Added some extra checks to ensure the user is not already in the organisation they are attempting to join

2022-03-08 15:35:22 +00:00
parent 340413ff38
commit 52b5a880b2
2 changed files with 54 additions and 1 deletions
--- a/locale/en_US/messages.php
+++ b/locale/en_US/messages.php
@@ -128,6 +128,7 @@ return [
            'REJECT'                    => 'Reject request to join',
        ],
        'MEMBER' => [
+            'ALREADY_EXISTS'            => 'User <strong>{{user_name}}</strong> is already a member of organisation <strong>{{name}}</strong>',
            'NOT_FOUND'                 => 'User <strong>{{user_name}}</strong> is not a member of organisation <strong>{{name}}</strong>',
            'NOT_AN_ADMIN'              => 'User <strong>{{user_name}}</strong> is not an administrator of organisation <strong>{{name}}</strong>',
            'ALREADY_AN_ADMIN'          => 'User <strong>{{user_name}}</strong> is already an administrator of organisation <strong>{{name}}</strong>',
--- a/src/Controller/OrganisationMembersController.php
+++ b/src/Controller/OrganisationMembersController.php
@@ -86,7 +86,7 @@ class OrganisationMembersController extends SimpleController
        }

        // Check if the user is a member of the organisation, pending or no relation at all
-        $memberCheck = $organisation->members()->where('user_id', $currentUser->id)->withPivot('flag_approved')->first();
+        $memberCheck = $organisation->members(true)->where('user_id', $currentUser->id)->withPivot('flag_approved')->first();
        if ($memberCheck) {
            if ($memberCheck->pivot->flag_approved) {
                $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.ALREADY_MEMBER', [
@@ -637,6 +637,23 @@ class OrganisationMembersController extends SimpleController
            ->where('user_id', $user->id)
            ->first();

+        // Check if the user already is a member of the organisation, pending or no relation at all
+        if ($tokenOwner) {
+            if ($tokenOwner->pivot->flag_approved) {
+                $ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_EXISTS', [
+                    'user_name' => $user->name,
+                    'name' => $organisation->name
+                ]);
+                return $response->withJson([], 400);
+            }
+        } else {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND', [
+                'user_name' => $user->name,
+                'name' => $organisation->name
+            ]);
+            return $response->withJson([], 404);
+        }
+
        // Process the acceptance emails etc
        if (!$this->processAcceptToken($tokenOwner, true)) {
            return $response->withJson([], 400);
@@ -708,6 +725,15 @@ class OrganisationMembersController extends SimpleController
            return $response->withRedirect($this->ci->router->pathFor('uri_organisations'));
        }

+        // Check if the user already is a member of the organisation, pending or no relation at all
+        if ($tokenOwner->pivot->flag_approved) {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_EXISTS', [
+                'user_name' => $user->name,
+                'name' => $organisation->name
+            ]);
+            return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
+        }
+
        $organisation = $tokenOwner->organisation()->first();

        // Access-controlled page
@@ -779,6 +805,23 @@ class OrganisationMembersController extends SimpleController
            ->where('user_id', $user->id)
            ->first();

+        // Check if the user already is a member of the organisation, pending or no relation at all
+        if ($tokenOwner) {
+            if ($tokenOwner->pivot->flag_approved) {
+                $ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_EXISTS', [
+                    'user_name' => $user->name,
+                    'name' => $organisation->name
+                ]);
+                return $response->withJson([], 400);
+            }
+        } else {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND', [
+                'user_name' => $user->name,
+                'name' => $organisation->name
+            ]);
+            return $response->withJson([], 404);
+        }
+
        // Process the acceptance emails etc
        if (!$this->processRejectToken($tokenOwner, true)) {
            return $response->withJson([], 400);
@@ -850,6 +893,15 @@ class OrganisationMembersController extends SimpleController
            return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
        }

+        // Check if the user already is a member of the organisation, pending or no relation at all
+        if ($tokenOwner->pivot->flag_approved) {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_EXISTS', [
+                'user_name' => $user->name,
+                'name' => $organisation->name
+            ]);
+            return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
+        }
+
        $organisation = $tokenOwner->organisation()->first();

        // Access-controlled page