mirror of https://github.com/MISP/MISP
Permission checks
parent
8cc0996c3c
commit
f36e00e944
|
@ -436,7 +436,7 @@ class AppController extends Controller {
|
|||
}
|
||||
|
||||
public function upgrade2324() {
|
||||
if (!$this->_isSiteAdmin()) throw new MethodNotAllowedException();
|
||||
if (!$this->_isSiteAdmin() || !$this->request->is('post')) throw new MethodNotAllowedException();
|
||||
$this->loadModel('Server');
|
||||
if (!Configure::read('MISP.background_jobs')) {
|
||||
$this->Server->upgrade2324($this->Auth->user('id'));
|
||||
|
|
|
@ -2203,7 +2203,7 @@ class AttributesController extends AppController {
|
|||
$this->redirect('/pages/display/administration');
|
||||
}
|
||||
|
||||
public function arcsight() {
|
||||
/*public function arcsight() {
|
||||
if (!$this->userRole['perm_auth']) throw new MethodNotAllowedException('This functionality requires API key access.');
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
$simpleFalse = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to');
|
||||
|
@ -2219,5 +2219,5 @@ class AttributesController extends AppController {
|
|||
if ($this->request->is('post')) {
|
||||
|
||||
}
|
||||
}
|
||||
}*/
|
||||
}
|
||||
|
|
|
@ -78,6 +78,7 @@ class OrganisationsController extends AppController {
|
|||
}
|
||||
|
||||
public function admin_delete($id) {
|
||||
if (!$this->request->is('post')) throw new MethodNotAllowedException('Action not allowed, post request expected.');
|
||||
$this->Organisation->id = $id;
|
||||
if (!$this->Organisation->exists()) throw new NotFoundException('Invalid organisation');
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ class SharingGroupsController extends AppController {
|
|||
);
|
||||
|
||||
public function add() {
|
||||
// add check for perm_sharing_group
|
||||
if (!$this->userRole['perm_sharing_group']) throw new MethodNotAllowedException('You don\'t have the required privileges to do that.');
|
||||
if($this->request->is('post')) {
|
||||
$json = json_decode($this->request->data['SharingGroup']['json'], true);
|
||||
$this->SharingGroup->create();
|
||||
|
@ -73,6 +73,7 @@ class SharingGroupsController extends AppController {
|
|||
}
|
||||
|
||||
public function edit($id) {
|
||||
if (!$this->userRole['perm_sharing_group']) throw new MethodNotAllowedException('You don\'t have the required privileges to do that.');
|
||||
// add check for perm_sharing_group
|
||||
$this->SharingGroup->id = $id;
|
||||
if (!$this->SharingGroup->exists()) throw new NotFoundException('Invalid sharing group.');
|
||||
|
@ -129,6 +130,7 @@ class SharingGroupsController extends AppController {
|
|||
}
|
||||
|
||||
public function delete($id) {
|
||||
if (!$this->userRole['perm_sharing_group']) throw new MethodNotAllowedException('You don\'t have the required privileges to do that.');
|
||||
if (!$this->request->is('post')) throw new MethodNotAllowedException('Action not allowed, post request expected.');
|
||||
if (!$this->SharingGroup->checkIfOwner($this->Auth->user(), $id)) throw new MethodNotAllowedException('Action not allowed.');
|
||||
$deletedSg = $this->SharingGroup->find('first', array(
|
||||
|
|
Loading…
Reference in New Issue