fix: [encryptionKeys:ui] Aligned UI with what users can actually do

perm_community_admin
Sami Mokaddem 2024-03-29 16:33:33 +01:00
parent e111dacf17
commit 3a3494df8c
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
3 changed files with 73 additions and 19 deletions

View File

@ -21,6 +21,7 @@ class EncryptionKeysController extends AppController
public function index()
{
$currentUser = $this->ACL->getUser();
$this->EncryptionKeys->initializeGpg();
$Model = $this->EncryptionKeys;
$this->CRUD->index([
@ -33,7 +34,7 @@ class EncryptionKeysController extends AppController
],
'contain' => $this->containFields,
'statisticsFields' => $this->statisticsFields,
'afterFind' => function($data) use ($Model) {
'afterFind' => function($data) use ($Model, $currentUser) {
if ($data['type'] === 'pgp') {
$keyInfo = $Model->verifySingleGPG($data);
$data['status'] = __('OK');
@ -45,6 +46,7 @@ class EncryptionKeysController extends AppController
$data['fingerprint'] = $keyInfo[4];
}
}
$data['_canBeEdited'] = $Model->canEdit($currentUser, $data);
return $data;
}
]);
@ -96,24 +98,12 @@ class EncryptionKeysController extends AppController
}
$params['beforeSave'] = function($entity) use($currentUser) {
if ($entity['owner_model'] === 'organisation') {
if ($entity['owner_id'] !== $currentUser['organisation_id']) {
if (!$this->EncryptionKeys->canEditForOrganisation($currentUser, $entity)) {
throw new MethodNotAllowedException(__('Selected organisation cannot be linked by the current user.'));
}
} else {
if ($currentUser['role']['perm_org_admin']) {
$this->loadModel('Alignments');
$validIndividuals = $this->Alignments->find('list', [
'keyField' => 'individual_id',
'valueField' => 'id',
'conditions' => ['organisation_id' => $currentUser['organisation_id']]
])->toArray();
if (!isset($validIndividuals[$entity['owner_id']])) {
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
}
} else {
if ($entity['owner_id'] !== $currentUser['id']) {
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
}
} else if ($entity['owner_model'] === 'individual') {
if (!$this->EncryptionKeys->canEditForIndividual($currentUser, $entity)) {
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
}
}
return $entity;

View File

@ -3,6 +3,7 @@
namespace App\Model\Table;
use App\Model\Table\AppTable;
use Cake\ORM\TableRegistry;
use Cake\ORM\Table;
use Cake\Validation\Validator;
use Cake\Event\EventInterface;
@ -147,4 +148,57 @@ class EncryptionKeysTable extends AppTable
return null;
}
}
public function canEdit($user, $entity): bool
{
if ($entity['owner_model'] === 'organisation') {
return $this->canEditForOrganisation($user, $entity);
} else if ($entity['owner_model'] === 'individual') {
return $this->canEditForIndividual($user, $entity);
}
return false;
}
public function canEditForOrganisation($user, $entity): bool
{
if ($entity['owner_model'] !== 'organisation') {
return false;
}
if (!empty($user['role']['perm_admin'])) {
return true;
}
if (
$user['role']['perm_org_admin'] &&
$entity['owner_id'] === $user['organisation_id']
) {
return true;
}
return false;
}
public function canEditForIndividual($user, $entity): bool
{
if ($entity['owner_model'] !== 'individual') {
return false;
}
if (!empty($user['role']['perm_admin'])) {
return true;
}
if ($user['role']['perm_org_admin']) {
$this->Alignments = TableRegistry::get('Alignments');
$validIndividuals = $this->Alignments->find('list', [
'keyField' => 'individual_id',
'valueField' => 'id',
'conditions' => ['organisation_id' => $user['organisation_id']]
])->toArray();
if (isset($validIndividuals[$entity['owner_id']])) {
return true;
}
} else {
if ($entity['owner_id'] === $user['id']) {
return true;
}
}
return false;
}
}

View File

@ -80,12 +80,22 @@ echo $this->element('genericElements/IndexTable/index_table', [
[
'open_modal' => '/encryptionKeys/edit/[onclick_params_data_path]',
'modal_params_data_path' => 'id',
'icon' => 'edit'
'icon' => 'edit',
'complex_requirement' => [
'function' => function ($row, $options) {
return $row['_canBeEdited'];
}
]
],
[
'open_modal' => '/encryptionKeys/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id',
'icon' => 'trash'
'icon' => 'trash',
'complex_requirement' => [
'function' => function ($row, $options) {
return $row['_canBeEdited'];
}
]
],
]
]