FEAT #17436 TIME 0:15 prioritize group managers over user managers

7e86273e · Quentin Ribac · 02d5687b · 7e86273e
Commit 7e86273e authored 3 years ago by Quentin Ribac
--- a/src/app/group/controllers/PrivilegeController.php
+++ b/src/app/group/controllers/PrivilegeController.php
@@ -90,10 +90,10 @@ class PrivilegeController
            if (empty($args['readOnly']) && !isset($args['parameters']['authorized'])) {
                return false;
            }
-            if (!PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_users'])) {
+            if (PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_groups'])) {
-                return false;
-            } elseif (PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_groups'])) {
                return true;
+            } elseif (!PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_users'])) {
+                return false;
            } else {
                $candidateGroups = $args['parameters']['authorized'] ?? [];
                $manageableGroups = array_column(UserController::getManageableGroups(['userId' => $args['userId']]), 'id');