Merge pull request #26 from Ioannis/Fix_permission_error_when_act_as_…

…is_on_but_user_not_selected fix actAs permission confilict
internet2 · Aug 23, 2024 · 8743487 · 8743487
2 parents 8028b7e + d9c3bac
commit 8743487
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/Controller/GrouperGroupsController.php b/Controller/GrouperGroupsController.php
@@ -248,7 +248,7 @@ public function findSubscriber(): void
   }
 
   /**
-   * @param   bool  $self   By passes the actAsIdentifier condition
+   * @param   bool  $self   Bypasses the actAsIdentifier condition
    *
    * @return null|string
    */
@@ -521,6 +521,7 @@ public function isAuthorized(): array|bool
     // Find if the user belongs to Group
     $eligibleGroup = $cfg['CoGrouperLiteWidget']['act_as_grp_name'];
     $isActAsEligibilityGroupmember = false;
+    $isActAsEnabled = !empty($eligibleGroup) && ($this->getUserId(self: true) !== $this->getUserId());
 
     if(!empty($eligibleGroup)) {
       $isActAsEligibilityGroupmember = $this->GrouperGroup->isGroupMember($this->getUserId(self: true),
@@ -542,16 +543,16 @@ public function isAuthorized(): array|bool
     $p['groupmemberapi'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']);
     $p['getBaseConfig'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']);
     $p['groupSubscribers'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']);
-    $p['addSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember;
+    $p['addSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled;
     $p['findSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']);
     $p['usermanager'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']);
     $p['usermanagerapi'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']);
-    $p['removeSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember;
+    $p['removeSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled;
 
-    $p['groupCreate'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember;
-    $p['joinGroup'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember;
-    $p['leaveGroup'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember;
-    $p['groupcreatetemplate'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember;
+    $p['groupCreate'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled;
+    $p['joinGroup'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled;
+    $p['leaveGroup'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled;
+    $p['groupcreatetemplate'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled;
     $p['actAsAction'] = $isActAsEligibilityGroupmember;
 
     $this->set('permissions', $p);