Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removed notification + new react structure

Browse Source
This commit is contained in:
Roman
2022-11-23 23:36:30 +01:00
parent 303a5b69b5
commit b1c4c9e976
76 changed files with 10221 additions and 616 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
Core/API/UserAPI.class.php
View File

@@ -328,37 +328,13 @@ namespace Core\API\User {
} else {
$queriedUser = $user->jsonSerialize();
// either we are querying own info or we are support / admin
$currentUser = $this->context->getUser();
$canView = ($userId === $currentUser->getId() ||
$currentUser->hasGroup(Group::ADMIN) ||
$currentUser->hasGroup(Group::SUPPORT));
// full info only when we have administrative privileges, or we are querying ourselves
$fullInfo = ($userId === $currentUser->getId() ||
$currentUser->hasGroup(Group::ADMIN) ||
$currentUser->hasGroup(Group::SUPPORT));
if (!$canView) {
// check if user posted something publicly
$res = $sql->select(new JsonArrayAgg(new Column("publishedBy"), "publisherIds"))
->from("News")
->execute();
$this->success = ($res !== false);
$this->lastError = $sql->getLastError();
if (!$this->success) {
return false;
} else {
$canView = in_array($userId, json_decode($res[0]["publisherIds"], true));
}
}
if (!$canView) {
return $this->createError("No permissions to access this user");
}
if (!$fullInfo) {
if (!$queriedUser["confirmed"]) {
return $this->createError("No permissions to access this user");