Move authz back to models (CFM-191) and errata

app/resources/locales/en_US/information.po

@@ -31,7 +31,7 @@ msgid "api.key"
 msgstr "This newly generated API Key cannot be recovered. If it is lost a new key must be generated."
 
 msgid "cos.none"
-msgstr "No collaborations (COs) yet exist. Please have an administrator create one."
+msgstr "You are not an active member in any collaboration. If your request for enrollment is still being processed, you will not be able to login until it is approved. Please contact an administrator for assistance."
 
 msgid "cos.select"
 msgstr "Please select the collaboration (CO) you wish to manage."

app/src/Controller/AdHocAttributesController.php

@@ -34,36 +34,9 @@
 use Cake\ORM\TableRegistry;
 
 class AdHocAttributesController extends MVEAController {
-  use \App\Lib\Traits\PermissionsTrait;
-
   public $pagination = [
     'order' => [
       'AdHocAttributes.tag' => 'asc'
     ]
   ];
-
-  /**
-   * Perform Cake Model initialization.
-   *
-   * @since  COmanage Registry v5.0.0
-   */
-
-  public function initialize(): void {
-    parent::initialize();
-
-    $this->setPermissions([
-      // Actions that operate over an entity (ie: require an $id)
-      'entity' => [
-        'delete' =>   ['platformAdmin', 'coAdmin'],
-        'edit' =>     ['platformAdmin', 'coAdmin'],
-        'primary' =>  ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
-      ],
-      // Actions that operate over a table (ie: do not require an $id)
-      'table' => [
-        'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
-      ]
-    ]);
-  }
 }

app/src/Controller/AddressesController.php

@@ -34,36 +34,9 @@
 use Cake\ORM\TableRegistry;
 
 class AddressesController extends MVEAController {
-  use \App\Lib\Traits\PermissionsTrait;
-
   public $pagination = [
     'order' => [
       'Addresses.street' => 'asc'
     ]
   ];
-
-  /**
-   * Perform Cake Model initialization.
-   *
-   * @since  COmanage Registry v5.0.0
-   */
-
-  public function initialize(): void {
-    parent::initialize();
-
-    $this->setPermissions([
-      // Actions that operate over an entity (ie: require an $id)
-      'entity' => [
-        'delete' =>   ['platformAdmin', 'coAdmin'],
-        'edit' =>     ['platformAdmin', 'coAdmin'],
-        'primary' =>  ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
-      ],
-      // Actions that operate over a table (ie: do not require an $id)
-      'table' => [
-        'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
-      ]
-    ]);
-  }
 }

app/src/Controller/ApiUsersController.php

@@ -30,8 +30,6 @@
 namespace App\Controller;
 
 class ApiUsersController extends StandardController {
-  use \App\Lib\Traits\PermissionsTrait;
-
   public $pagination = [
     'order' => [
       'ApiUsers.username' => 'asc'
@@ -62,29 +60,4 @@ public function generate(string $id) {
 
     $this->render('/Standard/add-edit-view');
   }
-
-  /**
-   * Perform Cake Model initialization.
-   *
-   * @since  COmanage Registry v5.0.0
-   */
-
-  public function initialize(): void {
-    parent::initialize();
-
-    $this->setPermissions([
-      // Actions that operate over an entity (ie: require an $id)
-      'entity' => [
-        'delete' =>   ['platformAdmin', 'coAdmin'],
-        'edit' =>     ['platformAdmin', 'coAdmin'],
-        'generate' => ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
-      ],
-      // Actions that operate over a table (ie: do not require an $id)
-      'table' => [
-        'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
-      ]
-    ]);
-  }
 }

app/src/Controller/AppController.php

@@ -193,7 +193,7 @@ public function calculatePermissions(?int $id): array {
     $canDelete = true;
 
     // Pull the controller permissions
-    $permissions = $this->getPermissions();
+    $permissions = $table->getPermissions();
 
     if($id) {
       $readOnlyActions = ['view'];
@@ -536,16 +536,14 @@ protected function populateAvailableCos() {
       }
 
       if(!empty($allCos)) {
-        foreach($allCos as $key => $co) {
-          if(isset($availableCos[$key])) {
-            // Already in the list as a member
-            unset($allCos[$key]);
-          } else {
+        foreach($allCos as $co) {
+          if(!Hash::extract($availableCos, '{n}[id='.$co->id.']')) {
+            // Not already in the list as a member
             $co->name = __d('field', 'Cos.member.not', [$co->name]);
+
+            $availableCos[] = $co;
           }
         }
-
-        $availableCos = array_merge($availableCos, $allCos);
       }
     }
 

app/src/Controller/CoSettingsController.php

@@ -33,8 +33,6 @@
 use Cake\Log\Log;
 
 class CoSettingsController extends StandardController {
-  use \App\Lib\Traits\PermissionsTrait;
-
   /**
    * Manage CO Settings.
    *
@@ -50,30 +48,4 @@ public function manage() {
 
     return $this->redirect(['action' => 'edit', $settings->id]);
   }
-
-  /**
-   * Perform Cake Model initialization.
-   *
-   * @since  COmanage Registry v5.0.0
-   */
-
-  public function initialize(): void {
-    parent::initialize();
-
-    $this->setPermissions([
-      // Actions that operate over an entity (ie: require an $id). Since each CO's
-      // CoSetting is created during CO Setup, admins can only edit.
-      'entity' => [
-        'delete' => false,
-        'edit'   => ['platformAdmin', 'coAdmin'],
-        'view'   => ['platformAdmin', 'coAdmin']    // Required for REST API
-      ],
-      // Actions that operate over a table (ie: do not require an $id)
-      'table' => [
-        'add'    => false,
-        'index'  => ['platformAdmin', 'coAdmin'],   // Required for REST API
-        'manage' => ['platformAdmin', 'coAdmin']
-      ]
-    ]);
-  }
 }

app/src/Controller/CosController.php

@@ -36,42 +36,12 @@
 use Cake\ORM\TableRegistry;
 
 class CosController extends StandardController {
-  use \App\Lib\Traits\PermissionsTrait;
-
   public $pagination = [
     'order' => [
       'Cos.name' => 'asc'
     ]
   ];
 
-  /**
-   * Perform Cake Model initialization.
-   *
-   * @since  COmanage Registry v5.0.0
-   */
-
-  public function initialize(): void {
-    parent::initialize();
-
-    $this->setPermissions([
-      // Actions that operate over an entity (ie: require an $id)
-      'entity' => [
-        'delete' =>    ['platformAdmin'],
-        'duplicate' => ['platformAdmin'],
-        'edit' =>      ['platformAdmin'],
-        'view' =>      ['platformAdmin']
-      ],
-      // Actions that are permitted on readonly entities (besides view)
-      'readOnly' =>    ['duplicate'],
-      // Actions that operate over a table (ie: do not require an $id)
-      'table' => [
-        'add' =>       ['platformAdmin'],
-        'index' =>     ['platformAdmin'],
-        'select' =>    ['authenticatedUser']
-      ]
-    ]);
-  }
-
   /**
    * Callback run prior to the view rendering.
    *

app/src/Controller/CousController.php

@@ -34,8 +34,6 @@
 //use \App\Lib\Enum\PermissionEnum;
 
 class CousController extends StandardController {
-  use \App\Lib\Traits\PermissionsTrait;
-
   public $pagination = [
     'order' => [
       'Cous.name' => 'asc'
@@ -72,28 +70,4 @@ public function beforeRender(\Cake\Event\EventInterface $event) {
 
     return parent::beforeRender($event);
   }
-
-  /**
-   * Perform Cake Model initialization.
-   *
-   * @since  COmanage Registry v5.0.0
-   */
-
-  public function initialize(): void {
-    parent::initialize();
-
-    $this->setPermissions([
-      // Actions that operate over an entity (ie: require an $id)
-      'entity' => [
-        'delete' =>   ['platformAdmin', 'coAdmin'],
-        'edit' =>     ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
-      ],
-      // Actions that operate over a table (ie: do not require an $id)
-      'table' => [
-        'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
-      ]
-    ]);
-  }
 }

app/src/Controller/DashboardsController.php

@@ -34,36 +34,6 @@
 //use \App\Lib\Enum\PermissionEnum;
 
 class DashboardsController extends StandardController {
-  use \App\Lib\Traits\PermissionsTrait;
-
-  /**
-   * Perform Cake Model initialization.
-   *
-   * @since  COmanage Registry v5.0.0
-   */
-
-  public function initialize(): void {
-    parent::initialize();
-
-    $this->setPermissions([
-      // Actions that operate over an entity (ie: require an $id)
-      'entity' => [
-  /*
-        'delete' =>   ['platformAdmin', 'coAdmin'],
-        'edit' =>     ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']*/
-      ],
-      // Actions that operate over a table (ie: do not require an $id)
-      'table' => [
-        'configuration' => ['platformAdmin', 'coAdmin'],
-        'dashboard'     => ['platformAdmin', 'coAdmin']   // XXX this is not the correct long term permission
-  /*      'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
-        */
-      ]
-    ]);
-  }
-
   /**
    * Render the CO Configuration Dashboard.
    *

app/src/Controller/EmailAddressesController.php

@@ -34,36 +34,9 @@
 use Cake\ORM\TableRegistry;
 
 class EmailAddressesController extends MVEAController {
-  use \App\Lib\Traits\PermissionsTrait;
-
   public $pagination = [
     'order' => [
       'EmailAddresses.mail' => 'asc'
     ]
   ];
-
-  /**
-   * Perform Cake Model initialization.
-   *
-   * @since  COmanage Registry v5.0.0
-   */
-
-  public function initialize(): void {
-    parent::initialize();
-
-    $this->setPermissions([
-      // Actions that operate over an entity (ie: require an $id)
-      'entity' => [
-        'delete' =>   ['platformAdmin', 'coAdmin'],
-        'edit' =>     ['platformAdmin', 'coAdmin'],
-        'primary' =>  ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
-      ],
-      // Actions that operate over a table (ie: do not require an $id)
-      'table' => [
-        'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
-      ]
-    ]);
-  }
 }

app/src/Controller/ExternalIdentitiesController.php

@@ -36,8 +36,6 @@
 // Use extend MVEAController for breadcrumb rendering. ExternalIdentities is
 // sort of an MVEA, so maybe it makes sense to treat it as such.
 class ExternalIdentitiesController extends MVEAController {
-  use \App\Lib\Traits\PermissionsTrait;
-
   public $pagination = [
     'order' => [
       'PrimaryName.family' => 'asc'
@@ -47,30 +45,4 @@ class ExternalIdentitiesController extends MVEAController {
       'PrimaryName.family'
     ]
   ];
-
-  /**
-   * Perform Cake Model initialization.
-   *
-   * @since  COmanage Registry v5.0.0
-   */
-
-  public function initialize(): void {
-    parent::initialize();
-
-    $this->setPermissions([
-      // Actions that operate over an entity (ie: require an $id)
-// See also CFM-126
-// XXX need to add couAdmin, eventually
-      'entity' => [
-        'delete' =>   ['platformAdmin', 'coAdmin'],
-        'edit' =>     ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
-      ],
-      // Actions that operate over a table (ie: do not require an $id)
-      'table' => [
-        'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
-      ]
-    ]);
-  }
 }