Fixed some more permissions
This commit is contained in:
@@ -171,22 +171,41 @@ class OrganisationPermissions extends BaseSeed
|
|||||||
'update_org_user_field' => new Permission([
|
'update_org_user_field' => new Permission([
|
||||||
'slug' => 'update_user_field',
|
'slug' => 'update_user_field',
|
||||||
'name' => 'Edit organisation member',
|
'name' => 'Edit organisation member',
|
||||||
'conditions' => "can_admin_via_orgs(self.id, user.id) && subset(fields,['name','email','locale','password','phone_number'])",
|
'conditions' => "subset(fields,['roles','phone_number','organisations'])",
|
||||||
'description' => 'Edit users who are in an organisation they are a member of.',
|
'description' => 'Edit users who are in any organisation.',
|
||||||
]),
|
]),
|
||||||
'view_org_user_field' => new Permission([
|
'view_org_user_field' => new Permission([
|
||||||
'slug' => 'view_user_field',
|
'slug' => 'view_user_field',
|
||||||
'name' => 'View organisation member',
|
'name' => 'View organisation member',
|
||||||
'conditions' => "similar_orgs(self.id, user.id) && in(property,['user_name','name','locale','email','phone_number','activities'])",
|
'conditions' => "in(property,['roles','phone_number','organisations'])",
|
||||||
|
'description' => 'View certain properties of any user in any organisation.',
|
||||||
|
]),
|
||||||
|
|
||||||
|
'update_org_user_field_own' => new Permission([
|
||||||
|
'slug' => 'update_user_field',
|
||||||
|
'name' => 'Edit organisation member',
|
||||||
|
'conditions' => "can_admin_via_orgs(self.id, user.id) && subset(fields,['name','email','locale','password','phone_number'])",
|
||||||
|
'description' => 'Edit users who are in an organisation they are a member of.',
|
||||||
|
]),
|
||||||
|
'view_org_user_field_own' => new Permission([
|
||||||
|
'slug' => 'view_user_field',
|
||||||
|
'name' => 'View organisation member',
|
||||||
|
'conditions' => "similar_orgs(self.id, user.id) && in(property,['user_name','name','locale','email','phone_number','organisations','activities'])",
|
||||||
'description' => 'View certain properties of any user in their organisation.',
|
'description' => 'View certain properties of any user in their organisation.',
|
||||||
]),
|
]),
|
||||||
|
|
||||||
'promote_organistion_member' => new Permission([
|
'promote_organistion_member' => new Permission([
|
||||||
'slug' => 'promote_organistion_member',
|
'slug' => 'promote_organistion_member',
|
||||||
'name' => 'Promote organisation member/Demote organisation administrator',
|
'name' => 'Promote organisation member/Demote organisation administrator',
|
||||||
'conditions' => "is_organisation_admin(self.id) && (is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id))",
|
'conditions' => "is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id)",
|
||||||
'description' => 'Promote an organisation member to administrator status or demote and administrator to member status.',
|
'description' => 'Promote an organisation member to administrator status or demote and administrator to member status.',
|
||||||
]),
|
]),
|
||||||
|
'promote_organistion_member_own' => new Permission([
|
||||||
|
'slug' => 'promote_organistion_member',
|
||||||
|
'name' => 'Promote organisation member/Demote organisation administrator',
|
||||||
|
'conditions' => "is_organisation_admin(self.id) && (is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id))",
|
||||||
|
'description' => 'Promote an organisation member from your own organisation to administrator status or demote and administrator to member status.',
|
||||||
|
]),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -224,52 +243,124 @@ class OrganisationPermissions extends BaseSeed
|
|||||||
if ($roleSiteAdmin) {
|
if ($roleSiteAdmin) {
|
||||||
$roleSiteAdmin->permissions()->syncWithoutDetaching([
|
$roleSiteAdmin->permissions()->syncWithoutDetaching([
|
||||||
$permissions['create_organisation']->id,
|
$permissions['create_organisation']->id,
|
||||||
$permissions['view_organisation_field']->id,
|
|
||||||
$permissions['update_organisation_field']->id,
|
|
||||||
$permissions['approve_organisation']->id,
|
$permissions['approve_organisation']->id,
|
||||||
$permissions['merge_organisations']->id,
|
|
||||||
$permissions['delete_organisation']->id,
|
|
||||||
$permissions['uri_organisations']->id,
|
|
||||||
$permissions['uri_organisation']->id,
|
|
||||||
$permissions['promote_organistion_member']->id,
|
|
||||||
]);
|
|
||||||
|
|
||||||
|
$permissions['view_organisation_field']->id,
|
||||||
|
$permissions['view_organisation_members_field']->id,
|
||||||
|
$permissions['view_organisation_members']->id,
|
||||||
|
|
||||||
|
$permissions['update_organisation_field']->id,
|
||||||
|
|
||||||
|
$permissions['merge_organisations']->id,
|
||||||
|
|
||||||
|
$permissions['delete_organisation']->id,
|
||||||
|
$permissions['restore_organisation']->id,
|
||||||
|
$permissions['permenent_delete_organisation']->id,
|
||||||
|
|
||||||
|
$permissions['uri_organisation']->id,
|
||||||
|
$permissions['uri_deleted_organisations']->id,
|
||||||
|
|
||||||
|
|
||||||
|
$permissions['register_organisation']->id,
|
||||||
|
$permissions['join_organisation']->id,
|
||||||
|
$permissions['leave_organisation']->id,
|
||||||
|
|
||||||
|
$permissions['view_org_user_field_own']->id,
|
||||||
|
$permissions['update_org_user_field_own']->id,
|
||||||
|
$permissions['promote_organistion_member_own']->id,
|
||||||
|
|
||||||
|
$permissions['view_organisation_field_own']->id,
|
||||||
|
$permissions['update_organisation_field_own']->id,
|
||||||
|
|
||||||
|
$permissions['accept_organisation_join_request']->id,
|
||||||
|
$permissions['update_org_user_field']->id,
|
||||||
|
$permissions['view_org_user_field']->id,
|
||||||
|
$permissions['promote_organistion_member']->id,
|
||||||
|
|
||||||
|
$permissions['uri_organisation_own']->id,
|
||||||
|
$permissions['uri_organisations']->id,
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$roleOrgAdmin = Role::where('slug', 'organisations-admin')->first();
|
$roleOrgAdmin = Role::where('slug', 'organisations-admin')->first();
|
||||||
if ($roleOrgAdmin) {
|
if ($roleOrgAdmin) {
|
||||||
$roleOrgAdmin->permissions()->syncWithoutDetaching([
|
$roleOrgAdmin->permissions()->syncWithoutDetaching([
|
||||||
$permissions['create_organisation']->id,
|
$permissions['create_organisation']->id,
|
||||||
|
$permissions['approve_organisation']->id,
|
||||||
|
|
||||||
$permissions['view_organisation_field']->id,
|
$permissions['view_organisation_field']->id,
|
||||||
$permissions['view_organisation_members_field']->id,
|
$permissions['view_organisation_members_field']->id,
|
||||||
$permissions['view_organisation_members']->id,
|
$permissions['view_organisation_members']->id,
|
||||||
|
|
||||||
$permissions['update_organisation_field']->id,
|
$permissions['update_organisation_field']->id,
|
||||||
$permissions['approve_organisation']->id,
|
|
||||||
$permissions['merge_organisations']->id,
|
$permissions['merge_organisations']->id,
|
||||||
|
|
||||||
$permissions['delete_organisation']->id,
|
$permissions['delete_organisation']->id,
|
||||||
$permissions['uri_organisations']->id,
|
|
||||||
$permissions['uri_organisation']->id,
|
|
||||||
$permissions['uri_deleted_organisations']->id,
|
|
||||||
$permissions['restore_organisation']->id,
|
$permissions['restore_organisation']->id,
|
||||||
$permissions['permenent_delete_organisation']->id,
|
$permissions['permenent_delete_organisation']->id,
|
||||||
|
|
||||||
|
$permissions['uri_organisation']->id,
|
||||||
|
$permissions['uri_deleted_organisations']->id,
|
||||||
|
|
||||||
|
|
||||||
|
$permissions['register_organisation']->id,
|
||||||
|
$permissions['join_organisation']->id,
|
||||||
|
$permissions['leave_organisation']->id,
|
||||||
|
|
||||||
|
$permissions['view_org_user_field_own']->id,
|
||||||
|
$permissions['update_org_user_field_own']->id,
|
||||||
|
$permissions['promote_organistion_member_own']->id,
|
||||||
|
|
||||||
|
$permissions['view_organisation_field_own']->id,
|
||||||
|
$permissions['update_organisation_field_own']->id,
|
||||||
|
|
||||||
|
$permissions['accept_organisation_join_request']->id,
|
||||||
|
$permissions['update_org_user_field']->id,
|
||||||
|
$permissions['view_org_user_field']->id,
|
||||||
$permissions['promote_organistion_member']->id,
|
$permissions['promote_organistion_member']->id,
|
||||||
|
|
||||||
|
$permissions['uri_organisation_own']->id,
|
||||||
|
$permissions['uri_organisations']->id,
|
||||||
|
|
||||||
|
|
||||||
|
Permission::where('slug', 'create_user')->first()->id,
|
||||||
|
Permission::where('slug', 'delete_user')->first()->id,
|
||||||
|
Permission::where('slug', 'update_user_field')->where('conditions', "!has_role(user.id,{$roleSiteAdmin->id}) && subset(fields,['name','email','locale','group','flag_enabled','flag_verified','password'])")->first()->id,
|
||||||
|
|
||||||
|
Permission::where('slug', 'uri_users')->first()->id,
|
||||||
|
Permission::where('slug', 'uri_user')->where('conditions', 'always()')->first()->id,
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
$roleAuditer = Role::where('slug', 'auditer')->first();
|
||||||
|
if ($roleAuditer) {
|
||||||
|
$roleAuditer->permissions()->syncWithoutDetaching([
|
||||||
|
Permission::where('slug', 'uri_activities')->first()->id,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$roleUser = Role::where('slug', 'user')->first();
|
$roleUser = Role::where('slug', 'user')->first();
|
||||||
if ($roleUser) {
|
if ($roleUser) {
|
||||||
$roleUser->permissions()->syncWithoutDetaching([
|
$roleUser->permissions()->syncWithoutDetaching([
|
||||||
$permissions['uri_organisations']->id,
|
$permissions['register_organisation']->id,
|
||||||
$permissions['uri_organisation_own']->id,
|
|
||||||
$permissions['view_organisation_field_own']->id,
|
|
||||||
$permissions['update_organisation_field_own']->id,
|
|
||||||
$permissions['join_organisation']->id,
|
$permissions['join_organisation']->id,
|
||||||
$permissions['leave_organisation']->id,
|
$permissions['leave_organisation']->id,
|
||||||
$permissions['register_organisation']->id,
|
|
||||||
|
$permissions['view_org_user_field_own']->id,
|
||||||
|
$permissions['update_org_user_field_own']->id,
|
||||||
|
$permissions['promote_organistion_member_own']->id,
|
||||||
|
|
||||||
|
$permissions['view_organisation_field_own']->id,
|
||||||
|
$permissions['update_organisation_field_own']->id,
|
||||||
|
|
||||||
$permissions['accept_organisation_join_request']->id,
|
$permissions['accept_organisation_join_request']->id,
|
||||||
$permissions['update_org_user_field']->id,
|
$permissions['update_org_user_field']->id,
|
||||||
$permissions['view_org_user_field']->id,
|
$permissions['view_org_user_field']->id,
|
||||||
$permissions['promote_organistion_member']->id
|
$permissions['promote_organistion_member']->id,
|
||||||
|
|
||||||
|
$permissions['uri_organisation_own']->id,
|
||||||
|
$permissions['uri_organisations']->id,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,6 +43,11 @@ class OrganisationRoles extends BaseSeed
|
|||||||
'name' => 'Organisations Administrator',
|
'name' => 'Organisations Administrator',
|
||||||
'description' => 'This role is meant for "organisation administrators", who can basically do anything related to organisations and their members.',
|
'description' => 'This role is meant for "organisation administrators", who can basically do anything related to organisations and their members.',
|
||||||
]),
|
]),
|
||||||
|
new Role([
|
||||||
|
'slug' => 'auditer',
|
||||||
|
'name' => 'Audit Viewer',
|
||||||
|
'description' => 'This role is meant for "auditers", who are allowed to view the activity log.',
|
||||||
|
]),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -10,7 +10,7 @@
|
|||||||
<th class="sorter-metanum" data-column-name="last_activity" data-column-template="#{{table.id}}-column-last-activity" data-priority="3">{{translate("ACTIVITY.LAST")}} <i class="fas fa-sort"></i></th>
|
<th class="sorter-metanum" data-column-name="last_activity" data-column-template="#{{table.id}}-column-last-activity" data-priority="3">{{translate("ACTIVITY.LAST")}} <i class="fas fa-sort"></i></th>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<th class="filter-select filter-metatext" data-column-name="status" data-column-template="#{{table.id}}-column-status" data-priority="2">{{translate("STATUS")}} <i class="fas fa-sort"></i></th>
|
<th class="filter-select filter-metatext" data-column-name="status" data-column-template="#{{table.id}}-column-status" data-priority="2">{{translate("STATUS")}} <i class="fas fa-sort"></i></th>
|
||||||
{% if hasRole('site-admin') or hasRole('organisations-admin') or (isOrganisationAdmin(organisation)) -%}
|
{% if checkAccess('update_organisation_field', { 'organisation': organisation, 'fields': [ 'members' ] }) or isOrganisationAdmin(organisation) %}
|
||||||
<th data-column-name="actions" data-column-template="#{{table.id}}-column-actions" data-sorter="false" data-filter="false" data-priority="1">{{translate("ACTIONS")}}</th>
|
<th data-column-name="actions" data-column-template="#{{table.id}}-column-actions" data-sorter="false" data-filter="false" data-priority="1">{{translate("ACTIONS")}}</th>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</tr>
|
</tr>
|
||||||
@@ -42,7 +42,7 @@
|
|||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block table_cell_template_actions %}
|
{% block table_cell_template_actions %}
|
||||||
{% if hasRole('site-admin') or hasRole('organisations-admin') or (isOrganisationAdmin(organisation)) %}
|
{% if checkAccess('update_organisation_field', { 'organisation': organisation, 'fields': [ 'members' ] }) or isOrganisationAdmin(organisation) %}
|
||||||
<script id="{{table.id}}-column-actions" type="text/x-handlebars-template">
|
<script id="{{table.id}}-column-actions" type="text/x-handlebars-template">
|
||||||
{%- verbatim %}
|
{%- verbatim %}
|
||||||
<td class="uf-table-fit-width">
|
<td class="uf-table-fit-width">
|
||||||
|
|||||||
Reference in New Issue
Block a user