cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [ACL] fixes

refacto/CRUDComponent
iglocska 2023-09-12 11:08:46 +02:00
parent e3f8c38dcd
commit c124ebc0d8
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
4 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Controller/OrganisationsController.php
View File

@ -118,7 +118,15 @@ class OrganisationsController extends AppController
if (!$this->canEdit($id)) { if (!$this->canEdit($id)) {
throw new MethodNotAllowedException(__('You cannot modify that organisation.')); throw new MethodNotAllowedException(__('You cannot modify that organisation.'));
} }
$this->CRUD->edit($id); $currentUser = $this->ACL->getUser();
$this->CRUD->edit($id, [
'beforeSave' => function($data) use ($currentUser) {
if (!$currentUser['role']['perm_admin']) {
unset($data['uuid']);
}
return $data;
}
]);
$responsePayload = $this->CRUD->getResponsePayload(); $responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;

9
src/Controller/UsersController.php
View File

@ -65,8 +65,13 @@ class UsersController extends AppController
]; ];
$individual_ids = []; $individual_ids = [];
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_admin']) {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray(); if (!$currentUser['role']['perm_group_admin']) {
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray(); $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
} else {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
}
if (empty($individual_ids)) { if (empty($individual_ids)) {
$individual_ids = [-1]; $individual_ids = [-1];
} }

1
templates/Organisations/add.php
View File

@ -12,6 +12,7 @@
'label' => 'UUID', 'label' => 'UUID',
'type' => 'uuid', 'type' => 'uuid',
'tooltip' => __('If the Organisation already has a known UUID in another application such as MISP or another Cerebrate, please re-use this one.'), 'tooltip' => __('If the Organisation already has a known UUID in another application such as MISP or another Cerebrate, please re-use this one.'),
'requirements' => $loggedUser['role']['perm_admin']
), ),
array( array(
'field' => 'url' 'field' => 'url'

9
templates/Organisations/index.php
View File

@ -106,7 +106,14 @@ echo $this->element('genericElements/IndexTable/index_table', [
'open_modal' => '/organisations/edit/[onclick_params_data_path]', 'open_modal' => '/organisations/edit/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'edit', 'icon' => 'edit',
'requirement' => $loggedUser['role']['perm_admin'] 'complex_requirement' => [
'function' => function ($row, $options) use ($loggedUser) {
if ($loggedUser['role']['perm_admin'] || ($loggedUser['role']['perm_org_admin'] && $row['id'] == $loggedUser['organisation']['id'])) {
return true;
}
return false;
}
]
], ],
[ [
'open_modal' => '/organisations/delete/[onclick_params_data_path]', 'open_modal' => '/organisations/delete/[onclick_params_data_path]',