AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Organisation admins can now promote/demote members/admins

Browse Source
This commit is contained in:
Craig Williams
2022-03-01 14:59:56 +00:00
parent 6b7e7cd53b
commit d6f134e1e9
8 changed files with 426 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
assets/avsdev/js/widgets/members.js
View File

@@ -12,6 +12,56 @@
function bindMemberButtons(el, options) { function bindMemberButtons(el, options) {
if (!options) options = {}; if (!options) options = {};
// Remove user button
el.find('.js-member-promote').click(function(e) {
e.preventDefault();
$("body").ufModal({
sourceUrl: site.uri.public + '/modals/organisations/o/' + $(this).data('slug') + '/members/confirm-promote',
ajaxParams: {
slug: $(this).data('slug'),
user_name: $(this).data('user_name')
},
msgTarget: $("#alerts-page")
});
$("body").on('renderSuccess.ufModal', function() {
var modal = $(this).ufModal('getModal');
var form = modal.find('.js-form');
form.ufForm()
.on("submitSuccess.ufForm", function() {
// Navigate or reload page on success
window.location.reload();
});
});
});
// Remove user button
el.find('.js-member-demote').click(function(e) {
e.preventDefault();
$("body").ufModal({
sourceUrl: site.uri.public + '/modals/organisations/o/' + $(this).data('slug') + '/members/confirm-demote',
ajaxParams: {
slug: $(this).data('slug'),
user_name: $(this).data('user_name')
},
msgTarget: $("#alerts-page")
});
$("body").on('renderSuccess.ufModal', function() {
var modal = $(this).ufModal('getModal');
var form = modal.find('.js-form');
form.ufForm()
.on("submitSuccess.ufForm", function() {
// Navigate or reload page on success
window.location.reload();
});
});
});
// Remove user button // Remove user button
el.find('.js-member-remove').click(function(e) { el.find('.js-member-remove').click(function(e) {
e.preventDefault(); e.preventDefault();

21
locale/en_US/messages.php
View File

@@ -126,10 +126,23 @@ return [
], ],
'MEMBER' => [ 'MEMBER' => [
'NOT_FOUND' => 'User <strong>{{user_name}}</strong> is not a member of organisation <strong>{{name}}</strong>', 'NOT_FOUND' => 'User <strong>{{user_name}}</strong> is not a member of organisation <strong>{{name}}</strong>',
'NOT_AN_ADMIN' => 'User <strong>{{user_name}}</strong> is not an administrator of organisation <strong>{{name}}</strong>',
'ALREADY_AN_ADMIN' => 'User <strong>{{user_name}}</strong> is already an administrator of organisation <strong>{{name}}</strong>',
'REMOVE' => 'Remove member from organisation', 'REMOVE' => 'Remove member from organisation',
'REMOVE_CONFIRM' => 'Are you sure you want to remove member <strong>{{user_name}}</strong> from the organisation <strong>{{name}}</strong>?', 'REMOVE_CONFIRM' => 'Are you sure you want to remove member <strong>{{user_name}}</strong> from the organisation <strong>{{name}}</strong>?',
'REMOVE_YES' => 'Yes, remove member', 'REMOVE_YES' => 'Yes, remove member',
'REMOVE_SUCCESSFUL' => 'Successfully removed member <strong>{{user_name}}</strong> from organisation <strong>{{name}}</strong>', 'REMOVE_SUCCESSFUL' => 'Successfully removed member <strong>{{user_name}}</strong> from organisation <strong>{{name}}</strong>',
'PROMOTE_CONFIRM' => 'Are you sure you wish to promote member <strong>{{user_name}}</strong> to be an administrator of organisation <strong>{{name}}</strong>?',
'PROMOTE_CONFIRM_EXTRA' => 'Once promoted they will be able to manage members and agents (edit, accept, reject, remove) on the organisation\'s behalf.',
'PROMOTE_YES' => 'Yes, promote member',
'PROMOTE_SUCCESSFUL' => 'Successfully promoted member <strong>{{user_name}}</strong> to an administrator of organisation <strong>{{name}}</strong>',
'DEMOTE_CONFIRM' => 'Are you sure you wish to demote administrator <strong>{{user_name}}</strong> from being an administrator of organisation <strong>{{name}}</strong>?',
'DEMOTE_CONFIRM_EXTRA' => 'Once demoted they will no longer be able to manage members and agents on the organisation\'s behalf.',
'DEMOTE_YES' => 'Yes, demote administrator',
'DEMOTE_SUCCESSFUL' => 'Successfully demoted administrator <strong>{{user_name}}</strong> from being an administrator of organisation <strong>{{name}}</strong>',
], ],
], ],
@@ -137,7 +150,13 @@ return [
1 => 'Member', 1 => 'Member',
2 => 'Members', 2 => 'Members',
'REMOVE' => 'Remove member', 'REMOVE' => 'Remove member',
'PROMOTE' => 'Promote to administrator',
'DEMOTE' => 'Demote to member',
'EDIT' => 'Edit member',
'CHANGE_PASSWORD' => 'Change member password',
], ],
'ADMIN' => [ 'ADMIN' => [

