diff --git a/src/Controller/OrganisationsController.php b/src/Controller/OrganisationsController.php index 9139033..aca7f36 100644 --- a/src/Controller/OrganisationsController.php +++ b/src/Controller/OrganisationsController.php @@ -118,7 +118,15 @@ class OrganisationsController extends AppController if (!$this->canEdit($id)) { throw new MethodNotAllowedException(__('You cannot modify that organisation.')); } - $this->CRUD->edit($id); + $currentUser = $this->ACL->getUser(); + $this->CRUD->edit($id, [ + 'beforeSave' => function($data) use ($currentUser) { + if (!$currentUser['role']['perm_admin']) { + unset($data['uuid']); + } + return $data; + } + ]); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { return $responsePayload; diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php index 2bf70c0..5c07369 100644 --- a/src/Controller/UsersController.php +++ b/src/Controller/UsersController.php @@ -65,8 +65,13 @@ class UsersController extends AppController ]; $individual_ids = []; if (!$currentUser['role']['perm_admin']) { - $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray(); - $individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray(); + if (!$currentUser['role']['perm_group_admin']) { + $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray(); + $individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray(); + } else { + $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray(); + + } if (empty($individual_ids)) { $individual_ids = [-1]; } diff --git a/templates/Organisations/add.php b/templates/Organisations/add.php index 75eeee6..d8d9a99 100644 --- a/templates/Organisations/add.php +++ b/templates/Organisations/add.php @@ -12,6 +12,7 @@ 'label' => 'UUID', 'type' => 'uuid', 'tooltip' => __('If the Organisation already has a known UUID in another application such as MISP or another Cerebrate, please re-use this one.'), + 'requirements' => $loggedUser['role']['perm_admin'] ), array( 'field' => 'url' diff --git a/templates/Organisations/index.php b/templates/Organisations/index.php index d0bfb0c..e9cafb1 100644 --- a/templates/Organisations/index.php +++ b/templates/Organisations/index.php @@ -106,7 +106,14 @@ echo $this->element('genericElements/IndexTable/index_table', [ 'open_modal' => '/organisations/edit/[onclick_params_data_path]', 'modal_params_data_path' => 'id', 'icon' => 'edit', - 'requirement' => $loggedUser['role']['perm_admin'] + 'complex_requirement' => [ + 'function' => function ($row, $options) use ($loggedUser) { + if ($loggedUser['role']['perm_admin'] || ($loggedUser['role']['perm_org_admin'] && $row['id'] == $loggedUser['organisation']['id'])) { + return true; + } + return false; + } + ] ], [ 'open_modal' => '/organisations/delete/[onclick_params_data_path]',