From 5c8cf6778c71a23d6cf89a1dda0bc908b28124a3 Mon Sep 17 00:00:00 2001 From: Craig Williams Date: Tue, 15 Feb 2022 17:55:57 +0000 Subject: [PATCH] Fixed permission for org admins to accept/reject join requests --- .../OrganisationMembersController.php | 25 ++----- .../Seeds/OrganisationPermissions.php | 69 +++++++++++-------- 2 files changed, 43 insertions(+), 51 deletions(-) diff --git a/src/Controller/OrganisationMembersController.php b/src/Controller/OrganisationMembersController.php index 870060c..f5f3b6b 100644 --- a/src/Controller/OrganisationMembersController.php +++ b/src/Controller/OrganisationMembersController.php @@ -348,7 +348,7 @@ class OrganisationMembersController extends SimpleController } // Access-controlled page - if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [ + if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [ 'organisation' => $organisation ])) { throw new ForbiddenException(); @@ -434,7 +434,7 @@ class OrganisationMembersController extends SimpleController $organisation = $tokenOwner->organisation()->first(); // Access-controlled page - if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [ + if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [ 'organisation' => $organisation ])) { throw new ForbiddenException(); @@ -490,7 +490,7 @@ class OrganisationMembersController extends SimpleController } // Access-controlled page - if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [ + if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [ 'organisation' => $organisation ])) { throw new ForbiddenException(); @@ -576,7 +576,7 @@ class OrganisationMembersController extends SimpleController $organisation = $tokenOwner->organisation()->first(); // Access-controlled page - if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [ + if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [ 'organisation' => $organisation ])) { throw new ForbiddenException(); @@ -820,9 +820,6 @@ class OrganisationMembersController extends SimpleController protected function processAcceptToken($tokenOwner) { - /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */ - $authorizer = $this->ci->authorizer; - /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */ $currentUser = $this->ci->currentUser; @@ -830,12 +827,6 @@ class OrganisationMembersController extends SimpleController $ms = $this->ci->alerts; - // Access-controlled page - if (!$authorizer->checkAccess($currentUser, 'accept_organisation_membership')) { - throw new ForbiddenException(); - } - - // Try and complete the token, bail if not found $verification = $this->ci->repoOrganisationMembershipApproval->completeForOwner($tokenOwner, ['approved' => true, 'approver_id' => $currentUser->id]); if (!$verification) { @@ -863,20 +854,12 @@ class OrganisationMembersController extends SimpleController protected function processRejectToken($tokenOwner) { - /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */ - $authorizer = $this->ci->authorizer; - /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */ $currentUser = $this->ci->currentUser; /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */ $ms = $this->ci->alerts; - - // Access-controlled page - if (!$authorizer->checkAccess($currentUser, 'accept_organisation_membership')) { - throw new ForbiddenException(); - } // Try and complete the token, bail if not found $verification = $this->ci->repoOrganisationMembershipApproval->completeForOwner($tokenOwner, ['approved' => false, 'approver_id' => $currentUser->id]); diff --git a/src/Database/Seeds/OrganisationPermissions.php b/src/Database/Seeds/OrganisationPermissions.php index 6b2dc3c..57cbd0a 100644 --- a/src/Database/Seeds/OrganisationPermissions.php +++ b/src/Database/Seeds/OrganisationPermissions.php @@ -51,12 +51,6 @@ class OrganisationPermissions extends BaseSeed 'conditions' => 'always()', 'description' => 'Create a new organisation.', ]), - 'register_organisation' => new Permission([ - 'slug' => 'register_organisation', - 'name' => 'Register organisation', - 'conditions' => 'always()', - 'description' => 'Register a new organisation. May optionally require approval.', - ]), 'view_organisation_field' => new Permission([ 'slug' => 'view_organisation_field', 'name' => 'View organisation', @@ -75,18 +69,6 @@ class OrganisationPermissions extends BaseSeed 'conditions' => "always()", 'description' => 'View members of any organisation.', ]), - 'view_organisation_field_own' => new Permission([ - 'slug' => 'view_organisation_field', - 'name' => 'View own organisation', - 'conditions' => "is_organisation_member(self.id,organisation.id) && in(property,['name','slug','description','members'])", - 'description' => 'View certain properties of own organisation.', - ]), - 'update_organisation_field_own' => new Permission([ - 'slug' => 'update_organisation_field', - 'name' => 'Update own organisation', - 'conditions' => "is_organisation_admin(self.id,organisation.id) && subset(fields,['name','slug','description','members'])", - 'description' => 'Edit basic properties of own organisation.', - ]), 'update_organisation_field' => new Permission([ 'slug' => 'update_organisation_field', 'name' => 'Edit organisation', @@ -105,18 +87,6 @@ class OrganisationPermissions extends BaseSeed 'conditions' => 'always()', 'description' => 'Merge two organisations together, including all the members.', ]), - 'leave_organisation' => new Permission([ - 'slug' => 'leave_organisation', - 'name' => 'Leave organisation', - 'conditions' => 'always()', - 'description' => 'Allows members to leave organisations.', - ]), - 'join_organisation' => new Permission([ - 'slug' => 'join_organisation', - 'name' => 'Join organisation', - 'conditions' => 'always()', - 'description' => 'Allows members to join organisations.', - ]), 'delete_organisation' => new Permission([ 'slug' => 'delete_organisation', 'name' => 'Delete organisation', @@ -135,6 +105,44 @@ class OrganisationPermissions extends BaseSeed 'conditions' => 'always()', 'description' => 'Permenently delete an organisation.', ]), + + 'register_organisation' => new Permission([ + 'slug' => 'register_organisation', + 'name' => 'Register organisation', + 'conditions' => 'always()', + 'description' => 'Register a new organisation. May optionally require approval.', + ]), + 'join_organisation' => new Permission([ + 'slug' => 'join_organisation', + 'name' => 'Join organisation', + 'conditions' => 'always()', + 'description' => 'Allows members to join organisations.', + ]), + 'leave_organisation' => new Permission([ + 'slug' => 'leave_organisation', + 'name' => 'Leave organisation', + 'conditions' => 'always()', + 'description' => 'Allows members to leave organisations.', + ]), + 'view_organisation_field_own' => new Permission([ + 'slug' => 'view_organisation_field', + 'name' => 'View own organisation', + 'conditions' => "is_organisation_member(self.id,organisation.id) && in(property,['name','slug','description','members'])", + 'description' => 'View certain properties of own organisation.', + ]), + 'update_organisation_field_own' => new Permission([ + 'slug' => 'update_organisation_field', + 'name' => 'Update own organisation', + 'conditions' => "is_organisation_admin(self.id,organisation.id) && subset(fields,['name','slug','description','members'])", + 'description' => 'Edit basic properties of own organisation.', + ]), + 'accept_organisation_join_request' => new Permission([ + 'slug' => 'accept_organisation_join_request', + 'name' => 'Accept/Reject join request', + 'conditions' => "is_organisation_admin(self.id,organisation.id)", + 'description' => 'Accept/Reject organisation join requests.', + ]), + 'uri_organisation' => new Permission([ 'slug' => 'uri_organisation', 'name' => 'View organisation', @@ -236,6 +244,7 @@ class OrganisationPermissions extends BaseSeed $permissions['join_organisation']->id, $permissions['leave_organisation']->id, $permissions['register_organisation']->id, + $permissions['accept_organisation_join_request']->id, ]); } }