diff --git a/src/Controller/Component/Navigation/OrgGroups.php b/src/Controller/Component/Navigation/OrgGroups.php
index b23d339..549e8fb 100644
--- a/src/Controller/Component/Navigation/OrgGroups.php
+++ b/src/Controller/Component/Navigation/OrgGroups.php
@@ -8,7 +8,7 @@ class OrgGroupsNavigation extends BaseNavigation
public function addLinks()
{
$controller = 'OrgGroups';
- if (empty($this->viewVars['canEdit'])) {
+ if (empty($this->viewVars['canEditDefinition'])) {
$this->bcf->removeLink($controller, 'view', $controller, 'edit');
$this->bcf->removeLink($controller, 'edit', $controller, 'edit');
}
@@ -17,9 +17,10 @@ class OrgGroupsNavigation extends BaseNavigation
public function addActions()
{
$controller = 'OrgGroups';
- if (empty($this->viewVars['canEdit'])) {
+ if (empty($this->viewVars['canEditDefinition'])) {
$this->bcf->removeAction($controller, 'view', $controller, 'delete');
$this->bcf->removeAction($controller, 'edit', $controller, 'delete');
+ $this->bcf->removeAction($controller, 'view', $controller, 'add');
}
}
}
diff --git a/src/Controller/OrgGroupsController.php b/src/Controller/OrgGroupsController.php
index 105a69e..c775da5 100644
--- a/src/Controller/OrgGroupsController.php
+++ b/src/Controller/OrgGroupsController.php
@@ -58,6 +58,7 @@ class OrgGroupsController extends AppController
return $responsePayload;
}
$this->set('canEdit', $this->canEdit($id));
+ $this->set('canEditDefinition', $this->canEditDefinition($id));
}
public function edit($id)
@@ -136,6 +137,15 @@ class OrgGroupsController extends AppController
return false;
}
+ private function canEditDefinition($groupId): bool
+ {
+ $currentUser = $this->ACL->getUser();
+ if ($currentUser['role']['perm_admin']) {
+ return true;
+ }
+ return false;
+ }
+
// Listing should be available to all, it's purely informational
public function listAdmins($groupId)
{
diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index c2c8b57..6ca72db 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -72,7 +72,7 @@ class UsersController extends AppController
];
$individual_ids = [];
if (!$currentUser['role']['perm_admin']) {
- if (!$currentUser['role']['perm_group_admin']) {
+ if ($currentUser['role']['perm_group_admin']) {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
} else {
@@ -219,12 +219,12 @@ class UsersController extends AppController
{
$currentUser = $this->ACL->getUser();
$validRoles = [];
- $individuals_params = [
- 'sort' => ['email' => 'asc']
- ];
- $individual_ids = [];
if (!$currentUser['role']['perm_admin']) {
- $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
+ if ($currentUser['role']['perm_group_admin']) {
+ $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
+ } else {
+ $validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
+ }
} else {
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
}
@@ -448,13 +448,17 @@ class UsersController extends AppController
{
$editingAnotherUser = false;
$currentUser = $this->ACL->getUser();
- if (empty($currentUser['role']['perm_admin']) || $user_id == $currentUser->id) {
+ if ((empty($currentUser['role']['perm_admin']) && empty($currentUser['role']['perm_group_admin'])) || $user_id == $currentUser->id) {
$user = $currentUser;
} else {
$user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations', 'Organisations', 'UserSettings']
]);
$editingAnotherUser = true;
+ if (!empty($currentUser['role']['perm_group_admin']) && !$this->ACL->canEditUser($currentUser, $user)) {
+ $user = $currentUser;
+ $editingAnotherUser = false;
+ }
}
$this->set('editingAnotherUser', $editingAnotherUser);
$this->set('user', $user);
diff --git a/templates/element/genericElements/SingleViews/Fields/alignmentField.php b/templates/element/genericElements/SingleViews/Fields/alignmentField.php
index 48a78ab..40d3184 100644
--- a/templates/element/genericElements/SingleViews/Fields/alignmentField.php
+++ b/templates/element/genericElements/SingleViews/Fields/alignmentField.php
@@ -37,7 +37,7 @@ if ($field['scope'] === 'individuals') {
foreach ($extracted['alignments'] as $alignment) {
$alignmentEntryHtml = '[' . $this->Bootstrap->node('span', ['class' => ['fw-bold']], h($alignment['type'])) . ']';
$alignmentEntryHtml .= $this->Bootstrap->node('span', ['class' => ['ms-1']], sprintf(
- '%s',
+ '%s',
$baseurl,
h($alignment['individual']['id']),
h($alignment['individual']['email'])