Skip to content

Commit

Permalink
Merge pull request #460 from Sae126V/GT-182-Restrict-who-can-create-S…
Browse files Browse the repository at this point in the history
…ervice-Groups

[GT-182] Add restrictions on who can create SG's
  • Loading branch information
gregcorbett authored Sep 11, 2023
2 parents 574f1ea + 7b85831 commit 643461f
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions htdocs/web_portal/controllers/service_group/add_service_group.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
/*====================================================== */
use Exception;

require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
require_once __DIR__ . '/../../components/Get_User_Principle.php';
require_once __DIR__ . '/../utils.php';
Expand Down Expand Up @@ -74,6 +76,20 @@ function draw($user) {
throw new \Exception("Unregistered users can't create service groups.");
}

$hasAdminCredentials = $user->isAdmin();
$roleService = \Factory::getRoleService();
$userRoles = $roleService->getUserRoles($user);

$isUserValid = $hasAdminCredentials ? true : !empty($userRoles);

if (!$isUserValid) {
throw new Exception(
"You do not have permission to add a new "
. "Service Group. To add a new Service Group, you require "
. "at least one role assigned over an entity in GOCDB."
);
}

// can user assign reserved scopes ?
$disableReservedScopes = true;
if ($user->isAdmin()) {
Expand Down

0 comments on commit 643461f

Please sign in to comment.