Tighten some more permissions down

2022-02-10 18:11:42 +00:00
parent 909b6a93dc
commit 575aa68bca
3 changed files with 29 additions and 1 deletions
--- a/src/Database/Seeds/OrganisationPermissions.php
+++ b/src/Database/Seeds/OrganisationPermissions.php
@@ -60,9 +60,21 @@ class OrganisationPermissions extends BaseSeed
            'view_organisation_field' => new Permission([
                'slug'        => 'view_organisation_field',
                'name'        => 'View organisation',
-                'conditions'  => "in(property,['name','slug','description','members'])",
+                'conditions'  => "in(property,['name','slug','description'])",
                'description' => 'View certain properties of any organisation.',
            ]),
+            'view_organisation_members_field' => new Permission([
+                'slug'        => 'view_organisation_field',
+                'name'        => 'View organisation members field',
+                'conditions'  => "in(property,['members'])",
+                'description' => 'View members field of any organisation.',
+            ]),
+            'view_organisation_members' => new Permission([
+                'slug'        => 'view_organisation_members',
+                'name'        => 'View organisation members',
+                'conditions'  => "always()",
+                'description' => 'View members of any organisation.',
+            ]),
            'view_organisation_field_own' => new Permission([
                'slug'        => 'view_organisation_field',
                'name'        => 'View own organisation',
@@ -194,6 +206,8 @@ class OrganisationPermissions extends BaseSeed
            $roleOrgAdmin->permissions()->syncWithoutDetaching([
                $permissions['create_organisation']->id,
                $permissions['view_organisation_field']->id,
+                $permissions['view_organisation_members_field']->id,
+                $permissions['view_organisation_members']->id,
                $permissions['update_organisation_field']->id,
                $permissions['approve_organisation']->id,
                $permissions['merge_organisations']->id,
--- a/src/Twig/OrganisationsExtension.php
+++ b/src/Twig/OrganisationsExtension.php
@@ -62,6 +62,10 @@ class OrganisationsExtension extends AbstractExtension implements GlobalsInterfa

                return $authorizer->runCallback($currentUser, 'is_organisation_admin', $currentUser->id, $organisation->id);
            }),
+            new TwigFunction('hasRole', function ($roleSlug) {
+                $currentUser = $this->services->currentUser;
+                return $currentUser->roles()->where('slug', $roleSlug)->count() > 0;
+            }),
        ];
    }