AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Fixed some more permissions

Browse Source
This commit is contained in:
Craig Williams
2022-03-02 15:35:08 +00:00
parent 9a0fc3f3bd
commit 868cd1a9ae
3 changed files with 116 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
src/Database/Seeds/OrganisationPermissions.php
View File

@@ -171,22 +171,41 @@ class OrganisationPermissions extends BaseSeed
'update_org_user_field' => new Permission([
'slug' => 'update_user_field',
'name' => 'Edit organisation member',
'conditions' => "can_admin_via_orgs(self.id, user.id) && subset(fields,['name','email','locale','password','phone_number'])",
'description' => 'Edit users who are in an organisation they are a member of.',
'conditions' => "subset(fields,['roles','phone_number','organisations'])",
'description' => 'Edit users who are in any organisation.',
]),
'view_org_user_field' => new Permission([
'slug' => 'view_user_field',
'name' => 'View organisation member',
'conditions' => "similar_orgs(self.id, user.id) && in(property,['user_name','name','locale','email','phone_number','activities'])",
'conditions' => "in(property,['roles','phone_number','organisations'])",
'description' => 'View certain properties of any user in any organisation.',
]),
'update_org_user_field_own' => new Permission([
'slug' => 'update_user_field',
'name' => 'Edit organisation member',
'conditions' => "can_admin_via_orgs(self.id, user.id) && subset(fields,['name','email','locale','password','phone_number'])",
'description' => 'Edit users who are in an organisation they are a member of.',
]),
'view_org_user_field_own' => new Permission([
'slug' => 'view_user_field',
'name' => 'View organisation member',
'conditions' => "similar_orgs(self.id, user.id) && in(property,['user_name','name','locale','email','phone_number','organisations','activities'])",
'description' => 'View certain properties of any user in their organisation.',
]),
'promote_organistion_member' => new Permission([
'slug' => 'promote_organistion_member',
'name' => 'Promote organisation member/Demote organisation administrator',
'conditions' => "is_organisation_admin(self.id) && (is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id))",
'conditions' => "is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id)",
'description' => 'Promote an organisation member to administrator status or demote and administrator to member status.',
]),
'promote_organistion_member_own' => new Permission([
'slug' => 'promote_organistion_member',
'name' => 'Promote organisation member/Demote organisation administrator',
'conditions' => "is_organisation_admin(self.id) && (is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id))",
'description' => 'Promote an organisation member from your own organisation to administrator status or demote and administrator to member status.',
]),
];
}
@@ -224,52 +243,124 @@ class OrganisationPermissions extends BaseSeed
if ($roleSiteAdmin) {
$roleSiteAdmin->permissions()->syncWithoutDetaching([
$permissions['create_organisation']->id,
$permissions['view_organisation_field']->id,
$permissions['update_organisation_field']->id,
$permissions['approve_organisation']->id,
$permissions['view_organisation_field']->id,
$permissions['view_organisation_members_field']->id,
$permissions['view_organisation_members']->id,
$permissions['update_organisation_field']->id,
$permissions['merge_organisations']->id,
$permissions['delete_organisation']->id,
$permissions['uri_organisations']->id,
$permissions['restore_organisation']->id,
$permissions['permenent_delete_organisation']->id,
$permissions['uri_organisation']->id,
$permissions['uri_deleted_organisations']->id,
$permissions['register_organisation']->id,
$permissions['join_organisation']->id,
$permissions['leave_organisation']->id,
$permissions['view_org_user_field_own']->id,
$permissions['update_org_user_field_own']->id,
$permissions['promote_organistion_member_own']->id,
$permissions['view_organisation_field_own']->id,
$permissions['update_organisation_field_own']->id,
$permissions['accept_organisation_join_request']->id,
$permissions['update_org_user_field']->id,
$permissions['view_org_user_field']->id,
$permissions['promote_organistion_member']->id,
$permissions['uri_organisation_own']->id,
$permissions['uri_organisations']->id,
]);
}
$roleOrgAdmin = Role::where('slug', 'organisations-admin')->first();
if ($roleOrgAdmin) {
$roleOrgAdmin->permissions()->syncWithoutDetaching([
$permissions['create_organisation']->id,
$permissions['approve_organisation']->id,
$permissions['view_organisation_field']->id,
$permissions['view_organisation_members_field']->id,
$permissions['view_organisation_members']->id,
$permissions['update_organisation_field']->id,
$permissions['approve_organisation']->id,
$permissions['merge_organisations']->id,
$permissions['delete_organisation']->id,
$permissions['uri_organisations']->id,
$permissions['uri_organisation']->id,
$permissions['uri_deleted_organisations']->id,
$permissions['restore_organisation']->id,
$permissions['permenent_delete_organisation']->id,
$permissions['uri_organisation']->id,
$permissions['uri_deleted_organisations']->id,
$permissions['register_organisation']->id,
$permissions['join_organisation']->id,
$permissions['leave_organisation']->id,
$permissions['view_org_user_field_own']->id,
$permissions['update_org_user_field_own']->id,
$permissions['promote_organistion_member_own']->id,
$permissions['view_organisation_field_own']->id,
$permissions['update_organisation_field_own']->id,
$permissions['accept_organisation_join_request']->id,
$permissions['update_org_user_field']->id,
$permissions['view_org_user_field']->id,
$permissions['promote_organistion_member']->id,
$permissions['uri_organisation_own']->id,
$permissions['uri_organisations']->id,
Permission::where('slug', 'create_user')->first()->id,
Permission::where('slug', 'delete_user')->first()->id,
Permission::where('slug', 'update_user_field')->where('conditions', "!has_role(user.id,{$roleSiteAdmin->id}) && subset(fields,['name','email','locale','group','flag_enabled','flag_verified','password'])")->first()->id,
Permission::where('slug', 'uri_users')->first()->id,
Permission::where('slug', 'uri_user')->where('conditions', 'always()')->first()->id,
]);
}
$roleAuditer = Role::where('slug', 'auditer')->first();
if ($roleAuditer) {
$roleAuditer->permissions()->syncWithoutDetaching([
Permission::where('slug', 'uri_activities')->first()->id,
]);
}
$roleUser = Role::where('slug', 'user')->first();
if ($roleUser) {
$roleUser->permissions()->syncWithoutDetaching([
$permissions['uri_organisations']->id,
$permissions['uri_organisation_own']->id,
$permissions['view_organisation_field_own']->id,
$permissions['update_organisation_field_own']->id,
$permissions['register_organisation']->id,
$permissions['join_organisation']->id,
$permissions['leave_organisation']->id,
$permissions['register_organisation']->id,
$permissions['view_org_user_field_own']->id,
$permissions['update_org_user_field_own']->id,
$permissions['promote_organistion_member_own']->id,
$permissions['view_organisation_field_own']->id,
$permissions['update_organisation_field_own']->id,
$permissions['accept_organisation_join_request']->id,
$permissions['update_org_user_field']->id,
$permissions['view_org_user_field']->id,
$permissions['promote_organistion_member']->id
$permissions['promote_organistion_member']->id,
$permissions['uri_organisation_own']->id,
$permissions['uri_organisations']->id,
]);
}
}