From e271e5131d2f70c13d4d88abb94f85811d27c003 Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Mon, 1 Jul 2019 16:02:10 +0200
Subject: [PATCH] FEAT Query params userId

---
 src/app/document/controllers/DocumentController.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/app/document/controllers/DocumentController.php b/src/app/document/controllers/DocumentController.php
index 001c70da32..3d9b2336d2 100755
--- a/src/app/document/controllers/DocumentController.php
+++ b/src/app/document/controllers/DocumentController.php
@@ -47,9 +47,12 @@ class DocumentController
 
         $userId = $GLOBALS['id'];
         if (!empty($queryParams['userId'])) {
-            if (!PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_documents']) || !Validator::intVal()->notEmpty()->validate($queryParams['userId'])) {
+            if (!PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_documents'])) {
                 return $response->withStatus(403)->withJson(['errors' => 'Privilege forbidden']);
             }
+            if (!Validator::intVal()->notEmpty()->validate($queryParams['userId'])) {
+                return $response->withStatus(400)->withJson(['errors' => 'QueryParams userId is not an integer']);
+            }
             $userId = $queryParams['userId'];
         }
 
-- 
GitLab