diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2017-01-10 13:24:44 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2017-01-10 17:16:22 +0000 |
| commit | d5641749504a8eb9295f95bac412cb3737256476 (patch) | |
| tree | 7b5536582e9efe20aaf1e319947150bc3ff6b384 /perllib/FixMyStreet/DB | |
| parent | dbed1557237be7a6a6ac31566b06b8ad24e2282c (diff) | |
Update has_body_permission_to to allow superusers.
Diffstat (limited to 'perllib/FixMyStreet/DB')
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index 72acb6940..135f9b4a5 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -287,23 +287,26 @@ sub has_permission_to { =head2 has_body_permission_to -Checks if the User has a from_body set, and the specified permission on that body. +Checks if the User has a from_body set, the specified permission on that body, +and optionally that their from_body is one particular body. Instead of saying: - ($user->from_body && $user->has_permission_to('user_edit', $user->from_body->id)) + ($user->from_body && $user->from_body->id == $body_id && $user->has_permission_to('user_edit', $body_id)) You can just say: - $user->has_body_permission_to('user_edit') - -NB unlike has_permission_to, this doesn't blindly return 1 if the user is a superuser. + $user->has_body_permission_to('user_edit', $body_id) =cut sub has_body_permission_to { - my ($self, $permission_type) = @_; + my ($self, $permission_type, $body_id) = @_; + + return 1 if $self->is_superuser; + return unless $self->from_body; + return if $body_id && $self->from_body->id != $body_id; return $self->has_permission_to($permission_type, $self->from_body->id); } |