Merge branch 'pu/ps/matrixAcc404' into 'main'

fix(MatrixSynapseIntegrator/Frontend): make getAccountData work without MANAGE_ACCOUNTS right

See merge request tine20/tine20!7170

Author: pschuele

tests/tine20/MatrixSynapseIntegrator/Frontend/JsonTest.php

@@ -38,11 +38,20 @@ public function testMatrixAccountApi($delete = true): array
 
     public function testGetAccountData()
     {
-        $account = $this->testMatrixAccountApi(false);
-//        self::assertArrayHasKey(MatrixSynapseIntegrator_Model_MatrixAccount::FLD_MATRIX_RECOVERY_PASSWORD,
-//            $account, print_r($account, true));
+        $this->testMatrixAccountApi(false);
         $accountData = $this->_getUit()->getAccountData();
         self::assertIsArray($accountData);
         self::assertEquals('somepw',  $accountData['recovery_password']);
     }
+
+    public function testMissingGetAccountData()
+    {
+        Tinebase_Core::setUser($this->_personas['sclever']);
+        try {
+            $this->_getUit()->getAccountData();
+            self::fail('should throw 404 exception');
+        } catch (Tinebase_Exception_NotFound $tenf) {
+            self::assertEquals('No Matrix Account found', $tenf->getMessage());
+        }
+    }
 }

tine20/MatrixSynapseIntegrator/Controller/MatrixAccount.php

@@ -53,9 +53,12 @@ protected function __construct()
      */
     public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = self::ACTION_GET)
     {
-        if (!$this->_doContainerACLChecks || $this->checkRight(Admin_Acl_Rights::MANAGE_ACCOUNTS)) {
+        if (!$this->_doRightChecks
+            || !$this->_doContainerACLChecks
+            || $this->checkRight(Admin_Acl_Rights::MANAGE_ACCOUNTS)
+        ) {
             if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__
-                . ' Container ACL disabled for ' . $_filter->getModelName() . '.');
+                . ' ACL / right checks disabled for ' . $_filter->getModelName() . '.');
             return;
         }
 
@@ -75,6 +78,10 @@ public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_act
      */
     protected function _checkRight($_action)
     {
+        if (! $this->_doRightChecks) {
+            return;
+        }
+
         switch ($_action) {
             case 'get':
                 $this->checkRight(Admin_Acl_Rights::MANAGE_ACCOUNTS);
@@ -98,13 +105,15 @@ protected function _getApplicationRightsClass(): string
 
     public function getMatrixAccountForCurrentUser(): MatrixSynapseIntegrator_Model_MatrixAccount
     {
+        $check = $this->doRightChecks(false);
         /** @var ?MatrixSynapseIntegrator_Model_MatrixAccount $result */
         $result = $this->search(Tinebase_Model_Filter_FilterGroup::getFilterForModel(
             MatrixSynapseIntegrator_Model_MatrixAccount::class, [[
                 Tinebase_Model_Filter_Abstract::FIELD => MatrixSynapseIntegrator_Model_MatrixAccount::FLD_ACCOUNT_ID,
                 Tinebase_Model_Filter_Abstract::VALUE => Tinebase_Core::getUser()->getId()
             ]]
         ))->getFirstRecord();
+        $this->doRightChecks($check);
         if (!$result) {
             throw new Tinebase_Exception_NotFound('No Matrix Account found');
         }