fix: [users:settings] Take into consideration perm-org-group-admin when editing users settings

refacto/CRUDComponent
Sami Mokaddem 2023-10-30 09:47:57 +01:00
parent 1c6c7f346a
commit b987444da2
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 5 additions and 1 deletions

View File

@ -448,13 +448,17 @@ class UsersController extends AppController
{
$editingAnotherUser = false;
$currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_admin']) || $user_id == $currentUser->id) {
if ((empty($currentUser['role']['perm_admin']) && empty($currentUser['role']['perm_group_admin'])) || $user_id == $currentUser->id) {
$user = $currentUser;
} else {
$user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations', 'Organisations', 'UserSettings']
]);
$editingAnotherUser = true;
if (!empty($currentUser['role']['perm_group_admin']) && !$this->ACL->canEditUser($currentUser, $user)) {
$user = $currentUser;
$editingAnotherUser = false;
}
}
$this->set('editingAnotherUser', $editingAnotherUser);
$this->set('user', $user);