fix: [alignments] rules relaxed, fixes #164
- site admins can add alignments to anyone - org admins can add alignments for their own org members - group admins can add alignments for any of their managed orgs' membersperm_community_admin
parent
eabd56210a
commit
8098e5b4f4
|
@ -125,17 +125,29 @@ class IndividualsTable extends AppTable
|
|||
|
||||
public function getValidIndividualsToEdit(object $currentUser): array
|
||||
{
|
||||
$validRoles = $this->Users->Roles->find('list')->select(['id'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
|
||||
$validIndividualIds = $this->Users->find()->select(['individual_id'])->where(
|
||||
[
|
||||
'organisation_id' => $currentUser['organisation_id'],
|
||||
'disabled' => 0,
|
||||
'OR' => [
|
||||
['role_id IN' => array_keys($validRoles)],
|
||||
['id' => $currentUser['id']],
|
||||
]
|
||||
]
|
||||
)->all()->extract('individual_id')->toArray();
|
||||
$isSiteAdmin = $currentUser['role']['perm_admin'];
|
||||
$isGroupAdmin = $currentUser['role']['perm_group_admin'];
|
||||
$validRoles = $this->Users->Roles->find('list')->select(['id']);
|
||||
if (!$isSiteAdmin) {
|
||||
$validRoles->where(['perm_admin' => 0]);
|
||||
}
|
||||
$validRoles = $validRoles->all()->toArray();
|
||||
$conditions = [
|
||||
'disabled' => 0
|
||||
];
|
||||
if (!$isSiteAdmin) {
|
||||
$conditions['OR'] = [
|
||||
['role_id IN' => array_keys($validRoles)],
|
||||
['id' => $currentUser['id']]
|
||||
];
|
||||
if ($isGroupAdmin) {
|
||||
$OrgGroups = \Cake\ORM\TableRegistry::getTableLocator()->get('OrgGroups');
|
||||
$conditions['organisation_id IN'] = $OrgGroups->getGroupOrgIdsForUser($currentUser);
|
||||
} else {
|
||||
$conditions['organisation_id'] = $currentUser['organisation_id'];
|
||||
}
|
||||
}
|
||||
$validIndividualIds = $this->Users->find()->select(['individual_id'])->where($conditions)->all()->extract('individual_id')->toArray();
|
||||
return $validIndividualIds;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue