diff --git a/app/resources/locales/en_US/information.po b/app/resources/locales/en_US/information.po
index 7e18b4997..15f47f3ae 100644
--- a/app/resources/locales/en_US/information.po
+++ b/app/resources/locales/en_US/information.po
@@ -31,7 +31,7 @@ msgid "api.key"
msgstr "This newly generated API Key cannot be recovered. If it is lost a new key must be generated."
msgid "cos.none"
-msgstr "No collaborations (COs) yet exist. Please have an administrator create one."
+msgstr "You are not an active member in any collaboration. If your request for enrollment is still being processed, you will not be able to login until it is approved. Please contact an administrator for assistance."
msgid "cos.select"
msgstr "Please select the collaboration (CO) you wish to manage."
diff --git a/app/src/Controller/AdHocAttributesController.php b/app/src/Controller/AdHocAttributesController.php
index 125be3c08..b0bfa35aa 100644
--- a/app/src/Controller/AdHocAttributesController.php
+++ b/app/src/Controller/AdHocAttributesController.php
@@ -34,36 +34,9 @@
use Cake\ORM\TableRegistry;
class AdHocAttributesController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'AdHocAttributes.tag' => 'asc'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'primary' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/AddressesController.php b/app/src/Controller/AddressesController.php
index db42cee35..abe7d0ac0 100644
--- a/app/src/Controller/AddressesController.php
+++ b/app/src/Controller/AddressesController.php
@@ -34,36 +34,9 @@
use Cake\ORM\TableRegistry;
class AddressesController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'Addresses.street' => 'asc'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'primary' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/ApiUsersController.php b/app/src/Controller/ApiUsersController.php
index 25d5fe17a..afbae8342 100644
--- a/app/src/Controller/ApiUsersController.php
+++ b/app/src/Controller/ApiUsersController.php
@@ -30,8 +30,6 @@
namespace App\Controller;
class ApiUsersController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'ApiUsers.username' => 'asc'
@@ -62,29 +60,4 @@ public function generate(string $id) {
$this->render('/Standard/add-edit-view');
}
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'generate' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/AppController.php b/app/src/Controller/AppController.php
index 3d267ccf2..6412e67ec 100644
--- a/app/src/Controller/AppController.php
+++ b/app/src/Controller/AppController.php
@@ -193,7 +193,7 @@ public function calculatePermissions(?int $id): array {
$canDelete = true;
// Pull the controller permissions
- $permissions = $this->getPermissions();
+ $permissions = $table->getPermissions();
if($id) {
$readOnlyActions = ['view'];
@@ -536,16 +536,14 @@ protected function populateAvailableCos() {
}
if(!empty($allCos)) {
- foreach($allCos as $key => $co) {
- if(isset($availableCos[$key])) {
- // Already in the list as a member
- unset($allCos[$key]);
- } else {
+ foreach($allCos as $co) {
+ if(!Hash::extract($availableCos, '{n}[id='.$co->id.']')) {
+ // Not already in the list as a member
$co->name = __d('field', 'Cos.member.not', [$co->name]);
+
+ $availableCos[] = $co;
}
}
-
- $availableCos = array_merge($availableCos, $allCos);
}
}
diff --git a/app/src/Controller/CoSettingsController.php b/app/src/Controller/CoSettingsController.php
index 647836950..626372ab5 100644
--- a/app/src/Controller/CoSettingsController.php
+++ b/app/src/Controller/CoSettingsController.php
@@ -33,8 +33,6 @@
use Cake\Log\Log;
class CoSettingsController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
/**
* Manage CO Settings.
*
@@ -50,30 +48,4 @@ public function manage() {
return $this->redirect(['action' => 'edit', $settings->id]);
}
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id). Since each CO's
- // CoSetting is created during CO Setup, admins can only edit.
