Fixed permission management
This commit is contained in:
@@ -77,38 +77,20 @@ class EventRepository {
|
||||
}
|
||||
|
||||
public function getEventsByCriteria(array $criteria, $accessCheck = true) : array {
|
||||
$tenant = app('tenant');
|
||||
|
||||
$canSeeAll = false;
|
||||
$user = Auth()->user();
|
||||
|
||||
if (!$accessCheck) {
|
||||
$canSeeAll = true;
|
||||
} else {
|
||||
if (
|
||||
new AuthCheckProvider()->isAdministrator() ||
|
||||
$user->user_role_local_group === UserRole::USER_ROLE_ADMIN
|
||||
) {
|
||||
if (
|
||||
$user->user_role_main === UserRole::USER_ROLE_ADMIN ||
|
||||
in_array($user->user_role_local_group, [UserRole::USER_ROLE_GROUP_LEADER, UserRole::USER_ROLE_ADMIN])
|
||||
) {
|
||||
$canSeeAll = true;
|
||||
}
|
||||
} else {
|
||||
if (
|
||||
in_array($user->user_role_main, [UserRole::USER_ROLE_GROUP_LEADER, UserRole::USER_ROLE_ADMIN])
|
||||
) {
|
||||
$canSeeAll = true;
|
||||
}
|
||||
}
|
||||
$canSeeAll = in_array(new AuthCheckProvider()->getUserRole(), [
|
||||
UserRole::USER_ROLE_ADMIN, UserRole::USER_ROLE_GROUP_LEADER
|
||||
]);
|
||||
}
|
||||
|
||||
$visibleEvents = [];
|
||||
/** @var Event $event */
|
||||
foreach (Event::where($criteria)->orderBy('start_date')->get() as $event) {
|
||||
|
||||
if ($canSeeAll || !$accessCheck || $event->eventManagers()->where('user_id', $user->id)->exists()) {
|
||||
if ($canSeeAll || $event->eventManagers()->where('user_id', $user->id)->exists()) {
|
||||
$visibleEvents[] = $event;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user