AVSDev/sprinkle-organisations
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Compare commits

base: AVSDev:b54945cad60fb2d96c94cb853b0acf8a16b94a8c
Branches Tags
AVSDev:main AVSDev:devel
AVSDev:v1.1.1 AVSDev:v1.1.0 AVSDev:v1.0.5 AVSDev:v1.0.4 AVSDev:v1.0.3 AVSDev:v1.0.2 AVSDev:v1.0.1 AVSDev:v1.0 AVSDev:v0.2.1 AVSDev:v0.2 AVSDev:v0.1.1 AVSDev:v0.1
..
compare: AVSDev:v1.0.1
Branches Tags
AVSDev:devel AVSDev:main
AVSDev:v1.1.1 AVSDev:v1.1.0 AVSDev:v1.0.5 AVSDev:v1.0.4 AVSDev:v1.0.3 AVSDev:v1.0.2 AVSDev:v1.0.1 AVSDev:v1.0 AVSDev:v0.2.1 AVSDev:v0.2 AVSDev:v0.1.1 AVSDev:v0.1

13 Commits
b54945cad6 ... v1.0.1

Author SHA1 Message Date
Craig Williams
ddb7e645a0 Fixed filtering of the merge dialog 2023-10-04 15:59:49 +01:00
Craig Williams
544b4fab13 Uplifted database version to 1.0.0 2023-09-25 14:33:09 +01:00
Craig Williams
74dd06a36c Fix syntax error in permission string 2023-09-13 09:08:25 +01:00
Craig Williams
b3b4c19e6d Another attempt to fix some permissions 2023-09-13 09:03:59 +01:00
Craig Williams
7fab295b6f Fixed some permission issues 2023-09-12 16:02:00 +01:00
Craig Williams
dead350676 Tighten organisation admin permissions & password reset workflow 2023-09-07 11:53:39 +01:00
Craig Williams
f3af94a285 Fixed a bug in organisation admin permission check 2023-09-07 10:13:51 +01:00
Craig Williams
daa4e78a27 Fixed check for has_organisation 2023-08-23 08:39:27 +01:00
Craig Williams
1e0f2017f6 Fixed static function trait 2023-08-23 08:39:10 +01:00
Craig Williams
cd12ac72c7 Fixed Info column filter 2023-07-25 16:47:42 +01:00
Craig Williams
0f5140d01f Simplified the organisation column permissions for now 2023-07-18 13:29:34 +01:00
Craig Williams
85b1cec060 Added a has_organisation authorizer check 2023-07-18 13:28:50 +01:00
Craig Williams
7f9d329295 Fixed sidebar block 2023-07-18 13:27:42 +01:00
19 changed files with 306 additions and 48 deletions
Expand all files Collapse all files

27
assets/organisations/js/widgets/members.js
View File

@@ -137,6 +137,33 @@ function bindMemberButtons(el, options) {
}); });
}); });
}); });
// Reset member password button
el.find('.js-member-password').click(function(e) {
e.preventDefault();
var userName = $(this).data('user_name');
$("body").ufModal({
sourceUrl: site.uri.public + '/modals/organisations/o/' + $(this).data('slug') + '/members/reset-password',
ajaxParams: {
slug: $(this).data('slug'),
user_name: $(this).data('user_name')
},
msgTarget: $("#alerts-page")
});
$("body").on('renderSuccess.ufModal', function() {
var modal = $(this).ufModal('getModal');
var form = modal.find('.js-form');
form.ufForm()
.on("submitSuccess.ufForm", function() {
// Navigate or reload page on success
window.location.reload();
});
});
});
} }
// function bindMemberCreationButton(el) { // function bindMemberCreationButton(el) {

7
assets/organisations/js/widgets/organisations.js
View File

@@ -189,6 +189,13 @@ function bindOrganisationButtons(el, options) {
var options = { var options = {
ajax: { ajax: {
url: site.uri.public + '/api/organisations', url: site.uri.public + '/api/organisations',
data: function (params) {
return {
filters: {
info : params.term
}
};
},
processResults: function (data) { processResults: function (data) {
var items = data.rows.filter((i) => i.slug != organisation_slug); var items = data.rows.filter((i) => i.slug != organisation_slug);
return { return {

8
locale/en_US/messages.php
View File

@@ -51,7 +51,7 @@ return [
'DELETE_YES' => 'Yes, delete organisation', 'DELETE_YES' => 'Yes, delete organisation',
'DELETION_SUCCESSFUL' => 'Successfully deleted organisation <strong>{{name}}</strong>', 'DELETION_SUCCESSFUL' => 'Successfully deleted organisation <strong>{{name}}</strong>',
'MEMBER_COUNT' => '# Members <sub>(excl admins)</sub>', 'MEMBER_COUNT' => '# Members',
'ADMIN_COUNT' => '# Admins', 'ADMIN_COUNT' => '# Admins',
'SELF' => [ 'SELF' => [
@@ -155,6 +155,10 @@ return [
'DEMOTE_CONFIRM_EXTRA' => 'Once demoted they will no longer be able to manage members and agents on the organisation\'s behalf.', 'DEMOTE_CONFIRM_EXTRA' => 'Once demoted they will no longer be able to manage members and agents on the organisation\'s behalf.',
'DEMOTE_YES' => 'Yes, demote administrator', 'DEMOTE_YES' => 'Yes, demote administrator',
'DEMOTE_SUCCESSFUL' => 'Successfully demoted administrator <strong>{{user_name}}</strong> from being an administrator of organisation <strong>{{name}}</strong>', 'DEMOTE_SUCCESSFUL' => 'Successfully demoted administrator <strong>{{user_name}}</strong> from being an administrator of organisation <strong>{{name}}</strong>',
'RESET_PASSWORD' => 'Send password reset link',
'SEND_PASSWORD_LINK_CONFIRM' => 'Please confirm that you wish to send a password reset link to:<br><br> <strong>{{user_name}}</strong> ({{email}}).',
'PASSWORD_LINK_SENT' => 'A password reset link has successfully been sent to <strong>{{email}}</strong>.'
], ],
], ],
@@ -168,7 +172,7 @@ return [
'DEMOTE' => 'Demote to member', 'DEMOTE' => 'Demote to member',
'EDIT' => 'Edit member', 'EDIT' => 'Edit member',
'CHANGE_PASSWORD' => 'Change member password', 'RESET_PASSWORD' => 'Send password reset link',
], ],
'ADMIN' => [ 'ADMIN' => [

3
routes/organisation-members.php
View File

@@ -33,6 +33,8 @@ $app->group('/api/organisations/o/{slug}/members', function () {
$this->put('/m/{user_name}/promote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:promote'); $this->put('/m/{user_name}/promote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:promote');
$this->put('/m/{user_name}/demote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:demote'); $this->put('/m/{user_name}/demote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:demote');
$this->post('/m/{user_name}/password-reset', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:createPasswordReset');
})->add('authGuard')->add(new NoCache()); })->add('authGuard')->add(new NoCache());
@@ -45,4 +47,5 @@ $app->group('/modals/organisations/o/{slug}/members', function () {
$this->get('/confirm-reject', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmReject'); $this->get('/confirm-reject', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmReject');
$this->get('/confirm-promote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmPromote'); $this->get('/confirm-promote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmPromote');
$this->get('/confirm-demote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmDemote'); $this->get('/confirm-demote', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalConfirmDemote');
$this->get('/reset-password', 'UserFrosting\Sprinkle\Organisations\Controller\OrganisationMembersController:getModalResetPassword');
})->add('authGuard')->add(new NoCache()); })->add('authGuard')->add(new NoCache());

16
src/Controller/OrganisationController.php
View File

@@ -1114,17 +1114,8 @@ class OrganisationController extends SimpleController
throw new ForbiddenException(); throw new ForbiddenException();
} }
$tableColumns = [ 'description' ]; $tableColumns = [ 'description', 'join' ];
if (
(
$currentUser->organisations(true)->count() == 0
|| !$config['organisation']['membership']['single_membership']
)
&& !$config['organisation']['combine_action_buttons']
) {
$tableColumns[] = 'join';
}
if ($currentUser->organisations(true)->wherePivot('flag_admin', true) if ($currentUser->organisations(true)->wherePivot('flag_admin', true)
|| $authorizer->checkAccess($currentUser, 'delete_organisation') || $authorizer->checkAccess($currentUser, 'delete_organisation')
@@ -1136,6 +1127,11 @@ class OrganisationController extends SimpleController
$tableColumns[] = 'actions'; $tableColumns[] = 'actions';
} }
if ($currentUser->organisations(true)->wherePivot('flag_admin', true)) {
$tableColumns[] = 'status';
$tableColumns[] = 'actions';
}
return $this->ci->view->render( return $this->ci->view->render(
$response, $response,
'pages/organisations.html.twig', 'pages/organisations.html.twig',

130
src/Controller/OrganisationMembersController.php
View File

@@ -9,6 +9,7 @@
namespace UserFrosting\Sprinkle\Organisations\Controller; namespace UserFrosting\Sprinkle\Organisations\Controller;
use Carbon\Carbon;
use Illuminate\Database\Capsule\Manager as Capsule; use Illuminate\Database\Capsule\Manager as Capsule;
use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Http\Message\ServerRequestInterface as Request;
@@ -918,6 +919,81 @@ class OrganisationMembersController extends SimpleController
return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug])); return $response->withRedirect($this->ci->router->pathFor('uri_organisation', ['slug' => $organisation->slug]));
} }
/**
* Processes the request to send a user a password reset email.
*
* Processes the request from the user update form, checking that:
* 1. The target user's new email address, if specified, is not already in use;
* 2. The logged-in user has the necessary permissions to update the posted field(s);
* 3. We're not trying to disable the master account;
* 4. The submitted data is valid.
* This route requires authentication.
*
* Request type: POST
*
* @param Request $request
* @param Response $response
* @param string[] $args
*
* @throws NotFoundException If user is not found
* @throws ForbiddenException If user is not authorized to access page
*/
public function createPasswordReset(Request $request, Response $response, array $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts;
// Get the username from the URL
$user = $this->getUserFromParams($args);
if (!$user) {
throw new NotFoundException();
}
// Access-controlled resource - check that currentUser has permission to edit "password" for this user
if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
'user' => $user,
'fields' => ['password'],
])) {
throw new ForbiddenException();
}
// Begin transaction - DB will be rolled back if an exception occurs
Capsule::transaction(function () use ($user, $config) {
// Create a password reset and shoot off an email
$passwordReset = $this->ci->repoPasswordReset->create($user, $config['password_reset.timeouts.reset']);
// Create and send welcome email with password set link
$message = new TwigMailMessage($this->ci->view, 'mail/password-reset.html.twig');
$message->from($config['address_book.admin'])
->addEmailRecipient(new EmailRecipient($user->email, $user->full_name))
->addParams([
'user' => $user,
'token' => $passwordReset->getToken(),
'request_date' => Carbon::now()->format('Y-m-d H:i:s'),
]);
$this->ci->mailer->send($message);
});
$ms->addMessageTranslated('success', 'ORGANISATION.MEMBER.PASSWORD_LINK_SENT', [
'email' => $user->email,
]);
return $response->withJson([], 200);
}
/** /**
* Returns a list of organisation members. * Returns a list of organisation members.
@@ -1359,6 +1435,60 @@ class OrganisationMembersController extends SimpleController
]); ]);
} }
/**
* Renders the modal form for sending a password reset to a member.
*
* This does NOT render a complete page. Instead, it renders the HTML for the form, which can be embedded in other pages.
* This page requires authentication.
*
* Request type: GET
*
* @param Request $request
* @param Response $response
* @param string[] $args
*
* @throws NotFoundException If user is not found
* @throws ForbiddenException If user is not authorized to access page
*/
public function getModalResetPassword(Request $request, Response $response, array $args)
{
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
// GET parameters
$params = $request->getQueryParams();
$user = $this->getUserFromParams($params);
$organisation = $this->getOrganisationFromParams($params);
// Check organisation & user exists
if (!$organisation || !$user) {
throw new NotFoundException();
}
// Access-controlled resource - check that currentUser has permission to edit "password" field for this user
if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
'organisation' => $organisation,
'user' => $user,
'fields' => ['password'],
])) {
throw new ForbiddenException();
}
return $this->ci->view->render($response, 'modals/member-reset-password.html.twig', [
'user' => $user,
'organisation' => $organisation,
'page' => [],
]);
}
/** /**
* Send approval email for specified organisation and confirmation to user. * Send approval email for specified organisation and confirmation to user.

4
src/Database/Migrations/v010/OrganisationApprovalsTable.php → src/Database/Migrations/v1_0_0/OrganisationApprovalsTable.php
View File

@@ -7,7 +7,7 @@
* @license https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License) * @license https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
*/ */
namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v010; namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0;
use Illuminate\Database\Schema\Blueprint; use Illuminate\Database\Schema\Blueprint;
use UserFrosting\Sprinkle\Core\Database\Migration; use UserFrosting\Sprinkle\Core\Database\Migration;
@@ -25,7 +25,7 @@ class OrganisationApprovalsTable extends Migration
* {@inheritdoc} * {@inheritdoc}
*/ */
public static $dependencies = [ public static $dependencies = [
'\UserFrosting\Sprinkle\Account\Database\Migrations\v400\UsersTable', '\UserFrosting\Sprinkle\Account\Database\Migrations\v430\UpdateUsersTable',
]; ];
/** /**

6
src/Database/Migrations/v010/OrganisationMembersTable.php → src/Database/Migrations/v1_0_0/OrganisationMembersTable.php
View File

@@ -7,7 +7,7 @@
* @license https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License) * @license https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
*/ */
namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v010; namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0;
use Illuminate\Database\Schema\Blueprint; use Illuminate\Database\Schema\Blueprint;
use UserFrosting\Sprinkle\Organisations\Database\Models\Organisation; use UserFrosting\Sprinkle\Organisations\Database\Models\Organisation;
@@ -29,8 +29,8 @@ class OrganisationMembersTable extends Migration
* {@inheritdoc} * {@inheritdoc}
*/ */
public static $dependencies = [ public static $dependencies = [
'\UserFrosting\Sprinkle\Account\Database\Migrations\v400\UsersTable', '\UserFrosting\Sprinkle\Account\Database\Migrations\v430\UpdateUsersTable',
'\UserFrosting\Sprinkle\Organisations\Database\Migrations\v010\OrganisationsTable', '\UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0\OrganisationsTable',
]; ];
/** /**

4
src/Database/Migrations/v010/OrganisationMembershipApprovalsTable.php → src/Database/Migrations/v1_0_0/OrganisationMembershipApprovalsTable.php
View File

@@ -7,7 +7,7 @@
* @license https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License) * @license https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
*/ */
namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v010; namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0;
use Illuminate\Database\Schema\Blueprint; use Illuminate\Database\Schema\Blueprint;
use UserFrosting\Sprinkle\Core\Database\Migration; use UserFrosting\Sprinkle\Core\Database\Migration;
@@ -25,7 +25,7 @@ class OrganisationMembershipApprovalsTable extends Migration
* {@inheritdoc} * {@inheritdoc}
*/ */
public static $dependencies = [ public static $dependencies = [
'\UserFrosting\Sprinkle\Account\Database\Migrations\v400\UsersTable', '\UserFrosting\Sprinkle\Account\Database\Migrations\v430\UpdateUsersTable',
]; ];
/** /**

