From 52b5a880b284e7ebcd513875f7e2ee062acbf398 Mon Sep 17 00:00:00 2001
From: Craig Williams <craig@avsdev.uk>
Date: Tue, 8 Mar 2022 15:35:22 +0000
Subject: [PATCH] Added some extra checks to ensure the user is not already in
 the organisation they are attempting to join

---
 locale/en_US/messages.php                     |  1 +
 .../OrganisationMembersController.php         | 54 ++++++++++++++++++-
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/locale/en_US/messages.php b/locale/en_US/messages.php
index 0fbd4a8..0408989 100644
--- a/locale/en_US/messages.php
+++ b/locale/en_US/messages.php
@@ -128,6 +128,7 @@ return [
             'REJECT'                    => 'Reject request to join',
         ],
         'MEMBER' => [
+            'ALREADY_EXISTS'            => 'User <strong>{{user_name}}</strong> is already a member of organisation <strong>{{name}}</strong>',
             'NOT_FOUND'                 => 'User <strong>{{user_name}}</strong> is not a member of organisation <strong>{{name}}</strong>',
             'NOT_AN_ADMIN'              => 'User <strong>{{user_name}}</strong> is not an administrator of organisation <strong>{{name}}</strong>',
             'ALREADY_AN_ADMIN'          => 'User <strong>{{user_name}}</strong> is already an administrator of organisation <strong>{{name}}</strong>',
diff --git a/src/Controller/OrganisationMembersController.php b/src/Controller/OrganisationMembersController.php
index f41017b..be96858 100644
--- a/src/Controller/OrganisationMembersController.php
+++ b/src/Controller/OrganisationMembersController.php
@@ -86,7 +86,7 @@ class OrganisationMembersController extends SimpleController
         }
 
         // Check if the user is a member of the organisation, pending or no relation at all
-        $memberCheck = $organisation->members()->where('user_id', $currentUser->id)->withPivot('flag_approved')->first();
+        $memberCheck = $organisation->members(true)->where('user_id', $currentUser->id)->withPivot('flag_approved')->first();
         if ($memberCheck) {
             if ($memberCheck->pivot->flag_approved) {
                 $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.ALREADY_MEMBER', [
@@ -637,6 +637,23 @@ class OrganisationMembersController extends SimpleController
             ->where('user_id', $user->id)
             ->first();
 
+        // Check if the user already is a member of the organisation, pending or no relation at all
+        if ($tokenOwner) {
+            if ($tokenOwner->pivot->flag_approved) {
+                $ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_EXISTS', [
+                    'user_name' => $user->name,
+                    'name' => $organisation->name
+                ]);
+                return $response->withJson([], 400);
+            }
+        } else {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND', [
+                'user_name' => $user->name,
+                'name' => $organisation->name
+            ]);
+            return $response->withJson([], 404);
+        }
+
         // Process the acceptance emails etc
         if (!$this->processAcceptToken($tokenOwner, true)) {
             return $response->withJson([], 400);
@@ -708,6 +725,15 @@ class OrganisationMembersController extends SimpleController
             return $response->withRedirect($this->ci->router->pathFor('uri_organisations'));
         }
 
+        // Check if the user already is a member of the organisation, pending or no relation at all
+        if ($tokenOwner->pivot->flag_approved) {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_EXISTS', [
+                'user_name' => $user->name,
+                'name' => $organisation->name
+            ]);
+            return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
+        }
+
         $organisation = $tokenOwner->organisation()->first();
 
         // Access-controlled page
@@ -779,6 +805,23 @@ class OrganisationMembersController extends SimpleController
             ->where('user_id', $user->id)
             ->first();
 
+        // Check if the user already is a member of the organisation, pending or no relation at all
+        if ($tokenOwner) {
+            if ($tokenOwner->pivot->flag_approved) {
+                $ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_EXISTS', [
+                    'user_name' => $user->name,
+                    'name' => $organisation->name
+                ]);
+                return $response->withJson([], 400);
+            }
+        } else {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND', [
+                'user_name' => $user->name,
+                'name' => $organisation->name
+            ]);
+            return $response->withJson([], 404);
+        }
+
         // Process the acceptance emails etc
         if (!$this->processRejectToken($tokenOwner, true)) {
             return $response->withJson([], 400);
@@ -850,6 +893,15 @@ class OrganisationMembersController extends SimpleController
             return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
         }
 
+        // Check if the user already is a member of the organisation, pending or no relation at all
+        if ($tokenOwner->pivot->flag_approved) {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_EXISTS', [
+                'user_name' => $user->name,
+                'name' => $organisation->name
+            ]);
+            return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
+        }
+
         $organisation = $tokenOwner->organisation()->first();
 
         // Access-controlled page