AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Allow editable fields to be selected by permission

Browse Source
This commit is contained in:
Craig Williams
2022-03-08 15:16:54 +00:00
parent cd5afda21b
commit 340413ff38
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/Controller/OrganisationController.php
View File

@@ -886,21 +886,23 @@ class OrganisationController extends SimpleController
throw new NotFoundException();
}
// Access-controlled resource - check that currentUser has permission to edit basic fields "name", "slug", "description" for this organisation
$fieldNames = ['name', 'slug', 'description'];
if (!$authorizer->checkAccess($currentUser, 'update_organisation_field', [
'organisation' => $organisation,
'fields' => $fieldNames,
])) {
throw new ForbiddenException();
}
// Generate form
$fields = [
'hidden' => [],
'disabled' => [],
];
// Access-controlled resource - check that currentUser has permission to edit basic fields "name", "slug", "description" for this organisation
$fieldNames = ['name', 'slug', 'description'];
foreach ($fieldNames as $field) {
if (!$authorizer->checkAccess($currentUser, 'update_organisation_field', [
'organisation' => $organisation,
'fields' => [$field],
])) {
$fields['disabled'][] = $field;
}
}
if (!$currentUser->isMaster() && $currentUser->roles()->where('slug', 'organisations-admin')->count() == 0) {
$fields['hidden'][] = 'slug';
}
@@ -1051,7 +1053,7 @@ class OrganisationController extends SimpleController
if (!$authorizer->checkAccess($currentUser, 'update_organisation_field', [
'organisation' => $organisation,
'fields' => ['name', 'slug', 'description', 'members'],
'fields' => [],
])) {
$editButtons['hidden'][] = 'edit';
}