From 5483357e1cd98532a047f4d6fb2cbdf81c7e1ecf Mon Sep 17 00:00:00 2001 From: iglocska Date: Wed, 24 Nov 2021 01:29:39 +0100 Subject: [PATCH] chg: [ACL] fix permissions for org admins - also, fix a bug with the simple permissions being ignored --- src/Controller/Component/ACLComponent.php | 24 ++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php index 5feae97..cd38752 100644 --- a/src/Controller/Component/ACLComponent.php +++ b/src/Controller/Component/ACLComponent.php @@ -145,24 +145,24 @@ class ACLComponent extends Component 'view' => ['*'] ], 'SharingGroups' => [ - 'add' => ['perm_admin'], - 'addOrg' => ['perm_admin'], - 'delete' => ['perm_admin'], - 'edit' => ['perm_admin'], + 'add' => ['perm_org_admin'], + 'addOrg' => ['perm_org_admin'], + 'delete' => ['perm_org_admin'], + 'edit' => ['perm_org_admin'], 'index' => ['*'], 'listOrgs' => ['*'], - 'removeOrg' => ['perm_admin'], + 'removeOrg' => ['perm_org_admin'], 'view' => ['*'] ], 'Users' => [ - 'add' => ['perm_admin'], - 'delete' => ['perm_admin'], + 'add' => ['perm_org_admin'], + 'delete' => ['perm_org_admin'], 'edit' => ['*'], - 'index' => ['perm_admin'], + 'index' => ['perm_org_admin'], 'login' => ['*'], 'logout' => ['*'], 'register' => ['*'], - 'toggle' => ['perm_admin'], + 'toggle' => ['perm_org_admin'], 'view' => ['*'] ] ); @@ -290,6 +290,12 @@ class ACLComponent extends Component if ($allConditionsMet) { return true; } + } else { + foreach ($this->aclList[$controller][$action] as $permission) { + if ($this->user['role'][$permission]) { + return true; + } + } } } return false;