Group users by company + allow admins to set user/admin role
- Superadmin sees users grouped by company with header rows - Admins can now set user or admin role when creating/editing users - Admin role change restricted to own company only - Prevents admin from modifying superadmin roles Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
14
api.php
14
api.php
@@ -1919,9 +1919,10 @@ switch ($action) {
|
||||
}
|
||||
}
|
||||
} elseif (!$isSA) {
|
||||
// Admin luo käyttäjiä vain omaan yritykseensä -> oletusrooli user
|
||||
// Admin luo käyttäjiä omaan yritykseensä — voi valita admin tai user
|
||||
$myCompanyId = $_SESSION['company_id'] ?? '';
|
||||
$companyRoles[$myCompanyId] = 'user';
|
||||
$requestedRole = $input['company_roles'][$myCompanyId] ?? 'user';
|
||||
$companyRoles[$myCompanyId] = in_array($requestedRole, ['admin', 'user']) ? $requestedRole : 'user';
|
||||
}
|
||||
$newUser = [
|
||||
'id' => generateId(),
|
||||
@@ -1982,9 +1983,12 @@ switch ($action) {
|
||||
if (isset($input['company_roles']) && is_array($input['company_roles'])) {
|
||||
$companyRoles = $u['company_roles'] ?? [];
|
||||
foreach ($input['company_roles'] as $cid => $crole) {
|
||||
if (in_array($cid, $u['companies'] ?? []) && in_array($crole, ['admin', 'user'])) {
|
||||
$companyRoles[$cid] = $crole;
|
||||
}
|
||||
if (!in_array($cid, $u['companies'] ?? []) || !in_array($crole, ['admin', 'user'])) continue;
|
||||
// Admin voi muuttaa vain oman yrityksensä rooleja
|
||||
if (!$isSA && $cid !== $myCompanyId) continue;
|
||||
// Admin ei voi muuttaa superadminin roolia
|
||||
if (!$isSA && ($u['role'] === 'superadmin')) continue;
|
||||
$companyRoles[$cid] = $crole;
|
||||
}
|
||||
$u['company_roles'] = $companyRoles;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user