From 0b5171b67e05116dc0f0c2ec95c68a9368c526b4 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Sat, 13 Sep 2025 16:44:01 +0300 Subject: [PATCH] Enable people picker functionality as an AttributeCollector configuration --- app/plugins/CoreEnroller/config/plugin.json | 3 +- .../resources/locales/en_US/core_enroller.po | 6 ++ .../templates/AttributeCollectors/fields.inc | 18 +++--- app/src/Controller/ApiV2Controller.php | 59 ++++++++++++++++++- app/src/View/Helper/PetitionHelper.php | 2 +- 5 files changed, 73 insertions(+), 15 deletions(-) diff --git a/app/plugins/CoreEnroller/config/plugin.json b/app/plugins/CoreEnroller/config/plugin.json index 0b06ae498..cc4283a14 100644 --- a/app/plugins/CoreEnroller/config/plugin.json +++ b/app/plugins/CoreEnroller/config/plugin.json @@ -28,7 +28,8 @@ "columns": { "id": {}, "enrollment_flow_step_id": {}, - "description": { "temporary": true, "type": "string", "size": 80 } + "description": { "temporary": true, "type": "string", "size": 80 }, + "enable_person_find": { "type": "boolean" } }, "indexes": { "attribute_collectors_i1": { "columns": [ "enrollment_flow_step_id" ] } diff --git a/app/plugins/CoreEnroller/resources/locales/en_US/core_enroller.po b/app/plugins/CoreEnroller/resources/locales/en_US/core_enroller.po index b34f6ad04..e70ea37a7 100644 --- a/app/plugins/CoreEnroller/resources/locales/en_US/core_enroller.po +++ b/app/plugins/CoreEnroller/resources/locales/en_US/core_enroller.po @@ -163,6 +163,12 @@ msgstr "If set, the Approver must add a comment when approving or denying Petiti msgid "field.AttributeCollectors.valid_through.default.after.desc" msgstr "Days After Finalization" +msgid "field.AttributeCollectors.enable_person_find" +msgstr "Enable People Picker for Self Service" + +msgid "field.AttributeCollectors.enable_person_find.desc" +msgstr "Enable people picker for self-service enrollments, see Registry Technical Manual for privacy considerations" + msgid "field.BasicAttributeCollectors.affiliation_type_id" msgstr "Affiliation Type" diff --git a/app/plugins/CoreEnroller/templates/AttributeCollectors/fields.inc b/app/plugins/CoreEnroller/templates/AttributeCollectors/fields.inc index 8d3afbdee..07658ffe0 100644 --- a/app/plugins/CoreEnroller/templates/AttributeCollectors/fields.inc +++ b/app/plugins/CoreEnroller/templates/AttributeCollectors/fields.inc @@ -27,15 +27,13 @@ declare(strict_types = 1); -// Currently this Configuration View has no fields +// This view only supports edit +if($vv_action !== 'edit') { + return; +} -$this->Field->disableFormEditMode(); - -?> - -
  • -
    - -
    -
    • +print $this->element('form/listItem', [ + 'arguments' => [ + 'fieldName' => 'enable_person_find', + ]]); diff --git a/app/src/Controller/ApiV2Controller.php b/app/src/Controller/ApiV2Controller.php index a40f8a4f0..e47d5ca76 100644 --- a/app/src/Controller/ApiV2Controller.php +++ b/app/src/Controller/ApiV2Controller.php @@ -29,14 +29,14 @@ namespace App\Controller; -use Cake\Controller\Controller; -use InvalidArgumentException; use Cake\Chronos\Chronos; +use Cake\Controller\Controller; use Cake\Http\Exception\BadRequestException; use Cake\Log\Log; use Cake\ORM\TableRegistry; use Cake\Utility\Inflector; - +use InvalidArgumentException; +use \App\Lib\Enum\EnrollmentAuthzEnum; use \App\Lib\Enum\ProvisioningContextEnum; use \App\Lib\Enum\SuspendableStatusEnum; @@ -413,4 +413,57 @@ public function view($id = null) { public function pick() { $this->dispatchIndex(mode: 'picker'); } + + /** + * Indicate whether this Controller will handle some or all authnz. + * + * @param EventInterface $event Cake event, ie: from beforeFilter + * @return string "no", "open", "authz", "yes", or "notauth" + * @since COmanage Registry v5.2.0 + */ + public function willHandleAuth(\Cake\Event\EventInterface $event): string + { + $request = $this->getRequest(); + $reqAction = $request->getParam('action'); + $session = $request->getSession(); + $mode = 'no'; + + $auth = $session->read('Auth'); + + // Calculate people picker permissions on the fly for an enrollment flow/petition + if( + $this->name == 'People' + && $reqAction == 'pick' + && !empty($request->getQuery('petition_id')) + ) { + $petitionId = (int)$request->getQuery('petition_id'); + // We need to check if this is part of an Enrollment Flow + $Petitions = $this->fetchTable('Petitions'); + + // Pull the Petition to find its CO + $petition = $Petitions->get( + $petitionId, + contain: ['EnrollmentFlows' => ['EnrollmentFlowSteps']] + ); + + // We need to check the Petitioner Authorization. + $hasAuthorizedUser = $petition->enrollment_flow->authz_type == EnrollmentAuthzEnum::AuthUser + ? !empty($auth['external']['user']) : true; + + foreach ($petition->enrollment_flow->enrollment_flow_steps as $step) { + if ($step->plugin == 'CoreEnroller.AttributeCollectors') { + $AttributeCollectors = $this->fetchTable('CoreEnroller.AttributeCollectors'); + $attributeCollectorsRecord = $AttributeCollectors->find() + ->where(['enrollment_flow_step_id' => $step->id]) + ->contain(['EnrollmentAttributes']) + ->first(); + + $mode = $hasAuthorizedUser && $attributeCollectorsRecord->enable_person_find ? 'yes' : 'no'; + } + } + } + + // Apply standard behavior + return $mode; + } } \ No newline at end of file diff --git a/app/src/View/Helper/PetitionHelper.php b/app/src/View/Helper/PetitionHelper.php index be426a30d..c4ac48521 100644 --- a/app/src/View/Helper/PetitionHelper.php +++ b/app/src/View/Helper/PetitionHelper.php @@ -76,7 +76,7 @@ public function populateAutoViewVars(): void { // XXX Find the co id foreach ( - $this->enrollmentAttributesTable->calculateAutoViewVars($this->petition?->enrollment_flow?->co_id,$this->entity) as $vvar => $value + $this->enrollmentAttributesTable->calculateAutoViewVars($this->petition?->enrollment_flow?->co_id, $this->entity) as $vvar => $value ) { $this->getView()->set($vvar, $value); }