mirror of https://github.com/MISP/MISP
Merge branch 'fix_1311_only_show_API/authkey_to_user_with_rights' of https://github.com/cristianbell/MISP into cristianbell-fix_1311_only_show_API/authkey_to_user_with_rights
commit
f37963fde4
|
@ -334,6 +334,7 @@ class ACLComponent extends Component {
|
|||
'logout' => array('*'),
|
||||
'attributehistogram' => array('*'),
|
||||
'resetauthkey' => array('*'),
|
||||
'request_API' => array('*'),
|
||||
'routeafterlogin' => array('*'),
|
||||
'statistics' => array('*'),
|
||||
'terms' => array('*'),
|
||||
|
|
|
@ -36,12 +36,29 @@ class UsersController extends AppController {
|
|||
}
|
||||
$this->User->id = $id;
|
||||
$this->User->recursive = 0;
|
||||
|
||||
if (!$this->User->exists()) {
|
||||
throw new NotFoundException(__('Invalid user'));
|
||||
}
|
||||
$this->set('user', $this->User->read(null, $id));
|
||||
}
|
||||
|
||||
public function request_API(){
|
||||
$responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user());
|
||||
$message = "Something went wrong, please try again later.";
|
||||
if(isset($responsibleAdmin['email']) && !empty($responsibleAdmin['email'])){
|
||||
$subject = "[MISP ".Configure::read('MISP.org')."] User requesting API access";
|
||||
$body = "A user (".$this->Auth->user('email').") has sent you a request to enable his/her API key access.<br/>";
|
||||
$body .= "Click <a href=\"".Configure::read('MISP.baseurl')."\">here</a> to edit his profile to change his role.";
|
||||
$user = $this->User->find('first', array('conditions' => array('User.id' => $this->Auth->user('id'))));
|
||||
$result = $this->User->sendEmail($user, $body, false, $subject);
|
||||
if($result)
|
||||
$message = "API access requested.";
|
||||
}
|
||||
$this->set('message', $message);
|
||||
$this->layout = 'ajax';
|
||||
}
|
||||
|
||||
public function edit($id = null) {
|
||||
if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) throw new MethodNotAllowedException('User self-management has been disabled on this instance.');
|
||||
$me = false;
|
||||
|
@ -671,6 +688,10 @@ class UsersController extends AppController {
|
|||
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
|
||||
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
|
||||
}
|
||||
if (!$this->userRole['perm_auth']) {
|
||||
$this->Session->setFlash(__('Invalid action', true), 'default', array(), 'error');
|
||||
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
|
||||
}
|
||||
// reset the key
|
||||
$this->User->id = $id;
|
||||
if (!$this->User->exists($id)) {
|
||||
|
|
|
@ -898,4 +898,35 @@ class User extends AppModel {
|
|||
}
|
||||
return $usersPerOrg;
|
||||
}
|
||||
|
||||
public function findAdminsResponsibleForUser($user){
|
||||
$admin = $this->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array(
|
||||
'Role.perm_site_admin' => 0,
|
||||
'Role.perm_admin' => 1,
|
||||
'User.disabled' => 0,
|
||||
'User.org_id' => $user['org_id']
|
||||
),
|
||||
'contain' => array(
|
||||
'Role' => array('fields' => array('perm_admin', 'perm_site_admin'))
|
||||
),
|
||||
'fields' => array('User.id', 'User.email', 'User.org_id')
|
||||
));
|
||||
if(count($admin) == 0) {
|
||||
$admin = $this->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array(
|
||||
'Role.perm_site_admin' => 1,
|
||||
'User.disabled' => 0,
|
||||
),
|
||||
'contain' => array(
|
||||
'Role' => array('fields' => array('perm_site_admin'))
|
||||
),
|
||||
'fields' => array('User.id', 'User.email', 'User.org_id')
|
||||
));
|
||||
}
|
||||
|
||||
return $admin['User'];
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
<div class="message2user"><br />
|
||||
<div><?php echo $message; ?></div>
|
||||
<br />
|
||||
<span class="btn btn-inverse" onClick="cancelPrompt();" style="float:right;">Close</span>
|
||||
</div>
|
|
@ -34,9 +34,13 @@
|
|||
<dt><?php echo __('Authkey'); ?></dt>
|
||||
<dd>
|
||||
<?php
|
||||
echo h($user['User']['authkey']);
|
||||
if (!Configure::read('MISP.disableUserSelfManagement') || $isAdmin) {
|
||||
echo '(' . $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id'])) . ')';
|
||||
if ($user['Role']['perm_auth']) {
|
||||
echo h($user['User']['authkey']);
|
||||
if (!Configure::read('MISP.disableUserSelfManagement') || $isAdmin) {
|
||||
echo '(' . $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id'])) . ')';
|
||||
}
|
||||
} else {
|
||||
echo "<a onclick=\"requestAPIAccess()\" style=\"cursor:pointer;\">Request API access</a>";
|
||||
}
|
||||
?>
|
||||
|
||||
|
|
|
@ -1600,6 +1600,9 @@ a.discrete {
|
|||
background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);
|
||||
}
|
||||
|
||||
#confirmation_box .message2user div{text-align: center;}
|
||||
#confirmation_box .message2user .btn{margin: -1em 0.6em 0.6em;}
|
||||
|
||||
@-webkit-keyframes rotation {
|
||||
from {-webkit-transform: rotate(0deg);}
|
||||
to {-webkit-transform: rotate(359deg);}
|
||||
|
|
|
@ -60,6 +60,11 @@ function cancelPrompt() {
|
|||
$("#confirmation_box").empty();
|
||||
}
|
||||
|
||||
function showPrompt(){
|
||||
$("#confirmation_box").fadeIn();
|
||||
$("#gray_out").fadeIn();
|
||||
}
|
||||
|
||||
function submitDeletion(context_id, action, type, id) {
|
||||
var context = 'event';
|
||||
if (type == 'template_elements') context = 'template';
|
||||
|
@ -2498,6 +2503,25 @@ function serverOwnerOrganisationChange(host_org_id) {
|
|||
}
|
||||
}
|
||||
|
||||
function requestAPIAccess() {
|
||||
url = "/users/request_API/";
|
||||
$.ajax({
|
||||
type:"get",
|
||||
url:url,
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
success:function (data) {
|
||||
$("#confirmation_box").html(data);
|
||||
showPrompt();
|
||||
$(".loading").hide();
|
||||
},
|
||||
error:function() {
|
||||
showMessage('fail', 'Something went wrong - could not request API access.');
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
$('.servers_default_role_checkbox').click(function() {
|
||||
var id = $(this).data("id");
|
||||
var state = $(this).is(":checked");
|
||||
|
@ -2516,4 +2540,4 @@ $('.servers_default_role_checkbox').click(function() {
|
|||
cache: false,
|
||||
url: '/admin/roles/set_default/' + (state ? id : ""),
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue