Fixed promotion/demotion permission check

2022-03-02 15:34:39 +00:00
parent d5526083dd
commit 9a0fc3f3bd
1 changed files with 6 additions and 2 deletions
--- a/src/Controller/OrganisationMembersController.php
+++ b/src/Controller/OrganisationMembersController.php
@@ -434,7 +434,8 @@ class OrganisationMembersController extends SimpleController

        // Access-controlled page
        if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
-            'organisation' => $organisation
+            'organisation' => $organisation,
+            'user'         => $user,
        ])) {
            throw new ForbiddenException();
        }
@@ -530,7 +531,8 @@ class OrganisationMembersController extends SimpleController

        // Access-controlled page
        if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
-            'organisation' => $organisation
+            'organisation' => $organisation,
+            'user'         => $user,
        ])) {
            throw new ForbiddenException();
        }
@@ -1193,6 +1195,7 @@ class OrganisationMembersController extends SimpleController
        // Access-controlled page
        if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
            'organisation' => $organisation,
+            'user'         => $user,
        ])) {
            throw new ForbiddenException();
        }
@@ -1241,6 +1244,7 @@ class OrganisationMembersController extends SimpleController
        // Access-controlled page
        if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
            'organisation' => $organisation,
+            'user'         => $user,
        ])) {
            throw new ForbiddenException();
        }