Added organisation information page

2022-02-07 11:23:32 +00:00
parent 1edd850170
commit feaf3d5813
8 changed files with 382 additions and 7 deletions
--- a/src/Controller/OrganisationController.php
+++ b/src/Controller/OrganisationController.php
@@ -125,6 +125,57 @@ class OrganisationController extends SimpleController
        return $response->withJson([], 200);
    }

+    /**
+     * Returns info for a single organisation.
+     *
+     * This page requires authentication.
+     * Request type: GET
+     *
+     * @param Request  $request
+     * @param Response $response
+     * @param string[] $args
+     *
+     * @throws NotFoundException  If organisation is not found
+     * @throws ForbiddenException If user is not authorized to access page
+     */
+    public function getInfo(Request $request, Response $response, array $args)
+    {
+        $organisation = $this->getOrganisationFromParams($args);
+
+        // If the organisation doesn't exist, return 404
+        if (!$organisation) {
+            throw new NotFoundException();
+        }
+
+        /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
+        $classMapper = $this->ci->classMapper;
+
+        // Join organisation's most recent activity
+        $organisation = $classMapper->createInstance('organisation')
+                            ->where('slug', $organisation->slug)
+                            ->joinMemberCounts()
+                            ->first();
+
+        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        // Access-controlled page
+        if (!$authorizer->checkAccess($currentUser, 'uri_organisation', [
+            'organisation' => $organisation,
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        $result = $organisation->toArray();
+
+        // Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content.
+        // For example, if you plan to insert it into an HTML DOM, you must escape it on the client side (or use client-side templating).
+        return $response->withJson($result, 200, JSON_PRETTY_PRINT);
+    }
+
    /**
     * Processes the request to update an existing organisation's details.
     *
@@ -539,6 +590,139 @@ class OrganisationController extends SimpleController
        ]);
    }

+    /**
+     * Members List API.
+     *
+     * @param Request  $request
+     * @param Response $response
+     * @param array    $args
+     *
+     * @throws NotFoundException  If organisation is not found
+     * @throws ForbiddenException If user is not authorized to access page
+     */
+    public function getMembers(Request $request, Response $response, $args)
+    {
+        $organisation = $this->getOrganisationFromParams($args);
+
+        // If the organisation no longer exists, forward to main organisation listing page
+        if (!$organisation) {
+            throw new NotFoundException();
+        }
+
+        // GET parameters
+        $params = $request->getQueryParams();
+
+        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        // Access-controlled page
+        if (!$authorizer->checkAccess($currentUser, 'view_organisation_field', [
+            'organisation' => $organisation,
+            'property' => 'members',
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
+        $classMapper = $this->ci->classMapper;
+
+        $sprunje = $classMapper->createInstance('user_sprunje', $classMapper, $params);
+        $sprunje->extendQuery(function ($query) use ($classMapper, $organisation) {
+            return $query
+                ->join('organisation_members', function($join) use($organisation) {
+                    $join->on('organisation_members.user_id', '=', 'users.id')->where('organisation_id', $organisation->id);
+                });
+        });
+
+        // Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content.
+        // For example, if you plan to insert it into an HTML DOM, you must escape it on the client side (or use client-side templating).
+        return $sprunje->toResponse($response);
+    }
+
+
+    /**
+     * Renders a page displaying a organisation's information, in read-only mode.
+     *
+     * This checks that the currently logged-in user has permission to view the requested organisation's info.
+     * It checks each field individually, showing only those that you have permission to view.
+     * This will also try to show buttons for deleting, and editing the organisation.
+     * This page requires authentication.
+     *
+     * Request type: GET
+     *
+     * @param Request  $request
+     * @param Response $response
+     * @param array    $args
+     *
+     * @throws ForbiddenException If user is not authorized to access page
+     */
+    public function pageInfo(Request $request, Response $response, $args)
+    {
+        $organisation = $this->getOrganisationFromParams($args);
+
+        // If the organisation no longer exists, forward to main organisation listing page
+        if (!$organisation) {
+            throw new NotFoundException();
+        }
+
+        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        // Access-controlled page
+        if (!$authorizer->checkAccess($currentUser, 'uri_organisation', [
+            'organisation' => $organisation,
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        // Determine fields that currentUser is authorized to view
+        $fieldNames = ['name', 'slug', 'description'];
+
+        // Generate form
+        $fields = [
+            'hidden' => [],
+        ];
+
+        foreach ($fieldNames as $field) {
+            if (!$authorizer->checkAccess($currentUser, 'view_organisation_field', [
+                'organisation' => $organisation,
+                'property' => $field,
+            ])) {
+                $fields['hidden'][] = $field;
+            }
+        }
+
+        // Determine buttons to display
+        $editButtons = [
+            'hidden' => [],
+        ];
+
+        if (!$authorizer->checkAccess($currentUser, 'update_organisation_field', [
+            'organisation' => $organisation,
+            'fields' => ['name', 'slug', 'description'],
+        ])) {
+            $editButtons['hidden'][] = 'edit';
+        }
+
+        if (!$authorizer->checkAccess($currentUser, 'delete_organisation', [
+            'organisation' => $organisation,
+        ])) {
+            $editButtons['hidden'][] = 'delete';
+        }
+
+        return $this->ci->view->render($response, 'pages/organisation.html.twig', [
+            'organisation'    => $organisation,
+            'fields'          => $fields,
+            'tools'           => $editButtons,
+            'delete_redirect' => $this->ci->router->pathFor('uri_organisations'),
+        ]);
+    }

    /**
     * Renders the organisation listing page.