chg: [ACL] fix permissions for org admins

- also, fix a bug with the simple permissions being ignored
2021-11-24 01:29:39 +01:00 · 2021-11-24 01:29:39 +01:00 · 5483357e1c
parent dad310f434
commit 5483357e1c
1 changed files with 15 additions and 9 deletions
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@ -145,24 +145,24 @@ class ACLComponent extends Component
            'view' =>  ['*']
        ],
        'SharingGroups' => [
-            'add' => ['perm_admin'],
-            'addOrg' => ['perm_admin'],
-            'delete' => ['perm_admin'],
-            'edit' => ['perm_admin'],
+            'add' => ['perm_org_admin'],
+            'addOrg' => ['perm_org_admin'],
+            'delete' => ['perm_org_admin'],
+            'edit' => ['perm_org_admin'],
            'index' => ['*'],
            'listOrgs' => ['*'],
-            'removeOrg' => ['perm_admin'],
+            'removeOrg' => ['perm_org_admin'],
            'view' => ['*']
        ],
        'Users' => [
-            'add' => ['perm_admin'],
-            'delete' => ['perm_admin'],
+            'add' => ['perm_org_admin'],
+            'delete' => ['perm_org_admin'],
            'edit' => ['*'],
-            'index' => ['perm_admin'],
+            'index' => ['perm_org_admin'],
            'login' => ['*'],
            'logout' => ['*'],
            'register' => ['*'],
-            'toggle' => ['perm_admin'],
+            'toggle' => ['perm_org_admin'],
            'view' => ['*']
        ]
    );
@ -290,6 +290,12 @@ class ACLComponent extends Component
                if ($allConditionsMet) {
                    return true;
                }
+            } else {
+                foreach ($this->aclList[$controller][$action] as $permission) {
+                    if ($this->user['role'][$permission]) {
+                        return true;
+                    }
+                }
            }
        }
        return false;