Merge branch 'develop'
commit
1f78180986
|
@ -175,8 +175,8 @@ class ACLComponent extends Component
|
||||||
'listOrgs' => ['*'],
|
'listOrgs' => ['*'],
|
||||||
'assignAdmin' => ['perm_admin'],
|
'assignAdmin' => ['perm_admin'],
|
||||||
'removeAdmin' => ['perm_admin'],
|
'removeAdmin' => ['perm_admin'],
|
||||||
'attachOrg' => ['perm_group_admin'],
|
'attachOrg' => ['perm_admin', 'perm_group_admin'],
|
||||||
'detachOrg' => ['perm_group_admin']
|
'detachOrg' => ['perm_admin', 'perm_group_admin']
|
||||||
],
|
],
|
||||||
'Organisations' => [
|
'Organisations' => [
|
||||||
'add' => ['perm_admin'],
|
'add' => ['perm_admin'],
|
||||||
|
@ -360,8 +360,8 @@ class ACLComponent extends Component
|
||||||
return false; // org_admins cannot edit admins
|
return false; // org_admins cannot edit admins
|
||||||
}
|
}
|
||||||
if ($currentUser['role']['perm_group_admin']) {
|
if ($currentUser['role']['perm_group_admin']) {
|
||||||
$this->OrgGroup = TableRegistry::get('OrgGroup');
|
$this->OrgGroups = TableRegistry::get('OrgGroups');
|
||||||
if ($this->OrgGroup->checkIfUserBelongsToGroupAdminsGroup($currentUser, $user)) {
|
if ($this->OrgGroups->checkIfUserBelongsToGroupAdminsGroup($currentUser, $user)) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
<?php
|
||||||
|
namespace BreadcrumbNavigation;
|
||||||
|
|
||||||
|
require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 'base.php');
|
||||||
|
|
||||||
|
class OrgGroupsNavigation extends BaseNavigation
|
||||||
|
{
|
||||||
|
public function addLinks()
|
||||||
|
{
|
||||||
|
$controller = 'OrgGroups';
|
||||||
|
if (empty($this->viewVars['canEdit'])) {
|
||||||
|
$this->bcf->removeLink($controller, 'view', $controller, 'edit');
|
||||||
|
$this->bcf->removeLink($controller, 'edit', $controller, 'edit');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function addActions()
|
||||||
|
{
|
||||||
|
$controller = 'OrgGroups';
|
||||||
|
if (empty($this->viewVars['canEdit'])) {
|
||||||
|
$this->bcf->removeAction($controller, 'view', $controller, 'delete');
|
||||||
|
$this->bcf->removeAction($controller, 'edit', $controller, 'delete');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -5,4 +5,21 @@ require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 'b
|
||||||
|
|
||||||
class OrganisationsNavigation extends BaseNavigation
|
class OrganisationsNavigation extends BaseNavigation
|
||||||
{
|
{
|
||||||
|
public function addLinks()
|
||||||
|
{
|
||||||
|
$controller = 'Organisations';
|
||||||
|
if (empty($this->viewVars['canEdit'])) {
|
||||||
|
$this->bcf->removeLink($controller, 'view', $controller, 'edit');
|
||||||
|
$this->bcf->removeLink($controller, 'edit', $controller, 'edit');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function addActions()
|
||||||
|
{
|
||||||
|
$controller = 'Organisations';
|
||||||
|
if (empty($this->viewVars['canEdit'])) {
|
||||||
|
$this->bcf->removeAction($controller, 'view', $controller, 'delete');
|
||||||
|
$this->bcf->removeAction($controller, 'edit', $controller, 'delete');
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -156,6 +156,7 @@ class NavigationComponent extends Component
|
||||||
$CRUDControllers = [
|
$CRUDControllers = [
|
||||||
'Individuals',
|
'Individuals',
|
||||||
'Organisations',
|
'Organisations',
|
||||||
|
'OrgGroups',
|
||||||
'EncryptionKeys',
|
'EncryptionKeys',
|
||||||
'SharingGroups',
|
'SharingGroups',
|
||||||
'Broods',
|
'Broods',
|
||||||
|
|
|
@ -39,7 +39,7 @@ class IndividualsController extends AppController
|
||||||
if (!empty($responsePayload)) {
|
if (!empty($responsePayload)) {
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$editableIds = null;
