Jingga/phpOMS
1
0
Fork 0
mirror of https://github.com/Karaka-Management/phpOMS.git synced 2026-05-26 11:08:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix permission handling in routing and permission check

Browse Source
This commit is contained in:
Dennis Eichhorn 2020-08-11 20:37:15 +02:00
parent 16961aaff6
commit 018fbd3771
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Account/PermissionAbstract.php
View File

@ -407,13 +407,14 @@ class PermissionAbstract implements \JsonSerializable
int $element = null, int $element = null,
int $component = null int $component = null
) { ) {
return ($unit === null || $this->unit === null || $this->unit === $unit) return $permission === PermissionType::NONE ||
(($unit === null || $this->unit === null || $this->unit === $unit)
&& ($app === null || $this->app === null || $this->app === $app) && ($app === null || $this->app === null || $this->app === $app)
&& ($module === null || $this->module === null || $this->module === $module) && ($module === null || $this->module === null || $this->module === $module)
&& ($type === null || $this->type === null || $this->type === $type) && ($type === null || $this->type === null || $this->type === $type)
&& ($element === null || $this->element === null || $this->element === $element) && ($element === null || $this->element === null || $this->element === $element)
&& ($component === null || $this->component === null || $this->component === $component) && ($component === null || $this->component === null || $this->component === $component)
&& ($this->permission | $permission) === $this->permission; && ($this->permission | $permission) === $this->permission);
} }
/** /**

2
Router/WebRouter.php
View File

@ -139,7 +139,7 @@ final class WebRouter implements RouterInterface
if ((isset($d['permission']) && $account === null) if ((isset($d['permission']) && $account === null)
|| (isset($d['permission']) || (isset($d['permission'])
&& !$account->hasPermission( && !$account->hasPermission(
$d['permission']['type'] ?? null, $orgId, $app, $d['permission']['module'] ?? null, $d['permission']['state'] ?? null $d['permission']['type'] ?? 0, $d['permission']['unit'] ?? $orgId, $app, $d['permission']['module'] ?? null, $d['permission']['state'] ?? null
) )
) )
) { ) {