diff --git a/config/default.php b/config/default.php
index 0432195..b65ff27 100644
--- a/config/default.php
+++ b/config/default.php
@@ -15,6 +15,7 @@
* SMTP server password: SMTP_PASSWORD
*/
return [
+ 'debug' => [ 'auth' => true ],
'organisation' => [
'registration' => [
'require_approval' => true,
@@ -25,5 +26,6 @@ return [
'single_membership' => false,
'timeout' => -1,
],
+ 'combine_action_buttons' => false,
],
];
diff --git a/locale/en_US/messages.php b/locale/en_US/messages.php
index 3e3ed21..2714459 100644
--- a/locale/en_US/messages.php
+++ b/locale/en_US/messages.php
@@ -202,7 +202,10 @@ return [
'DELETED' => 'Deleted',
'RETURN' => 'Return',
- 'JOIN' => 'Join',
+ 'JOIN' => [
+ 1 => 'Join',
+ 'CANCEL' => 'Cancel join request',
+ ],
'LEAVE' => 'Leave',
'ACTION_CANNOT_UNDONE' => 'This action cannot be undone!',
diff --git a/src/Controller/OrganisationController.php b/src/Controller/OrganisationController.php
index cd51f5b..3e5023e 100644
--- a/src/Controller/OrganisationController.php
+++ b/src/Controller/OrganisationController.php
@@ -1116,19 +1116,22 @@ class OrganisationController extends SimpleController
$tableColumns = [ 'description' ];
- if ($currentUser->organisations(true)->count() == 0) {
+ if (
+ (
+ $currentUser->organisations(true)->count() == 0
+ || !$config['organisation']['membership']['single_membership']
+ )
+ && !$config['organisation']['combine_action_buttons']
+ ) {
$tableColumns[] = 'join';
- } else {
- if (!$config['organisation']['membership']['single_membership']) {
- $tableColumns[] = 'join';
- }
}
- if ($currentUser->organisations(true)->wherePivot('flag_admin', true) |
- $authorizer->checkAccess($currentUser, 'delete_organisation') |
- $authorizer->checkAccess($currentUser, 'update_organisation_field') |
- $authorizer->checkAccess($currentUser, 'approve_organisation') |
- $authorizer->checkAccess($currentUser, 'merge_organisations')) {
+ if ($currentUser->organisations(true)->wherePivot('flag_admin', true)
+ || $authorizer->checkAccess($currentUser, 'delete_organisation')
+ || $authorizer->checkAccess($currentUser, 'update_organisation_field')
+ || $authorizer->checkAccess($currentUser, 'approve_organisation')
+ || $authorizer->checkAccess($currentUser, 'merge_organisations')
+ || $config['organisation']['combine_action_buttons']) {
$tableColumns[] = 'status';
$tableColumns[] = 'actions';
}
diff --git a/src/Database/Seeds/OrganisationPermissions.php b/src/Database/Seeds/OrganisationPermissions.php
index c1de8cc..f8905f7 100644
--- a/src/Database/Seeds/OrganisationPermissions.php
+++ b/src/Database/Seeds/OrganisationPermissions.php
@@ -43,6 +43,13 @@ class OrganisationPermissions extends BaseSeed
*/
protected function getPermissions()
{
+ $roleIds = [
+ 'user' => Role::where('slug', 'user')->first()->id,
+ 'group-admin' => Role::where('slug', 'group-admin')->first()->id,
+ 'site-admin' => Role::where('slug', 'site-admin')->first()->id,
+ 'organisations-admin' => Role::where('slug', 'organisations-admin')->first()->id,
+ ];
+
return [
'create_organisation' => new Permission([
'slug' => 'create_organisation',
@@ -56,24 +63,19 @@ class OrganisationPermissions extends BaseSeed
'conditions' => "in(property,['name','slug','description'])",
'description' => 'View certain properties of any organisation.',
]),
- 'view_organisation_members_field' => new Permission([
- 'slug' => 'view_organisation_field',
- 'name' => 'View organisation members field',
- 'conditions' => "in(property,['members'])",
- 'description' => 'View members field of any organisation.',
- ]),
- 'view_organisation_members' => new Permission([
- 'slug' => 'view_organisation_members',
- 'name' => 'View organisation members',
- 'conditions' => "always()",
- 'description' => 'View members of any organisation.',
- ]),
'update_organisation_field' => new Permission([
'slug' => 'update_organisation_field',
'name' => 'Edit organisation',
