cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [authkeys] better permission / listing handling 

- allow group admins to manage api keys of their group
- when adding an authkey from the user view, don't list every user in the dropdown, focus on the selected user
develop
iglocska 2024-11-28 21:28:24 +01:00
parent 0ed3bef000
commit 1572681307
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
4 changed files with 57 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/Controller/AuthKeysController.php
View File

@ -22,20 +22,29 @@ class AuthKeysController extends AppController
{
$currentUser = $this->ACL->getUser();
$conditions = [];
$userId = $this->request->getQuery('Users_id');
if (!empty($userId)) {
$conditions['AND']['Users.id'] = $userId;
}
if (empty($currentUser['role']['perm_community_admin'])) {
$conditions['Users.organisation_id'] = $currentUser['organisation_id'];
if (empty($currentUser['role']['perm_org_admin'])) {
$conditions['Users.id'] = $currentUser['id'];
}
}
$this->CRUD->index([
$indexOptions = [
'filters' => $this->filterFields,
'quickFilters' => $this->quickFilterFields,
'contain' => $this->containFields,
'exclude_fields' => ['authkey'],
'conditions' => $conditions,
'hidden' => []
]);
];
if (!empty($userId)) {
$indexOptions['action_query_strings'] = ['Users.id' => $userId];
}
$this->CRUD->index($indexOptions);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {
return $responsePayload;
@ -46,13 +55,7 @@ class AuthKeysController extends AppController
public function delete($id)
{
$currentUser = $this->ACL->getUser();
$conditions = [];
if (empty($currentUser['role']['perm_community_admin'])) {
$conditions['Users.organisation_id'] = $currentUser['organisation_id'];
if (empty($currentUser['role']['perm_org_admin'])) {
$conditions['Users.id'] = $currentUser['id'];
}
}
$conditions = $this->AuthKeys->buildUserConditions($currentUser);
$this->CRUD->delete($id, ['conditions' => $conditions, 'contain' => 'Users']);
$responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) {
@ -67,27 +70,16 @@ class AuthKeysController extends AppController
$validUsers = [];
$userConditions = [];
$currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_community_admin'])) {
if (empty($currentUser['role']['perm_org_admin'])) {
$userConditions['id'] = $currentUser['id'];
} else {
$role_ids = $this->Users->Roles->find()->where(['perm_admin' => 0, 'perm_community_admin' => 0, 'perm_org_admin' => 0])->all()->extract('id')->toList();
$userConditions['organisation_id'] = $currentUser['organisation_id'];
$subConditions = [
['id' => $currentUser['id']]
];
if (!empty($role_ids)) {
$subConditions[] = ['role_id IN' => $role_ids];
}
$userConditions['OR'] = $subConditions;
}
}
$conditions = $this->AuthKeys->buildUserConditions($currentUser);
$userId = $this->request->getQuery('Users_id');
$users = $this->Users->find('list');
if (!empty($userConditions)) {
$users->where($userConditions);
if (!empty($conditions)) {
$users->where($conditions);
}
if (!empty($userId)) {
$users->where(['Users.id' => $userId]);
}
$users = $users->order(['username' => 'asc'])->all()->toArray();
$this->CRUD->add([
'displayOnSuccess' => 'authkey_display',
'beforeSave' => function($data) use ($users) {

4
src/Controller/Component/CRUDComponent.php
View File

@ -272,6 +272,10 @@ class CRUDComponent extends Component
$this->Controller->set('model', $this->Table);
$this->Controller->set('data', $data);
$this->Controller->set('embedInModal', $embedInModal);
if (!empty($options['action_query_strings'])) {
$this->Controller->set('action_query_strings', $options['action_query_strings']);
}
$this->Controller->set('skipTableToolbar', $skipTableToolbar);
}
}

32
src/Model/Table/AuthKeysTable.php
View File

@ -93,4 +93,36 @@ class AuthKeysTable extends AppTable
}
return [];
}
public function buildUserConditions($currentUser)
{
$conditions = [];
$validOrgs = $this->Users->getValidOrgsForUser($currentUser);
if (empty($currentUser['role']['perm_community_admin'])) {
$conditions['Users.organisation_id IN'] = $validOrgs;
if (empty($currentUser['role']['perm_group_admin'])) {
if (empty($currentUser['role']['perm_org_admin'])) {
$conditions['Users.id'] = $currentUser['id'];
} else {
$role_ids = $this->Users->Roles->find()->where(['perm_admin' => 0, 'perm_community_admin' => 0, 'perm_org_admin' => 0, 'perm_group_admin' => 0])->all()->extract('id')->toList();
$conditions['Users.organisation_id'] = $currentUser['organisation_id'];
$subConditions = [
['Users.id' => $currentUser['id']]
];
if (!empty($role_ids)) {
$subConditions[] = ['Users.role_id IN' => $role_ids];
}
$conditions['OR'] = $subConditions;
}
} else {
$conditions['Users.group_id'] = $currentUser['group_id'];
$role_ids = $this->Users->Roles->find()->where(['perm_admin' => 0, 'perm_community_admin' => 0, 'perm_group_admin' => 0])->all()->extract('id')->toList();
$conditions['OR'] = [
['Users.id' => $currentUser['id']],
['Users.role_id IN' => $role_ids]
];
}
}
return $conditions;
}
}

4
templates/AuthKeys/index.php
View File

@ -10,8 +10,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
'data' => [
'type' => 'simple',
'text' => __('Add authentication key'),
'popover_url' => '/authKeys/add',
'reload_url' => $this->request->getRequestTarget()
'popover_url' => '/authKeys/add' . ($action_query_strings ? '?' . http_build_query($action_query_strings) : ''),
'reload_url' => $this->request->getRequestTarget(),
]
]
],