4
src/Database/Migrations/v010/OrganisationsTable.php → src/Database/Migrations/v1_0_0/OrganisationsTable.php
View File

@@ -7,7 +7,7 @@
* @license https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License) * @license https://git.avsdev.uk/avsdev/sprinkle-organisations/blob/master/LICENSE.md (LGPL-3.0 License)
*/ */
namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v010; namespace UserFrosting\Sprinkle\Organisations\Database\Migrations\v1_0_0;
use Illuminate\Database\Schema\Blueprint; use Illuminate\Database\Schema\Blueprint;
use UserFrosting\Sprinkle\Organisations\Database\Models\Organisation; use UserFrosting\Sprinkle\Organisations\Database\Models\Organisation;
@@ -27,7 +27,7 @@ class OrganisationsTable extends Migration
* {@inheritdoc} * {@inheritdoc}
*/ */
public static $dependencies = [ public static $dependencies = [
'\UserFrosting\Sprinkle\Account\Database\Migrations\v400\UsersTable', '\UserFrosting\Sprinkle\Account\Database\Migrations\v430\UpdateUsersTable',
]; ];
/** /**

2
src/Database/ModelTraits/UserOrganisations.php
View File

@@ -124,7 +124,7 @@ trait UserOrganisations {
} }
public function bootUserOrganisations() static public function bootUserOrganisations()
{ {
static::deleting(function ($user) { static::deleting(function ($user) {
if (!$user->deleteUserOrganisations($user->isForceDeleting())) { if (!$user->deleteUserOrganisations($user->isForceDeleting())) {

50
src/Database/Seeds/OrganisationPermissions.php
View File

@@ -50,6 +50,11 @@ class OrganisationPermissions extends BaseSeed
'organisations-admin' => Role::where('slug', 'organisations-admin')->first()->id, 'organisations-admin' => Role::where('slug', 'organisations-admin')->first()->id,
]; ];
$canAdminOrgUsers = "(has_role(self.id,{$roleIds['organisations-admin']}) || (has_matching_organisation(self.id,user.id,1) && !has_role(user.id,{$roleIds['organisations-admin']})))";
$canAdminOrgAdmins = "(has_role(self.id,{$roleIds['organisations-admin']}) || has_matching_organisation(self.id,user.id,1))";
$excludeMasters = "(!is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}))";
$isSelf = "equals_num(self.id,user.id)";
return [ return [
'create_organisation' => new Permission([ 'create_organisation' => new Permission([
'slug' => 'create_organisation', 'slug' => 'create_organisation',
@@ -127,12 +132,6 @@ class OrganisationPermissions extends BaseSeed
]), ]),
// 'view_organisation_members_field' => new Permission([
// 'slug' => 'view_organisation_field',
// 'name' => 'View organisation members field',
// 'conditions' => "in(property,['members'])",
// 'description' => 'View members field of any organisation.',
// ]),
'view_organisation_members' => new Permission([ 'view_organisation_members' => new Permission([
'slug' => 'view_organisation_field', 'slug' => 'view_organisation_field',
'name' => 'View organisation members', 'name' => 'View organisation members',
@@ -200,12 +199,12 @@ class OrganisationPermissions extends BaseSeed
]), ]),
// 'uri_user_in_organisation' => new Permission([ 'uri_user_in_organisation' => new Permission([
// 'slug' => 'uri_user', 'slug' => 'uri_user',
// 'name' => 'View user', 'name' => 'View user',
// 'conditions' => "has_matching_organisation(self.id,user.id,true) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id))", 'conditions' => "(($canAdminOrgAdmins && $excludeMasters) || $isSelf)",
// 'description' => 'View the user page of any user in your group, except the master user and Site and (global) Organisation Administrators (except yourself).', 'description' => 'View the user page of any user in your orgnisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
// ]), ]),
'view_user_field' => new Permission([ 'view_user_field' => new Permission([
'slug' => 'view_user_field', 'slug' => 'view_user_field',
'name' => 'View user', 'name' => 'View user',
@@ -215,35 +214,43 @@ class OrganisationPermissions extends BaseSeed
'update_user_field' => new Permission([ 'update_user_field' => new Permission([
'slug' => 'update_user_field', 'slug' => 'update_user_field',
'name' => 'Edit user', 'name' => 'Edit user',
'conditions' => "!has_role(user.id,{$roleIds['site-admin']}) && subset(fields,['organisations'])", 'conditions' => "$excludeMasters && subset(fields,['organisations'])",
'description' => 'Edit organisations for users who are not Site Administrators.', 'description' => 'Edit organisations for users who are not Site Administrators.',
]), ]),
'view_user_field_group' => new Permission([ 'view_user_field_group' => new Permission([
'slug' => 'view_user_field', 'slug' => 'view_user_field',
'name' => 'View user', 'name' => 'View user',
'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && in(property,['organisations'])", 'conditions' => "equals_num(self.group_id,user.group_id) && $excludeMasters && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && in(property,['organisations'])",
'description' => 'View organisations of any user in your own group, except the master user and Site and Group Administrators (except yourself).', 'description' => 'View organisations of any user in your own group, except the master user and Site and Group Administrators (except yourself).',
]), ]),
'update_user_field_group' => new Permission([ 'update_user_field_group' => new Permission([
'slug' => 'update_user_field', 'slug' => 'update_user_field',
'name' => 'Edit group user', 'name' => 'Edit group user',
'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && subset(fields,['organisations'])", 'conditions' => "equals_num(self.group_id,user.group_id) && $excludeMasters && (!has_role(user.id,{$roleIds['group-admin']}) || equals_num(self.id,user.id)) && subset(fields,['organisations'])",
'description' => 'Edit organisations for users in your own group who are not Site or Group Administrators, except yourself.', 'description' => 'Edit organisations for users in your own group who are not Site or Group Administrators, except yourself.',
]), ]),
'view_user_field_organisation' => new Permission([ 'view_user_field_organisation_audit' => new Permission([
'slug' => 'view_user_field', 'slug' => 'view_user_field',
'name' => 'View user', 'name' => 'View user',
'conditions' => "has_matching_organisation(self.id,user.id) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','activities','organisations'])", 'conditions' => "(($canAdminOrgUsers && $excludeMasters) || $isSelf) && in(property,['activities'])",
'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).', 'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
]), ]),
'update_user_field_organisation' => new Permission([ 'update_user_field_organisation' => new Permission([
'slug' => 'update_user_field', 'slug' => 'update_user_field',
'name' => 'Edit organisation user', 'name' => 'Edit organisation user',
'conditions' => "has_matching_organisation(self.id,user.id,true) && !is_master(user.id) && !has_role(user.id,{$roleIds['site-admin']}) && (!has_role(user.id,{$roleIds['organisations-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
'conditions' => "(($canAdminOrgUsers && $excludeMasters) || $isSelf) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
'description' => 'Edit users in your own organisation who are not Site or (global) Organisation Administrators, except yourself.', 'description' => 'Edit users in your own organisation who are not Site or (global) Organisation Administrators, except yourself.',
]), ]),
'view_user_field_organisation' => new Permission([
'slug' => 'view_user_field',
'name' => 'View user',
'conditions' => "(($canAdminOrgUsers && $excludeMasters) || $isSelf) && in(property,['user_name','name','email','locale','roles','group','organisations'])",
'description' => 'View certain properties of any user in your own organisation, except the master user and Site and (global) Organisation Administrators (except yourself).',
]),
]; ];
} }
@@ -328,13 +335,15 @@ class OrganisationPermissions extends BaseSeed
$permissions['uri_organisation']->id, $permissions['uri_organisation']->id,
$permissions['uri_organisations']->id, $permissions['uri_organisations']->id,
$permissions['uri_user_in_organisation']->id,
$permissions['uri_deleted_organisations']->id, $permissions['uri_deleted_organisations']->id,
$permissions['view_organisation_members']->id, $permissions['view_organisation_members']->id,
$permissions['promote_organisation_member']->id, $permissions['promote_organisation_member']->id,
#$permissions['view_user_field']->id, $permissions['view_user_field_organisation_audit']->id,
#$permissions['update_user_field']->id, $permissions['view_user_field_organisation']->id,
$permissions['update_user_field_organisation']->id,
]); ]);
} }
@@ -352,6 +361,7 @@ class OrganisationPermissions extends BaseSeed
$permissions['uri_organisation_own']->id, $permissions['uri_organisation_own']->id,
$permissions['uri_organisations']->id, $permissions['uri_organisations']->id,
$permissions['uri_user_in_organisation']->id,
$permissions['view_user_field_organisation']->id, $permissions['view_user_field_organisation']->id,
$permissions['update_user_field_organisation']->id, $permissions['update_user_field_organisation']->id,

23
src/ServicesProvider/ServicesProvider.php
View File

@@ -59,6 +59,22 @@ class ServicesProvider
* @return \UserFrosting\Sprinkle\Core\Util\ClassMapper * @return \UserFrosting\Sprinkle\Core\Util\ClassMapper
*/ */
$container->extend('authorizer', function ($authorizer, $c) { $container->extend('authorizer', function ($authorizer, $c) {
/*
* Check if all $user has an $organisation.
*
* @param int $user_id the id of the requesting user (normally currentUser->id).
* @return bool true if $user is a verified member of any organisation.
*/
$authorizer->addCallback('has_organisation', function ($user_id) {
$query = Capsule::table('organisation_members')
->join('organisations', 'organisation_members.organisation_id', 'organisations.id')
->where('user_id', $user_id)
->where('organisation_members.flag_approved', true)
->where('organisations.flag_approved', true);
return $query->count() > 0;
});
/* /*
* Check if all $user is a member of $organisation. * Check if all $user is a member of $organisation.
* *
@@ -87,11 +103,12 @@ class ServicesProvider
* @return bool true if $user is an administrator of $organisation. * @return bool true if $user is an administrator of $organisation.
*/ */
$authorizer->addCallback('is_organisation_admin', function ($user_id, $organisation_id) { $authorizer->addCallback('is_organisation_admin', function ($user_id, $organisation_id) {
return Capsule::table('organisation_members') $query = Capsule::table('organisation_members')
->where('user_id', $user_id) ->where('user_id', $user_id)
->where('organisation_id', $organisation_id) ->where('organisation_id', $organisation_id)
->where('flag_admin', true) ->where('flag_admin', true);
->count() > 0;
return $query->count() > 0;
}); });
/* /*

25
src/Sprunje/OrganisationSprunje.php
View File

@@ -125,6 +125,31 @@ class OrganisationSprunje extends Sprunje
return $this; return $this;
} }
/**
* Filter by description (case insensitive).
*
* @param Builder $query
* @param mixed $value
*
* @return self
*/
protected function filterInfo($query, $value)
{
// Split value on separator for OR queries
$values = explode($this->orSeparator, $value);
$query->where(function ($query) use ($values) {
foreach ($values as $value) {
$query->orWhereRaw(
'LOWER(name) LIKE ?', [ '%' . strtolower($value) . '%' ]
)->orWhereRaw(
'LOWER(description) LIKE ?', [ '%' . strtolower($value) . '%' ]
);
}
});
return $this;
}
/** /**
* Return a list of possible user statuses. * Return a list of possible user statuses.
* *

32
templates/modals/member-reset-password.html.twig Normal file
View File

@@ -0,0 +1,32 @@
{% extends "modals/modal.html.twig" %}
{% block modal_title %}{{translate("ORGANISATION.MEMBER.RESET_PASSWORD")}}{% endblock %}
{% block modal_body %}
<form class="js-form" method="POST" action="{{site.uri.public}}/api/organisations/o/{{organisation.slug}}/members/m/{{user.user_name}}/password-reset">
{% include "forms/csrf.html.twig" %}
<div class="js-form-alerts">
</div>
<div class="row">
<div class="col-sm-12">
{{translate("ORGANISATION.MEMBER.SEND_PASSWORD_LINK_CONFIRM", {
'user_name': user.user_name,
'email': user.email
})}}
</div>
</div>
<br>
<div class="row">
<div class="col-xs-8 col-sm-4">
<button type="submit" class="btn btn-block btn-lg btn-success">{{translate('CONFIRM')}}</button>
</div>
<div class="col-xs-4 col-sm-3 pull-right">
<button type="button" class="btn btn-block btn-lg btn-link" data-dismiss="modal">{{translate('CANCEL')}}</button>
</div>
</div>
</form>
<!-- Include validation rules -->
<script>
{% include "pages/partials/page.js.twig" %}
</script>
{% endblock %}

3
templates/navigation/sidebar-menu.html.twig
View File

@@ -2,5 +2,8 @@
{% block navigation %} {% block navigation %}
{{ parent() }} {{ parent() }}
{% block navigation_organisations %}
{% include "navigation/partials/sidebar-organisations.html.twig" %} {% include "navigation/partials/sidebar-organisations.html.twig" %}
{% endblock %} {% endblock %}
{% endblock %}

2
templates/navigation/user-card.html.twig
View File

@@ -3,7 +3,9 @@
{% block userCard_menu %} {% block userCard_menu %}
<a href="{{site.uri.public}}" class="btn btn-default btn-flat btn-block">Homepage</a> <a href="{{site.uri.public}}" class="btn btn-default btn-flat btn-block">Homepage</a>
{% block navigation_organisations %}
{% include "navigation/partials/user-card-organisations.html.twig" %} {% include "navigation/partials/user-card-organisations.html.twig" %}
{% endblock %}
{{ parent() }} {{ parent() }}
{% endblock %} {% endblock %}

2
templates/pages/user.html.twig
View File

@@ -168,6 +168,7 @@
{% endblock %} {% endblock %}
</div> </div>
</div> </div>
{% if checkAccess('view_user_field', { 'user': user, 'property': 'activities' }) %}
{% if 'activities' not in widgets.hidden %} {% if 'activities' not in widgets.hidden %}
<div class="col-lg-8"> <div class="col-lg-8">
{% block activity_box %} {% block activity_box %}
@@ -188,6 +189,7 @@
{% endblock %} {% endblock %}
</div> </div>
{% endif %} {% endif %}
{% endif %}
</div> </div>
{% if 'permissions' not in widgets.hidden %} {% if 'permissions' not in widgets.hidden %}
<div class="row"> <div class="row">

4
templates/tables/columns/organisation_members-actions.html.twig
View File

@@ -36,8 +36,8 @@
</a> </a>
</li> </li>
<li> <li>
<a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-user-password"> <a href="#" data-slug="{% endverbatim %}{{organisation.slug}}{% verbatim %}" data-user_name="{{row.user_name}}" class="js-member-password">
<i class="fas fa-key"></i> {% endverbatim %}{{translate("MEMBER.CHANGE_PASSWORD")}}{% verbatim %} <i class="fas fa-key"></i> {% endverbatim %}{{translate("MEMBER.RESET_PASSWORD")}}{% verbatim %}
</a> </a>
</li> </li>
<li> <li>