diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index bd327ffe44..07a1514dd1 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -504,8 +504,8 @@ class UsersController extends AUserData { } else { // Check if admin / subadmin $subAdminManager = $this->groupManager->getSubAdmin(); - if ($subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser) - || $this->groupManager->isAdmin($currentLoggedInUser->getUID())) { + if ($this->groupManager->isAdmin($currentLoggedInUser->getUID()) + || $subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) { // They have permissions over the user $permittedFields[] = 'display'; $permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME; diff --git a/lib/private/SubAdmin.php b/lib/private/SubAdmin.php index d292e998ab..890bcf67b3 100644 --- a/lib/private/SubAdmin.php +++ b/lib/private/SubAdmin.php @@ -110,6 +110,25 @@ class SubAdmin extends PublicEmitter implements ISubAdmin { * @return IGroup[] */ public function getSubAdminsGroups(IUser $user): array { + $groupIds = $this->getSubAdminsGroupIds($user); + + $groups = []; + foreach ($groupIds as $groupId) { + $group = $this->groupManager->get($groupId); + if ($group !== null) { + $groups[$group->getGID()] = $group; + } + } + + return $groups; + } + + /** + * Get group ids of a SubAdmin + * @param IUser $user the SubAdmin + * @return string[] + */ + public function getSubAdminsGroupIds(IUser $user): array { $qb = $this->dbConn->getQueryBuilder(); $result = $qb->select('gid') @@ -119,10 +138,7 @@ class SubAdmin extends PublicEmitter implements ISubAdmin { $groups = []; while ($row = $result->fetch()) { - $group = $this->groupManager->get($row['gid']); - if (!is_null($group)) { - $groups[$group->getGID()] = $group; - } + $groups[] = $row['gid']; } $result->closeCursor(); @@ -255,13 +271,11 @@ class SubAdmin extends PublicEmitter implements ISubAdmin { if ($this->groupManager->isAdmin($user->getUID())) { return false; } - $accessibleGroups = $this->getSubAdminsGroups($subadmin); - foreach ($accessibleGroups as $accessibleGroup) { - if ($accessibleGroup->inGroup($user)) { - return true; - } - } - return false; + + $accessibleGroups = $this->getSubAdminsGroupIds($subadmin); + $userGroups = $this->groupManager->getUserGroupIds($user); + + return !empty(array_intersect($accessibleGroups, $userGroups)); } /**