Skip to content

Commit 740b88b

Browse files
nfebebackportbot[bot]
nfebe
authored and
backportbot[bot]
committed
fix(provisioning_api): Allow group details access for users with admin delegation
This fixes an issue where users with "Administration privileges → Users" could not access the groups details endpoint in the provisioning API, resulting in a 403 Forbidden error. There is a problem with adding the `AuthorizedAdminSetting` attribute (middleware) that only allows access to users with Sharing admin privileges. Users with "`Users` admin" privileges should also be able to access group details. Resolves: #52617 Signed-off-by: nfebe <fenn25.fn@gmail.com>
1 parent 0570ce9 commit 740b88b

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

apps/provisioning_api/lib/Controller/GroupsController.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,7 @@ public function getGroups(string $search = '', ?int $limit = null, int $offset =
9898
*/
9999
#[NoAdminRequired]
100100
#[AuthorizedAdminSetting(settings: Sharing::class)]
101+
#[AuthorizedAdminSetting(settings: Users::class)]
101102
public function getGroupsDetails(string $search = '', ?int $limit = null, int $offset = 0): DataResponse {
102103
$groups = $this->groupManager->search($search, $limit, $offset);
103104
$groups = array_map(function ($group) {

0 commit comments

Comments
 (0)