MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [various fixes] to the authkeys controller 

- invalid admin lookup fixed
- restriction to individual users added when using a user view to access the authkey index
pull/6585/head
iglocska 2020-11-13 12:48:27 +01:00
parent 122f1dc2e4
commit cea665a97e
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Controller/AuthKeysController.php
View File

@ -30,6 +30,7 @@ class AuthKeysController extends AppController
$conditions['AND'][] = ['AuthKey.user_id' => array_values($userIds)];
}
if ($id !== false) {
$this->set('user_id', $id);
$conditions['AND'][] = ['AuthKey.user_id' => $id];
}
$this->CRUD->index([
@ -49,7 +50,7 @@ class AuthKeysController extends AppController
public function delete($id)
{
$params = [];
if (!$isAdmin()) {
if (!$this->_isAdmin()) {
$params['conditions'] = ['user_id' => $this->Auth->user('id')];
}
$this->CRUD->delete($id, $params);
@ -75,6 +76,9 @@ class AuthKeysController extends AppController
if (!$this->_isSiteAdmin()) {
$selectConditions['AND'][] = ['User.id' => $this->Auth->user('id')];
$params['override'] = ['user_id' => $this->Auth->user('id')];
} else if ($user_id) {
$selectConditions['AND'][] = ['User.id' => $user_id];
$params['override'] = ['user_id' => $user_id];
}
$this->CRUD->add($params);
if ($this->IndexFilter->isRest()) {