Commit 8f93087a authored by Quentin Ribac's avatar Quentin Ribac
Browse files

FEAT #17436 TIME 0:13 unlink a user from a group with correct privileges

parent f1a23203
......@@ -20,6 +20,7 @@ use History\controllers\HistoryController;
use Respect\Validation\Validator;
use Slim\Http\Request;
use Slim\Http\Response;
use User\controllers\UserController;
use User\models\UserGroupModel;
use User\models\UserModel;
......@@ -313,7 +314,20 @@ class GroupController
public function removeUser(Request $request, Response $response, array $aArgs)
{
if (!PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_groups']) && !PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_users'])) {
$hasGroupPrivilege = PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_groups']);
$hasUserPrivilege = false;
$manageableGroups = UserController::getManageableGroups(['userId' => $GLOBALS['id']]);
$targetUserGroups = UserGroupModel::get([
'select' => ['group_id'],
'where' => ['user_id = ?'],
'data' => [$aArgs['userId']]
]);
$targetUserGroups = array_column($targetUserGroups, 'group_id');
if (!empty(array_intersect($manageableGroups, $targetUserGroups))) {
$hasUserPrivilege = true;
}
if (!$hasGroupPrivilege && !$hasUserPrivilege) {
return $response->withStatus(403)->withJson(['errors' => 'Privilege forbidden']);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment