fix: [acl] Extended event UI permission

2022-10-25 17:10:36 +02:00 · 2022-10-25 17:10:36 +02:00 · 69997028e3
parent 2180edeefc
commit 69997028e3
3 changed files with 20 additions and 23 deletions
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@ -2378,6 +2378,8 @@ class Event extends AppModel
            $eventMeta = array(
                'id' => $extensionEvent['Event']['id'],
                'info' => $extensionEvent['Event']['info'],
+                'orgc_id' => $extensionEvent['Event']['orgc_id'],
+                'user_id' => $extensionEvent['Event']['user_id'],
                'Orgc' => array(
                    'id' => $extensionEvent['Orgc']['id'],
                    'name' => $extensionEvent['Orgc']['name'],
--- a/app/View/Elements/Events/View/row_attribute.ctp
+++ b/app/View/Elements/Events/View/row_attribute.ctp
@ -3,12 +3,15 @@
  if (empty($context)) {
      $context = 'event';
  }
+  // If row is assigned to different event (this is possible for extended event)
  if ($event['Event']['id'] != $object['event_id']) {
-      if (!$isSiteAdmin && $event['extensionEvents'][$object['event_id']]['Orgc']['id'] != $me['org_id']) {
-          $mayModify = false;
-      }
+      $attributeEvent = $event['extensionEvents'][$object['event_id']];
+      $attributeEvent = ['Event' => $attributeEvent, 'Orgc' => $attributeEvent['Orgc']]; // fix format to match standard event format
+      $mayModify = $this->Acl->canModifyEvent($attributeEvent);
+  } else {
+      $attributeEvent = $event;
  }
-  $editScope = ($isSiteAdmin || $mayModify) ? 'Attribute' : 'ShadowAttribute';
+  $editScope = $mayModify ? 'Attribute' : 'ShadowAttribute';
  if (!empty($child)) {
      if ($child === 'last' && empty($object['ShadowAttribute'])) {
          $tr_class .= ' tableHighlightBorderBottom borderBlue';
@ -74,7 +77,7 @@
          <?php
              $event_info = sprintf('title="%s%s"',
                  __('Event info') . ':&#10;     ',
-                  $object['event_id'] != $event['Event']['id'] ? h($event['extensionEvents'][$object['event_id']]['info']) : h($event['Event']['info'])
+                  h($attributeEvent['Event']['info'])
              );
          ?>
          <?php echo '<a href="' . $baseurl . '/events/view/' . h($object['event_id']) . '" ' . $event_info . '>' . h($object['event_id']) . '</a>'; ?>
@ -85,12 +88,7 @@
      <td class="short">
        <?php
          if (!empty($extended)):
-            if ($object['event_id'] != $event['Event']['id']):
-              $extensionOrg = $event['extensionEvents'][$object['event_id']]['Orgc'];
-              echo $this->OrgImg->getOrgLogo($extensionOrg, 24);
-            else:
-              echo $this->OrgImg->getOrgLogo($event['Orgc'], 24);
-            endif;
+              echo $this->OrgImg->getOrgLogo($attributeEvent['Orgc'], 24);
          endif;
        ?>
      </td>
@ -132,8 +130,8 @@
          <?php echo $this->element('ajaxTags', array(
              'attributeId' => $objectId,
              'tags' => $object['AttributeTag'],
-              'tagAccess' => $isSiteAdmin || $mayModify,
-              'localTagAccess' => $this->Acl->canModifyTag($event, true),
+              'tagAccess' => $mayModify,
+              'localTagAccess' => $this->Acl->canModifyTag($attributeEvent, true),
              'context' => $context,
              'scope' => 'attribute',
              'tagConflicts' => $object['tagConflicts'] ?? [],
@ -158,7 +156,7 @@
        <?php
          echo $this->element('galaxyQuickViewNew', array(
            'data' => !empty($object['Galaxy']) ? $object['Galaxy'] : array(),
-            'event' => $event,
+            'event' => $attributeEvent,
            'target_id' => $objectId,
            'target_type' => 'attribute',
          ));
--- a/app/View/Elements/Events/View/row_object.ctp
+++ b/app/View/Elements/Events/View/row_object.ctp
@ -1,9 +1,11 @@
 <?php
  $tr_class = 'tableHighlightBorderTop borderBlue';
  if ($event['Event']['id'] != $object['event_id']) {
-    if (!$isSiteAdmin && $event['extensionEvents'][$object['event_id']]['Orgc']['id'] != $me['org_id']) {
-      $mayModify = false;
-    }
+      $objectEvent = $event['extensionEvents'][$object['event_id']];
+      $objectEvent = ['Event' => $objectEvent, 'Orgc' => $objectEvent['Orgc']]; // fix format to match standard event format
+      $mayModify = $this->Acl->canMofiyEvent($objectEvent);
+  } else {
+      $objectEvent = $event;
  }
  if ($object['deleted']) $tr_class .= ' lightBlueRow';
  else $tr_class .= ' blueRow';
@ -44,12 +46,7 @@ $objectId = intval($object['id']);
  <td class="short">
    <?php
      if ($extended):
-        if ($object['event_id'] != $event['Event']['id']):
-          $extensionOrg = $event['extensionEvents'][$object['event_id']]['Orgc'];
-          echo $this->OrgImg->getOrgImg(array('name' => $extensionOrg['name'], 'id' => $extensionOrg['id'], 'size' => 24));
-        else:
-          echo $this->OrgImg->getOrgImg(array('name' => $event['Orgc']['name'], 'id' => $event['Orgc']['id'], 'size' => 24));
-        endif;
+          echo $this->OrgImg->getOrgImg(array('name' => $objectEvent['Orgc']['name'], 'id' => $objectEvent['Orgc']['id'], 'size' => 24));
      endif;
    ?>
  </td>