mirror of https://github.com/MISP/MISP
new: [user] Disabling password and login changes apply also for org admins
Jakub Onderka
parent
272142637b
commit
d7fff01b4e
|
|
@ -907,7 +907,6 @@ class UsersController extends AppController
|
|||
}
|
||||
}
|
||||
}
|
||||
$fail = false;
|
||||
if (!$this->_isSiteAdmin() && !$abortPost) {
|
||||
$organisation = $this->User->Organisation->find('first', array(
|
||||
'conditions' => array('Organisation.id' => $userToEdit['User']['org_id']),
|
||||
|
|
@ -942,6 +941,13 @@ class UsersController extends AppController
|
|||
if (!$this->_isSiteAdmin()) {
|
||||
$blockedFields[] = 'org_id';
|
||||
}
|
||||
if (!$this->__canChangeLogin()) {
|
||||
$blockedFields[] = 'email';
|
||||
}
|
||||
if (!$this->__canChangePassword()) {
|
||||
$blockedFields[] = 'enable_password';
|
||||
$blockedFields[] = 'change_pw';
|
||||
}
|
||||
foreach (array_keys($this->request->data['User']) as $field) {
|
||||
if (in_array($field, $blockedFields)) {
|
||||
continue;
|
||||
|
|
@ -1080,6 +1086,8 @@ class UsersController extends AppController
|
|||
$this->set('id', $id);
|
||||
$this->set(compact('roles'));
|
||||
$this->set(compact('syncRoles'));
|
||||
$this->set('canChangeLogin', $this->__canChangeLogin());
|
||||
$this->set('canChangePassword', $this->__canChangePassword());
|
||||
}
|
||||
|
||||
public function admin_delete($id = null)
|
||||
|
|
@ -2742,6 +2750,9 @@ class UsersController extends AppController
|
|||
|
||||
private function __canChangeLogin()
|
||||
{
|
||||
if ($this->_isSiteAdmin()) {
|
||||
return true;
|
||||
}
|
||||
return !Configure::read('MISP.disable_user_login_change');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,10 @@
|
|||
<fieldset>
|
||||
<legend><?php echo __('Admin Edit User'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('email');
|
||||
echo $this->Form->input('email', [
|
||||
'disabled' => !$canChangeLogin,
|
||||
'data-disabled-reason' => !$canChangePassword ? __('User login change is disabled on this instance') : '',
|
||||
]);
|
||||
?>
|
||||
<div class="clear"></div>
|
||||
<?php
|
||||
|
|
@ -29,7 +32,12 @@
|
|||
<div class="clear"></div>
|
||||
<div id="passwordDivDiv">
|
||||
<?php
|
||||
echo $this->Form->input('enable_password', array('type' => 'checkbox', 'label' => __('Set password')));
|
||||
echo $this->Form->input('enable_password', [
|
||||
'type' => 'checkbox',
|
||||
'label' => __('Set password'),
|
||||
'disabled' => !$canChangePassword,
|
||||
'data-disabled-reason' => !$canChangePassword ? __('User password change is disabled on this instance') : '',
|
||||
]);
|
||||
?>
|
||||
<a class="useCursorPointer" onclick="$('#resetAuthKeyForm').submit();"><?= __('Reset Auth Key') ?></a>
|
||||
<div id="PasswordDiv">
|
||||
|
|
@ -54,9 +62,9 @@
|
|||
}
|
||||
echo $this->Form->input('role_id', array('label' => __('Role'))); // TODO ACL, User edit role_id.
|
||||
echo $this->Form->input('authkey', array('disabled' => 'disabled', 'div' => 'input clear'));
|
||||
echo $this->Form->input('nids_sid');
|
||||
echo $this->Form->input('nids_sid', ['label' => __('NIDS SID')]);
|
||||
?>
|
||||
<div id = "syncServers" class="hidden">
|
||||
<div id="syncServers" class="hidden">
|
||||
<?php
|
||||
echo $this->Form->input('server_id', array('label' => __('Sync user for'), 'div' => 'clear', 'options' => $servers));
|
||||
?>
|
||||
|
|
@ -68,7 +76,12 @@
|
|||
<?php
|
||||
if (Configure::read('SMIME.enabled')) echo $this->Form->input('certif_public', array('label' => __('S/MIME Public certificate (PEM format)'), 'div' => 'clear', 'class' => 'input-xxlarge', 'placeholder' => __('Paste the user\'s S/MIME public key in PEM format here.')));
|
||||
echo $this->Form->input('termsaccepted', array('type' => 'checkbox', 'label' => __('Terms accepted')));
|
||||
echo $this->Form->input('change_pw', array('type' => 'checkbox', 'label' => __('Change Password')));
|
||||
echo $this->Form->input('change_pw', [
|
||||
'type' => 'checkbox',
|
||||
'label' => __('User must change password after next login'),
|
||||
'disabled' => !$canChangePassword,
|
||||
'data-disabled-reason' => !$canChangePassword ? __('User password change is disabled on this instance') : '',
|
||||
]);
|
||||
echo $this->Form->input('autoalert', array('label' => __('Receive alerts when events are published'), 'type' => 'checkbox'));
|
||||
echo $this->Form->input('contactalert', array('label' => __('Receive alerts from "contact reporter" requests'), 'type' => 'checkbox'));
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ function rgb2hex(rgb) {
|
|||
}
|
||||
|
||||
function xhrFailCallback(xhr) {
|
||||
if (xhr.status === 403) {
|
||||
if (xhr.status === 403 || xhr.status === 405) {
|
||||
showMessage('fail', 'Not allowed.');
|
||||
} else if (xhr.status === 404) {
|
||||
showMessage('fail', 'Resource not found.');
|
||||
|
|
@ -300,18 +300,18 @@ function initiatePasswordReset(id) {
|
|||
$.get(baseurl + "/users/initiatePasswordReset/" + id, function(data) {
|
||||
$("#confirmation_box").html(data);
|
||||
openPopup("#confirmation_box");
|
||||
});
|
||||
}).fail(xhrFailCallback)
|
||||
}
|
||||
|
||||
function submitPasswordReset(id) {
|
||||
var formData = $('#PromptForm').serialize();
|
||||
var url = baseurl + "/users/initiatePasswordReset/" + id;
|
||||
$.ajax({
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
beforeSend: function () {
|
||||
$(".loading").show();
|
||||
},
|
||||
data: formData,
|
||||
success:function (data, textStatus) {
|
||||
success: function (data) {
|
||||
handleGenericAjaxResponse(data);
|
||||
},
|
||||
complete:function() {
|
||||
|
|
@ -319,9 +319,9 @@ function submitPasswordReset(id) {
|
|||
$("#confirmation_box").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
},
|
||||
type:"post",
|
||||
type: "post",
|
||||
cache: false,
|
||||
url:url,
|
||||
url: url,
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue