From c28dba47cf762e13e9f67467f253f0d35cab144b Mon Sep 17 00:00:00 2001
From: lebozec <nicolas.lebozec@xelians.fr>
Date: Mon, 13 Feb 2023 11:56:45 +0100
Subject: [PATCH] FIX #19031 TIME 0:05 Change the position of the
---
src/app/document/controllers/DocumentController.php | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/app/document/controllers/DocumentController.php b/src/app/document/controllers/DocumentController.php
index 590ea729a7..126ab0d90d 100644
--- a/src/app/document/controllers/DocumentController.php
+++ b/src/app/document/controllers/DocumentController.php
@@ -132,6 +132,11 @@ class DocumentController
public function getById(Request $request, Response $response, array $args)
{
+ $canManageDocuments = PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_documents']);
+ if (!$canManageDocuments && !DocumentController::hasRightById(['id' => $args['id'], 'userId' => $GLOBALS['id'], 'readOnly' => true])) {
+ return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
+ }
+
if (!DocumentController::hasRightById(['id' => $args['id'], 'userId' => $GLOBALS['id'], 'readOnly' => true]) && !PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_documents'])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -225,12 +230,7 @@ class DocumentController
$currentId = $value['user_id'];
}
}
-
- $canManageDocuments = PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_documents']);
- if (!$canManageDocuments && !DocumentController::hasRightById(['id' => $args['id'], 'userId' => $GLOBALS['id'], 'readOnly' => true])) {
- return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
- }
-
+
$formattedDocument['readOnly'] = !$canManageDocuments;
if ($formattedDocument['readOnly'] && !empty($currentId)) {
if ($currentId == $GLOBALS['id']) {
--
GitLab