]> _ Git - cubedesigners_userdatabase.git/commitdiff
projects / cubedesigners_userdatabase.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 302264c)
wip #5627 @0.5
authorVincent Vanwaelscappel <vincent@cubedesigners.com>
Tue, 6 Dec 2022 07:18:02 +0000 (08:18 +0100)
committerVincent Vanwaelscappel <vincent@cubedesigners.com>
Tue, 6 Dec 2022 07:18:02 +0000 (08:18 +0100)
src/app/Models/User.php patch | blob | history
src/app/Operations/LoginasOperation.php patch | blob | history

diff --git a/src/app/Models/User.php b/src/app/Models/User.php
index d7afa13eb9b557c26668ade9db34bfaa3c35371c..9ad9c8d217d6f090d1e536c6c2d17e29ae262f95 100644 (file)
--- a/src/app/Models/User.php
+++ b/src/app/Models/User.php
@@ -218,8 +218,11 @@ class User extends CubistMagicAuthenticatable
         if (null === $user) {
             return false;
         }
+        if ($user->company == 7 && !$this->can('loginascube')) {
+            return false;
+        }
         /** @var $user self */
-        return in_array($this->id, $user->getManagedUsers());
+        return in_array($user->id, $this->getManagedUsers());
     }
 
 
diff --git a/src/app/Operations/LoginasOperation.php b/src/app/Operations/LoginasOperation.php
index a384ac0da14b035ef834cbe9f5f48fed6e650bde..7fa54393a58972508bb25cf6c2e9712b920d857b 100644 (file)
--- a/src/app/Operations/LoginasOperation.php
+++ b/src/app/Operations/LoginasOperation.php
@@ -20,12 +20,15 @@ trait LoginasOperation
     protected function loginas($id)
     {
         $user = User::find($id);
+        if (!$this->canLoginas($user)) {
+            abort(403);
+        }
         backpack_auth()->login($user);
         return redirect('dashboard');
     }
 
     public function canLoginas($user)
     {
-        return $this->isOwner($user);
+        return backpack_user()->isOwner($user);
     }
 }
Unnamed repository; edit this file 'description' to name the repository.