diff --git a/Controller/GrouperGroupsController.php b/Controller/GrouperGroupsController.php index 8683bc6..8025e34 100644 --- a/Controller/GrouperGroupsController.php +++ b/Controller/GrouperGroupsController.php @@ -248,7 +248,7 @@ public function findSubscriber(): void } /** - * @param bool $self By passes the actAsIdentifier condition + * @param bool $self Bypasses the actAsIdentifier condition * * @return null|string */ @@ -521,6 +521,7 @@ public function isAuthorized(): array|bool // Find if the user belongs to Group $eligibleGroup = $cfg['CoGrouperLiteWidget']['act_as_grp_name']; $isActAsEligibilityGroupmember = false; + $isActAsEnabled = !empty($eligibleGroup) && ($this->getUserId(self: true) !== $this->getUserId()); if(!empty($eligibleGroup)) { $isActAsEligibilityGroupmember = $this->GrouperGroup->isGroupMember($this->getUserId(self: true), @@ -542,16 +543,16 @@ public function isAuthorized(): array|bool $p['groupmemberapi'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']); $p['getBaseConfig'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']); $p['groupSubscribers'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']); - $p['addSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember; + $p['addSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled; $p['findSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']); $p['usermanager'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']); $p['usermanagerapi'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']); - $p['removeSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember; + $p['removeSubscriber'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled; - $p['groupCreate'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember; - $p['joinGroup'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember; - $p['leaveGroup'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember; - $p['groupcreatetemplate'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEligibilityGroupmember; + $p['groupCreate'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled; + $p['joinGroup'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled; + $p['leaveGroup'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled; + $p['groupcreatetemplate'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']) && !$isActAsEnabled; $p['actAsAction'] = $isActAsEligibilityGroupmember; $this->set('permissions', $p);