- 'entity' => [
- 'delete' => false,
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin'] // Required for REST API
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => false,
- 'index' => ['platformAdmin', 'coAdmin'], // Required for REST API
- 'manage' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/CosController.php b/app/src/Controller/CosController.php
index 11908b698..4b68c1c04 100644
--- a/app/src/Controller/CosController.php
+++ b/app/src/Controller/CosController.php
@@ -36,42 +36,12 @@
use Cake\ORM\TableRegistry;
class CosController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'Cos.name' => 'asc'
]
];
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin'],
- 'duplicate' => ['platformAdmin'],
- 'edit' => ['platformAdmin'],
- 'view' => ['platformAdmin']
- ],
- // Actions that are permitted on readonly entities (besides view)
- 'readOnly' => ['duplicate'],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin'],
- 'index' => ['platformAdmin'],
- 'select' => ['authenticatedUser']
- ]
- ]);
- }
-
/**
* Callback run prior to the view rendering.
*
diff --git a/app/src/Controller/CousController.php b/app/src/Controller/CousController.php
index 8c79862ea..f1c954e63 100644
--- a/app/src/Controller/CousController.php
+++ b/app/src/Controller/CousController.php
@@ -34,8 +34,6 @@
//use \App\Lib\Enum\PermissionEnum;
class CousController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'Cous.name' => 'asc'
@@ -72,28 +70,4 @@ public function beforeRender(\Cake\Event\EventInterface $event) {
return parent::beforeRender($event);
}
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/DashboardsController.php b/app/src/Controller/DashboardsController.php
index 1113f54a1..e33b58bd2 100644
--- a/app/src/Controller/DashboardsController.php
+++ b/app/src/Controller/DashboardsController.php
@@ -34,36 +34,6 @@
//use \App\Lib\Enum\PermissionEnum;
class DashboardsController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- /*
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']*/
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'configuration' => ['platformAdmin', 'coAdmin'],
- 'dashboard' => ['platformAdmin', 'coAdmin'] // XXX this is not the correct long term permission
- /* 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- */
- ]
- ]);
- }
-
/**
* Render the CO Configuration Dashboard.
*
diff --git a/app/src/Controller/EmailAddressesController.php b/app/src/Controller/EmailAddressesController.php
index 77a80b8d6..d57b04fad 100644
--- a/app/src/Controller/EmailAddressesController.php
+++ b/app/src/Controller/EmailAddressesController.php
@@ -34,36 +34,9 @@
use Cake\ORM\TableRegistry;
class EmailAddressesController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'EmailAddresses.mail' => 'asc'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'primary' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/ExternalIdentitiesController.php b/app/src/Controller/ExternalIdentitiesController.php
index 433e1ca6e..e5cbce210 100644
--- a/app/src/Controller/ExternalIdentitiesController.php
+++ b/app/src/Controller/ExternalIdentitiesController.php
@@ -36,8 +36,6 @@
// Use extend MVEAController for breadcrumb rendering. ExternalIdentities is
// sort of an MVEA, so maybe it makes sense to treat it as such.
class ExternalIdentitiesController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'PrimaryName.family' => 'asc'
@@ -47,30 +45,4 @@ class ExternalIdentitiesController extends MVEAController {
'PrimaryName.family'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
-// See also CFM-126
-// XXX need to add couAdmin, eventually
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/ExternalIdentityRolesController.php b/app/src/Controller/ExternalIdentityRolesController.php
index c44bc1240..d0db5af81 100644
--- a/app/src/Controller/ExternalIdentityRolesController.php
+++ b/app/src/Controller/ExternalIdentityRolesController.php
@@ -36,38 +36,10 @@
// Use extend MVEAController for breadcrumb rendering. ExternalIdentityRoles is sort of
// an MVEA, so maybe it makes sense to treat it as such.
class ExternalIdentityRolesController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'ExternalIdentityRoles.ordr' => 'asc',
'ExternalIdentityRoles.title' => 'asc'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
-// See also CFM-126
-// XXX need to add couAdmin, eventually
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/GroupMembersController.php b/app/src/Controller/GroupMembersController.php
index b8e4b244f..b7aaa866f 100644
--- a/app/src/Controller/GroupMembersController.php
+++ b/app/src/Controller/GroupMembersController.php
@@ -33,39 +33,12 @@
use Cake\Log\Log;
class GroupMembersController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'People.primary_name.name' => 'asc'
]
];
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // XXX update for couAdmins, group owners, etc
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
-
/**
* Callback run prior to the request render.
