ReCodEx · krulis-martin · Jul 26, 2018 · Jul 24, 2018
diff --git a/app/V1Module/security/Policies/UserPermissionPolicy.php b/app/V1Module/security/Policies/UserPermissionPolicy.php
@@ -48,4 +48,19 @@ public function isSupervisor(Identity $identity, User $user) {
     return $user->getRole() === Roles::SUPERVISOR_ROLE;
   }
 
+  // Logged user is supervisor of any group of which the tested user is member ...
+  public function isSupervisorOfJoinedGroup(Identity $identity, User $user): bool {
+    $currentUser = $identity->getUserData();
+    if ($currentUser === null) {
+      return false;
+    }
+
+    foreach ($user->getGroupsAsStudent() as $group) {
+      if ($group->isSupervisorOf($currentUser) || $group->isAdminOf($currentUser)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
 }
diff --git a/app/config/permissions.neon b/app/config/permissions.neon
@@ -238,6 +238,14 @@ permissions:
       conditions:
         - user.isSameUser
 
+    - allow: true
+      role: supervisor
+      resource: user
+      actions:
+          - viewDetail
+      conditions: user.isSupervisorOfJoinedGroup
+
+
     ##########################
     # Assignment permissions #
     ##########################