Initial implementation of login identifier support (CFM-131)

COmanage · Jul 8, 2022 · 11c6188 · 11c6188
1 parent 1fd5f07
commit 11c6188
Show file tree

Hide file tree

Showing 47 changed files with 864 additions and 407 deletions.
diff --git a/app/resources/locales/en_US/field.po b/app/resources/locales/en_US/field.po
@@ -47,6 +47,9 @@ msgstr "Attribute"
 msgid "comment"
 msgstr "Comment"
 
+msgid "Cos.member.not"
+msgstr "{0} (Not a Member)"
+
 msgid "CoSettings.address_default_type_id"
 msgstr "Default Address Type"
 

diff --git a/app/src/Controller/AdHocAttributesController.php b/app/src/Controller/AdHocAttributesController.php
@@ -34,9 +34,36 @@
 use Cake\ORM\TableRegistry;
 
 class AdHocAttributesController extends MVEAController {
+  use \App\Lib\Traits\PermissionsTrait;
+
   public $pagination = [
     'order' => [
       'AdHocAttributes.tag' => 'asc'
     ]
   ];
+
+  /**
+   * Perform Cake Model initialization.
+   *
+   * @since  COmanage Registry v5.0.0
+   */
+
+  public function initialize(): void {
+    parent::initialize();
+
+    $this->setPermissions([
+      // Actions that operate over an entity (ie: require an $id)
+      'entity' => [
+        'delete' =>   ['platformAdmin', 'coAdmin'],
+        'edit' =>     ['platformAdmin', 'coAdmin'],
+        'primary' =>  ['platformAdmin', 'coAdmin'],
+        'view' =>     ['platformAdmin', 'coAdmin']
+      ],
+      // Actions that operate over a table (ie: do not require an $id)
+      'table' => [
+        'add' =>      ['platformAdmin', 'coAdmin'],
+        'index' =>    ['platformAdmin', 'coAdmin']
+      ]
+    ]);
+  }
 }
diff --git a/app/src/Controller/AddressesController.php b/app/src/Controller/AddressesController.php
@@ -34,9 +34,36 @@
 use Cake\ORM\TableRegistry;
 
 class AddressesController extends MVEAController {
+  use \App\Lib\Traits\PermissionsTrait;
+
   public $pagination = [
     'order' => [
       'Addresses.street' => 'asc'
     ]
   ];
+
+  /**
+   * Perform Cake Model initialization.
+   *
+   * @since  COmanage Registry v5.0.0
+   */
+
+  public function initialize(): void {
+    parent::initialize();
+
+    $this->setPermissions([
+      // Actions that operate over an entity (ie: require an $id)
+      'entity' => [
+        'delete' =>   ['platformAdmin', 'coAdmin'],
+        'edit' =>     ['platformAdmin', 'coAdmin'],
+        'primary' =>  ['platformAdmin', 'coAdmin'],
+        'view' =>     ['platformAdmin', 'coAdmin']
+      ],
+      // Actions that operate over a table (ie: do not require an $id)
+      'table' => [
+        'add' =>      ['platformAdmin', 'coAdmin'],
+        'index' =>    ['platformAdmin', 'coAdmin']
+      ]
+    ]);
+  }
 }
diff --git a/app/src/Controller/ApiUsersController.php b/app/src/Controller/ApiUsersController.php
@@ -30,6 +30,8 @@
 namespace App\Controller;
 
 class ApiUsersController extends StandardController {
+  use \App\Lib\Traits\PermissionsTrait;
+
   public $pagination = [
     'order' => [
       'ApiUsers.username' => 'asc'
@@ -60,4 +62,29 @@ public function generate(string $id) {
 
     $this->render('/Standard/add-edit-view');
   }
+
+  /**
+   * Perform Cake Model initialization.
+   *
+   * @since  COmanage Registry v5.0.0
+   */
+
+  public function initialize(): void {
+    parent::initialize();
+
+    $this->setPermissions([
+      // Actions that operate over an entity (ie: require an $id)
+      'entity' => [
+        'delete' =>   ['platformAdmin', 'coAdmin'],
+        'edit' =>     ['platformAdmin', 'coAdmin'],
+        'generate' => ['platformAdmin', 'coAdmin'],
+        'view' =>     ['platformAdmin', 'coAdmin']
+      ],
+      // Actions that operate over a table (ie: do not require an $id)
+      'table' => [
+        'add' =>      ['platformAdmin', 'coAdmin'],
+        'index' =>    ['platformAdmin', 'coAdmin']
+      ]
+    ]);
+  }
 }
diff --git a/app/src/Controller/AppController.php b/app/src/Controller/AppController.php
@@ -29,7 +29,7 @@
 
 namespace App\Controller;
 
-use \App\Lib\Enum\TemplateableStatusEnum;
+use App\Lib\Enum\TemplateableStatusEnum;
 use App\Lib\Events\ChangelogEventListener;
 use App\Lib\Events\CoIdEventListener;
 use App\Lib\Events\RuleBuilderEventListener;
@@ -41,12 +41,12 @@
 use Cake\Event\Event;
 use Cake\Event\EventManager;
 use Cake\ORM\TableRegistry;
+use Cake\Utility\Hash;
 use InvalidArgumentException;
 
 class AppController extends Controller {
   use \App\Lib\Traits\LabeledLogTrait;
 
-
   // If set, the current requested CO. Note this may be *unauthenticated*
   // and so should not be trusted without further authorization.
   private $cur_co = null;
@@ -119,6 +119,14 @@ public function beforeFilter(\Cake\Event\EventInterface $event) {
     // Determine the requested CO
     $this->setCO();
 
