diff --git a/src/Controller/AuthKeysController.php b/src/Controller/AuthKeysController.php index 5f75b4a..9e8ac03 100644 --- a/src/Controller/AuthKeysController.php +++ b/src/Controller/AuthKeysController.php @@ -16,15 +16,25 @@ class AuthKeysController extends AppController { public $filterFields = ['Users.username', 'authkey', 'comment', 'Users.id']; public $quickFilterFields = ['authkey', ['comment' => true]]; - public $containFields = ['Users']; + public $containFields = ['Users' => ['fields' => ['id', 'username']]]; public function index() { + $currentUser = $this->ACL->getUser(); + $conditions = []; + if (empty($currentUser['role']['perm_admin'])) { + $conditions['Users.organisation_id'] = $currentUser['organisation_id']; + if (empty($currentUser['role']['perm_org_admin'])) { + $conditions['Users.id'] = $currentUser['id']; + } + } $this->CRUD->index([ 'filters' => $this->filterFields, 'quickFilters' => $this->quickFilterFields, 'contain' => $this->containFields, - 'exclude_fields' => ['authkey'] + 'exclude_fields' => ['authkey'], + 'conditions' => $conditions, + 'hidden' => [] ]); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { @@ -35,7 +45,15 @@ class AuthKeysController extends AppController public function delete($id) { - $this->CRUD->delete($id); + $currentUser = $this->ACL->getUser(); + $conditions = []; + if (empty($currentUser['role']['perm_admin'])) { + $conditions['Users.organisation_id'] = $currentUser['organisation_id']; + if (empty($currentUser['role']['perm_org_admin'])) { + $conditions['Users.id'] = $currentUser['id']; + } + } + $this->CRUD->delete($id, ['conditions' => $conditions, 'contain' => 'Users']); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { return $responsePayload; diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php index 65183cb..78bec89 100644 --- a/src/Controller/EncryptionKeysController.php +++ b/src/Controller/EncryptionKeysController.php @@ -49,7 +49,31 @@ class EncryptionKeysController extends AppController public function add() { - $this->CRUD->add(['redirect' => $this->referer()]); + $orgConditions = []; + $currentUser = $this->ACL->getUser(); + $params = ['redirect' => $this->referer()]; + if (empty($currentUser['role']['perm_admin'])) { + $params['beforeSave'] = function($entity) { + if ($entity['owner_model'] === 'organisation') { + $entity['owner_id'] = $currentUser['organisation_id']; + } else { + if ($currentUser['role']['perm_org_admin']) { + $validIndividuals = $this->Organisations->Alignments->find('list', [ + 'fields' => ['distinct(individual_id)'], + 'conditions' => ['organisation_id' => $currentUser['organisation_id']] + ]); + if (!in_array($entity['owner_id'], $validIndividuals)) { + throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); + } + } else { + if ($entity['owner_id'] !== $currentUser['id']) { + throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); + } + } + } + }; + } + $this->CRUD->add($params); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { return $responsePayload; @@ -58,7 +82,8 @@ class EncryptionKeysController extends AppController $this->loadModel('Individuals'); $dropdownData = [ 'organisation' => $this->Organisations->find('list', [ - 'sort' => ['name' => 'asc'] + 'sort' => ['name' => 'asc'], + 'conditions' => $orgConditions ]), 'individual' => $this->Individuals->find('list', [ 'sort' => ['email' => 'asc'] @@ -70,12 +95,19 @@ class EncryptionKeysController extends AppController public function edit($id = false) { + $conditions = []; + $currentUser = $this->ACL->getUser(); $params = [ 'fields' => [ 'type', 'encryption_key', 'revoked' ], 'redirect' => $this->referer() ]; + if (empty($currentUser['role']['perm_admin'])) { + if (empty($currentUser['role']['perm_org_admin'])) { + + } + } $this->CRUD->edit($id, $params); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { diff --git a/src/Controller/SharingGroupsController.php b/src/Controller/SharingGroupsController.php index c8f8f79..4e98df8 100644 --- a/src/Controller/SharingGroupsController.php +++ b/src/Controller/SharingGroupsController.php @@ -16,10 +16,16 @@ class SharingGroupsController extends AppController public function index() { + $currentUser = $this->ACL->getUser(); + $conditions = []; + if (empty($currentUser['role']['perm_admin'])) { + $conditions['SharingGroups.organisation_id'] = $currentUser['organisation_id']; + } $this->CRUD->index([ 'contain' => $this->containFields, 'filters' => $this->filterFields, - 'quickFilters' => $this->quickFilterFields + 'quickFilters' => $this->quickFilterFields, + 'conditions' => $conditions ]); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { @@ -60,7 +66,12 @@ class SharingGroupsController extends AppController public function edit($id = false) { - $this->CRUD->edit($id); + $params = []; + $currentUser = $this->ACL->getUser(); + if (empty($currentUser['role']['perm_admin'])) { + $params['conditions'] = ['organisation_id' => $currentUser['organisation_id']]; + } + $this->CRUD->edit($id, $params); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { return $responsePayload; @@ -206,11 +217,11 @@ class SharingGroupsController extends AppController $organisations = []; if (!empty($user['role']['perm_admin'])) { $organisations = $this->SharingGroups->Organisations->find('list')->order(['name' => 'ASC'])->toArray(); - } else if (!empty($user['individual']['organisations'])) { + } else { $organisations = $this->SharingGroups->Organisations->find('list', [ 'sort' => ['name' => 'asc'], 'conditions' => [ - 'id IN' => array_values(\Cake\Utility\Hash::extract($user, 'individual.organisations.{n}.id')) + 'id' => $user['organisation_id'] ] ]); } diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php index 012655e..0f81751 100644 --- a/src/Controller/UsersController.php +++ b/src/Controller/UsersController.php @@ -11,16 +11,22 @@ use Cake\Core\Configure; class UsersController extends AppController { - public $filterFields = ['Individuals.uuid', 'username', 'Individuals.email', 'Individuals.first_name', 'Individuals.last_name']; + public $filterFields = ['Individuals.uuid', 'username', 'Individuals.email', 'Individuals.first_name', 'Individuals.last_name', 'Organisations.name']; public $quickFilterFields = ['Individuals.uuid', ['username' => true], ['Individuals.first_name' => true], ['Individuals.last_name' => true], 'Individuals.email']; - public $containFields = ['Individuals', 'Roles', 'UserSettings']; + public $containFields = ['Individuals', 'Roles', 'UserSettings', 'Organisations']; public function index() { + $currentUser = $this->ACL->getUser(); + $conditions = []; + if (empty($currentUser['role']['perm_admin'])) { + $conditions['organisation_id'] = $currentUser['organisation_id']; + } $this->CRUD->index([ 'contain' => $this->containFields, 'filters' => $this->filterFields, 'quickFilters' => $this->quickFilterFields, + 'conditions' => $conditions ]); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { @@ -31,8 +37,12 @@ class UsersController extends AppController public function add() { + $currentUser = $this->ACL->getUser(); $this->CRUD->add([ - 'beforeSave' => function($data) { + 'beforeSave' => function($data) use ($currentUser) { + if (!$currentUser['role']['perm_admin']) { + $data['organisation_id'] = $currentUser['organisation_id']; + } $this->Users->enrollUserRouter($data); return $data; } @@ -41,12 +51,28 @@ class UsersController extends AppController if (!empty($responsePayload)) { return $responsePayload; } + /* + $alignments = $this->Users->Individuals->Alignments->find('list', [ + //'keyField' => 'id', + 'valueField' => 'organisation_id', + 'groupField' => 'individual_id' + ])->toArray(); + $alignments = array_map(function($value) { return array_values($value); }, $alignments); + */ + $org_conditions = []; + if (empty($currentUser['role']['perm_admin'])) { + $org_conditions = ['id' => $currentUser['organisation_id']]; + } $dropdownData = [ 'role' => $this->Users->Roles->find('list', [ 'sort' => ['name' => 'asc'] ]), 'individual' => $this->Users->Individuals->find('list', [ 'sort' => ['email' => 'asc'] + ]), + 'organisation' => $this->Users->Organisations->find('list', [ + 'sort' => ['name' => 'asc'], + 'conditions' => $org_conditions ]) ]; $this->set(compact('dropdownData')); @@ -59,7 +85,7 @@ class UsersController extends AppController $id = $this->ACL->getUser()['id']; } $this->CRUD->view($id, [ - 'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles'] + 'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles', 'Organisations'] ]); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { @@ -70,9 +96,11 @@ class UsersController extends AppController public function edit($id = false) { - if (empty($id) || empty($this->ACL->getUser()['role']['perm_admin'])) { - $id = $this->ACL->getUser()['id']; + $currentUser = $this->ACL->getUser(); + if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_site_admin']))) { + $id = $currentUser['id']; } + $params = [ 'get' => [ 'fields' => [ @@ -88,6 +116,7 @@ class UsersController extends AppController ]; if (!empty($this->ACL->getUser()['role']['perm_admin'])) { $params['fields'][] = 'role_id'; + $params['fields'][] = 'organisation_id'; } $this->CRUD->edit($id, $params); $responsePayload = $this->CRUD->getResponsePayload(); @@ -100,6 +129,9 @@ class UsersController extends AppController ]), 'individual' => $this->Users->Individuals->find('list', [ 'sort' => ['email' => 'asc'] + ]), + 'organisation' => $this->Users->Organisations->find('list', [ + 'sort' => ['name' => 'asc'] ]) ]; $this->set(compact('dropdownData'));