master
yuan 7 years ago
parent c964f93649
commit bf1770d552

@ -57,7 +57,7 @@ public class ManagerAccountServiceImpl implements ManagerAccountsService {
@Override @Override
public void saveManager(ManagerInfo manager, JSONObject loginManager) { public void saveManager(ManagerInfo manager, JSONObject loginManager) {
if (!ManagerRole.ADMIN.hasRole(loginManager.getIntValue("role")) && !ManagerRole.BD_USER.hasRole(loginManager.getIntValue("role"))) { if (!ManagerRole.ADMIN.hasRole(loginManager.getIntValue("role"))) {
if (manager.isAdmin() || manager.isFinacial() || manager.isOperator() || manager.isServant() || manager.isSitemanager() || manager.isDeveloper()) { if (manager.isAdmin() || manager.isFinacial() || manager.isOperator() || manager.isServant() || manager.isSitemanager() || manager.isDeveloper()) {
throw new BadRequestException("Invalid Role"); throw new BadRequestException("Invalid Role");
} }
@ -77,7 +77,7 @@ public class ManagerAccountServiceImpl implements ManagerAccountsService {
throw new NotFoundException("manager not exists or invalid"); throw new NotFoundException("manager not exists or invalid");
} }
JSONObject obj = manager.accountJson(false); JSONObject obj = manager.accountJson(false);
if (!ManagerRole.ADMIN.hasRole(loginManager.getIntValue("role")) && !ManagerRole.BD_USER.hasRole(loginManager.getIntValue("role"))) { if (!ManagerRole.ADMIN.hasRole(loginManager.getIntValue("role"))) {
if (managerFromDb.getIntValue("org_id") != loginManager.getIntValue("org_id")) { if (managerFromDb.getIntValue("org_id") != loginManager.getIntValue("org_id")) {
throw new BadRequestException("You cannot modify accounts belong to other organizations"); throw new BadRequestException("You cannot modify accounts belong to other organizations");
} }
@ -93,7 +93,7 @@ public class ManagerAccountServiceImpl implements ManagerAccountsService {
@Override @Override
public void disable(String userId, JSONObject loginManager) { public void disable(String userId, JSONObject loginManager) {
JSONObject manager = managerMapper.findById(userId); JSONObject manager = managerMapper.findById(userId);
if (!ManagerRole.ADMIN.hasRole(loginManager.getIntValue("role")) && !ManagerRole.BD_USER.hasRole(loginManager.getIntValue("role"))){ if (!ManagerRole.ADMIN.hasRole(loginManager.getIntValue("role"))){
if (manager.getIntValue("org_id") != loginManager.getIntValue("org_id")) { if (manager.getIntValue("org_id") != loginManager.getIntValue("org_id")) {
throw new BadRequestException("You cannot disable accounts belong to other organizations"); throw new BadRequestException("You cannot disable accounts belong to other organizations");
} }

Loading…
Cancel
Save