fix: [mailinglist:ACL] Fixed bug in ACL check for access

refacto/CRUDComponent
Sami Mokaddem 2023-09-05 10:33:08 +02:00
parent 012e120db2
commit a3c23f46d5
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 3 additions and 3 deletions

View File

@ -29,7 +29,7 @@ class MailingListsController extends AppController
'quickFilters' => $this->quickFilterFields, 'quickFilters' => $this->quickFilterFields,
'statisticsFields' => $this->statisticsFields, 'statisticsFields' => $this->statisticsFields,
'afterFind' => function ($row) use ($currentUser) { 'afterFind' => function ($row) use ($currentUser) {
if (empty($currentUser['role']['perm_admin']) || $row['user_id'] != $currentUser['id']) { if (empty($currentUser['role']['perm_admin']) && $row['user_id'] != $currentUser['id']) {
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $row)) { if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $row)) {
$row = false; $row = false;
} }
@ -66,7 +66,7 @@ class MailingListsController extends AppController
$this->CRUD->view($id, [ $this->CRUD->view($id, [
'contain' => $this->containFields, 'contain' => $this->containFields,
'afterFind' => function($data) use ($currentUser) { 'afterFind' => function($data) use ($currentUser) {
if (empty($currentUser['role']['perm_admin']) || $data['user_id'] != $currentUser['id']) { if (empty($currentUser['role']['perm_admin']) && $data['user_id'] != $currentUser['id']) {
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $data)) { if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $data)) {
$data = []; $data = [];
} }
@ -131,7 +131,7 @@ class MailingListsController extends AppController
if (is_null($mailingList)) { if (is_null($mailingList)) {
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias()))); throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
} }
if (empty($currentUser['role']['perm_admin']) || $mailingList['user_id'] != $currentUser['id']) { if (empty($currentUser['role']['perm_admin']) && $mailingList['user_id'] != $currentUser['id']) {
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $mailingList)) { if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $mailingList)) {
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias()))); throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
} }