Skip to content

Commit

Permalink
Allow sub-admins to access delegated settings.
Browse files Browse the repository at this point in the history
Signed-off-by: Claus-Justus Heine <himself@claus-justus-heine.de>
  • Loading branch information
rotdrop authored and backportbot[bot] committed Feb 10, 2022
1 parent 1e2baa5 commit e8d541b
Showing 1 changed file with 11 additions and 14 deletions.
25 changes: 11 additions & 14 deletions lib/private/Settings/Manager.php
Original file line number Diff line number Diff line change
Expand Up @@ -335,23 +335,20 @@ public function getPersonalSettings($section): array {

public function getAllowedAdminSettings(string $section, IUser $user): array {
$isAdmin = $this->groupManager->isAdmin($user->getUID());
$isSubAdmin = $this->subAdmin->isSubAdmin($user);
$subAdminOnly = !$isAdmin && $isSubAdmin;

if ($subAdminOnly) {
// not an admin => look if the user is still authorized to access some
// settings
$subAdminSettingsFilter = function (ISettings $settings) {
return $settings instanceof ISubAdminSettings;
};
$appSettings = $this->getSettings('admin', $section, $subAdminSettingsFilter);
} elseif ($isAdmin) {
if ($isAdmin) {
$appSettings = $this->getSettings('admin', $section);
} else {
$authorizedSettingsClasses = $this->mapper->findAllClassesForUser($user);
$authorizedGroupFilter = function (ISettings $settings) use ($authorizedSettingsClasses) {
return in_array(get_class($settings), $authorizedSettingsClasses) === true;
};
if ($this->subAdmin->isSubAdmin($user)) {
$authorizedGroupFilter = function (ISettings $settings) use ($authorizedSettingsClasses) {
return $settings instanceof ISubAdminSettings
|| in_array(get_class($settings), $authorizedSettingsClasses) === true;
};
} else {
$authorizedGroupFilter = function (ISettings $settings) use ($authorizedSettingsClasses) {
return in_array(get_class($settings), $authorizedSettingsClasses) === true;
};
}
$appSettings = $this->getSettings('admin', $section, $authorizedGroupFilter);
}

Expand Down

0 comments on commit e8d541b

Please sign in to comment.