AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Added functionality to permenently delete or restore deleted organisations

Browse Source
This commit is contained in:
Craig Williams
2022-02-10 15:52:57 +00:00
parent c3cf97ea50
commit 57dfed304f
10 changed files with 603 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

271
src/Controller/OrganisationController.php
View File

@@ -474,6 +474,145 @@ class OrganisationController extends SimpleController
}
/**
* Processes the request to permenently delete a deleted organisation.
*
* Permenently deletes the specified organisation.
* Before doing so, checks that:
* 1. The user has permission to delete this organisation;
* 2. The submitted data is valid.
* This route requires authentication (and should generally be limited to admins or the root user).
*
* Request type: DELETE
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws NotFoundException If organisation is not found
* @throws ForbiddenException If user is not authorized to access page
* @throws BadRequestException
*/
public function deletePermenent(Request $request, Response $response, $args)
{
$organisation = $this->getOrganisationFromParams($args, true);
// If the organisation doesn't exist, return 404
if (!$organisation) {
throw new NotFoundException();
}
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'permenent_delete_organisation', [
'organisation' => $organisation,
])) {
throw new ForbiddenException();
}
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
$organisationName = $organisation->name;
// Begin transaction - DB will be rolled back if an exception occurs
Capsule::transaction(function () use ($organisation, $organisationName, $currentUser) {
$organisation->delete(true);
unset($organisation);
// Create activity record
$this->ci->userActivityLogger->info("User {$currentUser->user_name} permenetly deleted organisation {$organisationName}.", [
'type' => 'organisation_delete',
'user_id' => $currentUser->id,
]);
});
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts;
$ms->addMessageTranslated('success', 'ORGANISATION.PERMENENT_DELETION_SUCCESSFUL', [
'name' => $organisationName,
]);
return $response->withJson([], 200);
}
/**
* Restores a deleted organisation
*
* Before doing so, checks that:
* 1. The user has permission to restore this organisation;
* 2. The submitted data is valid.
* This route requires authentication (and should generally be limited to admins or the root user).
*
* Request type: PUT
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws NotFoundException If organisation is not found
* @throws ForbiddenException If user is not authorized to access page
* @throws BadRequestException
*/
public function restore(Request $request, Response $response, $args)
{
$organisation = $this->getOrganisationFromParams($args, true);
// If the organisation doesn't exist, return 404
if (!$organisation) {
throw new NotFoundException();
}
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'restore_organisation', [
'organisation' => $organisation,
])) {
throw new ForbiddenException();
}
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
// Begin transaction - DB will be rolled back if an exception occurs
Capsule::transaction(function () use ($organisation, $currentUser) {
$organisation->restore();
// Create activity record
$this->ci->userActivityLogger->info("User {$currentUser->user_name} restored deleted organisation {$organisation->name}.", [
'type' => 'organisation_restore',
'user_id' => $currentUser->id,
]);
});
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts;
$ms->addMessageTranslated('success', 'ORGANISATION.RESTORE_SUCCESSFUL', [
'name' => $organisation->name,
]);
return $response->withJson([], 200);
}
/**
* Returns a list of Organisations.
*
@@ -514,6 +653,49 @@ class OrganisationController extends SimpleController
return $sprunje->toResponse($response);
}
/**
* Returns a list of Organisations.
*
* Generates a list of organisations, optionally paginated, sorted and/or filtered.
* This page requires authentication.
*
* Request type: GET
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws ForbiddenException If user is not authorized to access page
*/
public function getListDeleted(Request $request, Response $response, $args)
{
// GET parameters
$params = $request->getQueryParams();
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'uri_deleted_organisations')) {
throw new ForbiddenException();
}
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
$sprunje = $classMapper->createInstance('organisation_sprunje', $classMapper, $params);
$sprunje->extendQuery(function ($query) use ($user) {
return $query->onlyTrashed();
});
// Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content.
// For example, if you plan to insert it into an HTML DOM, you must escape it on the client side (or use client-side templating).
return $sprunje->toResponse($response);
}
/**
* Get deletion confirmation modal.
*
@@ -561,6 +743,53 @@ class OrganisationController extends SimpleController
]);
}
/**
* Get permenent deletion confirmation modal.
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws NotFoundException If organisation is not found
* @throws ForbiddenException If user is not authorized to access page
* @throws BadRequestException
*/
public function getModalConfirmPermenentDelete(Request $request, Response $response, $args)
{
// GET parameters
$params = $request->getQueryParams();
$organisation = $this->getOrganisationFromParams($params, true);
// If the organisation no longer exists, forward to main organisation listing page
if (!$organisation) {
throw new NotFoundException();
}
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'permenent_delete_organisation', [
'organisation' => $organisation,
])) {
throw new ForbiddenException();
}
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
return $this->ci->view->render($response, 'modals/confirm-permenent-delete-organisation.html.twig', [
'organisation' => $organisation,
'form' => [
'action' => "api/organisations/o/{$organisation->slug}/permenent",
],
]);
}
/**
* Renders the modal form for creating a new organisation.
*
@@ -872,6 +1101,37 @@ class OrganisationController extends SimpleController
return $this->ci->view->render($response, 'pages/organisations.html.twig');
}
/**
* Renders the organisation listing page for deleted organisations.
*
* This page renders a table of organisations, with dropdown menus for admin actions for each organisation.
* Actions typically include: restore organisation, permenently delete etd.
* This page requires authentication.
*
* Request type: GET
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws ForbiddenException If user is not authorized to access page
*/
public function pageListDeleted(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'uri_deleted_organisations')) {
throw new ForbiddenException();
}
return $this->ci->view->render($response, 'pages/deleted-organisations.html.twig');
}
/**
* Get organisation from params.
@@ -882,7 +1142,7 @@ class OrganisationController extends SimpleController
*
* @return Organisation
*/
protected function getOrganisationFromParams($params)
protected function getOrganisationFromParams($params, $withTrashed = false)
{
// Load the request schema
$schema = new RequestSchema('schema://requests/organisation/get-by-slug.yaml');
@@ -908,9 +1168,14 @@ class OrganisationController extends SimpleController
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
$query = $classMapper->getClassMapping('organisation')::where('slug', $data['slug']);
if ($withTrashed) {
$query->withTrashed();
}
// Get the organisation
$organisation = $classMapper->getClassMapping('organisation')::where('slug', $data['slug'])
->first();
$organisation = $query->first();
return $organisation;
}

22
src/Database/Seeds/OrganisationPermissions.php
View File

@@ -99,6 +99,18 @@ class OrganisationPermissions extends BaseSeed
'conditions' => 'always()',
'description' => 'Delete an organisation.',
]),
'restore_organisation' => new Permission([
'slug' => 'restore_organisation',
'name' => 'Restore organisation',
'conditions' => 'always()',
'description' => 'Restore a deleted organisation.',
]),
'permenent_delete_organisation' => new Permission([
'slug' => 'permenent_delete_organisation',
'name' => 'Permenently delete organisation',
'conditions' => 'always()',
'description' => 'Permenently delete an organisation.',
]),
'uri_organisation' => new Permission([
'slug' => 'uri_organisation',
'name' => 'View organisation',
@@ -117,9 +129,16 @@ class OrganisationPermissions extends BaseSeed
'conditions' => 'always()',
'description' => 'View a page containing a list of organisations.',
]),
'uri_deleted_organisations' => new Permission([
'slug' => 'uri_deleted_organisations',
'name' => 'Deleted organisation management page',
'conditions' => 'always()',
'description' => 'View a page containing a list of deleted organisations.',
]),
];
}
/**
* Save permissions.
*
@@ -175,6 +194,9 @@ class OrganisationPermissions extends BaseSeed
$permissions['delete_organisation']->id,
$permissions['uri_organisations']->id,
$permissions['uri_organisation']->id,
$permissions['uri_deleted_organisations']->id,
$permissions['restore_organisation']->id,
$permissions['permenent_delete_organisation']->id,
]);
}