cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [user view] ACL fixed

cli-modification-summary
iglocska 2022-01-26 14:57:01 +01:00
parent b7facf226d
commit f695744bd7
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Controller/UsersController.php
View File

@ -94,7 +94,8 @@ class UsersController extends AppController
public function view($id = false)
{
if (empty($id) || empty($this->ACL->getUser()['role']['perm_admin'])) {
$currentUser = $this->ACL->getUser();
if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
$id = $this->ACL->getUser()['id'];
}
$this->CRUD->view($id, [
@ -152,10 +153,11 @@ class UsersController extends AppController
$params['fields'][] = 'disabled';
if (!$currentUser['role']['perm_admin']) {
$params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) {
if (!$currentUser['role']['perm_admin'] && $currentUser['role']['perm_org_admin']) {
if (!in_array($data['role_id'], array_keys($validRoles))) {
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
}
if (!in_array($data['role_id'], array_keys($validRoles))) {
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
}
if ($data['organisation_id'] !== $currentUser['organisation_id']) {
throw new MethodNotAllowedException(__('You cannot edit the given user.'));
}
return $data;
};