fix: [encryptionKeys:ui] Aligned UI with what users can actually do
parent
e111dacf17
commit
3a3494df8c
|
@ -21,6 +21,7 @@ class EncryptionKeysController extends AppController
|
|||
|
||||
public function index()
|
||||
{
|
||||
$currentUser = $this->ACL->getUser();
|
||||
$this->EncryptionKeys->initializeGpg();
|
||||
$Model = $this->EncryptionKeys;
|
||||
$this->CRUD->index([
|
||||
|
@ -33,7 +34,7 @@ class EncryptionKeysController extends AppController
|
|||
],
|
||||
'contain' => $this->containFields,
|
||||
'statisticsFields' => $this->statisticsFields,
|
||||
'afterFind' => function($data) use ($Model) {
|
||||
'afterFind' => function($data) use ($Model, $currentUser) {
|
||||
if ($data['type'] === 'pgp') {
|
||||
$keyInfo = $Model->verifySingleGPG($data);
|
||||
$data['status'] = __('OK');
|
||||
|
@ -45,6 +46,7 @@ class EncryptionKeysController extends AppController
|
|||
$data['fingerprint'] = $keyInfo[4];
|
||||
}
|
||||
}
|
||||
$data['_canBeEdited'] = $Model->canEdit($currentUser, $data);
|
||||
return $data;
|
||||
}
|
||||
]);
|
||||
|
@ -96,24 +98,12 @@ class EncryptionKeysController extends AppController
|
|||
}
|
||||
$params['beforeSave'] = function($entity) use($currentUser) {
|
||||
if ($entity['owner_model'] === 'organisation') {
|
||||
if ($entity['owner_id'] !== $currentUser['organisation_id']) {
|
||||
if (!$this->EncryptionKeys->canEditForOrganisation($currentUser, $entity)) {
|
||||
throw new MethodNotAllowedException(__('Selected organisation cannot be linked by the current user.'));
|
||||
}
|
||||
} else {
|
||||
if ($currentUser['role']['perm_org_admin']) {
|
||||
$this->loadModel('Alignments');
|
||||
$validIndividuals = $this->Alignments->find('list', [
|
||||
'keyField' => 'individual_id',
|
||||
'valueField' => 'id',
|
||||
'conditions' => ['organisation_id' => $currentUser['organisation_id']]
|
||||
])->toArray();
|
||||
if (!isset($validIndividuals[$entity['owner_id']])) {
|
||||
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
|
||||
}
|
||||
} else {
|
||||
if ($entity['owner_id'] !== $currentUser['id']) {
|
||||
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
|
||||
}
|
||||
} else if ($entity['owner_model'] === 'individual') {
|
||||
if (!$this->EncryptionKeys->canEditForIndividual($currentUser, $entity)) {
|
||||
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
|
||||
}
|
||||
}
|
||||
return $entity;
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
namespace App\Model\Table;
|
||||
|
||||
use App\Model\Table\AppTable;
|
||||
use Cake\ORM\TableRegistry;
|
||||
use Cake\ORM\Table;
|
||||
use Cake\Validation\Validator;
|
||||
use Cake\Event\EventInterface;
|
||||
|
@ -147,4 +148,57 @@ class EncryptionKeysTable extends AppTable
|
|||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public function canEdit($user, $entity): bool
|
||||
{
|
||||
if ($entity['owner_model'] === 'organisation') {
|
||||
return $this->canEditForOrganisation($user, $entity);
|
||||
} else if ($entity['owner_model'] === 'individual') {
|
||||
return $this->canEditForIndividual($user, $entity);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function canEditForOrganisation($user, $entity): bool
|
||||
{
|
||||
if ($entity['owner_model'] !== 'organisation') {
|
||||
return false;
|
||||
}
|
||||
if (!empty($user['role']['perm_admin'])) {
|
||||
return true;
|
||||
}
|
||||
if (
|
||||
$user['role']['perm_org_admin'] &&
|
||||
$entity['owner_id'] === $user['organisation_id']
|
||||
) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function canEditForIndividual($user, $entity): bool
|
||||
{
|
||||
if ($entity['owner_model'] !== 'individual') {
|
||||
return false;
|
||||
}
|
||||
if (!empty($user['role']['perm_admin'])) {
|
||||
return true;
|
||||
}
|
||||
if ($user['role']['perm_org_admin']) {
|
||||
$this->Alignments = TableRegistry::get('Alignments');
|
||||
$validIndividuals = $this->Alignments->find('list', [
|
||||
'keyField' => 'individual_id',
|
||||
'valueField' => 'id',
|
||||
'conditions' => ['organisation_id' => $user['organisation_id']]
|
||||
])->toArray();
|
||||
if (isset($validIndividuals[$entity['owner_id']])) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
if ($entity['owner_id'] === $user['id']) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -80,12 +80,22 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
|||
[
|
||||
'open_modal' => '/encryptionKeys/edit/[onclick_params_data_path]',
|
||||
'modal_params_data_path' => 'id',
|
||||
'icon' => 'edit'
|
||||
'icon' => 'edit',
|
||||
'complex_requirement' => [
|
||||
'function' => function ($row, $options) {
|
||||
return $row['_canBeEdited'];
|
||||
}
|
||||
]
|
||||
],
|
||||
[
|
||||
'open_modal' => '/encryptionKeys/delete/[onclick_params_data_path]',
|
||||
'modal_params_data_path' => 'id',
|
||||
'icon' => 'trash'
|
||||
'icon' => 'trash',
|
||||
'complex_requirement' => [
|
||||
'function' => function ($row, $options) {
|
||||
return $row['_canBeEdited'];
|
||||
}
|
||||
]
|
||||
],
|
||||
]
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue