From 800ac93ecf80745147efae09aab81c1f10c97234 Mon Sep 17 00:00:00 2001
From: Craig Williams <craig@avsdev.uk>
Date: Tue, 15 Feb 2022 17:31:58 +0000
Subject: [PATCH] Fixed organisation approve authorisations & redirects

---
 .../OrganisationMembersController.php         | 43 ++++++++++---------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/src/Controller/OrganisationMembersController.php b/src/Controller/OrganisationMembersController.php
index b1f6902..ee07451 100644
--- a/src/Controller/OrganisationMembersController.php
+++ b/src/Controller/OrganisationMembersController.php
@@ -384,13 +384,6 @@ class OrganisationMembersController extends SimpleController
         /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
         $currentUser = $this->ci->currentUser;
 
-        // Access-controlled page
-        if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
-            'organisation' => $organisation
-        ])) {
-            throw new ForbiddenException();
-        }
-
 
         /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
         $ms = $this->ci->alerts;
@@ -416,9 +409,17 @@ class OrganisationMembersController extends SimpleController
         $owner_id = $this->ci->repoOrganisationMembershipApproval->findOwner($data['token']);
         if (!$owner_id) {
             $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND');
-            return $response->withRedirect($this->ci->router->pathFor('dashboard'));
+            return $response->withRedirect($this->ci->router->pathFor('uri_organisations'));
         }
 
+        $organisation = $classMapper->getClassMapping('organisation')::findUnique($owner_id, 'id', false);
+
+        // Access-controlled page
+        if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
+            'organisation' => $organisation
+        ])) {
+            throw new ForbiddenException();
+        }
 
         /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
         $classMapper = $this->ci->classMapper;
@@ -431,11 +432,11 @@ class OrganisationMembersController extends SimpleController
 
         // Process the acceptance emails etc
         if (!$this->processAcceptToken($tokenOwner)) {
-            return $response->withRedirect($this->ci->router->pathFor('dashboard'));
+            return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
         }
 
         // Forward to organisation page
-        return $response->withRedirect($this->ci->router->pathFor('dashboard'));
+        return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
     }
 
     /**
@@ -515,13 +516,6 @@ class OrganisationMembersController extends SimpleController
         /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
         $currentUser = $this->ci->currentUser;
 
-        // Access-controlled page
-        if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
-            'organisation' => $organisation
-        ])) {
-            throw new ForbiddenException();
-        }
-
 
         /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
         $ms = $this->ci->alerts;
@@ -547,7 +541,16 @@ class OrganisationMembersController extends SimpleController
         $owner_id = $this->ci->repoOrganisationMembershipApproval->findOwner($data['token']);
         if (!$owner_id) {
             $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND');
-            return $response->withRedirect($this->ci->router->pathFor('dashboard'));
+            return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
+        }
+
+        $organisation = $classMapper->getClassMapping('organisation')::findUnique($owner_id, 'id', false);
+
+        // Access-controlled page
+        if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
+            'organisation' => $organisation
+        ])) {
+            throw new ForbiddenException();
         }
 
 
@@ -562,11 +565,11 @@ class OrganisationMembersController extends SimpleController
 
         // Process the rejectance emails etc
         if (!$this->processRejectToken($tokenOwner)) {
-            return $response->withRedirect($this->ci->router->pathFor('dashboard'));
+            return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
         }
 
         // Forward to organisation page
-        return $response->withRedirect($this->ci->router->pathFor('dashboard'));
+        return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
     }