cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [users:settings] Take into consideration perm-org-group-admin when editing users settings

refacto/CRUDComponent
Sami Mokaddem 2023-10-30 09:47:57 +01:00
parent 1c6c7f346a
commit b987444da2
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Controller/UsersController.php
View File

@ -448,13 +448,17 @@ class UsersController extends AppController
{ {
$editingAnotherUser = false; $editingAnotherUser = false;
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_admin']) || $user_id == $currentUser->id) { if ((empty($currentUser['role']['perm_admin']) && empty($currentUser['role']['perm_group_admin'])) || $user_id == $currentUser->id) {
$user = $currentUser; $user = $currentUser;
} else { } else {
$user = $this->Users->get($user_id, [ $user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations', 'Organisations', 'UserSettings'] 'contain' => ['Roles', 'Individuals' => 'Organisations', 'Organisations', 'UserSettings']
]); ]);
$editingAnotherUser = true; $editingAnotherUser = true;
if (!empty($currentUser['role']['perm_group_admin']) && !$this->ACL->canEditUser($currentUser, $user)) {
$user = $currentUser;
$editingAnotherUser = false;
}
} }
$this->set('editingAnotherUser', $editingAnotherUser); $this->set('editingAnotherUser', $editingAnotherUser);
$this->set('user', $user); $this->set('user', $user);