|
|
@@ -31,6 +31,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
CONST ISAUTH_URI = 'api/user/isauthenticated';
|
|
|
CONST LOGOUT_URI = 'logout';
|
|
|
CONST GROUP_FE_ALL_UID = 18076;
|
|
|
+ CONST GROUP_ADMIN_STANDARD_UID = 1;
|
|
|
+ CONST GROUP_ADMIN_PREMIUM_UID = 3;
|
|
|
|
|
|
// Cookies' domain needs to be the same that the api's cookies, or guzzle will ignore them.
|
|
|
CONST COOKIE_DOMAIN = 'opentalent.fr';
|
|
|
@@ -368,13 +370,22 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
// Loop over the accesses of the user to list the matching organization groups
|
|
|
if ($userApiData['accesses']) {
|
|
|
foreach ($userApiData['accesses'] as $accessData) {
|
|
|
- if ($isBackend && !$accessData['isEditor']) {
|
|
|
+ if ($isBackend && !$accessData['isEditor'] && !$accessData['admin_access']) {
|
|
|
continue;
|
|
|
}
|
|
|
|
|
|
+ if ($isBackend && $accessData['admin_access']) {
|
|
|
+ $adminGroupUid = $accessData['product'] === 'artist_premium' ?
|
|
|
+ self::GROUP_ADMIN_PREMIUM_UID :
|
|
|
+ self::GROUP_ADMIN_STANDARD_UID;
|
|
|
+ if (!in_array($adminGroupUid, $groupsUid)) {
|
|
|
+ $groupsUid[] = $adminGroupUid;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
$organizationId = $accessData['organizationId'];
|
|
|
|
|
|
- // get the fe_group for this organization
|
|
|
+ // get the group for this organization
|
|
|
$groupUid = $connection->fetchOne(
|
|
|
"select g.uid
|
|
|
from typo3.$group_table g
|
Olivier Massot