'conditions' => 'always()',
'description' => 'Edit basic properties of any organisation.',
]),
+ 'delete_organisation' => new Permission([
+ 'slug' => 'delete_organisation',
+ 'name' => 'Delete organisation',
+ 'conditions' => 'always()',
+ 'description' => 'Delete an organisation.',
+ ]),
+
'approve_organisation' => new Permission([
'slug' => 'approve_organisation',
'name' => 'Approve/Deny organisation registration',
@@ -86,12 +88,6 @@ class OrganisationPermissions extends BaseSeed
'conditions' => 'always()',
'description' => 'Merge two organisations together, including all the members.',
]),
- 'delete_organisation' => new Permission([
- 'slug' => 'delete_organisation',
- 'name' => 'Delete organisation',
- 'conditions' => 'always()',
- 'description' => 'Delete an organisation.',
- ]),
'restore_organisation' => new Permission([
'slug' => 'restore_organisation',
'name' => 'Restore organisation',
@@ -110,6 +106,46 @@ class OrganisationPermissions extends BaseSeed
'conditions' => "always()",
'description' => 'Accept/Reject organisation join requests.',
]),
+
+ 'uri_organisation' => new Permission([
+ 'slug' => 'uri_organisation',
+ 'name' => 'View organisation',
+ 'conditions' => 'always()',
+ 'description' => 'View the organisation page of any organisation.',
+ ]),
+ 'uri_organisations' => new Permission([
+ 'slug' => 'uri_organisations',
+ 'name' => 'Organisation management page',
+ 'conditions' => 'always()',
+ 'description' => 'View a page containing a list of organisations.',
+ ]),
+ 'uri_deleted_organisations' => new Permission([
+ 'slug' => 'uri_deleted_organisations',
+ 'name' => 'Deleted organisation management page',
+ 'conditions' => 'always()',
+ 'description' => 'View a page containing a list of deleted organisations.',
+ ]),
+
+
+ // 'view_organisation_members_field' => new Permission([
+ // 'slug' => 'view_organisation_field',
+ // 'name' => 'View organisation members field',
+ // 'conditions' => "in(property,['members'])",
+ // 'description' => 'View members field of any organisation.',
+ // ]),
+ 'view_organisation_members' => new Permission([
+ 'slug' => 'view_organisation_field',
+ 'name' => 'View organisation members',
+ 'conditions' => "in(property,['members'])",
+ 'description' => 'View members of any organisation.',
+ ]),
+ 'promote_organisation_member' => new Permission([
+ 'slug' => 'promote_organisation_member',
+ 'name' => 'Promote organisation member/Demote organisation administrator',
+ 'conditions' => "is_organisation_member(user.id,organisation.id)",
+ 'description' => 'Promote an organisation member to administrator status or demote an administrator to member status.',
+ ]),
+
'register_organisation' => new Permission([
'slug' => 'register_organisation',
@@ -129,6 +165,15 @@ class OrganisationPermissions extends BaseSeed
'conditions' => 'always()',
'description' => 'Allows members to leave organisations.',
]),
+
+
+ 'uri_organisation_own' => new Permission([
+ 'slug' => 'uri_organisation',
+ 'name' => 'View own organisation',
+ 'conditions' => 'is_organisation_member(self.id,organisation.id)',
+ 'description' => 'View the organisation page of an organisation you are a member of.',
+ ]),
+
'view_organisation_field_own' => new Permission([
'slug' => 'view_organisation_field',
'name' => 'View own organisation',
@@ -147,76 +192,58 @@ class OrganisationPermissions extends BaseSeed
'conditions' => "is_organisation_admin(self.id,organisation.id)",
'description' => 'Accept/Reject organisation join requests.',
]),
-
- 'uri_organisation' => new Permission([
- 'slug' => 'uri_organisation',
- 'name' => 'View organisation',
- 'conditions' => 'always()',
- 'description' => 'View the organisation page of any organisation.',
- ]),
- 'uri_user' => new Permission([
- 'slug' => 'uri_user',
- 'name' => 'View organisation member',
- 'conditions' => 'can_admin_via_orgs(self.id, user.id)',
- 'description' => 'View the user page of any member of your organisation.',
- ]),
- 'uri_organisation_own' => new Permission([
- 'slug' => 'uri_organisation',
- 'name' => 'View own organisation',
- 'conditions' => 'is_organisation_member(self.id,organisation.id)',
- 'description' => 'View the organisation page of an organisation you are a member of.',
- ]),
- 'uri_organisations' => new Permission([
- 'slug' => 'uri_organisations',
- 'name' => 'Organisation management page',
- 'conditions' => 'always()',
- 'description' => 'View a page containing a list of organisations.',
- ]),
- 'uri_deleted_organisations' => new Permission([
- 'slug' => 'uri_deleted_organisations',
- 'name' => 'Deleted organisation management page',
- 'conditions' => 'always()',
- 'description' => 'View a page containing a list of deleted organisations.',
- ]),
-
- 'update_org_user_field' => new Permission([
- 'slug' => 'update_user_field',
- 'name' => 'Edit organisation member',
- 'conditions' => "subset(fields,['organisations'])",
- 'description' => 'Edit users who are in any organisation.',
- ]),
- 'view_org_user_field' => new Permission([
- 'slug' => 'view_user_field',
- 'name' => 'View organisation member',
- 'conditions' => "in(property,['organisations'])",
- 'description' => 'View certain properties of any user in any organisation.',
- ]),
-
- 'update_org_user_field_own' => new Permission([
- 'slug' => 'update_user_field',
- 'name' => 'Edit organisation member',
- 'conditions' => "can_admin_via_orgs(self.id, user.id) && subset(fields,['organisations'])",
- 'description' => 'Edit users who are in an organisation they are a member of.',
- ]),
- 'view_org_user_field_own' => new Permission([
- 'slug' => 'view_user_field',
- 'name' => 'View organisation member',
- 'conditions' => "similar_orgs(self.id, user.id) && in(property,['organisations'])",
- 'description' => 'View certain properties of any user in their organisation.',
- ]),
-
- 'promote_organisation_member' => new Permission([
- 'slug' => 'promote_organisation_member',
- 'name' => 'Promote organisation member/Demote organisation administrator',
- 'conditions' => "is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id)",
- 'description' => 'Promote an organisation member to administrator status or demote and administrator to member status.',
- ]),
'promote_organisation_member_own' => new Permission([
'slug' => 'promote_organisation_member',
'name' => 'Promote organisation member/Demote organisation administrator',
- 'conditions' => "is_organisation_admin(self.id,organisation.id) && (is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id))",
+ 'conditions' => "is_organisation_admin(self.id,organisation.id) && is_organisation_member(user.id,organisation.id)",
'description' => 'Promote an organisation member from your own organisation to administrator status or demote and administrator to member status.',
]),
+
+
+ // 'uri_user_in_organisation' => new Permission([
+ // 'slug' => 'uri_user',
+ // 'name' => 'View user',
+ // 'conditions' => "has_matching_organisation(self.id,user.id,true) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id))",
+ // 'description' => 'View the user page of any user in your group, except the master user and Site and (global) Organisation Administrators (except yourself).',
+ // ]),
+ 'view_user_field' => new Permission([
+ 'slug' => 'view_user_field',
+ 'name' => 'View user',
+ 'conditions' => "in(property,['organisations'])",
+ 'description' => 'View the organisations property of any user.',
+ ]),
+ 'update_user_field' => new Permission([
+ 'slug' => 'update_user_field',
+ 'name' => 'Edit user',
+ 'conditions' => "!has_role(user.id,{$roleIds['site-admin']}) && subset(fields,['organisations'])",
+ 'description' => 'Edit organisations for users who are not Site Administrators.',
+ ]),
+
+ 'view_user_field_group' => new Permission([
+ 'slug' => 'view_user_field',
+ 'name' => 'View user',
+ 'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && in(property,['organisations'])",
+ 'description' => 'View organisations of any user in your own group, except the master user and Site and Group Administrators (except yourself).',
+ ]),
+ 'update_user_field_group' => new Permission([
+ 'slug' => 'update_user_field',
+ 'name' => 'Edit group user',
+ 'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && subset(fields,['organisations'])",
+ 'description' => 'Edit organisations for users in your own group who are not Site or Group Administrators, except yourself.',
+ ]),
+
+ 'view_user_field_organisation' => new Permission([
+ 'slug' => 'view_user_field',
+ 'name' => 'View user',
+ 'conditions' => "has_matching_organisation(self.id,user.id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','activities','organisations'])",
+ 'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
+ ]),
+ 'update_user_field_organisation' => new Permission([
+ 'slug' => 'update_user_field',
+ 'name' => 'Edit organisation user',
+ 'conditions' => "has_matching_organisation(self.id,user.id,true) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
+ 'description' => 'Edit users in your own organisation who are not Site or (global) Organisation Administrators, except yourself.',
+ ]),
];
}
@@ -253,45 +280,35 @@ class OrganisationPermissions extends BaseSeed
$roleSiteAdmin = Role::where('slug', 'site-admin')->first();
if ($roleSiteAdmin) {
$roleSiteAdmin->permissions()->syncWithoutDetaching([
+ $permissions['view_user_field']->id,
+ $permissions['update_user_field']->id,
+
+
$permissions['create_organisation']->id,
- $permissions['approve_organisation']->id,
-
$permissions['view_organisation_field']->id,
- $permissions['view_organisation_members_field']->id,
- $permissions['view_organisation_members']->id,
-
$permissions['update_organisation_field']->id,
-
- $permissions['merge_organisations']->id,
-
$permissions['delete_organisation']->id,
+
+ $permissions['approve_organisation']->id,
+ $permissions['merge_organisations']->id,
$permissions['restore_organisation']->id,
$permissions['permenent_delete_organisation']->id,
+ $permissions['accept_organisation_join_request']->id,
- $permissions['uri_user']->id,
$permissions['uri_organisation']->id,
+ $permissions['uri_organisations']->id,
$permissions['uri_deleted_organisations']->id,
-
- $permissions['register_organisation']->id,
- $permissions['join_organisation']->id,
- $permissions['leave_organisation']->id,
-
- $permissions['view_org_user_field_own']->id,
- $permissions['update_org_user_field_own']->id,
- $permissions['accept_organisation_join_request_own']->id,
- $permissions['promote_organisation_member_own']->id,
-
- $permissions['view_organisation_field_own']->id,
- $permissions['update_organisation_field_own']->id,
-
- $permissions['accept_organisation_join_request']->id,
- $permissions['update_org_user_field']->id,
- $permissions['view_org_user_field']->id,
+ $permissions['view_organisation_members']->id,
$permissions['promote_organisation_member']->id,
+ ]);
+ }
- $permissions['uri_organisation_own']->id,
- $permissions['uri_organisations']->id,
+ $roleGroupAdmin = Role::where('slug', 'group-admin')->first();
+ if ($roleGroupAdmin) {
+ $roleGroupAdmin->permissions()->sync([
+ $permissions['view_user_field_group']->id,
+ $permissions['update_user_field_group']->id,
]);
}
@@ -299,52 +316,25 @@ class OrganisationPermissions extends BaseSeed
if ($roleOrgAdmin) {
$roleOrgAdmin->permissions()->syncWithoutDetaching([
$permissions['create_organisation']->id,
- $permissions['approve_organisation']->id,
-
$permissions['view_organisation_field']->id,
- $permissions['view_organisation_members_field']->id,
- $permissions['view_organisation_members']->id,
-
$permissions['update_organisation_field']->id,
-
- $permissions['merge_organisations']->id,
-
