correct role logic
This commit is contained in:
parent
35bad9eca5
commit
fe6e4b44e5
|
|
@ -678,15 +678,15 @@ class UserController extends AbstractController
|
||||||
#[Route(path: '/organization/resend-invitation/{userId}', name: 'resend_invitation', methods: ['POST'])]
|
#[Route(path: '/organization/resend-invitation/{userId}', name: 'resend_invitation', methods: ['POST'])]
|
||||||
public function resendInvitation(int $userId, Request $request): JsonResponse
|
public function resendInvitation(int $userId, Request $request): JsonResponse
|
||||||
{
|
{
|
||||||
$this->denyAccessUnlessGranted("ROLE_ADMIN");
|
$this->denyAccessUnlessGranted("ROLE_USER");
|
||||||
$actingUser = $this->getUser();
|
$actingUser = $this->getUser();
|
||||||
if ($this->userService->hasAccessTo($actingUser, true)) {
|
$orgId = $request->request->get('organizationId');
|
||||||
$orgId = $request->get('organizationId');
|
$org = $this->organizationRepository->find($orgId);
|
||||||
$org = $this->organizationRepository->find($orgId);
|
if (!$org) {
|
||||||
if (!$org) {
|
$this->loggerService->logEntityNotFound('Organization', ['id' => $orgId], $actingUser->getUserIdentifier());
|
||||||
$this->loggerService->logEntityNotFound('Organization', ['id' => $orgId], $actingUser->getUserIdentifier());
|
throw $this->createNotFoundException(self::NOT_FOUND);
|
||||||
throw $this->createNotFoundException(self::NOT_FOUND);
|
}
|
||||||
}
|
if ($this->userService->isAdminOfOrganization($org)) {
|
||||||
$user = $this->userRepository->find($userId);
|
$user = $this->userRepository->find($userId);
|
||||||
if (!$user) {
|
if (!$user) {
|
||||||
$this->loggerService->logEntityNotFound('User', ['id' => $user->getId()], $actingUser->getUserIdentifier());
|
$this->loggerService->logEntityNotFound('User', ['id' => $user->getId()], $actingUser->getUserIdentifier());
|
||||||
|
|
@ -729,8 +729,8 @@ class UserController extends AbstractController
|
||||||
#[Route(path: '/accept-invitation', name: 'accept', methods: ['GET'])]
|
#[Route(path: '/accept-invitation', name: 'accept', methods: ['GET'])]
|
||||||
public function acceptInvitation(Request $request): Response
|
public function acceptInvitation(Request $request): Response
|
||||||
{
|
{
|
||||||
$token = $request->get('token');
|
$token = $request->query->get('token');
|
||||||
$userId = $request->get('id');
|
$userId = $request->query->get('id');
|
||||||
|
|
||||||
if (!$token || !$userId) {
|
if (!$token || !$userId) {
|
||||||
$this->loggerService->logEntityNotFound('Token or UserId missing in accept invitation', [
|
$this->loggerService->logEntityNotFound('Token or UserId missing in accept invitation', [
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue