Merge pull request GOCDB#460 from Sae126V/GT-182-Restrict-who-can-cre…

…ate-Service-Groups [GT-182] Add restrictions on who can create SG's
Sae126V · Sep 11, 2023 · 643461f · 643461f
2 parents 574f1ea + 7b85831
commit 643461f
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/htdocs/web_portal/controllers/service_group/add_service_group.php b/htdocs/web_portal/controllers/service_group/add_service_group.php
@@ -22,6 +22,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
   /*====================================================== */
+use Exception;
+
 require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
 require_once __DIR__ . '/../../components/Get_User_Principle.php';
 require_once __DIR__ . '/../utils.php';
@@ -74,6 +76,20 @@ function draw($user) {
             throw new \Exception("Unregistered users can't create service groups.");
         }
 
+        $hasAdminCredentials = $user->isAdmin();
+        $roleService = \Factory::getRoleService();
+        $userRoles = $roleService->getUserRoles($user);
+
+        $isUserValid = $hasAdminCredentials ? true : !empty($userRoles);
+
+        if (!$isUserValid) {
+            throw new Exception(
+                "You do not have permission to add a new "
+                . "Service Group. To add a new Service Group, you require "
+                . "at least one role assigned over an entity in GOCDB."
+            );
+        }
+
         // can user assign reserved scopes ?
         $disableReservedScopes = true;
         if ($user->isAdmin()) {