From 909b6a93dc43795392efe98df1910d000623f15c Mon Sep 17 00:00:00 2001
From: Craig Williams <craig@avsdev.uk>
Date: Thu, 10 Feb 2022 17:54:56 +0000
Subject: [PATCH] Tighten some edit permissions on organisations

---
 .../Seeds/OrganisationPermissions.php         |  9 +++++-
 templates/pages/organisation.html.twig        | 30 ++++++++++++++++---
 2 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/src/Database/Seeds/OrganisationPermissions.php b/src/Database/Seeds/OrganisationPermissions.php
index 92eb4bb..1ccf848 100644
--- a/src/Database/Seeds/OrganisationPermissions.php
+++ b/src/Database/Seeds/OrganisationPermissions.php
@@ -66,9 +66,15 @@ class OrganisationPermissions extends BaseSeed
             'view_organisation_field_own' => new Permission([
                 'slug'        => 'view_organisation_field',
                 'name'        => 'View own organisation',
-                'conditions'  => "is_organisation_member(self.id,organisation.id) & in(property,['name','slug','description','members'])",
+                'conditions'  => "is_organisation_member(self.id,organisation.id) && in(property,['name','slug','description','members'])",
                 'description' => 'View certain properties of own organisation.',
             ]),
+            'update_organisation_field_own' => new Permission([
+                'slug'        => 'update_organisation_field',
+                'name'        => 'Update own organisation',
+                'conditions'  => "is_organisation_admin(self.id,organisation.id) && subset(fields,['name','slug','description','members'])",
+                'description' => 'Edit basic properties of own organisation.',
+            ]),
             'update_organisation_field' => new Permission([
                 'slug'        => 'update_organisation_field',
                 'name'        => 'Edit organisation',
@@ -206,6 +212,7 @@ class OrganisationPermissions extends BaseSeed
                 $permissions['uri_organisations']->id,
                 $permissions['uri_organisation_own']->id,
                 $permissions['view_organisation_field_own']->id,
+                $permissions['update_organisation_field_own']->id,
                 $permissions['leave_organisation']->id,
                 $permissions['register_organisation']->id,
             ]);
diff --git a/templates/pages/organisation.html.twig b/templates/pages/organisation.html.twig
index 75175d1..3e17f39 100644
--- a/templates/pages/organisation.html.twig
+++ b/templates/pages/organisation.html.twig
@@ -24,17 +24,39 @@
                                 </button>
                                 <ul class="dropdown-menu box-tool-menu">
                                     {% block tools %}
+                                        {% if 'edit' not in tools.hidden %}
                                         <li>
                                             <a href="#" class="js-organisation-edit" data-slug="{{organisation.slug}}">
                                                 <i class="fas fa-edit fa-fw"></i> {{translate('EDIT')}}
                                             </a>
                                         </li>
-                                        {% if 'delete' not in tools.hidden %}
+                                        {% endif %}
+                                        {% if checkAccess('leave_organisation') and (isOrganisationMember(organisation)) %}
+                                        <li>
+                                            <a href="#" class="js-organisation-leave" data-slug="{{organisation.slug}}">
+                                                <i class="fas fa-door-open fa-fw"></i> {{translate('ORGANISATION.LEAVE')}}
+                                            </a>
+                                        </li>
+                                        {% endif %}
+                                        {% if organisation.flag_approved != 1 %}
+                                            {% if checkAccess('approve_organisation') %}
                                             <li>
-                                                <a href="#" class="js-organisation-delete" data-slug="{{organisation.slug}}">
-                                                    <i class="fas fa-trash-alt fa-fw"></i> {{translate('DELETE')}}
+                                                <a href="#" class="js-organisation-approveRegistration" data-slug="{{organisation.slug}}">
+                                                    <i class="fas fa-thumbs-up fa-fw"></i> {{translate('APPROVE')}}
                                                 </a>
                                             </li>
+                                            <li>
+                                                <a href="#" class="js-organisation-rejectRegistration" data-slug="{{organisation.slug}}">
+                                                    <i class="fas fa-thumbs-down fa-fw"></i> {{translate('REJECT')}}
+                                                </a>
+                                            </li>
+                                            {% endif %}
+                                        {% elseif 'delete' not in tools.hidden %}
+                                        <li>
+                                            <a href="#" class="js-organisation-delete" data-slug="{{organisation.slug}}">
+                                                <i class="fas fa-trash-alt fa-fw"></i> {{translate('DELETE')}}
+                                            </a>
+                                        </li>
                                         {% endif %}
                                     {% endblock %}
                                 </ul>
@@ -78,7 +100,7 @@
                         </p>
                     {% endif %}
                     {% block organisation_profile %}{% endblock %}
-                    {% if checkAccess('leave_organisation') %}
+                    {% if checkAccess('leave_organisation') and (isOrganisationMember(organisation)) %}
                         <hr>
                         <div class="text-center">
                             <button type="button" class="btn btn-danger js-organisation-leave" data-slug="{{organisation.slug}}">{{translate('ORGANISATION.LEAVE')}}</button>