fix: [mailinglist:ACL] Fixed bug in ACL check for access
parent
012e120db2
commit
a3c23f46d5
|
@ -29,7 +29,7 @@ class MailingListsController extends AppController
|
||||||
'quickFilters' => $this->quickFilterFields,
|
'quickFilters' => $this->quickFilterFields,
|
||||||
'statisticsFields' => $this->statisticsFields,
|
'statisticsFields' => $this->statisticsFields,
|
||||||
'afterFind' => function ($row) use ($currentUser) {
|
'afterFind' => function ($row) use ($currentUser) {
|
||||||
if (empty($currentUser['role']['perm_admin']) || $row['user_id'] != $currentUser['id']) {
|
if (empty($currentUser['role']['perm_admin']) && $row['user_id'] != $currentUser['id']) {
|
||||||
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $row)) {
|
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $row)) {
|
||||||
$row = false;
|
$row = false;
|
||||||
}
|
}
|
||||||
|
@ -66,7 +66,7 @@ class MailingListsController extends AppController
|
||||||
$this->CRUD->view($id, [
|
$this->CRUD->view($id, [
|
||||||
'contain' => $this->containFields,
|
'contain' => $this->containFields,
|
||||||
'afterFind' => function($data) use ($currentUser) {
|
'afterFind' => function($data) use ($currentUser) {
|
||||||
if (empty($currentUser['role']['perm_admin']) || $data['user_id'] != $currentUser['id']) {
|
if (empty($currentUser['role']['perm_admin']) && $data['user_id'] != $currentUser['id']) {
|
||||||
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $data)) {
|
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $data)) {
|
||||||
$data = [];
|
$data = [];
|
||||||
}
|
}
|
||||||
|
@ -131,7 +131,7 @@ class MailingListsController extends AppController
|
||||||
if (is_null($mailingList)) {
|
if (is_null($mailingList)) {
|
||||||
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
|
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
|
||||||
}
|
}
|
||||||
if (empty($currentUser['role']['perm_admin']) || $mailingList['user_id'] != $currentUser['id']) {
|
if (empty($currentUser['role']['perm_admin']) && $mailingList['user_id'] != $currentUser['id']) {
|
||||||
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $mailingList)) {
|
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $mailingList)) {
|
||||||
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
|
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue