diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php index 4ebc674..d1c78fc 100644 --- a/src/Controller/Component/CRUDComponent.php +++ b/src/Controller/Component/CRUDComponent.php @@ -442,6 +442,12 @@ class CRUDComponent extends Component if (empty($data)) { throw new NotFoundException(__('Invalid {0}.', $this->ObjectAlias)); } + if (isset($params['beforeSave'])) { + $data = $params['beforeSave']($data); + if ($data === false) { + throw new NotFoundException(__('Could not save {0} due to the input failing to meet expectations. Your input is bad and you should feel bad.', $this->ObjectAlias)); + } + } $this->Controller->set('id', $data['id']); $this->Controller->set('data', $data); $this->Controller->set('bulkEnabled', false); @@ -453,6 +459,7 @@ class CRUDComponent extends Component $isBulk = count($ids) > 1; $bulkSuccesses = 0; foreach ($ids as $id) { + $skipExecution = false; $data = $this->Table->find()->where([$this->Table->getAlias() . '.id' => $id]); if (!empty($params['conditions'])) { $data->where($params['conditions']); @@ -461,6 +468,9 @@ class CRUDComponent extends Component $data->contain($params['contain']); } $data = $data->first(); + if (isset($params['beforeSave'])) { + $data = $params['beforeSave']($data); + } if (!empty($data)) { $success = $this->Table->delete($data); $success = true; diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php index e04ebc0..803f180 100644 --- a/src/Controller/EncryptionKeysController.php +++ b/src/Controller/EncryptionKeysController.php @@ -14,7 +14,7 @@ use Cake\Error\Debugger; class EncryptionKeysController extends AppController { - public $filterFields = ['owner_model', 'organisation_id', 'individual_id', 'encryption_key']; + public $filterFields = ['owner_model', 'owner_id', 'encryption_key']; public $quickFilterFields = ['encryption_key']; public $containFields = ['Individuals', 'Organisations']; @@ -57,47 +57,52 @@ class EncryptionKeysController extends AppController private function buildBeforeSave(array $params, $currentUser, array &$orgConditions, array &$individualConditions, array &$dropdownData): array { - $orgConditions = [ - 'id' => $currentUser['organisation_id'] - ]; - if (empty($currentUser['role']['perm_org_admin'])) { - $individualConditions = [ - 'id' => $currentUser['individual_id'] + if (empty($currentUser['role']['perm_admin'])) { + $orgConditions = [ + 'id' => $currentUser['organisation_id'] ]; - } - $params['beforeSave'] = function($entity) use($currentUser) { - if ($entity['owner_model'] === 'organisation') { - $entity['owner_id'] = $currentUser['organisation_id']; + if (empty($currentUser['role']['perm_org_admin'])) { + $individualConditions = [ + 'id' => $currentUser['individual_id'] + ]; } else { - if ($currentUser['role']['perm_org_admin']) { - $this->loadModel('Alignments'); - $validIndividuals = $this->Alignments->find('list', [ - 'keyField' => 'individual_id', - 'valueField' => 'id', - 'conditions' => ['organisation_id' => $currentUser['organisation_id']] - ])->toArray(); - if (!isset($validIndividuals[$entity['owner_id']])) { - throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); + $this->loadModel('Alignments'); + $individualConditions = ['id IN' => $this->Alignments->find('list', [ + 'keyField' => 'id', + 'valueField' => 'individual_id', + 'conditions' => ['organisation_id' => $currentUser['organisation_id']] + ])->toArray()]; + } + $params['beforeSave'] = function($entity) use($currentUser) { + if ($entity['owner_model'] === 'organisation') { + if ($entity['owner_id'] !== $currentUser['organisation_id']) { + throw new MethodNotAllowedException(__('Selected organisation cannot be linked by the current user.')); } } else { - if ($entity['owner_id'] !== $currentUser['id']) { - throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); + if ($currentUser['role']['perm_org_admin']) { + $this->loadModel('Alignments'); + $validIndividuals = $this->Alignments->find('list', [ + 'keyField' => 'individual_id', + 'valueField' => 'id', + 'conditions' => ['organisation_id' => $currentUser['organisation_id']] + ])->toArray(); + if (!isset($validIndividuals[$entity['owner_id']])) { + throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); + } + } else { + if ($entity['owner_id'] !== $currentUser['id']) { + throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.')); + } } } - } - return $entity; - }; + return $entity; + }; + } $this->loadModel('Organisations'); $this->loadModel('Individuals'); $dropdownData = [ - 'organisation' => $this->Organisations->find('list', [ - 'sort' => ['name' => 'asc'], - 'conditions' => $orgConditions - ]), - 'individual' => $this->Individuals->find('list', [ - 'sort' => ['email' => 'asc'], - 'conditions' => $individualConditions - ]) + 'organisation' => $this->Organisations->find('list')->order(['name' => 'asc'])->where($orgConditions)->all()->toArray(), + 'individual' => $this->Individuals->find('list')->order(['email' => 'asc'])->where($individualConditions)->all()->toArray() ]; return $params; } @@ -111,9 +116,7 @@ class EncryptionKeysController extends AppController $params = [ 'redirect' => $this->referer() ]; - if (empty($currentUser['role']['perm_admin'])) { - $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData); - } + $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData); $this->CRUD->add($params); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php index a5065db..9ffb2fe 100644 --- a/src/Controller/UsersController.php +++ b/src/Controller/UsersController.php @@ -7,6 +7,7 @@ use Cake\Utility\Text; use Cake\ORM\TableRegistry; use \Cake\Database\Expression\QueryExpression; use Cake\Http\Exception\UnauthorizedException; +use Cake\Http\Exception\MethodNotAllowedException; use Cake\Core\Configure; class UsersController extends AppController @@ -100,11 +101,10 @@ class UsersController extends AppController if (empty($id)) { $id = $currentUser['id']; } else { + $id = intval($id); if ((empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) { if ($id !== $currentUser['id']) { throw new MethodNotAllowedException(__('You are not authorised to edit that user.')); - } else { - $id = $currentUser['id']; } } } diff --git a/templates/Users/view.php b/templates/Users/view.php index 26c3c25..fbddf52 100644 --- a/templates/Users/view.php +++ b/templates/Users/view.php @@ -56,8 +56,8 @@ echo $this->element( 'title' => __('Authentication keys') ], [ - 'url' => '/EncryptionKeys/index?Users.id={{0}}', - 'url_params' => ['id'], + 'url' => '/EncryptionKeys/index?owner_id={{0}}', + 'url_params' => ['individual_id'], 'title' => __('Encryption keys') ], [