|
$editableIds = [];
|
||||||
if ($orgAdmin) {
|
if ($orgAdmin) {
|
||||||
$editableIds = $this->Individuals->getValidIndividualsToEdit($currentUser);
|
$editableIds = $this->Individuals->getValidIndividualsToEdit($currentUser);
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@ use Cake\ORM\Table;
|
||||||
use Cake\Validation\Validator;
|
use Cake\Validation\Validator;
|
||||||
use Cake\Error\Debugger;
|
use Cake\Error\Debugger;
|
||||||
use App\Model\Entity\User;
|
use App\Model\Entity\User;
|
||||||
|
use Cake\Utility\Hash;
|
||||||
|
|
||||||
class OrgGroupsTable extends AppTable
|
class OrgGroupsTable extends AppTable
|
||||||
{
|
{
|
||||||
|
@ -37,6 +38,9 @@ class OrgGroupsTable extends AppTable
|
||||||
|
|
||||||
public function checkIfGroupAdmin(int $groupId, User $user): bool
|
public function checkIfGroupAdmin(int $groupId, User $user): bool
|
||||||
{
|
{
|
||||||
|
if (!empty($user['role']['perm_admin'])) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
$orgGroup = $this->get($groupId, ['contain' => 'Users']);
|
$orgGroup = $this->get($groupId, ['contain' => 'Users']);
|
||||||
if (empty($orgGroup)) {
|
if (empty($orgGroup)) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -51,7 +55,38 @@ class OrgGroupsTable extends AppTable
|
||||||
|
|
||||||
public function checkIfUserBelongsToGroupAdminsGroup(User $currentUser, User $userToCheck): bool
|
public function checkIfUserBelongsToGroupAdminsGroup(User $currentUser, User $userToCheck): bool
|
||||||
{
|
{
|
||||||
$managedGroups = $this->find('list')->where(['Users.id' => $currentUser['id']])->select(['id', 'uuid'])->disableHydration()->toArray();
|
$managedGroups = $this->find('all')
|
||||||
return isset($managedGroups[$userToCheck['org_id']]);
|
->matching(
|
||||||
|
'Users',
|
||||||
|
function ($q) use ($currentUser) {
|
||||||
|
return $q->where(
|
||||||
|
[
|
||||||
|
'Users.id' => $currentUser['id']
|
||||||
|
]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
)
|
||||||
|
->contain(['Organisations'])
|
||||||
|
->toArray();
|
||||||
|
$org_ids = Hash::extract($managedGroups, '{n}.organisations.{n}.id');
|
||||||
|
return in_array($userToCheck['organisation_id'], $org_ids);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getGroupOrgIdsForUser(User $user): array
|
||||||
|
{
|
||||||
|
$managedGroups = $this->find('all')
|
||||||
|
->matching(
|
||||||
|
'Users',
|
||||||
|
function ($q) use ($user) {
|
||||||
|
return $q->where(
|
||||||
|
[
|
||||||
|
'Users.id' => $user['id']
|
||||||
|
]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
)
|
||||||
|
->contain(['Organisations'])
|
||||||
|
->toArray();
|
||||||
|
return array_unique(Hash::extract($managedGroups, '{n}.organisations.{n}.id'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'type' => 'simple',
|
'type' => 'simple',
|
||||||
'text' => __('Add group'),
|
'text' => __('Add group'),
|
||||||
'class' => 'btn btn-primary',
|
'class' => 'btn btn-primary',
|
||||||
'popover_url' => '/orgGroups/add'
|
'popover_url' => '/orgGroups/add',
|
||||||
|
'requirement' => !empty($loggedUser['role']['perm_admin']),
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
|
|
@ -11,7 +11,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'type' => 'simple',
|
'type' => 'simple',
|
||||||
'text' => __('Add organisation'),
|
'text' => __('Add organisation'),
|
||||||
'class' => 'btn btn-primary',
|
'class' => 'btn btn-primary',
|
||||||
'popover_url' => '/organisations/add'
|
'popover_url' => '/organisations/add',
|
||||||
|
'requirement' => !empty($loggedUser['role']['perm_admin']),
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
|
Loading…
Reference in New Issue