Add Canvas link on top menu and calculate self permissions to access. (…

…#303)
COmanage · Feb 24, 2025 · 1aa68bc · 1aa68bc
1 parent c015b98
commit 1aa68bc
Show file tree

Hide file tree

Showing 11 changed files with 93 additions and 23 deletions.
diff --git a/app/src/Controller/Component/RegistryAuthComponent.php b/app/src/Controller/Component/RegistryAuthComponent.php
@@ -337,6 +337,9 @@ protected function calculatePermissions(?int $id=null): array {
     // Is this user a CO Member?
     $coMember = $this->isCoMember($controller->getCOID());
 
+    // Is this me?
+    $selfMember = $this->isSelf($controller->getCOID());
+
     // Get the action
     $reqAction = $controller->getRequest()->getParam('action');
 
@@ -545,26 +548,26 @@ public function calculatePermissionsForResultSet(ResultSet $rs): array {
 
     return $ret;
   }
-  
+
   /**
    * Calculate permissions for use in a view.
    *
-   * @since  COmanage Registry v5.0.0
-   * @param  string $action Action requested
-   * @param  int    $id     Subject id, if applicable
+   * @param string $action Action requested
+   * @param int|null $id Subject id, if applicable
    * @return array          Array of permissions, suitable for the view
+   * @since  COmanage Registry v5.0.0
    */
 
   public function calculatePermissionsForView(string $action, ?int $id=null): array {
     return $this->calculatePermissions($id);
   }
-  
+
   /**
    * Obtain the application role of the user for general use in the views
    *
-   * @since  COmanage Registry v5.0.0
-   * @param  int   $coId  Current CO ID, if known
+   * @param int|null $coId Current CO ID, if known
    * @return array $appRoles Array of roles
+   * @since  COmanage Registry v5.0.0
    */
 
   public function getApplicationUserRoles(?int $coId): array {
@@ -581,7 +584,18 @@ public function getApplicationUserRoles(?int $coId): array {
 
     // True if user is authenticated
     $appUserRoles['authuser'] = $this->isAuthenticatedUser();
-
+    // Login Identifier
+    $appUserRoles['person_identifier'] = $this->getAuthenticatedUser();
+    if ($coId) {
+      // Person ID
+      $appUserRoles['person_id'] = $this->getPersonID($coId) ?? null;
+      // Person Full Name
+      if (!empty($appUserRoles['person_id'])) {
+        $Names = TableRegistry::getTableLocator()->get('Names');
+        $appUserRoles['person_fullname'] = $Names->primaryName((int)$appUserRoles['person_id'])->full_name;
+      }
+    }
+
     return $appUserRoles;
   }
 
@@ -787,13 +801,13 @@ public function isCoAdmin(?int $coId): bool {
 
     return $this->cache['isCoAdmin'][$coId];
   }
-  
+
   /**
    * Determine if the current user is a member of the specified CO.
    *
-   * @since  COmanage Registry v5.0.0
-   * @param  int  $coId CO ID
+   * @param int|null $coId CO ID
    * @return bool       True if the current user is a CO Administrator
+   * @since  COmanage Registry v5.0.0
    */
 
   public function isCoMember(?int $coId): bool {
@@ -912,4 +926,48 @@ public function isPlatformAdmin(): bool {
 
     return $this->cache['isPlatformAdmin'];
   }
+
+
+  /**
+   * Determine if the current user is acting as themselves within the specified CO.
+   *
+   * @param int|null $coId CO ID
+   * @return bool          True if the current user is acting as themselves
+   * @since  COmanage Registry v5.1.0
+   */
+  public function isSelf(?int $coId): bool {
+    // We might get called in some contexts without a coId, in which case there
+    // are no members.
+
+    if(!$coId
+      || empty($this->cache['isCoMember'][$coId])
+    ) {
+      return false;
+    }
+
+    if(isset($this->cache['isSelf'][$coId])) {
+      return $this->cache['isSelf'][$coId];
+    }
+
+    $this->cache['isSelf'][$coId] = false;
+
+    $controller = $this->getController();
+    $request = $controller->getRequest();
+    $controllerName = $controller->getName();
+    $passId = $request->getParam('pass.0');
+    $queryPersonIdParam = $request->getQuery('person_id');
+    $personId = $this->getPersonID($coId);
+
+
+    $this->cache['isSelf'][$coId] = match(true) {
+      // Canvas page
+      $controllerName == 'People' && $passId == $personId => true,
+      // Any page that we query with the person_id
+      isset($queryPersonIdParam) && $queryPersonIdParam == $personId => true,
+      // XXX Any additional self rules go here
+      default => false,
+    };
+
+    return $this->cache['isSelf'][$coId];
+  }
 }
diff --git a/app/src/Model/Table/AddressesTable.php b/app/src/Model/Table/AddressesTable.php
@@ -117,7 +117,7 @@ public function initialize(array $config): void {
         'delete' =>   ['platformAdmin', 'coAdmin'],
         'edit' =>     ['platformAdmin', 'coAdmin'],
         'unfreeze' => ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' => ['platformAdmin', 'coAdmin', 'selfMember'],
       ],
       // Actions that are permitted on readonly entities (besides view)
       'readOnly' =>   ['unfreeze'],

diff --git a/app/src/Model/Table/EmailAddressesTable.php b/app/src/Model/Table/EmailAddressesTable.php
@@ -122,7 +122,7 @@ public function initialize(array $config): void {
         'edit' =>     ['platformAdmin', 'coAdmin'],
         'forceVerify' => ['platformAdmin', 'coAdmin'],
         'unfreeze' => ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' => ['platformAdmin', 'coAdmin', 'selfMember'],
       ],
       // Actions that are permitted on readonly entities (besides view)
       'readOnly' =>   ['unfreeze'],

