cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

chg: [users:edit] Allow users to self edit

refacto/CRUDComponent
Sami Mokaddem 2023-09-07 16:11:47 +02:00
parent 08d2e193dd
commit 5aefc37837
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
3 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Controller/Component/ACLComponent.php
View File

@ -342,6 +342,9 @@ class ACLComponent extends Component
if (!$currentUser['role']['perm_org_admin']) { if (!$currentUser['role']['perm_org_admin']) {
return false; return false;
} else { } else {
if ($currentUser['id'] == $user['id']) {
return true;
}
if ($currentUser['organisation_id'] !== $user['organisation_id']) { if ($currentUser['organisation_id'] !== $user['organisation_id']) {
return false; return false;
} }

9
src/Controller/UsersController.php
View File

@ -51,7 +51,7 @@ class UsersController extends AppController
} }
$this->set( $this->set(
'validRoles', 'validRoles',
$this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0])->all()->toArray() $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray()
); );
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
} }
@ -259,7 +259,7 @@ class UsersController extends AppController
$params['fields'][] = 'disabled'; $params['fields'][] = 'disabled';
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_admin']) {
$params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) { $params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) {
if (!in_array($data['role_id'], array_keys($validRoles))) { if (!in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) {
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.')); throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
} }
if (!$this->ACL->canEditUser($currentUser, $data)) { if (!$this->ACL->canEditUser($currentUser, $data)) {
@ -268,7 +268,7 @@ class UsersController extends AppController
return $data; return $data;
}; };
$params['beforeSave'] = function ($data) use ($currentUser, $validRoles) { $params['beforeSave'] = function ($data) use ($currentUser, $validRoles) {
if (!in_array($data['role_id'], array_keys($validRoles))) { if (!in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) {
throw new MethodNotAllowedException(__('You cannot assign the chosen role to a user.')); throw new MethodNotAllowedException(__('You cannot assign the chosen role to a user.'));
} }
return $data; return $data;
@ -284,6 +284,9 @@ class UsersController extends AppController
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_admin'])) {
$org_conditions = ['id' => $currentUser['organisation_id']]; $org_conditions = ['id' => $currentUser['organisation_id']];
} }
if ($this->ACL->getUser()['id'] == $id) {
$validRoles[$this->ACL->getUser()['role']['id']] = $this->ACL->getUser()['role']['name']; // include the current role of the user
}
$dropdownData = [ $dropdownData = [
'role' => $validRoles, 'role' => $validRoles,
'organisation' => $this->Users->Organisations->find('list', [ 'organisation' => $this->Users->Organisations->find('list', [

3
templates/Users/index.php
View File

@ -127,6 +127,9 @@ echo $this->element('genericElements/IndexTable/index_table', [
], ],
'function' => function ($row, $options) use ($loggedUser, $validRoles) { 'function' => function ($row, $options) use ($loggedUser, $validRoles) {
if (empty($loggedUser['role']['perm_admin'])) { if (empty($loggedUser['role']['perm_admin'])) {
if ($row['id'] == $loggedUser['id']) {
return true;
}
if (empty($loggedUser['role']['perm_org_admin'])) { if (empty($loggedUser['role']['perm_org_admin'])) {
return false; return false;
} }