summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--apps/provisioning_api/lib/Controller/UsersController.php4
-rw-r--r--lib/private/SubAdmin.php36
2 files changed, 27 insertions, 13 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index bd327ffe441..07a1514dd1f 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -504,8 +504,8 @@ class UsersController extends AUserData {
} else {
// Check if admin / subadmin
$subAdminManager = $this->groupManager->getSubAdmin();
- if ($subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)
- || $this->groupManager->isAdmin($currentLoggedInUser->getUID())) {
+ if ($this->groupManager->isAdmin($currentLoggedInUser->getUID())
+ || $subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) {
// They have permissions over the user
$permittedFields[] = 'display';
$permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME;
diff --git a/lib/private/SubAdmin.php b/lib/private/SubAdmin.php
index d292e998ab9..890bcf67b3b 100644
--- a/lib/private/SubAdmin.php
+++ b/lib/private/SubAdmin.php
@@ -110,6 +110,25 @@ class SubAdmin extends PublicEmitter implements ISubAdmin {
* @return IGroup[]
*/
public function getSubAdminsGroups(IUser $user): array {
+ $groupIds = $this->getSubAdminsGroupIds($user);
+
+ $groups = [];
+ foreach ($groupIds as $groupId) {
+ $group = $this->groupManager->get($groupId);
+ if ($group !== null) {
+ $groups[$group->getGID()] = $group;
+ }
+ }
+
+ return $groups;
+ }
+
+ /**
+ * Get group ids of a SubAdmin
+ * @param IUser $user the SubAdmin
+ * @return string[]
+ */
+ public function getSubAdminsGroupIds(IUser $user): array {
$qb = $this->dbConn->getQueryBuilder();
$result = $qb->select('gid')
@@ -119,10 +138,7 @@ class SubAdmin extends PublicEmitter implements ISubAdmin {
$groups = [];
while ($row = $result->fetch()) {
- $group = $this->groupManager->get($row['gid']);
- if (!is_null($group)) {
- $groups[$group->getGID()] = $group;
- }
+ $groups[] = $row['gid'];
}
$result->closeCursor();
@@ -255,13 +271,11 @@ class SubAdmin extends PublicEmitter implements ISubAdmin {
if ($this->groupManager->isAdmin($user->getUID())) {
return false;
}
- $accessibleGroups = $this->getSubAdminsGroups($subadmin);
- foreach ($accessibleGroups as $accessibleGroup) {
- if ($accessibleGroup->inGroup($user)) {
- return true;
- }
- }
- return false;
+
+ $accessibleGroups = $this->getSubAdminsGroupIds($subadmin);
+ $userGroups = $this->groupManager->getUserGroupIds($user);
+
+ return !empty(array_intersect($accessibleGroups, $userGroups));
}
/**