From 083c220e37d30a6e915b40da61c572f46faa6d2a Mon Sep 17 00:00:00 2001
From: Damodar Lohani <lohanidamodar@users.noreply.github.com>
Date: Wed, 17 Apr 2024 06:45:15 +0545
Subject: [PATCH 1/6] fix auth mode check

---
 app/controllers/shared/api.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index 7c2f08c70e..cc480e391d 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -281,7 +281,7 @@ App::init()
             throw new Exception(Exception::USER_PASSWORD_RESET_REQUIRED);
         }
 
-        if ($mode !== APP_MODE_ADMIN) {
+        if ($mode !== APP_MODE_ADMIN && !Auth::isPrivilegedUser(Authorization::getRoles())) {
             $mfaEnabled = $user->getAttribute('mfa', false);
             $hasVerifiedEmail = $user->getAttribute('emailVerification', false);
             $hasVerifiedPhone = $user->getAttribute('phoneVerification', false);
@@ -702,7 +702,7 @@ App::shutdown()
 
 
         if ($project->getId() !== 'console') {
-            if ($mode !== APP_MODE_ADMIN) {
+            if ($mode !== APP_MODE_ADMIN && !Auth::isPrivilegedUser(Authorization::getRoles())) {
                 $fileSize = 0;
                 $file = $request->getFiles('file');
                 if (!empty($file)) {

From dc3aa5e12f4b4d107a95a2c146c6ec39e045bd71 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <lohanidamodar@users.noreply.github.com>
Date: Wed, 24 Apr 2024 06:30:32 +0545
Subject: [PATCH 2/6] revert

---
 app/controllers/shared/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index cc480e391d..a5ffda3ca8 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -281,7 +281,7 @@ App::init()
             throw new Exception(Exception::USER_PASSWORD_RESET_REQUIRED);
         }
 
-        if ($mode !== APP_MODE_ADMIN && !Auth::isPrivilegedUser(Authorization::getRoles())) {
+        if ($mode !== APP_MODE_ADMIN) {
             $mfaEnabled = $user->getAttribute('mfa', false);
             $hasVerifiedEmail = $user->getAttribute('emailVerification', false);
             $hasVerifiedPhone = $user->getAttribute('phoneVerification', false);

From ac95a7c5ebc699a4f8057a852bf6bf8d4db2e770 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <lohanidamodar@users.noreply.github.com>
Date: Wed, 24 Apr 2024 06:44:14 +0545
Subject: [PATCH 3/6] Update api.php

---
 app/controllers/shared/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index a5ffda3ca8..ab1cd357ec 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -702,7 +702,7 @@ App::shutdown()
 
 
         if ($project->getId() !== 'console') {
-            if ($mode !== APP_MODE_ADMIN && !Auth::isPrivilegedUser(Authorization::getRoles())) {
+            if ($mode !== APP_MODE_ADMIN && !(Auth::isPrivilegedUser(Authorization::getRoles()) && !$user->isEmpty())) {
                 $fileSize = 0;
                 $file = $request->getFiles('file');
                 if (!empty($file)) {

From 67cdde15f55d4d1c49786340a08c1bea533c357d Mon Sep 17 00:00:00 2001
From: Damodar Lohani <lohanidamodar@users.noreply.github.com>
Date: Wed, 24 Apr 2024 09:03:08 +0545
Subject: [PATCH 4/6] Update api.php

---
 app/controllers/shared/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index 2e9185d9e7..76d8e3963c 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -702,7 +702,7 @@ App::shutdown()
 
 
         if ($project->getId() !== 'console') {
-            if ($mode !== APP_MODE_ADMIN && !(Auth::isPrivilegedUser(Authorization::getRoles()) && !$user->isEmpty())) {
+            if (!($mode == APP_MODE_ADMIN && Auth::isPrivilegedUser(Authorization::getRoles()) && !$user->isEmpty())) {
                 $fileSize = 0;
                 $file = $request->getFiles('file');
                 if (!empty($file)) {

From 4e66f8a8e23219cbe953d457e680df0c4e5985d8 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <dlohani48@gmail.com>
Date: Thu, 25 Apr 2024 01:01:15 +0000
Subject: [PATCH 5/6] simplify test

---
 app/controllers/shared/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index 76d8e3963c..831b05b605 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -702,7 +702,7 @@ App::shutdown()
 
 
         if ($project->getId() !== 'console') {
-            if (!($mode == APP_MODE_ADMIN && Auth::isPrivilegedUser(Authorization::getRoles()) && !$user->isEmpty())) {
+            if (!(Auth::isPrivilegedUser(Authorization::getRoles()) && !$user->isEmpty())) {
                 $fileSize = 0;
                 $file = $request->getFiles('file');
                 if (!empty($file)) {

From c8bf5f43283afcbc0364ddddb3ab296406f9286f Mon Sep 17 00:00:00 2001
From: Damodar Lohani <dlohani48@gmail.com>
Date: Thu, 25 Apr 2024 01:23:01 +0000
Subject: [PATCH 6/6] simplify check

---
 app/controllers/shared/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index 831b05b605..c704aadf85 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -702,7 +702,7 @@ App::shutdown()
 
 
         if ($project->getId() !== 'console') {
-            if (!(Auth::isPrivilegedUser(Authorization::getRoles()) && !$user->isEmpty())) {
+            if (!Auth::isPrivilegedUser(Authorization::getRoles())) {
                 $fileSize = 0;
                 $file = $request->getFiles('file');
                 if (!empty($file)) {