Commit 20ce2d74 authored by Charlotte Bataille's avatar Charlotte Bataille
Browse files

feat/18594 : prevent owner from viewing other org archives

parent ad193707
Pipeline #16534 failed with stages
in 35 seconds
......@@ -921,11 +921,16 @@ trait archiveAccessTrait
$this->userPositionController->readDescandantService((string) $currentService->orgId)
);
$ownerIsSuperUser = false;
if (isset(\laabs::configuration("recordsManagement")['ownerIsSuperUser'])) {
$ownerIsSuperUser = (bool) \laabs::configuration("recordsManagement")['ownerIsSuperUser'];
}
foreach ($userServiceOrgRegNumbers as $userServiceOrgRegNumber) {
$userService = $this->organizationController->getOrgByRegNumber($userServiceOrgRegNumber);
// User orgUnit is owner
if (isset($userService->orgRoleCodes) && (strpos((string) $userService->orgRoleCodes, 'owner') !== false)) {
if (isset($userService->orgRoleCodes) && (strpos((string) $userService->orgRoleCodes, 'owner') !== false) && $ownerIsSuperUser) {
return true;
}
......@@ -1129,9 +1134,14 @@ trait archiveAccessTrait
$this->userPositionController->readDescandantService((string) $currentService->orgId)
);
$ownerIsSuperUser = false;
if (isset(\laabs::configuration("recordsManagement")['ownerIsSuperUser'])) {
$ownerIsSuperUser = (bool) \laabs::configuration("recordsManagement")['ownerIsSuperUser'];
}
foreach ($userServiceOrgRegNumbers as $userServiceOrgRegNumber) {
$userService = $this->organizationController->getOrgByRegNumber($userServiceOrgRegNumber);
if (isset($userService->orgRoleCodes) && $userService->orgRoleCodes->contains('owner')) {
if (isset($userService->orgRoleCodes) && $userService->orgRoleCodes->contains('owner') && $ownerIsSuperUser) {
return;
}
}
......@@ -1362,7 +1372,6 @@ trait archiveAccessTrait
if (!$currentUserService) {
return false;
}
$userPositionController = \laabs::newController('organization/userPosition');
$org = $this->organizationController->getOrgByRegNumber($archive->originatorOrgRegNumber);
$positionAncestors = $this->organizationController->readParentOrg($this->organizationController->getOrgByRegNumber($archive->originatorOrgRegNumber)->orgId);
......@@ -1370,9 +1379,16 @@ trait archiveAccessTrait
$userServices[] = $currentUserService->registrationNumber;
// OWNER access
$ownerIsSuperUser = false;
if (isset(\laabs::configuration("recordsManagement")['ownerIsSuperUser'])) {
$ownerIsSuperUser = (bool) \laabs::configuration("recordsManagement")['ownerIsSuperUser'];
}
if (
!is_null($currentUserService->orgRoleCodes)
&& \laabs\in_array('owner', $currentUserService->orgRoleCodes)
&& $ownerIsSuperUser
) {
return true;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment