AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Fixed some permission issues

Browse Source
This commit is contained in:
Craig Williams
2023-09-12 16:02:00 +01:00
parent dead350676
commit 7fab295b6f
3 changed files with 24 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/Database/Seeds/OrganisationPermissions.php
View File

@@ -127,12 +127,6 @@ class OrganisationPermissions extends BaseSeed
]),
// 'view_organisation_members_field' => new Permission([
// 'slug' => 'view_organisation_field',
// 'name' => 'View organisation members field',
// 'conditions' => "in(property,['members'])",
// 'description' => 'View members field of any organisation.',
// ]),
'view_organisation_members' => new Permission([
'slug' => 'view_organisation_field',
'name' => 'View organisation members',
@@ -200,12 +194,12 @@ class OrganisationPermissions extends BaseSeed
]),
// 'uri_user_in_organisation' => new Permission([
// 'slug' => 'uri_user',
// 'name' => 'View user',
// 'conditions' => "has_matching_organisation(self.id,user.id,true) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id))",
// 'description' => 'View the user page of any user in your group, except the master user and Site and (global) Organisation Administrators (except yourself).',
// ]),
'uri_user_in_organisation' => new Permission([
'slug' => 'uri_user',
'name' => 'View user',
'conditions' => "(has_role(self.id,{$roleIds['organisations-admin']}) || has_matching_organisation(self.id,user.id,1)) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id))",
'description' => 'View the user page of any user in your group, except the master user and Site and (global) Organisation Administrators (except yourself).',
]),
'view_user_field' => new Permission([
'slug' => 'view_user_field',
'name' => 'View user',
@@ -232,18 +226,25 @@ class OrganisationPermissions extends BaseSeed
'description' => 'Edit organisations for users in your own group who are not Site or Group Administrators, except yourself.',
]),
'view_user_field_organisation' => new Permission([
'view_user_field_organisation_audit' => new Permission([
'slug' => 'view_user_field',
'name' => 'View user',
'conditions' => "has_matching_organisation(self.id,user.id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','activities','organisations'])",
'conditions' => "has_role(self.id,{$roleIds['organisations-admin']}) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['activities'])",
'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
]),
'update_user_field_organisation' => new Permission([
'slug' => 'update_user_field',
'name' => 'Edit organisation user',
'conditions' => "has_matching_organisation(self.id,user.id,1) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
'conditions' => "(has_role(self.id,{$roleIds['organisations-admin']}) || has_matching_organisation(self.id,user.id,1)) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
'description' => 'Edit users in your own organisation who are not Site or (global) Organisation Administrators, except yourself.',
]),
'view_user_field_organisation' => new Permission([
'slug' => 'view_user_field',
'name' => 'View user',
'conditions' => "has_matching_organisation(self.id,user.id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','organisations'])",
'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
]),
];
}
@@ -328,13 +329,15 @@ class OrganisationPermissions extends BaseSeed
$permissions['uri_organisation']->id,
$permissions['uri_organisations']->id,
$permissions['uri_user_in_organisation']->id,
$permissions['uri_deleted_organisations']->id,
$permissions['view_organisation_members']->id,
$permissions['promote_organisation_member']->id,
#$permissions['view_user_field']->id,
#$permissions['update_user_field']->id,
$permissions['view_user_field_organisation_audit']->id,
$permissions['view_user_field_organisation']->id,
$permissions['update_user_field_organisation']->id,
]);
}
@@ -352,6 +355,7 @@ class OrganisationPermissions extends BaseSeed
$permissions['uri_organisation_own']->id,
$permissions['uri_organisations']->id,
$permissions['uri_user_in_organisation']->id,
$permissions['view_user_field_organisation']->id,
$permissions['update_user_field_organisation']->id,