*
diff --git a/app/src/Controller/GroupNestingsController.php b/app/src/Controller/GroupNestingsController.php
index 407330158..67f973a1b 100644
--- a/app/src/Controller/GroupNestingsController.php
+++ b/app/src/Controller/GroupNestingsController.php
@@ -33,8 +33,6 @@
use Cake\Log\Log;
class GroupNestingsController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'Group.name' => 'asc'
@@ -66,29 +64,4 @@ public function beforeRender(\Cake\Event\EventInterface $event) {
return parent::beforeRender($event);
}
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
-// XXX update for couAdmins, group owners, etc
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/GroupOwnersController.php b/app/src/Controller/GroupOwnersController.php
index fc2d1ae0d..ac278486e 100644
--- a/app/src/Controller/GroupOwnersController.php
+++ b/app/src/Controller/GroupOwnersController.php
@@ -33,8 +33,6 @@
use Cake\Log\Log;
class GroupOwnersController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'People.primary_name.name' => 'asc'
@@ -60,29 +58,4 @@ public function beforeRender(\Cake\Event\EventInterface $event) {
return parent::beforeRender($event);
}
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
-// XXX update for couAdmins, group owners, etc
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => false,
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/GroupsController.php b/app/src/Controller/GroupsController.php
index b811394e4..902f7696d 100644
--- a/app/src/Controller/GroupsController.php
+++ b/app/src/Controller/GroupsController.php
@@ -33,50 +33,12 @@
use Cake\Log\Log;
class GroupsController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'Groups.name' => 'asc'
]
];
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // XXX update for couAdmins, etc
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'reconcile' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that are permitted on readonly entities (besides view)
- 'readOnly' => ['reconcile'],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ],
- // Related models whose permissions we'll need, typically for table views
- 'related' => [
- 'GroupMembers',
- 'GroupNestings',
- 'GroupOwners',
- 'HistoryRecords',
- 'Identifiers'
- ]
- ]);
- }
-
/**
* Reconcile a Group's memberships.
*
diff --git a/app/src/Controller/HistoryRecordsController.php b/app/src/Controller/HistoryRecordsController.php
index b426d0541..4abd53c6c 100644
--- a/app/src/Controller/HistoryRecordsController.php
+++ b/app/src/Controller/HistoryRecordsController.php
@@ -34,35 +34,9 @@
use Cake\ORM\TableRegistry;
class HistoryRecordsController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'HistoryRecords.id' => 'desc'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => false,
- 'edit' => false,
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/IdentifiersController.php b/app/src/Controller/IdentifiersController.php
index 4634cef36..27f087267 100644
--- a/app/src/Controller/IdentifiersController.php
+++ b/app/src/Controller/IdentifiersController.php
@@ -34,36 +34,9 @@
use Cake\ORM\TableRegistry;
class IdentifiersController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'Identifiers.identifier' => 'asc'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'primary' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/NamesController.php b/app/src/Controller/NamesController.php
index 37f407260..fb3401b1e 100644
--- a/app/src/Controller/NamesController.php
+++ b/app/src/Controller/NamesController.php
@@ -34,39 +34,12 @@
use Cake\ORM\TableRegistry;
class NamesController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'Names.family' => 'asc',
'Names.given' => 'asc'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'primary' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
/**
* Callback run prior to the request render.
diff --git a/app/src/Controller/PeopleController.php b/app/src/Controller/PeopleController.php
index 2814b6905..74232cbe7 100644
--- a/app/src/Controller/PeopleController.php
+++ b/app/src/Controller/PeopleController.php
@@ -34,8 +34,6 @@
use Cake\ORM\TableRegistry;
class PeopleController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
// XXX this will sort by family name, but it this universally correct?
@@ -53,31 +51,6 @@ class PeopleController extends StandardController {
]
];
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
-// See also CFM-126
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
-
/**
* Callback run prior to the request render.
*
diff --git a/app/src/Controller/PersonRolesController.php b/app/src/Controller/PersonRolesController.php
index fffb4c95e..b03d68f46 100644
--- a/app/src/Controller/PersonRolesController.php
+++ b/app/src/Controller/PersonRolesController.php
@@ -36,38 +36,10 @@
// Use extend MVEAController for breadcrumb rendering. PersonRoles is sort of
// an MVEA, so maybe it makes sense to treat it as such.
class PersonRolesController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'PersonRoles.ordr' => 'asc',
'PersonRoles.title' => 'asc'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
-// See also CFM-126
-// XXX need to add couAdmin, eventually
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/TelephoneNumbersController.php b/app/src/Controller/TelephoneNumbersController.php
index 78d2643d6..d09f804e4 100644
--- a/app/src/Controller/TelephoneNumbersController.php
+++ b/app/src/Controller/TelephoneNumbersController.php
@@ -34,8 +34,6 @@
use Cake\ORM\TableRegistry;
class TelephoneNumbersController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'TelephoneNumbers.number' => 'asc'
@@ -62,29 +60,4 @@ public function beforeRender(\Cake\Event\EventInterface $event) {
return parent::beforeRender($event);
}
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'primary' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/TypesController.php b/app/src/Controller/TypesController.php
index b9304771e..21f28c3c4 100644
--- a/app/src/Controller/TypesController.php
+++ b/app/src/Controller/TypesController.php
@@ -33,8 +33,6 @@
use Cake\Log\Log;
class TypesController extends StandardController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'Types.attribute' => 'asc',
@@ -62,29 +60,4 @@ public function restore() {
return $this->generateRedirect(null);
}
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin'],
- 'restore' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Controller/UrlsController.php b/app/src/Controller/UrlsController.php
index d71437a6e..6223b8486 100644
--- a/app/src/Controller/UrlsController.php
+++ b/app/src/Controller/UrlsController.php
@@ -34,36 +34,9 @@
use Cake\ORM\TableRegistry;
class UrlsController extends MVEAController {
- use \App\Lib\Traits\PermissionsTrait;
-
public $pagination = [
'order' => [
'Urls.url' => 'asc'
]
];
-
- /**
- * Perform Cake Model initialization.
- *
- * @since COmanage Registry v5.0.0
- */
-
- public function initialize(): void {
- parent::initialize();
-
- $this->setPermissions([
- // Actions that operate over an entity (ie: require an $id)
- 'entity' => [
- 'delete' => ['platformAdmin', 'coAdmin'],
- 'edit' => ['platformAdmin', 'coAdmin'],
- 'primary' => ['platformAdmin', 'coAdmin'],
- 'view' => ['platformAdmin', 'coAdmin']
- ],
- // Actions that operate over a table (ie: do not require an $id)
- 'table' => [
- 'add' => ['platformAdmin', 'coAdmin'],
- 'index' => ['platformAdmin', 'coAdmin']
- ]
- ]);
- }
}
\ No newline at end of file
diff --git a/app/src/Model/Table/AdHocAttributesTable.php b/app/src/Model/Table/AdHocAttributesTable.php
index 3b901127a..37e2ff713 100644
--- a/app/src/Model/Table/AdHocAttributesTable.php
+++ b/app/src/Model/Table/AdHocAttributesTable.php
@@ -36,6 +36,7 @@ class AdHocAttributesTable extends Table {
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\ValidationTrait;
@@ -67,6 +68,21 @@ public function initialize(array $config): void {
$this->setPrimaryLink(['external_identity_id', 'external_identity_role_id', 'person_id', 'person_role_id']);
$this->setRequiresCO(true);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'primary' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/AddressesTable.php b/app/src/Model/Table/AddressesTable.php
index a23316cbc..aeb3f830a 100644
--- a/app/src/Model/Table/AddressesTable.php
+++ b/app/src/Model/Table/AddressesTable.php
@@ -39,6 +39,7 @@ class AddressesTable extends Table {
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\TypeTrait;
@@ -95,6 +96,21 @@ public function initialize(array $config): void {
'attribute' => 'Addresses.type'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'primary' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/ApiUsersTable.php b/app/src/Model/Table/ApiUsersTable.php
index 1f7c82133..28fd66fe1 100644
--- a/app/src/Model/Table/ApiUsersTable.php
+++ b/app/src/Model/Table/ApiUsersTable.php
@@ -43,6 +43,7 @@
class ApiUsersTable extends Table {
use \App\Lib\Traits\AutoViewVarsTrait;
use \App\Lib\Traits\CoLinkTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\ValidationTrait;
@@ -79,6 +80,21 @@ public function initialize(array $config): void {
'class' => 'SuspendableStatusEnum'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'generate' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/CoSettingsTable.php b/app/src/Model/Table/CoSettingsTable.php
index b0d018d78..eba140fd3 100644
--- a/app/src/Model/Table/CoSettingsTable.php
+++ b/app/src/Model/Table/CoSettingsTable.php
@@ -52,6 +52,7 @@
class CoSettingsTable extends Table {
use \App\Lib\Traits\AutoViewVarsTrait;
use \App\Lib\Traits\CoLinkTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -148,6 +149,22 @@ public function initialize(array $config): void {
'attribute' => 'Urls.type'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id). Since each CO's
+ // CoSetting is created during CO Setup, admins can only edit.
+ 'entity' => [
+ 'delete' => false,
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin'] // Required for REST API
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => false,
+ 'index' => ['platformAdmin', 'coAdmin'], // Required for REST API
+ 'manage' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/CosTable.php b/app/src/Model/Table/CosTable.php
index bf1753ce8..b14db761a 100644
--- a/app/src/Model/Table/CosTable.php
+++ b/app/src/Model/Table/CosTable.php
@@ -42,6 +42,7 @@ class CosTable extends Table {
use \App\Lib\Traits\AutoViewVarsTrait;
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\ValidationTrait;
@@ -88,6 +89,24 @@ public function initialize(array $config): void {
'class' => 'TemplateableStatusEnum'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin'],
+ 'duplicate' => ['platformAdmin'],
+ 'edit' => ['platformAdmin'],
+ 'view' => ['platformAdmin']
+ ],
+ // Actions that are permitted on readonly entities (besides view)
+ 'readOnly' => ['duplicate'],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin'],
+ 'index' => ['platformAdmin'],
+ 'select' => ['authenticatedUser']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/CousTable.php b/app/src/Model/Table/CousTable.php
index d00e45960..70f8cdc55 100644
--- a/app/src/Model/Table/CousTable.php
+++ b/app/src/Model/Table/CousTable.php
@@ -39,6 +39,7 @@ class CousTable extends Table {
use \App\Lib\Traits\AutoViewVarsTrait;
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\SearchFilterTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -78,10 +79,24 @@ public function initialize(array $config): void {
$this->setRequiresCO(true);
$this->setAutoViewVars([
- 'parent_ids' => [
- 'type' => 'parent'
- ]
- ]);
+ 'parent_ids' => [
+ 'type' => 'parent'
+ ]
+ ]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/DashboardsTable.php b/app/src/Model/Table/DashboardsTable.php
index f7fa37989..55b45fed8 100644
--- a/app/src/Model/Table/DashboardsTable.php
+++ b/app/src/Model/Table/DashboardsTable.php
@@ -33,6 +33,7 @@
class DashboardsTable extends Table {
use \App\Lib\Traits\CoLinkTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -60,5 +61,23 @@ public function initialize(array $config): void {
$this->setPrimaryLink('co_id');
$this->setRequiresCO(true);
$this->setAllowUnkeyedPrimaryCO(['configuration', 'dashboard']);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ /*
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']*/
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'configuration' => ['platformAdmin', 'coAdmin'],
+ 'dashboard' => ['platformAdmin', 'coAdmin'] // XXX this is not the correct long term permission
+ /* 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ */
+ ]
+ ]);
}
}
\ No newline at end of file
diff --git a/app/src/Model/Table/EmailAddressesTable.php b/app/src/Model/Table/EmailAddressesTable.php
index a6d3f78ac..bb8155764 100644
--- a/app/src/Model/Table/EmailAddressesTable.php
+++ b/app/src/Model/Table/EmailAddressesTable.php
@@ -37,6 +37,7 @@ class EmailAddressesTable extends Table {
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\TypeTrait;
@@ -90,6 +91,21 @@ public function initialize(array $config): void {
'attribute' => 'EmailAddresses.type'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'primary' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/ExternalIdentitiesTable.php b/app/src/Model/Table/ExternalIdentitiesTable.php
index 2383d6933..16315f4b8 100644
--- a/app/src/Model/Table/ExternalIdentitiesTable.php
+++ b/app/src/Model/Table/ExternalIdentitiesTable.php
@@ -39,6 +39,7 @@ class ExternalIdentitiesTable extends Table {
use \App\Lib\Traits\AutoViewVarsTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\QueryModificationTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -113,9 +114,24 @@ public function initialize(array $config): void {
'class' => 'StatusEnum'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+// See also CFM-126
+// XXX need to add couAdmin, eventually
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
-
/**
* Table specific logic to generate a display field.
*
diff --git a/app/src/Model/Table/ExternalIdentityRolesTable.php b/app/src/Model/Table/ExternalIdentityRolesTable.php
index 75187358d..987648b41 100644
--- a/app/src/Model/Table/ExternalIdentityRolesTable.php
+++ b/app/src/Model/Table/ExternalIdentityRolesTable.php
@@ -39,6 +39,7 @@ class ExternalIdentityRolesTable extends Table {
use \App\Lib\Traits\AutoViewVarsTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\QueryModificationTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -101,6 +102,22 @@ public function initialize(array $config): void {
'attribute' => 'PersonRoles.affiliation'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+// See also CFM-126
+// XXX need to add couAdmin, eventually
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/GroupMembersTable.php b/app/src/Model/Table/GroupMembersTable.php
index 9243f83ae..8bd398855 100644
--- a/app/src/Model/Table/GroupMembersTable.php
+++ b/app/src/Model/Table/GroupMembersTable.php
@@ -43,6 +43,7 @@ class GroupMembersTable extends Table {
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
use \App\Lib\Traits\LabeledLogTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\QueryModificationTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -82,6 +83,21 @@ public function initialize(array $config): void {
'Groups',
'People.PrimaryName'
]);
+
+ $this->setPermissions([
+ // XXX update for couAdmins, group owners, etc
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/GroupNestingsTable.php b/app/src/Model/Table/GroupNestingsTable.php
index 748bdaa7f..ebd30ab8e 100644
--- a/app/src/Model/Table/GroupNestingsTable.php
+++ b/app/src/Model/Table/GroupNestingsTable.php
@@ -40,6 +40,7 @@ class GroupNestingsTable extends Table {
use \App\Lib\Traits\AutoViewVarsTrait;
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\QueryModificationTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -80,6 +81,21 @@ public function initialize(array $config): void {
$this->setEditContains(['Groups', 'TargetGroups']);
$this->setIndexContains(['Groups', 'TargetGroups']);
+
+ $this->setPermissions([
+// XXX update for couAdmins, group owners, etc
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/GroupOwnersTable.php b/app/src/Model/Table/GroupOwnersTable.php
index bbf6b5b84..fcd14362d 100644
--- a/app/src/Model/Table/GroupOwnersTable.php
+++ b/app/src/Model/Table/GroupOwnersTable.php
@@ -41,6 +41,7 @@ class GroupOwnersTable extends Table {
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\QueryModificationTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -74,6 +75,21 @@ public function initialize(array $config): void {
$this->setEditContains(['Groups', 'People.PrimaryName']);
$this->setIndexContains(['Groups', 'People.PrimaryName']);
+
+ $this->setPermissions([
+// XXX update for couAdmins, group owners, etc
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => false,
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/GroupsTable.php b/app/src/Model/Table/GroupsTable.php
index 5257efeb0..0d3a72815 100644
--- a/app/src/Model/Table/GroupsTable.php
+++ b/app/src/Model/Table/GroupsTable.php
@@ -46,6 +46,7 @@ class GroupsTable extends Table {
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
use \App\Lib\Traits\LabeledLogTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\ValidationTrait;
@@ -93,6 +94,36 @@ public function initialize(array $config): void {
'class' => 'SuspendableStatusEnum'
]
]);
+
+ $this->setPermissions([
+ // XXX update for couAdmins, etc
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'reconcile' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that are permitted on readonly entities (besides view)
+ 'readOnly' => ['reconcile'],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ],
+ // Related models whose permissions we'll need, typically for table views
+ 'related' => [
+// XXX As a first pass, this (combined with the implementation in AppController::calculatePermissions)
+// will render a link to group-members?group_id=X for all groups in the index view
+// groups?co_id=2. This may or may not be right in the long term, eg for private
+// groups. Maybe it's OK for now, since all groups are visible to all members of the CO.
+ 'GroupMembers',
+ 'GroupNestings',
+ 'GroupOwners',
+ 'HistoryRecords',
+ 'Identifiers'
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/HistoryRecordsTable.php b/app/src/Model/Table/HistoryRecordsTable.php
index 55af42c4c..027ea79bd 100644
--- a/app/src/Model/Table/HistoryRecordsTable.php
+++ b/app/src/Model/Table/HistoryRecordsTable.php
@@ -34,6 +34,7 @@
class HistoryRecordsTable extends Table {
use \App\Lib\Traits\CoLinkTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\QueryModificationTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -98,6 +99,20 @@ public function initialize(array $config): void {
'ExternalIdentities' => ['PrimaryName'],
'Groups'
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => false,
+ 'edit' => false,
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/IdentifiersTable.php b/app/src/Model/Table/IdentifiersTable.php
index 7b702a1b8..fb098453c 100644
--- a/app/src/Model/Table/IdentifiersTable.php
+++ b/app/src/Model/Table/IdentifiersTable.php
@@ -38,6 +38,7 @@ class IdentifiersTable extends Table {
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\TypeTrait;
@@ -107,6 +108,21 @@ public function initialize(array $config): void {
'class' => 'TemplateableStatusEnum'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'primary' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/NamesTable.php b/app/src/Model/Table/NamesTable.php
index 40e0798a3..46219e4f5 100644
--- a/app/src/Model/Table/NamesTable.php
+++ b/app/src/Model/Table/NamesTable.php
@@ -42,6 +42,7 @@ class NamesTable extends Table {
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\TypeTrait;
@@ -98,6 +99,21 @@ public function initialize(array $config): void {
'attribute' => 'Names.type'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'primary' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/PeopleTable.php b/app/src/Model/Table/PeopleTable.php
