Tighten some more permissions down

2022-02-10 18:11:42 +00:00
parent 909b6a93dc
commit 575aa68bca
3 changed files with 29 additions and 1 deletions
--- a/src/Database/Seeds/OrganisationPermissions.php
+++ b/src/Database/Seeds/OrganisationPermissions.php
@@ -60,9 +60,21 @@ class OrganisationPermissions extends BaseSeed
            'view_organisation_field' => new Permission([
                'slug'        => 'view_organisation_field',
                'name'        => 'View organisation',
-                'conditions'  => "in(property,['name','slug','description','members'])",
+                'conditions'  => "in(property,['name','slug','description'])",
                'description' => 'View certain properties of any organisation.',
            ]),
+            'view_organisation_members_field' => new Permission([
+                'slug'        => 'view_organisation_field',
+                'name'        => 'View organisation members field',
+                'conditions'  => "in(property,['members'])",
+                'description' => 'View members field of any organisation.',
+            ]),
+            'view_organisation_members' => new Permission([
+                'slug'        => 'view_organisation_members',
+                'name'        => 'View organisation members',
+                'conditions'  => "always()",
+                'description' => 'View members of any organisation.',
+            ]),
            'view_organisation_field_own' => new Permission([
                'slug'        => 'view_organisation_field',
                'name'        => 'View own organisation',
@@ -194,6 +206,8 @@ class OrganisationPermissions extends BaseSeed
            $roleOrgAdmin->permissions()->syncWithoutDetaching([
                $permissions['create_organisation']->id,
                $permissions['view_organisation_field']->id,
+                $permissions['view_organisation_members_field']->id,
+                $permissions['view_organisation_members']->id,
                $permissions['update_organisation_field']->id,
                $permissions['approve_organisation']->id,
                $permissions['merge_organisations']->id,
--- a/src/Twig/OrganisationsExtension.php
+++ b/src/Twig/OrganisationsExtension.php
@@ -62,6 +62,10 @@ class OrganisationsExtension extends AbstractExtension implements GlobalsInterfa

                return $authorizer->runCallback($currentUser, 'is_organisation_admin', $currentUser->id, $organisation->id);
            }),
+            new TwigFunction('hasRole', function ($roleSlug) {
+                $currentUser = $this->services->currentUser;
+                return $currentUser->roles()->where('slug', $roleSlug)->count() > 0;
+            }),
        ];
    }

--- a/templates/tables/organisations.html.twig
+++ b/templates/tables/organisations.html.twig
@@ -14,8 +14,10 @@
                <th class="sorter-metatext" data-column-name="name" data-column-template="#organisation-table-column-info" data-priority="1">{{translate('ORGANISATION')}} <i class="fas fa-sort"></i></th>
                <th class="sorter-metatext" data-column-name="description" data-column-template="#organisation-table-column-description" data-priority="2">{{translate("DESCRIPTION")}} <i class="fas fa-sort"></i></th>
                <th class="filter-select filter-metatext" data-column-name="status" data-column-template="#user-table-column-status" data-priority="2">{{translate("STATUS")}} <i class="fas fa-sort"></i></th>
+                {% if checkAccess('view_organisation_members') %}
                <th class="sorter-metanum" data-column-name="member_count" data-column-template="#organisation-table-column-memberCount" data-priority="2">{{translate("ORGANISATION.MEMBER_COUNT")}} <i class="fas fa-sort"></i></th>
                <th class="sorter-metanum" data-column-name="admin_count" data-column-template="#organisation-table-column-adminCount" data-priority="2">{{translate("ORGANISATION.ADMIN_COUNT")}} <i class="fas fa-sort"></i></th>
+                {% endif %}
                <th data-column-template="#organisation-table-column-actions" data-sorter="false" data-filter="false" data-priority="1">{{translate("ACTIONS")}}</th>
            </tr>
        </thead>
@@ -35,7 +37,15 @@
    <script id="organisation-table-column-info" type="text/x-handlebars-template">
        <td data-text="{{row.name}}">
            <strong>
+            {{#ifx row.is_member '==' 1 }}
            <a href="{{site.uri.public}}/organisations/o/{{row.slug}}">{{row.name}}</a>
+            {{ else }}
+            {% endverbatim %}{% if hasRole('organisations-admin') or hasRole('site-admin') %}{% verbatim %}
+            <a href="{{site.uri.public}}/organisations/o/{{row.slug}}">{{row.name}}</a>
+            {% endverbatim %}{% else %}{% verbatim %}
+            {{row.name}}
+            {% endverbatim %}{% endif %}{% verbatim %}
+            {{/ifx }}
            </strong>
        </td>
    </script>