Fixed permission for editing name of organisation
This commit is contained in:
@@ -222,6 +222,11 @@ class OrganisationController extends SimpleController
|
|||||||
$transformer = new RequestDataTransformer($schema);
|
$transformer = new RequestDataTransformer($schema);
|
||||||
$data = $transformer->transform($params);
|
$data = $transformer->transform($params);
|
||||||
|
|
||||||
|
$nameSet = isset($data['name']);
|
||||||
|
if (!$nameSet) {
|
||||||
|
$data['name'] = $organisation->name;
|
||||||
|
}
|
||||||
|
|
||||||
$error = false;
|
$error = false;
|
||||||
|
|
||||||
// Validate request data
|
// Validate request data
|
||||||
@@ -234,8 +239,10 @@ class OrganisationController extends SimpleController
|
|||||||
// Determine targeted fields
|
// Determine targeted fields
|
||||||
$fieldNames = [];
|
$fieldNames = [];
|
||||||
foreach ($data as $name => $value) {
|
foreach ($data as $name => $value) {
|
||||||
|
if ($name == 'name' && $nameSet) {
|
||||||
$fieldNames[] = $name;
|
$fieldNames[] = $name;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Access-controlled resource - check that currentUser has permission to edit submitted fields for this organisation
|
// Access-controlled resource - check that currentUser has permission to edit submitted fields for this organisation
|
||||||
if (!$authorizer->checkAccess($currentUser, 'update_organisation_field', [
|
if (!$authorizer->checkAccess($currentUser, 'update_organisation_field', [
|
||||||
|
|||||||
Reference in New Issue
Block a user