FIX #19031 TIME 0:05 Change the position of the

ceece56e · nicolas lebozec · 8d414d8a · ceece56e
Commit ceece56e authored 2 years ago by nicolas lebozec
--- a/src/app/document/controllers/DocumentController.php
+++ b/src/app/document/controllers/DocumentController.php
@@ -132,6 +132,11 @@ class DocumentController
    public function getById(Request $request, Response $response, array $args)
    {
+        $canManageDocuments = PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_documents']);
+        if (!$canManageDocuments && !DocumentController::hasRightById(['id' => $args['id'], 'userId' => $GLOBALS['id'], 'readOnly' => true])) {
+            return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
+        }
        if (!DocumentController::hasRightById(['id' => $args['id'], 'userId' => $GLOBALS['id'], 'readOnly' => true]) && !PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_documents'])) {
            return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
        }
@@ -225,12 +230,7 @@ class DocumentController
                $currentId = $value['user_id'];
            }
        }
-        $canManageDocuments = PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_documents']);
-        if (!$canManageDocuments && !DocumentController::hasRightById(['id' => $args['id'], 'userId' => $GLOBALS['id'], 'readOnly' => true])) {
-            return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
-        }
        $formattedDocument['readOnly'] = !$canManageDocuments;
        if ($formattedDocument['readOnly'] && !empty($currentId)) {
            if ($currentId == $GLOBALS['id']) {