From 4d57f6d33effcdede6d46b3a9e3aa52de28b7cc0 Mon Sep 17 00:00:00 2001
From: Craig Williams <craig@avsdev.uk>
Date: Thu, 10 Feb 2022 17:19:47 +0000
Subject: [PATCH] Allow non-admin users to see the organisations list (required
 for easier "Join" and "Register" requests). Filter the list to approved or
 memberOf organisations only.

---
 src/Controller/OrganisationController.php      | 9 +++++++++
 src/Database/Seeds/OrganisationPermissions.php | 1 +
 2 files changed, 10 insertions(+)

diff --git a/src/Controller/OrganisationController.php b/src/Controller/OrganisationController.php
index 860f7c1..9db2620 100644
--- a/src/Controller/OrganisationController.php
+++ b/src/Controller/OrganisationController.php
@@ -646,7 +646,16 @@ class OrganisationController extends SimpleController
         /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
         $classMapper = $this->ci->classMapper;
 
+        $params['ci'] = $this->ci;
+
         $sprunje = $classMapper->createInstance('organisation_sprunje', $classMapper, $params);
+        if (!$currentUser->isMaster() && $currentUser->roles()->where('slug', 'organisations-admin')->count() == 0) {
+            $sprunje->extendQuery(function ($query) use ($currentUser) {
+                return $query->where('flag_approved', true)
+                    ->withUser($currentUser->id)
+                    ->orWhereNotNull('is_member');
+            });
+        }
 
         // Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content.
         // For example, if you plan to insert it into an HTML DOM, you must escape it on the client side (or use client-side templating).
diff --git a/src/Database/Seeds/OrganisationPermissions.php b/src/Database/Seeds/OrganisationPermissions.php
index 9517895..92eb4bb 100644
--- a/src/Database/Seeds/OrganisationPermissions.php
+++ b/src/Database/Seeds/OrganisationPermissions.php
@@ -203,6 +203,7 @@ class OrganisationPermissions extends BaseSeed
         $roleUser = Role::where('slug', 'user')->first();
         if ($roleUser) {
             $roleUser->permissions()->syncWithoutDetaching([
+                $permissions['uri_organisations']->id,
                 $permissions['uri_organisation_own']->id,
                 $permissions['view_organisation_field_own']->id,
                 $permissions['leave_organisation']->id,