AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Fixed permission for org admins to accept/reject join requests

Browse Source
This commit is contained in:
Craig Williams
2022-02-15 17:55:57 +00:00
parent 2dbd11ef28
commit 5c8cf6778c
2 changed files with 43 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/Controller/OrganisationMembersController.php
View File

@@ -348,7 +348,7 @@ class OrganisationMembersController extends SimpleController
} }
// Access-controlled page // Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [ if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [
'organisation' => $organisation 'organisation' => $organisation
])) { ])) {
throw new ForbiddenException(); throw new ForbiddenException();
@@ -434,7 +434,7 @@ class OrganisationMembersController extends SimpleController
$organisation = $tokenOwner->organisation()->first(); $organisation = $tokenOwner->organisation()->first();
// Access-controlled page // Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [ if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [
'organisation' => $organisation 'organisation' => $organisation
])) { ])) {
throw new ForbiddenException(); throw new ForbiddenException();
@@ -490,7 +490,7 @@ class OrganisationMembersController extends SimpleController
} }
// Access-controlled page // Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [ if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [
'organisation' => $organisation 'organisation' => $organisation
])) { ])) {
throw new ForbiddenException(); throw new ForbiddenException();
@@ -576,7 +576,7 @@ class OrganisationMembersController extends SimpleController
$organisation = $tokenOwner->organisation()->first(); $organisation = $tokenOwner->organisation()->first();
// Access-controlled page // Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [ if (!$authorizer->checkAccess($currentUser, 'accept_organisation_join_request', [
'organisation' => $organisation 'organisation' => $organisation
])) { ])) {
throw new ForbiddenException(); throw new ForbiddenException();
@@ -820,9 +820,6 @@ class OrganisationMembersController extends SimpleController
protected function processAcceptToken($tokenOwner) protected function processAcceptToken($tokenOwner)
{ {
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */ /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser; $currentUser = $this->ci->currentUser;
@@ -830,12 +827,6 @@ class OrganisationMembersController extends SimpleController
$ms = $this->ci->alerts; $ms = $this->ci->alerts;
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'accept_organisation_membership')) {
throw new ForbiddenException();
}
// Try and complete the token, bail if not found // Try and complete the token, bail if not found
$verification = $this->ci->repoOrganisationMembershipApproval->completeForOwner($tokenOwner, ['approved' => true, 'approver_id' => $currentUser->id]); $verification = $this->ci->repoOrganisationMembershipApproval->completeForOwner($tokenOwner, ['approved' => true, 'approver_id' => $currentUser->id]);
if (!$verification) { if (!$verification) {
@@ -863,9 +854,6 @@ class OrganisationMembersController extends SimpleController
protected function processRejectToken($tokenOwner) protected function processRejectToken($tokenOwner)
{ {
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */ /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser; $currentUser = $this->ci->currentUser;
@@ -873,11 +861,6 @@ class OrganisationMembersController extends SimpleController
$ms = $this->ci->alerts; $ms = $this->ci->alerts;
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'accept_organisation_membership')) {
throw new ForbiddenException();
}
// Try and complete the token, bail if not found // Try and complete the token, bail if not found
$verification = $this->ci->repoOrganisationMembershipApproval->completeForOwner($tokenOwner, ['approved' => false, 'approver_id' => $currentUser->id]); $verification = $this->ci->repoOrganisationMembershipApproval->completeForOwner($tokenOwner, ['approved' => false, 'approver_id' => $currentUser->id]);
if (!$verification) { if (!$verification) {

69
src/Database/Seeds/OrganisationPermissions.php
View File

@@ -51,12 +51,6 @@ class OrganisationPermissions extends BaseSeed
'conditions' => 'always()', 'conditions' => 'always()',
'description' => 'Create a new organisation.', 'description' => 'Create a new organisation.',
]), ]),
'register_organisation' => new Permission([
'slug' => 'register_organisation',
'name' => 'Register organisation',
'conditions' => 'always()',
'description' => 'Register a new organisation. May optionally require approval.',
]),
'view_organisation_field' => new Permission([ 'view_organisation_field' => new Permission([
'slug' => 'view_organisation_field', 'slug' => 'view_organisation_field',
'name' => 'View organisation', 'name' => 'View organisation',
@@ -75,18 +69,6 @@ class OrganisationPermissions extends BaseSeed
'conditions' => "always()", 'conditions' => "always()",
'description' => 'View members of any organisation.', 'description' => 'View members of any organisation.',
]), ]),
'view_organisation_field_own' => new Permission([
'slug' => 'view_organisation_field',
'name' => 'View own organisation',
'conditions' => "is_organisation_member(self.id,organisation.id) && in(property,['name','slug','description','members'])",
'description' => 'View certain properties of own organisation.',
]),
'update_organisation_field_own' => new Permission([
'slug' => 'update_organisation_field',
'name' => 'Update own organisation',
'conditions' => "is_organisation_admin(self.id,organisation.id) && subset(fields,['name','slug','description','members'])",
'description' => 'Edit basic properties of own organisation.',
]),
'update_organisation_field' => new Permission([ 'update_organisation_field' => new Permission([
'slug' => 'update_organisation_field', 'slug' => 'update_organisation_field',
'name' => 'Edit organisation', 'name' => 'Edit organisation',
@@ -105,18 +87,6 @@ class OrganisationPermissions extends BaseSeed
'conditions' => 'always()', 'conditions' => 'always()',
'description' => 'Merge two organisations together, including all the members.', 'description' => 'Merge two organisations together, including all the members.',
]), ]),
'leave_organisation' => new Permission([
'slug' => 'leave_organisation',
'name' => 'Leave organisation',
'conditions' => 'always()',
'description' => 'Allows members to leave organisations.',
]),
'join_organisation' => new Permission([
'slug' => 'join_organisation',
'name' => 'Join organisation',
'conditions' => 'always()',
'description' => 'Allows members to join organisations.',
]),
'delete_organisation' => new Permission([ 'delete_organisation' => new Permission([
'slug' => 'delete_organisation', 'slug' => 'delete_organisation',
'name' => 'Delete organisation', 'name' => 'Delete organisation',
@@ -135,6 +105,44 @@ class OrganisationPermissions extends BaseSeed
'conditions' => 'always()', 'conditions' => 'always()',
'description' => 'Permenently delete an organisation.', 'description' => 'Permenently delete an organisation.',
]), ]),
'register_organisation' => new Permission([
'slug' => 'register_organisation',
'name' => 'Register organisation',
'conditions' => 'always()',
'description' => 'Register a new organisation. May optionally require approval.',
]),
'join_organisation' => new Permission([
'slug' => 'join_organisation',
'name' => 'Join organisation',
'conditions' => 'always()',
'description' => 'Allows members to join organisations.',
]),
'leave_organisation' => new Permission([
'slug' => 'leave_organisation',
'name' => 'Leave organisation',
'conditions' => 'always()',
'description' => 'Allows members to leave organisations.',
]),
'view_organisation_field_own' => new Permission([
'slug' => 'view_organisation_field',
'name' => 'View own organisation',
'conditions' => "is_organisation_member(self.id,organisation.id) && in(property,['name','slug','description','members'])",
'description' => 'View certain properties of own organisation.',
]),
'update_organisation_field_own' => new Permission([
'slug' => 'update_organisation_field',
'name' => 'Update own organisation',
'conditions' => "is_organisation_admin(self.id,organisation.id) && subset(fields,['name','slug','description','members'])",
'description' => 'Edit basic properties of own organisation.',
]),
'accept_organisation_join_request' => new Permission([
'slug' => 'accept_organisation_join_request',
'name' => 'Accept/Reject join request',
'conditions' => "is_organisation_admin(self.id,organisation.id)",
'description' => 'Accept/Reject organisation join requests.',
]),
'uri_organisation' => new Permission([ 'uri_organisation' => new Permission([
'slug' => 'uri_organisation', 'slug' => 'uri_organisation',
'name' => 'View organisation', 'name' => 'View organisation',
@@ -236,6 +244,7 @@ class OrganisationPermissions extends BaseSeed
$permissions['join_organisation']->id, $permissions['join_organisation']->id,
$permissions['leave_organisation']->id, $permissions['leave_organisation']->id,
$permissions['register_organisation']->id, $permissions['register_organisation']->id,
$permissions['accept_organisation_join_request']->id,
]); ]);
} }
} }