|
|
@@ -48,19 +48,30 @@ class Permission extends Model
|
|
|
public function ModifyRole(string $adminUid, string $uid, string $rights)
|
|
|
{
|
|
|
// Verify that the current user has permission to modify permissions
|
|
|
- $data = DB::select("select uid, role from permission where uid = ? and is_del = false and status = ? and role & ? > 0;", [$adminUid, "normal", SUPER_ADMIN | SYSTEM_ADMIN]);
|
|
|
- log::debug($data);
|
|
|
+ $rows = DB::select("select uid, role from permission where uid = ? and is_del = false and status = ? and role & ? > 0;", [$adminUid, "normal", SUPER_ADMIN | SYSTEM_ADMIN]);
|
|
|
+ if (!$rows) {
|
|
|
+ log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but permission denied");
|
|
|
+ return "permission denied";
|
|
|
+ }
|
|
|
+
|
|
|
+ $data = null;
|
|
|
+ foreach ($rows as $d){
|
|
|
+ $data = $d;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+
|
|
|
if (!$data) {
|
|
|
log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but permission denied");
|
|
|
return "permission denied";
|
|
|
}
|
|
|
+
|
|
|
if ($data->uid < 1) {
|
|
|
log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but invalid admin uid: " . $adminUid);
|
|
|
return "invalid admin uid: " . $adminUid;
|
|
|
}
|
|
|
|
|
|
- if ($data->right >= $rights) {
|
|
|
- log::debug("ModifyRole with adminUid: " . $adminUid . ", admin role: ". $data->role . ", uid: " . $uid . ", rights: " . $rights . " but have no permission to grant higher rights");
|
|
|
+ if ($data->role >= $rights) {
|
|
|
+ log::debug("ModifyRole with adminUid: " . $adminUid . ", admin role: ". $data->uid . ", uid: " . $uid . ", rights: " . $rights . " but have no permission to grant higher rights");
|
|
|
return "have no permission to grant higher rights";
|
|
|
}
|
|
|
|
