mirror of https://github.com/MISP/MISP
chg: [acl] Move org index access to ACLComponent
parent
2f63e89257
commit
ecd3943e34
|
@ -468,7 +468,7 @@ class ACLComponent extends Component
|
||||||
'fetchOrgsForSG' => array('perm_sharing_group'),
|
'fetchOrgsForSG' => array('perm_sharing_group'),
|
||||||
'fetchSGOrgRow' => array('*'),
|
'fetchSGOrgRow' => array('*'),
|
||||||
'getUUIDs' => array('perm_sync'),
|
'getUUIDs' => array('perm_sync'),
|
||||||
'index' => array('*'),
|
'index' => ['organisation_index'],
|
||||||
'view' => array('*'),
|
'view' => array('*'),
|
||||||
),
|
),
|
||||||
'pages' => array(
|
'pages' => array(
|
||||||
|
@ -854,6 +854,13 @@ class ACLComponent extends Component
|
||||||
$this->dynamicChecks['not_read_only_authkey'] = function (array $user) {
|
$this->dynamicChecks['not_read_only_authkey'] = function (array $user) {
|
||||||
return !isset($user['authkey_read_only']) || !$user['authkey_read_only'];
|
return !isset($user['authkey_read_only']) || !$user['authkey_read_only'];
|
||||||
};
|
};
|
||||||
|
// If `Security.hide_organisation_index_from_users` is enabled, only user with sharing group permission can see org index
|
||||||
|
$this->dynamicChecks['organisation_index'] = function (array $user) {
|
||||||
|
if (Configure::read('Security.hide_organisation_index_from_users')) {
|
||||||
|
return $user['Role']['perm_sharing_group'];
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -27,9 +27,6 @@ class OrganisationsController extends AppController
|
||||||
|
|
||||||
public function index()
|
public function index()
|
||||||
{
|
{
|
||||||
if (!$this->Auth->user('Role')['perm_sharing_group'] && Configure::read('Security.hide_organisation_index_from_users')) {
|
|
||||||
throw new MethodNotAllowedException(__('This feature is disabled on this instance for normal users.'));
|
|
||||||
}
|
|
||||||
$conditions = array();
|
$conditions = array();
|
||||||
// We can either index all of the organisations existing on this instance (default)
|
// We can either index all of the organisations existing on this instance (default)
|
||||||
// or we can pass the 'external' keyword in the URL to look at the added external organisations
|
// or we can pass the 'external' keyword in the URL to look at the added external organisations
|
||||||
|
|
|
@ -654,7 +654,7 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
|
||||||
'url' => $baseurl . '/dashboards',
|
'url' => $baseurl . '/dashboards',
|
||||||
'text' => __('Dashboard')
|
'text' => __('Dashboard')
|
||||||
));
|
));
|
||||||
if ($isAclSharingGroup || empty(Configure::read('Security.hide_organisation_index_from_users'))) {
|
if ($this->Acl->canAccess('organisations', 'index')) {
|
||||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||||
'element_id' => 'indexOrg',
|
'element_id' => 'indexOrg',
|
||||||
'url' => $baseurl . '/organisations/index',
|
'url' => $baseurl . '/organisations/index',
|
||||||
|
|
|
@ -186,7 +186,7 @@
|
||||||
array(
|
array(
|
||||||
'text' => __('Organisations'),
|
'text' => __('Organisations'),
|
||||||
'url' => $baseurl . '/organisations/index',
|
'url' => $baseurl . '/organisations/index',
|
||||||
'requirement' => $isAclSharingGroup || empty(Configure::read('Security.hide_organisation_index_from_users'))
|
'requirement' => $this->Acl->canAccess('organisations', 'index'),
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'text' => __('Role Permissions'),
|
'text' => __('Role Permissions'),
|
||||||
|
|
Loading…
Reference in New Issue