$permissions['delete_organisation']->id,
+
+ $permissions['approve_organisation']->id,
+ $permissions['merge_organisations']->id,
$permissions['restore_organisation']->id,
$permissions['permenent_delete_organisation']->id,
+ $permissions['accept_organisation_join_request']->id,
- $permissions['uri_user']->id,
$permissions['uri_organisation']->id,
+ $permissions['uri_organisations']->id,
$permissions['uri_deleted_organisations']->id,
-
- $permissions['register_organisation']->id,
- $permissions['join_organisation']->id,
- $permissions['leave_organisation']->id,
-
- $permissions['view_org_user_field_own']->id,
- $permissions['update_org_user_field_own']->id,
- $permissions['accept_organisation_join_request_own']->id,
- $permissions['promote_organisation_member_own']->id,
-
- $permissions['view_organisation_field_own']->id,
- $permissions['update_organisation_field_own']->id,
-
- $permissions['accept_organisation_join_request']->id,
- $permissions['update_org_user_field']->id,
- $permissions['view_org_user_field']->id,
+ $permissions['view_organisation_members']->id,
$permissions['promote_organisation_member']->id,
- $permissions['uri_organisation_own']->id,
- $permissions['uri_organisations']->id,
-
-
- Permission::where('slug', 'create_user')->first()->id,
- Permission::where('slug', 'delete_user')->first()->id,
- Permission::where('slug', 'update_user_field')->where('conditions', "!has_role(user.id,{$roleSiteAdmin->id}) && subset(fields,['name','email','locale','group','flag_enabled','flag_verified','password'])")->first()->id,
-
- Permission::where('slug', 'uri_users')->first()->id,
- Permission::where('slug', 'uri_user')->where('conditions', 'always()')->first()->id,
+ #$permissions['view_user_field']->id,
+ #$permissions['update_user_field']->id,
]);
}
@@ -355,18 +345,16 @@ class OrganisationPermissions extends BaseSeed
$permissions['join_organisation']->id,
$permissions['leave_organisation']->id,
- $permissions['view_org_user_field_own']->id,
- $permissions['update_org_user_field_own']->id,
- $permissions['accept_organisation_join_request_own']->id,
- $permissions['promote_organisation_member_own']->id,
-
$permissions['view_organisation_field_own']->id,
$permissions['update_organisation_field_own']->id,
-
+ $permissions['accept_organisation_join_request_own']->id,
+ $permissions['promote_organisation_member_own']->id,
+
$permissions['uri_organisation_own']->id,
$permissions['uri_organisations']->id,
- $permissions['uri_user']->id,
+ $permissions['view_user_field_organisation']->id,
+ $permissions['update_user_field_organisation']->id,
]);
}
}
diff --git a/src/Database/Seeds/OrganisationRoles.php b/src/Database/Seeds/OrganisationRoles.php
index a6be217..f144b20 100644
--- a/src/Database/Seeds/OrganisationRoles.php
+++ b/src/Database/Seeds/OrganisationRoles.php
@@ -41,7 +41,7 @@ class OrganisationRoles extends BaseSeed
new Role([
'slug' => 'organisations-admin',
'name' => 'Organisations Administrator',
- 'description' => 'This role is meant for "organisation administrators", who can basically do anything related to organisations and their members.',
+ 'description' => 'This role is meant for administrators who can basically do anything related to any organisations.',
]),
];
}
diff --git a/templates/tables/columns/organisations-actions.html.twig b/templates/tables/columns/organisations-actions.html.twig
index d14cb80..b987ce2 100644
--- a/templates/tables/columns/organisations-actions.html.twig
+++ b/templates/tables/columns/organisations-actions.html.twig
@@ -1,8 +1,10 @@
\ No newline at end of file
diff --git a/templates/tables/columns/organisations-member_count.html.twig b/templates/tables/columns/organisations-member_count.html.twig
index 77dee5b..f93a18a 100644
--- a/templates/tables/columns/organisations-member_count.html.twig
+++ b/templates/tables/columns/organisations-member_count.html.twig
@@ -1,5 +1,5 @@