fix: [ACL] fixes

refacto/CRUDComponent
iglocska 2023-09-12 11:08:46 +02:00
parent e3f8c38dcd
commit c124ebc0d8
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
4 changed files with 25 additions and 4 deletions

View File

@ -118,7 +118,15 @@ class OrganisationsController extends AppController
if (!$this->canEdit($id)) {
throw new MethodNotAllowedException(__('You cannot modify that organisation.'));
}
$this->CRUD->edit($id);
$currentUser = $this->ACL->getUser();
$this->CRUD->edit($id, [
'beforeSave' => function($data) use ($currentUser) {
if (!$currentUser['role']['perm_admin']) {
unset($data['uuid']);
}
return $data;
}
]);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {
return $responsePayload;

View File

@ -65,8 +65,13 @@ class UsersController extends AppController
];
$individual_ids = [];
if (!$currentUser['role']['perm_admin']) {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
if (!$currentUser['role']['perm_group_admin']) {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
} else {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
}
if (empty($individual_ids)) {
$individual_ids = [-1];
}

View File

@ -12,6 +12,7 @@
'label' => 'UUID',
'type' => 'uuid',
'tooltip' => __('If the Organisation already has a known UUID in another application such as MISP or another Cerebrate, please re-use this one.'),
'requirements' => $loggedUser['role']['perm_admin']
),
array(
'field' => 'url'

View File

@ -106,7 +106,14 @@ echo $this->element('genericElements/IndexTable/index_table', [
'open_modal' => '/organisations/edit/[onclick_params_data_path]',
'modal_params_data_path' => 'id',
'icon' => 'edit',
'requirement' => $loggedUser['role']['perm_admin']
'complex_requirement' => [
'function' => function ($row, $options) use ($loggedUser) {
if ($loggedUser['role']['perm_admin'] || ($loggedUser['role']['perm_org_admin'] && $row['id'] == $loggedUser['organisation']['id'])) {
return true;
}
return false;
}
]
],
[
'open_modal' => '/organisations/delete/[onclick_params_data_path]',