diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php
index ab1957cc1..73dfca4b9 100644
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@@ -334,6 +334,7 @@ class ACLComponent extends Component {
'logout' => array('*'),
'attributehistogram' => array('*'),
'resetauthkey' => array('*'),
+ 'request_API' => array('*'),
'routeafterlogin' => array('*'),
'statistics' => array('*'),
'terms' => array('*'),
diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php
index a03a2444d..5653e606c 100644
--- a/app/Controller/UsersController.php
+++ b/app/Controller/UsersController.php
@@ -36,12 +36,29 @@ class UsersController extends AppController {
}
$this->User->id = $id;
$this->User->recursive = 0;
+
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
$this->set('user', $this->User->read(null, $id));
}
+ public function request_API(){
+ $responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user());
+ $message = "Something went wrong, please try again later.";
+ if(isset($responsibleAdmin['email']) && !empty($responsibleAdmin['email'])){
+ $subject = "[MISP ".Configure::read('MISP.org')."] User requesting API access";
+ $body = "A user (".$this->Auth->user('email').") has sent you a request to enable his/her API key access.
";
+ $body .= "Click here to edit his profile to change his role.";
+ $user = $this->User->find('first', array('conditions' => array('User.id' => $this->Auth->user('id'))));
+ $result = $this->User->sendEmail($user, $body, false, $subject);
+ if($result)
+ $message = "API access requested.";
+ }
+ $this->set('message', $message);
+ $this->layout = 'ajax';
+ }
+
public function edit($id = null) {
if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) throw new MethodNotAllowedException('User self-management has been disabled on this instance.');
$me = false;
@@ -671,6 +688,10 @@ class UsersController extends AppController {
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
}
+ if (!$this->userRole['perm_auth']) {
+ $this->Session->setFlash(__('Invalid action', true), 'default', array(), 'error');
+ $this->redirect(array('action' => 'view', $this->Auth->user('id')));
+ }
// reset the key
$this->User->id = $id;
if (!$this->User->exists($id)) {
diff --git a/app/Model/User.php b/app/Model/User.php
index 6721f86d4..747c320d2 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -898,4 +898,35 @@ class User extends AppModel {
}
return $usersPerOrg;
}
+
+ public function findAdminsResponsibleForUser($user){
+ $admin = $this->find('first', array(
+ 'recursive' => -1,
+ 'conditions' => array(
+ 'Role.perm_site_admin' => 0,
+ 'Role.perm_admin' => 1,
+ 'User.disabled' => 0,
+ 'User.org_id' => $user['org_id']
+ ),
+ 'contain' => array(
+ 'Role' => array('fields' => array('perm_admin', 'perm_site_admin'))
+ ),
+ 'fields' => array('User.id', 'User.email', 'User.org_id')
+ ));
+ if(count($admin) == 0) {
+ $admin = $this->find('first', array(
+ 'recursive' => -1,
+ 'conditions' => array(
+ 'Role.perm_site_admin' => 1,
+ 'User.disabled' => 0,
+ ),
+ 'contain' => array(
+ 'Role' => array('fields' => array('perm_site_admin'))
+ ),
+ 'fields' => array('User.id', 'User.email', 'User.org_id')
+ ));
+ }
+
+ return $admin['User'];
+ }
}
diff --git a/app/View/Users/request__a_p_i.ctp b/app/View/Users/request__a_p_i.ctp
new file mode 100644
index 000000000..c134171ad
--- /dev/null
+++ b/app/View/Users/request__a_p_i.ctp
@@ -0,0 +1,5 @@
+
diff --git a/app/View/Users/view.ctp b/app/View/Users/view.ctp
index e04860a10..df4729381 100644
--- a/app/View/Users/view.ctp
+++ b/app/View/Users/view.ctp
@@ -34,9 +34,13 @@
Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id'])) . ')';
+ if ($user['Role']['perm_auth']) {
+ echo h($user['User']['authkey']);
+ if (!Configure::read('MISP.disableUserSelfManagement') || $isAdmin) {
+ echo '(' . $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id'])) . ')';
+ }
+ } else {
+ echo "Request API access";
}
?>
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css
index 01bb06ad1..c4542c35c 100644
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@@ -1600,6 +1600,9 @@ a.discrete {
background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);
}
+#confirmation_box .message2user div{text-align: center;}
+#confirmation_box .message2user .btn{margin: -1em 0.6em 0.6em;}
+
@-webkit-keyframes rotation {
from {-webkit-transform: rotate(0deg);}
to {-webkit-transform: rotate(359deg);}
diff --git a/app/webroot/js/misp2.4.51.js b/app/webroot/js/misp2.4.51.js
index 6d8d97f35..6f0e1d2a6 100644
--- a/app/webroot/js/misp2.4.51.js
+++ b/app/webroot/js/misp2.4.51.js
@@ -60,6 +60,11 @@ function cancelPrompt() {
$("#confirmation_box").empty();
}
+function showPrompt(){
+ $("#confirmation_box").fadeIn();
+ $("#gray_out").fadeIn();
+}
+
function submitDeletion(context_id, action, type, id) {
var context = 'event';
if (type == 'template_elements') context = 'template';
@@ -2498,6 +2503,25 @@ function serverOwnerOrganisationChange(host_org_id) {
}
}
+function requestAPIAccess() {
+ url = "/users/request_API/";
+ $.ajax({
+ type:"get",
+ url:url,
+ beforeSend: function (XMLHttpRequest) {
+ $(".loading").show();
+ },
+ success:function (data) {
+ $("#confirmation_box").html(data);
+ showPrompt();
+ $(".loading").hide();
+ },
+ error:function() {
+ showMessage('fail', 'Something went wrong - could not request API access.');
+ }
+ });
+}
+
$('.servers_default_role_checkbox').click(function() {
var id = $(this).data("id");
var state = $(this).is(":checked");
@@ -2516,4 +2540,4 @@ $('.servers_default_role_checkbox').click(function() {
cache: false,
url: '/admin/roles/set_default/' + (state ? id : ""),
});
-});
\ No newline at end of file
+});