Merge branch 'develop'

pull/170/merge
iglocska 2024-08-22 15:24:09 +02:00
commit 65fd3ef5d4
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
37 changed files with 263 additions and 201 deletions

View File

@ -11,7 +11,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
'type' => 'simple', 'type' => 'simple',
'text' => __('Add tag'), 'text' => __('Add tag'),
'popover_url' => '/tags/add', 'popover_url' => '/tags/add',
'requirement' => !empty($loggedUser['role']['perm_admin']), 'requirement' => !empty($loggedUser['role']['perm_community_admin']),
] ]
] ]
], ],
@ -67,13 +67,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
'open_modal' => '/tags/edit/[onclick_params_data_path]', 'open_modal' => '/tags/edit/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'edit', 'icon' => 'edit',
'requirement' => !empty($loggedUser['role']['perm_admin']), 'requirement' => !empty($loggedUser['role']['perm_community_admin']),
], ],
[ [
'open_modal' => '/tags/delete/[onclick_params_data_path]', 'open_modal' => '/tags/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'trash', 'icon' => 'trash',
'requirement' => !empty($loggedUser['role']['perm_admin']), 'requirement' => !empty($loggedUser['role']['perm_community_admin']),
], ],
] ]
] ]

View File

@ -100,12 +100,18 @@ class FastUserEnrolmentCommand extends Command
die(1); die(1);
} }
$defaultRole = $defaultRole->toArray(); $defaultRole = $defaultRole->toArray();
if (!empty($defaultRole['perm_admin'])) { if (!empty($defaultRole['perm_community_admin'])) {
$selection = $io->askChoice('The default role has the `admin` permission. Confirm giving the admin permission to users to be enrolled.', ['Y', 'N'], 'N'); $selection = $io->askChoice('The default role has the `admin` permission. Confirm giving the admin permission to users to be enrolled.', ['Y', 'N'], 'N');
if ($selection != 'Y') { if ($selection != 'Y') {
die(1); die(1);
} }
} }
if (!empty($defaultRole['perm_community_admin'])) {
$selection = $io->askChoice('The default role has the `community_admin` permission. Confirm giving the admin permission to users to be enrolled.', ['Y', 'N'], 'N');
if ($selection != 'Y') {
die(1);
}
}
$this->role_id = $defaultRole['id']; $this->role_id = $defaultRole['id'];
} else { } else {
$role = $this->Users->Roles->find()->select(['id'])->where(['id' => $this->role_id])->first(); $role = $this->Users->Roles->find()->select(['id'])->where(['id' => $this->role_id])->first();

View File

@ -150,7 +150,7 @@ class AlignmentsController extends AppController
private function canEditIndividual($indId): bool private function canEditIndividual($indId): bool
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if ($currentUser['role']['perm_admin']) { if ($currentUser['role']['perm_community_admin']) {
return true; return true;
} }
$this->loadModel('Individuals'); $this->loadModel('Individuals');
@ -164,7 +164,7 @@ class AlignmentsController extends AppController
private function canEditOrganisation($orgId): bool private function canEditOrganisation($orgId): bool
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if ($currentUser['role']['perm_admin']) { if ($currentUser['role']['perm_community_admin']) {
return true; return true;
} }
if ($currentUser['role']['perm_org_admin'] && $currentUser['organisation']['id'] == $orgId) { if ($currentUser['role']['perm_org_admin'] && $currentUser['organisation']['id'] == $orgId) {

View File

@ -124,6 +124,7 @@ class AppController extends Controller
$this->ACL->setUser($user); $this->ACL->setUser($user);
$this->request->getSession()->write('authUser', $user); $this->request->getSession()->write('authUser', $user);
$this->isAdmin = $user['role']['perm_admin']; $this->isAdmin = $user['role']['perm_admin'];
$this->isCommunityAdmin = $user['role']['perm_community_admin'];
if (!$this->ParamHandler->isRest()) { if (!$this->ParamHandler->isRest()) {
$this->set('menu', $this->ACL->getMenu()); $this->set('menu', $this->ACL->getMenu());
$this->set('loggedUser', $this->ACL->getUser()); $this->set('loggedUser', $this->ACL->getUser());
@ -155,7 +156,7 @@ class AppController extends Controller
} }
if ($this->modelClass == 'Tags.Tags') { if ($this->modelClass == 'Tags.Tags') {
$this->set('metaGroup', !empty($this->isAdmin) ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', !empty($this->isCommunityAdmin) ? 'Administration' : 'Cerebrate');
} }
$this->response = $this->response->withHeader('X-Frame-Options', 'DENY'); $this->response = $this->response->withHeader('X-Frame-Options', 'DENY');
} }

View File

@ -22,7 +22,7 @@ class AuthKeysController extends AppController
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$conditions = []; $conditions = [];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$conditions['Users.organisation_id'] = $currentUser['organisation_id']; $conditions['Users.organisation_id'] = $currentUser['organisation_id'];
if (empty($currentUser['role']['perm_org_admin'])) { if (empty($currentUser['role']['perm_org_admin'])) {
$conditions['Users.id'] = $currentUser['id']; $conditions['Users.id'] = $currentUser['id'];
@ -40,14 +40,14 @@ class AuthKeysController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
} }
public function delete($id) public function delete($id)
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$conditions = []; $conditions = [];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$conditions['Users.organisation_id'] = $currentUser['organisation_id']; $conditions['Users.organisation_id'] = $currentUser['organisation_id'];
if (empty($currentUser['role']['perm_org_admin'])) { if (empty($currentUser['role']['perm_org_admin'])) {
$conditions['Users.id'] = $currentUser['id']; $conditions['Users.id'] = $currentUser['id'];
@ -58,20 +58,20 @@ class AuthKeysController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
} }
public function add() public function add()
{ {
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
$validUsers = []; $validUsers = [];
$userConditions = []; $userConditions = [];
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
if (empty($currentUser['role']['perm_org_admin'])) { if (empty($currentUser['role']['perm_org_admin'])) {
$userConditions['id'] = $currentUser['id']; $userConditions['id'] = $currentUser['id'];
} else { } else {
$role_ids = $this->Users->Roles->find()->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->extract('id')->toList(); $role_ids = $this->Users->Roles->find()->where(['perm_admin' => 0, 'perm_community_admin', 'perm_org_admin' => 0])->all()->extract('id')->toList();
$userConditions['organisation_id'] = $currentUser['organisation_id']; $userConditions['organisation_id'] = $currentUser['organisation_id'];
$userConditions['OR'] = [ $userConditions['OR'] = [
['role_id IN' => $role_ids], ['role_id IN' => $role_ids],

View File

@ -41,14 +41,14 @@ class ACLComponent extends Component
'queryACL' => ['perm_admin'] 'queryACL' => ['perm_admin']
], ],
'Alignments' => [ 'Alignments' => [
'add' => ['perm_admin', 'perm_org_admin'], 'add' => ['perm_community_admin', 'perm_org_admin'],
'delete' => ['perm_admin', 'perm_org_admin'], 'delete' => ['perm_community_admin', 'perm_org_admin'],
'index' => ['*'], 'index' => ['*'],
'view' => ['*'] 'view' => ['*']
], ],
'AuditLogs' => [ 'AuditLogs' => [
'filtering' => ['perm_admin'], 'filtering' => ['perm_community_admin'],
'index' => ['perm_admin'], 'index' => ['perm_community_admin'],
], ],
'AuthKeys' => [ 'AuthKeys' => [
'add' => ['*'], 'add' => ['*'],
@ -56,17 +56,17 @@ class ACLComponent extends Component
'index' => ['*'] 'index' => ['*']
], ],
'Broods' => [ 'Broods' => [
'add' => ['perm_admin'], 'add' => ['perm_community_admin'],
'delete' => ['perm_admin'], 'delete' => ['perm_community_admin'],
'downloadIndividual' => ['perm_admin'], 'downloadIndividual' => ['perm_community_admin'],
'downloadOrg' => ['perm_admin'], 'downloadOrg' => ['perm_community_admin'],
'downloadSharingGroup' => ['perm_admin'], 'downloadSharingGroup' => ['perm_community_admin'],
'edit' => ['perm_admin'], 'edit' => ['perm_community_admin'],
'index' => ['perm_admin'], 'index' => ['perm_community_admin'],
'interconnectTools' => ['perm_admin'], 'interconnectTools' => ['perm_community_admin'],
'previewIndex' => ['perm_admin'], 'previewIndex' => ['perm_community_admin'],
'testConnection' => ['perm_admin'], 'testConnection' => ['perm_community_admin'],
'view' => ['perm_admin'] 'view' => ['perm_community_admin']
], ],
'EncryptionKeys' => [ 'EncryptionKeys' => [
'view' => ['*'], 'view' => ['*'],
@ -76,29 +76,29 @@ class ACLComponent extends Component
'index' => ['*'] 'index' => ['*']
], ],
'Enumerations' => [ 'Enumerations' => [
'delete' => ['perm_admin'], 'delete' => ['perm_community_admin'],
'index' => ['*'] 'index' => ['*']
], ],
'EnumerationCollections' => [ 'EnumerationCollections' => [
'view' => ['*'], 'view' => ['*'],
'add' => ['perm_admin'], 'add' => ['perm_community_admin'],
'edit' => ['perm_admin'], 'edit' => ['perm_community_admin'],
'delete' => ['perm_admin'], 'delete' => ['perm_community_admin'],
'index' => ['*'] 'index' => ['*']
], ],
'Inbox' => [ 'Inbox' => [
'createEntry' => ['OR' => ['perm_admin', 'perm_sync']], 'createEntry' => ['OR' => ['perm_community_admin', 'perm_sync']],
'delete' => ['perm_admin'], 'delete' => ['perm_community_admin'],
'filtering' => ['perm_admin'], 'filtering' => ['perm_community_admin'],
'index' => ['perm_admin'], 'index' => ['perm_community_admin'],
'listProcessors' => ['OR' => ['perm_admin', 'perm_sync']], 'listProcessors' => ['OR' => ['perm_community_admin', 'perm_sync']],
'process' => ['perm_admin'], 'process' => ['perm_community_admin'],
'view' => ['perm_admin'], 'view' => ['perm_community_admin'],
], ],
'Individuals' => [ 'Individuals' => [
'add' => ['perm_admin', 'perm_org_admin'], 'add' => ['perm_community_admin', 'perm_org_admin'],
'delete' => ['perm_admin'], 'delete' => ['perm_community_admin'],
'edit' => ['perm_admin', 'perm_org_admin'], 'edit' => ['perm_community_admin', 'perm_org_admin'],
'filtering' => ['*'], 'filtering' => ['*'],
'index' => ['*'], 'index' => ['*'],
'tag' => ['*'], 'tag' => ['*'],
@ -119,32 +119,32 @@ class ACLComponent extends Component
'topology' => ['perm_admin'], 'topology' => ['perm_admin'],
], ],
'LocalTools' => [ 'LocalTools' => [
'action' => ['perm_admin'], 'action' => ['OR' => ['perm_admin', 'perm_community_admin']],
'add' => ['perm_admin'], 'add' => ['perm_admin'],
'batchAction' => ['perm_admin'], 'batchAction' => ['perm_admin'],
'broodTools' => ['perm_admin'], 'broodTools' => ['OR' => ['perm_admin', 'perm_community_admin']],
'connectionRequest' => ['perm_admin'], 'connectionRequest' => ['OR' => ['perm_admin', 'perm_community_admin']],
// 'connectLocal' => ['perm_admin'], // 'connectLocal' => ['perm_admin'],
'delete' => ['perm_admin'], 'delete' => ['perm_admin'],
'edit' => ['perm_admin'], 'edit' => ['perm_admin'],
'exposedTools' => ['OR' => ['perm_admin', 'perm_sync']], 'exposedTools' => ['OR' => ['perm_admin', 'perm_sync', 'perm_community_admin']],
'index' => ['perm_admin'], 'index' => ['OR' => ['perm_admin', 'perm_community_admin']],
'connectorIndex' => ['perm_admin'], 'connectorIndex' => ['perm_admin'],
'view' => ['perm_admin'], 'view' => ['OR' => ['perm_admin', 'perm_community_admin']],
'viewConnector' => ['perm_admin'] 'viewConnector' => ['OR' => ['perm_admin', 'perm_community_admin']]
], ],
'MailingLists' => [ 'MailingLists' => [
"add" => ['perm_org_admin'], "add" => ['OR' => ['perm_org_admin', 'perm_community_admin']],
"addIndividual" => ['perm_org_admin'], "addIndividual" => ['OR' => ['perm_org_admin', 'perm_community_admin']],
"delete" => ['perm_org_admin'], "delete" => ['OR' => ['perm_org_admin', 'perm_community_admin']],
"edit" => ['perm_org_admin'], "edit" => ['OR' => ['perm_org_admin', 'perm_community_admin']],
"index" => ['*'], "index" => ['*'],
"listIndividuals" => ['perm_org_admin'], "listIndividuals" => ['OR' => ['perm_org_admin', 'perm_community_admin']],
"removeIndividual" => ['perm_org_admin'], "removeIndividual" => ['OR' => ['perm_org_admin', 'perm_community_admin']],
"view" => ['*'], "view" => ['*'],
], ],
'MetaTemplateFields' => [ 'MetaTemplateFields' => [
'index' => ['perm_admin'] 'index' => ['perm_admin', 'perm_community_admin']
], ],
'MetaTemplates' => [ 'MetaTemplates' => [
'createNewTemplate' => ['perm_admin'], 'createNewTemplate' => ['perm_admin'],
@ -164,30 +164,30 @@ class ACLComponent extends Component
'index' => ['perm_admin'], 'index' => ['perm_admin'],
], ],
'OrgGroups' => [ 'OrgGroups' => [
'add' => ['perm_admin'], 'add' => ['perm_community_admin'],
'delete' => ['perm_admin'], 'delete' => ['perm_community_admin'],
'edit' => ['perm_admin'], 'edit' => ['perm_community_admin'],
'index' => ['*'], 'index' => ['*'],
'view' => ['*'], 'view' => ['*'],
'filtering' => ['*'], 'filtering' => ['*'],
'tag' => ['perm_admin'], 'tag' => ['perm_community_admin'],
'untag' => ['perm_admin'], 'untag' => ['perm_community_admin'],
'viewTags' => ['*'], 'viewTags' => ['*'],
'listAdmins' => ['*'], 'listAdmins' => ['*'],
'listOrgs' => ['*'], 'listOrgs' => ['*'],
'assignAdmin' => ['perm_admin'], 'assignAdmin' => ['perm_community_admin'],
'removeAdmin' => ['perm_admin'], 'removeAdmin' => ['perm_community_admin'],
'attachOrg' => ['perm_admin', 'perm_group_admin'], 'attachOrg' => ['perm_community_admin', 'perm_group_admin'],
'detachOrg' => ['perm_admin', 'perm_group_admin'] 'detachOrg' => ['perm_community_admin', 'perm_group_admin']
], ],
'Organisations' => [ 'Organisations' => [
'add' => ['perm_admin'], 'add' => ['perm_community_admin'],
'delete' => ['perm_admin'], 'delete' => ['perm_community_admin'],
'edit' => ['perm_admin', 'perm_org_admin'], 'edit' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'filtering' => ['*'], 'filtering' => ['*'],
'index' => ['*'], 'index' => ['*'],
'tag' => ['perm_org_admin'], 'tag' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'untag' => ['perm_org_admin'], 'untag' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'view' => ['*'], 'view' => ['*'],
'viewTags' => ['*'] 'viewTags' => ['*']
], ],
@ -211,39 +211,39 @@ class ACLComponent extends Component
"delete" => ['perm_admin'] "delete" => ['perm_admin']
], ],
'Roles' => [ 'Roles' => [
'add' => ['perm_admin'], 'add' => ['perm_community_admin'],
'delete' => ['perm_admin'], 'delete' => ['perm_community_admin'],
'edit' => ['perm_admin'], 'edit' => ['perm_community_admin'],
'index' => ['*'], 'index' => ['*'],
'view' => ['*'] 'view' => ['*']
], ],
'SharingGroups' => [ 'SharingGroups' => [
'add' => ['perm_org_admin'], 'add' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'addOrg' => ['perm_org_admin'], 'addOrg' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'delete' => ['perm_org_admin'], 'delete' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'edit' => ['perm_org_admin'], 'edit' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'index' => ['*'], 'index' => ['*'],
'listOrgs' => ['*'], 'listOrgs' => ['*'],
'removeOrg' => ['perm_org_admin'], 'removeOrg' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'view' => ['*'] 'view' => ['*']
], ],
'Tags' => [ 'Tags' => [
'add' => ['perm_admin'], 'add' => ['perm_community_admin'],
'delete' => ['perm_admin'], 'delete' => ['perm_community_admin'],
'edit' => ['perm_admin'], 'edit' => ['perm_community_admin'],
'index' => ['*'], 'index' => ['*'],
'view' => ['*'] 'view' => ['*']
], ],
'Users' => [ 'Users' => [
'add' => ['perm_org_admin'], 'add' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'delete' => ['perm_org_admin'], 'delete' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'edit' => ['*'], 'edit' => ['*'],
'index' => ['perm_org_admin'], 'index' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'login' => ['*'], 'login' => ['*'],
'logout' => ['*'], 'logout' => ['*'],
'register' => ['*'], 'register' => ['*'],
'settings' => ['*'], 'settings' => ['*'],
'toggle' => ['perm_org_admin'], 'toggle' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
'view' => ['*'] 'view' => ['*']
], ],
'UserSettings' => [ 'UserSettings' => [
@ -354,14 +354,14 @@ class ACLComponent extends Component
if (empty($user) || empty($currentUser)) { if (empty($user) || empty($currentUser)) {
return false; return false;
} }
if ($currentUser['role']['perm_admin']) { if ($currentUser['role']['perm_community_admin']) {
return true; return true;
} }
if ($user['id'] === $currentUser['id']) { if ($user['id'] === $currentUser['id']) {
return true; return true;
} }
if ($user['role']['perm_admin']) { if ($user['role']['perm_community_admin']) {
return false; // org_admins cannot edit admins return false; // org_admins cannot edit admins
} }
if ($currentUser['role']['perm_org_admin'] && $user['role']['perm_group_admin']) { if ($currentUser['role']['perm_org_admin'] && $user['role']['perm_group_admin']) {
@ -401,7 +401,7 @@ class ACLComponent extends Component
return true; return true;
} }
if (!empty($this->user->role->perm_admin)) { if (!empty($this->user->role->perm_admin)) {
return true; //return true;
} }
//$this->__checkLoggedActions($user, $controller, $action); //$this->__checkLoggedActions($user, $controller, $action);
if (isset($this->aclList['*'][$action])) { if (isset($this->aclList['*'][$action])) {
@ -589,7 +589,7 @@ class ACLComponent extends Component
} }
foreach ($this->aclList as $controller => $actions) { foreach ($this->aclList as $controller => $actions) {
foreach ($actions as $action => $permissions) { foreach ($actions as $action => $permissions) {
if ($role['perm_admin']) { if ($role['perm_admin'] && empty($permissions)) {
$results = $this->__formatControllerAction($results, $controller, $action, $url_mode); $results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
} elseif (in_array('*', $permissions)) { } elseif (in_array('*', $permissions)) {
$results = $this->__formatControllerAction($results, $controller, $action, $url_mode); $results = $this->__formatControllerAction($results, $controller, $action, $url_mode);

View File

@ -526,10 +526,10 @@ class CRUDComponent extends Component
if (!empty($errors)) { if (!empty($errors)) {
if (count($errors) == 1) { if (count($errors) == 1) {
$field = array_keys($errors)[0]; $field = array_keys($errors)[0];
$fieldError = implode(', ', array_values($errors[$field])); $fieldError = json_encode($errors[$field]);
$validationMessage = __('{0}: {1}', $field, $fieldError); $validationMessage = __('{0}: {1}', $field, $fieldError);
} else { } else {
$validationMessage = __('There has been validation issues with multiple fields'); $validationMessage = __('There has been validation issues with multiple fields: {0}', json_encode($errors));
} }
} }
return $validationMessage; return $validationMessage;

View File

@ -8,7 +8,7 @@ class TagsNavigation extends BaseNavigation
public function addLinks() public function addLinks()
{ {
$controller = 'Tags'; $controller = 'Tags';
if (empty($this->viewVars['loggedUser']['role']['perm_admin'])) { if (empty($this->viewVars['loggedUser']['role']['perm_community_admin'])) {
$this->bcf->removeLink($controller, 'view', $controller, 'edit'); $this->bcf->removeLink($controller, 'view', $controller, 'edit');
$this->bcf->removeLink($controller, 'edit', $controller, 'edit'); $this->bcf->removeLink($controller, 'edit', $controller, 'edit');
} }
@ -17,7 +17,7 @@ class TagsNavigation extends BaseNavigation
public function addActions() public function addActions()
{ {
$controller = 'Tags'; $controller = 'Tags';
if (empty($this->viewVars['loggedUser']['role']['perm_admin'])) { if (empty($this->viewVars['loggedUser']['role']['perm_community_admin'])) {
$this->bcf->removeAction($controller, 'view', $controller, 'delete'); $this->bcf->removeAction($controller, 'view', $controller, 'delete');
$this->bcf->removeAction($controller, 'edit', $controller, 'delete'); $this->bcf->removeAction($controller, 'edit', $controller, 'delete');
} }

View File

@ -312,12 +312,12 @@ class BreadcrumbFactory
$this->addAction($controller, 'view', $controller, 'add'); $this->addAction($controller, 'view', $controller, 'add');
$this->addAction($controller, 'view', $controller, 'delete'); $this->addAction($controller, 'view', $controller, 'delete');
if (!empty($loggedUser['role']['perm_admin'])) { if (!empty($loggedUser['role']['perm_community_admin'])) {
$this->addAction($controller, 'view', $controller, 'audit'); $this->addAction($controller, 'view', $controller, 'audit');
} }
$this->addAction($controller, 'edit', $controller, 'add'); $this->addAction($controller, 'edit', $controller, 'add');
$this->addAction($controller, 'edit', $controller, 'delete'); $this->addAction($controller, 'edit', $controller, 'delete');
if (!empty($loggedUser['role']['perm_admin'])) { if (!empty($loggedUser['role']['perm_community_admin'])) {
$this->addAction($controller, 'edit', $controller, 'audit'); $this->addAction($controller, 'edit', $controller, 'audit');
} }
} }

View File

@ -140,6 +140,7 @@ class RestResponseComponent extends Component
'perm_delegate', 'perm_delegate',
'perm_sync', 'perm_sync',
'perm_admin', 'perm_admin',
'perm_community_admin',
'perm_audit', 'perm_audit',
'perm_auth', 'perm_auth',
'perm_site_admin', 'perm_site_admin',
@ -160,6 +161,7 @@ class RestResponseComponent extends Component
'perm_delegate', 'perm_delegate',
'perm_sync', 'perm_sync',
'perm_admin', 'perm_admin',
'perm_community_admin',
'perm_audit', 'perm_audit',
'perm_auth', 'perm_auth',
'perm_site_admin', 'perm_site_admin',
@ -1253,6 +1255,11 @@ class RestResponseComponent extends Component
'type' => 'integer', 'type' => 'integer',
'values' => array(1 => 'True', 0 => 'False' ) 'values' => array(1 => 'True', 0 => 'False' )
), ),
'perm_community_admin' => array(
'input' => 'radio',
'type' => 'integer',
'values' => array(1 => 'True', 0 => 'False' )
),
'perm_audit' => array( 'perm_audit' => array(
'input' => 'radio', 'input' => 'radio',
'type' => 'integer', 'type' => 'integer',

View File

@ -64,7 +64,7 @@ class EncryptionKeysController extends AppController
$dropdownData = []; $dropdownData = [];
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$params = []; $params = [];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData); $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
} }
$this->CRUD->delete($id, $params); $this->CRUD->delete($id, $params);
@ -77,7 +77,7 @@ class EncryptionKeysController extends AppController
private function buildBeforeSave(array $params, $currentUser, array &$orgConditions, array &$individualConditions, array &$dropdownData): array private function buildBeforeSave(array $params, $currentUser, array &$orgConditions, array &$individualConditions, array &$dropdownData): array
{ {
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$orgConditions = [ $orgConditions = [
'id' => $currentUser['organisation_id'] 'id' => $currentUser['organisation_id']
]; ];
@ -154,7 +154,7 @@ class EncryptionKeysController extends AppController
], ],
'redirect' => $this->referer() 'redirect' => $this->referer()
]; ];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData); $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
} }
$this->CRUD->edit($id, $params); $this->CRUD->edit($id, $params);

View File

@ -29,7 +29,7 @@ class IndividualsController extends AppController
public function index() public function index()
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$orgAdmin = !$currentUser['role']['perm_admin'] && $currentUser['role']['perm_org_admin']; $orgAdmin = !$currentUser['role']['perm_community_admin'] && $currentUser['role']['perm_org_admin'];
$this->CRUD->index([ $this->CRUD->index([
'filters' => $this->filterFields, 'filters' => $this->filterFields,
'quickFilters' => $this->quickFilterFields, 'quickFilters' => $this->quickFilterFields,
@ -37,7 +37,7 @@ class IndividualsController extends AppController
'contain' => $this->containFields, 'contain' => $this->containFields,
'statisticsFields' => $this->statisticsFields, 'statisticsFields' => $this->statisticsFields,
'afterFind' => function($data) use ($currentUser) { 'afterFind' => function($data) use ($currentUser) {
if ($currentUser['role']['perm_admin']) { if ($currentUser['role']['perm_community_admin']) {
$data['user'] = $this->Individuals->Users->find()->select(['id', 'username', 'Organisations.id', 'Organisations.name'])->contain('Organisations')->where(['individual_id' => $data['id']])->all()->toArray(); $data['user'] = $this->Individuals->Users->find()->select(['id', 'username', 'Organisations.id', 'Organisations.name'])->contain('Organisations')->where(['individual_id' => $data['id']])->all()->toArray();
} }
return $data; return $data;
@ -88,7 +88,7 @@ class IndividualsController extends AppController
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$this->CRUD->edit($id, [ $this->CRUD->edit($id, [
'beforeSave' => function($data) use ($currentUser) { 'beforeSave' => function($data) use ($currentUser) {
if ($currentUser['role']['perm_admin'] && isset($data['uuid'])) { if ($currentUser['role']['perm_community_admin'] && isset($data['uuid'])) {
unset($data['uuid']); unset($data['uuid']);
} }
return $data; return $data;
@ -157,7 +157,7 @@ class IndividualsController extends AppController
private function canEdit($indId): bool private function canEdit($indId): bool
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if ($currentUser['role']['perm_admin']) { if ($currentUser['role']['perm_community_admin']) {
return true; return true;
} }
$validIndividuals = $this->Individuals->getValidIndividualsToEdit($currentUser); $validIndividuals = $this->Individuals->getValidIndividualsToEdit($currentUser);
@ -174,7 +174,7 @@ class IndividualsController extends AppController
return false; return false;
} }
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if ($currentUser['role']['perm_admin']) { if ($currentUser['role']['perm_community_admin']) {
return true; return true;
} }
return false; return false;

View File

@ -29,7 +29,7 @@ class MailingListsController extends AppController
'quickFilters' => $this->quickFilterFields, 'quickFilters' => $this->quickFilterFields,
'statisticsFields' => $this->statisticsFields, 'statisticsFields' => $this->statisticsFields,
'afterFind' => function ($row) use ($currentUser) { 'afterFind' => function ($row) use ($currentUser) {
if (empty($currentUser['role']['perm_admin']) && $row['user_id'] != $currentUser['id']) { if (empty($currentUser['role']['perm_community_admin']) && $row['user_id'] != $currentUser['id']) {
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $row)) { if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $row)) {
$row = false; $row = false;
} }
@ -66,7 +66,7 @@ class MailingListsController extends AppController
$this->CRUD->view($id, [ $this->CRUD->view($id, [
'contain' => $this->containFields, 'contain' => $this->containFields,
'afterFind' => function($data) use ($currentUser) { 'afterFind' => function($data) use ($currentUser) {
if (empty($currentUser['role']['perm_admin']) && $data['user_id'] != $currentUser['id']) { if (empty($currentUser['role']['perm_community_admin']) && $data['user_id'] != $currentUser['id']) {
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $data)) { if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $data)) {
$data = []; $data = [];
} }
@ -84,7 +84,7 @@ class MailingListsController extends AppController
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$params = []; $params = [];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$params['conditions'] = ['user_id' => $currentUser['id']]; $params['conditions'] = ['user_id' => $currentUser['id']];
} }
$this->CRUD->edit($id, $params); $this->CRUD->edit($id, $params);
@ -98,7 +98,7 @@ class MailingListsController extends AppController
public function delete($id) public function delete($id)
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$params['conditions'] = ['user_id' => $currentUser['id']]; $params['conditions'] = ['user_id' => $currentUser['id']];
} }
$this->CRUD->delete($id, $params); $this->CRUD->delete($id, $params);
@ -131,7 +131,7 @@ class MailingListsController extends AppController
if (is_null($mailingList)) { if (is_null($mailingList)) {
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias()))); throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
} }
if (empty($currentUser['role']['perm_admin']) && $mailingList['user_id'] != $currentUser['id']) { if (empty($currentUser['role']['perm_community_admin']) && $mailingList['user_id'] != $currentUser['id']) {
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $mailingList)) { if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $mailingList)) {
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias()))); throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
} }
@ -197,7 +197,7 @@ class MailingListsController extends AppController
$params = [ $params = [
'contain' => ['Individuals', 'MetaFields'] 'contain' => ['Individuals', 'MetaFields']
]; ];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$params['conditions'] = ['user_id' => $currentUser['id']]; $params['conditions'] = ['user_id' => $currentUser['id']];
} }
$mailingList = $this->MailingLists->get($mailinglist_id, $params); $mailingList = $this->MailingLists->get($mailinglist_id, $params);
@ -274,7 +274,7 @@ class MailingListsController extends AppController
$params = [ $params = [
'contain' => ['Individuals', 'MetaFields'] 'contain' => ['Individuals', 'MetaFields']
]; ];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$params['conditions'] = ['user_id' => $currentUser['id']]; $params['conditions'] = ['user_id' => $currentUser['id']];
} }
$mailingList = $this->MailingLists->get($mailinglist_id, $params); $mailingList = $this->MailingLists->get($mailinglist_id, $params);

View File

@ -121,7 +121,7 @@ class OrgGroupsController extends AppController
private function canEdit($groupId): bool private function canEdit($groupId): bool
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if ($currentUser['role']['perm_admin']) { if ($currentUser['role']['perm_community_admin']) {
return true; return true;
} }
if ($currentUser['role']['perm_group_admin']) { if ($currentUser['role']['perm_group_admin']) {
@ -140,7 +140,7 @@ class OrgGroupsController extends AppController
private function canEditDefinition($groupId): bool private function canEditDefinition($groupId): bool
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if ($currentUser['role']['perm_admin']) { if ($currentUser['role']['perm_community_admin']) {
return true; return true;
} }
return false; return false;
@ -154,7 +154,7 @@ class OrgGroupsController extends AppController
} }
$orgGroup = $this->OrgGroups->get($groupId, ['contain' => ['Users' => ['Individuals', 'Organisations']]]); $orgGroup = $this->OrgGroups->get($groupId, ['contain' => ['Users' => ['Individuals', 'Organisations']]]);
$this->set('data', $orgGroup['users']); $this->set('data', $orgGroup['users']);
$this->set('canEdit', $this->ACL->getUser()['role']['perm_admin']); $this->set('canEdit', $this->ACL->getUser()['role']['perm_community_admin']);
$this->set('groupId', $groupId); $this->set('groupId', $groupId);
} }
@ -172,7 +172,7 @@ class OrgGroupsController extends AppController
public function assignAdmin($groupId) public function assignAdmin($groupId)
{ {
if (!$this->ACL->getUser()['role']['perm_admin']) { if (!$this->ACL->getUser()['role']['perm_community_admin']) {
throw new MethodNotAllowedException(__('You do not have permission to edit this group.')); throw new MethodNotAllowedException(__('You do not have permission to edit this group.'));
} }
$this->CRUD->linkObjects(__FUNCTION__, $groupId, 'OrgGroups', 'Users', ['redirect' => '/orgGroups/listAdmins/' . $groupId]); $this->CRUD->linkObjects(__FUNCTION__, $groupId, 'OrgGroups', 'Users', ['redirect' => '/orgGroups/listAdmins/' . $groupId]);
@ -188,7 +188,7 @@ class OrgGroupsController extends AppController
$validRoles = $this->Roles->find('list')->disableHydration()->select( $validRoles = $this->Roles->find('list')->disableHydration()->select(
['id', 'name'] ['id', 'name']
)->where( )->where(
['OR' => ['perm_admin' => 1, 'perm_group_admin' => 1]] ['OR' => ['perm_community_admin' => 1, 'perm_group_admin' => 1]]
)->toArray(); )->toArray();
$admins = $this->Users->find('list')->disableHydration()->select(['id', 'username'])->where(['Users.role_id IN' => array_keys($validRoles)])->toArray(); $admins = $this->Users->find('list')->disableHydration()->select(['id', 'username'])->where(['Users.role_id IN' => array_keys($validRoles)])->toArray();
asort($admins, SORT_STRING | SORT_FLAG_CASE); asort($admins, SORT_STRING | SORT_FLAG_CASE);
@ -207,7 +207,7 @@ class OrgGroupsController extends AppController
public function removeAdmin($groupId, $adminId) public function removeAdmin($groupId, $adminId)
{ {
if (!$this->ACL->getUser()['role']['perm_admin']) { if (!$this->ACL->getUser()['role']['perm_community_admin']) {
throw new MethodNotAllowedException(__('You do not have permission to edit this group.')); throw new MethodNotAllowedException(__('You do not have permission to edit this group.'));
} }
$this->CRUD->unlinkObjects(__FUNCTION__, $groupId, $adminId, 'OrgGroups', 'Users'); $this->CRUD->unlinkObjects(__FUNCTION__, $groupId, $adminId, 'OrgGroups', 'Users');

View File

@ -121,7 +121,7 @@ class OrganisationsController extends AppController
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$this->CRUD->edit($id, [ $this->CRUD->edit($id, [
'beforeSave' => function($data) use ($currentUser) { 'beforeSave' => function($data) use ($currentUser) {
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
unset($data['uuid']); unset($data['uuid']);
} }
return $data; return $data;
@ -181,7 +181,7 @@ class OrganisationsController extends AppController
private function canEdit($orgId): bool private function canEdit($orgId): bool
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if ($currentUser['role']['perm_admin']) { if ($currentUser['role']['perm_community_admin']) {
return true; return true;
} }

View File

@ -12,7 +12,7 @@ use Cake\Http\Exception\ForbiddenException;
class RolesController extends AppController class RolesController extends AppController
{ {
public $filterFields = ['name', 'uuid', 'perm_admin', 'Users.id', 'perm_org_admin']; public $filterFields = ['name', 'uuid', 'perm_admin', 'perm_community_admin', 'Users.id', 'perm_org_admin'];
public $quickFilterFields = ['name']; public $quickFilterFields = ['name'];
public $containFields = []; public $containFields = [];
@ -26,7 +26,7 @@ class RolesController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
} }
public function add() public function add()
@ -44,7 +44,7 @@ class RolesController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
} }
public function view($id) public function view($id)
@ -54,7 +54,7 @@ class RolesController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
} }
public function edit($id) public function edit($id)
@ -72,7 +72,7 @@ class RolesController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
$this->render('add'); $this->render('add');
} }
@ -83,6 +83,6 @@ class RolesController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
} }
} }

View File

@ -26,7 +26,7 @@ class SharingGroupsController extends AppController
'quickFilters' => $this->quickFilterFields, 'quickFilters' => $this->quickFilterFields,
'conditions' => $conditions, 'conditions' => $conditions,
'afterFind' => function ($row) use ($currentUser) { 'afterFind' => function ($row) use ($currentUser) {
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$orgFound = false; $orgFound = false;
if (!empty($row['sharing_group_orgs'])) { if (!empty($row['sharing_group_orgs'])) {
foreach ($row['sharing_group_orgs'] as $org) { foreach ($row['sharing_group_orgs'] as $org) {
@ -56,7 +56,7 @@ class SharingGroupsController extends AppController
'user_id' => $this->ACL->getUser()['id'] 'user_id' => $this->ACL->getUser()['id']
], ],
'beforeSave' => function($data) use ($currentUser) { 'beforeSave' => function($data) use ($currentUser) {
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
$data['organisation_id'] = $currentUser['organisation_id']; $data['organisation_id'] = $currentUser['organisation_id'];
} }
return $data; return $data;
@ -78,7 +78,7 @@ class SharingGroupsController extends AppController
$this->CRUD->view($id, [ $this->CRUD->view($id, [
'contain' => ['SharingGroupOrgs', 'Organisations', 'Users' => ['fields' => ['id', 'username']]], 'contain' => ['SharingGroupOrgs', 'Organisations', 'Users' => ['fields' => ['id', 'username']]],
'afterFind' => function($data) use ($currentUser) { 'afterFind' => function($data) use ($currentUser) {
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$orgFound = false; $orgFound = false;
if (!empty($data['sharing_group_orgs'])) { if (!empty($data['sharing_group_orgs'])) {
foreach ($data['sharing_group_orgs'] as $org) { foreach ($data['sharing_group_orgs'] as $org) {
@ -104,7 +104,7 @@ class SharingGroupsController extends AppController
{ {
$params = []; $params = [];
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$params['conditions'] = ['organisation_id' => $currentUser['organisation_id']]; $params['conditions'] = ['organisation_id' => $currentUser['organisation_id']];
} }
$params['fields'] = ['name', 'releasability', 'description', 'active']; $params['fields'] = ['name', 'releasability', 'description', 'active'];
@ -124,7 +124,7 @@ class SharingGroupsController extends AppController
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$params = []; $params = [];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$params['conditions'] = ['organisation_id' => $currentUser['organisation_id']]; $params['conditions'] = ['organisation_id' => $currentUser['organisation_id']];
} }
$this->CRUD->delete($id, $params); $this->CRUD->delete($id, $params);
@ -140,7 +140,7 @@ class SharingGroupsController extends AppController
$sharingGroup = $this->SharingGroups->get($id, [ $sharingGroup = $this->SharingGroups->get($id, [
'contain' => 'SharingGroupOrgs' 'contain' => 'SharingGroupOrgs'
]); ]);
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
if ($sharingGroup['organisation_id'] !== $currentUser['organisation_id']) { if ($sharingGroup['organisation_id'] !== $currentUser['organisation_id']) {
$sharingGroup = null; $sharingGroup = null;
} }
@ -212,7 +212,7 @@ class SharingGroupsController extends AppController
$sharingGroup = $this->SharingGroups->get($id, [ $sharingGroup = $this->SharingGroups->get($id, [
'contain' => 'SharingGroupOrgs' 'contain' => 'SharingGroupOrgs'
]); ]);
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
if ($sharingGroup['organisation_id'] !== $currentUser['organisation_id']) { if ($sharingGroup['organisation_id'] !== $currentUser['organisation_id']) {
$sharingGroup = null; $sharingGroup = null;
} }
@ -278,7 +278,7 @@ class SharingGroupsController extends AppController
private function getAvailableOrgForSg($user) private function getAvailableOrgForSg($user)
{ {
$organisations = []; $organisations = [];
if (!empty($user['role']['perm_admin'])) { if (!empty($user['role']['perm_community_admin'])) {
$organisations = $this->SharingGroups->Organisations->find('list')->order(['name' => 'ASC'])->toArray(); $organisations = $this->SharingGroups->Organisations->find('list')->order(['name' => 'ASC'])->toArray();
} else { } else {
$organisations = $this->SharingGroups->Organisations->find('list', [ $organisations = $this->SharingGroups->Organisations->find('list', [

View File

@ -22,7 +22,7 @@ class UserSettingsController extends AppController
{ {
$conditions = []; $conditions = [];
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$conditions['user_id'] = $currentUser->id; $conditions['user_id'] = $currentUser->id;
} }
$this->CRUD->index([ $this->CRUD->index([
@ -39,7 +39,7 @@ class UserSettingsController extends AppController
$conditions = [ $conditions = [
'id' => $this->request->getQuery('Users_id') 'id' => $this->request->getQuery('Users_id')
]; ];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$conditions['organisation_id'] = $currentUser['organisation_id']; $conditions['organisation_id'] = $currentUser['organisation_id'];
} }
$settingsForUser = $this->UserSettings->Users->find()->where($conditions)->first(); $settingsForUser = $this->UserSettings->Users->find()->where($conditions)->first();
@ -76,7 +76,7 @@ class UserSettingsController extends AppController
if (!empty($existingSetting)) { if (!empty($existingSetting)) {
throw new MethodNotAllowedException(__('You cannot create a setting that already exists for the given user.')); throw new MethodNotAllowedException(__('You cannot create a setting that already exists for the given user.'));
} }
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$data['user_id'] = $currentUser->id; $data['user_id'] = $currentUser->id;
} }
return $data; return $data;
@ -87,7 +87,7 @@ class UserSettingsController extends AppController
return $responsePayload; return $responsePayload;
} }
$allUsers = $this->UserSettings->Users->find('list', ['keyField' => 'id', 'valueField' => 'username'])->order(['username' => 'ASC']); $allUsers = $this->UserSettings->Users->find('list', ['keyField' => 'id', 'valueField' => 'username'])->order(['username' => 'ASC']);
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$allUsers->where(['id' => $currentUser->id]); $allUsers->where(['id' => $currentUser->id]);
$user_id = $currentUser->id; $user_id = $currentUser->id;
} else if (!is_null($user_id)) { } else if (!is_null($user_id)) {
@ -109,7 +109,7 @@ class UserSettingsController extends AppController
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$validUsers = []; $validUsers = [];
$individual_ids = []; $individual_ids = [];
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
if ($currentUser['role']['perm_org_admin']) { if ($currentUser['role']['perm_org_admin']) {
$validUsers = $this->Users->find('list')->select(['id', 'username'])->order(['username' => 'asc'])->where(['organisation_id' => $currentUser['organisation']['id']])->all()->toArray(); $validUsers = $this->Users->find('list')->select(['id', 'username'])->order(['username' => 'asc'])->where(['organisation_id' => $currentUser['organisation']['id']])->all()->toArray();
} else { } else {
@ -272,7 +272,7 @@ class UserSettingsController extends AppController
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$isAllowed = false; $isAllowed = false;
if (!empty($currentUser['role']['perm_admin'])) { if (!empty($currentUser['role']['perm_community_admin'])) {
$isAllowed = true; $isAllowed = true;
} else { } else {
if (is_numeric($setting)) { if (is_numeric($setting)) {
@ -301,7 +301,7 @@ class UserSettingsController extends AppController
if (is_bool($user_id)) { if (is_bool($user_id)) {
return $currentUser; return $currentUser;
} }
if (!empty($currentUser['role']['perm_admin'])) { if (!empty($currentUser['role']['perm_community_admin'])) {
$user = $this->Users->get($user_id, [ $user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations'] 'contain' => ['Roles', 'Individuals' => 'Organisations']
]); ]);

View File

@ -28,7 +28,7 @@ class UsersController extends AppController
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$conditions = []; $conditions = [];
$validOrgIDsFOrEdition = []; $validOrgIDsFOrEdition = [];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$conditions['organisation_id IN'] = [$currentUser['organisation_id']]; $conditions['organisation_id IN'] = [$currentUser['organisation_id']];
if (!empty($currentUser['role']['perm_group_admin'])) { if (!empty($currentUser['role']['perm_group_admin'])) {
$this->loadModel('OrgGroups'); $this->loadModel('OrgGroups');
@ -66,7 +66,7 @@ class UsersController extends AppController
} }
$this->set( $this->set(
'validRoles', 'validRoles',
$this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray() $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_org_admin' => 0])->all()->toArray()
); );
$this->set('validOrgIDsFOrEdition', $validOrgIDsFOrEdition); $this->set('validOrgIDsFOrEdition', $validOrgIDsFOrEdition);
} }
@ -84,12 +84,12 @@ class UsersController extends AppController
'sort' => ['email' => 'asc'] 'sort' => ['email' => 'asc']
]; ];
$individual_ids = []; $individual_ids = [];
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
if ($currentUser['role']['perm_group_admin']) { if ($currentUser['role']['perm_group_admin']) {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray(); $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray(); $individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
} else { } else {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray(); $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
} }
if (empty($individual_ids)) { if (empty($individual_ids)) {
@ -116,7 +116,7 @@ class UsersController extends AppController
if (!isset($data['role_id']) && !empty($defaultRole)) { if (!isset($data['role_id']) && !empty($defaultRole)) {
$data['role_id'] = $defaultRole['id']; $data['role_id'] = $defaultRole['id'];
} }
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
$validOrgs = $this->Users->getValidOrgsForUser($currentUser); $validOrgs = $this->Users->getValidOrgsForUser($currentUser);
if ($currentUser['role']['perm_group_admin']) { if ($currentUser['role']['perm_group_admin']) {
if (!empty($data['organisation_id']) && !in_array($currentUser['organisation_id'], $validOrgs)) { if (!empty($data['organisation_id']) && !in_array($currentUser['organisation_id'], $validOrgs)) {
@ -136,7 +136,7 @@ class UsersController extends AppController
} }
$data['individual']['alignments'][] = ['type' => 'Member', 'organisation' => ['uuid' => $existingOrg['uuid']]]; $data['individual']['alignments'][] = ['type' => 'Member', 'organisation' => ['uuid' => $existingOrg['uuid']]];
$data['individual_id'] = $this->Users->Individuals->captureIndividual($data['individual'], true); $data['individual_id'] = $this->Users->Individuals->captureIndividual($data['individual'], true);
} else if (!$currentUser['role']['perm_admin'] && isset($data['individual_id'])) { } else if (!$currentUser['role']['perm_community_admin'] && isset($data['individual_id'])) {
if (!in_array($data['individual_id'], $individual_ids)) { if (!in_array($data['individual_id'], $individual_ids)) {
throw new MethodNotAllowedException(__('The selected individual is not aligned with your organisation. Creating a user for them is not permitted.')); throw new MethodNotAllowedException(__('The selected individual is not aligned with your organisation. Creating a user for them is not permitted.'));
} }
@ -177,7 +177,7 @@ class UsersController extends AppController
$alignments = array_map(function($value) { return array_values($value); }, $alignments); $alignments = array_map(function($value) { return array_values($value); }, $alignments);
*/ */
$org_conditions = []; $org_conditions = [];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$validOrgs = $this->Users->getValidOrgsForUser($currentUser); $validOrgs = $this->Users->getValidOrgsForUser($currentUser);
$org_conditions = ['id IN' => $validOrgs]; $org_conditions = ['id IN' => $validOrgs];
} }
@ -191,13 +191,13 @@ class UsersController extends AppController
]; ];
$this->set(compact('dropdownData')); $this->set(compact('dropdownData'));
$this->set('defaultRole', $defaultRole['id'] ?? null); $this->set('defaultRole', $defaultRole['id'] ?? null);
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
} }
public function view($id = false) public function view($id = false)
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) { if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_community_admin']))) {
$id = $this->ACL->getUser()['id']; $id = $this->ACL->getUser()['id'];
} }
$keycloakUsersParsed = null; $keycloakUsersParsed = null;
@ -213,7 +213,7 @@ class UsersController extends AppController
'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles', 'Organisations', 'OrgGroups'], 'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles', 'Organisations', 'OrgGroups'],
'afterFind' => function($data) use ($keycloakUsersParsed, $currentUser) { 'afterFind' => function($data) use ($keycloakUsersParsed, $currentUser) {
if ( if (
empty($currentUser['role']['perm_admin']) && empty($currentUser['role']['perm_community_admin']) &&
($currentUser['organisation_id'] != $data['organisation_id']) && ($currentUser['organisation_id'] != $data['organisation_id']) &&
(empty($currentUser['role']['perm_group_admin']) || !$this->ACL->canEditUser($currentUser, $data)) (empty($currentUser['role']['perm_group_admin']) || !$this->ACL->canEditUser($currentUser, $data))
) { ) {
@ -240,11 +240,13 @@ class UsersController extends AppController
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$validRoles = []; $validRoles = [];
if (!$currentUser['role']['perm_admin']) { $validOrgIds = [];
if (!$currentUser['role']['perm_community_admin']) {
if ($currentUser['role']['perm_group_admin']) { if ($currentUser['role']['perm_group_admin']) {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray(); $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
$validOrgIds = $this->Users->Organisations->OrgGroups->getGroupOrgIdsForUser($currentUser);
} else { } else {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray(); $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
} }
} else { } else {
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray(); $validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
@ -266,10 +268,10 @@ class UsersController extends AppController
]; ];
if ($this->request->is(['get'])) { if ($this->request->is(['get'])) {
$params['fields'] = array_merge($params['fields'], ['role_id', 'disabled']); $params['fields'] = array_merge($params['fields'], ['role_id', 'disabled']);
if (!empty($this->ACL->getUser()['role']['perm_admin'])) { if (!empty($this->ACL->getUser()['role']['perm_community_admin']) || !empty($this->ACL->getUser()['role']['perm_group_admin'])) {
$params['fields'][] = 'organisation_id'; $params['fields'][] = 'organisation_id';
} }
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
$params['afterFind'] = function ($user, &$params) use ($currentUser) { $params['afterFind'] = function ($user, &$params) use ($currentUser) {
if (!empty($user)) { // We don't have a 404 if (!empty($user)) { // We don't have a 404
if (!$this->ACL->canEditUser($currentUser, $user)) { if (!$this->ACL->canEditUser($currentUser, $user)) {
@ -288,14 +290,23 @@ class UsersController extends AppController
}; };
} }
} }
if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_admin'])) { if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_community_admin'])) {
$params['fields'][] = 'role_id'; $params['fields'][] = 'role_id';
$params['fields'][] = 'organisation_id'; $params['fields'][] = 'organisation_id';
$params['fields'][] = 'disabled'; $params['fields'][] = 'disabled';
} else if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_org_admin'])) { } else if (
$this->request->is(['post', 'put']) &&
(
!empty($this->ACL->getUser()['role']['perm_org_admin']) ||
!empty($this->ACL->getUser()['role']['perm_group_admin'])
)
) {
if (!empty($this->ACL->getUser()['role']['perm_group_admin'])) {
$params['fields'][] = 'organisation_id';
}
$params['fields'][] = 'role_id'; $params['fields'][] = 'role_id';
$params['fields'][] = 'disabled'; $params['fields'][] = 'disabled';
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
$params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) { $params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) {
if (!in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) { if (!in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) {
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.')); throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
@ -319,8 +330,11 @@ class UsersController extends AppController
return $responsePayload; return $responsePayload;
} }
$org_conditions = []; $org_conditions = [];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$org_conditions = ['id' => $currentUser['organisation_id']]; $org_conditions = ['id' => $currentUser['organisation_id']];
if (!empty($currentUser['role']['perm_group_admin'])) {
$org_conditions = ['id IN' => $validOrgIds];
}
} }
if ($this->ACL->getUser()['id'] == $id) { if ($this->ACL->getUser()['id'] == $id) {
$validRoles[$this->ACL->getUser()['role']['id']] = $this->ACL->getUser()['role']['name']; // include the current role of the user $validRoles[$this->ACL->getUser()['role']['id']] = $this->ACL->getUser()['role']['name']; // include the current role of the user
@ -344,7 +358,7 @@ class UsersController extends AppController
'contain' => 'Roles' 'contain' => 'Roles'
]; ];
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
$params['afterFind'] = function ($user, &$params) use ($currentUser) { $params['afterFind'] = function ($user, &$params) use ($currentUser) {
if (!$this->ACL->canEditUser($currentUser, $user)) { if (!$this->ACL->canEditUser($currentUser, $user)) {
throw new MethodNotAllowedException(__('You cannot edit the given user.')); throw new MethodNotAllowedException(__('You cannot edit the given user.'));
@ -363,7 +377,7 @@ class UsersController extends AppController
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$validRoles = []; $validRoles = [];
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray(); $validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
} }
$params = [ $params = [
@ -374,7 +388,7 @@ class UsersController extends AppController
if (!$this->ACL->canEditUser($currentUser, $data)) { if (!$this->ACL->canEditUser($currentUser, $data)) {
throw new MethodNotAllowedException(__('You cannot edit the given user.')); throw new MethodNotAllowedException(__('You cannot edit the given user.'));
} }
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_community_admin']) {
if ($data['organisation_id'] !== $currentUser['organisation_id']) { if ($data['organisation_id'] !== $currentUser['organisation_id']) {
throw new MethodNotAllowedException(__('You do not have permission to delete the given user.')); throw new MethodNotAllowedException(__('You do not have permission to delete the given user.'));
} }
@ -395,7 +409,7 @@ class UsersController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
} }
public function login() public function login()
@ -469,7 +483,7 @@ class UsersController extends AppController
{ {
$editingAnotherUser = false; $editingAnotherUser = false;
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
if ((empty($currentUser['role']['perm_admin']) && empty($currentUser['role']['perm_group_admin'])) || $user_id == $currentUser->id) { if ((empty($currentUser['role']['perm_community_admin']) && empty($currentUser['role']['perm_group_admin'])) || $user_id == $currentUser->id) {
$user = $currentUser; $user = $currentUser;
} else { } else {
$user = $this->Users->get($user_id, [ $user = $this->Users->get($user_id, [

View File

@ -75,7 +75,7 @@ class NotifyAdminsBehavior extends Behavior
$loggedUser = Configure::read('loggedUser'); $loggedUser = Configure::read('loggedUser');
if ( if (
empty(Configure::read('inbox.data_change_notify_for_all', false)) && empty(Configure::read('inbox.data_change_notify_for_all', false)) &&
(empty($loggedUser) || !empty($loggedUser['role']['perm_admin']) || !empty($loggedUser['role']['perm_sync'])) (empty($loggedUser) || !empty($loggedUser['role']['perm_admin']) || !empty($loggedUser['role']['perm_sync']) || !empty(empty($loggedUser['role']['perm_community_admin'])))
) { ) {
return false; return false;
} }

View File

@ -164,7 +164,7 @@ class EncryptionKeysTable extends AppTable
if ($entity['owner_model'] !== 'organisation') { if ($entity['owner_model'] !== 'organisation') {
return false; return false;
} }
if (!empty($user['role']['perm_admin'])) { if (!empty($user['role']['perm_community_admin'])) {
return true; return true;
} }
if ( if (
@ -181,7 +181,7 @@ class EncryptionKeysTable extends AppTable
if ($entity['owner_model'] !== 'individual') { if ($entity['owner_model'] !== 'individual') {
return false; return false;
} }
if (!empty($user['role']['perm_admin'])) { if (!empty($user['role']['perm_community_admin'])) {
return true; return true;
} }
if ($user['role']['perm_org_admin']) { if ($user['role']['perm_org_admin']) {

View File

@ -77,7 +77,7 @@ class InboxTable extends AppTable
{ {
$this->Users = \Cake\ORM\TableRegistry::getTableLocator()->get('Users'); $this->Users = \Cake\ORM\TableRegistry::getTableLocator()->get('Users');
$conditions = []; $conditions = [];
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_community_admin'])) {
$conditions['organisation_id IN'] = [$currentUser['organisation_id']]; $conditions['organisation_id IN'] = [$currentUser['organisation_id']];
} }
$users = $this->Users->find()->where($conditions)->all()->extract('username')->toList(); $users = $this->Users->find()->where($conditions)->all()->extract('username')->toList();

View File

@ -126,28 +126,44 @@ class IndividualsTable extends AppTable
public function getValidIndividualsToEdit(object $currentUser): array public function getValidIndividualsToEdit(object $currentUser): array
{ {
$isSiteAdmin = $currentUser['role']['perm_admin']; $isSiteAdmin = $currentUser['role']['perm_admin'];
$isCommunityAdmin = $currentUser['role']['perm_community_admin'];
$isGroupAdmin = $currentUser['role']['perm_group_admin']; $isGroupAdmin = $currentUser['role']['perm_group_admin'];
$validRoles = $this->Users->Roles->find('list')->select(['id']); $validRoles = $this->Users->Roles->find('list')->select(['id']);
if (!$isSiteAdmin) { if (!$isSiteAdmin) {
$validRoles->where(['perm_admin' => 0]); $validRoles->where(['perm_community_admin' => 0]);
} }
$validRoles = $validRoles->all()->toArray(); $validRoles = $validRoles->all()->toArray();
$conditions = [ $conditions = [
'disabled' => 0 'disabled' => 0
]; ];
if (!$isSiteAdmin) { if (!$isCommunityAdmin) {
$conditions['OR'] = [ $conditions['OR'] = [
['role_id IN' => array_keys($validRoles)], ['role_id IN' => array_keys($validRoles)],
['id' => $currentUser['id']] ['id' => $currentUser['id']]
]; ];
if ($isGroupAdmin) { if ($isGroupAdmin) {
$OrgGroups = \Cake\ORM\TableRegistry::getTableLocator()->get('OrgGroups'); $OrgGroups = \Cake\ORM\TableRegistry::getTableLocator()->get('OrgGroups');
$conditions['organisation_id IN'] = $OrgGroups->getGroupOrgIdsForUser($currentUser); $orgGroupIds = $OrgGroups->getGroupOrgIdsForUser($currentUser);
$conditions['organisation_id IN'] = $orgGroupIds;
} else { } else {
$conditions['organisation_id'] = $currentUser['organisation_id']; $conditions['organisation_id'] = $currentUser['organisation_id'];
} }
} }
$validIndividualIds = $this->Users->find()->select(['individual_id'])->where($conditions)->all()->extract('individual_id')->toArray(); $validIndividualIds = $this->Users->find()->select(['individual_id'])->where($conditions)->all()->extract('individual_id')->toArray();
if (!$isCommunityAdmin) {
$conditions = [];
if ($isGroupAdmin) {
$conditions = ['organisation_id IN' => $orgGroupIds];
} else {
$conditions['organisation_id'] = $currentUser['organisation_id'];
}
$alignmentBasedIndividualIds = $this->Alignments->find('list', [
'keyField' => 'id',
'valueField' => 'individual_id'
])->where($conditions)->all()->toList();
$validIndividualIds = array_merge($validIndividualIds, $alignmentBasedIndividualIds);
$validIndividualIds = array_unique($validIndividualIds);
}
return $validIndividualIds; return $validIndividualIds;
} }

View File

@ -38,7 +38,7 @@ class InstanceTable extends AppTable
'conditions' => false, 'conditions' => false,
'afterFind' => function($result, $user) { 'afterFind' => function($result, $user) {
foreach ($result as $i => $row) { foreach ($result as $i => $row) {
if (empty($user['role']['perm_admin'])) { if (empty($user['role']['perm_community_admin'])) {
$orgFound = false; $orgFound = false;
if (!empty($row['sharing_group_orgs'])) { if (!empty($row['sharing_group_orgs'])) {
foreach ($row['sharing_group_orgs'] as $org) { foreach ($row['sharing_group_orgs'] as $org) {
@ -58,7 +58,7 @@ class InstanceTable extends AppTable
'Users' => [ 'Users' => [
'conditions' => function($user) { 'conditions' => function($user) {
$conditions = []; $conditions = [];
if (empty($user['role']['perm_admin'])) { if (empty($user['role']['perm_community_admin'])) {
$conditions['Users.organisation_id'] = $user['organisation_id']; $conditions['Users.organisation_id'] = $user['organisation_id'];
} }
return $conditions; return $conditions;
@ -264,8 +264,10 @@ class InstanceTable extends AppTable
$broods = ''; $broods = '';
$edges = ''; $edges = '';
// pre-run the loop to get the latest version // pre-run the loop to get the latest version
foreach ($data['broods'] as $brood) { foreach ($data['broods'] as $k => $brood) {
if ($brood['status']['code'] === 200) { if (!isset($brood['status']['code'])) {
$data['broods'][$k]['status']['code'] = 495 . ' - SSL error';
} else if ($brood['status']['code'] === 200) {
if (version_compare($brood['status']['response']['version'], $newest) > 0) { if (version_compare($brood['status']['response']['version'], $newest) > 0) {
$newest = $brood['status']['response']['version']; $newest = $brood['status']['response']['version'];
} }

View File

@ -38,7 +38,7 @@ class OrgGroupsTable extends AppTable
public function checkIfGroupAdmin(int $groupId, User $user): bool public function checkIfGroupAdmin(int $groupId, User $user): bool
{ {
if (!empty($user['role']['perm_admin'])) { if (!empty($user['role']['perm_community_admin'])) {
return true; return true;
} }
$orgGroup = $this->get($groupId, ['contain' => 'Users']); $orgGroup = $this->get($groupId, ['contain' => 'Users']);

View File

@ -87,7 +87,7 @@ class OrganisationsTable extends AppTable
public function getEditableOrganisationsForUser($user): array public function getEditableOrganisationsForUser($user): array
{ {
$query = $this->find(); $query = $this->find();
if (empty($user['role']['perm_admin'])) { if (empty($user['role']['perm_community_admin'])) {
if (!empty($user['role']['perm_org_admin'])) { if (!empty($user['role']['perm_org_admin'])) {
$query->where(['Organisations.id' => $user['organisation']['id']]); $query->where(['Organisations.id' => $user['organisation']['id']]);
} else { } else {

View File

@ -111,7 +111,6 @@ class UsersTable extends AppTable
} }
} }
} }
if (!$enabled && !empty($entity->_metafields_to_delete)) { if (!$enabled && !empty($entity->_metafields_to_delete)) {
foreach ($entity->_metafields_to_delete as $metaFieldToDelete) { foreach ($entity->_metafields_to_delete as $metaFieldToDelete) {
if ($metaFieldToDelete['field'] === $permission_name) { if ($metaFieldToDelete['field'] === $permission_name) {
@ -120,7 +119,7 @@ class UsersTable extends AppTable
} }
} }
if ($valueToCompareTo > $permission_data['limit']) { if ($enabled && $valueToCompareTo > $permission_data['limit']) {
return [ return [
$permission_name => $permission_name =>
__( __(
@ -202,7 +201,7 @@ class UsersTable extends AppTable
foreach ($permissionRestrictionCheck as $permission_name => $errors) { foreach ($permissionRestrictionCheck as $permission_name => $errors) {
foreach ($entity->meta_fields as $i => $metaField) { foreach ($entity->meta_fields as $i => $metaField) {
if ($metaField['field'] === $permission_name) { if ($metaField['field'] === $permission_name) {
$entity->meta_fields[$i]->setErrors(['value' => $errors]); $entity->setErrors(['meta_fields' => [$permission_name => $errors]]);
} }
} }
} }
@ -220,6 +219,7 @@ class UsersTable extends AppTable
$role = $this->Roles->newEntity([ $role = $this->Roles->newEntity([
'name' => 'admin', 'name' => 'admin',
'perm_admin' => 1, 'perm_admin' => 1,
'perm_community_admin' => 1,
'perm_org_admin' => 1, 'perm_org_admin' => 1,
'perm_sync' => 1 'perm_sync' => 1
]); ]);

View File

@ -1,6 +1,6 @@
<?php <?php
$topbarChildren = []; $topbarChildren = [];
if (!empty($loggedUser->role->perm_admin)) { if (!empty($loggedUser->role->perm_community_admin)) {
$topbarChildren[] = [ $topbarChildren[] = [
'type' => 'simple', 'type' => 'simple',
'children' => [ 'children' => [
@ -81,13 +81,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
'open_modal' => '/enumerationCollections/edit/[onclick_params_data_path]', 'open_modal' => '/enumerationCollections/edit/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'edit', 'icon' => 'edit',
'requirement' => !empty($loggedUser['role']['perm_admin']) 'requirement' => !empty($loggedUser['role']['perm_community_admin'])
], ],
[ [
'open_modal' => '/enumerationCollections/delete/[onclick_params_data_path]', 'open_modal' => '/enumerationCollections/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'trash', 'icon' => 'trash',
'requirement' => !empty($loggedUser['role']['perm_admin']) 'requirement' => !empty($loggedUser['role']['perm_community_admin'])
], ],
] ]
] ]

View File

@ -34,7 +34,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
'open_modal' => '/enumerations/delete/[onclick_params_data_path]', 'open_modal' => '/enumerations/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'trash', 'icon' => 'trash',
'requirement' => !empty($loggedUser['role']['perm_admin']) 'requirement' => !empty($loggedUser['role']['perm_community_admin'])
], ],
] ]
] ]

View File

@ -24,7 +24,7 @@
array( array(
'field' => 'tag_list', 'field' => 'tag_list',
'type' => 'tags', 'type' => 'tags',
'requirements' => ($this->request->getParam('action') === 'edit' && $loggedUser['role']['perm_admin']) 'requirements' => ($this->request->getParam('action') === 'edit' && $loggedUser['role']['perm_community_admin'])
), ),
), ),
'submit' => array( 'submit' => array(

View File

@ -91,7 +91,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
'icon' => 'edit', 'icon' => 'edit',
'complex_requirement' => [ 'complex_requirement' => [
'function' => function ($row, $options) use ($loggedUser, $editableIds) { 'function' => function ($row, $options) use ($loggedUser, $editableIds) {
if ($loggedUser['role']['perm_admin'] || ($editableIds && in_array($row['id'], $editableIds))) { if ($loggedUser['role']['perm_community_admin'] || ($editableIds && in_array($row['id'], $editableIds))) {
return true; return true;
} }
return false; return false;
@ -107,7 +107,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
if (!empty($row['user'])) { // cannot delete individuals with associated user(s) if (!empty($row['user'])) { // cannot delete individuals with associated user(s)
return false; return false;
} }
return (bool)$loggedUser['role']['perm_admin']; return (bool)$loggedUser['role']['perm_community_admin'];
} }
] ]
], ],

View File

@ -12,7 +12,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
'text' => __('Add group'), 'text' => __('Add group'),
'class' => 'btn btn-primary', 'class' => 'btn btn-primary',
'popover_url' => '/orgGroups/add', 'popover_url' => '/orgGroups/add',
'requirement' => !empty($loggedUser['role']['perm_admin']), 'requirement' => !empty($loggedUser['role']['perm_community_admin']),
] ]
] ]
], ],
@ -73,13 +73,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
'open_modal' => '/orgGroups/edit/[onclick_params_data_path]', 'open_modal' => '/orgGroups/edit/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'edit', 'icon' => 'edit',
'requirement' => $loggedUser['role']['perm_admin'] 'requirement' => $loggedUser['role']['perm_community_admin']
], ],
[ [
'open_modal' => '/orgGroups/delete/[onclick_params_data_path]', 'open_modal' => '/orgGroups/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'trash', 'icon' => 'trash',
'requirement' => $loggedUser['role']['perm_admin'] 'requirement' => $loggedUser['role']['perm_community_admin']
], ],
] ]
] ]

View File

@ -12,7 +12,7 @@
'label' => 'UUID', 'label' => 'UUID',
'type' => 'uuid', 'type' => 'uuid',
'tooltip' => __('If the Organisation already has a known UUID in another application such as MISP or another Cerebrate, please re-use this one.'), 'tooltip' => __('If the Organisation already has a known UUID in another application such as MISP or another Cerebrate, please re-use this one.'),
'requirements' => $loggedUser['role']['perm_admin'] 'requirements' => $loggedUser['role']['perm_community_admin']
), ),
array( array(
'field' => 'url' 'field' => 'url'

View File

@ -12,7 +12,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
'text' => __('Add organisation'), 'text' => __('Add organisation'),
'class' => 'btn btn-primary', 'class' => 'btn btn-primary',
'popover_url' => '/organisations/add', 'popover_url' => '/organisations/add',
'requirement' => !empty($loggedUser['role']['perm_admin']), 'requirement' => !empty($loggedUser['role']['perm_community_admin']),
] ]
] ]
], ],
@ -110,7 +110,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
'icon' => 'edit', 'icon' => 'edit',
'complex_requirement' => [ 'complex_requirement' => [
'function' => function ($row, $options) use ($loggedUser, $validOrgs) { 'function' => function ($row, $options) use ($loggedUser, $validOrgs) {
if ($loggedUser['role']['perm_admin'] || ($loggedUser['role']['perm_org_admin'] && $row['id'] == $loggedUser['organisation']['id'])) { if ($loggedUser['role']['perm_community_admin'] || ($loggedUser['role']['perm_org_admin'] && $row['id'] == $loggedUser['organisation']['id'])) {
return true; return true;
} }
if ($loggedUser['role']['perm_group_admin'] && in_array($row['id'], $validOrgs)) { if ($loggedUser['role']['perm_group_admin'] && in_array($row['id'], $validOrgs)) {
@ -124,7 +124,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
'open_modal' => '/organisations/delete/[onclick_params_data_path]', 'open_modal' => '/organisations/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'trash', 'icon' => 'trash',
'requirement' => $loggedUser['role']['perm_admin'] 'requirement' => $loggedUser['role']['perm_community_admin']
], ],
] ]
] ]

View File

@ -10,7 +10,12 @@
[ [
'field' => 'perm_admin', 'field' => 'perm_admin',
'type' => 'checkbox', 'type' => 'checkbox',
'label' => 'Full admin privilege' 'label' => 'Site admin privilege (instance management)'
],
[
'field' => 'perm_community',
'type' => 'checkbox',
'label' => 'Community admin privilege (data admin)'
], ],
[ [
'field' => 'perm_group_admin', 'field' => 'perm_group_admin',

View File

@ -1,6 +1,6 @@
<?php <?php
$topbarChildren = []; $topbarChildren = [];
if (!empty($loggedUser->role->perm_admin)) { if (!empty($loggedUser->role->perm_community_admin)) {
$topbarChildren[] = [ $topbarChildren[] = [
'type' => 'simple', 'type' => 'simple',
'children' => [ 'children' => [
@ -45,11 +45,17 @@ echo $this->element('genericElements/IndexTable/index_table', [
'placeholder' => __('Leave empty to auto generate') 'placeholder' => __('Leave empty to auto generate')
], ],
[ [
'name' => __('Admin'), 'name' => __('Site Admin'),
'sort' => 'perm_admin', 'sort' => 'perm_admin',
'data_path' => 'perm_admin', 'data_path' => 'perm_admin',
'element' => 'boolean' 'element' => 'boolean'
], ],
[
'name' => __('Community Admin'),
'sort' => 'perm_community_admin',
'data_path' => 'perm_community_admin',
'element' => 'boolean'
],
[ [
'name' => __('Group Admin'), 'name' => __('Group Admin'),
'sort' => 'perm_group_admin', 'sort' => 'perm_group_admin',
@ -89,13 +95,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
'open_modal' => '/roles/edit/[onclick_params_data_path]', 'open_modal' => '/roles/edit/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'edit', 'icon' => 'edit',
'requirement' => !empty($loggedUser['role']['perm_admin']) 'requirement' => !empty($loggedUser['role']['perm_community_admin'])
], ],
[ [
'open_modal' => '/roles/delete/[onclick_params_data_path]', 'open_modal' => '/roles/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'trash', 'icon' => 'trash',
'requirement' => !empty($loggedUser['role']['perm_admin']) 'requirement' => !empty($loggedUser['role']['perm_community_admin'])
], ],
] ]
] ]

View File

@ -13,10 +13,15 @@ echo $this->element(
'path' => 'name' 'path' => 'name'
], ],
[ [
'key' => __('Admin permission'), 'key' => __('Site admin permission (instance management)'),
'path' => 'perm_admin', 'path' => 'perm_admin',
'type' => 'boolean' 'type' => 'boolean'
], ],
[
'key' => __('Community admin permission (data admin)'),
'path' => 'perm_community_admin',
'type' => 'boolean'
],
[ [
'key' => __('Organisation Group admin permission'), 'key' => __('Organisation Group admin permission'),
'path' => 'perm_group_admin', 'path' => 'perm_group_admin',