Skip to content
Snippets Groups Projects
Commit ec0ed316 authored by Quentin Ribac's avatar Quentin Ribac
Browse files

FEAT #17436 TIME 1:00 added query param mode=summary in GET/users/{id}; added... 

FEAT #17436 TIME 1:00 added query param mode=summary in GET/users/{id}; added exception for current user in UserController::hasRightByUserId()
parent 469cf385
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/app/user/controllers/UserController.php
+ 5
3
View file @ ec0ed316
...@@ -106,7 +106,9 @@ class UserController ...@@ -106,7 +106,9 @@ class UserController
return $response->withStatus(400)->withJson(['errors' => 'Route id is not an integer']); return $response->withStatus(400)->withJson(['errors' => 'Route id is not an integer']);
} }
if ($GLOBALS['id'] == $args['id'] || PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_users'])) { $queryParams = $request->getQueryParams();
$summaryOnly = ($queryParams['mode'] ?? null) == 'summary';
if (!$summaryOnly && ($GLOBALS['id'] == $args['id'] || PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_users']))) {
$user = UserController::getUserInformationsById(['id' => $args['id']]); $user = UserController::getUserInformationsById(['id' => $args['id']]);
} else { } else {
$user = UserModel::getById(['select' => ['id', 'firstname', 'lastname', 'email', 'phone', 'substitute'], 'id' => $args['id']]); $user = UserModel::getById(['select' => ['id', 'firstname', 'lastname', 'email', 'phone', 'substitute'], 'id' => $args['id']]);
...@@ -130,7 +132,7 @@ class UserController ...@@ -130,7 +132,7 @@ class UserController
if (!empty($groupsIds)) { if (!empty($groupsIds)) {
$groups = GroupModel::get(['select' => ['label', 'id'], 'where' => ['id in (?)'], 'data' => [$groupsIds]]); $groups = GroupModel::get(['select' => ['label', 'id'], 'where' => ['id in (?)'], 'data' => [$groupsIds]]);
$user['groups'] = $groups; $user['groups'] = $groups;
} elseif (!$actuallyAlone) { } elseif (!$actuallyAlone && !$summaryOnly) {
return $response->withStatus(403)->withJson(['errors' => 'User out of perimeter']); return $response->withStatus(403)->withJson(['errors' => 'User out of perimeter']);
} }
...@@ -957,7 +959,7 @@ class UserController ...@@ -957,7 +959,7 @@ class UserController
$groupsIntersection = array_intersect($targetUserGroups, $activeUserManageableGroups); $groupsIntersection = array_intersect($targetUserGroups, $activeUserManageableGroups);
if (empty($args['targetGroupId'])) { if (empty($args['targetGroupId'])) {
return !empty($groupsIntersection); return $args['activeUserId'] == $args['targetUserId'] || !empty($groupsIntersection);
} }
return in_array($args['targetGroupId'], $groupsIntersection); return in_array($args['targetGroupId'], $groupsIntersection);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment