Fix on summit admin groups

dont check on external Change-Id: Ie93a1b108627331e6a56ec621e99efe14b646bb0 Signed-off-by: smarcet <smarcet@gmail.com>
2021-07-16 09:56:39 -03:00 · 2021-07-16 09:56:39 -03:00 · 0409f6fd0f
commit 0409f6fd0f
parent 08cb3cbe52
3 changed files with 12 additions and 5 deletions
--- a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php
+++ b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php
@ -198,7 +198,9 @@ final class OAuth2SummitApiController extends OAuth2ProtectedController

        $current_member = $this->resource_server_context->getCurrentUser();

-        if (!is_null($current_member) && !$current_member->isAdmin() && !$current_member->hasAllowedSummits()) {
+        if (!is_null($current_member) &&
+            !$current_member->isAdmin() &&
+            !$current_member->hasAllowedSummits()) {
            return $this->error403(['message' => sprintf("Member %s has not permission for any Summit", $current_member->getId())]);
        }

--- a/app/Models/Foundation/Main/Member.php
+++ b/app/Models/Foundation/Main/Member.php
@ -729,6 +729,7 @@ class Member extends SilverstripeBaseModel
            Log::debug(sprintf("Member::isAdmin has Super Admin Group On DB"));
            return true;
        }
+
        $adminGroup = $this->getGroupByCode(IGroup::Administrators);
        if (!is_null($adminGroup)) {
            Log::debug(sprintf("Member::isAdmin has Admin Group On DB"));
@ -736,7 +737,7 @@ class Member extends SilverstripeBaseModel
        }

        if (!$skip_external) {
-            Log::debug(sprintf("Member::isAdmin check on external "));
+            Log::debug(sprintf("Member::isAdmin check on external"));
            if ($this->isOnExternalGroup(IGroup::SuperAdmins))
                return true;

@ -763,9 +764,11 @@ class Member extends SilverstripeBaseModel
     */
    public function isOnExternalGroup(string $code): bool
    {
+        Log::debug(sprintf("Member::isOnExternalGroup id %s code %s", $this->id, $code));
        $resource_server_ctx = App::make(IResourceServerContext::class);
        if ($resource_server_ctx instanceof IResourceServerContext) {
            foreach ($resource_server_ctx->getCurrentUserGroups() as $group) {
+                Log::debug(sprintf("Member::isOnExternalGroup id %s code %s external group %s", $this->id, $code, $group['slug']));
                if
                (
                    isset($group['slug']) &&
--- a/app/Models/Foundation/Main/SummitAdministratorPermissionGroup.php
+++ b/app/Models/Foundation/Main/SummitAdministratorPermissionGroup.php
@ -72,6 +72,7 @@ class SummitAdministratorPermissionGroup extends SilverstripeBaseModel
            throw new ValidationException(sprintf("Member %s should belong to following groups (%s)", $member->getId(),
            implode(",", self::ValidGroups)));
        }
+
        if ($this->members->contains($member)) return;
        $this->members->add($member);
        $member->add2SummitAdministratorPermissionGroup($this);
@ -79,9 +80,10 @@ class SummitAdministratorPermissionGroup extends SilverstripeBaseModel

    public function canAddMember(Member $member):bool{
        return
-        $member->isOnGroup(IGroup::SummitAdministrators) ||
-        $member->isOnGroup(IGroup::TrackChairs) ||
-        $member->isOnGroup(IGroup::TrackChairsAdmins);
+        $member->isOnGroup(IGroup::SummitAdministrators, true) ||
+        $member->isOnGroup(IGroup::TrackChairs, true) ||
+        $member->isOnGroup(IGroup::TrackChairsAdmins, true) ||
+        $member->isOnGroup(IGroup::BadgePrinters, true);
    }

    /**