cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop'

pull/163/head
iglocska 2023-09-13 07:18:53 +02:00
parent 1f78180986 b0ebe774b6
commit dfd192c60c
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Controller/UsersController.php
View File

@ -20,7 +20,11 @@ class UsersController extends AppController
$currentUser = $this->ACL->getUser();
$conditions = [];
if (empty($currentUser['role']['perm_admin'])) {
$conditions['organisation_id'] = $currentUser['organisation_id'];
$conditions['organisation_id IN'] = [$currentUser['organisation_id']];
if (!empty($currentUser['role']['perm_group_admin'])) {
$this->loadModel('OrgGroups');
$conditions['organisation_id IN'] = array_merge($conditions['organisation_id IN'], $this->OrgGroups->getGroupOrgIdsForUser($currentUser));
}
}
$keycloakUsersParsed = null;
if (!empty(Configure::read('keycloak.enabled'))) {
@ -184,7 +188,11 @@ class UsersController extends AppController
$this->CRUD->view($id, [
'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles', 'Organisations', 'OrgGroups'],
'afterFind' => function($data) use ($keycloakUsersParsed, $currentUser) {
if (empty($currentUser['role']['perm_admin']) && $currentUser['organisation_id'] != $data['organisation_id']) {
if (
empty($currentUser['role']['perm_admin']) &&
($currentUser['organisation_id'] != $data['organisation_id']) &&
(empty($currentUser['role']['perm_group_admin']) || !$this->ACL->canEditUser($currentUser, $data))
) {
throw new NotFoundException(__('Invalid User.'));
}
$data = $this->fetchTable('PermissionLimitations')->attachLimitations($data);