fix: [ACL] fixes

2023-09-12 11:08:46 +02:00 · 2023-09-12 11:08:46 +02:00 · c124ebc0d8
parent e3f8c38dcd
commit c124ebc0d8
4 changed files with 25 additions and 4 deletions
--- a/src/Controller/OrganisationsController.php
+++ b/src/Controller/OrganisationsController.php
@ -118,7 +118,15 @@ class OrganisationsController extends AppController
        if (!$this->canEdit($id)) {
            throw new MethodNotAllowedException(__('You cannot modify that organisation.'));
        }
-        $this->CRUD->edit($id);
+        $currentUser = $this->ACL->getUser();
+        $this->CRUD->edit($id, [
+            'beforeSave' => function($data) use ($currentUser) {
+                if (!$currentUser['role']['perm_admin']) {
+                    unset($data['uuid']);
+                }
+                return $data;
+            }
+        ]);
        $responsePayload = $this->CRUD->getResponsePayload();
        if (!empty($responsePayload)) {
            return $responsePayload;
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@ -65,8 +65,13 @@ class UsersController extends AppController
        ];
        $individual_ids = [];
        if (!$currentUser['role']['perm_admin']) {
-            $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
+            if (!$currentUser['role']['perm_group_admin']) {
+                $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
                $individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
+            } else {
+                $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
+
+            }
            if (empty($individual_ids)) {
                $individual_ids = [-1];
            }
--- a/templates/Organisations/add.php
+++ b/templates/Organisations/add.php
@ -12,6 +12,7 @@
                    'label' => 'UUID',
                    'type' => 'uuid',
                    'tooltip' => __('If the Organisation already has a known UUID in another application such as MISP or another Cerebrate, please re-use this one.'),
+                    'requirements' => $loggedUser['role']['perm_admin']
                ),
                array(
                    'field' => 'url'
--- a/templates/Organisations/index.php
+++ b/templates/Organisations/index.php
@ -106,7 +106,14 @@ echo $this->element('genericElements/IndexTable/index_table', [
                'open_modal' => '/organisations/edit/[onclick_params_data_path]',
                'modal_params_data_path' => 'id',
                'icon' => 'edit',
-                'requirement' => $loggedUser['role']['perm_admin']
+                'complex_requirement' => [
+                    'function' => function ($row, $options) use ($loggedUser) {
+                        if ($loggedUser['role']['perm_admin'] || ($loggedUser['role']['perm_org_admin'] && $row['id'] == $loggedUser['organisation']['id'])) {
+                            return true;
+                        }
+                        return false;
+                    }
+                ]
            ],
            [
                'open_modal' => '/organisations/delete/[onclick_params_data_path]',