fix: [users:settings] Allow admin to see account settings of other users

cli-modification-summary
Sami Mokaddem 2022-01-25 15:27:34 +01:00
parent 578eacfd89
commit 44913c5ed7
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 11 additions and 3 deletions

View File

@ -218,10 +218,18 @@ class UsersController extends AppController
} }
} }
public function settings() public function settings($user_id=false)
{ {
$this->set('user', $this->ACL->getUser()); $currentUser = $this->ACL->getUser();
$all = $this->Users->UserSettings->getSettingsFromProviderForUser($this->ACL->getUser()['id'], true); if (empty($currentUser['role']['perm_admin'])) {
$user = $currentUser;
} else {
$user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations']
]);
}
$this->set('user', $user);
$all = $this->Users->UserSettings->getSettingsFromProviderForUser($user->id, true);
$this->set('settingsProvider', $all['settingsProvider']); $this->set('settingsProvider', $all['settingsProvider']);
$this->set('settings', $all['settings']); $this->set('settings', $all['settings']);
$this->set('settingsFlattened', $all['settingsFlattened']); $this->set('settingsFlattened', $all['settingsFlattened']);