Update organisation functionality

2022-02-04 12:36:47 +00:00
parent 2cf2777494
commit 830a1b49a8
7 changed files with 267 additions and 5 deletions
--- a/src/Controller/OrganisationController.php
+++ b/src/Controller/OrganisationController.php
@@ -125,6 +125,128 @@ class OrganisationController extends SimpleController
        return $response->withJson([], 200);
    }

+    /**
+     * Processes the request to update an existing organisation's details.
+     *
+     * Processes the request from the organisation update form, checking that:
+     * 1. The organisation name/slug are not already in use;
+     * 2. The user has the necessary permissions to update the posted field(s);
+     * 3. The submitted data is valid.
+     * This route requires authentication (and should generally be limited to admins or the root user).
+     *
+     * Request type: PUT
+     *
+     * @see getModalOrganisationEdit
+     *
+     * @param Request  $request
+     * @param Response $response
+     * @param array    $args
+     *
+     * @throws NotFoundException  If organisation is not found
+     * @throws ForbiddenException If user is not authorized to access page
+     */
+    public function update(Request $request, Response $response, $args)
+    {
+        // Get the organisation based on slug in URL
+        $organisation = $this->getOrganisationFromParams($args);
+
+        if (!$organisation) {
+            throw new NotFoundException();
+        }
+
+        // Get PUT parameters: (name, slug, icon, description)
+        $params = $request->getParsedBody();
+
+        /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
+        $ms = $this->ci->alerts;
+
+        // Load the request schema
+        $schema = new RequestSchema('schema://requests/organisation/edit-info.yaml');
+
+        // Whitelist and set parameter defaults
+        $transformer = new RequestDataTransformer($schema);
+        $data = $transformer->transform($params);
+
+        $error = false;
+
+        // Validate request data
+        $validator = new ServerSideValidator($schema, $this->ci->translator);
+        if (!$validator->validate($data)) {
+            $ms->addValidationErrors($validator);
+            $error = true;
+        }
+
+        // Determine targeted fields
+        $fieldNames = [];
+        foreach ($data as $name => $value) {
+            $fieldNames[] = $name;
+        }
+
+        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        // Access-controlled resource - check that currentUser has permission to edit submitted fields for this organisation
+        if (!$authorizer->checkAccess($currentUser, 'update_organisation_field', [
+            'organisation' => $organisation,
+            'fields' => array_values(array_unique($fieldNames)),
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
+        $classMapper = $this->ci->classMapper;
+
+        // Check if name or slug already exists
+        if (
+            isset($data['name']) &&
+            $data['name'] != $organisation->name &&
+            $classMapper->getClassMapping('organisation')::where('name', $data['name'])->first()
+        ) {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.NAME.IN_USE', $data);
+            $error = true;
+        }
+
+        if (
+            isset($data['slug']) &&
+            $data['slug'] != $organisation->slug &&
+            $classMapper->getClassMapping('organisation')::where('slug', $data['slug'])->first()
+        ) {
+            $ms->addMessageTranslated('danger', 'ORGANISATION.SLUG.IN_USE', $data);
+            $error = true;
+        }
+
+        if ($error) {
+            return $response->withJson([], 400);
+        }
+
+        // Begin transaction - DB will be rolled back if an exception occurs
+        Capsule::transaction(function () use ($data, $organisation, $currentUser) {
+            // Update the organisation and generate success messages
+            foreach ($data as $name => $value) {
+                if ($value != $organisation->$name) {
+                    $organisation->$name = $value;
+                }
+            }
+
+            $organisation->save();
+
+            // Create activity record
+            $this->ci->userActivityLogger->info("User {$currentUser->user_name} updated details for organisation {$organisation->name}.", [
+                'type'    => 'organisation_update_info',
+                'user_id' => $currentUser->id,
+            ]);
+        });
+
+        $ms->addMessageTranslated('success', 'ORGANISATION.UPDATE', [
+            'name' => $organisation->name,
+        ]);
+
+        return $response->withJson([], 200);
+    }
+
    /**
     * Processes the request to delete an existing organisation.
     *
@@ -197,6 +319,7 @@ class OrganisationController extends SimpleController
        return $response->withJson([], 200);
    }

+
    /**
     * Returns a list of Organisations.
     *
@@ -344,6 +467,79 @@ class OrganisationController extends SimpleController
        ]);
    }

+    /**
+     * Renders the modal form for editing an existing organisation.
+     *
+     * This does NOT render a complete page.  Instead, it renders the HTML for the modal, which can be embedded in other pages.
+     * This page requires authentication.
+     *
+     * Request type: GET
+     *
+     * @param Request  $request
+     * @param Response $response
+     * @param array    $args
+     *
+     * @throws NotFoundException  If organisation is not found
+     * @throws ForbiddenException If user is not authorized to access page
+     */
+    public function getModalEdit(Request $request, Response $response, $args)
+    {
+        // GET parameters
+        $params = $request->getQueryParams();
+
+        $organisation = $this->getOrganisationFromParams($params);
+
+        // If the organisation doesn't exist, return 404
+        if (!$organisation) {
+            throw new NotFoundException();
+        }
+
+        /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
+        $classMapper = $this->ci->classMapper;
+
+        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        /** @var \UserFrosting\I18n\Translator $translator */
+        $translator = $this->ci->translator;
+
+        // Access-controlled resource - check that currentUser has permission to edit basic fields "name", "slug", "description" for this organisation
+        $fieldNames = ['name', 'slug', 'description'];
+        if (!$authorizer->checkAccess($currentUser, 'update_organisation_field', [
+            'organisation' => $organisation,
+            'fields' => $fieldNames,
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        // Generate form
+        $fields = [
+            'hidden'   => [],
+            'disabled' => [],
+        ];
+
+        // Load validation rules
+        $schema = new RequestSchema('schema://requests/organisation/edit-info.yaml');
+        $validator = new JqueryValidationAdapter($schema, $translator);
+
+        return $this->ci->view->render($response, 'modals/organisation.html.twig', [
+            'organisation' => $organisation,
+            'form'  => [
+                'action'      => "api/organisations/o/{$organisation->slug}",
+                'method'      => 'PUT',
+                'fields'      => $fields,
+                'submit_text' => $translator->translate('UPDATE'),
+            ],
+            'page' => [
+                'validators' => $validator->rules('json', false),
+            ],
+        ]);
+    }
+
+
    /**
     * Renders the organisation listing page.
     *
@@ -375,6 +571,7 @@ class OrganisationController extends SimpleController
        return $this->ci->view->render($response, 'pages/organisations.html.twig');
    }

+
    /**
     * Get organisation from params.
     *
--- a/src/Database/Seeds/OrganisationPermissions.php
+++ b/src/Database/Seeds/OrganisationPermissions.php
@@ -49,6 +49,12 @@ class OrganisationPermissions extends BaseSeed
                'conditions'  => 'always()',
                'description' => 'Create a new organisation.',
            ]),
+            'update_organisation_field' => new Permission([
+                'slug'        => 'update_organisation_field',
+                'name'        => 'Edit organisation',
+                'conditions'  => 'always()',
+                'description' => 'Edit basic properties of any organisation.',
+            ]),
            'delete_organisation' => new Permission([
                'slug'        => 'delete_organisation',
                'name'        => 'Delete organisation',
@@ -97,6 +103,7 @@ class OrganisationPermissions extends BaseSeed
        if ($roleSiteAdmin) {
            $roleSiteAdmin->permissions()->sync([
                $permissions['create_organisation'],
+                $permissions['update_organisation_field'],
                $permissions['delete_organisation'],
                $permissions['uri_organisations'],
            ], false);