From 56e37d2876fd5ae2296a0bb6a2e86d602b85d23b Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Mon, 18 Feb 2019 13:43:06 +0100
Subject: [PATCH] auth: Check the `businessprocess/showall` permission prior
 any restrictions

fixes #200
---
 library/Businessprocess/Metadata.php                  | 8 ++++----
 library/Businessprocess/Web/Form/BpConfigBaseForm.php | 5 +++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/library/Businessprocess/Metadata.php b/library/Businessprocess/Metadata.php
index 7b32ffd..85e4f83 100644
--- a/library/Businessprocess/Metadata.php
+++ b/library/Businessprocess/Metadata.php
@@ -137,6 +137,10 @@ class Metadata
             }
         }
 
+        if ($auth->hasPermission('businessprocess/showall')) {
+            return true;
+        }
+
         $prefixes = $auth->getRestrictions('businessprocess/prefix');
         if (! empty($prefixes)) {
             if (! $this->nameIsPrefixedWithOneOf($prefixes)) {
@@ -144,10 +148,6 @@ class Metadata
             }
         }
 
-        if ($auth->hasPermission('businessprocess/showall')) {
-            return true;
-        }
-
         if (! $this->hasRestrictions()) {
             return true;
         }
diff --git a/library/Businessprocess/Web/Form/BpConfigBaseForm.php b/library/Businessprocess/Web/Form/BpConfigBaseForm.php
index e22c26b..b8bcbbd 100644
--- a/library/Businessprocess/Web/Form/BpConfigBaseForm.php
+++ b/library/Businessprocess/Web/Form/BpConfigBaseForm.php
@@ -38,6 +38,11 @@ abstract class BpConfigBaseForm extends QuickForm
         $meta = $config->getMetadata();
         $auth = Auth::getInstance();
         $meta->set('Owner', $auth->getUser()->getUsername());
+
+        if ($auth->hasPermission('businessprocess/showall')) {
+            return true;
+        }
+
         $prefixes = $auth->getRestrictions('businessprocess/prefix');
         if (! empty($prefixes) && ! $meta->nameIsPrefixedWithOneOf($prefixes)) {
             if (count($prefixes) === 1) {