Commit 3fae749a authored by Quentin Ribac's avatar Quentin Ribac
Browse files

FEAT #17436 TIME 0:30 improved UserController::hasRightByUserId() for versatility

parent 6def1e8a
......@@ -338,22 +338,7 @@ class GroupController
return $response->withStatus(400)->withJson(['errors' => 'Id must be an integer']);
} elseif (empty($args['userId']) || !Validator::intVal()->validate($args['userId'])) {
return $response->withStatus(400)->withJson(['errors' => 'userId must be an integer']);
}
$hasGroupPrivilege = PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_groups']);
$hasUserPrivilege = false;
$manageableGroups = array_column(UserController::getManageableGroups(['userId' => $GLOBALS['id']]), 'id');
$targetUserGroups = UserGroupModel::get([
'select' => ['group_id'],
'where' => ['user_id = ?'],
'data' => [$args['userId']]
]);
$targetUserGroups = array_column($targetUserGroups, 'group_id');
if (in_array($args['id'], $manageableGroups) && in_array($args['id'], $targetUserGroups)) {
$hasUserPrivilege = true;
}
if (!$hasGroupPrivilege && !$hasUserPrivilege) {
} elseif (!UserController::hasRightByUserId(['activeUserId' => $GLOBALS['id'], 'targetUserId' => $args['userId'], 'targetGroupId' => $args['id']])) {
return $response->withStatus(403)->withJson(['errors' => 'Privilege forbidden']);
}
......
......@@ -926,18 +926,36 @@ class UserController
return $manageableGroups;
}
/**
* hasRightByUserId returns whether activeUser has right on targetUser,
* with an optional focus targetGroup
*
* @return bool
*/
public static function hasRightByUserId(array $args)
{
ValidatorModel::notEmpty($args, ['activeUserId', 'targetUserId']);
ValidatorModel::intVal($args, ['activeUserId', 'targetUserId']);
ValidatorModel::intVal($args, ['activeUserId', 'targetUserId', 'targetGroupId']);
$groupsIds = array_column(UserGroupModel::get([
$activeUserManageableGroups = array_column(UserController::getManageableGroups(['userId' => $args['activeUserId']]), 'id');
if (empty($activeUserManageableGroups)) {
return false;
}
$targetUserGroups = array_column(UserGroupModel::get([
'select' => ['group_id'],
'where' => ['user_id = ?'],
'data' => [$args['targetUserId']]
]), 'group_id');
if (empty($targetUserGroups)) {
return true;
}
$activeUserManageableGroups = array_column(UserController::getManageableGroups(['userId' => $args['activeUserId']]), 'id');
return !empty($activeUserManageableGroups) && (empty($groupsIds) || !empty(array_intersect($groupsIds, $activeUserManageableGroups)));
$groupsIntersection = array_intersect($targetUserGroups, $activeUserManageableGroups);
if (empty($args['targetGroupId'])) {
return !empty($groupsIntersection);
}
return in_array($args['targetGroupId'], $groupsIntersection);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment