Added user admin permissions

assets/organisations/js/widgets/members.js

@@ -137,6 +137,33 @@ function bindMemberButtons(el, options) {
                 });
         });
     });
+
+
+    // Reset member password button
+    el.find('.js-member-password').click(function(e) {
+        e.preventDefault();
+
+        var userName = $(this).data('user_name');
+        $("body").ufModal({
+            sourceUrl: site.uri.public + '/modals/organisations/o/' + $(this).data('slug') + '/members/reset-password',
+            ajaxParams: {
+                slug: $(this).data('slug'),
+                user_name: $(this).data('user_name')
+            },
+            msgTarget: $("#alerts-page")
+        });
+
+        $("body").on('renderSuccess.ufModal', function() {
+            var modal = $(this).ufModal('getModal');
+            var form = modal.find('.js-form');
+
+            form.ufForm()
+                .on("submitSuccess.ufForm", function() {
+                    // Navigate or reload page on success
+                    window.location.reload();
+                });
+        });
+    });
 }
 
 // function bindMemberCreationButton(el) {

assets/organisations/js/widgets/organisations.js

@@ -189,6 +189,13 @@ function bindOrganisationButtons(el, options) {
             var options = {
                 ajax: {
                     url: site.uri.public + '/api/organisations',
+                    data: function (params) {
+                        return {
+                            filters: {
+                                info : params.term
+                            }
+                        };
+                    },
                     processResults: function (data) {
                         var items = data.rows.filter((i) =>  i.slug != organisation_slug);
                         return {

locale/en_US/messages.php

@@ -51,7 +51,7 @@ return [
         'DELETE_YES'                     => 'Yes, delete organisation',
         'DELETION_SUCCESSFUL'            => 'Successfully deleted organisation <strong>{{name}}</strong>',
 
-        'MEMBER_COUNT'                   => '# Members <sub>(excl admins)</sub>',
+        'MEMBER_COUNT'                   => '# Members',
         'ADMIN_COUNT'                    => '# Admins',
 
         'SELF'                           => [
@@ -155,6 +155,10 @@ return [
             'DEMOTE_CONFIRM_EXTRA'      => 'Once demoted they will no longer be able to manage members and agents on the organisation\'s behalf.',
             'DEMOTE_YES'                => 'Yes, demote administrator',
             'DEMOTE_SUCCESSFUL'         => 'Successfully demoted administrator <strong>{{user_name}}</strong> from being an administrator of organisation <strong>{{name}}</strong>',
+
+            'RESET_PASSWORD'             => 'Send password reset link',
+            'SEND_PASSWORD_LINK_CONFIRM' => 'Please confirm that you wish to send a password reset link to:<br><br> <strong>{{user_name}}</strong> ({{email}}).',
+            'PASSWORD_LINK_SENT'         => 'A password reset link has successfully been sent to <strong>{{email}}</strong>.'
         ],
     ],
 
@@ -168,7 +172,7 @@ return [
         'DEMOTE'            => 'Demote to member',
 
         'EDIT'              => 'Edit member',
-        'CHANGE_PASSWORD'   => 'Change member password',
+        'RESET_PASSWORD'    => 'Send password reset link',
     ],
 
     'ADMIN' => [

routes/organisation-members.php

@@ -33,6 +33,8 @@ $app->group('/api/organisations/o/{slug}/members', function () {
 
     $this->put('/m/{user_name}/promote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:promote');
     $this->put('/m/{user_name}/demote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:demote');
+
+    $this->post('/m/{user_name}/password-reset', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:createPasswordReset');
 })->add('authGuard')->add(new NoCache());
 
 
@@ -45,4 +47,5 @@ $app->group('/modals/organisations/o/{slug}/members', function () {
     $this->get('/confirm-reject', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmReject');
     $this->get('/confirm-promote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmPromote');
     $this->get('/confirm-demote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmDemote');
+    $this->get('/reset-password', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalResetPassword');
 })->add('authGuard')->add(new NoCache());

src/Controller/OrganisationController.php

@@ -1114,17 +1114,8 @@ class OrganisationController extends SimpleController
             throw new ForbiddenException();
         }
 
-        $tableColumns = [ 'description' ];
+        $tableColumns = [ 'description', 'join' ];
 
-        if (
-            (
-                $currentUser->organisations(true)->count() == 0
-                || !$config['organisation']['membership']['single_membership']
-            )
-            && !$config['organisation']['combine_action_buttons']
-        ) {
-            $tableColumns[] = 'join';
-        }
 
         if ($currentUser->organisations(true)->wherePivot('flag_admin', true)
             || $authorizer->checkAccess($currentUser, 'delete_organisation')
@@ -1136,6 +1127,11 @@ class OrganisationController extends SimpleController
             $tableColumns[] = 'actions';
         }
 
+        if ($currentUser->organisations(true)->wherePivot('flag_admin', true)) {
+            $tableColumns[] = 'status';
+            $tableColumns[] = 'actions';
+        }
+
         return $this->ci->view->render(
             $response,
             'pages/organisations.html.twig',

src/Controller/OrganisationMembersController.php

@@ -9,6 +9,7 @@
 
 namespace UserFrosting\Sprinkle\Organisations\Controller;
 
+use Carbon\Carbon;
 use Illuminate\Database\Capsule\Manager as Capsule;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -918,6 +919,81 @@ class OrganisationMembersController extends SimpleController
         return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
     }
 
+    /**
+     * Processes the request to send a user a password reset email.
+     *
+     * Processes the request from the user update form, checking that:
+     * 1. The target user's new email address, if specified, is not already in use;
+     * 2. The logged-in user has the necessary permissions to update the posted field(s);
+     * 3. We're not trying to disable the master account;
+     * 4. The submitted data is valid.
+     * This route requires authentication.
+     *
+     * Request type: POST
+     *
+     * @param Request  $request
+     * @param Response $response
+     * @param string[] $args
+     *
+     * @throws NotFoundException  If user is not found
+     * @throws ForbiddenException If user is not authorized to access page
+     */
+    public function createPasswordReset(Request $request, Response $response, array $args)
+    {
+        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
+        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        /** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
+        $ms = $this->ci->alerts;
+
+
+        // Get the username from the URL
+        $user = $this->getUserFromParams($args);
+
+        if (!$user) {
+            throw new NotFoundException();
+        }
+
+        // Access-controlled resource - check that currentUser has permission to edit "password" for this user
+        if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
+            'user'   => $user,
+            'fields' => ['password'],
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        // Begin transaction - DB will be rolled back if an exception occurs
+        Capsule::transaction(function () use ($user, $config) {
+            // Create a password reset and shoot off an email
+            $passwordReset = $this->ci->repoPasswordReset->create($user, $config['password_reset.timeouts.reset']);
+
+            // Create and send welcome email with password set link
+            $message = new TwigMailMessage($this->ci->view, 'mail/password-reset.html.twig');
+
+            $message->from($config['address_book.admin'])
+                    ->addEmailRecipient(new EmailRecipient($user->email, $user->full_name))
+                    ->addParams([
+                        'user'         => $user,
+                        'token'        => $passwordReset->getToken(),
+                        'request_date' => Carbon::now()->format('Y-m-d H:i:s'),
+                    ]);
+
+            $this->ci->mailer->send($message);
+        });
+
+        $ms->addMessageTranslated('success', 'ORGANISATION.MEMBER.PASSWORD_LINK_SENT', [
+            'email' => $user->email,
+        ]);
+
+        return $response->withJson([], 200);
+    }
+
 
     /**
      * Returns a list of organisation members.
@@ -1359,6 +1435,60 @@ class OrganisationMembersController extends SimpleController
         ]);
     }
 
+    /**
+     * Renders the modal form for sending a password reset to a member.
+     *
+     * This does NOT render a complete page.  Instead, it renders the HTML for the form, which can be embedded in other pages.
+     * This page requires authentication.
+     *
+     * Request type: GET
+     *
+     * @param Request  $request
+     * @param Response $response
+     * @param string[] $args
+     *
+     * @throws NotFoundException  If user is not found
+     * @throws ForbiddenException If user is not authorized to access page
+     */
+    public function getModalResetPassword(Request $request, Response $response, array $args)
+    {
+        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
+        // GET parameters
+        $params = $request->getQueryParams();
+
+        $user = $this->getUserFromParams($params);
+
+        $organisation = $this->getOrganisationFromParams($params);
+
+        // Check organisation & user exists
+        if (!$organisation || !$user) {
+            throw new NotFoundException();
+        }
+
+        // Access-controlled resource - check that currentUser has permission to edit "password" field for this user
+        if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
+            'organisation' => $organisation,
+            'user'   => $user,
+            'fields' => ['password'],
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        return $this->ci->view->render($response, 'modals/member-reset-password.html.twig', [
+            'user' => $user,
+            'organisation' => $organisation,
+            'page' => [],
+        ]);
+    }
+
 
     /**
      * Send approval email for specified organisation and confirmation to user.

src/Database/Migrations/v1_0_0/OrganisationApprovalsTable.php

@@ -7,7 +7,7 @@
  * @license   https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
  */
 
-namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v010;
+namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0;
 
 use Illuminate\Database\Schema\Blueprint;
 use UserFrosting\Sprinkle\Core\Database\Migration;
@@ -25,7 +25,7 @@ class OrganisationApprovalsTable extends Migration
      * {@inheritdoc}
      */
     public static $dependencies = [
-        '\UserFrosting\Sprinkle\Account\Database\Migrations\v400\UsersTable',
+        '\UserFrosting\Sprinkle\Account\Database\Migrations\v430\UpdateUsersTable',
     ];
 
     /**

src/Database/Migrations/v1_0_0/OrganisationMembersTable.php

@@ -7,7 +7,7 @@
  * @license   https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
  */
 
-namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v010;
+namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0;
 
 use Illuminate\Database\Schema\Blueprint;
 use UserFrosting\Sprinkle\Organisations\Database\Models\Organisation;
@@ -29,8 +29,8 @@ class OrganisationMembersTable extends Migration
      * {@inheritdoc}
      */
     public static $dependencies = [
-        '\UserFrosting\Sprinkle\Account\Database\Migrations\v400\UsersTable',
-        '\UserFrosting\Sprinkle\Organisations\Database\Migrations\v010\OrganisationsTable',
+        '\UserFrosting\Sprinkle\Account\Database\Migrations\v430\UpdateUsersTable',
+        '\UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0\OrganisationsTable',
     ];
 
     /**

src/Database/Migrations/v1_0_0/OrganisationMembershipApprovalsTable.php

@@ -7,7 +7,7 @@
  * @license   https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
  */
 
-namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v010;
+namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0;
 
 use Illuminate\Database\Schema\Blueprint;
 use UserFrosting\Sprinkle\Core\Database\Migration;
@@ -25,7 +25,7 @@ class OrganisationMembershipApprovalsTable extends Migration
      * {@inheritdoc}
      */
     public static $dependencies = [
-        '\UserFrosting\Sprinkle\Account\Database\Migrations\v400\UsersTable',
+        '\UserFrosting\Sprinkle\Account\Database\Migrations\v430\UpdateUsersTable',
     ];
 
     /**

src/Database/Migrations/v1_0_0/OrganisationsTable.php

@@ -7,7 +7,7 @@
  * @license   https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
  */
 
-namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v010;
+namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0;
 
 use Illuminate\Database\Schema\Blueprint;
 use UserFrosting\Sprinkle\Organisations\Database\Models\Organisation;
@@ -27,7 +27,7 @@ class OrganisationsTable extends Migration
      * {@inheritdoc}
      */
     public static $dependencies = [
-        '\UserFrosting\Sprinkle\Account\Database\Migrations\v400\UsersTable',
+        '\UserFrosting\Sprinkle\Account\Database\Migrations\v430\UpdateUsersTable',
     ];
 
     /**

src/Database/ModelTraits/UserOrganisations.php

@@ -124,7 +124,7 @@ trait UserOrganisations {
     }
 
 
-    public function bootUserOrganisations()
+    static public function bootUserOrganisations()
     {
         static::deleting(function ($user) {
             if (!$user->deleteUserOrganisations($user->isForceDeleting())) {

src/Database/Seeds/OrganisationPermissions.php

@@ -50,6 +50,11 @@ class OrganisationPermissions extends BaseSeed
             'organisations-admin'  => Role::where('slug', 'organisations-admin')->first()->id,
         ];
 
+        $canAdminOrgUsers = "(has_role(self.id,{$roleIds['organisations-admin']}) || (has_matching_organisation(self.id,user.id,1) && !has_role(user.id,{$roleIds['organisations-admin']})))";
+        $canAdminOrgAdmins = "(has_role(self.id,{$roleIds['organisations-admin']}) || has_matching_organisation(self.id,user.id,1))";
+        $excludeMasters = "(!is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}))";
+        $isSelf = "equals_num(self.id,user.id)";
+
         return [
             'create_organisation' => new Permission([
                 'slug'        => 'create_organisation',
@@ -127,12 +132,6 @@ class OrganisationPermissions extends BaseSeed
             ]),
 
 
-            // 'view_organisation_members_field' => new Permission([
-            //     'slug'        => 'view_organisation_field',
-            //     'name'        => 'View organisation members field',
-            //     'conditions'  => "in(property,['members'])",
-            //     'description' => 'View members field of any organisation.',
-            // ]),
             'view_organisation_members' => new Permission([
                 'slug'        => 'view_organisation_field',
                 'name'        => 'View organisation members',
@@ -200,12 +199,12 @@ class OrganisationPermissions extends BaseSeed
             ]),
 
 
-            // 'uri_user_in_organisation' => new Permission([
-            //     'slug'        => 'uri_user',
-            //     'name'        => 'View user',
-            //     'conditions'  => "has_matching_organisation(self.id,user.id,true) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id))",
-            //     'description' => 'View the user page of any user in your group, except the master user and Site and (global) Organisation Administrators (except yourself).',
-            // ]),
+            'uri_user_in_organisation' => new Permission([
+                'slug'        => 'uri_user',
+                'name'        => 'View user',
+                'conditions'  => "(($canAdminOrgAdmins && $excludeMasters) || $isSelf)",
+                'description' => 'View the user page of any user in your orgnisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
+            ]),
             'view_user_field' => new Permission([
                 'slug'        => 'view_user_field',
                 'name'        => 'View user',
@@ -215,35 +214,43 @@ class OrganisationPermissions extends BaseSeed
             'update_user_field' => new Permission([
                 'slug'        => 'update_user_field',
                 'name'        => 'Edit user',
-                'conditions'  => "!has_role(user.id,{$roleIds['site-admin']}) && subset(fields,['organisations'])",
+                'conditions'  => "$excludeMasters && subset(fields,['organisations'])",
                 'description' => 'Edit organisations for users who are not Site Administrators.',
             ]),
 
             'view_user_field_group' => new Permission([
                 'slug'        => 'view_user_field',
                 'name'        => 'View user',
-                'conditions'  => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && in(property,['organisations'])",
+                'conditions'  => "equals_num(self.group_id,user.group_id) && $excludeMasters && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && in(property,['organisations'])",
                 'description' => 'View organisations of any user in your own group, except the master user and Site and Group Administrators (except yourself).',
             ]),
             'update_user_field_group' => new Permission([
                 'slug'        => 'update_user_field',
                 'name'        => 'Edit group user',
-                'conditions'  => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && subset(fields,['organisations'])",
+                'conditions'  => "equals_num(self.group_id,user.group_id) && $excludeMasters && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && subset(fields,['organisations'])",
                 'description' => 'Edit organisations for users in your own group who are not Site or Group Administrators, except yourself.',
             ]),
 
-            'view_user_field_organisation' => new Permission([
+            'view_user_field_organisation_audit' => new Permission([
                 'slug'        => 'view_user_field',
                 'name'        => 'View user',
-                'conditions'  => "has_matching_organisation(self.id,user.id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','activities','organisations'])",
+                'conditions'  => "(($canAdminOrgUsers && $excludeMasters) || $isSelf) && in(property,['activities'])",
                 'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
             ]),
             'update_user_field_organisation' => new Permission([
                 'slug'        => 'update_user_field',
                 'name'        => 'Edit organisation user',
-                'conditions'  => "has_matching_organisation(self.id,user.id,true) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
+
+                'conditions'  => "(($canAdminOrgUsers && $excludeMasters) || $isSelf) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
                 'description' => 'Edit users in your own organisation who are not Site or (global) Organisation Administrators, except yourself.',
             ]),
+
+            'view_user_field_organisation' => new Permission([
+                'slug'        => 'view_user_field',
+                'name'        => 'View user',
+                'conditions'  => "(($canAdminOrgUsers && $excludeMasters) || $isSelf) && in(property,['user_name','name','email','locale','roles','group','organisations'])",
+                'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
+            ]),
         ];
     }
 
@@ -304,6 +311,14 @@ class OrganisationPermissions extends BaseSeed
             ]);
         }
 
+        $roleUserAdmin = Role::where('slug', 'user-admin')->first();
+        if ($roleSiteAdmin) {
+            $roleSiteAdmin->permissions()->syncWithoutDetaching([
+                $permissions['view_user_field']->id,
+                $permissions['update_user_field']->id,
+            ]);
+        }
+
         $roleGroupAdmin = Role::where('slug', 'group-admin')->first();
         if ($roleGroupAdmin) {
             $roleGroupAdmin->permissions()->sync([
@@ -328,13 +343,15 @@ class OrganisationPermissions extends BaseSeed
 
                 $permissions['uri_organisation']->id,
                 $permissions['uri_organisations']->id,
+                $permissions['uri_user_in_organisation']->id,
                 $permissions['uri_deleted_organisations']->id,
 
                 $permissions['view_organisation_members']->id,
                 $permissions['promote_organisation_member']->id,
 
-                #$permissions['view_user_field']->id,
-                #$permissions['update_user_field']->id,
+                $permissions['view_user_field_organisation_audit']->id,
+                $permissions['view_user_field_organisation']->id,
+                $permissions['update_user_field_organisation']->id,
             ]);
         }
 
@@ -352,6 +369,7 @@ class OrganisationPermissions extends BaseSeed
 
                 $permissions['uri_organisation_own']->id,
                 $permissions['uri_organisations']->id,
+                $permissions['uri_user_in_organisation']->id,
 
                 $permissions['view_user_field_organisation']->id,
                 $permissions['update_user_field_organisation']->id,

src/ServicesProvider/ServicesProvider.php

@@ -59,6 +59,22 @@ class ServicesProvider
          * @return \UserFrosting\Sprinkle\Core\Util\ClassMapper
          */
         $container->extend('authorizer', function ($authorizer, $c) {
+            /*
+             * Check if all $user has an $organisation.
+             *
+             * @param  int  $user_id         the id of the requesting user (normally currentUser->id).
+             * @return bool true if $user is a verified member of any organisation.
+             */
+            $authorizer->addCallback('has_organisation', function ($user_id) {
+                $query = Capsule::table('organisation_members')
+                    ->join('organisations', 'organisation_members.organisation_id', 'organisations.id')
+                    ->where('user_id', $user_id)
+                    ->where('organisation_members.flag_approved', true)
+                    ->where('organisations.flag_approved', true);
+
+                return $query->count() > 0;
+            });
+
             /*
              * Check if all $user is a member of $organisation.
              *
@@ -87,11 +103,12 @@ class ServicesProvider
              * @return bool true if $user is an administrator of $organisation.
              */
             $authorizer->addCallback('is_organisation_admin', function ($user_id, $organisation_id) {
-                return Capsule::table('organisation_members')
+                $query = Capsule::table('organisation_members')
                     ->where('user_id', $user_id)
                     ->where('organisation_id', $organisation_id)
-                    ->where('flag_admin', true)
-                    ->count() > 0;
+                    ->where('flag_admin', true);
+
+                return $query->count() > 0;
             });
 
             /*

src/Sprunje/OrganisationSprunje.php

@@ -125,6 +125,31 @@ class OrganisationSprunje extends Sprunje
         return $this;
     }
 
+    /**
+     * Filter by description (case insensitive).
+     *
+     * @param Builder $query
+     * @param mixed   $value
+     *
+     * @return self
+     */
+    protected function filterInfo($query, $value)
+    {
+        // Split value on separator for OR queries
+        $values = explode($this->orSeparator, $value);
+        $query->where(function ($query) use ($values) {
+            foreach ($values as $value) {
+                $query->orWhereRaw(
+                    'LOWER(name) LIKE ?', [ '%' . strtolower($value) . '%' ]
+                )->orWhereRaw(
+                    'LOWER(description) LIKE ?', [ '%' . strtolower($value) . '%' ]
+                );
+            }
+        });
+
+        return $this;
+    }
+
     /**
      * Return a list of possible user statuses.
      *

templates/modals/member-reset-password.html.twig

@@ -0,0 +1,32 @@
+{% extends "modals/modal.html.twig" %}
+
+{% block modal_title %}{{translate("ORGANISATION.MEMBER.RESET_PASSWORD")}}{% endblock %}
+
+{% block modal_body %}
+<form class="js-form" method="POST" action="{{site.uri.public}}/api/organisations/o/{{organisation.slug}}/members/m/{{user.user_name}}/password-reset">
+    {% include "forms/csrf.html.twig" %}
+    <div class="js-form-alerts">
+    </div>
+    <div class="row">
+        <div class="col-sm-12">
+            {{translate("ORGANISATION.MEMBER.SEND_PASSWORD_LINK_CONFIRM", {
+                'user_name': user.user_name,
+                'email': user.email
+            })}}
+        </div>
+    </div>
+    <br>
+    <div class="row">
+        <div class="col-xs-8 col-sm-4">
+            <button type="submit" class="btn btn-block btn-lg btn-success">{{translate('CONFIRM')}}</button>
+        </div>
+        <div class="col-xs-4 col-sm-3 pull-right">
+            <button type="button" class="btn btn-block btn-lg btn-link" data-dismiss="modal">{{translate('CANCEL')}}</button>
+        </div>
+    </div>
+</form>
+<!-- Include validation rules -->
+<script>
+    {% include "pages/partials/page.js.twig" %}
+</script>
+{% endblock %}

templates/navigation/sidebar-menu.html.twig

@@ -2,5 +2,8 @@
 
 {% block navigation %}
     {{ parent() }}
+
+    {% block navigation_organisations %}
         {% include "navigation/partials/sidebar-organisations.html.twig" %}
     {% endblock %}
+{% endblock %}

templates/navigation/user-card.html.twig

@@ -3,7 +3,9 @@
 {% block userCard_menu %}
     <a href="{{site.uri.public}}" class="btn btn-default btn-flat btn-block">Homepage</a>
 
+    {% block navigation_organisations %}
     {% include "navigation/partials/user-card-organisations.html.twig" %}
+    {% endblock %}
 
     {{ parent() }}
 {% endblock %}

templates/pages/user.html.twig

@@ -168,6 +168,7 @@
                 {% endblock %}
             </div>
         </div>
+        {% if checkAccess('view_user_field', { 'user': user, 'property': 'activities' }) %}
         {% if 'activities' not in widgets.hidden %}
         <div class="col-lg-8">
             {% block activity_box %}
@@ -188,6 +189,7 @@
             {% endblock %}
         </div>
         {% endif %}
+        {% endif %}
     </div>
     {% if 'permissions' not in widgets.hidden %}
     <div class="row">

templates/tables/columns/organisation_members-actions.html.twig

@@ -36,8 +36,8 @@
                         </a>
                     </li>
                     <li>
-                        <a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-user-password">
-                        <i class="fas fa-key"></i> {% endverbatim %}{{translate("MEMBER.CHANGE_PASSWORD")}}{% verbatim %}
+                        <a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-member-password">
+                        <i class="fas fa-key"></i> {% endverbatim %}{{translate("MEMBER.RESET_PASSWORD")}}{% verbatim %}
                         </a>
                     </li>
                     <li>