has issues when keys are expired
App::uses('User', 'Model');
App::uses('Controller', 'Controller');
App::uses('Sanitize', 'Utility');
/**
@ -361,20 +360,15 @@ class AppController extends Controller {
* TODO ACL, EXTRA: mixed in Org!!
*/
public function checkGroup() {
$aco = 'Events'; // TODO ACL was 'Attributes'
$this->loadModel('User');
$user = $this->User->findById($this->Auth->user('id'));
//$user = ClassRegistry::init('User')->findById($this->Auth->user('id'));
// debug($user['User']['group_id']);
$this->loadModel('Group');
$group = $this->Group->findById($user['User']['group_id']);
//$group = ClassRegistry::init('Group')->findById($user['User']['group_id']);
// debug($group['Group']['perm_modify_org']);
if ($group['Group']['perm_modify_org']) {
return true;
} else {
return false;
$modifyGroup = false;
$user = ClassRegistry::init('User')->findById($this->Auth->user('id'));
if (isset($user)) {
$group = ClassRegistry::init('Group')->findById($user['User']['group_id']);
if ($group['Group']['perm_modify_org']) {
$modifyGroup = true;
}
}
return $modifyGroup;
}
/**