AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Replaced "can_admin_via_orgs" auth check & added an explicit flag to the members check

Browse Source
This commit is contained in:
Craig Williams
2023-06-06 15:52:54 +01:00
parent 85175f2ead
commit de85fd6e47
1 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/ServicesProvider/ServicesProvider.php
View File

@@ -71,12 +71,17 @@ class ServicesProvider
* @param int $organisation_id the id of the target organisation. * @param int $organisation_id the id of the target organisation.
* @return bool true if $user is a member of $organisation. * @return bool true if $user is a member of $organisation.
*/ */
$new_authorizer->addCallback('is_organisation_member', function ($user_id, $organisation_id) { $new_authorizer->addCallback('is_organisation_member', function ($user_id, $organisation_id, $explicit = false) {
return Capsule::table('organisation_members') $query = Capsule::table('organisation_members')
->where('user_id', $user_id) ->where('user_id', $user_id)
->where('organisation_id', $organisation_id) ->where('organisation_id', $organisation_id)
->where('flag_approved', true) ->where('flag_approved', true);
->count() > 0;
if ($explicit) {
$query = $query->where('flag_admin', false);
}
return $query->count() > 0;
}); });
/* /*
@@ -95,19 +100,28 @@ class ServicesProvider
}); });
/* /*
* Check if $admin_id can modify $user_id via any of their joint organisations * Check if $user_A_id is in an organisation that $user_B_id is also in
* *
* @param int $admin_id the id of the admin user (normally currentUser->id). * @param int $user_A_id the id of the first user (normally currentUser->id).
* @param int $user_id the id of the target user. * @param int $user_B_id the id of the second user.
* @return bool true if $admin_id is an administrator of an organisation with $user_id in. * @param bool $check_is_admin also check if A can administrate B.
* @return bool true if $user_A_id in an organisation with $user_B_id in.
*/ */
$new_authorizer->addCallback('can_admin_via_orgs', function ($admin_id, $user_id) { $new_authorizer->addCallback('has_matching_organisation', function ($user_A_id, $user_B_id, $check_is_admin = false) {
$admin = User::findInt($admin_id); $user_A = User::findInt($user_A_id);
$user = User::findInt($user_id); $user_B = User::findInt($user_B_id);
foreach($admin->adminForOrganisations()->get() as $org) { if ($check_is_admin) {
if ($org->members(true)->where('user_id', $user_id)->count() > 0) { foreach($user_A->adminForOrganisations()->get() as $org) {
return true; if ($org->members(true)->where('user_id', $user_B_id)->count() > 0) {
return true;
}
}
} else {
foreach($user_A->organisations()->get() as $org) {
if ($org->members(true)->where('user_id', $user_B_id)->count() > 0) {
return true;
}
} }
} }