diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php index a01adf7..0bbc74e 100644 --- a/src/Controller/EncryptionKeysController.php +++ b/src/Controller/EncryptionKeysController.php @@ -21,6 +21,7 @@ class EncryptionKeysController extends AppController public function index() { + $currentUser = $this->ACL->getUser(); $this->EncryptionKeys->initializeGpg(); $Model = $this->EncryptionKeys; $this->CRUD->index([ @@ -33,7 +34,7 @@ class EncryptionKeysController extends AppController ], 'contain' => $this->containFields, 'statisticsFields' => $this->statisticsFields, - 'afterFind' => function($data) use ($Model) { + 'afterFind' => function($data) use ($Model, $currentUser) { if ($data['type'] === 'pgp') { $keyInfo = $Model->verifySingleGPG($data); $data['status'] = __('OK'); @@ -45,6 +46,7 @@ class EncryptionKeysController extends AppController $data['fingerprint'] = $keyInfo[4]; } } + $data['_canBeEdited'] = $Model->canEdit($currentUser, $data); return $data; } ]); @@ -96,24 +98,12 @@ class EncryptionKeysController extends AppController } $params['beforeSave'] = function($entity) use($currentUser) { if ($entity['owner_model'] === 'organisation') { - if ($entity['owner_id'] !== $currentUser['organisation_id']) { + if (!$this->EncryptionKeys->canEditForOrganisation($currentUser, $entity)) { throw new MethodNotAllowedException(__('Selected organisation cannot be linked by the current user.')); } - } else { - if ($currentUser['role']['perm_org_admin']) { - $this->loadModel('Alignments'); - $validIndividuals = $this->Alignments->find('list', [ - 'keyField' => 'individual_id', - 'valueField' => 'id', - 'conditions' => ['organisation_id' => $currentUser['organisation_id']] - ])->toArray(); - if (!isset($validIndividuals[$entity['owner_id']])) { - throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); - } - } else { - if ($entity['owner_id'] !== $currentUser['id']) { - throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); - } + } else if ($entity['owner_model'] === 'individual') { + if (!$this->EncryptionKeys->canEditForIndividual($currentUser, $entity)) { + throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); } } return $entity; diff --git a/src/Model/Table/EncryptionKeysTable.php b/src/Model/Table/EncryptionKeysTable.php index 0015e1d..5f4d54a 100644 --- a/src/Model/Table/EncryptionKeysTable.php +++ b/src/Model/Table/EncryptionKeysTable.php @@ -3,6 +3,7 @@ namespace App\Model\Table; use App\Model\Table\AppTable; +use Cake\ORM\TableRegistry; use Cake\ORM\Table; use Cake\Validation\Validator; use Cake\Event\EventInterface; @@ -147,4 +148,57 @@ class EncryptionKeysTable extends AppTable return null; } } + + public function canEdit($user, $entity): bool + { + if ($entity['owner_model'] === 'organisation') { + return $this->canEditForOrganisation($user, $entity); + } else if ($entity['owner_model'] === 'individual') { + return $this->canEditForIndividual($user, $entity); + } + return false; + } + + public function canEditForOrganisation($user, $entity): bool + { + if ($entity['owner_model'] !== 'organisation') { + return false; + } + if (!empty($user['role']['perm_admin'])) { + return true; + } + if ( + $user['role']['perm_org_admin'] && + $entity['owner_id'] === $user['organisation_id'] + ) { + return true; + } + return false; + } + + public function canEditForIndividual($user, $entity): bool + { + if ($entity['owner_model'] !== 'individual') { + return false; + } + if (!empty($user['role']['perm_admin'])) { + return true; + } + if ($user['role']['perm_org_admin']) { + $this->Alignments = TableRegistry::get('Alignments'); + $validIndividuals = $this->Alignments->find('list', [ + 'keyField' => 'individual_id', + 'valueField' => 'id', + 'conditions' => ['organisation_id' => $user['organisation_id']] + ])->toArray(); + if (isset($validIndividuals[$entity['owner_id']])) { + return true; + } + } else { + if ($entity['owner_id'] === $user['id']) { + return true; + } + } + return false; + } } diff --git a/templates/EncryptionKeys/index.php b/templates/EncryptionKeys/index.php index c9ca457..8a1cd67 100644 --- a/templates/EncryptionKeys/index.php +++ b/templates/EncryptionKeys/index.php @@ -80,12 +80,22 @@ echo $this->element('genericElements/IndexTable/index_table', [ [ 'open_modal' => '/encryptionKeys/edit/[onclick_params_data_path]', 'modal_params_data_path' => 'id', - 'icon' => 'edit' + 'icon' => 'edit', + 'complex_requirement' => [ + 'function' => function ($row, $options) { + return $row['_canBeEdited']; + } + ] ], [ 'open_modal' => '/encryptionKeys/delete/[onclick_params_data_path]', 'modal_params_data_path' => 'id', - 'icon' => 'trash' + 'icon' => 'trash', + 'complex_requirement' => [ + 'function' => function ($row, $options) { + return $row['_canBeEdited']; + } + ] ], ] ]