mirror of https://github.com/MISP/MISP
Minor changes
- some changes to the access control - re-renabled regexp and blacklists, will need a closer look though - editing a role should update ACL - some other minor thingspull/63/head
parent
fcd91b1654
commit
fad8e809ad
|
@ -126,6 +126,7 @@ class AppController extends Controller {
|
|||
// These variables are required for every view
|
||||
$this->set('me', Sanitize::clean($this->Auth->user()));
|
||||
$this->set('isAdmin', $this->_isAdmin());
|
||||
$this->set('isSiteAdmin', $this->_isSiteAdmin());
|
||||
|
||||
// TODO ACL: 5: from Controller to Views
|
||||
$this->set('isAclAdd', $this->checkAcl('add'));
|
||||
|
@ -396,7 +397,7 @@ class AppController extends Controller {
|
|||
|
||||
public function generateACL($inc) {
|
||||
if (!self::_isAdmin()) throw new NotFoundException();
|
||||
if($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
|
||||
if ($inc['Role']['permission'] == null) $inc['Role']['permission'] = 0;
|
||||
switch ($inc['Role']['permission']) {
|
||||
case '0':
|
||||
$permAdd = false;
|
||||
|
|
|
@ -65,7 +65,6 @@ class RolesController extends AppController {
|
|||
$this->Session->setFlash(__(sprintf('The Role has been saved.')));
|
||||
$this->set('options', $this->options);
|
||||
$passAlong = $this->Role->read(null, $this->Role->getInsertID());
|
||||
debug($passAlong);
|
||||
$this->generateACL($passAlong);
|
||||
$this->redirect(array('action' => 'index'));
|
||||
} else {
|
||||
|
@ -99,6 +98,8 @@ class RolesController extends AppController {
|
|||
public function admin_edit($id = null) {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'roles', 'action' => 'index', 'admin' => false));
|
||||
$this->AdminCrud->adminEdit($id);
|
||||
$passAlong = $this->Role->read(null, $id);
|
||||
$this->generateACL($passAlong);
|
||||
$this->set('options', $this->options);
|
||||
}
|
||||
|
||||
|
|
|
@ -79,7 +79,7 @@ class ServersController extends AppController {
|
|||
* @return void
|
||||
*/
|
||||
public function add() {
|
||||
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->id == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (($this->Auth->user('org') != 'ADMIN') && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ($this->request->is('post')) {
|
||||
// force check userid and orgname to be from yourself
|
||||
$this->request->data['Server']['org'] = $this->Auth->user('org');
|
||||
|
@ -102,7 +102,7 @@ class ServersController extends AppController {
|
|||
* @throws NotFoundException
|
||||
*/
|
||||
public function edit($id = null) {
|
||||
if($this->Auth->user('org') != 'ADMIN' && $this->Server->id != $this->Auth->user('org')) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
$this->Server->id = $id;
|
||||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
|
@ -155,7 +155,7 @@ class ServersController extends AppController {
|
|||
|
||||
public function pull($id = null, $full=false) {
|
||||
// TODO should we de-activate data validation for type and category / and or mapping? Maybe other instances have other configurations that are incompatible.
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!$this->request->is('post')) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
|
@ -310,7 +310,7 @@ class ServersController extends AppController {
|
|||
}
|
||||
|
||||
public function push($id = null, $full=false) {
|
||||
if($this->Auth->User('org') != 'ADMIN') $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if ($this->Auth->user('org') != 'ADMIN' && !($this->Server->organization == $this->Auth->user('org') && $this->checkAction('perm_sync'))) $this->redirect(array('controller' => 'servers', 'action' => 'index'));
|
||||
if (!$this->request->is('post')) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
|
|
|
@ -21,8 +21,8 @@ class Attribute extends AppModel {
|
|||
'userKey' => 'user_id',
|
||||
'change' => 'full'),
|
||||
'Trim',
|
||||
//'Regexp' => array('fields' => array('value', 'value2')),
|
||||
//'Blacklist' => array('fields' => array('value'))
|
||||
'Regexp' => array('fields' => array('value', 'value2')),
|
||||
'Blacklist' => array('fields' => array('value'))
|
||||
);
|
||||
|
||||
/**
|
||||
|
|
|
@ -25,7 +25,7 @@ endif;?>
|
|||
|
||||
<?php
|
||||
//Site admin
|
||||
if($isAdmin && $isAclAdmin && $me['org'] == 'ADMIN'): ?>
|
||||
if($isSiteAdmin): ?>
|
||||
<li> </li>
|
||||
<h3><?php echo __('Input Filters'); ?></h3>
|
||||
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index', 'admin' => true)); ?> </li>
|
||||
|
@ -43,7 +43,7 @@ endif;?>
|
|||
|
||||
<?php
|
||||
//org admin
|
||||
if($isAdmin && $isAclAdmin && $me['org'] != 'ADMIN'): ?>
|
||||
if($isAdmin && !$isSiteAdmin): ?>
|
||||
<li> </li>
|
||||
<h3><?php echo __('Input Filters'); ?></h3>
|
||||
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?> </li>
|
||||
|
@ -60,7 +60,7 @@ endif;?>
|
|||
|
||||
<?php
|
||||
//normal user
|
||||
if(!$isAdmin && !$isAclAdmin): ?>
|
||||
if(!$isSiteAdmin && !$isAclAdmin): ?>
|
||||
<li> </li>
|
||||
<h3><?php echo __('Input Filters'); ?></h3>
|
||||
<li><?php echo $this->Html->link(__('Import Blacklist', true), array('controller' => 'blacklists', 'action' => 'index')); ?> </li>
|
||||
|
@ -70,9 +70,9 @@ if(!$isAdmin && !$isAclAdmin): ?>
|
|||
endif;?>
|
||||
|
||||
<?php
|
||||
if($isAdmin || $isAclAudit): ?>
|
||||
if($isAclAudit): ?>
|
||||
<h3><?php echo __('Audit'); ?></h3>
|
||||
<li><?php echo $this->Html->link(__('List Logs', true), array('controller' => 'logs', 'action' => 'index', 'admin' => true)); ?> </li>
|
||||
<li><?php echo $this->Html->link(__('Search Logs', true), array('controller' => 'logs', 'action' => 'admin_search', 'admin' => true)); ?> </li>
|
||||
<?php
|
||||
endif;?>
|
||||
endif;
|
Loading…
Reference in New Issue