CFM-31_Enrollment_Flows_enable_people_picker_for_self_service (#337)

* Enable people picker functionality as an AttributeCollector configuration * Anchor property target
COmanage · Sep 15, 2025 · 1d18bdb · 1d18bdb
1 parent c6ec2d3
commit 1d18bdb
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 15 deletions.
diff --git a/app/plugins/CoreEnroller/config/plugin.json b/app/plugins/CoreEnroller/config/plugin.json
@@ -28,7 +28,8 @@
         "columns": {
           "id": {},
           "enrollment_flow_step_id": {},
-          "description": { "temporary": true, "type": "string", "size": 80 }
+          "description": { "temporary": true, "type": "string", "size": 80 },
+          "enable_person_find": { "type": "boolean" }
         },
         "indexes": {
           "attribute_collectors_i1": { "columns": [ "enrollment_flow_step_id" ] }

diff --git a/app/plugins/CoreEnroller/resources/locales/en_US/core_enroller.po b/app/plugins/CoreEnroller/resources/locales/en_US/core_enroller.po
@@ -163,6 +163,12 @@ msgstr "If set, the Approver must add a comment when approving or denying Petiti
 msgid "field.AttributeCollectors.valid_through.default.after.desc"
 msgstr "Days After Finalization"
 
+msgid "field.AttributeCollectors.enable_person_find"
+msgstr "Enable People Picker for Self Service"
+
+msgid "field.AttributeCollectors.enable_person_find.desc"
+msgstr "Enable people picker for self-service enrollments, see <a target=\"_top\" href=\"https://spaces.at.internet2.edu/display/COmanage/Attribute+Collector+Enroller+Plugin\">Attribute Collector documentation</a> for privacy considerations"
+
 msgid "field.BasicAttributeCollectors.affiliation_type_id"
 msgstr "Affiliation Type"
 

diff --git a/app/plugins/CoreEnroller/templates/AttributeCollectors/fields.inc b/app/plugins/CoreEnroller/templates/AttributeCollectors/fields.inc
@@ -27,15 +27,13 @@
 
 declare(strict_types = 1);
 
-// Currently this Configuration View has no fields
+// This view only supports edit
+if($vv_action !== 'edit') {
+  return;
+}
 
-$this->Field->disableFormEditMode();
-
-?>
-
-<li>
-  <div class="field">
-    <?= __d('information', 'plugin.config.none'); ?>
-  </div>
-</li>
 
+print $this->element('form/listItem', [
+  'arguments' => [
+    'fieldName' => 'enable_person_find',
+  ]]);
diff --git a/app/src/Controller/ApiV2Controller.php b/app/src/Controller/ApiV2Controller.php
@@ -29,14 +29,14 @@
 
 namespace App\Controller;
 
-use Cake\Controller\Controller;
-use InvalidArgumentException;
 use Cake\Chronos\Chronos;
+use Cake\Controller\Controller;
 use Cake\Http\Exception\BadRequestException;
 use Cake\Log\Log;
 use Cake\ORM\TableRegistry;
 use Cake\Utility\Inflector;
-
+use InvalidArgumentException;
+use \App\Lib\Enum\EnrollmentAuthzEnum;
 use \App\Lib\Enum\ProvisioningContextEnum;
 use \App\Lib\Enum\SuspendableStatusEnum;
 
@@ -413,4 +413,57 @@ public function view($id = null) {
   public function pick() {
     $this->dispatchIndex(mode: 'picker');
   }
+
+  /**
+   * Indicate whether this Controller will handle some or all authnz.
+   *
+   * @param EventInterface $event Cake event, ie: from beforeFilter
+   * @return string               "no", "open", "authz", "yes", or "notauth"
+   * @since  COmanage Registry v5.2.0
+   */
+  public function willHandleAuth(\Cake\Event\EventInterface $event): string
+  {
+    $request = $this->getRequest();
+    $reqAction = $request->getParam('action');
+    $session = $request->getSession();
+    $mode = 'no';
+
+    $auth = $session->read('Auth');
+
+    // Calculate people picker permissions on the fly for an enrollment flow/petition
+    if(
+      $this->name == 'People'
+      && $reqAction == 'pick'
+      && !empty($request->getQuery('petition_id'))
+    ) {
+      $petitionId = (int)$request->getQuery('petition_id');
+      // We need to check if this is part of an Enrollment Flow
+      $Petitions = $this->fetchTable('Petitions');
+
+      // Pull the Petition to find its CO
+      $petition = $Petitions->get(
+        $petitionId,
+        contain: ['EnrollmentFlows' => ['EnrollmentFlowSteps']]
+      );
+
+      // We need to check the Petitioner Authorization.
+      $hasAuthorizedUser = $petition->enrollment_flow->authz_type == EnrollmentAuthzEnum::AuthUser
+        ? !empty($auth['external']['user']) : true;
+
+      foreach ($petition->enrollment_flow->enrollment_flow_steps as $step) {
+        if ($step->plugin == 'CoreEnroller.AttributeCollectors') {
+          $AttributeCollectors = $this->fetchTable('CoreEnroller.AttributeCollectors');
+          $attributeCollectorsRecord =  $AttributeCollectors->find()
+            ->where(['enrollment_flow_step_id' => $step->id])
+            ->contain(['EnrollmentAttributes'])
+            ->first();
+
+          $mode = $hasAuthorizedUser && $attributeCollectorsRecord->enable_person_find ? 'yes' : 'no';
+        }
+      }
+    }
+
+    // Apply standard behavior
+    return $mode;
+  }
 }
diff --git a/app/src/View/Helper/PetitionHelper.php b/app/src/View/Helper/PetitionHelper.php
@@ -76,7 +76,7 @@ public function populateAutoViewVars(): void
   {
     // XXX Find the co id
     foreach (
-      $this->enrollmentAttributesTable->calculateAutoViewVars($this->petition?->enrollment_flow?->co_id,$this->entity) as $vvar => $value
+      $this->enrollmentAttributesTable->calculateAutoViewVars($this->petition?->enrollment_flow?->co_id, $this->entity) as $vvar => $value
     ) {
       $this->getView()->set($vvar, $value);
     }