[GT-182] Add restriction on who can create SG's

Sae126V · Sep 11, 2023 · a50e258 · a50e258
1 parent 6cd738d
commit a50e258
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/htdocs/web_portal/controllers/service_group/add_service_group.php b/htdocs/web_portal/controllers/service_group/add_service_group.php
@@ -22,6 +22,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
   /*====================================================== */
+use Exception;
+
 require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
 require_once __DIR__ . '/../../components/Get_User_Principle.php';
 require_once __DIR__ . '/../utils.php';
@@ -74,9 +76,23 @@ function draw($user) {
             throw new \Exception("Unregistered users can't create service groups.");
         }
 
+        $hasAdminCredentials = $user->isAdmin();
+        $roleService = \Factory::getRoleService();
+        $userRoles = $roleService->getUserRoles($user);
+
+        $isUserValid = $hasAdminCredentials ? true : !empty($userRoles);
+
+        if (!$isUserValid) {
+            throw new Exception(
+                "You do not have permission to add a new "
+                . "Service Group. To add a new Service Group, you require "
+                . "atleast one role assigned over an entity in GOCDB."
+            );
+        }
+
         // can user assign reserved scopes ?
         $disableReservedScopes = true;
-        if ($user->isAdmin()) {
+        if ($hasAdminCredentials) {
             $disableReservedScopes = false;
         }