chg: [users:edit] Allow users to self edit

refacto/CRUDComponent
Sami Mokaddem 2023-09-07 16:11:47 +02:00
parent 08d2e193dd
commit 5aefc37837
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
3 changed files with 12 additions and 3 deletions

View File

@ -342,6 +342,9 @@ class ACLComponent extends Component
if (!$currentUser['role']['perm_org_admin']) {
return false;
} else {
if ($currentUser['id'] == $user['id']) {
return true;
}
if ($currentUser['organisation_id'] !== $user['organisation_id']) {
return false;
}

View File

@ -51,7 +51,7 @@ class UsersController extends AppController
}
$this->set(
'validRoles',
$this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0])->all()->toArray()
$this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray()
);
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
}
@ -259,7 +259,7 @@ class UsersController extends AppController
$params['fields'][] = 'disabled';
if (!$currentUser['role']['perm_admin']) {
$params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) {
if (!in_array($data['role_id'], array_keys($validRoles))) {
if (!in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) {
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
}
if (!$this->ACL->canEditUser($currentUser, $data)) {
@ -268,7 +268,7 @@ class UsersController extends AppController
return $data;
};
$params['beforeSave'] = function ($data) use ($currentUser, $validRoles) {
if (!in_array($data['role_id'], array_keys($validRoles))) {
if (!in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) {
throw new MethodNotAllowedException(__('You cannot assign the chosen role to a user.'));
}
return $data;
@ -284,6 +284,9 @@ class UsersController extends AppController
if (empty($currentUser['role']['perm_admin'])) {
$org_conditions = ['id' => $currentUser['organisation_id']];
}
if ($this->ACL->getUser()['id'] == $id) {
$validRoles[$this->ACL->getUser()['role']['id']] = $this->ACL->getUser()['role']['name']; // include the current role of the user
}
$dropdownData = [
'role' => $validRoles,
'organisation' => $this->Users->Organisations->find('list', [

View File

@ -127,6 +127,9 @@ echo $this->element('genericElements/IndexTable/index_table', [
],
'function' => function ($row, $options) use ($loggedUser, $validRoles) {
if (empty($loggedUser['role']['perm_admin'])) {
if ($row['id'] == $loggedUser['id']) {
return true;
}
if (empty($loggedUser['role']['perm_org_admin'])) {
return false;
}