diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php
index ab1957cc1..73dfca4b9 100644
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@@ -334,6 +334,7 @@ class ACLComponent extends Component {
'logout' => array('*'),
'attributehistogram' => array('*'),
'resetauthkey' => array('*'),
+ 'request_API' => array('*'),
'routeafterlogin' => array('*'),
'statistics' => array('*'),
'terms' => array('*'),
diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php
index a03a2444d..5653e606c 100644
--- a/app/Controller/UsersController.php
+++ b/app/Controller/UsersController.php
@@ -36,12 +36,29 @@ class UsersController extends AppController {
}
$this->User->id = $id;
$this->User->recursive = 0;
+
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
$this->set('user', $this->User->read(null, $id));
}
+ public function request_API(){
+ $responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user());
+ $message = "Something went wrong, please try again later.";
+ if(isset($responsibleAdmin['email']) && !empty($responsibleAdmin['email'])){
+ $subject = "[MISP ".Configure::read('MISP.org')."] User requesting API access";
+ $body = "A user (".$this->Auth->user('email').") has sent you a request to enable his/her API key access.
";
+ $body .= "Click here to edit his profile to change his role.";
+ $user = $this->User->find('first', array('conditions' => array('User.id' => $this->Auth->user('id'))));
+ $result = $this->User->sendEmail($user, $body, false, $subject);
+ if($result)
+ $message = "API access requested.";
+ }
+ $this->set('message', $message);
+ $this->layout = 'ajax';
+ }
+
public function edit($id = null) {
if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) throw new MethodNotAllowedException('User self-management has been disabled on this instance.');
$me = false;
@@ -671,6 +688,10 @@ class UsersController extends AppController {
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
}
+ if (!$this->userRole['perm_auth']) {
+ $this->Session->setFlash(__('Invalid action', true), 'default', array(), 'error');
+ $this->redirect(array('action' => 'view', $this->Auth->user('id')));
+ }
// reset the key
$this->User->id = $id;
if (!$this->User->exists($id)) {
diff --git a/app/Model/User.php b/app/Model/User.php
index 6721f86d4..747c320d2 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -898,4 +898,35 @@ class User extends AppModel {
}
return $usersPerOrg;
}
+
+ public function findAdminsResponsibleForUser($user){
+ $admin = $this->find('first', array(
+ 'recursive' => -1,
+ 'conditions' => array(
+ 'Role.perm_site_admin' => 0,
+ 'Role.perm_admin' => 1,
+ 'User.disabled' => 0,
+ 'User.org_id' => $user['org_id']
+ ),
+ 'contain' => array(
+ 'Role' => array('fields' => array('perm_admin', 'perm_site_admin'))
+ ),
+ 'fields' => array('User.id', 'User.email', 'User.org_id')
+ ));
+ if(count($admin) == 0) {
+ $admin = $this->find('first', array(
+ 'recursive' => -1,
+ 'conditions' => array(
+ 'Role.perm_site_admin' => 1,
+ 'User.disabled' => 0,
+ ),
+ 'contain' => array(
+ 'Role' => array('fields' => array('perm_site_admin'))
+ ),
+ 'fields' => array('User.id', 'User.email', 'User.org_id')
+ ));
+ }
+
+ return $admin['User'];
+ }
}
diff --git a/app/View/Users/request__a_p_i.ctp b/app/View/Users/request__a_p_i.ctp
new file mode 100644
index 000000000..c134171ad
--- /dev/null
+++ b/app/View/Users/request__a_p_i.ctp
@@ -0,0 +1,5 @@
+