AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Fixed organisation approve authorisations & redirects

Browse Source
This commit is contained in:
Craig Williams
2022-02-15 17:31:58 +00:00
parent 64971d6262
commit 800ac93ecf
1 changed files with 23 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/Controller/OrganisationMembersController.php
View File

@@ -384,13 +384,6 @@ class OrganisationMembersController extends SimpleController
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */ /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser; $currentUser = $this->ci->currentUser;
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
'organisation' => $organisation
])) {
throw new ForbiddenException();
}
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */ /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts; $ms = $this->ci->alerts;
@@ -416,9 +409,17 @@ class OrganisationMembersController extends SimpleController
$owner_id = $this->ci->repoOrganisationMembershipApproval->findOwner($data['token']); $owner_id = $this->ci->repoOrganisationMembershipApproval->findOwner($data['token']);
if (!$owner_id) { if (!$owner_id) {
$ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND'); $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND');
return $response->withRedirect($this->ci->router->pathFor('dashboard')); return $response->withRedirect($this->ci->router->pathFor('uri_organisations'));
} }
$organisation = $classMapper->getClassMapping('organisation')::findUnique($owner_id, 'id', false);
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
'organisation' => $organisation
])) {
throw new ForbiddenException();
}
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */ /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper; $classMapper = $this->ci->classMapper;
@@ -431,11 +432,11 @@ class OrganisationMembersController extends SimpleController
// Process the acceptance emails etc // Process the acceptance emails etc
if (!$this->processAcceptToken($tokenOwner)) { if (!$this->processAcceptToken($tokenOwner)) {
return $response->withRedirect($this->ci->router->pathFor('dashboard')); return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
} }
// Forward to organisation page // Forward to organisation page
return $response->withRedirect($this->ci->router->pathFor('dashboard')); return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
} }
/** /**
@@ -515,13 +516,6 @@ class OrganisationMembersController extends SimpleController
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */ /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser; $currentUser = $this->ci->currentUser;
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
'organisation' => $organisation
])) {
throw new ForbiddenException();
}
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */ /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts; $ms = $this->ci->alerts;
@@ -547,7 +541,16 @@ class OrganisationMembersController extends SimpleController
$owner_id = $this->ci->repoOrganisationMembershipApproval->findOwner($data['token']); $owner_id = $this->ci->repoOrganisationMembershipApproval->findOwner($data['token']);
if (!$owner_id) { if (!$owner_id) {
$ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND'); $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.TOKEN_NOT_FOUND');
return $response->withRedirect($this->ci->router->pathFor('dashboard')); return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
}
$organisation = $classMapper->getClassMapping('organisation')::findUnique($owner_id, 'id', false);
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'approve_organisation_membership', [
'organisation' => $organisation
])) {
throw new ForbiddenException();
} }
@@ -562,11 +565,11 @@ class OrganisationMembersController extends SimpleController
// Process the rejectance emails etc // Process the rejectance emails etc
if (!$this->processRejectToken($tokenOwner)) { if (!$this->processRejectToken($tokenOwner)) {
return $response->withRedirect($this->ci->router->pathFor('dashboard')); return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
} }
// Forward to organisation page // Forward to organisation page
return $response->withRedirect($this->ci->router->pathFor('dashboard')); return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
} }