Enable People Picker for Self Service

COmanage · Aug 10, 2025 · 22163b4 · 22163b4
1 parent c4ce79a
commit 22163b4
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 4 deletions.
diff --git a/app/config/schema/schema.json b/app/config/schema/schema.json
@@ -636,6 +636,7 @@
         "authz_cou_id": { "type": "integer", "foreignkey": { "table": "cous", "column": "id" }},
         "authz_group_id": { "type": "integer", "foreignkey": { "table": "groups", "column": "id" }},
         "collect_enrollee_email": { "type": "boolean" },
+        "enable_person_find": { "type": "boolean" },
         "redirect_on_duplicate": { "type": "string", "size": 256 },
         "redirect_on_finalize": { "type": "string", "size": 256 },
         "finalization_message_template_id": { "type": "integer", "foreignkey": { "table": "message_templates", "column": "id" }},

diff --git a/app/resources/locales/en_US/field.po b/app/resources/locales/en_US/field.po
@@ -498,6 +498,12 @@ msgstr "Petitioner Authorization"
 msgid "EnrollmentFlows.collect_enrollee_email"
 msgstr "Collect Enrollee Email"
 
+msgid "EnrollmentFlows.enable_person_find"
+msgstr "Enable People Picker for Self Service"
+
+msgid "EnrollmentFlows.enable_person_find.desc"
+msgstr "Enable people picker for self-service enrollments, see <a href=\"https://spaces.at.internet2.edu/display/COmanage/COmanage+Registry+PE+Technical+Manual\">Registry Technical Manual</a> for privacy considerations"
+
 msgid "EnrollmentFlows.finalization_message_template_id"
 msgstr "Finalization Message Template"
 

diff --git a/app/src/Controller/Component/RegistryAuthComponent.php b/app/src/Controller/Component/RegistryAuthComponent.php
@@ -325,7 +325,7 @@ protected function calculatePermission(string $action, ?int $id=null): bool {
    * Obtain the permission set for this request.
    *
    * @since  COmanage Registry v5.0.0
-   * @param  int    $id   Subject ID, if applicable
+   * @param  int|null     $id   Subject ID, if applicable
    * @return array        Array of actions and authorized roles
    */
 
@@ -386,6 +386,19 @@ protected function calculatePermissions(?int $id=null): array {
 
     // Pull the table's permission definitions
     $permissions = $this->getTablePermissions($table, $id);
+
+    // Calculate people picker permissions on the fly for an enrollment flow/petition
+    if(
+      $reqAction == 'pick'
+      && $modelsName == 'People'
+      && !empty($controller->getRequest()->getQuery('petition_id'))
+    ) {
+      // We need to check if this is part of an Enrollment Flow
+      $isPicker = $this->isAuthenticatedUserPicker((int)$controller->getRequest()->getQuery('petition_id'));
+      if($isPicker) {
+        $permissions['table']['pick'][] = 'authenticatedUser';
+      }
+    }
 
     if($id) {
       $readOnlyActions = ['view'];
@@ -719,8 +732,8 @@ public function getPersonID(int $coId): ?int {
    * Obtain the set of permissions as provided by the table.
    *
    * @since  COmanage Registry v5.0.0
-   * @param  table  $table  Cake Table
-   * @param  int    $id     Entity ID, if applicable
+   * @param  table    $table  Cake Table
+   * @param  int|null $id     Entity ID, if applicable
    * @return array          Table permissions
    */
 
@@ -852,12 +865,35 @@ public function isApprover(int $petitionId): bool {
   public function isAuthenticatedUser(): bool {
     return !empty($this->authenticatedUser);
   }
+
+  /**
+   * Determine if the current authenticated user is allowed to use the person picker functionality
+   * for a given petition.
+   *
+   * @param int $petitionId ID of the petition to check
+   * @return bool             True if the user can use the person picker, false otherwise
+   * @since  COmanage Registry v5.2.0
+   */
+
+  protected function isAuthenticatedUserPicker(int $petitionId): bool
+  {
+    if (empty($petitionId)) {
+      return false;
+    }
+
+    $Petitions = TableRegistry::getTableLocator()->get('Petitions');
+
+    // Pull the Petition to find its CO
+    $petition = $Petitions->get($petitionId, ['contain' => 'EnrollmentFlows']);
+
+    return $this->authenticatedUser && $petition->enrollment_flow->enable_person_find;
+  }
 
   /**
    * Determine if the current user is a CO Administrator.
    *
    * @since  COmanage Registry v5.0.0
-   * @param  int  $coId CO ID
+   * @param  int|null   $coId CO ID
    * @return bool       True if the current user is a CO Administrator
    */
 

diff --git a/app/templates/EnrollmentFlows/fields.inc b/app/templates/EnrollmentFlows/fields.inc
@@ -90,6 +90,7 @@ if($vv_action == 'add' || $vv_action == 'edit') {
   foreach (['authz_cou_id',
             'authz_group_id',
             'collect_enrollee_email',
+            'enable_person_find',
             'redirect_on_duplicate',
             'redirect_on_finalize',
             'finalization_message_template_id'