Verified Commit b2d505a2 authored by Cyril Vazquez's avatar Cyril Vazquez
Browse files

Fix performance issues with huge number of descendant services

parent 048aa788
Pipeline #10257 failed with stages
in 51 seconds
......@@ -236,7 +236,7 @@ class serviceAccount
}
if ($this->hasSecurityLevel) {
if ($account->getSecurityLevel() == $account::SECLEVEL_FUNCADMIN && array_search($organization->orgName, array_column($this->organizationController->readDescendantServices($account->ownerOrgId), 'orgName')) === false){
if ($account->getSecurityLevel() == $account::SECLEVEL_FUNCADMIN && array_search($account->ownerOrgId, array_column($this->organizationController->readParentOrg($orgId), 'orgId')) === false){
throw new \core\Exception\ForbiddenException("You are not allowed to add user in this organization");
}
$this->checkPrivilegesAccess($account, $serviceAccount);
......@@ -434,7 +434,10 @@ class serviceAccount
$ownAccount = $this->read($accountToken->accountId);
if ($accountToken->accountId != $serviceAccountId && $this->hasSecurityLevel) {
if (array_search($serviceAccount->accountName, array_column($this->search(), 'accountName')) === false){
$organization = $this->sdoFactory->read('organization/organization', $serviceAccount->ownerOrgId);
$organizations = $this->organizationController->readDescendantOrg($organization->orgId);
$organizations[] = $organization;
if (array_search($serviceAccount->ownerOrgId, array_column($organizations, 'orgId')) === false){
throw new \core\Exception\ForbiddenException("You are not allowed to modify this service account");
}
$this->checkPrivilegesAccess($ownAccount, $serviceAccount);
......
......@@ -1346,7 +1346,9 @@ trait archiveAccessTrait
}
$userPositionController = \laabs::newController('organization/userPosition');
$userServices = array_values($userPositionController->readDescandantService($currentUserService->orgId));
$org = $this->organizationController->getOrgByRegNumber($archive->originatorOrgRegNumber);
$positionAncestors = $this->organizationController->readParentOrg($this->organizationController->getOrgByRegNumber($archive->originatorOrgRegNumber)->orgId);
$positionAncestors[] = $org;
$userServices[] = $currentUserService->registrationNumber;
// OWNER access
......@@ -1363,8 +1365,10 @@ trait archiveAccessTrait
}
// ORIGINATOR ACCESS
if (\laabs\in_array($archive->originatorOrgRegNumber, $userServices)) {
return true;
foreach ($positionAncestors as $orgUnit) {
if ($orgUnit->registrationNumber == $currentUserService->registrationNumber) {
return true;
}
}
// COMMUNICATION ACCESS
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment