Merge branch 'develop'
iglocska
commit
1f78180986
|
|
@ -175,8 +175,8 @@ class ACLComponent extends Component
|
|||
'listOrgs' => ['*'],
|
||||
'assignAdmin' => ['perm_admin'],
|
||||
'removeAdmin' => ['perm_admin'],
|
||||
'attachOrg' => ['perm_group_admin'],
|
||||
'detachOrg' => ['perm_group_admin']
|
||||
'attachOrg' => ['perm_admin', 'perm_group_admin'],
|
||||
'detachOrg' => ['perm_admin', 'perm_group_admin']
|
||||
],
|
||||
'Organisations' => [
|
||||
'add' => ['perm_admin'],
|
||||
|
|
@ -360,8 +360,8 @@ class ACLComponent extends Component
|
|||
return false; // org_admins cannot edit admins
|
||||
}
|
||||
if ($currentUser['role']['perm_group_admin']) {
|
||||
$this->OrgGroup = TableRegistry::get('OrgGroup');
|
||||
if ($this->OrgGroup->checkIfUserBelongsToGroupAdminsGroup($currentUser, $user)) {
|
||||
$this->OrgGroups = TableRegistry::get('OrgGroups');
|
||||
if ($this->OrgGroups->checkIfUserBelongsToGroupAdminsGroup($currentUser, $user)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
namespace BreadcrumbNavigation;
|
||||
|
||||
require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 'base.php');
|
||||
|
||||
class OrgGroupsNavigation extends BaseNavigation
|
||||
{
|
||||
public function addLinks()
|
||||
{
|
||||
$controller = 'OrgGroups';
|
||||
if (empty($this->viewVars['canEdit'])) {
|
||||
$this->bcf->removeLink($controller, 'view', $controller, 'edit');
|
||||
$this->bcf->removeLink($controller, 'edit', $controller, 'edit');
|
||||
}
|
||||
}
|
||||
|
||||
public function addActions()
|
||||
{
|
||||
$controller = 'OrgGroups';
|
||||
if (empty($this->viewVars['canEdit'])) {
|
||||
$this->bcf->removeAction($controller, 'view', $controller, 'delete');
|
||||
$this->bcf->removeAction($controller, 'edit', $controller, 'delete');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -5,4 +5,21 @@ require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 'b
|
|||
|
||||
class OrganisationsNavigation extends BaseNavigation
|
||||
{
|
||||
public function addLinks()
|
||||
{
|
||||
$controller = 'Organisations';
|
||||
if (empty($this->viewVars['canEdit'])) {
|
||||
$this->bcf->removeLink($controller, 'view', $controller, 'edit');
|
||||
$this->bcf->removeLink($controller, 'edit', $controller, 'edit');
|
||||
}
|
||||
}
|
||||
|
||||
public function addActions()
|
||||
{
|
||||
$controller = 'Organisations';
|
||||
if (empty($this->viewVars['canEdit'])) {
|
||||
$this->bcf->removeAction($controller, 'view', $controller, 'delete');
|
||||
$this->bcf->removeAction($controller, 'edit', $controller, 'delete');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -156,6 +156,7 @@ class NavigationComponent extends Component
|
|||
$CRUDControllers = [
|
||||
'Individuals',
|
||||
'Organisations',
|
||||
'OrgGroups',
|
||||
'EncryptionKeys',
|
||||
'SharingGroups',
|
||||
'Broods',
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ class IndividualsController extends AppController
|
|||
if (!empty($responsePayload)) {
|
||||
return $responsePayload;
|
||||
}
|
||||
$editableIds = null;
|
||||
$editableIds = [];
|
||||
if ($orgAdmin) {
|
||||
$editableIds = $this->Individuals->getValidIndividualsToEdit($currentUser);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ use Cake\ORM\Table;
|
|||
use Cake\Validation\Validator;
|
||||
use Cake\Error\Debugger;
|
||||
use App\Model\Entity\User;
|
||||
use Cake\Utility\Hash;
|
||||
|
||||
class OrgGroupsTable extends AppTable
|
||||
{
|
||||
|
|
@ -37,6 +38,9 @@ class OrgGroupsTable extends AppTable
|
|||
|
||||
public function checkIfGroupAdmin(int $groupId, User $user): bool
|
||||
{
|
||||
if (!empty($user['role']['perm_admin'])) {
|
||||
return true;
|
||||
}
|
||||
$orgGroup = $this->get($groupId, ['contain' => 'Users']);
|
||||
if (empty($orgGroup)) {
|
||||
return false;
|
||||
|
|
@ -51,7 +55,38 @@ class OrgGroupsTable extends AppTable
|
|||
|
||||
public function checkIfUserBelongsToGroupAdminsGroup(User $currentUser, User $userToCheck): bool
|
||||
{
|
||||
$managedGroups = $this->find('list')->where(['Users.id' => $currentUser['id']])->select(['id', 'uuid'])->disableHydration()->toArray();
|
||||
return isset($managedGroups[$userToCheck['org_id']]);
|
||||
$managedGroups = $this->find('all')
|
||||
->matching(
|
||||
'Users',
|
||||
function ($q) use ($currentUser) {
|
||||
return $q->where(
|
||||
[
|
||||
'Users.id' => $currentUser['id']
|
||||
]
|
||||
);
|
||||
}
|
||||
)
|
||||
->contain(['Organisations'])
|
||||
->toArray();
|
||||
$org_ids = Hash::extract($managedGroups, '{n}.organisations.{n}.id');
|
||||
return in_array($userToCheck['organisation_id'], $org_ids);
|
||||
}
|
||||
|
||||
public function getGroupOrgIdsForUser(User $user): array
|
||||
{
|
||||
$managedGroups = $this->find('all')
|
||||
->matching(
|
||||
'Users',
|
||||
function ($q) use ($user) {
|
||||
return $q->where(
|
||||
[
|
||||
'Users.id' => $user['id']
|
||||
]
|
||||
);
|
||||
}
|
||||
)
|
||||
->contain(['Organisations'])
|
||||
->toArray();
|
||||
return array_unique(Hash::extract($managedGroups, '{n}.organisations.{n}.id'));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
|||
'type' => 'simple',
|
||||
'text' => __('Add group'),
|
||||
'class' => 'btn btn-primary',
|
||||
'popover_url' => '/orgGroups/add'
|
||||
'popover_url' => '/orgGroups/add',
|
||||
'requirement' => !empty($loggedUser['role']['perm_admin']),
|
||||
]
|
||||
]
|
||||
],
|
||||
|
|
|
|||
|
|
@ -11,7 +11,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
|||
'type' => 'simple',
|
||||
'text' => __('Add organisation'),
|
||||
'class' => 'btn btn-primary',
|
||||
'popover_url' => '/organisations/add'
|
||||
'popover_url' => '/organisations/add',
|
||||
'requirement' => !empty($loggedUser['role']['perm_admin']),
|
||||
]
|
||||
]
|
||||
],
|
||||
|
|
|
|||
Loading…
Reference in New Issue