mirror of https://github.com/MISP/MISP
Merge branch 'fix_1311_only_show_API/authkey_to_user_with_rights' of https://github.com/cristianbell/MISP into cristianbell-fix_1311_only_show_API/authkey_to_user_with_rights
commit
f37963fde4
|
@ -334,6 +334,7 @@ class ACLComponent extends Component {
|
||||||
'logout' => array('*'),
|
'logout' => array('*'),
|
||||||
'attributehistogram' => array('*'),
|
'attributehistogram' => array('*'),
|
||||||
'resetauthkey' => array('*'),
|
'resetauthkey' => array('*'),
|
||||||
|
'request_API' => array('*'),
|
||||||
'routeafterlogin' => array('*'),
|
'routeafterlogin' => array('*'),
|
||||||
'statistics' => array('*'),
|
'statistics' => array('*'),
|
||||||
'terms' => array('*'),
|
'terms' => array('*'),
|
||||||
|
|
|
@ -36,12 +36,29 @@ class UsersController extends AppController {
|
||||||
}
|
}
|
||||||
$this->User->id = $id;
|
$this->User->id = $id;
|
||||||
$this->User->recursive = 0;
|
$this->User->recursive = 0;
|
||||||
|
|
||||||
if (!$this->User->exists()) {
|
if (!$this->User->exists()) {
|
||||||
throw new NotFoundException(__('Invalid user'));
|
throw new NotFoundException(__('Invalid user'));
|
||||||
}
|
}
|
||||||
$this->set('user', $this->User->read(null, $id));
|
$this->set('user', $this->User->read(null, $id));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function request_API(){
|
||||||
|
$responsibleAdmin = $this->User->findAdminsResponsibleForUser($this->Auth->user());
|
||||||
|
$message = "Something went wrong, please try again later.";
|
||||||
|
if(isset($responsibleAdmin['email']) && !empty($responsibleAdmin['email'])){
|
||||||
|
$subject = "[MISP ".Configure::read('MISP.org')."] User requesting API access";
|
||||||
|
$body = "A user (".$this->Auth->user('email').") has sent you a request to enable his/her API key access.<br/>";
|
||||||
|
$body .= "Click <a href=\"".Configure::read('MISP.baseurl')."\">here</a> to edit his profile to change his role.";
|
||||||
|
$user = $this->User->find('first', array('conditions' => array('User.id' => $this->Auth->user('id'))));
|
||||||
|
$result = $this->User->sendEmail($user, $body, false, $subject);
|
||||||
|
if($result)
|
||||||
|
$message = "API access requested.";
|
||||||
|
}
|
||||||
|
$this->set('message', $message);
|
||||||
|
$this->layout = 'ajax';
|
||||||
|
}
|
||||||
|
|
||||||
public function edit($id = null) {
|
public function edit($id = null) {
|
||||||
if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) throw new MethodNotAllowedException('User self-management has been disabled on this instance.');
|
if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) throw new MethodNotAllowedException('User self-management has been disabled on this instance.');
|
||||||
$me = false;
|
$me = false;
|
||||||
|
@ -671,6 +688,10 @@ class UsersController extends AppController {
|
||||||
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
|
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
|
||||||
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
|
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
|
||||||
}
|
}
|
||||||
|
if (!$this->userRole['perm_auth']) {
|
||||||
|
$this->Session->setFlash(__('Invalid action', true), 'default', array(), 'error');
|
||||||
|
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
|
||||||
|
}
|
||||||
// reset the key
|
// reset the key
|
||||||
$this->User->id = $id;
|
$this->User->id = $id;
|
||||||
if (!$this->User->exists($id)) {
|
if (!$this->User->exists($id)) {
|
||||||
|
|
|
@ -898,4 +898,35 @@ class User extends AppModel {
|
||||||
}
|
}
|
||||||
return $usersPerOrg;
|
return $usersPerOrg;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function findAdminsResponsibleForUser($user){
|
||||||
|
$admin = $this->find('first', array(
|
||||||
|
'recursive' => -1,
|
||||||
|
'conditions' => array(
|
||||||
|
'Role.perm_site_admin' => 0,
|
||||||
|
'Role.perm_admin' => 1,
|
||||||
|
'User.disabled' => 0,
|
||||||
|
'User.org_id' => $user['org_id']
|
||||||
|
),
|
||||||
|
'contain' => array(
|
||||||
|
'Role' => array('fields' => array('perm_admin', 'perm_site_admin'))
|
