hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-18 15:33:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix right access and right on story elements per user

Browse Source
This commit is contained in:
aynsix
2020-03-12 16:16:41 +03:00
parent 900d56e09d
commit 597216429a
2 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Alchemy/Phrasea/Helper/User/Edit.php
View File

@@ -583,8 +583,8 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);
$this->app->getAclForUser($user)->revoke_access_from_bases($delete) $this->app->getAclForUser($user)->revoke_access_from_bases($delete)
->give_access_to_base($create) ->give_access_to_sbas($create_sbas) // give access to sbas before bas
->give_access_to_sbas($create_sbas); ->give_access_to_base($create);
foreach ($update as $base_id => $rights) { foreach ($update as $base_id => $rights) {
$this->app->getAclForUser($user) $this->app->getAclForUser($user)

19
lib/classes/record/adapter.php
View File

@@ -1735,7 +1735,9 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
throw new Exception('This record is not a grouping'); throw new Exception('This record is not a grouping');
} }
$selections = $this->getDatabox()->getRecordRepository()->findChildren([$this->getRecordId()], null, $offset, $max_items); $user = $this->getAuthenticatedUser();
$selections = $this->getDatabox()->getRecordRepository()->findChildren([$this->getRecordId()], $user, $offset, $max_items);
return reset($selections); return reset($selections);
} }
@@ -1745,7 +1747,9 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
*/ */
public function get_grouping_parents() public function get_grouping_parents()
{ {
$selections = $this->getDatabox()->getRecordRepository()->findParents([$this->getRecordId()]); $user = $this->getAuthenticatedUser();
$selections = $this->getDatabox()->getRecordRepository()->findParents([$this->getRecordId()], $user);
return reset($selections); return reset($selections);
} }
@@ -1948,4 +1952,15 @@ class record_adapter implements RecordInterface, cache_cacheableInterface
{ {
return $this->app['provider.repo.media_subdef']->getRepositoryForDatabox($this->getDataboxId()); return $this->app['provider.repo.media_subdef']->getRepositoryForDatabox($this->getDataboxId());
} }
/**
* @return User|null
*/
protected function getAuthenticatedUser()
{
/** @var \Alchemy\Phrasea\Authentication\Authenticator $authenticator */
$authenticator = $this->app['authentication'];
return $authenticator->getUser();
}
} }