Refactor permission handling to utilize hierarchy levels for access control across multiple API endpoints, enhancing permission validation logic in contracts, history, application, and user management.

2026-01-29 10:58:03 +01:00
parent 0b090699b8
commit 0723df4516
6 changed files with 58 additions and 24 deletions
--- a/api/v2/post/users.php
+++ b/api/v2/post/users.php
@@ -154,12 +154,15 @@ else {
 //+++++++++++++++++++++++++++++++++++++++++++++
 //RESET VIEW/PERMISSION BASED ON USER PERMISSION
 //+++++++++++++++++++++++++++++++++++++++++++++
+
+$hierarchy_level = getHierarchyLevel($partner);
+
 if($post_content['view']){
-    switch ($permission) {
-        case '4':
+    switch ($hierarchy_level) {
+        case '0':
            //ADMIN+ no override
           break;
-        case '3':
+        case '1':
            //ADMINS cannot set ADMIN+ => reset to admin
            $post_content['view'] = ($post_content['view'] == 5) ? 4 : $post_content['view'];
            break;