File tree Expand file tree Collapse file tree 1 file changed +36
-0
lines changed
Expand file tree Collapse file tree 1 file changed +36
-0
lines changed Original file line number Diff line number Diff line change @@ -73,6 +73,42 @@ private function getModuleRights(): array
7373 $ granted [] = $ right ;
7474 }
7575
76+ return $ this ->stripRights ($ granted );
77+ }
78+
79+ /**
80+ * Conditionally removes granted rights
81+ *
82+ * @param array $granted
83+ *
84+ * @return array
85+ */
86+ private function stripRights (array $ granted ): array
87+ {
88+ return $ this ->stripStorageModuleRight ($ granted );
89+ }
90+
91+ /**
92+ * Tbf this is a bit fishy, because backend checks directly lock state, so while front won't have the right to access
93+ * the module, backend still will. This should not cause any problems because the right is stripped only when
94+ * no storage-based module access is granted anyway, so there is no data to be manipulated.
95+ *
96+ * @param array $granted
97+ *
98+ * @return array
99+ */
100+ private function stripStorageModuleRight (array $ granted ): array
101+ {
102+ if (
103+ in_array (UserModuleRightEnum::CAN_ACCESS_STORAGE_MODULE ->name , $ granted )
104+ && !in_array (UserModuleRightEnum::CAN_ACCESS_FILES_MODULE ->name , $ granted )
105+ && !in_array (UserModuleRightEnum::CAN_ACCESS_VIDEOS_MODULE ->name , $ granted )
106+ && !in_array (UserModuleRightEnum::CAN_ACCESS_IMAGES_MODULE ->name , $ granted )
107+ ) {
108+ $ index = array_search (UserModuleRightEnum::CAN_ACCESS_STORAGE_MODULE ->name , $ granted );
109+ unset($ granted [$ index ]);
110+ }
111+
76112 return $ granted ;
77113 }
78114}
You can’t perform that action at this time.
0 commit comments