cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

chg: [user-settings:edit] Prevent assigning a setting to another user

refacto/CRUDComponent
Sami Mokaddem 2023-09-07 15:14:26 +02:00
parent d46143a37f
commit 08d2e193dd
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Controller/UserSettingsController.php
View File

@ -118,13 +118,19 @@ class UserSettingsController extends AppController
} else { } else {
$validUsers = $this->Users->find('list')->select(['id', 'username'])->order(['username' => 'asc'])->all()->toArray(); $validUsers = $this->Users->find('list')->select(['id', 'username'])->order(['username' => 'asc'])->all()->toArray();
} }
$dropdownData = [
'user' => [$entity->user_id => $validUsers[$entity->user_id]],
];
$entity = $this->CRUD->edit($id, [ $entity = $this->CRUD->edit($id, [
'redirect' => ['action' => 'index', $entity->user_id], 'redirect' => ['action' => 'index', $entity->user_id],
'beforeSave' => function ($data) use ($validUsers) { 'beforeSave' => function ($data) use ($validUsers, $entity) {
if (!in_array($data['user_id'], array_keys($validUsers))) { if (!in_array($data['user_id'], array_keys($validUsers))) {
throw new MethodNotAllowedException(__('You cannot edit the given user.')); throw new MethodNotAllowedException(__('You cannot edit the given user.'));
} }
if ($data['user_id'] != $entity->user_id) {
throw new MethodNotAllowedException(__('You cannot assign the setting to a different user.'));
}
return $data; return $data;
} }
]); ]);
@ -132,11 +138,9 @@ class UserSettingsController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$dropdownData = [
'user' => $validUsers,
];
$this->set(compact('dropdownData')); $this->set(compact('dropdownData'));
$this->set('user_id', $this->entity->user_id); $this->set('user_id', $this->entity->user_id);
$this->set('is_edit', true);
$this->render('add'); $this->render('add');
} }

1
templates/UserSettings/add.php
View File

@ -10,6 +10,7 @@
'label' => __('User'), 'label' => __('User'),
'options' => $dropdownData['user'], 'options' => $dropdownData['user'],
'value' => !is_null($user_id) ? $user_id : '', 'value' => !is_null($user_id) ? $user_id : '',
'disabled' => !empty($is_edit),
], ],
[ [
'field' => 'name', 'field' => 'name',