From e92b80fbe1a2cf95b7958d8e0d45e638b51435ae Mon Sep 17 00:00:00 2001 From: Craig Williams Date: Tue, 22 Feb 2022 11:02:16 +0000 Subject: [PATCH] Prevent users from creating more than 1 or being a member of more than 1 organisation in single organisation configuration (Fixes #7) --- locale/en_US/messages.php | 5 ++++ .../OrganisationMembersController.php | 5 ++++ .../OrganisationRegistrationController.php | 24 ++++++++++++++----- templates/pages/organisations.html.twig | 2 ++ 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/locale/en_US/messages.php b/locale/en_US/messages.php index c2e89cd..4f2907e 100644 --- a/locale/en_US/messages.php +++ b/locale/en_US/messages.php @@ -59,6 +59,7 @@ return [ 'PERMENENT_DELETION_SUCCESSFUL' => 'Successfully permenently deleted organisation {{name}}', 'NOT_A_MEMBER' => 'You are not a member of organisation {{name}}.', + 'ALREADY_IN_ONE' => 'You are already in an organisation.', 'NAME' => [ 1 => 'Organisation name', @@ -74,6 +75,8 @@ return [ 'REGISTER' => 'Register organisation', 'SUCCESSFUL' => 'Successfully registered organisation {{name}}', + 'ALREADY_IN_ONE' => 'You cannot register a new organisation because you are already in another organisation. (only one organisation allowed)', + 'CANCEL' => 'Cancel organisation registration', 'CANCEL_CONFIRM' => 'Are you sure you want to cancel the registration request for organisation {{name}}?', 'CANCEL_YES' => 'Yes, cancel organisation registration', @@ -89,6 +92,8 @@ return [ 'JOIN_REQUEST' => [ 'SUBMIT_SUCCESSFUL' => 'Request to join organisation {{name}} sent', + 'ALREADY_IN_ONE' => 'You cannot join another organisation because you are already in one (only one organisation allowed).', + 'REQUEST' => 'Request to join organisation', 'CANCEL' => 'Cancel request to join organisation', diff --git a/src/Controller/OrganisationMembersController.php b/src/Controller/OrganisationMembersController.php index 92f3471..6be5c0a 100644 --- a/src/Controller/OrganisationMembersController.php +++ b/src/Controller/OrganisationMembersController.php @@ -80,6 +80,11 @@ class OrganisationMembersController extends SimpleController throw new NotFoundException(); } + if ($config['organisation']['membership']['single_membership'] && $currentUser->organisations()->count() > 0) { + $ms->addMessageTranslated('danger', 'ORGANISATION.JOIN_REQUEST.ALREADY_IN_ONE'); + return $response->withJson([], 400); + } + // Check if the user is a member of the organisation, pending or no relation at all $memberCheck = $organisation->members()->where('user_id', $currentUser->id)->withPivot('flag_approved')->first(); if ($memberCheck) { diff --git a/src/Controller/OrganisationRegistrationController.php b/src/Controller/OrganisationRegistrationController.php index 114f3b0..bf68815 100644 --- a/src/Controller/OrganisationRegistrationController.php +++ b/src/Controller/OrganisationRegistrationController.php @@ -57,24 +57,29 @@ class OrganisationRegistrationController extends SimpleController /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */ $authorizer = $this->ci->authorizer; - /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */ - $currentUser = $this->ci->currentUser; - - /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */ - $ms = $this->ci->alerts; - /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */ $classMapper = $this->ci->classMapper; /** @var \UserFrosting\Support\Repository\Repository $config */ $config = $this->ci->config; + /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */ + $currentUser = $this->ci->currentUser; + + /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */ + $ms = $this->ci->alerts; + // Access-controlled page if (!$authorizer->checkAccess($currentUser, 'register_organisation')) { throw new ForbiddenException(); } + if ($config['organisation']['membership']['single_membership'] && $currentUser->organisations()->count() > 0) { + $ms->addMessageTranslated('danger', 'ORGANISATION.REGISTRATION.ALREADY_IN_ONE', $data); + return $response->withJson([], 400); + } + // Get POST parameters: name, slug, icon, description $params = $request->getParsedBody(); @@ -580,6 +585,9 @@ class OrganisationRegistrationController extends SimpleController /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */ $classMapper = $this->ci->classMapper; + /** @var \UserFrosting\Support\Repository\Repository $config */ + $config = $this->ci->config; + /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */ $currentUser = $this->ci->currentUser; @@ -592,6 +600,10 @@ class OrganisationRegistrationController extends SimpleController throw new ForbiddenException(); } + if ($config['organisation']['membership']['single_membership'] && $currentUser->organisations()->count() > 0) { + throw new BadRequestException(); + } + // Create a dummy organisation to prepopulate fields $organisation = $classMapper->createInstance('organisation', []); diff --git a/templates/pages/organisations.html.twig b/templates/pages/organisations.html.twig index 7b8efc2..de3d160 100644 --- a/templates/pages/organisations.html.twig +++ b/templates/pages/organisations.html.twig @@ -35,9 +35,11 @@ {{translate("VIEW_DELETED")}} {% elseif checkAccess('register_organisation') %} + {% if (organisationConfig.membership.single_membership == 0) or (current_user.organisations.count == 0) %} + {% endif %} {% endif %}