mirror of https://github.com/MISP/MISP
chg: [acl] Simplify acl checking for side menu
parent
98623e8159
commit
e334740b45
|
@ -51,5 +51,5 @@
|
|||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<?= $this->element('/genericElements/SideMenu/side_menu', ['menuList' => 'event', 'menuItem' => 'eventLog', 'event' => $event, 'mayModify' => $mayModify]);
|
||||
<?= $this->element('/genericElements/SideMenu/side_menu', ['menuList' => 'event', 'menuItem' => 'eventLog']);
|
||||
|
||||
|
|
|
@ -47,11 +47,8 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
|
|||
case 'event':
|
||||
$eventId = (int)$event['Event']['id'];
|
||||
echo '<div id="hiddenSideMenuData" class="hidden" data-event-id="' . $eventId . '"></div>';
|
||||
if (in_array($menuItem, array('editEvent', 'addAttribute', 'addObject', 'addAttachment', 'addIOC', 'addThreatConnect', 'populateFromTemplate', 'merge'))) {
|
||||
// we can safely assume that mayModify is true if coming from these actions, as they require it in the controller and the user has already passed that check
|
||||
$mayModify = true;
|
||||
if ($isAclPublish) $mayPublish = true;
|
||||
}
|
||||
$mayModify = $mayModify ?? $this->Acl->canModifyEvent($event);
|
||||
$mayPublish = $mayPublish ?? ($mayModify && $this->Acl->canPublishEvent($event));
|
||||
|
||||
if ($menuItem === 'template_populate_results') {
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
|
@ -88,7 +85,7 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
|
|||
'text' => __('View Event History')
|
||||
));
|
||||
echo $divider;
|
||||
if ($isSiteAdmin || (isset($mayModify) && $mayModify)) {
|
||||
if ($isSiteAdmin || $mayModify) {
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'element_id' => 'editEvent',
|
||||
'url' => $baseurl . '/events/edit/' . $eventId,
|
||||
|
@ -167,7 +164,9 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
|
|||
}
|
||||
echo $divider;
|
||||
$publishButtons = ' hidden';
|
||||
if (isset($event['Event']['published']) && 0 == $event['Event']['published'] && ($isSiteAdmin || (isset($mayPublish) && $mayPublish))) $publishButtons = "";
|
||||
if (isset($event['Event']['published']) && 0 == $event['Event']['published'] && $mayPublish) {
|
||||
$publishButtons = "";
|
||||
}
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'onClick' => array(
|
||||
'function' => 'publishPopup',
|
||||
|
|
|
@ -23,6 +23,26 @@ class AclHelper extends Helper
|
|||
return $this->ACL->canUserAccess($me, $controller, $action);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $event
|
||||
* @return bool
|
||||
*/
|
||||
public function canModifyEvent(array $event)
|
||||
{
|
||||
$me = $this->_View->viewVars['me'];
|
||||
return $this->ACL->canModifyEvent($me, $event);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $event
|
||||
* @return bool
|
||||
*/
|
||||
public function canPublishEvent(array $event)
|
||||
{
|
||||
$me = $this->_View->viewVars['me'];
|
||||
return $this->ACL->canPublishEvent($me, $event);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $event
|
||||
* @param bool $isTagLocal
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
<?php
|
||||
$mayModify = (($isAclModify && $event['Event']['user_id'] == $me['id'] && $event['Event']['orgc_id'] == $me['org_id']) || ($isAclModifyOrg && $event['Event']['orgc_id'] == $me['org_id']));
|
||||
$mayPublish = ($isAclPublish && $event['Event']['orgc_id'] == $me['org_id']);
|
||||
?>
|
||||
<div class="logs index">
|
||||
<h2><?php echo __('Logs');?></h2>
|
||||
<div class="pagination">
|
||||
|
@ -58,8 +54,4 @@ $mayPublish = ($isAclPublish && $event['Event']['orgc_id'] == $me['org_id']);
|
|||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
// We mimic the $event from some other views to pass the ID back to the sidemenu
|
||||
$event['Event']['id'] = $eventId;
|
||||
echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'event', 'event' => $event, 'menuItem' => 'eventLog', 'mayModify' => $mayModify, 'mayPublish' => $mayPublish));
|
||||
?>
|
||||
<?= $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'event', 'menuItem' => 'eventLog'));
|
Loading…
Reference in New Issue