Commit d646b6d3 authored by Cyril Vazquez's avatar Cyril Vazquez
Browse files

Merge branch 'develop' into 'Support/2.6.X'

Merge develop into 2.6.X for release of 2.6.3

See merge request !32
parents a356bf95 835a50ca
# CHANGELOG
## Version 2.6.3
**Nécessite Maarch RM 2.9**
- `Fixed` Contrôle des droits d'accès événements pour les utilisateurs
## Version 2.6.2
**Nécessite Maarch RM 2.6.8**
......
2.6.2
\ No newline at end of file
2.6.3
......@@ -269,7 +269,6 @@ class digitalSafe
$replyMessage = new \stdClass();
$replyMessage->timestamp = \laabs::newTimestamp();
$replyMessage->accountName = $this->account->accountName;
if (!$this->checkRight($originatorOwnerOrgRegNumber, $originatorOrgRegNumber, $archiveId)) {
throw $this->getThrowable("Permission denied", 401, $replyMessage);
}
......@@ -328,18 +327,18 @@ class digitalSafe
$accountToken = \laabs::getToken('AUTH');
$account = $this->sdoFactory->read("auth/account", $accountToken->accountId);
$securityLevel = $account->getSecurityLevel();
if ($account->ownerOrgId != $organization->orgId) {
throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
}
// if ($securityLevel == $account::SECLEVEL_USER) {
// $position = $this->servicePositionController->getPosition($account->accountId);
// if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->orgId) {
// throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
// }
// }
if ($securityLevel == $account::SECLEVEL_USER) {
$position = $this->servicePositionController->getPosition($account->accountId);
if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->organization->registrationNumber) {
throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
}
}
$replyMessage = new \stdClass();
$replyMessage->originatorOwnerOrgRegNumber = $originatorOwnerOrgRegNumber;
......@@ -620,7 +619,6 @@ class digitalSafe
$replyMessage = new \stdClass();
throw $this->getThrowable("archive " . $archiveId . " doesn't exist", 404, $replyMessage);
}
if ($archive->originatorOwnerOrgRegNumber == $originatorOwnerOrgRegNumber
&& $archive->originatorOrgRegNumber == $originatorOrgRegNumber
) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment