Charles-Edouard
/
Easy_solution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

correct role logic

This commit is contained in:
Charles 2026-02-11 13:58:37 +01:00
parent 35bad9eca5
commit fe6e4b44e5
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Controller/UserController.php
View File

@ -678,15 +678,15 @@ class UserController extends AbstractController
#[Route(path: '/organization/resend-invitation/{userId}', name: 'resend_invitation', methods: ['POST'])] #[Route(path: '/organization/resend-invitation/{userId}', name: 'resend_invitation', methods: ['POST'])]
public function resendInvitation(int $userId, Request $request): JsonResponse public function resendInvitation(int $userId, Request $request): JsonResponse
{ {
$this->denyAccessUnlessGranted("ROLE_ADMIN"); $this->denyAccessUnlessGranted("ROLE_USER");
$actingUser = $this->getUser(); $actingUser = $this->getUser();
if ($this->userService->hasAccessTo($actingUser, true)) { $orgId = $request->request->get('organizationId');
$orgId = $request->get('organizationId');
$org = $this->organizationRepository->find($orgId); $org = $this->organizationRepository->find($orgId);
if (!$org) { if (!$org) {
$this->loggerService->logEntityNotFound('Organization', ['id' => $orgId], $actingUser->getUserIdentifier()); $this->loggerService->logEntityNotFound('Organization', ['id' => $orgId], $actingUser->getUserIdentifier());
throw $this->createNotFoundException(self::NOT_FOUND); throw $this->createNotFoundException(self::NOT_FOUND);
} }
if ($this->userService->isAdminOfOrganization($org)) {
$user = $this->userRepository->find($userId); $user = $this->userRepository->find($userId);
if (!$user) { if (!$user) {
$this->loggerService->logEntityNotFound('User', ['id' => $user->getId()], $actingUser->getUserIdentifier()); $this->loggerService->logEntityNotFound('User', ['id' => $user->getId()], $actingUser->getUserIdentifier());
@ -729,8 +729,8 @@ class UserController extends AbstractController
#[Route(path: '/accept-invitation', name: 'accept', methods: ['GET'])] #[Route(path: '/accept-invitation', name: 'accept', methods: ['GET'])]
public function acceptInvitation(Request $request): Response public function acceptInvitation(Request $request): Response
{ {
$token = $request->get('token'); $token = $request->query->get('token');
$userId = $request->get('id'); $userId = $request->query->get('id');
if (!$token || !$userId) { if (!$token || !$userId) {
$this->loggerService->logEntityNotFound('Token or UserId missing in accept invitation', [ $this->loggerService->logEntityNotFound('Token or UserId missing in accept invitation', [