diff --git a/src/Controller/MailingListsController.php b/src/Controller/MailingListsController.php index e8e6a7c..43a18cc 100644 --- a/src/Controller/MailingListsController.php +++ b/src/Controller/MailingListsController.php @@ -29,7 +29,7 @@ class MailingListsController extends AppController 'quickFilters' => $this->quickFilterFields, 'statisticsFields' => $this->statisticsFields, 'afterFind' => function ($row) use ($currentUser) { - if (empty($currentUser['role']['perm_admin']) || $row['user_id'] != $currentUser['id']) { + if (empty($currentUser['role']['perm_admin']) && $row['user_id'] != $currentUser['id']) { if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $row)) { $row = false; } @@ -66,7 +66,7 @@ class MailingListsController extends AppController $this->CRUD->view($id, [ 'contain' => $this->containFields, 'afterFind' => function($data) use ($currentUser) { - if (empty($currentUser['role']['perm_admin']) || $data['user_id'] != $currentUser['id']) { + if (empty($currentUser['role']['perm_admin']) && $data['user_id'] != $currentUser['id']) { if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $data)) { $data = []; } @@ -131,7 +131,7 @@ class MailingListsController extends AppController if (is_null($mailingList)) { throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias()))); } - if (empty($currentUser['role']['perm_admin']) || $mailingList['user_id'] != $currentUser['id']) { + if (empty($currentUser['role']['perm_admin']) && $mailingList['user_id'] != $currentUser['id']) { if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $mailingList)) { throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias()))); }