MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Bug fixes 

- issues of admin orgs not being able to edit/delete org events

- owner org removed for org admins

- email only visible from own org to org admins
pull/64/merge
iglocska 2013-03-13 15:11:49 +01:00
parent c86a90dd9f
commit d5800206e6
3 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/AppController.php
View File

@ -131,7 +131,7 @@ class AppController extends Controller {
// TODO ACL: 5: from Controller to Views
$this->set('isAclAdd', $this->checkAcl('add'));
$this->set('isAclModify', $this->checkAcl('edit'));
$this->set('isAclModifyOrg', $this->checkRole());
$this->set('isAclModifyOrg', $this->checkAction('perm_modify_org'));
$this->set('isAclPublish', $this->checkAcl('publish'));
$this->set('isAclAdd2', $this->checkAction('perm_add'));
$this->set('isAclSync', $this->checkAction('perm_sync'));

9
app/View/Events/index.ctp
View File

@ -9,7 +9,7 @@ if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<?php
endif; ?>
<?php
if ($isAdmin): ?>
if ($isSiteAdmin): ?>
<th><?php echo $this->Paginator->sort('owner org');?></th>
<?php
endif; ?>
@ -58,7 +58,7 @@ foreach ($events as $event):?>
?>
&nbsp;</td><?php
endif;
if ('true' == $isAdmin): ?>
if ('true' == $isSiteAdmin): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';"><?php
$imgRelativePath = 'orgs' . DS . h($event['Event']['org']) . '.png';
$imgAbsolutePath = APP . WEBROOT_DIR . DS . 'img' . DS . $imgRelativePath;
@ -74,7 +74,8 @@ foreach ($events as $event):?>
<?php echo $event['Event']['attribute_count']; ?>&nbsp;</td><?php
if ('true' == Configure::read('CyDefSIG.showowner') || $isAdmin): ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php echo h($event['User']['email']); ?>&nbsp;</td><?php
<?php if('false' == Configure::read('CyDefSIG.showowner') && ($isSiteAdmin || $event['Event']['org'] == $me['org'])) echo h($event['User']['email']);
?>&nbsp;</td><?php
endif; ?>
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true);?>';">
<?php echo $event['Event']['date']; ?>&nbsp;</td>
@ -97,7 +98,7 @@ foreach ($events as $event):?>
endif; ?>
<td class="actions">
<?php
if (0 == $event['Event']['published'] && ($isAdmin || ($isAclPublish && $event['Event']['org'] == $me['org'])))
if (0 == $event['Event']['published'] && ($isSiteAdmin || ($isAclPublish && $event['Event']['org'] == $me['org'])))
echo $this->Form->postLink('Publish Event', array('action' => 'alert', $event['Event']['id']), array('action' => 'alert', $event['Event']['id']), 'Are you sure this event is complete and everyone should be informed?');
elseif (0 == $event['Event']['published']) echo 'Not published';
?>

6
app/View/Events/view.ctp
View File

@ -32,14 +32,14 @@ endif; ?>
&nbsp;
</dd>
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
<dt>Creating Org</dt>
<dt>Org</dt>
<dd>
<?php echo h($event['Event']['orgc']); ?>
&nbsp;
</dd>
<?php
endif; ?>
<?php if ($isAdmin): ?>
<?php if ($isSiteAdmin): ?>
<dt>Owner org</dt>
<dd>
<?php echo h($event['Event']['org']); ?>
@ -47,7 +47,7 @@ endif; ?>
</dd>
<?php
endif; ?>
<?php if ('true' == Configure::read('CyDefSIG.showowner') || $isAdmin): ?>
<?php if ('true' == Configure::read('CyDefSIG.showowner') || ($isSiteAdmin || ($isAdmin && $me['org'] == $event['Event']['org']))): ?>
<dt>Email</dt>
<dd>
<?php echo h($event['User']['email']); ?>