From 9a0ddef2af217edeff181954571a61557e4e8bed Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 26 Jan 2022 14:16:28 +0100
Subject: [PATCH] new: [ACL] added canEditUser() function

- simple comparison between two users
- checks role + org based permission
---
 src/Controller/Component/ACLComponent.php | 24 +++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index fb51f49..7592908 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -277,9 +277,29 @@ class ACLComponent extends Component
         $this->user = $user;
     }
 
-    public function getUser(): User
+    public function getUser(): ?User
     {
-        return $this->user;
+        if (!empty($this->user)) {
+            return $this->user;
+        }
+        return null;
+    }
+
+    public function canEditUser(User $currentUser, User $user): bool
+    {
+        if (empty($user) || empty($currentUser)) {
+            return false;
+        }
+        if (!$currentUser['role']['perm_admin']) {
+            if (!$currentUser['role']['perm_org_admin']) {
+                return false;
+            } else {
+                if ($currentUser['organisation_id'] !== $user['organisation_id']) {
+                    return false;
+                }
+            }
+        }
+        return true;
     }
 
     /*