From 0fb03aae91a5d919511d29ed9eb9b96a3d467658 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 1 Mar 2022 14:02:26 +0100
Subject: [PATCH] fix: [Component:CRUD] Removed confusing `get` parameter

- It was confusing and using it could lead to unwanted consequences
- It's clearer to implement the desired logic on controller's side
---
 src/Controller/Component/CRUDComponent.php |  4 ----
 src/Controller/UsersController.php         | 12 +++++-------
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 8de55c0..8d3d595 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -473,7 +473,6 @@ class CRUDComponent extends Component
             $params['contain'][] = 'Tags';
             $this->setAllTags();
         }
-        $params = isset($params['get']) ? $params['get'] : $params;
         if ($this->metaFieldsSupported()) {
             if (empty($params['contain'])) {
                 $params['contain'] = [];
@@ -485,9 +484,6 @@ class CRUDComponent extends Component
             }
         }
         $query = $this->Table->find()->where(['id' => $id]);
-        if (!empty($params['get'])) {
-            $query->select($params['get']);
-        }
         if (!empty($params['contain'])) {
             $query->contain($params['contain']);
         }
diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 763c044..800dbd8 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -160,11 +160,6 @@ class UsersController extends AppController
         }
 
         $params = [
-            'get' => [
-                'fields' => [
-                    'id', 'individual_id', 'role_id', 'disabled', 'username'
-                ]
-            ],
             'removeEmpty' => [
                 'password'
             ],
@@ -172,12 +167,15 @@ class UsersController extends AppController
                 'password', 'confirm_password'
             ]
         ];
-        if (!empty($this->ACL->getUser()['role']['perm_admin'])) {
+        if ($this->request->is(['get'])) {
+            $params['fields'] = array_merge($params['fields'], ['individual_id', 'role_id', 'disabled', 'username']);
+        }
+        if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_admin'])) {
             $params['fields'][] = 'individual_id';
             $params['fields'][] = 'role_id';
             $params['fields'][] = 'organisation_id';
             $params['fields'][] = 'disabled';
-        } else if (!empty($this->ACL->getUser()['role']['perm_org_admin'])) {
+        } else if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_org_admin'])) {
             $params['fields'][] = 'role_id';
             $params['fields'][] = 'disabled';
             if (!$currentUser['role']['perm_admin']) {