cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [users] several fixes 

- User enrollment in KC moved to the aftersave (we consider cerebrate to be authoritative)
- adhere to restriction parameters in deletion
cli-modification-summary
iglocska 2022-11-11 15:08:56 +01:00
parent c2bff49185
commit f6f94983e4
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/Controller/UsersController.php
View File

@ -96,8 +96,12 @@ class UsersController extends AppController
throw new MethodNotAllowedException(__('Invalid individual selected - when KeyCloak is enabled, only one user account may be assigned to an individual.')); throw new MethodNotAllowedException(__('Invalid individual selected - when KeyCloak is enabled, only one user account may be assigned to an individual.'));
} }
} }
$this->Users->enrollUserRouter($data);
return $data; return $data;
},
'afterSave' => function($data) {
if (Configure::read('keycloak.enabled')) {
$this->Users->enrollUserRouter($data);
}
} }
]); ]);
$responsePayload = $this->CRUD->getResponsePayload(); $responsePayload = $this->CRUD->getResponsePayload();
@ -282,16 +286,21 @@ class UsersController extends AppController
'beforeSave' => function($data) use ($currentUser, $validRoles) { 'beforeSave' => function($data) use ($currentUser, $validRoles) {
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_admin']) {
if ($data['organisation_id'] !== $currentUser['organisation_id']) { if ($data['organisation_id'] !== $currentUser['organisation_id']) {
throw new MethodNotAllowedException(__('You do not have permission to remove the given user.')); throw new MethodNotAllowedException(__('You do not have permission to delete the given user.'));
} }
if (!in_array($data['role_id'], array_keys($validRoles))) { if (!in_array($data['role_id'], array_keys($validRoles))) {
throw new MethodNotAllowedException(__('You do not have permission to remove the given user.')); throw new MethodNotAllowedException(__('You do not have permission to delete the given user.'));
}
}
if (Configure::read('keycloak.enabled')) {
if (!$this->Users->deleteUser($data)) {
throw new MethodNotAllowedException(__('Could not delete the user from KeyCloak. Please try again later, or consider disabling the user instead.'));
} }
} }
return $data; return $data;
} }
]; ];
$this->CRUD->delete($id); $this->CRUD->delete($id, $params);
$responsePayload = $this->CRUD->getResponsePayload(); $responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;