Commit ec0ed316 authored by Quentin Ribac's avatar Quentin Ribac
Browse files

FEAT #17436 TIME 1:00 added query param mode=summary in GET/users/{id}; added...

FEAT #17436 TIME 1:00 added query param mode=summary in GET/users/{id}; added exception for current user in UserController::hasRightByUserId()
parent 469cf385
......@@ -106,7 +106,9 @@ class UserController
return $response->withStatus(400)->withJson(['errors' => 'Route id is not an integer']);
}
if ($GLOBALS['id'] == $args['id'] || PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_users'])) {
$queryParams = $request->getQueryParams();
$summaryOnly = ($queryParams['mode'] ?? null) == 'summary';
if (!$summaryOnly && ($GLOBALS['id'] == $args['id'] || PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_users']))) {
$user = UserController::getUserInformationsById(['id' => $args['id']]);
} else {
$user = UserModel::getById(['select' => ['id', 'firstname', 'lastname', 'email', 'phone', 'substitute'], 'id' => $args['id']]);
......@@ -130,7 +132,7 @@ class UserController
if (!empty($groupsIds)) {
$groups = GroupModel::get(['select' => ['label', 'id'], 'where' => ['id in (?)'], 'data' => [$groupsIds]]);
$user['groups'] = $groups;
} elseif (!$actuallyAlone) {
} elseif (!$actuallyAlone && !$summaryOnly) {
return $response->withStatus(403)->withJson(['errors' => 'User out of perimeter']);
}
......@@ -957,7 +959,7 @@ class UserController
$groupsIntersection = array_intersect($targetUserGroups, $activeUserManageableGroups);
if (empty($args['targetGroupId'])) {
return !empty($groupsIntersection);
return $args['activeUserId'] == $args['targetUserId'] || !empty($groupsIntersection);
}
return in_array($args['targetGroupId'], $groupsIntersection);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment