Merge branch 'develop' into 'master'

Merge develop into master for release of 2.6.3 See merge request !31

Merge branch 'develop' into 'master'
Merge develop into master for release of 2.6.3 See merge request !31
cc556ca5 · Cyril Vazquez · 5dd3c072 · 835a50ca · cc556ca5 · cc556ca5
Commit cc556ca5 authored Sep 13, 2022 by Cyril Vazquez
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # CHANGELOG

+## Version 2.6.3
+**Nécessite Maarch RM 2.9**
+
+ - `Fixed` Contrôle des droits d'accès événements pour les utilisateurs
+
 ## Version 2.6.2

 **Nécessite Maarch RM 2.6.8**

--- a/VERSION.md
+++ b/VERSION.md
-2.6.2
\ No newline at end of file
+2.6.3
--- a/bundle/digitalSafe/Controller/digitalSafe.php
+++ b/bundle/digitalSafe/Controller/digitalSafe.php
@@ -269,7 +269,6 @@ class digitalSafe
        $replyMessage = new \stdClass();
        $replyMessage->timestamp = \laabs::newTimestamp();
        $replyMessage->accountName = $this->account->accountName;
-
        if (!$this->checkRight($originatorOwnerOrgRegNumber, $originatorOrgRegNumber, $archiveId)) {
            throw $this->getThrowable("Permission denied", 401, $replyMessage);
        }
@@ -328,18 +327,18 @@ class digitalSafe

        $accountToken = \laabs::getToken('AUTH');
        $account = $this->sdoFactory->read("auth/account", $accountToken->accountId);
+	$securityLevel = $account->getSecurityLevel();

        if ($account->ownerOrgId != $organization->orgId) {
            throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
        }

-        // if ($securityLevel == $account::SECLEVEL_USER) {
-        //     $position = $this->servicePositionController->getPosition($account->accountId);
-
-        //     if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->orgId) {
-        //         throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
-        //     }
-        // }
+        if ($securityLevel == $account::SECLEVEL_USER) {
+            $position = $this->servicePositionController->getPosition($account->accountId);
+	    if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->organization->registrationNumber) {
+                throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
+            }
+        }

        $replyMessage = new \stdClass();
        $replyMessage->originatorOwnerOrgRegNumber = $originatorOwnerOrgRegNumber;
@@ -620,7 +619,6 @@ class digitalSafe
            $replyMessage = new \stdClass();
            throw $this->getThrowable("archive " . $archiveId . " doesn't exist", 404, $replyMessage);
        }
-
        if ($archive->originatorOwnerOrgRegNumber == $originatorOwnerOrgRegNumber
            && $archive->originatorOrgRegNumber == $originatorOrgRegNumber
        ) {