fix: [alignments] rules relaxed, fixes #164

- site admins can add alignments to anyone
- org admins can add alignments for their own org members
- group admins can add alignments for any of their managed orgs' members
perm_community_admin
iglocska 2024-06-07 14:40:38 +02:00
parent eabd56210a
commit 8098e5b4f4
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 23 additions and 11 deletions

View File

@ -125,17 +125,29 @@ class IndividualsTable extends AppTable
public function getValidIndividualsToEdit(object $currentUser): array
{
$validRoles = $this->Users->Roles->find('list')->select(['id'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
$validIndividualIds = $this->Users->find()->select(['individual_id'])->where(
[
'organisation_id' => $currentUser['organisation_id'],
'disabled' => 0,
'OR' => [
$isSiteAdmin = $currentUser['role']['perm_admin'];
$isGroupAdmin = $currentUser['role']['perm_group_admin'];
$validRoles = $this->Users->Roles->find('list')->select(['id']);
if (!$isSiteAdmin) {
$validRoles->where(['perm_admin' => 0]);
}
$validRoles = $validRoles->all()->toArray();
$conditions = [
'disabled' => 0
];
if (!$isSiteAdmin) {
$conditions['OR'] = [
['role_id IN' => array_keys($validRoles)],
['id' => $currentUser['id']],
]
]
)->all()->extract('individual_id')->toArray();
['id' => $currentUser['id']]
];
if ($isGroupAdmin) {
$OrgGroups = \Cake\ORM\TableRegistry::getTableLocator()->get('OrgGroups');
$conditions['organisation_id IN'] = $OrgGroups->getGroupOrgIdsForUser($currentUser);
} else {
$conditions['organisation_id'] = $currentUser['organisation_id'];
}
}
$validIndividualIds = $this->Users->find()->select(['individual_id'])->where($conditions)->all()->extract('individual_id')->toArray();
return $validIndividualIds;
}