Flatten implementation of SelfDemotionGuard listener

Refs #736 and #1195.
2025-02-21 09:11:40 +08:00 · 2017-07-06 21:57:47 +02:00 · 2017-07-06 21:57:47 +02:00 · d28de2ba12
commit d28de2ba12
parent a07e714f97
1 changed files with 27 additions and 10 deletions
--- a/framework/core/src/Core/Listener/SelfDemotionGuard.php
+++ b/framework/core/src/Core/Listener/SelfDemotionGuard.php
@ -33,18 +33,35 @@ class SelfDemotionGuard
     */
    public function whenUserWillBeSaved(UserWillBeSaved $event)
    {
-        $actor = $event->actor;
-        $user = $event->user;
+        // Non-admin users pose no problem
+        if (! $event->actor->isAdmin()) {
+            return;
+        }
+
+        // Only admins can demote users, which means demoting other users is
+        // fine, because we still have at least one admin (the actor) left
+        if ($event->actor->id !== $event->user->id) {
+            return;
+        }
+
        $groups = array_get($event->data, 'relationships.groups.data');

-        if (isset($groups) && $actor->id === $user->id && $actor->isAdmin()) {
-            $adminGroupRemoved = empty(array_filter($groups, function ($group) {
-                return $group['id'] == Group::ADMINISTRATOR_ID;
-            }));
-
-            if ($adminGroupRemoved) {
-                throw new PermissionDeniedException;
-            }
+        // If there is no group data (not even an empty array), this means
+        // groups were not changed (and thus not removed) - we're fine!
+        if (! isset($groups)) {
+            return;
        }
+
+        $adminGroups = array_filter($groups, function ($group) {
+            return $group['id'] == Group::ADMINISTRATOR_ID;
+        });
+
+        // As long as the user is still part of the admin group, all is good
+        if ($adminGroups) {
+            return;
+        }
+
+        // If we get to this point, we have to prohibit the edit
+        throw new PermissionDeniedException;
    }
 }