cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [group admin] be able to add users for the administered orgs

dependabot/npm_and_yarn/webroot/theme/braces-3.0.3
iglocska 2024-05-15 11:11:44 +02:00
parent 6967c03d8b
commit b233241e87
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Controller/UsersController.php
View File

@ -117,7 +117,14 @@ class UsersController extends AppController
$data['role_id'] = $defaultRole['id'];
}
if (!$currentUser['role']['perm_admin']) {
$validOrgs = $this->Users->getValidOrgsForUser($currentUser);
if ($currentUser['role']['perm_group_admin']) {
if (!empty($data['organisation_id']) && !in_array($currentUser['organisation_id'], $validOrgs)) {
throw new MethodNotAllowedException(__('You do not have permission to assign that organisation.'));
}
} else {
$data['organisation_id'] = $currentUser['organisation_id'];
}
if (!in_array($data['role_id'], array_keys($validRoles))) {
throw new MethodNotAllowedException(__('You do not have permission to assign that role.'));
}
@ -171,7 +178,8 @@ class UsersController extends AppController
*/
$org_conditions = [];
if (empty($currentUser['role']['perm_admin'])) {
$org_conditions = ['id' => $currentUser['organisation_id']];
$validOrgs = $this->Users->getValidOrgsForUser($currentUser);
$org_conditions = ['id IN' => $validOrgs];
}
$dropdownData = [
'role' => $validRoles,

12
src/Model/Table/UsersTable.php
View File

@ -293,8 +293,18 @@ class UsersTable extends AppTable
return true;
}
public function getAllOrganisations($currentUser) {
public function getAllOrganisations(\App\Model\Entity\User $currentUser)
{
$this->Individuals = TableRegistry::get('Individuals');
return $this->Individuals->getAllOrganisations($currentUser);
}
public function getValidOrgsForUser(\App\Model\Entity\User $user): array
{
if (!empty($user['role']['perm_group_admin'])) {
return $this->Organisations->OrgGroups->getGroupOrgIdsForUser($user);
} else {
return [$user['organisation_id']];
}
}
}