Commit 22eef48f authored by Quentin Ribac's avatar Quentin Ribac
Browse files

FEAT #17436 TIME 0:20 better validation

parent 04c2319b
......@@ -175,8 +175,15 @@ class GroupController
public function getGroupPrivilege(Request $request, Response $response, array $args)
{
$hasGroup = UserGroupModel::hasGroup(['userId' => $GLOBALS['id'], 'groupId' => (int)$args['id']]);
$hasRight = PrivilegeController::hasRightByPrivilege(['userId' => $GLOBALS['id'], 'groupId' => (int)$args['id'], 'privilegeId' => $args['privilegeId'], 'readOnly' => true]);
if (!Validator::intType()->validate($args['id'])) {
return $response->withStatus(400)->withJson(['errors' => 'Route id in not an integer']);
}
if (!Validator::stringType()->notEmpty()->validate($args['privilegeId'])) {
return $response->withStatus(400)->withJson(['errors' => 'Route privilegeId is empty or not a string']);
}
$hasGroup = UserGroupModel::hasGroup(['userId' => $GLOBALS['id'], 'groupId' => $args['id']]);
$hasRight = PrivilegeController::hasRightByPrivilege(['userId' => $GLOBALS['id'], 'groupId' => $args['id'], 'privilegeId' => $args['privilegeId'], 'readOnly' => true]);
if (!$hasGroup && !$hasRight) {
return $response->withStatus(403)->withJson(['errors' => 'Current user cannot see this privilege']);
}
......
......@@ -101,6 +101,7 @@ class GroupPrivilegeModel
ValidatorModel::notEmpty($args, ['groupId', 'privilegeId']);
ValidatorModel::intVal($args, ['groupId']);
ValidatorModel::stringType($args, ['privilegeId']);
ValidatorModel::arrayType($args, ['parameters']);
DatabaseModel::update([
'table' => 'groups_privileges',
......
......@@ -788,7 +788,7 @@ class UserController
$manageableGroups = UserController::getManageableGroups(['userId' => $GLOBALS['id']]);
return $response->withStatus(200)->withJson(['groups' => $manageableGroups]);
return $response->withJson(['groups' => $manageableGroups]);
}
public static function getUserInformationsById(array $args)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment