Fixed permission for org admins to accept/reject join requests

2022-02-15 17:55:57 +00:00
parent 2dbd11ef28
commit 5c8cf6778c
2 changed files with 43 additions and 51 deletions
--- a/src/Controller/OrganisationMembersController.php
+++ b/src/Controller/OrganisationMembersController.php
@@ -348,7 +348,7 @@ class OrganisationMembersController extends SimpleController
        }

        // Access-controlled page
-        if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
+        if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [
            'organisation' => $organisation
        ])) {
            throw new ForbiddenException();
@@ -434,7 +434,7 @@ class OrganisationMembersController extends SimpleController
        $organisation = $tokenOwner->organisation()->first();

        // Access-controlled page
-        if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
+        if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [
            'organisation' => $organisation
        ])) {
            throw new ForbiddenException();
@@ -490,7 +490,7 @@ class OrganisationMembersController extends SimpleController
        }

        // Access-controlled page
-        if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
+        if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [
            'organisation' => $organisation
        ])) {
            throw new ForbiddenException();
@@ -576,7 +576,7 @@ class OrganisationMembersController extends SimpleController
        $organisation = $tokenOwner->organisation()->first();

        // Access-controlled page
-        if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
+        if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [
            'organisation' => $organisation
        ])) {
            throw new ForbiddenException();
@@ -820,9 +820,6 @@ class OrganisationMembersController extends SimpleController

    protected function processAcceptToken($tokenOwner)
    {
-        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
-        $authorizer = $this->ci->authorizer;
-
        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
        $currentUser = $this->ci->currentUser;

@@ -830,12 +827,6 @@ class OrganisationMembersController extends SimpleController
        $ms = $this->ci->alerts;


-        // Access-controlled page
-        if (!$authorizer->checkAccess($currentUser, 'accept_organisation_membership')) {
-            throw new ForbiddenException();
-        }
-
-
        // Try and complete the token, bail if not found
        $verification = $this->ci->repoOrganisationMembershipApproval->completeForOwner($tokenOwner, ['approved' => true, 'approver_id' => $currentUser->id]);
        if (!$verification) {
@@ -863,20 +854,12 @@ class OrganisationMembersController extends SimpleController

    protected function processRejectToken($tokenOwner)
    {
-        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
-        $authorizer = $this->ci->authorizer;
-
        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
        $currentUser = $this->ci->currentUser;

        /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
        $ms = $this->ci->alerts;
-        

-        // Access-controlled page
-        if (!$authorizer->checkAccess($currentUser, 'accept_organisation_membership')) {
-            throw new ForbiddenException();
-        }

        // Try and complete the token, bail if not found
        $verification = $this->ci->repoOrganisationMembershipApproval->completeForOwner($tokenOwner, ['approved' => false, 'approver_id' => $currentUser->id]);
--- a/src/Database/Seeds/OrganisationPermissions.php
+++ b/src/Database/Seeds/OrganisationPermissions.php
@@ -51,12 +51,6 @@ class OrganisationPermissions extends BaseSeed
                'conditions'  => 'always()',
                'description' => 'Create a new organisation.',
            ]),
-            'register_organisation' => new Permission([
-                'slug'        => 'register_organisation',
-                'name'        => 'Register organisation',
-                'conditions'  => 'always()',
-                'description' => 'Register a new organisation. May optionally require approval.',
-            ]),
            'view_organisation_field' => new Permission([
                'slug'        => 'view_organisation_field',
                'name'        => 'View organisation',
@@ -75,18 +69,6 @@ class OrganisationPermissions extends BaseSeed
                'conditions'  => "always()",
                'description' => 'View members of any organisation.',
            ]),
-            'view_organisation_field_own' => new Permission([
-                'slug'        => 'view_organisation_field',
-                'name'        => 'View own organisation',
-                'conditions'  => "is_organisation_member(self.id,organisation.id) && in(property,['name','slug','description','members'])",
-                'description' => 'View certain properties of own organisation.',
-            ]),
-            'update_organisation_field_own' => new Permission([
-                'slug'        => 'update_organisation_field',
-                'name'        => 'Update own organisation',
-                'conditions'  => "is_organisation_admin(self.id,organisation.id) && subset(fields,['name','slug','description','members'])",
-                'description' => 'Edit basic properties of own organisation.',
-            ]),
            'update_organisation_field' => new Permission([
                'slug'        => 'update_organisation_field',
                'name'        => 'Edit organisation',
@@ -105,18 +87,6 @@ class OrganisationPermissions extends BaseSeed
                'conditions'  => 'always()',
                'description' => 'Merge two organisations together, including all the members.',
            ]),
-            'leave_organisation' => new Permission([
-                'slug'        => 'leave_organisation',
-                'name'        => 'Leave organisation',
-                'conditions'  => 'always()',
-                'description' => 'Allows members to leave organisations.',
-            ]),
-            'join_organisation' => new Permission([
-                'slug'        => 'join_organisation',
-                'name'        => 'Join organisation',
-                'conditions'  => 'always()',
-                'description' => 'Allows members to join organisations.',
-            ]),
            'delete_organisation' => new Permission([
                'slug'        => 'delete_organisation',
                'name'        => 'Delete organisation',
@@ -135,6 +105,44 @@ class OrganisationPermissions extends BaseSeed
                'conditions'  => 'always()',
                'description' => 'Permenently delete an organisation.',
            ]),
+
+            'register_organisation' => new Permission([
+                'slug'        => 'register_organisation',
+                'name'        => 'Register organisation',
+                'conditions'  => 'always()',
+                'description' => 'Register a new organisation. May optionally require approval.',
+            ]),
+            'join_organisation' => new Permission([
+                'slug'        => 'join_organisation',
+                'name'        => 'Join organisation',
+                'conditions'  => 'always()',
+                'description' => 'Allows members to join organisations.',
+            ]),
+            'leave_organisation' => new Permission([
+                'slug'        => 'leave_organisation',
+                'name'        => 'Leave organisation',
+                'conditions'  => 'always()',
+                'description' => 'Allows members to leave organisations.',
+            ]),
+            'view_organisation_field_own' => new Permission([
+                'slug'        => 'view_organisation_field',
+                'name'        => 'View own organisation',
+                'conditions'  => "is_organisation_member(self.id,organisation.id) && in(property,['name','slug','description','members'])",
+                'description' => 'View certain properties of own organisation.',
+            ]),
+            'update_organisation_field_own' => new Permission([
+                'slug'        => 'update_organisation_field',
+                'name'        => 'Update own organisation',
+                'conditions'  => "is_organisation_admin(self.id,organisation.id) && subset(fields,['name','slug','description','members'])",
+                'description' => 'Edit basic properties of own organisation.',
+            ]),
+            'accept_organisation_join_request' => new Permission([
+                'slug'        => 'accept_organisation_join_request',
+                'name'        => 'Accept/Reject join request',
+                'conditions'  => "is_organisation_admin(self.id,organisation.id)",
+                'description' => 'Accept/Reject organisation join requests.',
+            ]),
+
            'uri_organisation' => new Permission([
                'slug'        => 'uri_organisation',
                'name'        => 'View organisation',
@@ -236,6 +244,7 @@ class OrganisationPermissions extends BaseSeed
                $permissions['join_organisation']->id,
                $permissions['leave_organisation']->id,
                $permissions['register_organisation']->id,
+                $permissions['accept_organisation_join_request']->id,
            ]);
        }
    }