5
routes/organisation-members.php
View File

@@ -30,6 +30,9 @@ $app->group('/api/organisations/o/{slug}/members', function () {
$this->post('/m/{user_name}/accept', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:accept'); $this->post('/m/{user_name}/accept', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:accept');
$this->post('/m/{user_name}/reject', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:reject'); $this->post('/m/{user_name}/reject', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:reject');
$this->put('/m/{user_name}/promote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:promote');
$this->put('/m/{user_name}/demote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:demote');
})->add('authGuard')->add(new NoCache()); })->add('authGuard')->add(new NoCache());
@@ -39,4 +42,6 @@ $app->group('/modals/organisations/o/{slug}/members', function () {
$this->get('/confirm-remove', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmRemove'); $this->get('/confirm-remove', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmRemove');
$this->get('/confirm-accept', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmAccept'); $this->get('/confirm-accept', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmAccept');
$this->get('/confirm-reject', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmReject'); $this->get('/confirm-reject', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmReject');
$this->get('/confirm-promote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmPromote');
$this->get('/confirm-demote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmDemote');
})->add('authGuard')->add(new NoCache()); })->add('authGuard')->add(new NoCache());

291
src/Controller/OrganisationMembersController.php
View File

@@ -387,6 +387,198 @@ class OrganisationMembersController extends SimpleController
return $response->withJson([], 200); return $response->withJson([], 200);
} }
/**
* Promotes an organisation member to administrator status.
*
* Processes the request from the organisation details page, checking that:
* 1. The organisation exists;
* 2. The user exists;
* 3. The user is not already an administrator;
* 4. The currentUser has permission to accept;
* This route requires authorization.
*
* AuthGuard: true
* Route: /organisations/o/{slug}/members/accept
* Route Name: {none}
* Request type: GET
*
* @param Request $request
* @param Response $response
* @param array $args
*/
public function promote(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts;
// Fetch the organisation from the params
$organisation = $this->getOrganisationFromParams($args);
// Fetch the user from the params
$user = $this->getUserFromParams($args);
// If the organisation/user doesn't exist, return 404
if (!$organisation || !$user) {
throw new NotFoundException();
}
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation
])) {
throw new ForbiddenException();
}
// Find the mapping
$mapping = $classMapper->getClassMapping('organisation_member')::query()
->where('organisation_id', $organisation->id)
->where('user_id', $user->id)
->first();
// User is not a member error
if (!$mapping ) {
$ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.NOT_FOUND', [
'name' => $organisation->name,
'user_name' => $user->user_name
]);
return $response->withJson([], 404);
}
// User is already an admin
if ($mapping->flag_admin) {
$ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.ALREADY_AN_ADMIN', [
'name' => $organisation->name,
'user_name' => $user->user_name
]);
return $response->withJson([], 400);
}
// Begin transaction - DB will be rolled back if an exception occurs
Capsule::transaction(function () use ($organisation, $user, $mapping, $currentUser) {
$mapping->flag_admin = true;
$mapping->save();
// Create activity record
$this->ci->userActivityLogger->info("User {$currentUser->user_name} promoted user {$user->user_name} to an administrator of organisation {$organisation->name}.", [
'type' => 'organisation_member_promote',
'user_id' => $currentUser->id,
]);
});
$ms->addMessageTranslated('success', 'ORGANISATION.MEMBER.PROMOTE_SUCCESSFUL', [
'name' => $organisation->ame,
'user_name' => $user->user_name,
]);
return $response->withJson([], 200);
}
/**
* Handles request to demote an organisation administrator.
*
* Processes the request from the organisation details page, checking that:
* 1. The organisation exists;
* 2. The user exists;
* 3. The user is an administrator;
* 4. The currentUser has permission to reject;
* This route requires authorization.
*
* AuthGuard: true
* Route: /organisations/o/{slug}/members/reject
* Route Name: {none}
* Request type: GET
*
* @param Request $request
* @param Response $response
* @param array $args
*/
public function demote(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts;
