FIX: allow creating communication target if editing own profile
This commit is contained in:
parent
376d9e0c11
commit
27295c704c
|
@ -164,20 +164,28 @@ pub fn api_communication_targets_delete(
|
|||
settings: &State<Settings>,
|
||||
target_id: String,
|
||||
) -> Result<(), Json<ApiErrorWrapper>> {
|
||||
let member = parse_member_cookie(cookie.member)?;
|
||||
let caller = parse_member_cookie(cookie.member)?;
|
||||
let target_id = parse_uuid_string(target_id)?;
|
||||
|
||||
let target = match get_communication_target(settings, target_id){
|
||||
let target = match get_communication_target(settings, target_id) {
|
||||
Ok(target) => target,
|
||||
Err(e) => {
|
||||
return Err(translate_diesel(e))
|
||||
}
|
||||
};
|
||||
|
||||
let groups = get_groups_for_member(settings, target.entity_id).unwrap().into_iter().map(|m|crate::modules::member_management::model::groups::Group::from(m)).collect();
|
||||
let groups = get_groups_for_member(settings, target.entity_id).unwrap().into_iter().map(|m| crate::modules::member_management::model::groups::Group::from(m)).collect();
|
||||
|
||||
if !check_access_to_member_or_group(settings, target.entity_id, groups, member.entity_id, crate::permissions::modules::member_management::profile::communication::EDIT.to_string()){
|
||||
return Err(Json(ApiError::new(401, "Keine Berechtigung Kommunikationseintrag zu löschen!".to_string()).to_wrapper()))
|
||||
if target.entity_id != caller.entity_id { //if Member edits own communication target, do not check permissions
|
||||
if !check_access_to_member_or_group(settings, target.entity_id, groups, caller.entity_id, crate::permissions::modules::member_management::profile::communication::EDIT.to_string()) {
|
||||
return Err(Json(
|
||||
ApiError::new(
|
||||
403,
|
||||
"Keine Berechtigung, Kommunikationsziel zu entfernen!".to_string(),
|
||||
)
|
||||
.to_wrapper(),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
match remove_communication_target(settings, target_id) {
|
||||
|
|
Loading…
Reference in New Issue