Commit c91d408f authored by Quentin Ribac's avatar Quentin Ribac
Browse files

FEAT #17436 TIME 2:00 storing privilege parameters for manage_users

parent 13462f1e
......@@ -195,12 +195,34 @@ class GroupController
return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
}
if ($body['checked'] === true && !empty(GroupPrivilegeModel::getPrivileges(['select' => [1], 'where' => ['privilege = ?', 'group_id = ?'], 'data' => [$aArgs['privilegeId'], $aArgs['id']]]))) {
$parameters = $body['parameters'] ?? [];
$parametersJson = empty($parameters) ? '{}' : json_encode($parameters);
$privilege = GroupPrivilegeModel::getPrivileges([
'select' => ['parameters'],
'where' => [
'privilege = ?',
'group_id = ?'
],
'data' => [
$aArgs['privilegeId'],
$aArgs['id']
]
]);
$privilege = $privilege[0] ?? null;
if ($body['checked'] === true && !empty($privilege) && $privilege['parameters'] == $parametersJson) {
return $response->withStatus(400)->withJson(['errors' => 'Privilege is already linked to this group']);
}
if ($body['checked']) {
GroupPrivilegeModel::addPrivilege(['groupId' => $aArgs['id'], 'privilegeId' => $aArgs['privilegeId']]);
if (!PrivilegeController::canGivePrivilege(['userId' => $GLOBALS['id'], 'groupId' => $aArgs['id'], 'privilegeId' => $aArgs['privilegeId'], 'parameters' => $parameters])) {
return $response->withStatus(400)->withJson(['errors' => 'Privilege not allowed with these parameters']);
}
if (empty($privilege)) {
GroupPrivilegeModel::addPrivilege(['groupId' => $aArgs['id'], 'privilegeId' => $aArgs['privilegeId']]);
}
GroupPrivilegeModel::updateParameters(['groupId' => $aArgs['id'], 'privilegeId' => $aArgs['privilegeId'], 'parameters' => $parametersJson]);
} else {
GroupPrivilegeModel::deletePrivilege(['groupId' => $aArgs['id'], 'privilegeId' => $aArgs['privilegeId']]);
}
......
......@@ -78,4 +78,28 @@ class PrivilegeController
return false;
}
public static function canGivePrivilege(array $args)
{
ValidatorModel::notEmpty($args, ['userId', 'groupId', 'privilegeId', 'parameters']);
ValidatorModel::intVal($args, ['userId', 'groupId']);
ValidatorModel::stringType($args, ['privilegeId']);
if ($args['privilegeId'] == 'manage_users') {
if (!PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_users'])) {
return false;
} elseif (PrivilegeController::hasPrivilege(['userId' => $args['userId'], 'privilege' => 'manage_groups'])) {
return true;
} else {
$candidateGroups = $args['parameters']['authorized'] ?? [];
foreach ($candidateGroups as $candidateGroup) {
if (!UserGroupModel::hasGroup(['userId' => $args['userId'], 'groupId' => $candidateGroup])) {
return false;
}
}
}
}
return true;
}
}
......@@ -95,4 +95,20 @@ class GroupPrivilegeModel
return true;
}
public static function updateParameters(array $args)
{
ValidatorModel::notEmpty($args, ['groupId', 'privilegeId']);
ValidatorModel::intVal($args, ['groupId']);
ValidatorModel::stringType($args, ['privilegeId']);
DatabaseModel::update([
'table' => 'groups_privileges',
'where' => ['group_id = ?', 'privilege = ?'],
'data' => [$args['groupId'], $args['privilegeId']],
'set' => ['parameters' => $args['parameters']]
]);
return true;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment