Merge branch 'develop'

pull/123/head
iglocska 2023-01-03 15:47:59 +01:00
commit 7678fe1b9b
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
7 changed files with 63 additions and 23 deletions

View File

@ -7,6 +7,7 @@ use Cake\Http\Exception\UnauthorizedException;
use Cake\Http\Exception\MethodNotAllowedException;
use Cake\Core\Configure;
use Cake\Utility\Security;
use Cake\Http\Exception\NotFoundException;
class UsersController extends AppController
{
@ -93,7 +94,7 @@ class UsersController extends AppController
throw new MethodNotAllowedException(__('No valid organisation found. Either encode the organisation separately or select a valid one.'));
}
$data['individual']['alignments'][] = ['type' => 'Member', 'organisation' => ['uuid' => $existingOrg['uuid']]];
$data['individual_id'] = $this->Users->Individuals->captureIndividual($data['individual']);
$data['individual_id'] = $this->Users->Individuals->captureIndividual($data['individual'], true);
} else if (!$currentUser['role']['perm_admin'] && isset($data['individual_id'])) {
if (!in_array($data['individual_id'], $individual_ids)) {
throw new MethodNotAllowedException(__('The selected individual is not aligned with your organisation. Creating a user for them is not permitted.'));
@ -157,7 +158,10 @@ class UsersController extends AppController
}
$this->CRUD->view($id, [
'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles', 'Organisations'],
'afterFind' => function($data) use ($keycloakUsersParsed) {
'afterFind' => function($data) use ($keycloakUsersParsed, $currentUser) {
if (empty($currentUser['role']['perm_admin']) && $currentUser['organisation_id'] != $data['organisation_id']) {
throw new NotFoundException(__('Invalid User.'));
}
$data = $this->fetchTable('PermissionLimitations')->attachLimitations($data);
if (!empty(Configure::read('keycloak.enabled'))) {
$keycloakUser = $keycloakUsersParsed[$data->username] ?? [];
@ -184,11 +188,6 @@ class UsersController extends AppController
$individual_ids = [];
if (!$currentUser['role']['perm_admin']) {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
if (empty($individual_ids)) {
$individual_ids = [-1];
}
$individuals_params['conditions'] = ['id IN' => $individual_ids];
} else {
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
}
@ -208,7 +207,7 @@ class UsersController extends AppController
'contain' => ['Roles', ],
];
if ($this->request->is(['get'])) {
$params['fields'] = array_merge($params['fields'], ['individual_id', 'role_id', 'disabled']);
$params['fields'] = array_merge($params['fields'], ['role_id', 'disabled']);
if (!empty($this->ACL->getUser()['role']['perm_admin'])) {
$params['fields'][] = 'organisation_id';
}
@ -224,7 +223,6 @@ class UsersController extends AppController
}
}
if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_admin'])) {
$params['fields'][] = 'individual_id';
$params['fields'][] = 'role_id';
$params['fields'][] = 'organisation_id';
$params['fields'][] = 'disabled';
@ -254,22 +252,12 @@ class UsersController extends AppController
if (!empty($responsePayload)) {
return $responsePayload;
}
$dropdownData = [
'role' => $validRoles,
'individual' => $this->Users->Individuals->find('list', [
'sort' => ['email' => 'asc']
]),
'organisation' => $this->Users->Organisations->find('list', [
'sort' => ['name' => 'asc']
])
];
$org_conditions = [];
if (empty($currentUser['role']['perm_admin'])) {
$org_conditions = ['id' => $currentUser['organisation_id']];
}
$dropdownData = [
'role' => $validRoles,
'individual' => $this->Users->Individuals->find('list', $individuals_params)->toArray(),
'organisation' => $this->Users->Organisations->find('list', [
'sort' => ['name' => 'asc'],
'conditions' => $org_conditions
@ -396,6 +384,7 @@ class UsersController extends AppController
if (Configure::read('keycloak.enabled')) {
$this->redirect($this->Users->keyCloaklogout());
}
$this->request->getSession()->destroy();
return $this->redirect(\Cake\Routing\Router::url('/users/login'));
}
}