index 8f0d0ae0e..d7288c949 100644
--- a/app/src/Model/Table/PeopleTable.php
+++ b/app/src/Model/Table/PeopleTable.php
@@ -43,6 +43,7 @@ class PeopleTable extends Table {
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
use \App\Lib\Traits\LabeledLogTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\QueryModificationTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -125,6 +126,21 @@ public function initialize(array $config): void {
'attribute' => 'Names.type'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+// See also CFM-126
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/PersonRolesTable.php b/app/src/Model/Table/PersonRolesTable.php
index 5d21c565f..c3df8dcbf 100644
--- a/app/src/Model/Table/PersonRolesTable.php
+++ b/app/src/Model/Table/PersonRolesTable.php
@@ -43,6 +43,7 @@ class PersonRolesTable extends Table {
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
use \App\Lib\Traits\LabeledLogTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\QueryModificationTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -143,6 +144,22 @@ public function initialize(array $config): void {
'model' => 'Cous'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+// See also CFM-126
+// XXX need to add couAdmin, eventually
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/TelephoneNumbersTable.php b/app/src/Model/Table/TelephoneNumbersTable.php
index c0a4d7ece..65808fcfa 100644
--- a/app/src/Model/Table/TelephoneNumbersTable.php
+++ b/app/src/Model/Table/TelephoneNumbersTable.php
@@ -38,6 +38,7 @@ class TelephoneNumbersTable extends Table {
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\TypeTrait;
@@ -91,6 +92,21 @@ public function initialize(array $config): void {
'attribute' => 'TelephoneNumbers.type'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'primary' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/TypesTable.php b/app/src/Model/Table/TypesTable.php
index 2bed1063b..4322c71dd 100644
--- a/app/src/Model/Table/TypesTable.php
+++ b/app/src/Model/Table/TypesTable.php
@@ -40,6 +40,7 @@
class TypesTable extends Table {
use \App\Lib\Traits\AutoViewVarsTrait;
use \App\Lib\Traits\CoLinkTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\SearchFilterTrait;
use \App\Lib\Traits\TableMetaTrait;
@@ -112,6 +113,21 @@ public function initialize(array $config): void {
'class' => 'SuspendableStatusEnum'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin'],
+ 'restore' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/src/Model/Table/UrlsTable.php b/app/src/Model/Table/UrlsTable.php
index 036c6a542..2539464f8 100644
--- a/app/src/Model/Table/UrlsTable.php
+++ b/app/src/Model/Table/UrlsTable.php
@@ -37,6 +37,7 @@ class UrlsTable extends Table {
use \App\Lib\Traits\ChangelogBehaviorTrait;
use \App\Lib\Traits\CoLinkTrait;
use \App\Lib\Traits\HistoryTrait;
+ use \App\Lib\Traits\PermissionsTrait;
use \App\Lib\Traits\PrimaryLinkTrait;
use \App\Lib\Traits\TableMetaTrait;
use \App\Lib\Traits\TypeTrait;
@@ -84,6 +85,21 @@ public function initialize(array $config): void {
'attribute' => 'Urls.type'
]
]);
+
+ $this->setPermissions([
+ // Actions that operate over an entity (ie: require an $id)
+ 'entity' => [
+ 'delete' => ['platformAdmin', 'coAdmin'],
+ 'edit' => ['platformAdmin', 'coAdmin'],
+ 'primary' => ['platformAdmin', 'coAdmin'],
+ 'view' => ['platformAdmin', 'coAdmin']
+ ],
+ // Actions that operate over a table (ie: do not require an $id)
+ 'table' => [
+ 'add' => ['platformAdmin', 'coAdmin'],
+ 'index' => ['platformAdmin', 'coAdmin']
+ ]
+ ]);
}
/**
diff --git a/app/templates/Cos/select.php b/app/templates/Cos/select.php
index 2f61d5bbf..6d938b50e 100644
--- a/app/templates/Cos/select.php
+++ b/app/templates/Cos/select.php
@@ -35,7 +35,7 @@
- Alert->alert(__d('information','cos.none'), 'warning') ?>
+ Alert->alert(__d('information','cos.none'), 'warning') ?>