new: [users] several changes
- make usernames immutable - restrict user creation to aligned individuals (org admin only) - optionally create individual while creating a userpull/92/head
iglocska
parent
b67c221476
commit
828946a97f
|
|
@ -44,15 +44,23 @@ class UsersController extends AppController
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$validRoles = [];
|
$validRoles = [];
|
||||||
|
$individuals_params = [
|
||||||
|
'sort' => ['email' => 'asc']
|
||||||
|
];
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_admin']) {
|
||||||
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0])->all()->toArray();
|
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0])->all()->toArray();
|
||||||
|
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
|
||||||
|
if (empty($individual_ids)) {
|
||||||
|
$individual_ids = [-1];
|
||||||
|
}
|
||||||
|
$individuals_params['conditions'] = ['id IN' => $individual_ids];
|
||||||
} else {
|
} else {
|
||||||
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
|
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
|
||||||
}
|
}
|
||||||
$defaultRole = $this->Users->Roles->find()->select(['id'])->first()->toArray();
|
$defaultRole = $this->Users->Roles->find()->select(['id'])->first()->toArray();
|
||||||
|
$individuals = $this->Users->Individuals->find('list', $individuals_params)->toArray();
|
||||||
$this->CRUD->add([
|
$this->CRUD->add([
|
||||||
'beforeSave' => function($data) use ($currentUser, $validRoles, $defaultRole) {
|
'beforeSave' => function($data) use ($currentUser, $validRoles, $defaultRole, $individual_ids) {
|
||||||
if (!isset($data['role_id']) && !empty($defaultRole)) {
|
if (!isset($data['role_id']) && !empty($defaultRole)) {
|
||||||
$data['role_id'] = $defaultRole['id'];
|
$data['role_id'] = $defaultRole['id'];
|
||||||
}
|
}
|
||||||
|
|
@ -62,6 +70,21 @@ class UsersController extends AppController
|
||||||
throw new MethodNotAllowedException(__('You do not have permission to assign that role.'));
|
throw new MethodNotAllowedException(__('You do not have permission to assign that role.'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if ((!isset($data['individual_id']) || $data['individual_id'] === 'new') && !empty($data['individual'])) {
|
||||||
|
$existingOrg = $this->Users->Organisations->find('all')->where(['id' => $data['organisation_id']])->select(['uuid'])->first();
|
||||||
|
if (empty($existingOrg)) {
|
||||||
|
throw new MethodNotAllowedException(__('No valid organisation found. Either encode the organisation separately or select a valid one.'));
|
||||||
|
}
|
||||||
|
$data['individual']['alignments'][] = ['type' => 'Member', 'organisation' => ['uuid' => $existingOrg['uuid']]];
|
||||||
|
$data['individual_id'] = $this->Users->Individuals->captureIndividual($data['individual']);
|
||||||
|
} else if (!$currentUser['role']['perm_admin'] && isset($data['individual_id'])) {
|
||||||
|
if (!in_array($data['individual_id'], $individual_ids)) {
|
||||||
|
throw new MethodNotAllowedException(__('The selected individual is not aligned with your organisation. Creating a user for them is not permitted.'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (empty($data['individual_id'])) {
|
||||||
|
throw new MethodNotAllowedException(__('No valid individual found. Either supply it in the request or set the individual_id to a valid value.'));
|
||||||
|
}
|
||||||
$this->Users->enrollUserRouter($data);
|
$this->Users->enrollUserRouter($data);
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
@ -84,9 +107,7 @@ class UsersController extends AppController
|
||||||
}
|
}
|
||||||
$dropdownData = [
|
$dropdownData = [
|
||||||
'role' => $validRoles,
|
'role' => $validRoles,
|
||||||
'individual' => $this->Users->Individuals->find('list', [
|
'individual' => $individuals,
|
||||||
'sort' => ['email' => 'asc']
|
|
||||||
]),
|
|
||||||
'organisation' => $this->Users->Organisations->find('list', [
|
'organisation' => $this->Users->Organisations->find('list', [
|
||||||
'sort' => ['name' => 'asc'],
|
'sort' => ['name' => 'asc'],
|
||||||
'conditions' => $org_conditions
|
'conditions' => $org_conditions
|
||||||
|
|
@ -136,7 +157,7 @@ class UsersController extends AppController
|
||||||
$params = [
|
$params = [
|
||||||
'get' => [
|
'get' => [
|
||||||
'fields' => [
|
'fields' => [
|
||||||
'id', 'individual_id', 'role_id', 'username', 'disabled'
|
'id', 'individual_id', 'role_id', 'disabled', 'username'
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
'removeEmpty' => [
|
'removeEmpty' => [
|
||||||
|
|
@ -148,12 +169,10 @@ class UsersController extends AppController
|
||||||
];
|
];
|
||||||
if (!empty($this->ACL->getUser()['role']['perm_admin'])) {
|
if (!empty($this->ACL->getUser()['role']['perm_admin'])) {
|
||||||
$params['fields'][] = 'individual_id';
|
$params['fields'][] = 'individual_id';
|
||||||
$params['fields'][] = 'username';
|
|
||||||
$params['fields'][] = 'role_id';
|
$params['fields'][] = 'role_id';
|
||||||
$params['fields'][] = 'organisation_id';
|
$params['fields'][] = 'organisation_id';
|
||||||
$params['fields'][] = 'disabled';
|
$params['fields'][] = 'disabled';
|
||||||
} else if (!empty($this->ACL->getUser()['role']['perm_org_admin'])) {
|
} else if (!empty($this->ACL->getUser()['role']['perm_org_admin'])) {
|
||||||
$params['fields'][] = 'username';
|
|
||||||
$params['fields'][] = 'role_id';
|
$params['fields'][] = 'role_id';
|
||||||
$params['fields'][] = 'disabled';
|
$params['fields'][] = 'disabled';
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_admin']) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue