new: [permissions] split of admin and community admin
iglocska
parent
2cee92df82
commit
d12faba78f
|
|
@ -0,0 +1,30 @@
|
||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
use Migrations\AbstractMigration;
|
||||||
|
use Phinx\Db\Adapter\MysqlAdapter;
|
||||||
|
|
||||||
|
final class AdminPermissionSplit extends AbstractMigration
|
||||||
|
{
|
||||||
|
public $autoId = false; // turn off automatic `id` column create. We want it to be `int(10) unsigned`
|
||||||
|
|
||||||
|
public function change(): void
|
||||||
|
{
|
||||||
|
$exists = $this->table('roles')->hasColumn('perm_community_admin');
|
||||||
|
if (!$exists) {
|
||||||
|
$this->table('roles')
|
||||||
|
->addColumn('perm_community_admin', 'boolean', [
|
||||||
|
'default' => 0,
|
||||||
|
'null' => false,
|
||||||
|
])
|
||||||
|
->addIndex('perm_community_admin')
|
||||||
|
->update();
|
||||||
|
}
|
||||||
|
$builder = $this->getQueryBuilder();
|
||||||
|
$builder
|
||||||
|
->update('roles')
|
||||||
|
->set('perm_community_admin', true)
|
||||||
|
->where(['perm_admin' => true])
|
||||||
|
->execute();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -11,7 +11,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'type' => 'simple',
|
'type' => 'simple',
|
||||||
'text' => __('Add tag'),
|
'text' => __('Add tag'),
|
||||||
'popover_url' => '/tags/add',
|
'popover_url' => '/tags/add',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin']),
|
'requirement' => !empty($loggedUser['role']['perm_community_admin']),
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
|
@ -67,13 +67,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'open_modal' => '/tags/edit/[onclick_params_data_path]',
|
'open_modal' => '/tags/edit/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'edit',
|
'icon' => 'edit',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin']),
|
'requirement' => !empty($loggedUser['role']['perm_community_admin']),
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'open_modal' => '/tags/delete/[onclick_params_data_path]',
|
'open_modal' => '/tags/delete/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'trash',
|
'icon' => 'trash',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin']),
|
'requirement' => !empty($loggedUser['role']['perm_community_admin']),
|
||||||
],
|
],
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -100,12 +100,18 @@ class FastUserEnrolmentCommand extends Command
|
||||||
die(1);
|
die(1);
|
||||||
}
|
}
|
||||||
$defaultRole = $defaultRole->toArray();
|
$defaultRole = $defaultRole->toArray();
|
||||||
if (!empty($defaultRole['perm_admin'])) {
|
if (!empty($defaultRole['perm_community_admin'])) {
|
||||||
$selection = $io->askChoice('The default role has the `admin` permission. Confirm giving the admin permission to users to be enrolled.', ['Y', 'N'], 'N');
|
$selection = $io->askChoice('The default role has the `admin` permission. Confirm giving the admin permission to users to be enrolled.', ['Y', 'N'], 'N');
|
||||||
if ($selection != 'Y') {
|
if ($selection != 'Y') {
|
||||||
die(1);
|
die(1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (!empty($defaultRole['perm_community_admin'])) {
|
||||||
|
$selection = $io->askChoice('The default role has the `community_admin` permission. Confirm giving the admin permission to users to be enrolled.', ['Y', 'N'], 'N');
|
||||||
|
if ($selection != 'Y') {
|
||||||
|
die(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
$this->role_id = $defaultRole['id'];
|
$this->role_id = $defaultRole['id'];
|
||||||
} else {
|
} else {
|
||||||
$role = $this->Users->Roles->find()->select(['id'])->where(['id' => $this->role_id])->first();
|
$role = $this->Users->Roles->find()->select(['id'])->where(['id' => $this->role_id])->first();
|
||||||
|
|
|
||||||
|
|
@ -150,7 +150,7 @@ class AlignmentsController extends AppController
|
||||||
private function canEditIndividual($indId): bool
|
private function canEditIndividual($indId): bool
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if ($currentUser['role']['perm_admin']) {
|
if ($currentUser['role']['perm_community_admin']) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
$this->loadModel('Individuals');
|
$this->loadModel('Individuals');
|
||||||
|
|
@ -164,7 +164,7 @@ class AlignmentsController extends AppController
|
||||||
private function canEditOrganisation($orgId): bool
|
private function canEditOrganisation($orgId): bool
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if ($currentUser['role']['perm_admin']) {
|
if ($currentUser['role']['perm_community_admin']) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if ($currentUser['role']['perm_org_admin'] && $currentUser['organisation']['id'] == $orgId) {
|
if ($currentUser['role']['perm_org_admin'] && $currentUser['organisation']['id'] == $orgId) {
|
||||||
|
|
|
||||||
|
|
@ -124,6 +124,7 @@ class AppController extends Controller
|
||||||
$this->ACL->setUser($user);
|
$this->ACL->setUser($user);
|
||||||
$this->request->getSession()->write('authUser', $user);
|
$this->request->getSession()->write('authUser', $user);
|
||||||
$this->isAdmin = $user['role']['perm_admin'];
|
$this->isAdmin = $user['role']['perm_admin'];
|
||||||
|
$this->isCommunityAdmin = $user['role']['perm_community_admin'];
|
||||||
if (!$this->ParamHandler->isRest()) {
|
if (!$this->ParamHandler->isRest()) {
|
||||||
$this->set('menu', $this->ACL->getMenu());
|
$this->set('menu', $this->ACL->getMenu());
|
||||||
$this->set('loggedUser', $this->ACL->getUser());
|
$this->set('loggedUser', $this->ACL->getUser());
|
||||||
|
|
@ -155,7 +156,7 @@ class AppController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->modelClass == 'Tags.Tags') {
|
if ($this->modelClass == 'Tags.Tags') {
|
||||||
$this->set('metaGroup', !empty($this->isAdmin) ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', !empty($this->isCommunityAdmin) ? 'Administration' : 'Cerebrate');
|
||||||
}
|
}
|
||||||
$this->response = $this->response->withHeader('X-Frame-Options', 'DENY');
|
$this->response = $this->response->withHeader('X-Frame-Options', 'DENY');
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ class AuthKeysController extends AppController
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$conditions = [];
|
$conditions = [];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$conditions['Users.organisation_id'] = $currentUser['organisation_id'];
|
$conditions['Users.organisation_id'] = $currentUser['organisation_id'];
|
||||||
if (empty($currentUser['role']['perm_org_admin'])) {
|
if (empty($currentUser['role']['perm_org_admin'])) {
|
||||||
$conditions['Users.id'] = $currentUser['id'];
|
$conditions['Users.id'] = $currentUser['id'];
|
||||||
|
|
@ -40,14 +40,14 @@ class AuthKeysController extends AppController
|
||||||
if (!empty($responsePayload)) {
|
if (!empty($responsePayload)) {
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function delete($id)
|
public function delete($id)
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$conditions = [];
|
$conditions = [];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$conditions['Users.organisation_id'] = $currentUser['organisation_id'];
|
$conditions['Users.organisation_id'] = $currentUser['organisation_id'];
|
||||||
if (empty($currentUser['role']['perm_org_admin'])) {
|
if (empty($currentUser['role']['perm_org_admin'])) {
|
||||||
$conditions['Users.id'] = $currentUser['id'];
|
$conditions['Users.id'] = $currentUser['id'];
|
||||||
|
|
@ -58,20 +58,20 @@ class AuthKeysController extends AppController
|
||||||
if (!empty($responsePayload)) {
|
if (!empty($responsePayload)) {
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function add()
|
public function add()
|
||||||
{
|
{
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
$validUsers = [];
|
$validUsers = [];
|
||||||
$userConditions = [];
|
$userConditions = [];
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
if (empty($currentUser['role']['perm_org_admin'])) {
|
if (empty($currentUser['role']['perm_org_admin'])) {
|
||||||
$userConditions['id'] = $currentUser['id'];
|
$userConditions['id'] = $currentUser['id'];
|
||||||
} else {
|
} else {
|
||||||
$role_ids = $this->Users->Roles->find()->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->extract('id')->toList();
|
$role_ids = $this->Users->Roles->find()->where(['perm_admin' => 0, 'perm_community_admin', 'perm_org_admin' => 0])->all()->extract('id')->toList();
|
||||||
$userConditions['organisation_id'] = $currentUser['organisation_id'];
|
$userConditions['organisation_id'] = $currentUser['organisation_id'];
|
||||||
$userConditions['OR'] = [
|
$userConditions['OR'] = [
|
||||||
['role_id IN' => $role_ids],
|
['role_id IN' => $role_ids],
|
||||||
|
|
|
||||||
|
|
@ -41,14 +41,14 @@ class ACLComponent extends Component
|
||||||
'queryACL' => ['perm_admin']
|
'queryACL' => ['perm_admin']
|
||||||
],
|
],
|
||||||
'Alignments' => [
|
'Alignments' => [
|
||||||
'add' => ['perm_admin', 'perm_org_admin'],
|
'add' => ['perm_community_admin', 'perm_org_admin'],
|
||||||
'delete' => ['perm_admin', 'perm_org_admin'],
|
'delete' => ['perm_community_admin', 'perm_org_admin'],
|
||||||
'index' => ['*'],
|
'index' => ['*'],
|
||||||
'view' => ['*']
|
'view' => ['*']
|
||||||
],
|
],
|
||||||
'AuditLogs' => [
|
'AuditLogs' => [
|
||||||
'filtering' => ['perm_admin'],
|
'filtering' => ['perm_community_admin'],
|
||||||
'index' => ['perm_admin'],
|
'index' => ['perm_community_admin'],
|
||||||
],
|
],
|
||||||
'AuthKeys' => [
|
'AuthKeys' => [
|
||||||
'add' => ['*'],
|
'add' => ['*'],
|
||||||
|
|
@ -56,17 +56,17 @@ class ACLComponent extends Component
|
||||||
'index' => ['*']
|
'index' => ['*']
|
||||||
],
|
],
|
||||||
'Broods' => [
|
'Broods' => [
|
||||||
'add' => ['perm_admin'],
|
'add' => ['perm_community_admin'],
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_community_admin'],
|
||||||
'downloadIndividual' => ['perm_admin'],
|
'downloadIndividual' => ['perm_community_admin'],
|
||||||
'downloadOrg' => ['perm_admin'],
|
'downloadOrg' => ['perm_community_admin'],
|
||||||
'downloadSharingGroup' => ['perm_admin'],
|
'downloadSharingGroup' => ['perm_community_admin'],
|
||||||
'edit' => ['perm_admin'],
|
'edit' => ['perm_community_admin'],
|
||||||
'index' => ['perm_admin'],
|
'index' => ['perm_community_admin'],
|
||||||
'interconnectTools' => ['perm_admin'],
|
'interconnectTools' => ['perm_community_admin'],
|
||||||
'previewIndex' => ['perm_admin'],
|
'previewIndex' => ['perm_community_admin'],
|
||||||
'testConnection' => ['perm_admin'],
|
'testConnection' => ['perm_community_admin'],
|
||||||
'view' => ['perm_admin']
|
'view' => ['perm_community_admin']
|
||||||
],
|
],
|
||||||
'EncryptionKeys' => [
|
'EncryptionKeys' => [
|
||||||
'view' => ['*'],
|
'view' => ['*'],
|
||||||
|
|
@ -76,29 +76,29 @@ class ACLComponent extends Component
|
||||||
'index' => ['*']
|
'index' => ['*']
|
||||||
],
|
],
|
||||||
'Enumerations' => [
|
'Enumerations' => [
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_community_admin'],
|
||||||
'index' => ['*']
|
'index' => ['*']
|
||||||
],
|
],
|
||||||
'EnumerationCollections' => [
|
'EnumerationCollections' => [
|
||||||
'view' => ['*'],
|
'view' => ['*'],
|
||||||
'add' => ['perm_admin'],
|
'add' => ['perm_community_admin'],
|
||||||
'edit' => ['perm_admin'],
|
'edit' => ['perm_community_admin'],
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_community_admin'],
|
||||||
'index' => ['*']
|
'index' => ['*']
|
||||||
],
|
],
|
||||||
'Inbox' => [
|
'Inbox' => [
|
||||||
'createEntry' => ['OR' => ['perm_admin', 'perm_sync']],
|
'createEntry' => ['OR' => ['perm_community_admin', 'perm_sync']],
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_community_admin'],
|
||||||
'filtering' => ['perm_admin'],
|
'filtering' => ['perm_community_admin'],
|
||||||
'index' => ['perm_admin'],
|
'index' => ['perm_community_admin'],
|
||||||
'listProcessors' => ['OR' => ['perm_admin', 'perm_sync']],
|
'listProcessors' => ['OR' => ['perm_community_admin', 'perm_sync']],
|
||||||
'process' => ['perm_admin'],
|
'process' => ['perm_community_admin'],
|
||||||
'view' => ['perm_admin'],
|
'view' => ['perm_community_admin'],
|
||||||
],
|
],
|
||||||
'Individuals' => [
|
'Individuals' => [
|
||||||
'add' => ['perm_admin', 'perm_org_admin'],
|
'add' => ['perm_community_admin', 'perm_org_admin'],
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_community_admin'],
|
||||||
'edit' => ['perm_admin', 'perm_org_admin'],
|
'edit' => ['perm_community_admin', 'perm_org_admin'],
|
||||||
'filtering' => ['*'],
|
'filtering' => ['*'],
|
||||||
'index' => ['*'],
|
'index' => ['*'],
|
||||||
'tag' => ['*'],
|
'tag' => ['*'],
|
||||||
|
|
@ -119,19 +119,19 @@ class ACLComponent extends Component
|
||||||
'topology' => ['perm_admin'],
|
'topology' => ['perm_admin'],
|
||||||
],
|
],
|
||||||
'LocalTools' => [
|
'LocalTools' => [
|
||||||
'action' => ['perm_admin'],
|
'action' => ['OR' => ['perm_admin', 'perm_community_admin']],
|
||||||
'add' => ['perm_admin'],
|
'add' => ['perm_admin'],
|
||||||
'batchAction' => ['perm_admin'],
|
'batchAction' => ['perm_admin'],
|
||||||
'broodTools' => ['perm_admin'],
|
'broodTools' => ['OR' => ['perm_admin', 'perm_community_admin']],
|
||||||
'connectionRequest' => ['perm_admin'],
|
'connectionRequest' => ['OR' => ['perm_admin', 'perm_community_admin']],
|
||||||
// 'connectLocal' => ['perm_admin'],
|
// 'connectLocal' => ['perm_admin'],
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_admin'],
|
||||||
'edit' => ['perm_admin'],
|
'edit' => ['perm_admin'],
|
||||||
'exposedTools' => ['OR' => ['perm_admin', 'perm_sync']],
|
'exposedTools' => ['OR' => ['perm_admin', 'perm_sync', 'perm_community_admin']],
|
||||||
'index' => ['perm_admin'],
|
'index' => ['OR' => ['perm_admin', 'perm_community_admin']],
|
||||||
'connectorIndex' => ['perm_admin'],
|
'connectorIndex' => ['perm_admin'],
|
||||||
'view' => ['perm_admin'],
|
'view' => ['OR' => ['perm_admin', 'perm_community_admin']],
|
||||||
'viewConnector' => ['perm_admin']
|
'viewConnector' => ['OR' => ['perm_admin', 'perm_community_admin']]
|
||||||
],
|
],
|
||||||
'MailingLists' => [
|
'MailingLists' => [
|
||||||
"add" => ['perm_org_admin'],
|
"add" => ['perm_org_admin'],
|
||||||
|
|
@ -144,7 +144,7 @@ class ACLComponent extends Component
|
||||||
"view" => ['*'],
|
"view" => ['*'],
|
||||||
],
|
],
|
||||||
'MetaTemplateFields' => [
|
'MetaTemplateFields' => [
|
||||||
'index' => ['perm_admin']
|
'index' => ['perm_admin', 'perm_community_admin']
|
||||||
],
|
],
|
||||||
'MetaTemplates' => [
|
'MetaTemplates' => [
|
||||||
'createNewTemplate' => ['perm_admin'],
|
'createNewTemplate' => ['perm_admin'],
|
||||||
|
|
@ -164,26 +164,26 @@ class ACLComponent extends Component
|
||||||
'index' => ['perm_admin'],
|
'index' => ['perm_admin'],
|
||||||
],
|
],
|
||||||
'OrgGroups' => [
|
'OrgGroups' => [
|
||||||
'add' => ['perm_admin'],
|
'add' => ['perm_community_admin'],
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_community_admin'],
|
||||||
'edit' => ['perm_admin'],
|
'edit' => ['perm_community_admin'],
|
||||||
'index' => ['*'],
|
'index' => ['*'],
|
||||||
'view' => ['*'],
|
'view' => ['*'],
|
||||||
'filtering' => ['*'],
|
'filtering' => ['*'],
|
||||||
'tag' => ['perm_admin'],
|
'tag' => ['perm_community_admin'],
|
||||||
'untag' => ['perm_admin'],
|
'untag' => ['perm_community_admin'],
|
||||||
'viewTags' => ['*'],
|
'viewTags' => ['*'],
|
||||||
'listAdmins' => ['*'],
|
'listAdmins' => ['*'],
|
||||||
'listOrgs' => ['*'],
|
'listOrgs' => ['*'],
|
||||||
'assignAdmin' => ['perm_admin'],
|
'assignAdmin' => ['perm_community_admin'],
|
||||||
'removeAdmin' => ['perm_admin'],
|
'removeAdmin' => ['perm_community_admin'],
|
||||||
'attachOrg' => ['perm_admin', 'perm_group_admin'],
|
'attachOrg' => ['perm_community_admin', 'perm_group_admin'],
|
||||||
'detachOrg' => ['perm_admin', 'perm_group_admin']
|
'detachOrg' => ['perm_community_admin', 'perm_group_admin']
|
||||||
],
|
],
|
||||||
'Organisations' => [
|
'Organisations' => [
|
||||||
'add' => ['perm_admin'],
|
'add' => ['perm_community_admin'],
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_community_admin'],
|
||||||
'edit' => ['perm_admin', 'perm_org_admin'],
|
'edit' => ['perm_community_admin', 'perm_org_admin'],
|
||||||
'filtering' => ['*'],
|
'filtering' => ['*'],
|
||||||
'index' => ['*'],
|
'index' => ['*'],
|
||||||
'tag' => ['perm_org_admin'],
|
'tag' => ['perm_org_admin'],
|
||||||
|
|
@ -211,9 +211,9 @@ class ACLComponent extends Component
|
||||||
"delete" => ['perm_admin']
|
"delete" => ['perm_admin']
|
||||||
],
|
],
|
||||||
'Roles' => [
|
'Roles' => [
|
||||||
'add' => ['perm_admin'],
|
'add' => ['perm_community_admin'],
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_community_admin'],
|
||||||
'edit' => ['perm_admin'],
|
'edit' => ['perm_community_admin'],
|
||||||
'index' => ['*'],
|
'index' => ['*'],
|
||||||
'view' => ['*']
|
'view' => ['*']
|
||||||
],
|
],
|
||||||
|
|
@ -228,9 +228,9 @@ class ACLComponent extends Component
|
||||||
'view' => ['*']
|
'view' => ['*']
|
||||||
],
|
],
|
||||||
'Tags' => [
|
'Tags' => [
|
||||||
'add' => ['perm_admin'],
|
'add' => ['perm_community_admin'],
|
||||||
'delete' => ['perm_admin'],
|
'delete' => ['perm_community_admin'],
|
||||||
'edit' => ['perm_admin'],
|
'edit' => ['perm_community_admin'],
|
||||||
'index' => ['*'],
|
'index' => ['*'],
|
||||||
'view' => ['*']
|
'view' => ['*']
|
||||||
],
|
],
|
||||||
|
|
@ -354,14 +354,14 @@ class ACLComponent extends Component
|
||||||
if (empty($user) || empty($currentUser)) {
|
if (empty($user) || empty($currentUser)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if ($currentUser['role']['perm_admin']) {
|
if ($currentUser['role']['perm_community_admin']) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if ($user['id'] === $currentUser['id']) {
|
if ($user['id'] === $currentUser['id']) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user['role']['perm_admin']) {
|
if ($user['role']['perm_community_admin']) {
|
||||||
return false; // org_admins cannot edit admins
|
return false; // org_admins cannot edit admins
|
||||||
}
|
}
|
||||||
if ($currentUser['role']['perm_org_admin'] && $user['role']['perm_group_admin']) {
|
if ($currentUser['role']['perm_org_admin'] && $user['role']['perm_group_admin']) {
|
||||||
|
|
@ -401,7 +401,7 @@ class ACLComponent extends Component
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if (!empty($this->user->role->perm_admin)) {
|
if (!empty($this->user->role->perm_admin)) {
|
||||||
return true;
|
//return true;
|
||||||
}
|
}
|
||||||
//$this->__checkLoggedActions($user, $controller, $action);
|
//$this->__checkLoggedActions($user, $controller, $action);
|
||||||
if (isset($this->aclList['*'][$action])) {
|
if (isset($this->aclList['*'][$action])) {
|
||||||
|
|
@ -589,7 +589,7 @@ class ACLComponent extends Component
|
||||||
}
|
}
|
||||||
foreach ($this->aclList as $controller => $actions) {
|
foreach ($this->aclList as $controller => $actions) {
|
||||||
foreach ($actions as $action => $permissions) {
|
foreach ($actions as $action => $permissions) {
|
||||||
if ($role['perm_admin']) {
|
if ($role['perm_admin'] && empty($permissions)) {
|
||||||
$results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
|
$results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
|
||||||
} elseif (in_array('*', $permissions)) {
|
} elseif (in_array('*', $permissions)) {
|
||||||
$results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
|
$results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ class TagsNavigation extends BaseNavigation
|
||||||
public function addLinks()
|
public function addLinks()
|
||||||
{
|
{
|
||||||
$controller = 'Tags';
|
$controller = 'Tags';
|
||||||
if (empty($this->viewVars['loggedUser']['role']['perm_admin'])) {
|
if (empty($this->viewVars['loggedUser']['role']['perm_community_admin'])) {
|
||||||
$this->bcf->removeLink($controller, 'view', $controller, 'edit');
|
$this->bcf->removeLink($controller, 'view', $controller, 'edit');
|
||||||
$this->bcf->removeLink($controller, 'edit', $controller, 'edit');
|
$this->bcf->removeLink($controller, 'edit', $controller, 'edit');
|
||||||
}
|
}
|
||||||
|
|
@ -17,7 +17,7 @@ class TagsNavigation extends BaseNavigation
|
||||||
public function addActions()
|
public function addActions()
|
||||||
{
|
{
|
||||||
$controller = 'Tags';
|
$controller = 'Tags';
|
||||||
if (empty($this->viewVars['loggedUser']['role']['perm_admin'])) {
|
if (empty($this->viewVars['loggedUser']['role']['perm_community_admin'])) {
|
||||||
$this->bcf->removeAction($controller, 'view', $controller, 'delete');
|
$this->bcf->removeAction($controller, 'view', $controller, 'delete');
|
||||||
$this->bcf->removeAction($controller, 'edit', $controller, 'delete');
|
$this->bcf->removeAction($controller, 'edit', $controller, 'delete');
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -312,12 +312,12 @@ class BreadcrumbFactory
|
||||||
|
|
||||||
$this->addAction($controller, 'view', $controller, 'add');
|
$this->addAction($controller, 'view', $controller, 'add');
|
||||||
$this->addAction($controller, 'view', $controller, 'delete');
|
$this->addAction($controller, 'view', $controller, 'delete');
|
||||||
if (!empty($loggedUser['role']['perm_admin'])) {
|
if (!empty($loggedUser['role']['perm_community_admin'])) {
|
||||||
$this->addAction($controller, 'view', $controller, 'audit');
|
$this->addAction($controller, 'view', $controller, 'audit');
|
||||||
}
|
}
|
||||||
$this->addAction($controller, 'edit', $controller, 'add');
|
$this->addAction($controller, 'edit', $controller, 'add');
|
||||||
$this->addAction($controller, 'edit', $controller, 'delete');
|
$this->addAction($controller, 'edit', $controller, 'delete');
|
||||||
if (!empty($loggedUser['role']['perm_admin'])) {
|
if (!empty($loggedUser['role']['perm_community_admin'])) {
|
||||||
$this->addAction($controller, 'edit', $controller, 'audit');
|
$this->addAction($controller, 'edit', $controller, 'audit');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -140,6 +140,7 @@ class RestResponseComponent extends Component
|
||||||
'perm_delegate',
|
'perm_delegate',
|
||||||
'perm_sync',
|
'perm_sync',
|
||||||
'perm_admin',
|
'perm_admin',
|
||||||
|
'perm_community_admin',
|
||||||
'perm_audit',
|
'perm_audit',
|
||||||
'perm_auth',
|
'perm_auth',
|
||||||
'perm_site_admin',
|
'perm_site_admin',
|
||||||
|
|
@ -160,6 +161,7 @@ class RestResponseComponent extends Component
|
||||||
'perm_delegate',
|
'perm_delegate',
|
||||||
'perm_sync',
|
'perm_sync',
|
||||||
'perm_admin',
|
'perm_admin',
|
||||||
|
'perm_community_admin',
|
||||||
'perm_audit',
|
'perm_audit',
|
||||||
'perm_auth',
|
'perm_auth',
|
||||||
'perm_site_admin',
|
'perm_site_admin',
|
||||||
|
|
@ -1253,6 +1255,11 @@ class RestResponseComponent extends Component
|
||||||
'type' => 'integer',
|
'type' => 'integer',
|
||||||
'values' => array(1 => 'True', 0 => 'False' )
|
'values' => array(1 => 'True', 0 => 'False' )
|
||||||
),
|
),
|
||||||
|
'perm_community_admin' => array(
|
||||||
|
'input' => 'radio',
|
||||||
|
'type' => 'integer',
|
||||||
|
'values' => array(1 => 'True', 0 => 'False' )
|
||||||
|
),
|
||||||
'perm_audit' => array(
|
'perm_audit' => array(
|
||||||
'input' => 'radio',
|
'input' => 'radio',
|
||||||
'type' => 'integer',
|
'type' => 'integer',
|
||||||
|
|
|
||||||
|
|
@ -64,7 +64,7 @@ class EncryptionKeysController extends AppController
|
||||||
$dropdownData = [];
|
$dropdownData = [];
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$params = [];
|
$params = [];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
|
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
|
||||||
}
|
}
|
||||||
$this->CRUD->delete($id, $params);
|
$this->CRUD->delete($id, $params);
|
||||||
|
|
@ -77,7 +77,7 @@ class EncryptionKeysController extends AppController
|
||||||
|
|
||||||
private function buildBeforeSave(array $params, $currentUser, array &$orgConditions, array &$individualConditions, array &$dropdownData): array
|
private function buildBeforeSave(array $params, $currentUser, array &$orgConditions, array &$individualConditions, array &$dropdownData): array
|
||||||
{
|
{
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$orgConditions = [
|
$orgConditions = [
|
||||||
'id' => $currentUser['organisation_id']
|
'id' => $currentUser['organisation_id']
|
||||||
];
|
];
|
||||||
|
|
@ -154,7 +154,7 @@ class EncryptionKeysController extends AppController
|
||||||
],
|
],
|
||||||
'redirect' => $this->referer()
|
'redirect' => $this->referer()
|
||||||
];
|
];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
|
$params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
|
||||||
}
|
}
|
||||||
$this->CRUD->edit($id, $params);
|
$this->CRUD->edit($id, $params);
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ class IndividualsController extends AppController
|
||||||
public function index()
|
public function index()
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$orgAdmin = !$currentUser['role']['perm_admin'] && $currentUser['role']['perm_org_admin'];
|
$orgAdmin = !$currentUser['role']['perm_community_admin'] && $currentUser['role']['perm_org_admin'];
|
||||||
$this->CRUD->index([
|
$this->CRUD->index([
|
||||||
'filters' => $this->filterFields,
|
'filters' => $this->filterFields,
|
||||||
'quickFilters' => $this->quickFilterFields,
|
'quickFilters' => $this->quickFilterFields,
|
||||||
|
|
@ -37,7 +37,7 @@ class IndividualsController extends AppController
|
||||||
'contain' => $this->containFields,
|
'contain' => $this->containFields,
|
||||||
'statisticsFields' => $this->statisticsFields,
|
'statisticsFields' => $this->statisticsFields,
|
||||||
'afterFind' => function($data) use ($currentUser) {
|
'afterFind' => function($data) use ($currentUser) {
|
||||||
if ($currentUser['role']['perm_admin']) {
|
if ($currentUser['role']['perm_community_admin']) {
|
||||||
$data['user'] = $this->Individuals->Users->find()->select(['id', 'username', 'Organisations.id', 'Organisations.name'])->contain('Organisations')->where(['individual_id' => $data['id']])->all()->toArray();
|
$data['user'] = $this->Individuals->Users->find()->select(['id', 'username', 'Organisations.id', 'Organisations.name'])->contain('Organisations')->where(['individual_id' => $data['id']])->all()->toArray();
|
||||||
}
|
}
|
||||||
return $data;
|
return $data;
|
||||||
|
|
@ -88,7 +88,7 @@ class IndividualsController extends AppController
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$this->CRUD->edit($id, [
|
$this->CRUD->edit($id, [
|
||||||
'beforeSave' => function($data) use ($currentUser) {
|
'beforeSave' => function($data) use ($currentUser) {
|
||||||
if ($currentUser['role']['perm_admin'] && isset($data['uuid'])) {
|
if ($currentUser['role']['perm_community_admin'] && isset($data['uuid'])) {
|
||||||
unset($data['uuid']);
|
unset($data['uuid']);
|
||||||
}
|
}
|
||||||
return $data;
|
return $data;
|
||||||
|
|
@ -157,7 +157,7 @@ class IndividualsController extends AppController
|
||||||
private function canEdit($indId): bool
|
private function canEdit($indId): bool
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if ($currentUser['role']['perm_admin']) {
|
if ($currentUser['role']['perm_community_admin']) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
$validIndividuals = $this->Individuals->getValidIndividualsToEdit($currentUser);
|
$validIndividuals = $this->Individuals->getValidIndividualsToEdit($currentUser);
|
||||||
|
|
@ -174,7 +174,7 @@ class IndividualsController extends AppController
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if ($currentUser['role']['perm_admin']) {
|
if ($currentUser['role']['perm_community_admin']) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ class MailingListsController extends AppController
|
||||||
'quickFilters' => $this->quickFilterFields,
|
'quickFilters' => $this->quickFilterFields,
|
||||||
'statisticsFields' => $this->statisticsFields,
|
'statisticsFields' => $this->statisticsFields,
|
||||||
'afterFind' => function ($row) use ($currentUser) {
|
'afterFind' => function ($row) use ($currentUser) {
|
||||||
if (empty($currentUser['role']['perm_admin']) && $row['user_id'] != $currentUser['id']) {
|
if (empty($currentUser['role']['perm_community_admin']) && $row['user_id'] != $currentUser['id']) {
|
||||||
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $row)) {
|
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $row)) {
|
||||||
$row = false;
|
$row = false;
|
||||||
}
|
}
|
||||||
|
|
@ -66,7 +66,7 @@ class MailingListsController extends AppController
|
||||||
$this->CRUD->view($id, [
|
$this->CRUD->view($id, [
|
||||||
'contain' => $this->containFields,
|
'contain' => $this->containFields,
|
||||||
'afterFind' => function($data) use ($currentUser) {
|
'afterFind' => function($data) use ($currentUser) {
|
||||||
if (empty($currentUser['role']['perm_admin']) && $data['user_id'] != $currentUser['id']) {
|
if (empty($currentUser['role']['perm_community_admin']) && $data['user_id'] != $currentUser['id']) {
|
||||||
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $data)) {
|
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $data)) {
|
||||||
$data = [];
|
$data = [];
|
||||||
}
|
}
|
||||||
|
|
@ -84,7 +84,7 @@ class MailingListsController extends AppController
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$params = [];
|
$params = [];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$params['conditions'] = ['user_id' => $currentUser['id']];
|
$params['conditions'] = ['user_id' => $currentUser['id']];
|
||||||
}
|
}
|
||||||
$this->CRUD->edit($id, $params);
|
$this->CRUD->edit($id, $params);
|
||||||
|
|
@ -98,7 +98,7 @@ class MailingListsController extends AppController
|
||||||
public function delete($id)
|
public function delete($id)
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$params['conditions'] = ['user_id' => $currentUser['id']];
|
$params['conditions'] = ['user_id' => $currentUser['id']];
|
||||||
}
|
}
|
||||||
$this->CRUD->delete($id, $params);
|
$this->CRUD->delete($id, $params);
|
||||||
|
|
@ -131,7 +131,7 @@ class MailingListsController extends AppController
|
||||||
if (is_null($mailingList)) {
|
if (is_null($mailingList)) {
|
||||||
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
|
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
|
||||||
}
|
}
|
||||||
if (empty($currentUser['role']['perm_admin']) && $mailingList['user_id'] != $currentUser['id']) {
|
if (empty($currentUser['role']['perm_community_admin']) && $mailingList['user_id'] != $currentUser['id']) {
|
||||||
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $mailingList)) {
|
if (!$this->MailingLists->isIndividualListed($currentUser['individual_id'], $mailingList)) {
|
||||||
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
|
throw new NotFoundException(__('Invalid {0}.', Inflector::singularize($this->MailingLists->getAlias())));
|
||||||
}
|
}
|
||||||
|
|
@ -197,7 +197,7 @@ class MailingListsController extends AppController
|
||||||
$params = [
|
$params = [
|
||||||
'contain' => ['Individuals', 'MetaFields']
|
'contain' => ['Individuals', 'MetaFields']
|
||||||
];
|
];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$params['conditions'] = ['user_id' => $currentUser['id']];
|
$params['conditions'] = ['user_id' => $currentUser['id']];
|
||||||
}
|
}
|
||||||
$mailingList = $this->MailingLists->get($mailinglist_id, $params);
|
$mailingList = $this->MailingLists->get($mailinglist_id, $params);
|
||||||
|
|
@ -274,7 +274,7 @@ class MailingListsController extends AppController
|
||||||
$params = [
|
$params = [
|
||||||
'contain' => ['Individuals', 'MetaFields']
|
'contain' => ['Individuals', 'MetaFields']
|
||||||
];
|
];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$params['conditions'] = ['user_id' => $currentUser['id']];
|
$params['conditions'] = ['user_id' => $currentUser['id']];
|
||||||
}
|
}
|
||||||
$mailingList = $this->MailingLists->get($mailinglist_id, $params);
|
$mailingList = $this->MailingLists->get($mailinglist_id, $params);
|
||||||
|
|
|
||||||
|
|
@ -121,7 +121,7 @@ class OrgGroupsController extends AppController
|
||||||
private function canEdit($groupId): bool
|
private function canEdit($groupId): bool
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if ($currentUser['role']['perm_admin']) {
|
if ($currentUser['role']['perm_community_admin']) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if ($currentUser['role']['perm_group_admin']) {
|
if ($currentUser['role']['perm_group_admin']) {
|
||||||
|
|
@ -140,7 +140,7 @@ class OrgGroupsController extends AppController
|
||||||
private function canEditDefinition($groupId): bool
|
private function canEditDefinition($groupId): bool
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if ($currentUser['role']['perm_admin']) {
|
if ($currentUser['role']['perm_community_admin']) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -154,7 +154,7 @@ class OrgGroupsController extends AppController
|
||||||
}
|
}
|
||||||
$orgGroup = $this->OrgGroups->get($groupId, ['contain' => ['Users' => ['Individuals', 'Organisations']]]);
|
$orgGroup = $this->OrgGroups->get($groupId, ['contain' => ['Users' => ['Individuals', 'Organisations']]]);
|
||||||
$this->set('data', $orgGroup['users']);
|
$this->set('data', $orgGroup['users']);
|
||||||
$this->set('canEdit', $this->ACL->getUser()['role']['perm_admin']);
|
$this->set('canEdit', $this->ACL->getUser()['role']['perm_community_admin']);
|
||||||
$this->set('groupId', $groupId);
|
$this->set('groupId', $groupId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -172,7 +172,7 @@ class OrgGroupsController extends AppController
|
||||||
|
|
||||||
public function assignAdmin($groupId)
|
public function assignAdmin($groupId)
|
||||||
{
|
{
|
||||||
if (!$this->ACL->getUser()['role']['perm_admin']) {
|
if (!$this->ACL->getUser()['role']['perm_community_admin']) {
|
||||||
throw new MethodNotAllowedException(__('You do not have permission to edit this group.'));
|
throw new MethodNotAllowedException(__('You do not have permission to edit this group.'));
|
||||||
}
|
}
|
||||||
$this->CRUD->linkObjects(__FUNCTION__, $groupId, 'OrgGroups', 'Users', ['redirect' => '/orgGroups/listAdmins/' . $groupId]);
|
$this->CRUD->linkObjects(__FUNCTION__, $groupId, 'OrgGroups', 'Users', ['redirect' => '/orgGroups/listAdmins/' . $groupId]);
|
||||||
|
|
@ -188,7 +188,7 @@ class OrgGroupsController extends AppController
|
||||||
$validRoles = $this->Roles->find('list')->disableHydration()->select(
|
$validRoles = $this->Roles->find('list')->disableHydration()->select(
|
||||||
['id', 'name']
|
['id', 'name']
|
||||||
)->where(
|
)->where(
|
||||||
['OR' => ['perm_admin' => 1, 'perm_group_admin' => 1]]
|
['OR' => ['perm_community_admin' => 1, 'perm_group_admin' => 1]]
|
||||||
)->toArray();
|
)->toArray();
|
||||||
$admins = $this->Users->find('list')->disableHydration()->select(['id', 'username'])->where(['Users.role_id IN' => array_keys($validRoles)])->toArray();
|
$admins = $this->Users->find('list')->disableHydration()->select(['id', 'username'])->where(['Users.role_id IN' => array_keys($validRoles)])->toArray();
|
||||||
asort($admins, SORT_STRING | SORT_FLAG_CASE);
|
asort($admins, SORT_STRING | SORT_FLAG_CASE);
|
||||||
|
|
@ -207,7 +207,7 @@ class OrgGroupsController extends AppController
|
||||||
|
|
||||||
public function removeAdmin($groupId, $adminId)
|
public function removeAdmin($groupId, $adminId)
|
||||||
{
|
{
|
||||||
if (!$this->ACL->getUser()['role']['perm_admin']) {
|
if (!$this->ACL->getUser()['role']['perm_community_admin']) {
|
||||||
throw new MethodNotAllowedException(__('You do not have permission to edit this group.'));
|
throw new MethodNotAllowedException(__('You do not have permission to edit this group.'));
|
||||||
}
|
}
|
||||||
$this->CRUD->unlinkObjects(__FUNCTION__, $groupId, $adminId, 'OrgGroups', 'Users');
|
$this->CRUD->unlinkObjects(__FUNCTION__, $groupId, $adminId, 'OrgGroups', 'Users');
|
||||||
|
|
|
||||||
|
|
@ -121,7 +121,7 @@ class OrganisationsController extends AppController
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$this->CRUD->edit($id, [
|
$this->CRUD->edit($id, [
|
||||||
'beforeSave' => function($data) use ($currentUser) {
|
'beforeSave' => function($data) use ($currentUser) {
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
unset($data['uuid']);
|
unset($data['uuid']);
|
||||||
}
|
}
|
||||||
return $data;
|
return $data;
|
||||||
|
|
@ -181,7 +181,7 @@ class OrganisationsController extends AppController
|
||||||
private function canEdit($orgId): bool
|
private function canEdit($orgId): bool
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if ($currentUser['role']['perm_admin']) {
|
if ($currentUser['role']['perm_community_admin']) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ use Cake\Http\Exception\ForbiddenException;
|
||||||
|
|
||||||
class RolesController extends AppController
|
class RolesController extends AppController
|
||||||
{
|
{
|
||||||
public $filterFields = ['name', 'uuid', 'perm_admin', 'Users.id', 'perm_org_admin'];
|
public $filterFields = ['name', 'uuid', 'perm_admin', 'perm_community_admin', 'Users.id', 'perm_org_admin'];
|
||||||
public $quickFilterFields = ['name'];
|
public $quickFilterFields = ['name'];
|
||||||
public $containFields = [];
|
public $containFields = [];
|
||||||
|
|
||||||
|
|
@ -26,7 +26,7 @@ class RolesController extends AppController
|
||||||
if (!empty($responsePayload)) {
|
if (!empty($responsePayload)) {
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function add()
|
public function add()
|
||||||
|
|
@ -44,7 +44,7 @@ class RolesController extends AppController
|
||||||
if (!empty($responsePayload)) {
|
if (!empty($responsePayload)) {
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function view($id)
|
public function view($id)
|
||||||
|
|
@ -54,7 +54,7 @@ class RolesController extends AppController
|
||||||
if (!empty($responsePayload)) {
|
if (!empty($responsePayload)) {
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function edit($id)
|
public function edit($id)
|
||||||
|
|
@ -72,7 +72,7 @@ class RolesController extends AppController
|
||||||
if (!empty($responsePayload)) {
|
if (!empty($responsePayload)) {
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
$this->render('add');
|
$this->render('add');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -83,6 +83,6 @@ class RolesController extends AppController
|
||||||
if (!empty($responsePayload)) {
|
if (!empty($responsePayload)) {
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ class SharingGroupsController extends AppController
|
||||||
'quickFilters' => $this->quickFilterFields,
|
'quickFilters' => $this->quickFilterFields,
|
||||||
'conditions' => $conditions,
|
'conditions' => $conditions,
|
||||||
'afterFind' => function ($row) use ($currentUser) {
|
'afterFind' => function ($row) use ($currentUser) {
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$orgFound = false;
|
$orgFound = false;
|
||||||
if (!empty($row['sharing_group_orgs'])) {
|
if (!empty($row['sharing_group_orgs'])) {
|
||||||
foreach ($row['sharing_group_orgs'] as $org) {
|
foreach ($row['sharing_group_orgs'] as $org) {
|
||||||
|
|
@ -56,7 +56,7 @@ class SharingGroupsController extends AppController
|
||||||
'user_id' => $this->ACL->getUser()['id']
|
'user_id' => $this->ACL->getUser()['id']
|
||||||
],
|
],
|
||||||
'beforeSave' => function($data) use ($currentUser) {
|
'beforeSave' => function($data) use ($currentUser) {
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
$data['organisation_id'] = $currentUser['organisation_id'];
|
$data['organisation_id'] = $currentUser['organisation_id'];
|
||||||
}
|
}
|
||||||
return $data;
|
return $data;
|
||||||
|
|
@ -78,7 +78,7 @@ class SharingGroupsController extends AppController
|
||||||
$this->CRUD->view($id, [
|
$this->CRUD->view($id, [
|
||||||
'contain' => ['SharingGroupOrgs', 'Organisations', 'Users' => ['fields' => ['id', 'username']]],
|
'contain' => ['SharingGroupOrgs', 'Organisations', 'Users' => ['fields' => ['id', 'username']]],
|
||||||
'afterFind' => function($data) use ($currentUser) {
|
'afterFind' => function($data) use ($currentUser) {
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$orgFound = false;
|
$orgFound = false;
|
||||||
if (!empty($data['sharing_group_orgs'])) {
|
if (!empty($data['sharing_group_orgs'])) {
|
||||||
foreach ($data['sharing_group_orgs'] as $org) {
|
foreach ($data['sharing_group_orgs'] as $org) {
|
||||||
|
|
@ -104,7 +104,7 @@ class SharingGroupsController extends AppController
|
||||||
{
|
{
|
||||||
$params = [];
|
$params = [];
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$params['conditions'] = ['organisation_id' => $currentUser['organisation_id']];
|
$params['conditions'] = ['organisation_id' => $currentUser['organisation_id']];
|
||||||
}
|
}
|
||||||
$params['fields'] = ['name', 'releasability', 'description', 'active'];
|
$params['fields'] = ['name', 'releasability', 'description', 'active'];
|
||||||
|
|
@ -124,7 +124,7 @@ class SharingGroupsController extends AppController
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$params = [];
|
$params = [];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$params['conditions'] = ['organisation_id' => $currentUser['organisation_id']];
|
$params['conditions'] = ['organisation_id' => $currentUser['organisation_id']];
|
||||||
}
|
}
|
||||||
$this->CRUD->delete($id, $params);
|
$this->CRUD->delete($id, $params);
|
||||||
|
|
@ -140,7 +140,7 @@ class SharingGroupsController extends AppController
|
||||||
$sharingGroup = $this->SharingGroups->get($id, [
|
$sharingGroup = $this->SharingGroups->get($id, [
|
||||||
'contain' => 'SharingGroupOrgs'
|
'contain' => 'SharingGroupOrgs'
|
||||||
]);
|
]);
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
if ($sharingGroup['organisation_id'] !== $currentUser['organisation_id']) {
|
if ($sharingGroup['organisation_id'] !== $currentUser['organisation_id']) {
|
||||||
$sharingGroup = null;
|
$sharingGroup = null;
|
||||||
}
|
}
|
||||||
|
|
@ -212,7 +212,7 @@ class SharingGroupsController extends AppController
|
||||||
$sharingGroup = $this->SharingGroups->get($id, [
|
$sharingGroup = $this->SharingGroups->get($id, [
|
||||||
'contain' => 'SharingGroupOrgs'
|
'contain' => 'SharingGroupOrgs'
|
||||||
]);
|
]);
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
if ($sharingGroup['organisation_id'] !== $currentUser['organisation_id']) {
|
if ($sharingGroup['organisation_id'] !== $currentUser['organisation_id']) {
|
||||||
$sharingGroup = null;
|
$sharingGroup = null;
|
||||||
}
|
}
|
||||||
|
|
@ -278,7 +278,7 @@ class SharingGroupsController extends AppController
|
||||||
private function getAvailableOrgForSg($user)
|
private function getAvailableOrgForSg($user)
|
||||||
{
|
{
|
||||||
$organisations = [];
|
$organisations = [];
|
||||||
if (!empty($user['role']['perm_admin'])) {
|
if (!empty($user['role']['perm_community_admin'])) {
|
||||||
$organisations = $this->SharingGroups->Organisations->find('list')->order(['name' => 'ASC'])->toArray();
|
$organisations = $this->SharingGroups->Organisations->find('list')->order(['name' => 'ASC'])->toArray();
|
||||||
} else {
|
} else {
|
||||||
$organisations = $this->SharingGroups->Organisations->find('list', [
|
$organisations = $this->SharingGroups->Organisations->find('list', [
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ class UserSettingsController extends AppController
|
||||||
{
|
{
|
||||||
$conditions = [];
|
$conditions = [];
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$conditions['user_id'] = $currentUser->id;
|
$conditions['user_id'] = $currentUser->id;
|
||||||
}
|
}
|
||||||
$this->CRUD->index([
|
$this->CRUD->index([
|
||||||
|
|
@ -39,7 +39,7 @@ class UserSettingsController extends AppController
|
||||||
$conditions = [
|
$conditions = [
|
||||||
'id' => $this->request->getQuery('Users_id')
|
'id' => $this->request->getQuery('Users_id')
|
||||||
];
|
];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$conditions['organisation_id'] = $currentUser['organisation_id'];
|
$conditions['organisation_id'] = $currentUser['organisation_id'];
|
||||||
}
|
}
|
||||||
$settingsForUser = $this->UserSettings->Users->find()->where($conditions)->first();
|
$settingsForUser = $this->UserSettings->Users->find()->where($conditions)->first();
|
||||||
|
|
@ -76,7 +76,7 @@ class UserSettingsController extends AppController
|
||||||
if (!empty($existingSetting)) {
|
if (!empty($existingSetting)) {
|
||||||
throw new MethodNotAllowedException(__('You cannot create a setting that already exists for the given user.'));
|
throw new MethodNotAllowedException(__('You cannot create a setting that already exists for the given user.'));
|
||||||
}
|
}
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$data['user_id'] = $currentUser->id;
|
$data['user_id'] = $currentUser->id;
|
||||||
}
|
}
|
||||||
return $data;
|
return $data;
|
||||||
|
|
@ -87,7 +87,7 @@ class UserSettingsController extends AppController
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$allUsers = $this->UserSettings->Users->find('list', ['keyField' => 'id', 'valueField' => 'username'])->order(['username' => 'ASC']);
|
$allUsers = $this->UserSettings->Users->find('list', ['keyField' => 'id', 'valueField' => 'username'])->order(['username' => 'ASC']);
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$allUsers->where(['id' => $currentUser->id]);
|
$allUsers->where(['id' => $currentUser->id]);
|
||||||
$user_id = $currentUser->id;
|
$user_id = $currentUser->id;
|
||||||
} else if (!is_null($user_id)) {
|
} else if (!is_null($user_id)) {
|
||||||
|
|
@ -109,7 +109,7 @@ class UserSettingsController extends AppController
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$validUsers = [];
|
$validUsers = [];
|
||||||
$individual_ids = [];
|
$individual_ids = [];
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
if ($currentUser['role']['perm_org_admin']) {
|
if ($currentUser['role']['perm_org_admin']) {
|
||||||
$validUsers = $this->Users->find('list')->select(['id', 'username'])->order(['username' => 'asc'])->where(['organisation_id' => $currentUser['organisation']['id']])->all()->toArray();
|
$validUsers = $this->Users->find('list')->select(['id', 'username'])->order(['username' => 'asc'])->where(['organisation_id' => $currentUser['organisation']['id']])->all()->toArray();
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -272,7 +272,7 @@ class UserSettingsController extends AppController
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$isAllowed = false;
|
$isAllowed = false;
|
||||||
if (!empty($currentUser['role']['perm_admin'])) {
|
if (!empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$isAllowed = true;
|
$isAllowed = true;
|
||||||
} else {
|
} else {
|
||||||
if (is_numeric($setting)) {
|
if (is_numeric($setting)) {
|
||||||
|
|
@ -301,7 +301,7 @@ class UserSettingsController extends AppController
|
||||||
if (is_bool($user_id)) {
|
if (is_bool($user_id)) {
|
||||||
return $currentUser;
|
return $currentUser;
|
||||||
}
|
}
|
||||||
if (!empty($currentUser['role']['perm_admin'])) {
|
if (!empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$user = $this->Users->get($user_id, [
|
$user = $this->Users->get($user_id, [
|
||||||
'contain' => ['Roles', 'Individuals' => 'Organisations']
|
'contain' => ['Roles', 'Individuals' => 'Organisations']
|
||||||
]);
|
]);
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ class UsersController extends AppController
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$conditions = [];
|
$conditions = [];
|
||||||
$validOrgIDsFOrEdition = [];
|
$validOrgIDsFOrEdition = [];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$conditions['organisation_id IN'] = [$currentUser['organisation_id']];
|
$conditions['organisation_id IN'] = [$currentUser['organisation_id']];
|
||||||
if (!empty($currentUser['role']['perm_group_admin'])) {
|
if (!empty($currentUser['role']['perm_group_admin'])) {
|
||||||
$this->loadModel('OrgGroups');
|
$this->loadModel('OrgGroups');
|
||||||
|
|
@ -66,7 +66,7 @@ class UsersController extends AppController
|
||||||
}
|
}
|
||||||
$this->set(
|
$this->set(
|
||||||
'validRoles',
|
'validRoles',
|
||||||
$this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_org_admin' => 0])->all()->toArray()
|
$this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_org_admin' => 0])->all()->toArray()
|
||||||
);
|
);
|
||||||
$this->set('validOrgIDsFOrEdition', $validOrgIDsFOrEdition);
|
$this->set('validOrgIDsFOrEdition', $validOrgIDsFOrEdition);
|
||||||
}
|
}
|
||||||
|
|
@ -84,12 +84,12 @@ class UsersController extends AppController
|
||||||
'sort' => ['email' => 'asc']
|
'sort' => ['email' => 'asc']
|
||||||
];
|
];
|
||||||
$individual_ids = [];
|
$individual_ids = [];
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
if ($currentUser['role']['perm_group_admin']) {
|
if ($currentUser['role']['perm_group_admin']) {
|
||||||
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
|
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
|
||||||
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
|
$individual_ids = $this->Users->Individuals->find('aligned', ['organisation_id' => $currentUser['organisation_id']])->all()->extract('id')->toArray();
|
||||||
} else {
|
} else {
|
||||||
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
|
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
|
||||||
|
|
||||||
}
|
}
|
||||||
if (empty($individual_ids)) {
|
if (empty($individual_ids)) {
|
||||||
|
|
@ -116,7 +116,7 @@ class UsersController extends AppController
|
||||||
if (!isset($data['role_id']) && !empty($defaultRole)) {
|
if (!isset($data['role_id']) && !empty($defaultRole)) {
|
||||||
$data['role_id'] = $defaultRole['id'];
|
$data['role_id'] = $defaultRole['id'];
|
||||||
}
|
}
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
$validOrgs = $this->Users->getValidOrgsForUser($currentUser);
|
$validOrgs = $this->Users->getValidOrgsForUser($currentUser);
|
||||||
if ($currentUser['role']['perm_group_admin']) {
|
if ($currentUser['role']['perm_group_admin']) {
|
||||||
if (!empty($data['organisation_id']) && !in_array($currentUser['organisation_id'], $validOrgs)) {
|
if (!empty($data['organisation_id']) && !in_array($currentUser['organisation_id'], $validOrgs)) {
|
||||||
|
|
@ -136,7 +136,7 @@ class UsersController extends AppController
|
||||||
}
|
}
|
||||||
$data['individual']['alignments'][] = ['type' => 'Member', 'organisation' => ['uuid' => $existingOrg['uuid']]];
|
$data['individual']['alignments'][] = ['type' => 'Member', 'organisation' => ['uuid' => $existingOrg['uuid']]];
|
||||||
$data['individual_id'] = $this->Users->Individuals->captureIndividual($data['individual'], true);
|
$data['individual_id'] = $this->Users->Individuals->captureIndividual($data['individual'], true);
|
||||||
} else if (!$currentUser['role']['perm_admin'] && isset($data['individual_id'])) {
|
} else if (!$currentUser['role']['perm_community_admin'] && isset($data['individual_id'])) {
|
||||||
if (!in_array($data['individual_id'], $individual_ids)) {
|
if (!in_array($data['individual_id'], $individual_ids)) {
|
||||||
throw new MethodNotAllowedException(__('The selected individual is not aligned with your organisation. Creating a user for them is not permitted.'));
|
throw new MethodNotAllowedException(__('The selected individual is not aligned with your organisation. Creating a user for them is not permitted.'));
|
||||||
}
|
}
|
||||||
|
|
@ -177,7 +177,7 @@ class UsersController extends AppController
|
||||||
$alignments = array_map(function($value) { return array_values($value); }, $alignments);
|
$alignments = array_map(function($value) { return array_values($value); }, $alignments);
|
||||||
*/
|
*/
|
||||||
$org_conditions = [];
|
$org_conditions = [];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$validOrgs = $this->Users->getValidOrgsForUser($currentUser);
|
$validOrgs = $this->Users->getValidOrgsForUser($currentUser);
|
||||||
$org_conditions = ['id IN' => $validOrgs];
|
$org_conditions = ['id IN' => $validOrgs];
|
||||||
}
|
}
|
||||||
|
|
@ -191,13 +191,13 @@ class UsersController extends AppController
|
||||||
];
|
];
|
||||||
$this->set(compact('dropdownData'));
|
$this->set(compact('dropdownData'));
|
||||||
$this->set('defaultRole', $defaultRole['id'] ?? null);
|
$this->set('defaultRole', $defaultRole['id'] ?? null);
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function view($id = false)
|
public function view($id = false)
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
|
if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_community_admin']))) {
|
||||||
$id = $this->ACL->getUser()['id'];
|
$id = $this->ACL->getUser()['id'];
|
||||||
}
|
}
|
||||||
$keycloakUsersParsed = null;
|
$keycloakUsersParsed = null;
|
||||||
|
|
@ -213,7 +213,7 @@ class UsersController extends AppController
|
||||||
'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles', 'Organisations', 'OrgGroups'],
|
'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles', 'Organisations', 'OrgGroups'],
|
||||||
'afterFind' => function($data) use ($keycloakUsersParsed, $currentUser) {
|
'afterFind' => function($data) use ($keycloakUsersParsed, $currentUser) {
|
||||||
if (
|
if (
|
||||||
empty($currentUser['role']['perm_admin']) &&
|
empty($currentUser['role']['perm_community_admin']) &&
|
||||||
($currentUser['organisation_id'] != $data['organisation_id']) &&
|
($currentUser['organisation_id'] != $data['organisation_id']) &&
|
||||||
(empty($currentUser['role']['perm_group_admin']) || !$this->ACL->canEditUser($currentUser, $data))
|
(empty($currentUser['role']['perm_group_admin']) || !$this->ACL->canEditUser($currentUser, $data))
|
||||||
) {
|
) {
|
||||||
|
|
@ -240,11 +240,11 @@ class UsersController extends AppController
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$validRoles = [];
|
$validRoles = [];
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
if ($currentUser['role']['perm_group_admin']) {
|
if ($currentUser['role']['perm_group_admin']) {
|
||||||
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
|
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_group_admin' => 0])->all()->toArray();
|
||||||
} else {
|
} else {
|
||||||
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
|
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_community_admin' => 0, 'perm_group_admin' => 0, 'perm_org_admin' => 0])->all()->toArray();
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
|
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
|
||||||
|
|
@ -266,10 +266,10 @@ class UsersController extends AppController
|
||||||
];
|
];
|
||||||
if ($this->request->is(['get'])) {
|
if ($this->request->is(['get'])) {
|
||||||
$params['fields'] = array_merge($params['fields'], ['role_id', 'disabled']);
|
$params['fields'] = array_merge($params['fields'], ['role_id', 'disabled']);
|
||||||
if (!empty($this->ACL->getUser()['role']['perm_admin'])) {
|
if (!empty($this->ACL->getUser()['role']['perm_community_admin'])) {
|
||||||
$params['fields'][] = 'organisation_id';
|
$params['fields'][] = 'organisation_id';
|
||||||
}
|
}
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
$params['afterFind'] = function ($user, &$params) use ($currentUser) {
|
$params['afterFind'] = function ($user, &$params) use ($currentUser) {
|
||||||
if (!empty($user)) { // We don't have a 404
|
if (!empty($user)) { // We don't have a 404
|
||||||
if (!$this->ACL->canEditUser($currentUser, $user)) {
|
if (!$this->ACL->canEditUser($currentUser, $user)) {
|
||||||
|
|
@ -288,14 +288,14 @@ class UsersController extends AppController
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_admin'])) {
|
if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_community_admin'])) {
|
||||||
$params['fields'][] = 'role_id';
|
$params['fields'][] = 'role_id';
|
||||||
$params['fields'][] = 'organisation_id';
|
$params['fields'][] = 'organisation_id';
|
||||||
$params['fields'][] = 'disabled';
|
$params['fields'][] = 'disabled';
|
||||||
} else if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_org_admin'])) {
|
} else if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_org_admin'])) {
|
||||||
$params['fields'][] = 'role_id';
|
$params['fields'][] = 'role_id';
|
||||||
$params['fields'][] = 'disabled';
|
$params['fields'][] = 'disabled';
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
$params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) {
|
$params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) {
|
||||||
if (!in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) {
|
if (!in_array($data['role_id'], array_keys($validRoles)) && $this->ACL->getUser()['id'] != $data['id']) {
|
||||||
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
|
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
|
||||||
|
|
@ -319,7 +319,7 @@ class UsersController extends AppController
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$org_conditions = [];
|
$org_conditions = [];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$org_conditions = ['id' => $currentUser['organisation_id']];
|
$org_conditions = ['id' => $currentUser['organisation_id']];
|
||||||
}
|
}
|
||||||
if ($this->ACL->getUser()['id'] == $id) {
|
if ($this->ACL->getUser()['id'] == $id) {
|
||||||
|
|
@ -344,7 +344,7 @@ class UsersController extends AppController
|
||||||
'contain' => 'Roles'
|
'contain' => 'Roles'
|
||||||
];
|
];
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
$params['afterFind'] = function ($user, &$params) use ($currentUser) {
|
$params['afterFind'] = function ($user, &$params) use ($currentUser) {
|
||||||
if (!$this->ACL->canEditUser($currentUser, $user)) {
|
if (!$this->ACL->canEditUser($currentUser, $user)) {
|
||||||
throw new MethodNotAllowedException(__('You cannot edit the given user.'));
|
throw new MethodNotAllowedException(__('You cannot edit the given user.'));
|
||||||
|
|
@ -363,7 +363,7 @@ class UsersController extends AppController
|
||||||
{
|
{
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
$validRoles = [];
|
$validRoles = [];
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
|
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
|
||||||
}
|
}
|
||||||
$params = [
|
$params = [
|
||||||
|
|
@ -374,7 +374,7 @@ class UsersController extends AppController
|
||||||
if (!$this->ACL->canEditUser($currentUser, $data)) {
|
if (!$this->ACL->canEditUser($currentUser, $data)) {
|
||||||
throw new MethodNotAllowedException(__('You cannot edit the given user.'));
|
throw new MethodNotAllowedException(__('You cannot edit the given user.'));
|
||||||
}
|
}
|
||||||
if (!$currentUser['role']['perm_admin']) {
|
if (!$currentUser['role']['perm_community_admin']) {
|
||||||
if ($data['organisation_id'] !== $currentUser['organisation_id']) {
|
if ($data['organisation_id'] !== $currentUser['organisation_id']) {
|
||||||
throw new MethodNotAllowedException(__('You do not have permission to delete the given user.'));
|
throw new MethodNotAllowedException(__('You do not have permission to delete the given user.'));
|
||||||
}
|
}
|
||||||
|
|
@ -395,7 +395,7 @@ class UsersController extends AppController
|
||||||
if (!empty($responsePayload)) {
|
if (!empty($responsePayload)) {
|
||||||
return $responsePayload;
|
return $responsePayload;
|
||||||
}
|
}
|
||||||
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
|
$this->set('metaGroup', $this->isCommunityAdmin ? 'Administration' : 'Cerebrate');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function login()
|
public function login()
|
||||||
|
|
@ -469,7 +469,7 @@ class UsersController extends AppController
|
||||||
{
|
{
|
||||||
$editingAnotherUser = false;
|
$editingAnotherUser = false;
|
||||||
$currentUser = $this->ACL->getUser();
|
$currentUser = $this->ACL->getUser();
|
||||||
if ((empty($currentUser['role']['perm_admin']) && empty($currentUser['role']['perm_group_admin'])) || $user_id == $currentUser->id) {
|
if ((empty($currentUser['role']['perm_community_admin']) && empty($currentUser['role']['perm_group_admin'])) || $user_id == $currentUser->id) {
|
||||||
$user = $currentUser;
|
$user = $currentUser;
|
||||||
} else {
|
} else {
|
||||||
$user = $this->Users->get($user_id, [
|
$user = $this->Users->get($user_id, [
|
||||||
|
|
|
||||||
|
|
@ -75,7 +75,7 @@ class NotifyAdminsBehavior extends Behavior
|
||||||
$loggedUser = Configure::read('loggedUser');
|
$loggedUser = Configure::read('loggedUser');
|
||||||
if (
|
if (
|
||||||
empty(Configure::read('inbox.data_change_notify_for_all', false)) &&
|
empty(Configure::read('inbox.data_change_notify_for_all', false)) &&
|
||||||
(empty($loggedUser) || !empty($loggedUser['role']['perm_admin']) || !empty($loggedUser['role']['perm_sync']))
|
(empty($loggedUser) || !empty($loggedUser['role']['perm_admin']) || !empty($loggedUser['role']['perm_sync']) || !empty(empty($loggedUser['role']['perm_community_admin'])))
|
||||||
) {
|
) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -164,7 +164,7 @@ class EncryptionKeysTable extends AppTable
|
||||||
if ($entity['owner_model'] !== 'organisation') {
|
if ($entity['owner_model'] !== 'organisation') {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (!empty($user['role']['perm_admin'])) {
|
if (!empty($user['role']['perm_community_admin'])) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if (
|
if (
|
||||||
|
|
@ -181,7 +181,7 @@ class EncryptionKeysTable extends AppTable
|
||||||
if ($entity['owner_model'] !== 'individual') {
|
if ($entity['owner_model'] !== 'individual') {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (!empty($user['role']['perm_admin'])) {
|
if (!empty($user['role']['perm_community_admin'])) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if ($user['role']['perm_org_admin']) {
|
if ($user['role']['perm_org_admin']) {
|
||||||
|
|
|
||||||
|
|
@ -77,7 +77,7 @@ class InboxTable extends AppTable
|
||||||
{
|
{
|
||||||
$this->Users = \Cake\ORM\TableRegistry::getTableLocator()->get('Users');
|
$this->Users = \Cake\ORM\TableRegistry::getTableLocator()->get('Users');
|
||||||
$conditions = [];
|
$conditions = [];
|
||||||
if (empty($currentUser['role']['perm_admin'])) {
|
if (empty($currentUser['role']['perm_community_admin'])) {
|
||||||
$conditions['organisation_id IN'] = [$currentUser['organisation_id']];
|
$conditions['organisation_id IN'] = [$currentUser['organisation_id']];
|
||||||
}
|
}
|
||||||
$users = $this->Users->find()->where($conditions)->all()->extract('username')->toList();
|
$users = $this->Users->find()->where($conditions)->all()->extract('username')->toList();
|
||||||
|
|
|
||||||
|
|
@ -126,16 +126,17 @@ class IndividualsTable extends AppTable
|
||||||
public function getValidIndividualsToEdit(object $currentUser): array
|
public function getValidIndividualsToEdit(object $currentUser): array
|
||||||
{
|
{
|
||||||
$isSiteAdmin = $currentUser['role']['perm_admin'];
|
$isSiteAdmin = $currentUser['role']['perm_admin'];
|
||||||
|
$isCommunityAdmin = $currentUser['role']['perm_community_admin'];
|
||||||
$isGroupAdmin = $currentUser['role']['perm_group_admin'];
|
$isGroupAdmin = $currentUser['role']['perm_group_admin'];
|
||||||
$validRoles = $this->Users->Roles->find('list')->select(['id']);
|
$validRoles = $this->Users->Roles->find('list')->select(['id']);
|
||||||
if (!$isSiteAdmin) {
|
if (!$isSiteAdmin) {
|
||||||
$validRoles->where(['perm_admin' => 0]);
|
$validRoles->where(['perm_community_admin' => 0]);
|
||||||
}
|
}
|
||||||
$validRoles = $validRoles->all()->toArray();
|
$validRoles = $validRoles->all()->toArray();
|
||||||
$conditions = [
|
$conditions = [
|
||||||
'disabled' => 0
|
'disabled' => 0
|
||||||
];
|
];
|
||||||
if (!$isSiteAdmin) {
|
if (!$isCommunityAdmin) {
|
||||||
$conditions['OR'] = [
|
$conditions['OR'] = [
|
||||||
['role_id IN' => array_keys($validRoles)],
|
['role_id IN' => array_keys($validRoles)],
|
||||||
['id' => $currentUser['id']]
|
['id' => $currentUser['id']]
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,7 @@ class InstanceTable extends AppTable
|
||||||
'conditions' => false,
|
'conditions' => false,
|
||||||
'afterFind' => function($result, $user) {
|
'afterFind' => function($result, $user) {
|
||||||
foreach ($result as $i => $row) {
|
foreach ($result as $i => $row) {
|
||||||
if (empty($user['role']['perm_admin'])) {
|
if (empty($user['role']['perm_community_admin'])) {
|
||||||
$orgFound = false;
|
$orgFound = false;
|
||||||
if (!empty($row['sharing_group_orgs'])) {
|
if (!empty($row['sharing_group_orgs'])) {
|
||||||
foreach ($row['sharing_group_orgs'] as $org) {
|
foreach ($row['sharing_group_orgs'] as $org) {
|
||||||
|
|
@ -58,7 +58,7 @@ class InstanceTable extends AppTable
|
||||||
'Users' => [
|
'Users' => [
|
||||||
'conditions' => function($user) {
|
'conditions' => function($user) {
|
||||||
$conditions = [];
|
$conditions = [];
|
||||||
if (empty($user['role']['perm_admin'])) {
|
if (empty($user['role']['perm_community_admin'])) {
|
||||||
$conditions['Users.organisation_id'] = $user['organisation_id'];
|
$conditions['Users.organisation_id'] = $user['organisation_id'];
|
||||||
}
|
}
|
||||||
return $conditions;
|
return $conditions;
|
||||||
|
|
@ -264,8 +264,10 @@ class InstanceTable extends AppTable
|
||||||
$broods = '';
|
$broods = '';
|
||||||
$edges = '';
|
$edges = '';
|
||||||
// pre-run the loop to get the latest version
|
// pre-run the loop to get the latest version
|
||||||
foreach ($data['broods'] as $brood) {
|
foreach ($data['broods'] as $k => $brood) {
|
||||||
if ($brood['status']['code'] === 200) {
|
if (!isset($brood['status']['code'])) {
|
||||||
|
$data['broods'][$k]['status']['code'] = 495 . ' - SSL error';
|
||||||
|
} else if ($brood['status']['code'] === 200) {
|
||||||
if (version_compare($brood['status']['response']['version'], $newest) > 0) {
|
if (version_compare($brood['status']['response']['version'], $newest) > 0) {
|
||||||
$newest = $brood['status']['response']['version'];
|
$newest = $brood['status']['response']['version'];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,7 @@ class OrgGroupsTable extends AppTable
|
||||||
|
|
||||||
public function checkIfGroupAdmin(int $groupId, User $user): bool
|
public function checkIfGroupAdmin(int $groupId, User $user): bool
|
||||||
{
|
{
|
||||||
if (!empty($user['role']['perm_admin'])) {
|
if (!empty($user['role']['perm_community_admin'])) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
$orgGroup = $this->get($groupId, ['contain' => 'Users']);
|
$orgGroup = $this->get($groupId, ['contain' => 'Users']);
|
||||||
|
|
|
||||||
|
|
@ -87,7 +87,7 @@ class OrganisationsTable extends AppTable
|
||||||
public function getEditableOrganisationsForUser($user): array
|
public function getEditableOrganisationsForUser($user): array
|
||||||
{
|
{
|
||||||
$query = $this->find();
|
$query = $this->find();
|
||||||
if (empty($user['role']['perm_admin'])) {
|
if (empty($user['role']['perm_community_admin'])) {
|
||||||
if (!empty($user['role']['perm_org_admin'])) {
|
if (!empty($user['role']['perm_org_admin'])) {
|
||||||
$query->where(['Organisations.id' => $user['organisation']['id']]);
|
$query->where(['Organisations.id' => $user['organisation']['id']]);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
|
|
@ -220,6 +220,7 @@ class UsersTable extends AppTable
|
||||||
$role = $this->Roles->newEntity([
|
$role = $this->Roles->newEntity([
|
||||||
'name' => 'admin',
|
'name' => 'admin',
|
||||||
'perm_admin' => 1,
|
'perm_admin' => 1,
|
||||||
|
'perm_community_admin' => 1,
|
||||||
'perm_org_admin' => 1,
|
'perm_org_admin' => 1,
|
||||||
'perm_sync' => 1
|
'perm_sync' => 1
|
||||||
]);
|
]);
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
$topbarChildren = [];
|
$topbarChildren = [];
|
||||||
if (!empty($loggedUser->role->perm_admin)) {
|
if (!empty($loggedUser->role->perm_community_admin)) {
|
||||||
$topbarChildren[] = [
|
$topbarChildren[] = [
|
||||||
'type' => 'simple',
|
'type' => 'simple',
|
||||||
'children' => [
|
'children' => [
|
||||||
|
|
