cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [encryptionKeys:ui] Aligned UI with what users can actually do

perm_community_admin
Sami Mokaddem 2024-03-29 16:33:33 +01:00
parent e111dacf17
commit 3a3494df8c
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
3 changed files with 73 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/Controller/EncryptionKeysController.php
View File

@ -21,6 +21,7 @@ class EncryptionKeysController extends AppController
public function index() public function index()
{ {
$currentUser = $this->ACL->getUser();
$this->EncryptionKeys->initializeGpg(); $this->EncryptionKeys->initializeGpg();
$Model = $this->EncryptionKeys; $Model = $this->EncryptionKeys;
$this->CRUD->index([ $this->CRUD->index([
@ -33,7 +34,7 @@ class EncryptionKeysController extends AppController
], ],
'contain' => $this->containFields, 'contain' => $this->containFields,
'statisticsFields' => $this->statisticsFields, 'statisticsFields' => $this->statisticsFields,
'afterFind' => function($data) use ($Model) { 'afterFind' => function($data) use ($Model, $currentUser) {
if ($data['type'] === 'pgp') { if ($data['type'] === 'pgp') {
$keyInfo = $Model->verifySingleGPG($data); $keyInfo = $Model->verifySingleGPG($data);
$data['status'] = __('OK'); $data['status'] = __('OK');
@ -45,6 +46,7 @@ class EncryptionKeysController extends AppController
$data['fingerprint'] = $keyInfo[4]; $data['fingerprint'] = $keyInfo[4];
} }
} }
$data['_canBeEdited'] = $Model->canEdit($currentUser, $data);
return $data; return $data;
} }
]); ]);
@ -96,25 +98,13 @@ class EncryptionKeysController extends AppController
} }
$params['beforeSave'] = function($entity) use($currentUser) { $params['beforeSave'] = function($entity) use($currentUser) {
if ($entity['owner_model'] === 'organisation') { if ($entity['owner_model'] === 'organisation') {
if ($entity['owner_id'] !== $currentUser['organisation_id']) { if (!$this->EncryptionKeys->canEditForOrganisation($currentUser, $entity)) {
throw new MethodNotAllowedException(__('Selected organisation cannot be linked by the current user.')); throw new MethodNotAllowedException(__('Selected organisation cannot be linked by the current user.'));
} }
} else { } else if ($entity['owner_model'] === 'individual') {
if ($currentUser['role']['perm_org_admin']) { if (!$this->EncryptionKeys->canEditForIndividual($currentUser, $entity)) {
$this->loadModel('Alignments');
$validIndividuals = $this->Alignments->find('list', [
'keyField' => 'individual_id',
'valueField' => 'id',
'conditions' => ['organisation_id' => $currentUser['organisation_id']]
])->toArray();
if (!isset($validIndividuals[$entity['owner_id']])) {
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
} }
} else {
if ($entity['owner_id'] !== $currentUser['id']) {
throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
}
}
} }
return $entity; return $entity;
}; };

54
src/Model/Table/EncryptionKeysTable.php
View File

@ -3,6 +3,7 @@
namespace App\Model\Table; namespace App\Model\Table;
use App\Model\Table\AppTable; use App\Model\Table\AppTable;
use Cake\ORM\TableRegistry;
use Cake\ORM\Table; use Cake\ORM\Table;
use Cake\Validation\Validator; use Cake\Validation\Validator;
use Cake\Event\EventInterface; use Cake\Event\EventInterface;
@ -147,4 +148,57 @@ class EncryptionKeysTable extends AppTable
return null; return null;
} }
} }
public function canEdit($user, $entity): bool
{
if ($entity['owner_model'] === 'organisation') {
return $this->canEditForOrganisation($user, $entity);
} else if ($entity['owner_model'] === 'individual') {
return $this->canEditForIndividual($user, $entity);
}
return false;
}
public function canEditForOrganisation($user, $entity): bool
{
if ($entity['owner_model'] !== 'organisation') {
return false;
}
if (!empty($user['role']['perm_admin'])) {
return true;
}
if (
$user['role']['perm_org_admin'] &&
$entity['owner_id'] === $user['organisation_id']
) {
return true;
}
return false;
}
public function canEditForIndividual($user, $entity): bool
{
if ($entity['owner_model'] !== 'individual') {
return false;
}
if (!empty($user['role']['perm_admin'])) {
return true;
}
if ($user['role']['perm_org_admin']) {
$this->Alignments = TableRegistry::get('Alignments');
$validIndividuals = $this->Alignments->find('list', [
'keyField' => 'individual_id',
'valueField' => 'id',
'conditions' => ['organisation_id' => $user['organisation_id']]
])->toArray();
if (isset($validIndividuals[$entity['owner_id']])) {
return true;
}
} else {
if ($entity['owner_id'] === $user['id']) {
return true;
}
}
return false;
}
} }

14
templates/EncryptionKeys/index.php
View File

@ -80,12 +80,22 @@ echo $this->element('genericElements/IndexTable/index_table', [
[ [
'open_modal' => '/encryptionKeys/edit/[onclick_params_data_path]', 'open_modal' => '/encryptionKeys/edit/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'edit' 'icon' => 'edit',
'complex_requirement' => [
'function' => function ($row, $options) {
return $row['_canBeEdited'];
}
]
], ],
[ [
'open_modal' => '/encryptionKeys/delete/[onclick_params_data_path]', 'open_modal' => '/encryptionKeys/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'trash' 'icon' => 'trash',
'complex_requirement' => [
'function' => function ($row, $options) {
return $row['_canBeEdited'];
}
]
], ],
] ]
] ]