fix: [users:settings] Allow admin to see account settings of other users

cli-modification-summary
Sami Mokaddem 2022-01-25 15:27:34 +01:00
parent 578eacfd89
commit 44913c5ed7
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 11 additions and 3 deletions

View File

@ -218,10 +218,18 @@ class UsersController extends AppController
}
}
public function settings()
public function settings($user_id=false)
{
$this->set('user', $this->ACL->getUser());
$all = $this->Users->UserSettings->getSettingsFromProviderForUser($this->ACL->getUser()['id'], true);
$currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_admin'])) {
$user = $currentUser;
} else {
$user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations']
]);
}
$this->set('user', $user);
$all = $this->Users->UserSettings->getSettingsFromProviderForUser($user->id, true);
$this->set('settingsProvider', $all['settingsProvider']);
$this->set('settings', $all['settings']);
$this->set('settingsFlattened', $all['settingsFlattened']);