#7391 Validation::getAdministrationLevel implementation updated

pkp · Oct 24, 2022 · 775bdea · 775bdea
1 parent a78c3fa
commit 775bdea
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 34 deletions.
diff --git a/classes/security/Validation.php b/classes/security/Validation.php
@@ -490,7 +490,7 @@ public static function canAdminister($administeredUserId, $administratorUserId)
      * @param int   $administratorUserId    User ID of user who wants to do the administrating
      * @param int   $contextId              The journal/context Id
      * 
-     * @return int The authorized adminstration level 
+     * @return int The authorized administration level 
      */
     public static function getAdministrationLevel(int $administeredUserId, int $administratorUserId, int $contextId = null): int
     {
@@ -504,7 +504,7 @@ public static function getAdministrationLevel(int $administeredUserId, int $admi
             ->filterByContextIds([\PKP\core\PKPApplication::CONTEXT_SITE])
             ->filterByRoleIds([Role::ROLE_ID_SITE_ADMIN]);
 
-        // You cannot adminster administrators
+        // You cannot administer administrators
         if ($filteredSiteAdminUserGroups->filterByUserIds([$administeredUserId])->getCount() > 0) {
             return self::ADMINISTRATION_PROHIBITED;
         }
@@ -514,26 +514,41 @@ public static function getAdministrationLevel(int $administeredUserId, int $admi
             return self::ADMINISTRATION_FULL;
         }
 
+        // Make sure the administering user has a manager role somewhere
+        $roleManagerCount = Repo::userGroup()
+            ->getCollector()
+            ->filterByUserIds([$administratorUserId])
+            ->filterByRoleIds([Role::ROLE_ID_MANAGER])
+            ->getCount();
+
+        if ( $roleManagerCount <= 0 ) {
+            return self::ADMINISTRATION_PROHIBITED;
+        }
+
+        $administeredUserAssignedGroupIds = Repo::userGroup()
+            ->getCollector()
+            ->filterByUserIds([$administeredUserId])
+            ->getMany()
+            ->map(fn($userGroup) => $userGroup->getContextId())
+            ->sort()
+            ->toArray();
+
+        $administratorUserAssignedGroupIds = Repo::userGroup()
+            ->getCollector()
+            ->filterByUserIds([$administratorUserId])
+            ->filterByRoleIds([Role::ROLE_ID_MANAGER])
+            ->getMany()
+            ->map(fn($userGroup) => $userGroup->getContextId())
+            ->sort()
+            ->toArray();
+
         // Check for administered user group assignments in other contexts
         // that the administrator user doesn't have a manager role in.
-        $userGroupsCount = Repo::userGroup()
-            ->userUserGroups($administeredUserId)
-            ->filter(fn($userGroup) => 
-                $userGroup->getContextId() != \PKP\core\PKPApplication::CONTEXT_SITE &&
-                !Repo::userGroup()
-                    ->getCollector()
-                    ->filterByContextIds([$userGroup->getContextId()])
-                    ->filterByUserIds([$administratorUserId])
-                    ->filterByRoleIds([Role::ROLE_ID_MANAGER])
-                    ->getCount()
-            )
-            ->count();
-
-        if ( $userGroupsCount > 0 ) {
+        if ( collect($administeredUserAssignedGroupIds)->diff($administratorUserAssignedGroupIds)->count() > 0 ) {
             // Found an assignment: disqualified.
             // But also determine if a partial administrate is allowed
             // if the Administrator User is a Journal Manager in the current context
-            if ($contextId && 
+            if ($contextId !== null && 
                 Repo::userGroup()
                     ->getCollector()
                     ->filterByContextIds([$contextId])
@@ -545,17 +560,6 @@ public static function getAdministrationLevel(int $administeredUserId, int $admi
             return self::ADMINISTRATION_PROHIBITED;
         }
 
-        // Make sure the administering user has a manager role somewhere
-        $roleManagerCount = Repo::userGroup()
-            ->getCollector()
-            ->filterByUserIds([$administratorUserId])
-            ->filterByRoleIds([Role::ROLE_ID_MANAGER])
-            ->getCount();
-
-        if ( $roleManagerCount <= 0 ) {
-            return self::ADMINISTRATION_PROHIBITED;
-        }
-
         // There were no conflicting roles. Permit administration.
         return self::ADMINISTRATION_FULL;
     }

diff --git a/classes/userGroup/Repository.php b/classes/userGroup/Repository.php
@@ -247,11 +247,11 @@ public function userInGroup(int $userId, int $userGroupId): bool
     */
     public function contextHasGroup(int $contextId, int $userGroupId): bool
     {
-		return Repo::userGroup()
-			->getCollector()
-			->filterByContextIds([$contextId])
-			->filterByUserGroupIds([$userGroupId])
-			->getCount() > 0;
+        return Repo::userGroup()
+            ->getCollector()
+            ->filterByContextIds([$contextId])
+            ->filterByUserGroupIds([$userGroupId])
+            ->getCount() > 0;
     }
 
     public function assignUserToGroup(int $userId, int $userGroupId): UserUserGroup

diff --git a/templates/common/userDetailsReadOnly.tpl b/templates/common/userDetailsReadOnly.tpl
@@ -1,5 +1,5 @@
 {**
- * common/userDetailsReadOnly.tpl
+ * templates/common/userDetailsReadOnly.tpl
  *
  * Copyright (c) 2014-2022 Simon Fraser University
  * Copyright (c) 2003-2022 John Willinsky