View File

@ -455,7 +455,17 @@ class AuthKeycloakBehavior extends Behavior
$user['meta_fields'] = $temp;
$differences = [];
$keycloakUser = $keycloakUsersParsed[$username] ?? [];
if (empty($keycloakUser)) {
$requireUpdate = true;
$differences = [
'user' => [
'keycloak' => 'USER NOT FOUND',
'cerebrate' => $user['username']
]
];
} else {
$requireUpdate = $this->checkKeycloakUserRequiresUpdate($keycloakUser, $user, $differences);
}
$status[$user['id']] = [
'require_update' => $requireUpdate,
'differences' => $differences,

View File

@ -6,6 +6,8 @@ use App\Model\Table\AppTable;
use Cake\ORM\Table;
use Cake\Validation\Validator;
use Cake\ORM\Query;
use Cake\ORM\RulesChecker;
use Cake\Core\Configure;
class IndividualsTable extends AppTable
@ -46,6 +48,12 @@ class IndividualsTable extends AppTable
$this->setDisplayField('email');
}
public function buildRules(RulesChecker $rules): RulesChecker
{
$rules->add($rules->isUnique(['email']));
return $rules;
}
public function validationDefault(Validator $validator): Validator
{
$validator
@ -54,7 +62,7 @@ class IndividualsTable extends AppTable
return $validator;
}
public function captureIndividual($individual): ?int
public function captureIndividual($individual, $skipUpdate = false): ?int
{
if (!empty($individual['uuid'])) {
$existingIndividual = $this->find()->where([
@ -71,6 +79,9 @@ class IndividualsTable extends AppTable
'accessibleFields' => $entityToSave->getAccessibleFieldForNew()
]);
} else {
if ($skipUpdate) {
return $existingIndividual->id;
}
$this->patchEntity($existingIndividual, $individual);
$entityToSave = $existingIndividual;
}

View File

@ -328,6 +328,24 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
],
]
],
'Users' => [
'Users' => [
'Settings' => [
'user.multiple-users-per-individual' => [
'name' => __('Multiple users per individual'),
'type' => 'boolean',
'description' => __('Allow for multiple user accounts to be assigned to a single user account. This setting will automatically be restricted when using KeyCloak.'),
'default' => false
],
'user.username-must-be-email' => [
'name' => __('Usernames must be e-mail addresses'),
'type' => 'boolean',
'description' => __('This setting will enforce that usernames conform to basic requirements of e-mail addresses.'),
'default' => false
]
]
]
]
/*
'Features' => [
'Demo Settings' => [

View File

@ -175,11 +175,22 @@ class UsersTable extends AppTable
])
->requirePresence(['username'], 'create')
->notEmptyString('username', __('Please fill this field'), 'create');
if (Configure::read('user.username-must-be-email')) {
$validator->add('username', 'valid_email', [
'rule' => 'email',
'message' => 'Username has to be a valid e-mail address.'
]);
}
return $validator;
}
public function buildRules(RulesChecker $rules): RulesChecker
{
$rules->add($rules->isUnique(['username']));
$allowDuplicateIndividuals = false;
if (empty(Configure::read('user.multiple-users-per-individual')) || !empty(Configure::read('keycloak.enabled'))) {
$rules->add($rules->isUnique(['individual_id']));
}
return $rules;
}

View File

@ -1,4 +1,4 @@
{
"version": "1.9",
"version": "1.10",
"application": "Cerebrate"
}

View File

@ -20,7 +20,8 @@
'field' => 'individual_id',
'type' => 'dropdown',
'label' => __('Associated individual'),
'options' => $dropdownData['individual']
'options' => isset($dropdownData['individual']) ? $dropdownData['individual'] : [],
'conditions' => $this->request->getParam('action') === 'add'
],
[
'field' => 'individual.email',