Update access logic on activate/-/deactive user
This commit is contained in:
parent
62107aabd2
commit
d434fecaa5
|
|
@ -282,29 +282,20 @@ class UserController extends AbstractController
|
|||
* Endpoint to activate/deactivate a user (soft delete)
|
||||
* If deactivating, also deactivate all org links and revoke tokens
|
||||
*/
|
||||
#[Route('/activeStatus/{id}', name: 'active_status', methods: ['GET', 'POST'])]
|
||||
#[Route('/activeStatus/{id}', name: 'active_status', methods: ['POST'])]
|
||||
public function activeStatus(int $id, Request $request): JsonResponse
|
||||
{
|
||||
$this->denyAccessUnlessGranted('ROLE_ADMIN');
|
||||
|
||||
$actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier());
|
||||
$status = $request->get('status');
|
||||
$status = $request->request->get('status');
|
||||
try {
|
||||
// Access control
|
||||
if (!$this->userService->hasAccessTo($actingUser, true)) {
|
||||
$this->loggerService->logAccessDenied($actingUser->getId());
|
||||
throw $this->createAccessDeniedException(self::ACCESS_DENIED);
|
||||
}
|
||||
|
||||
// Load target user
|
||||
$user = $this->userRepository->find($id);
|
||||
if (!$user) {
|
||||
$this->loggerService->logEntityNotFound('User', ['id' => $id], $actingUser->getId());
|
||||
|
||||
throw $this->createNotFoundException(self::NOT_FOUND);
|
||||
}
|
||||
|
||||
// Deactivate
|
||||
if ($status === 'deactivate') {
|
||||
$user->setIsActive(false);
|
||||
|
||||
|
|
@ -647,7 +638,7 @@ class UserController extends AbstractController
|
|||
public function dataNew(Request $request): JsonResponse
|
||||
{
|
||||
$actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier());
|
||||
if ($this->userService->hasAccessTo($actingUser, true) && $this->isGranted("ROLE_ADMIN")) {
|
||||
if ($this->userService->hasAccessTo($actingUser, true) && $this->isGranted("ROLE_USER")) {
|
||||
$orgId = $request->query->get('orgId');
|
||||
$uos = $this->uoRepository->findBy(['organization' => $orgId, 'statut' => ["ACCEPTED", "INVITED"]],
|
||||
orderBy: ['createdAt' => 'DESC'], limit: 5);
|
||||
|
|
@ -683,7 +674,7 @@ class UserController extends AbstractController
|
|||
public function dataAdmin(Request $request): JsonResponse
|
||||
{
|
||||
$actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier());
|
||||
if ($this->userService->hasAccessTo($actingUser, true) && $this->isGranted("ROLE_ADMIN")) {
|
||||
if ($this->userService->hasAccessTo($actingUser, true) && $this->isGranted("ROLE_USER")) {
|
||||
$orgId = $request->query->get('orgId');
|
||||
$uos = $this->uoRepository->findBy(['organization' => $orgId]);
|
||||
$roleAdmin = $this->entityManager->getRepository(Roles::class)->findOneBy(['name' => 'ADMIN']);
|
||||
|
|
@ -725,7 +716,7 @@ class UserController extends AbstractController
|
|||
{
|
||||
$actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier());
|
||||
|
||||
if ($this->userService->hasAccessTo($actingUser, true) && $this->isGranted("ROLE_ADMIN")) {
|
||||
if ($this->userService->hasAccessTo($actingUser, true) && $this->isGranted("ROLE_USER")) {
|
||||
$orgId = $request->query->get('orgId');
|
||||
$page = max(1, (int)$request->query->get('page', 1));
|
||||
$size = max(1, (int)$request->query->get('size', 10));
|
||||
|
|
|
|||
|
|
@ -125,7 +125,31 @@ class UserService
|
|||
|
||||
}
|
||||
|
||||
|
||||
/* Return if the current user is an admin of the target user.
|
||||
* This is true if the current user is an admin of at least one organization that the target user belongs to.
|
||||
*
|
||||
* @param User $user
|
||||
* @return bool
|
||||
* @throws Exception
|
||||
*/
|
||||
public function isAdminOfUser(User $user): bool
|
||||
{
|
||||
$actingUser = $this->getUserByIdentifier($this->security->getUser()->getUserIdentifier());
|
||||
$roleAdmin = $this->rolesRepository->findOneBy(['name' => 'ADMIN']);
|
||||
$adminUOs = $this->entityManager->getRepository(UsersOrganizations::class)->findBy([
|
||||
'users' => $actingUser,
|
||||
'isActive' => true,
|
||||
'role'=> $roleAdmin]);
|
||||
$userOrganizations = $this->entityManager->getRepository(UsersOrganizations::class)->findBy(['users' => $user, 'statut' => 'ACCEPTED', 'isActive' => true]);
|
||||
if ($userOrganizations) {
|
||||
foreach ($userOrganizations as $uo) {
|
||||
if (in_array($uo, $adminUOs, true)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the acting user is an admin of the organization
|
||||
|
|
|
|||
Loading…
Reference in New Issue