mirror of https://github.com/MISP/MISP
chg: [object:fromAttributes] Method only accesible via AJAX and regular
users can use the featurepull/4672/head
parent
b050269949
commit
d6093b9659
|
@ -250,8 +250,8 @@ class ACLComponent extends Component
|
|||
'edit' => array('perm_add'),
|
||||
'get_row' => array('perm_add'),
|
||||
'orphanedObjectDiagnostics' => array(),
|
||||
'proposeObjectsFromAttributes' => array(),
|
||||
'groupAttributesIntoObject' => array(),
|
||||
'proposeObjectsFromAttributes' => array('*'),
|
||||
'groupAttributesIntoObject' => array('perm_add'),
|
||||
'revise_object' => array('perm_add'),
|
||||
'view' => array('*'),
|
||||
),
|
||||
|
|
|
@ -992,6 +992,9 @@ class ObjectsController extends AppController
|
|||
|
||||
function proposeObjectsFromAttributes($event_id, $selected_attributes='[]')
|
||||
{
|
||||
if (!$this->request->is('ajax')) {
|
||||
throw new MethodNotAllowedException(__('This action can only be reached via AJAX.'));
|
||||
}
|
||||
$selected_attributes = json_decode($selected_attributes, true);
|
||||
$res = $this->MispObject->validObjectsFromAttributeTypes($this->Auth->user(), $event_id, $selected_attributes);
|
||||
$potential_templates = $res['templates'];
|
||||
|
@ -1025,10 +1028,10 @@ class ObjectsController extends AppController
|
|||
throw new NotFoundException(__('Invalid event.'));
|
||||
}
|
||||
$hard_delete_attribute = $event['Event']['publish_timestamp'] == 0;
|
||||
if (!$this->request->is('ajax')) {
|
||||
throw new MethodNotAllowedException(__('This action can only be reached via AJAX.'));
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
if (!$this->request->is('ajax')) {
|
||||
throw new MethodNotAllowedException(__('This action can only be reached via AJAX.'));
|
||||
}
|
||||
$template = $this->MispObject->ObjectTemplate->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('ObjectTemplate.id' => $selected_template, 'ObjectTemplate.active' => true)
|
||||
|
|
|
@ -728,12 +728,12 @@ class MispObject extends AppModel
|
|||
|
||||
public function validObjectsFromAttributeTypes($user, $event_id, $selected_attribute_ids)
|
||||
{
|
||||
$attributes = $this->Attribute->fetchAttributesSimple($user,
|
||||
$attributes = $this->Attribute->fetchAttributes($user,
|
||||
array(
|
||||
'conditions' => array(
|
||||
'id' => $selected_attribute_ids,
|
||||
'event_id' => $event_id,
|
||||
'object_id' => 0
|
||||
'Attribute.id' => $selected_attribute_ids,
|
||||
'Attribute.event_id' => $event_id,
|
||||
'Attribute.object_id' => 0
|
||||
),
|
||||
)
|
||||
);
|
||||
|
|
Loading…
Reference in New Issue