||||||
|
),
|
||||||
|
'fields' => array('User.id', 'User.email', 'User.org_id')
|
||||||
|
));
|
||||||
|
if(count($admin) == 0) {
|
||||||
|
$admin = $this->find('first', array(
|
||||||
|
'recursive' => -1,
|
||||||
|
'conditions' => array(
|
||||||
|
'Role.perm_site_admin' => 1,
|
||||||
|
'User.disabled' => 0,
|
||||||
|
),
|
||||||
|
'contain' => array(
|
||||||
|
'Role' => array('fields' => array('perm_site_admin'))
|
||||||
|
),
|
||||||
|
'fields' => array('User.id', 'User.email', 'User.org_id')
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
return $admin['User'];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
<div class="message2user"><br />
|
||||||
|
<div><?php echo $message; ?></div>
|
||||||
|
<br />
|
||||||
|
<span class="btn btn-inverse" onClick="cancelPrompt();" style="float:right;">Close</span>
|
||||||
|
</div>
|
|
@ -34,9 +34,13 @@
|
||||||
<dt><?php echo __('Authkey'); ?></dt>
|
<dt><?php echo __('Authkey'); ?></dt>
|
||||||
<dd>
|
<dd>
|
||||||
<?php
|
<?php
|
||||||
echo h($user['User']['authkey']);
|
if ($user['Role']['perm_auth']) {
|
||||||
if (!Configure::read('MISP.disableUserSelfManagement') || $isAdmin) {
|
echo h($user['User']['authkey']);
|
||||||
echo '(' . $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id'])) . ')';
|
if (!Configure::read('MISP.disableUserSelfManagement') || $isAdmin) {
|
||||||
|
echo '(' . $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', $user['User']['id'])) . ')';
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
echo "<a onclick=\"requestAPIAccess()\" style=\"cursor:pointer;\">Request API access</a>";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
|
@ -1600,6 +1600,9 @@ a.discrete {
|
||||||
background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);
|
background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#confirmation_box .message2user div{text-align: center;}
|
||||||
|
#confirmation_box .message2user .btn{margin: -1em 0.6em 0.6em;}
|
||||||
|
|
||||||
@-webkit-keyframes rotation {
|
@-webkit-keyframes rotation {
|
||||||
from {-webkit-transform: rotate(0deg);}
|
from {-webkit-transform: rotate(0deg);}
|
||||||
to {-webkit-transform: rotate(359deg);}
|
to {-webkit-transform: rotate(359deg);}
|
||||||
|
|
|
@ -60,6 +60,11 @@ function cancelPrompt() {
|
||||||
$("#confirmation_box").empty();
|
$("#confirmation_box").empty();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function showPrompt(){
|
||||||
|
$("#confirmation_box").fadeIn();
|
||||||
|
$("#gray_out").fadeIn();
|
||||||
|
}
|
||||||
|
|
||||||
function submitDeletion(context_id, action, type, id) {
|
function submitDeletion(context_id, action, type, id) {
|
||||||
var context = 'event';
|
var context = 'event';
|
||||||
if (type == 'template_elements') context = 'template';
|
if (type == 'template_elements') context = 'template';
|
||||||
|
@ -2498,6 +2503,25 @@ function serverOwnerOrganisationChange(host_org_id) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function requestAPIAccess() {
|
||||||
|
url = "/users/request_API/";
|
||||||
|
$.ajax({
|
||||||
|
type:"get",
|
||||||
|
url:url,
|
||||||
|
beforeSend: function (XMLHttpRequest) {
|
||||||
|
$(".loading").show();
|
||||||
|
},
|
||||||
|
success:function (data) {
|
||||||
|
$("#confirmation_box").html(data);
|
||||||
|
showPrompt();
|
||||||
|
$(".loading").hide();
|
||||||
|
},
|
||||||
|
error:function() {
|
||||||
|
showMessage('fail', 'Something went wrong - could not request API access.');
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
$('.servers_default_role_checkbox').click(function() {
|
$('.servers_default_role_checkbox').click(function() {
|
||||||
var id = $(this).data("id");
|
var id = $(this).data("id");
|
||||||
var state = $(this).is(":checked");
|
var state = $(this).is(":checked");
|
||||||
|
@ -2516,4 +2540,4 @@ $('.servers_default_role_checkbox').click(function() {
|
||||||
cache: false,
|
cache: false,
|
||||||
url: '/admin/roles/set_default/' + (state ? id : ""),
|
url: '/admin/roles/set_default/' + (state ? id : ""),
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in New Issue