From aae584f0b79425fea96afce4f4cb74d91ad524a0 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Tue, 24 Sep 2024 16:03:35 +0200
Subject: [PATCH] chg: [users:add] Update the permission limitation for org
 permission on /users/add

---
 src/Controller/Component/ACLComponent.php  |  3 +-
 src/Controller/Component/CRUDComponent.php |  2 +-
 src/Controller/UsersController.php         | 18 +++++
 templates/Users/add.php                    | 84 +++++++++++++---------
 4 files changed, 73 insertions(+), 34 deletions(-)

diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index 0f4c2c0..484e2de 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -245,7 +245,8 @@ class ACLComponent extends Component
             'register' => ['*'],
             'settings' => ['*'],
             'toggle' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
-            'view' => ['*']
+            'view' => ['*'],
+            'getLimitationForOrganisation' => ['OR' => ['perm_org_admin', 'perm_community_admin']],
         ],
         'UserSettings' => [
             'index' => ['*'],
diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 9660d58..607faf9 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -393,7 +393,7 @@ class CRUDComponent extends Component
         return false;
     }
 
-    private function getMetaTemplates(array $metaTemplateConditions = [])
+    public function getMetaTemplates(array $metaTemplateConditions = [])
     {
         $metaTemplates = [];
         if (!$this->metaFieldsSupported()) {
diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 8bcdaa9..4159d96 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -541,4 +541,22 @@ class UsersController extends AppController
         }
         $this->viewBuilder()->setLayout('login');
     }
+
+    public function getLimitationForOrganisation($org_id) {
+        $currentUser = $this->ACL->getUser();
+        if (!$currentUser['role']['perm_community_admin']) {
+            $validOrgs = $this->Users->getValidOrgsForUser($currentUser);
+            if ($currentUser['role']['perm_group_admin']) {
+                if (!in_array($org_id, $validOrgs)) {
+                    throw new MethodNotAllowedException(__('You do not have permission to assign that organisation.'));
+                }
+            }
+        }
+        $fakeUser = $this->Users->newEmptyEntity();
+        $fakeUser->organisation_id = $org_id; // set fakeUser's to the selected org-id
+        $metaTemplates = $this->CRUD->getMetaTemplates();
+        $fakeUser = $this->CRUD->attachMetaTemplatesIfNeeded($fakeUser, $metaTemplates->toArray());
+        $fakeUser = $this->fetchTable('PermissionLimitations')->attachLimitations($fakeUser);
+        return $this->RestResponse->viewData($fakeUser, 'json');
+    }
 }
diff --git a/templates/Users/add.php b/templates/Users/add.php
index 8afcd69..539711b 100644
--- a/templates/Users/add.php
+++ b/templates/Users/add.php
@@ -102,43 +102,63 @@ echo $this->element('genericElements/Form/genericForm', [
 <script>
     $(document).ready(function() {
         const entity = <?= json_encode($entity) ?>;
-        if (entity.MetaTemplates) {
-            for (const [metaTemplateId, metaTemplate] of Object.entries(entity.MetaTemplates)) {
-                for (const [metaTemplateFieldId, metaTemplateField] of Object.entries(metaTemplate.meta_template_fields)) {
-                    let metaFieldId = false
-                    if (metaTemplateField.metaFields !== undefined && Object.keys(metaTemplateField.metaFields).length > 0) {
-                        metaFieldId = Object.keys(metaTemplateField.metaFields)[0]
-                    }
-                    let metafieldInput
-                    const baseQueryPath = `MetaTemplates.${metaTemplateId}.meta_template_fields.${metaTemplateFieldId}.metaFields`
-                    if (metaFieldId) {
-                        metafieldInput = document.getElementById(`${baseQueryPath}.${metaFieldId}.value-field`)
-                    } else {
-                        metafieldInput = document.getElementById(`${baseQueryPath}.new.0-field`)
-                    }
-                    if (metafieldInput !== null) {
-                        const permissionWarnings = buildPermissionElement(metaTemplateField)
-                        $(metafieldInput.parentElement).append(permissionWarnings)
+        createUIForPermission(entity)
+
+        $('#organisation_id-field').change(updateOrgPermissionCount)
+        updateOrgPermissionCount()
+
+        function createUIForPermission(entity) {
+            if (entity.MetaTemplates) {
+                for (const [metaTemplateId, metaTemplate] of Object.entries(entity.MetaTemplates)) {
+                    for (const [metaTemplateFieldId, metaTemplateField] of Object.entries(metaTemplate.meta_template_fields)) {
+                        let metaFieldId = false
+                        if (metaTemplateField.metaFields !== undefined && Object.keys(metaTemplateField.metaFields).length > 0) {
+                            metaFieldId = Object.keys(metaTemplateField.metaFields)[0]
+                        }
+                        let metafieldInput
+                        const baseQueryPath = `MetaTemplates.${metaTemplateId}.meta_template_fields.${metaTemplateFieldId}.metaFields`
+                        if (metaFieldId) {
+                            metafieldInput = document.getElementById(`${baseQueryPath}.${metaFieldId}.value-field`)
+                        } else {
+                            metafieldInput = document.getElementById(`${baseQueryPath}.new.0-field`)
+                        }
+                        if (metafieldInput !== null) {
+                            const permissionWarnings = buildPermissionElement(metaTemplateField)
+                            $(metafieldInput.parentElement).find('.permission-container').remove()
+                            $(metafieldInput.parentElement).append(permissionWarnings)
+                        }
                     }
                 }
             }
+
+            function buildPermissionElement(metaTemplateField) {
+                const warningTypes = ['danger', 'warning', 'info', ]
+                const $span = $('<span>')
+                    .addClass(['permission-container', 'ms-2'])
+                warningTypes.forEach(warningType => {
+                    if (metaTemplateField[warningType]) {
+                        $theWarning = $('<span>')
+                            .addClass([
+                                `text-${warningType}`,
+                                'ms-1',
+                            ])
+                            .append($(metaTemplateField[warningType]))
+                        $span.append($theWarning)
+                    }
+                });
+                return $span
+            }
         }
 
-        function buildPermissionElement(metaTemplateField) {
-            const warningTypes = ['danger', 'warning', 'info', ]
-            const $span = $('<span>').addClass('ms-2')
-            warningTypes.forEach(warningType => {
-                if (metaTemplateField[warningType]) {
-                    $theWarning = $('<span>')
-                        .addClass([
-                            `text-${warningType}`,
-                            'ms-1',
-                        ])
-                        .append($(metaTemplateField[warningType]))
-                    $span.append($theWarning)
-                }
-            });
-            return $span
+        async function updateOrgPermissionCount() {
+            var org_id = $('#organisation_id-field').val()
+            var url = `/users/getLimitationForOrganisation/${org_id}?includeMetatemplate=1`
+            const response = await fetch(url, new Headers({Accept: 'application/json'}));
+            if (!response.ok) {
+                throw new Error(`Network response was not ok. \`${response.statusText}\``)
+            }
+            const entity = await response.json();
+            createUIForPermission(entity)
         }
     })
 </script>
\ No newline at end of file