Merge branch 'develop' into 'Support/2.6.X'

Merge develop into 2.6.X for release of 2.6.3 See merge request !32

Merge branch 'develop' into 'Support/2.6.X'
Merge develop into 2.6.X for release of 2.6.3 See merge request !32
d646b6d3 · Cyril Vazquez · a356bf95 · 835a50ca · d646b6d3 · d646b6d3
Commit d646b6d3 authored Sep 13, 2022 by Cyril Vazquez
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # CHANGELOG

+## Version 2.6.3
+**Nécessite Maarch RM 2.9**
+
+ - `Fixed` Contrôle des droits d'accès événements pour les utilisateurs
+
 ## Version 2.6.2

 **Nécessite Maarch RM 2.6.8**

--- a/VERSION.md
+++ b/VERSION.md
-2.6.2
\ No newline at end of file
+2.6.3
--- a/bundle/digitalSafe/Controller/digitalSafe.php
+++ b/bundle/digitalSafe/Controller/digitalSafe.php
@@ -269,7 +269,6 @@ class digitalSafe
        $replyMessage = new \stdClass();
        $replyMessage->timestamp = \laabs::newTimestamp();
        $replyMessage->accountName = $this->account->accountName;
-
        if (!$this->checkRight($originatorOwnerOrgRegNumber, $originatorOrgRegNumber, $archiveId)) {
            throw $this->getThrowable("Permission denied", 401, $replyMessage);
        }
@@ -328,18 +327,18 @@ class digitalSafe

        $accountToken = \laabs::getToken('AUTH');
        $account = $this->sdoFactory->read("auth/account", $accountToken->accountId);
+	$securityLevel = $account->getSecurityLevel();

        if ($account->ownerOrgId != $organization->orgId) {
            throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
        }

-        // if ($securityLevel == $account::SECLEVEL_USER) {
-        //     $position = $this->servicePositionController->getPosition($account->accountId);
-
-        //     if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->orgId) {
-        //         throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
-        //     }
-        // }
+        if ($securityLevel == $account::SECLEVEL_USER) {
+            $position = $this->servicePositionController->getPosition($account->accountId);
+	    if (!$originatorOrgRegNumber || $originatorOrgRegNumber != $position->organization->registrationNumber) {
+                throw new \core\Exception\UnauthorizedException("You are not allowed to do this action");
+            }
+        }

        $replyMessage = new \stdClass();
        $replyMessage->originatorOwnerOrgRegNumber = $originatorOwnerOrgRegNumber;
@@ -620,7 +619,6 @@ class digitalSafe
            $replyMessage = new \stdClass();
            throw $this->getThrowable("archive " . $archiveId . " doesn't exist", 404, $replyMessage);
        }
-
        if ($archive->originatorOwnerOrgRegNumber == $originatorOwnerOrgRegNumber
            && $archive->originatorOrgRegNumber == $originatorOrgRegNumber
        ) {