From 8450e8360782f05e7bef12e899c885e046463d7e Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 28 Feb 2022 14:23:40 +0100 Subject: [PATCH] chg: [sharingroup:index] Changed conditions allowing member org to view a sharing group Previously only the SG owner could see the SG --- src/Controller/SharingGroupsController.php | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/Controller/SharingGroupsController.php b/src/Controller/SharingGroupsController.php index 380e454..5a0b4b3 100644 --- a/src/Controller/SharingGroupsController.php +++ b/src/Controller/SharingGroupsController.php @@ -19,14 +19,27 @@ class SharingGroupsController extends AppController { $currentUser = $this->ACL->getUser(); $conditions = []; - if (empty($currentUser['role']['perm_admin'])) { - $conditions['SharingGroups.organisation_id'] = $currentUser['organisation_id']; - } $this->CRUD->index([ 'contain' => $this->containFields, 'filters' => $this->filterFields, 'quickFilters' => $this->quickFilterFields, - 'conditions' => $conditions + 'conditions' => $conditions, + 'afterFind' => function ($row) use ($currentUser) { + if (empty($currentUser['role']['perm_admin'])) { + $orgFound = false; + if (!empty($row['sharing_group_orgs'])) { + foreach ($row['sharing_group_orgs'] as $org) { + if ($org['id'] === $currentUser['organisation_id']) { + $orgFound = true; + } + } + } + if ($row['organisation_id'] !== $currentUser['organisation_id'] && !$orgFound) { + return false; + } + } + return $row; + } ]); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) {