Fixed some permission issues

locale/en_US/messages.php

@@ -51,7 +51,7 @@ return [
         'DELETE_YES'                     => 'Yes, delete organisation',
         'DELETION_SUCCESSFUL'            => 'Successfully deleted organisation <strong>{{name}}</strong>',
 
-        'MEMBER_COUNT'                   => '# Members <sub>(excl admins)</sub>',
+        'MEMBER_COUNT'                   => '# Members',
         'ADMIN_COUNT'                    => '# Admins',
 
         'SELF'                           => [

src/Database/Seeds/OrganisationPermissions.php

@@ -127,12 +127,6 @@ class OrganisationPermissions extends BaseSeed
             ]),
 
 
-            // 'view_organisation_members_field' => new Permission([
-            //     'slug'        => 'view_organisation_field',
-            //     'name'        => 'View organisation members field',
-            //     'conditions'  => "in(property,['members'])",
-            //     'description' => 'View members field of any organisation.',
-            // ]),
             'view_organisation_members' => new Permission([
                 'slug'        => 'view_organisation_field',
                 'name'        => 'View organisation members',
@@ -200,12 +194,12 @@ class OrganisationPermissions extends BaseSeed
             ]),
 
 
-            // 'uri_user_in_organisation' => new Permission([
-            //     'slug'        => 'uri_user',
-            //     'name'        => 'View user',
-            //     'conditions'  => "has_matching_organisation(self.id,user.id,true) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id))",
-            //     'description' => 'View the user page of any user in your group, except the master user and Site and (global) Organisation Administrators (except yourself).',
-            // ]),
+            'uri_user_in_organisation' => new Permission([
+                'slug'        => 'uri_user',
+                'name'        => 'View user',
+                'conditions'  => "(has_role(self.id,{$roleIds['organisations-admin']}) || has_matching_organisation(self.id,user.id,1)) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id))",
+                'description' => 'View the user page of any user in your group, except the master user and Site and (global) Organisation Administrators (except yourself).',
+            ]),
             'view_user_field' => new Permission([
                 'slug'        => 'view_user_field',
                 'name'        => 'View user',
@@ -232,18 +226,25 @@ class OrganisationPermissions extends BaseSeed
                 'description' => 'Edit organisations for users in your own group who are not Site or Group Administrators, except yourself.',
             ]),
 
-            'view_user_field_organisation' => new Permission([
+            'view_user_field_organisation_audit' => new Permission([
                 'slug'        => 'view_user_field',
                 'name'        => 'View user',
-                'conditions'  => "has_matching_organisation(self.id,user.id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','activities','organisations'])",
+                'conditions'  => "has_role(self.id,{$roleIds['organisations-admin']}) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['activities'])",
                 'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
             ]),
             'update_user_field_organisation' => new Permission([
                 'slug'        => 'update_user_field',
                 'name'        => 'Edit organisation user',
-                'conditions'  => "has_matching_organisation(self.id,user.id,1) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
+                'conditions'  => "(has_role(self.id,{$roleIds['organisations-admin']}) || has_matching_organisation(self.id,user.id,1)) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
                 'description' => 'Edit users in your own organisation who are not Site or (global) Organisation Administrators, except yourself.',
             ]),
+
+            'view_user_field_organisation' => new Permission([
+                'slug'        => 'view_user_field',
+                'name'        => 'View user',
+                'conditions'  => "has_matching_organisation(self.id,user.id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','organisations'])",
+                'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
+            ]),
         ];
     }
 
@@ -328,13 +329,15 @@ class OrganisationPermissions extends BaseSeed
 
                 $permissions['uri_organisation']->id,
                 $permissions['uri_organisations']->id,
+                $permissions['uri_user_in_organisation']->id,
                 $permissions['uri_deleted_organisations']->id,
 
                 $permissions['view_organisation_members']->id,
                 $permissions['promote_organisation_member']->id,
 
-                #$permissions['view_user_field']->id,
-                #$permissions['update_user_field']->id,
+                $permissions['view_user_field_organisation_audit']->id,
+                $permissions['view_user_field_organisation']->id,
+                $permissions['update_user_field_organisation']->id,
             ]);
         }
 
@@ -352,6 +355,7 @@ class OrganisationPermissions extends BaseSeed
 
                 $permissions['uri_organisation_own']->id,
                 $permissions['uri_organisations']->id,
+                $permissions['uri_user_in_organisation']->id,
 
                 $permissions['view_user_field_organisation']->id,
                 $permissions['update_user_field_organisation']->id,

templates/pages/user.html.twig

@@ -168,6 +168,7 @@
                 {% endblock %}
             </div>
         </div>
+        {% if checkAccess('view_user_field', { 'user': user, 'property': 'activities' }) %}
         {% if 'activities' not in widgets.hidden %}
         <div class="col-lg-8">
             {% block activity_box %}
@@ -188,6 +189,7 @@
             {% endblock %}
         </div>
         {% endif %}
+        {% endif %}
     </div>
     {% if 'permissions' not in widgets.hidden %}
     <div class="row">