From f01c93e16206a3efa6614e0b0dc704ddca880ce6 Mon Sep 17 00:00:00 2001 From: Sxderp Date: Mon, 5 Apr 2021 23:26:06 -0400 Subject: [PATCH] Extend #6229 to include superuser permission check (#6772) --- app/Models/User.php | 48 ++++++++++++++++++++------------------------- 1 file changed, 21 insertions(+), 27 deletions(-) diff --git a/app/Models/User.php b/app/Models/User.php index 2898d45a6a..8f86811c81 100755 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -114,20 +114,12 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo /** - * Check user permissions + * Internally check the user permission for the given section * - * Parses the user and group permission masks to see if the user - * is authorized to do the thing - * - * @author A. Gianotto - * @since [v1.0] * @return boolean */ - public function hasAccess($section) + protected function checkPermissionSection($section) { - if ($this->isSuperUser()) { - return true; - } $user_groups = $this->groups; @@ -158,6 +150,24 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo return false; } + /** + * Check user permissions + * + * Parses the user and group permission masks to see if the user + * is authorized to do the thing + * + * @author A. Gianotto + * @since [v1.0] + * @return boolean + */ + public function hasAccess($section) + { + if ($this->isSuperUser()) { + return true; + } + return $this->checkPermissionSection($section); + } + /** * Checks if the user is a SuperUser * @@ -167,23 +177,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo */ public function isSuperUser() { - if (!$user_permissions = json_decode($this->permissions, true)) { - return false; - } - - foreach ($this->groups as $user_group) { - $group_permissions = json_decode($user_group->permissions, true); - $group_array = (array)$group_permissions; - if ((array_key_exists('superuser', $group_array)) && ($group_permissions['superuser']=='1')) { - return true; - } - } - - if ((array_key_exists('superuser', $user_permissions)) && ($user_permissions['superuser']=='1')) { - return true; - } - - return false; + return $this->checkPermissionSection('superuser'); }