AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Fixed promotion/demotion permission check

Browse Source
This commit is contained in:
Craig Williams
2022-03-02 15:34:39 +00:00
parent d5526083dd
commit 9a0fc3f3bd
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Controller/OrganisationMembersController.php
View File

@@ -434,7 +434,8 @@ class OrganisationMembersController extends SimpleController
// Access-controlled page // Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [ if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation 'organisation' => $organisation,
'user' => $user,
])) { ])) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
@@ -530,7 +531,8 @@ class OrganisationMembersController extends SimpleController
// Access-controlled page // Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [ if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation 'organisation' => $organisation,
'user' => $user,
])) { ])) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
@@ -1193,6 +1195,7 @@ class OrganisationMembersController extends SimpleController
// Access-controlled page // Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [ if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation, 'organisation' => $organisation,
'user' => $user,
])) { ])) {
throw new ForbiddenException(); throw new ForbiddenException();
} }
@@ -1241,6 +1244,7 @@ class OrganisationMembersController extends SimpleController
// Access-controlled page // Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [ if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation, 'organisation' => $organisation,
'user' => $user,
])) { ])) {
throw new ForbiddenException(); throw new ForbiddenException();
} }