AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Organisation admins can now promote/demote members/admins

Browse Source
This commit is contained in:
Craig Williams
2022-03-01 14:59:56 +00:00
parent 6b7e7cd53b
commit d6f134e1e9
8 changed files with 426 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

291
src/Controller/OrganisationMembersController.php
View File

@@ -387,6 +387,198 @@ class OrganisationMembersController extends SimpleController
return $response->withJson([], 200);
}
/**
* Promotes an organisation member to administrator status.
*
* Processes the request from the organisation details page, checking that:
* 1. The organisation exists;
* 2. The user exists;
* 3. The user is not already an administrator;
* 4. The currentUser has permission to accept;
* This route requires authorization.
*
* AuthGuard: true
* Route: /organisations/o/{slug}/members/accept
* Route Name: {none}
* Request type: GET
*
* @param Request $request
* @param Response $response
* @param array $args
*/
public function promote(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts;
// Fetch the organisation from the params
$organisation = $this->getOrganisationFromParams($args);
// Fetch the user from the params
$user = $this->getUserFromParams($args);
// If the organisation/user doesn't exist, return 404
if (!$organisation || !$user) {
throw new NotFoundException();
}
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation
])) {
throw new ForbiddenException();
}
// Find the mapping
$mapping = $classMapper->getClassMapping('organisation_member')::query()
->where('organisation_id', $organisation->id)
->where('user_id', $user->id)
->first();
// User is not a member error
if (!$mapping ) {
$ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.NOT_FOUND', [
'name' => $organisation->name,
'user_name' => $user->user_name
]);
return $response->withJson([], 404);
}
// User is already an admin
if ($mapping->flag_admin) {
$ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_AN_ADMIN', [
'name' => $organisation->name,
'user_name' => $user->user_name
]);
return $response->withJson([], 400);
}
// Begin transaction - DB will be rolled back if an exception occurs
Capsule::transaction(function () use ($organisation, $user, $mapping, $currentUser) {
$mapping->flag_admin = true;
$mapping->save();
// Create activity record
$this->ci->userActivityLogger->info("User {$currentUser->user_name} promoted user {$user->user_name} to an administrator of organisation {$organisation->name}.", [
'type' => 'organisation_member_promote',
'user_id' => $currentUser->id,
]);
});
$ms->addMessageTranslated('success', 'ORGANISATION.MEMBER.PROMOTE_SUCCESSFUL', [
'name' => $organisation->ame,
'user_name' => $user->user_name,
]);
return $response->withJson([], 200);
}
/**
* Handles request to demote an organisation administrator.
*
* Processes the request from the organisation details page, checking that:
* 1. The organisation exists;
* 2. The user exists;
* 3. The user is an administrator;
* 4. The currentUser has permission to reject;
* This route requires authorization.
*
* AuthGuard: true
* Route: /organisations/o/{slug}/members/reject
* Route Name: {none}
* Request type: GET
*
* @param Request $request
* @param Response $response
* @param array $args
*/
public function demote(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts;
// Fetch the organisation from the params
$organisation = $this->getOrganisationFromParams($args);
// Fetch the user from the params
$user = $this->getUserFromParams($args);
// If the organisation/user doesn't exist, return 404
if (!$organisation || !$user) {
throw new NotFoundException();
}
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation
])) {
throw new ForbiddenException();
}
// Find the mapping
$mapping = $classMapper->getClassMapping('organisation_member')::query()
->where('organisation_id', $organisation->id)
->where('user_id', $user->id)
->first();
// User is not a member error
if (!$mapping ) {
$ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.NOT_FOUND', [
'name' => $organisation->name,
'user_name' => $user->user_name
]);
return $response->withJson([], 404);
}
// User is already an admin
if (!$mapping->flag_admin) {
$ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.NOT_AN_ADMIN', [
'name' => $organisation->name,
'user_name' => $user->user_name
]);
return $response->withJson([], 400);
}
// Begin transaction - DB will be rolled back if an exception occurs
Capsule::transaction(function () use ($organisation, $user, $mapping, $currentUser) {
$mapping->flag_admin = false;
$mapping->save();
// Create activity record
$this->ci->userActivityLogger->info("User {$currentUser->user_name} demoted user {$user->user_name} to an administrator of organisation {$organisation->name}.", [
'type' => 'organisation_member_promote',
'user_id' => $currentUser->id,
]);
});
$ms->addMessageTranslated('success', 'ORGANISATION.MEMBER.DEMOTE_SUCCESSFUL', [
'name' => $organisation->ame,
'user_name' => $user->user_name,
]);
return $response->withJson([], 200);
}
/**
* Accepts a request to join organisation.
@@ -721,7 +913,8 @@ class OrganisationMembersController extends SimpleController
$sprunje->extendQuery(function ($query) use ($classMapper, $organisation) {
return $query
->where('organisation_id', $organisation->id)
->addSelect('organisation_members.flag_approved AS membership_approved');
->addSelect('organisation_members.flag_approved AS membership_approved')
->addSelect('organisation_members.flag_admin AS organisation_admin');
});
// Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content.
@@ -965,6 +1158,102 @@ class OrganisationMembersController extends SimpleController
]);
}
/**
* Get promote member confirmation modal.
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws NotFoundException If organisation/member is not found
* @throws ForbiddenException If user is not authorized to access page
* @throws BadRequestException
*/
public function getModalConfirmPromote(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// GET parameters
$params = $request->getQueryParams();
$organisation = $this->getOrganisationFromParams($params);
$user = $this->getUserFromParams($params);
// Check organisation & user exists
if (!$organisation || !$user) {
throw new NotFoundException();
}
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation,
])) {
throw new ForbiddenException();
}
return $this->ci->view->render($response, 'modals/confirm-promote-organisation-member.html.twig', [
'organisation' => $organisation,
'user' => $user,
'form' => [
'action' => "api/organisations/o/{$organisation->slug}/members/m/{$user->user_name}/promote",
],
]);
}
/**
* Get demote administrator confirmation modal.
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws NotFoundException If organisation/member is not found
* @throws ForbiddenException If user is not authorized to access page
* @throws BadRequestException
*/
public function getModalConfirmDemote(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// GET parameters
$params = $request->getQueryParams();
$organisation = $this->getOrganisationFromParams($params);
$user = $this->getUserFromParams($params);
// Check organisation & user exists
if (!$organisation || !$user) {
throw new NotFoundException();
}
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation,
])) {
throw new ForbiddenException();
}
return $this->ci->view->render($response, 'modals/confirm-demote-organisation-member.html.twig', [
'organisation' => $organisation,
'user' => $user,
'form' => [
'action' => "api/organisations/o/{$organisation->slug}/members/m/{$user->user_name}/demote",
],
]);
}
/**
* Send approval email for specified organisation and confirmation to user.

10
src/Database/Seeds/OrganisationPermissions.php
View File

@@ -180,6 +180,13 @@ class OrganisationPermissions extends BaseSeed
'conditions' => "similar_orgs(self.id, user.id) && in(property,['user_name','name','locale','email','phone_number','activities'])",
'description' => 'View certain properties of any user in their organisation.',
]),
'promote_organistion_member' => new Permission([
'slug' => 'promote_organistion_member',
'name' => 'Promote organisation member/Demote organisation administrator',
'conditions' => "is_organisation_admin(self.id) && (is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id))",
'description' => 'Promote an organisation member to administrator status or demote and administrator to member status.',
]),
];
}
@@ -224,6 +231,7 @@ class OrganisationPermissions extends BaseSeed
$permissions['delete_organisation']->id,
$permissions['uri_organisations']->id,
$permissions['uri_organisation']->id,
$permissions['promote_organistion_member']->id,
]);
}
@@ -244,6 +252,7 @@ class OrganisationPermissions extends BaseSeed
$permissions['uri_deleted_organisations']->id,
$permissions['restore_organisation']->id,
$permissions['permenent_delete_organisation']->id,
$permissions['promote_organistion_member']->id,
]);
}
@@ -260,6 +269,7 @@ class OrganisationPermissions extends BaseSeed
$permissions['accept_organisation_join_request']->id,
$permissions['update_org_user_field']->id,
$permissions['view_org_user_field']->id,
$permissions['promote_organistion_member']->id
]);
}
}