diff --git a/app/src/Model/Table/IdentifiersTable.php b/app/src/Model/Table/IdentifiersTable.php
@@ -129,7 +129,7 @@ public function initialize(array $config): void {
         'delete' =>   ['platformAdmin', 'coAdmin'],
         'edit' =>     ['platformAdmin', 'coAdmin'],
         'unfreeze' => ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' => ['platformAdmin', 'coAdmin', 'selfMember'],
       ],
       // Actions that are permitted on readonly entities (besides view)
       'readOnly' =>   ['unfreeze'],

diff --git a/app/src/Model/Table/NamesTable.php b/app/src/Model/Table/NamesTable.php
@@ -121,7 +121,7 @@ public function initialize(array $config): void {
         'edit' =>     ['platformAdmin', 'coAdmin'],
         'primary' =>  ['platformAdmin', 'coAdmin'],
         'unfreeze' => ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' => ['platformAdmin', 'coAdmin', 'selfMember'],
       ],
       // Actions that are permitted on readonly entities (besides view)
       'readOnly' =>   ['unfreeze'],

diff --git a/app/src/Model/Table/PeopleTable.php b/app/src/Model/Table/PeopleTable.php
@@ -253,7 +253,7 @@ public function initialize(array $config): void {
         'delete'    => ['platformAdmin', 'coAdmin'],
         'edit'      => ['platformAdmin', 'coAdmin'],
         'provision' => ['platformAdmin', 'coAdmin'],
-        'view'      => ['platformAdmin', 'coAdmin']
+        'view'      => ['platformAdmin', 'coAdmin', 'selfMember']
       ],
       // Actions that operate over a table (ie: do not require an $id)
       'table' => [

diff --git a/app/src/Model/Table/PersonRolesTable.php b/app/src/Model/Table/PersonRolesTable.php
@@ -202,7 +202,7 @@ public function initialize(array $config): void {
         'delete' =>   ['platformAdmin', 'coAdmin'],
         'edit' =>     ['platformAdmin', 'coAdmin'],
         'unfreeze' => ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' => ['platformAdmin', 'coAdmin', 'selfMember'],
       ],
       // Actions that are permitted on readonly entities (besides view)
       'readOnly' =>   ['unfreeze'],

diff --git a/app/src/Model/Table/PronounsTable.php b/app/src/Model/Table/PronounsTable.php
@@ -107,7 +107,7 @@ public function initialize(array $config): void {
         'delete' =>   ['platformAdmin', 'coAdmin'],
         'edit' =>     ['platformAdmin', 'coAdmin'],
         'unfreeze' => ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' => ['platformAdmin', 'coAdmin', 'selfMember'],
       ],
       // Actions that are permitted on readonly entities (besides view)
       'readOnly' =>   ['unfreeze'],

diff --git a/app/src/Model/Table/TelephoneNumbersTable.php b/app/src/Model/Table/TelephoneNumbersTable.php
@@ -113,7 +113,7 @@ public function initialize(array $config): void {
         'delete' =>   ['platformAdmin', 'coAdmin'],
         'edit' =>     ['platformAdmin', 'coAdmin'],
         'unfreeze' => ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' => ['platformAdmin', 'coAdmin', 'selfMember'],
       ],
       // Actions that are permitted on readonly entities (besides view)
       'readOnly' =>   ['unfreeze'],

diff --git a/app/src/Model/Table/UrlsTable.php b/app/src/Model/Table/UrlsTable.php
@@ -106,7 +106,7 @@ public function initialize(array $config): void {
         'delete' =>   ['platformAdmin', 'coAdmin'],
         'edit' =>     ['platformAdmin', 'coAdmin'],
         'unfreeze' => ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' => ['platformAdmin', 'coAdmin', 'selfMember'],
       ],
       // Actions that are permitted on readonly entities (besides view)
       'readOnly' =>   ['unfreeze'],

diff --git a/app/templates/element/menuTop.php b/app/templates/element/menuTop.php
@@ -37,7 +37,7 @@
 $darkModeState = $this->ApplicationState->getValue(ApplicationStateEnum::ProfileDarkMode, 'auto');
 $darkModeStateId = $this->ApplicationState->getId(ApplicationStateEnum::ProfileDarkMode);
 ?>
-<?php if(!empty($vv_user)): ?>
+<?php if(!empty($vv_user) && !empty($vv_user_roles)): ?>
   <ul>
     <li id="top-menu-user">
       <button type="button" 
@@ -69,8 +69,20 @@ class="dropdown-toggle top-menu-button"
         </div>
         <div id="user-panel-user-info">
           <em class="material-symbols" aria-hidden="true">person</em>
-          <div id="user-panel-cn"><?= $vv_user['username']; ?></div>
-          <div id="user-panel-id"><!-- XXX identifier goes here --></div>
+          <div id="user-panel-cn"><?= $vv_user_roles['person_fullname'] ?? '' ?></div>
+          <div id="user-panel-canvas"><?php
+            if (!empty($vv_user_roles['person_id'])) {
+              print $this->Html->link(
+                __d('menu', 'my.canvas'),
+                ['plugin' => null,
+                  'controller' => 'people',
+                  'action' => $vv_user_roles['co'] || $vv_user_roles['platform'] ? 'edit' : 'view',
+                  $vv_user_roles['person_id']
+                ],
+              );
+            }
+            ?></div>
+          <div id="user-panel-id"><?= $vv_user_roles['person_identifier'] ?></div>
         </div>
         <!-- Density and dark mode controls-->
         <div id="user-panel-user-settings" class="dropdown">