+    if(isset($this->RegistryAuth)) {
+      // Components might not be loaded on error, so check
+
+      // We need to populate this in beforeFilter (rather than beforeRender)
+      // so it's available to CosController::select
+      $this->populateAvailableCos();
+    }
+
     return parent::beforeFilter($event);
   }
 
@@ -142,14 +150,6 @@ public function beforeRender(\Cake\Event\EventInterface $event) {
       $this->set('vv_menu_permissions', $this->RegistryAuth->getMenuPermissions());
     }
 
-    // Pull the set of COs this user is a member of, for rendering via menuMain
-    $Cos = TableRegistry::getTableLocator()->get("Cos");
-
-// XXX filter this based on the current user's eligibility (user should have one active or grace period role)
-//     and also filter only Active COs, etc
-// - do this in CosTable or in RegistryAuth?
-    $this->set('vv_available_cos', $Cos->find()->toArray());
-
     // For breadcrumbs, do we have a target model, and if so is it a configuration
     // model (eg: ApiUsers) or an object model (eg: CoPeople)?
     if(isset($this->$modelsName) // May not be set under certain error conditions
@@ -192,9 +192,9 @@ public function calculatePermissions(?int $id): array {
     // Can this record be deleted?
     $canDelete = true;
 
-    // Pull the table permissions
-    $permissions = $table->getPermissions();
-
+    // Pull the controller permissions
+    $permissions = $this->getPermissions();
+    
     if($id) {
       $readOnlyActions = ['view'];
 
@@ -486,6 +486,72 @@ protected function getRedirectGoal(): string {
     return 'index';
   }
 
+  /**
+   * Populate the list of Available COs, primarily for the CO Selector.
+   *
+   * @since  COmanage Registry v5.0.0
+   */
+
+  protected function populateAvailableCos() {
+    // Prepare the list of available COs, primarily for the CO Selector. We do
+    // this here because the menuTop element, which renders on every page, needs it.
+
+    $availableCos = [];
+
+    $userInfo = $this->viewBuilder()->getVar('vv_user');
+
+    if(!empty($userInfo['username'])) {
+      // There are two data sets to look at: the COs the current user is a member
+      // of, and (if the current user is a Platform Admin) all other COs. We then
+      // bubble the COmanage CO to the top (if present), followed by an alphabetical
+      // list of member COs, then an alphabetical list of non-member COs.
+
+      $Cos = TableRegistry::getTableLocator()->get("Cos");
+
+      // Pull the set of COs this user is a member of, for rendering via menuMain
+      $memberCos = Hash::sort($Cos->getCosForIdentifier(loginIdentifier: $userInfo['username']), '{n}.name', 'asc');
+      $allCos = null;
+
+      if($this->RegistryAuth->isPlatformAdmin()) {
+        // Pull all available (active COs)
+        $allCos = Hash::sort($Cos->find('all')->where(['Cos.status' => TemplateableStatusEnum::Active])->toArray(), '{n}.name', 'asc');
+      }
+
+      // See if the COmanage CO is in the $memberCos list. (If the user is a
+      // Platform Admin it will always be in the $memberCos list.)
+
+      $COmanageCO = null;
+
+      foreach($memberCos as $key => $co) {
+        if($co->isCOmanageCO()) {
+          $COmanageCO = $co;
+          unset($memberCos[$key]);
+        } else {
+          $availableCos[$key] = $co;
+        }
+      }
+
+      if($COmanageCO) {
+        $availableCos = array_merge([$COmanageCO->id => $COmanageCO], $availableCos);
+      }
+
+      if(!empty($allCos)) {
+        foreach($allCos as $key => $co) {
+          if(isset($availableCos[$key])) {
+            // Already in the list as a member
+            unset($allCos[$key]);
+          } else {
+            $co->name = __d('field', 'Cos.member.not', [$co->name]);
+          }
+        }
+
+        $availableCos = array_merge($availableCos, $allCos);
+      }
+    }
+
+    $this->set('vv_available_cos', $availableCos);
+  }
+
   /**
    * Determine the (requested) current CO and make it available to the
    * rest of the application.

diff --git a/app/src/Controller/CoSettingsController.php b/app/src/Controller/CoSettingsController.php
@@ -33,7 +33,8 @@
 use Cake\Log\Log;
 
 class CoSettingsController extends StandardController {
-
+  use \App\Lib\Traits\PermissionsTrait;
+
   /**
    * Manage CO Settings.
    *
@@ -49,4 +50,30 @@ public function manage() {
 
     return $this->redirect(['action' => 'edit', $settings->id]);
   }
+
+  /**
+   * Perform Cake Model initialization.
+   *
+   * @since  COmanage Registry v5.0.0
+   */
+
+  public function initialize(): void {
+    parent::initialize();
+
+    $this->setPermissions([
+      // Actions that operate over an entity (ie: require an $id). Since each CO's
+      // CoSetting is created during CO Setup, admins can only edit.
+      'entity' => [
+        'delete' => false,
+        'edit'   => ['platformAdmin', 'coAdmin'],
+        'view'   => ['platformAdmin', 'coAdmin']    // Required for REST API
+      ],
+      // Actions that operate over a table (ie: do not require an $id)
+      'table' => [
+        'add'    => false,
+        'index'  => ['platformAdmin', 'coAdmin'],   // Required for REST API
+        'manage' => ['platformAdmin', 'coAdmin']
+      ]
+    ]);
+  }
 }