// Fetch the organisation from the params
$organisation = $this->getOrganisationFromParams($args);
// Fetch the user from the params
$user = $this->getUserFromParams($args);
// If the organisation/user doesn't exist, return 404
if (!$organisation || !$user) {
throw new NotFoundException();
}
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation
])) {
throw new ForbiddenException();
}
// Find the mapping
$mapping = $classMapper->getClassMapping('organisation_member')::query()
->where('organisation_id', $organisation->id)
->where('user_id', $user->id)
->first();
// User is not a member error
if (!$mapping ) {
$ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.NOT_FOUND', [
'name' => $organisation->name,
'user_name' => $user->user_name
]);
return $response->withJson([], 404);
}
// User is already an admin
if (!$mapping->flag_admin) {
$ms->addMessageTranslated('danger', 'ORGANISATION.MEMBER.NOT_AN_ADMIN', [
'name' => $organisation->name,
'user_name' => $user->user_name
]);
return $response->withJson([], 400);
}
// Begin transaction - DB will be rolled back if an exception occurs
Capsule::transaction(function () use ($organisation, $user, $mapping, $currentUser) {
$mapping->flag_admin = false;
$mapping->save();
// Create activity record
$this->ci->userActivityLogger->info("User {$currentUser->user_name} demoted user {$user->user_name} to an administrator of organisation {$organisation->name}.", [
'type' => 'organisation_member_promote',
'user_id' => $currentUser->id,
]);
});
$ms->addMessageTranslated('success', 'ORGANISATION.MEMBER.DEMOTE_SUCCESSFUL', [
'name' => $organisation->ame,
'user_name' => $user->user_name,
]);
return $response->withJson([], 200);
}
/** /**
* Accepts a request to join organisation. * Accepts a request to join organisation.
@@ -721,7 +913,8 @@ class OrganisationMembersController extends SimpleController
$sprunje->extendQuery(function ($query) use ($classMapper, $organisation) { $sprunje->extendQuery(function ($query) use ($classMapper, $organisation) {
return $query return $query
->where('organisation_id', $organisation->id) ->where('organisation_id', $organisation->id)
->addSelect('organisation_members.flag_approved AS membership_approved'); ->addSelect('organisation_members.flag_approved AS membership_approved')
->addSelect('organisation_members.flag_admin AS organisation_admin');
}); });
// Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content. // Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content.
@@ -965,6 +1158,102 @@ class OrganisationMembersController extends SimpleController
]); ]);
} }
/**
* Get promote member confirmation modal.
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws NotFoundException If organisation/member is not found
* @throws ForbiddenException If user is not authorized to access page
* @throws BadRequestException
*/
public function getModalConfirmPromote(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// GET parameters
$params = $request->getQueryParams();
$organisation = $this->getOrganisationFromParams($params);
$user = $this->getUserFromParams($params);
// Check organisation & user exists
if (!$organisation || !$user) {
throw new NotFoundException();
}
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation,
])) {
throw new ForbiddenException();
}
return $this->ci->view->render($response, 'modals/confirm-promote-organisation-member.html.twig', [
'organisation' => $organisation,
'user' => $user,
'form' => [
'action' => "api/organisations/o/{$organisation->slug}/members/m/{$user->user_name}/promote",
],
]);
}
/**
* Get demote administrator confirmation modal.
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws NotFoundException If organisation/member is not found
* @throws ForbiddenException If user is not authorized to access page
* @throws BadRequestException
*/
public function getModalConfirmDemote(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// GET parameters
$params = $request->getQueryParams();
$organisation = $this->getOrganisationFromParams($params);
$user = $this->getUserFromParams($params);
// Check organisation & user exists
if (!$organisation || !$user) {
throw new NotFoundException();
}
// Access-controlled page
if (!$authorizer->checkAccess($currentUser, 'promote_organistion_member', [
'organisation' => $organisation,
])) {
throw new ForbiddenException();
}
return $this->ci->view->render($response, 'modals/confirm-demote-organisation-member.html.twig', [
'organisation' => $organisation,
'user' => $user,
'form' => [
'action' => "api/organisations/o/{$organisation->slug}/members/m/{$user->user_name}/demote",
],
]);
}
/** /**
* Send approval email for specified organisation and confirmation to user. * Send approval email for specified organisation and confirmation to user.

10
src/Database/Seeds/OrganisationPermissions.php
View File

@@ -180,6 +180,13 @@ class OrganisationPermissions extends BaseSeed
'conditions' => "similar_orgs(self.id, user.id) && in(property,['user_name','name','locale','email','phone_number','activities'])", 'conditions' => "similar_orgs(self.id, user.id) && in(property,['user_name','name','locale','email','phone_number','activities'])",
'description' => 'View certain properties of any user in their organisation.', 'description' => 'View certain properties of any user in their organisation.',
]), ]),
'promote_organistion_member' => new Permission([
'slug' => 'promote_organistion_member',
'name' => 'Promote organisation member/Demote organisation administrator',
'conditions' => "is_organisation_admin(self.id) && (is_organisation_member(user.id,organisation.id) || is_organisation_admin(user.id,organisation.id))",
'description' => 'Promote an organisation member to administrator status or demote and administrator to member status.',
]),
]; ];
} }
@@ -224,6 +231,7 @@ class OrganisationPermissions extends BaseSeed
$permissions['delete_organisation']->id, $permissions['delete_organisation']->id,
$permissions['uri_organisations']->id, $permissions['uri_organisations']->id,
$permissions['uri_organisation']->id, $permissions['uri_organisation']->id,
$permissions['promote_organistion_member']->id,
]); ]);
} }
@@ -244,6 +252,7 @@ class OrganisationPermissions extends BaseSeed
$permissions['uri_deleted_organisations']->id, $permissions['uri_deleted_organisations']->id,
$permissions['restore_organisation']->id, $permissions['restore_organisation']->id,
$permissions['permenent_delete_organisation']->id, $permissions['permenent_delete_organisation']->id,
$permissions['promote_organistion_member']->id,
]); ]);
} }
@@ -260,6 +269,7 @@ class OrganisationPermissions extends BaseSeed
$permissions['accept_organisation_join_request']->id, $permissions['accept_organisation_join_request']->id,
$permissions['update_org_user_field']->id, $permissions['update_org_user_field']->id,
$permissions['view_org_user_field']->id, $permissions['view_org_user_field']->id,
$permissions['promote_organistion_member']->id
]); ]);
} }
} }

17
templates/modals/confirm-demote-organisation-member.html.twig Normal file
View File

@@ -0,0 +1,17 @@
{% extends "modals/modal.html.twig" %}
{% block modal_title %}{{translate("ORGANISATION.MEMBER.DEMOTE")}}{% endblock %}
{% block modal_body %}
<form class="js-form" method="put" action="{{site.uri.public}}/{{form.action}}">
{% include "forms/csrf.html.twig" %}
<div class="js-form-alerts">
</div>
<h4>{{translate("ORGANISATION.MEMBER.DEMOTE_CONFIRM", {user_name: user.user_name, name: organisation.name})}}<br><small>{{translate("ORGANISATION.MEMBER.DEMOTE_CONFIRM_EXTRA")}}</small></h4>
<br>
<div class="btn-group-action">
<button type="submit" class="btn btn-danger btn-lg btn-block">{{translate("ORGANISATION.MEMBER.DEMOTE_YES")}}</button>
<button type="button" class="btn btn-default btn-lg btn-block" data-dismiss="modal">{{translate("CANCEL")}}</button>
</div>
</form>
{% endblock %}

19
templates/modals/confirm-promote-organisation-member.html.twig Normal file
View File

@@ -0,0 +1,19 @@
{% extends "modals/modal.html.twig" %}
{% block modal_title %}{{translate("ORGANISATION.MEMBER.PROMOTE")}}{% endblock %}
{% block modal_body %}
<form class="js-form" method="put" action="{{site.uri.public}}/{{form.action}}">
{% include "forms/csrf.html.twig" %}
<div class="js-form-alerts">
</div>
<h4>{{translate("ORGANISATION.MEMBER.PROMOTE_CONFIRM", {user_name: user.user_name, name: organisation.name})}}</h4>
<br>
<p>{{translate("ORGANISATION.MEMBER.PROMOTE_CONFIRM_EXTRA")}}</p>
<br>
<div class="btn-group-action">
<button type="submit" class="btn btn-primary btn-lg btn-block">{{translate("ORGANISATION.MEMBER.PROMOTE_YES")}}</button>
<button type="button" class="btn btn-default btn-lg btn-block" data-dismiss="modal">{{translate("CANCEL")}}</button>
</div>
</form>
{% endblock %}

17
templates/tables/organisation-members.html.twig
View File

@@ -61,14 +61,27 @@
</a> </a>
</li> </li>
{{ else }} {{ else }}
{{#ifx row.organisation_admin '==' 1 }}
<li>
<a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-member-demote">
<i class="fas fa-angle-double-down"></i> {% endverbatim %}{{translate("MEMBER.DEMOTE")}}{% verbatim %}
</a>
</li>
{{ else }}
<li>
<a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-member-promote">
<i class="fas fa-angle-double-up"></i> {% endverbatim %}{{translate("MEMBER.PROMOTE")}}{% verbatim %}
</a>
</li>
{{/ifx}}
<li> <li>
<a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-user-edit"> <a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-user-edit">
<i class="fas fa-edit"></i> {% endverbatim %}{{translate("USER.EDIT")}}{% verbatim %} <i class="fas fa-edit"></i> {% endverbatim %}{{translate("MEMBER.EDIT")}}{% verbatim %}
</a> </a>
</li> </li>
<li> <li>
<a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-user-password"> <a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-user-password">
<i class="fas fa-key"></i> {% endverbatim %}{{translate("USER.ADMIN.CHANGE_PASSWORD")}}{% verbatim %} <i class="fas fa-key"></i> {% endverbatim %}{{translate("MEMBER.CHANGE_PASSWORD")}}{% verbatim %}
</a> </a>
</li> </li>
<li> <li>