cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [user editing] fixed for roles <= community admin, fixes #198

main
iglocska 2024-12-06 07:25:02 +01:00
parent 4f1835dc4c
commit 04322b24df
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Controller/UsersController.php
View File

@ -320,11 +320,12 @@ class UsersController extends AppController
} }
return $data; return $data;
}; };
$params['beforeSave'] = function ($data) use ($currentUser, $validRoles, $validOrgIds) { $params['beforeSave'] = function ($data) use ($currentUser, $validRoles, $validOrgIds, $params) {
if (!in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) { // only run these checks if the user CAN edit them and if the values are actually set in the request
if (in_array('role_id', $params['fields']) && isset($data['role_id']) && !in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) {
throw new MethodNotAllowedException(__('You cannot assign the chosen role to a user.')); throw new MethodNotAllowedException(__('You cannot assign the chosen role to a user.'));
} }
if (!in_array($data['organisation_id'], $validOrgIds)) { if (in_array('organisation_id', $params['fields']) && isset($data['organisation_id']) && !in_array($data['organisation_id'], $validOrgIds)) {
throw new MethodNotAllowedException(__('You cannot assign the chosen organisation to a user.')); throw new MethodNotAllowedException(__('You cannot assign the chosen organisation to a user.'));
} }
return $data; return $data;