aboutsummaryrefslogtreecommitdiff
path: root/lib/classes/JsonApi/Routes/InstituteMemberships/ByUserIndex.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/classes/JsonApi/Routes/InstituteMemberships/ByUserIndex.php')
-rw-r--r--lib/classes/JsonApi/Routes/InstituteMemberships/ByUserIndex.php7
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/classes/JsonApi/Routes/InstituteMemberships/ByUserIndex.php b/lib/classes/JsonApi/Routes/InstituteMemberships/ByUserIndex.php
index 2fd9833..c7612e1 100644
--- a/lib/classes/JsonApi/Routes/InstituteMemberships/ByUserIndex.php
+++ b/lib/classes/JsonApi/Routes/InstituteMemberships/ByUserIndex.php
@@ -5,9 +5,9 @@ namespace JsonApi\Routes\InstituteMemberships;
use JsonApi\Errors\AuthorizationFailedException;
use JsonApi\Errors\RecordNotFoundException;
use JsonApi\JsonApiController;
+use JsonApi\Routes\Users\Authority;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
-use JsonApi\Routes\Institutes\Authority;
class ByUserIndex extends JsonApiController
{
@@ -24,11 +24,14 @@ class ByUserIndex extends JsonApiController
throw new RecordNotFoundException();
}
- if (!Authority::canIndexInstitutesOfUser($this->getUser($request), $user)) {
+ if (!Authority::canShowUser($this->getUser($request), $user)) {
throw new AuthorizationFailedException();
}
$institutes = $user->institute_memberships;
+ if (!$GLOBALS['perm']->have_profile_perm('user', $user->id)) {
+ $institutes = $institutes->filter(fn($membership) => $membership->inst_perms !== 'user');
+ }
$total = count($institutes);
list($offset, $limit) = $this->getOffsetAndLimit();
generated by cgit v1.0 at 2026-05-27 05:22:57 +0000