@ -81,13 +81,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'open_modal' => '/enumerationCollections/edit/[onclick_params_data_path]',
|
'open_modal' => '/enumerationCollections/edit/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'edit',
|
'icon' => 'edit',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin'])
|
'requirement' => !empty($loggedUser['role']['perm_community_admin'])
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'open_modal' => '/enumerationCollections/delete/[onclick_params_data_path]',
|
'open_modal' => '/enumerationCollections/delete/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'trash',
|
'icon' => 'trash',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin'])
|
'requirement' => !empty($loggedUser['role']['perm_community_admin'])
|
||||||
],
|
],
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'open_modal' => '/enumerations/delete/[onclick_params_data_path]',
|
'open_modal' => '/enumerations/delete/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'trash',
|
'icon' => 'trash',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin'])
|
'requirement' => !empty($loggedUser['role']['perm_community_admin'])
|
||||||
],
|
],
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@
|
||||||
array(
|
array(
|
||||||
'field' => 'tag_list',
|
'field' => 'tag_list',
|
||||||
'type' => 'tags',
|
'type' => 'tags',
|
||||||
'requirements' => ($this->request->getParam('action') === 'edit' && $loggedUser['role']['perm_admin'])
|
'requirements' => ($this->request->getParam('action') === 'edit' && $loggedUser['role']['perm_community_admin'])
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
'submit' => array(
|
'submit' => array(
|
||||||
|
|
|
||||||
|
|
@ -91,7 +91,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'icon' => 'edit',
|
'icon' => 'edit',
|
||||||
'complex_requirement' => [
|
'complex_requirement' => [
|
||||||
'function' => function ($row, $options) use ($loggedUser, $editableIds) {
|
'function' => function ($row, $options) use ($loggedUser, $editableIds) {
|
||||||
if ($loggedUser['role']['perm_admin'] || ($editableIds && in_array($row['id'], $editableIds))) {
|
if ($loggedUser['role']['perm_community_admin'] || ($editableIds && in_array($row['id'], $editableIds))) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -107,7 +107,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
if (!empty($row['user'])) { // cannot delete individuals with associated user(s)
|
if (!empty($row['user'])) { // cannot delete individuals with associated user(s)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return (bool)$loggedUser['role']['perm_admin'];
|
return (bool)$loggedUser['role']['perm_community_admin'];
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'text' => __('Add group'),
|
'text' => __('Add group'),
|
||||||
'class' => 'btn btn-primary',
|
'class' => 'btn btn-primary',
|
||||||
'popover_url' => '/orgGroups/add',
|
'popover_url' => '/orgGroups/add',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin']),
|
'requirement' => !empty($loggedUser['role']['perm_community_admin']),
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
|
@ -73,13 +73,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'open_modal' => '/orgGroups/edit/[onclick_params_data_path]',
|
'open_modal' => '/orgGroups/edit/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'edit',
|
'icon' => 'edit',
|
||||||
'requirement' => $loggedUser['role']['perm_admin']
|
'requirement' => $loggedUser['role']['perm_community_admin']
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'open_modal' => '/orgGroups/delete/[onclick_params_data_path]',
|
'open_modal' => '/orgGroups/delete/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'trash',
|
'icon' => 'trash',
|
||||||
'requirement' => $loggedUser['role']['perm_admin']
|
'requirement' => $loggedUser['role']['perm_community_admin']
|
||||||
],
|
],
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
'label' => 'UUID',
|
'label' => 'UUID',
|
||||||
'type' => 'uuid',
|
'type' => 'uuid',
|
||||||
'tooltip' => __('If the Organisation already has a known UUID in another application such as MISP or another Cerebrate, please re-use this one.'),
|
'tooltip' => __('If the Organisation already has a known UUID in another application such as MISP or another Cerebrate, please re-use this one.'),
|
||||||
'requirements' => $loggedUser['role']['perm_admin']
|
'requirements' => $loggedUser['role']['perm_community_admin']
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
'field' => 'url'
|
'field' => 'url'
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'text' => __('Add organisation'),
|
'text' => __('Add organisation'),
|
||||||
'class' => 'btn btn-primary',
|
'class' => 'btn btn-primary',
|
||||||
'popover_url' => '/organisations/add',
|
'popover_url' => '/organisations/add',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin']),
|
'requirement' => !empty($loggedUser['role']['perm_community_admin']),
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
|
@ -110,7 +110,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'icon' => 'edit',
|
'icon' => 'edit',
|
||||||
'complex_requirement' => [
|
'complex_requirement' => [
|
||||||
'function' => function ($row, $options) use ($loggedUser, $validOrgs) {
|
'function' => function ($row, $options) use ($loggedUser, $validOrgs) {
|
||||||
if ($loggedUser['role']['perm_admin'] || ($loggedUser['role']['perm_org_admin'] && $row['id'] == $loggedUser['organisation']['id'])) {
|
if ($loggedUser['role']['perm_community_admin'] || ($loggedUser['role']['perm_org_admin'] && $row['id'] == $loggedUser['organisation']['id'])) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if ($loggedUser['role']['perm_group_admin'] && in_array($row['id'], $validOrgs)) {
|
if ($loggedUser['role']['perm_group_admin'] && in_array($row['id'], $validOrgs)) {
|
||||||
|
|
@ -124,7 +124,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'open_modal' => '/organisations/delete/[onclick_params_data_path]',
|
'open_modal' => '/organisations/delete/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'trash',
|
'icon' => 'trash',
|
||||||
'requirement' => $loggedUser['role']['perm_admin']
|
'requirement' => $loggedUser['role']['perm_community_admin']
|
||||||
],
|
],
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,12 @@
|
||||||
[
|
[
|
||||||
'field' => 'perm_admin',
|
'field' => 'perm_admin',
|
||||||
'type' => 'checkbox',
|
'type' => 'checkbox',
|
||||||
'label' => 'Full admin privilege'
|
'label' => 'Site admin privilege (instance management)'
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'field' => 'perm_community',
|
||||||
|
'type' => 'checkbox',
|
||||||
|
'label' => 'Community admin privilege (data admin)'
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'field' => 'perm_group_admin',
|
'field' => 'perm_group_admin',
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
$topbarChildren = [];
|
$topbarChildren = [];
|
||||||
if (!empty($loggedUser->role->perm_admin)) {
|
if (!empty($loggedUser->role->perm_community_admin)) {
|
||||||
$topbarChildren[] = [
|
$topbarChildren[] = [
|
||||||
'type' => 'simple',
|
'type' => 'simple',
|
||||||
'children' => [
|
'children' => [
|
||||||
|
|
@ -45,11 +45,17 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'placeholder' => __('Leave empty to auto generate')
|
'placeholder' => __('Leave empty to auto generate')
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'name' => __('Admin'),
|
'name' => __('Site Admin'),
|
||||||
'sort' => 'perm_admin',
|
'sort' => 'perm_admin',
|
||||||
'data_path' => 'perm_admin',
|
'data_path' => 'perm_admin',
|
||||||
'element' => 'boolean'
|
'element' => 'boolean'
|
||||||
],
|
],
|
||||||
|
[
|
||||||
|
'name' => __('Community Admin'),
|
||||||
|
'sort' => 'perm_community_admin',
|
||||||
|
'data_path' => 'perm_community_admin',
|
||||||
|
'element' => 'boolean'
|
||||||
|
],
|
||||||
[
|
[
|
||||||
'name' => __('Group Admin'),
|
'name' => __('Group Admin'),
|
||||||
'sort' => 'perm_group_admin',
|
'sort' => 'perm_group_admin',
|
||||||
|
|
@ -89,13 +95,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
|
||||||
'open_modal' => '/roles/edit/[onclick_params_data_path]',
|
'open_modal' => '/roles/edit/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'edit',
|
'icon' => 'edit',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin'])
|
'requirement' => !empty($loggedUser['role']['perm_community_admin'])
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'open_modal' => '/roles/delete/[onclick_params_data_path]',
|
'open_modal' => '/roles/delete/[onclick_params_data_path]',
|
||||||
'modal_params_data_path' => 'id',
|
'modal_params_data_path' => 'id',
|
||||||
'icon' => 'trash',
|
'icon' => 'trash',
|
||||||
'requirement' => !empty($loggedUser['role']['perm_admin'])
|
'requirement' => !empty($loggedUser['role']['perm_community_admin'])
|
||||||
],
|
],
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -13,10 +13,15 @@ echo $this->element(
|
||||||
'path' => 'name'
|
'path' => 'name'
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'key' => __('Admin permission'),
|
'key' => __('Site admin permission (instance management)'),
|
||||||
'path' => 'perm_admin',
|
'path' => 'perm_admin',
|
||||||
'type' => 'boolean'
|
'type' => 'boolean'
|
||||||
],
|
],
|
||||||
|
[
|
||||||
|
'key' => __('Community admin permission (data admin)'),
|
||||||
|
'path' => 'perm_community_admin',
|
||||||
|
'type' => 'boolean'
|
||||||
|
],
|
||||||
[
|
[
|
||||||
'key' => __('Organisation Group admin permission'),
|
'key' => __('Organisation Group admin permission'),
|
||||||
'path' => 'perm_group_admin',
|
'path' => 'perm_group_admin',
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue