Fixed some permission issues
This commit is contained in:
@@ -51,7 +51,7 @@ return [
|
|||||||
'DELETE_YES' => 'Yes, delete organisation',
|
'DELETE_YES' => 'Yes, delete organisation',
|
||||||
'DELETION_SUCCESSFUL' => 'Successfully deleted organisation <strong>{{name}}</strong>',
|
'DELETION_SUCCESSFUL' => 'Successfully deleted organisation <strong>{{name}}</strong>',
|
||||||
|
|
||||||
'MEMBER_COUNT' => '# Members <sub>(excl admins)</sub>',
|
'MEMBER_COUNT' => '# Members',
|
||||||
'ADMIN_COUNT' => '# Admins',
|
'ADMIN_COUNT' => '# Admins',
|
||||||
|
|
||||||
'SELF' => [
|
'SELF' => [
|
||||||
|
|||||||
@@ -127,12 +127,6 @@ class OrganisationPermissions extends BaseSeed
|
|||||||
]),
|
]),
|
||||||
|
|
||||||
|
|
||||||
// 'view_organisation_members_field' => new Permission([
|
|
||||||
// 'slug' => 'view_organisation_field',
|
|
||||||
// 'name' => 'View organisation members field',
|
|
||||||
// 'conditions' => "in(property,['members'])",
|
|
||||||
// 'description' => 'View members field of any organisation.',
|
|
||||||
// ]),
|
|
||||||
'view_organisation_members' => new Permission([
|
'view_organisation_members' => new Permission([
|
||||||
'slug' => 'view_organisation_field',
|
'slug' => 'view_organisation_field',
|
||||||
'name' => 'View organisation members',
|
'name' => 'View organisation members',
|
||||||
@@ -200,12 +194,12 @@ class OrganisationPermissions extends BaseSeed
|
|||||||
]),
|
]),
|
||||||
|
|
||||||
|
|
||||||
// 'uri_user_in_organisation' => new Permission([
|
'uri_user_in_organisation' => new Permission([
|
||||||
// 'slug' => 'uri_user',
|
'slug' => 'uri_user',
|
||||||
// 'name' => 'View user',
|
'name' => 'View user',
|
||||||
// 'conditions' => "has_matching_organisation(self.id,user.id,true) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id))",
|
'conditions' => "(has_role(self.id,{$roleIds['organisations-admin']}) || has_matching_organisation(self.id,user.id,1)) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id))",
|
||||||
// 'description' => 'View the user page of any user in your group, except the master user and Site and (global) Organisation Administrators (except yourself).',
|
'description' => 'View the user page of any user in your group, except the master user and Site and (global) Organisation Administrators (except yourself).',
|
||||||
// ]),
|
]),
|
||||||
'view_user_field' => new Permission([
|
'view_user_field' => new Permission([
|
||||||
'slug' => 'view_user_field',
|
'slug' => 'view_user_field',
|
||||||
'name' => 'View user',
|
'name' => 'View user',
|
||||||
@@ -232,18 +226,25 @@ class OrganisationPermissions extends BaseSeed
|
|||||||
'description' => 'Edit organisations for users in your own group who are not Site or Group Administrators, except yourself.',
|
'description' => 'Edit organisations for users in your own group who are not Site or Group Administrators, except yourself.',
|
||||||
]),
|
]),
|
||||||
|
|
||||||
'view_user_field_organisation' => new Permission([
|
'view_user_field_organisation_audit' => new Permission([
|
||||||
'slug' => 'view_user_field',
|
'slug' => 'view_user_field',
|
||||||
'name' => 'View user',
|
'name' => 'View user',
|
||||||
'conditions' => "has_matching_organisation(self.id,user.id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','activities','organisations'])",
|
'conditions' => "has_role(self.id,{$roleIds['organisations-admin']}) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['activities'])",
|
||||||
'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
|
'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
|
||||||
]),
|
]),
|
||||||
'update_user_field_organisation' => new Permission([
|
'update_user_field_organisation' => new Permission([
|
||||||
'slug' => 'update_user_field',
|
'slug' => 'update_user_field',
|
||||||
'name' => 'Edit organisation user',
|
'name' => 'Edit organisation user',
|
||||||
'conditions' => "has_matching_organisation(self.id,user.id,1) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
|
'conditions' => "(has_role(self.id,{$roleIds['organisations-admin']}) || has_matching_organisation(self.id,user.id,1)) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
|
||||||
'description' => 'Edit users in your own organisation who are not Site or (global) Organisation Administrators, except yourself.',
|
'description' => 'Edit users in your own organisation who are not Site or (global) Organisation Administrators, except yourself.',
|
||||||
]),
|
]),
|
||||||
|
|
||||||
|
'view_user_field_organisation' => new Permission([
|
||||||
|
'slug' => 'view_user_field',
|
||||||
|
'name' => 'View user',
|
||||||
|
'conditions' => "has_matching_organisation(self.id,user.id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','organisations'])",
|
||||||
|
'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
|
||||||
|
]),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -328,13 +329,15 @@ class OrganisationPermissions extends BaseSeed
|
|||||||
|
|
||||||
$permissions['uri_organisation']->id,
|
$permissions['uri_organisation']->id,
|
||||||
$permissions['uri_organisations']->id,
|
$permissions['uri_organisations']->id,
|
||||||
|
$permissions['uri_user_in_organisation']->id,
|
||||||
$permissions['uri_deleted_organisations']->id,
|
$permissions['uri_deleted_organisations']->id,
|
||||||
|
|
||||||
$permissions['view_organisation_members']->id,
|
$permissions['view_organisation_members']->id,
|
||||||
$permissions['promote_organisation_member']->id,
|
$permissions['promote_organisation_member']->id,
|
||||||
|
|
||||||
#$permissions['view_user_field']->id,
|
$permissions['view_user_field_organisation_audit']->id,
|
||||||
#$permissions['update_user_field']->id,
|
$permissions['view_user_field_organisation']->id,
|
||||||
|
$permissions['update_user_field_organisation']->id,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -352,6 +355,7 @@ class OrganisationPermissions extends BaseSeed
|
|||||||
|
|
||||||
$permissions['uri_organisation_own']->id,
|
$permissions['uri_organisation_own']->id,
|
||||||
$permissions['uri_organisations']->id,
|
$permissions['uri_organisations']->id,
|
||||||
|
$permissions['uri_user_in_organisation']->id,
|
||||||
|
|
||||||
$permissions['view_user_field_organisation']->id,
|
$permissions['view_user_field_organisation']->id,
|
||||||
$permissions['update_user_field_organisation']->id,
|
$permissions['update_user_field_organisation']->id,
|
||||||
|
|||||||
@@ -168,6 +168,7 @@
|
|||||||
{% endblock %}
|
{% endblock %}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
{% if checkAccess('view_user_field', { 'user': user, 'property': 'activities' }) %}
|
||||||
{% if 'activities' not in widgets.hidden %}
|
{% if 'activities' not in widgets.hidden %}
|
||||||
<div class="col-lg-8">
|
<div class="col-lg-8">
|
||||||
{% block activity_box %}
|
{% block activity_box %}
|
||||||
@@ -188,6 +189,7 @@
|
|||||||
{% endblock %}
|
{% endblock %}
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
{% if 'permissions' not in widgets.hidden %}
|
{% if 'permissions' not in widgets.hidden %}
|
||||||
<div class="row">
|
<div class="row">
|
||||||
|
|||||||
Reference in New Issue
Block a user