Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop

2022-01-26 14:59:57 +01:00 · 2022-01-26 14:59:57 +01:00 · d05868106d
parent 74e95855bd 519fcd2b1a
commit d05868106d
4 changed files with 26 additions and 13 deletions
--- a/src/Controller/Component/NavigationComponent.php
+++ b/src/Controller/Component/NavigationComponent.php
@ -17,8 +17,9 @@ require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 's

 class NavigationComponent extends Component
 {
-    private $user = null;
+    private $currentUser = null;
    public $breadcrumb = null;
+    public $fullBreadcrumb = null;
    public $iconToTableMapping = [
        'Individuals' => 'address-book',
        'Organisations' => 'building',
@ -42,10 +43,10 @@ class NavigationComponent extends Component
        $this->request = $config['request'];
    }

-    public function beforeFilter($event)
+    public function genBreadcrumbs(\App\Model\Entity\User $user)
    {
-        $this->fullBreadcrumb = $this->genBreadcrumb();
-        $this->breadcrumb = $this->getBreadcrumb();
+        $this->currentUser = $user;
+        $this->breadcrumb = $this->fullBreadcrumb = $this->genBreadcrumb();
    }

    public function getSideMenu(): array
@ -56,7 +57,7 @@ class NavigationComponent extends Component
        return $sidemenu;
    }

-    
+
    public function addUserBookmarks($sidemenu): array
    {
        $bookmarks = $this->getUserBookmarks();
@ -81,7 +82,7 @@ class NavigationComponent extends Component
        }, $bookmarks);
        return $links;
    }
-    
+
    public function getBreadcrumb(): array
    {
        $controller = $this->request->getParam('controller');
@ -141,6 +142,7 @@ class NavigationComponent extends Component
            require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . $navigationFile);
            $reflection = new \ReflectionClass("BreadcrumbNavigation\\{$navigationClassname}Navigation");
            $navigationClasses[$navigationClassname] = $reflection->newInstance($bcf, $request);
+            $navigationClasses[$navigationClassname]->setCurrentUser($this->currentUser);
        }
        return $navigationClasses;
    }
@ -284,7 +286,7 @@ class BreadcrumbFactory
        $this->addLink($controller, 'view', $controller, 'edit');
        $this->addLink($controller, 'edit', $controller, 'view');
        $this->addSelfLink($controller, 'edit');
-        
+
        $this->addAction($controller, 'view', $controller, 'add');
        $this->addAction($controller, 'view', $controller, 'delete');
        $this->addAction($controller, 'edit', $controller, 'add');
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@ -94,7 +94,8 @@ class UsersController extends AppController

    public function view($id = false)
    {
-        if (empty($id) || empty($this->ACL->getUser()['role']['perm_admin'])) {
+        $currentUser = $this->ACL->getUser();
+        if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
            $id = $this->ACL->getUser()['id'];
        }
        $this->CRUD->view($id, [
@ -152,10 +153,11 @@ class UsersController extends AppController
            $params['fields'][] = 'disabled';
            if (!$currentUser['role']['perm_admin']) {
                $params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) {
-                    if (!$currentUser['role']['perm_admin'] && $currentUser['role']['perm_org_admin']) {
-                        if (!in_array($data['role_id'], array_keys($validRoles))) {
-                            throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
-                        }
+                    if (!in_array($data['role_id'], array_keys($validRoles))) {
+                        throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
+                    }
+                    if ($data['organisation_id'] !== $currentUser['organisation_id']) {
+                        throw new MethodNotAllowedException(__('You cannot edit the given user.'));
                    }
                    return $data;
                };
--- a/src/Model/Table/AppTable.php
+++ b/src/Model/Table/AppTable.php
@ -46,4 +46,9 @@ class AppTable extends Table
            }
        }
    }
+
+    public function isValidUrl($value, array $context): bool
+    {
+        return filter_var($value, FILTER_VALIDATE_URL);
+    }
 }
--- a/src/Model/Table/BroodsTable.php
+++ b/src/Model/Table/BroodsTable.php
@ -33,7 +33,11 @@ class BroodsTable extends AppTable
            ->requirePresence(['name', 'url', 'organisation_id'], 'create')
            ->notEmptyString('name')
            ->notEmptyString('url')
-            ->url('url', __('The provided value is not a valid URL'))
+            ->add('url', 'isValidUrl', [
+                'rule' => 'isValidUrl',
+                'message' => __('The provided value is not a valid URL'),
+                'provider' => 'table'
+            ])
            ->naturalNumber('organisation_id', false);
    }