diff --git a/app/config/schema/schema.json b/app/config/schema/schema.json
index 86ea747fe..e8841843b 100644
--- a/app/config/schema/schema.json
+++ b/app/config/schema/schema.json
@@ -636,6 +636,7 @@
"authz_cou_id": { "type": "integer", "foreignkey": { "table": "cous", "column": "id" }},
"authz_group_id": { "type": "integer", "foreignkey": { "table": "groups", "column": "id" }},
"collect_enrollee_email": { "type": "boolean" },
+ "enable_person_find": { "type": "boolean" },
"redirect_on_duplicate": { "type": "string", "size": 256 },
"redirect_on_finalize": { "type": "string", "size": 256 },
"finalization_message_template_id": { "type": "integer", "foreignkey": { "table": "message_templates", "column": "id" }},
diff --git a/app/resources/locales/en_US/field.po b/app/resources/locales/en_US/field.po
index 56d7fb893..44d063edc 100644
--- a/app/resources/locales/en_US/field.po
+++ b/app/resources/locales/en_US/field.po
@@ -498,6 +498,12 @@ msgstr "Petitioner Authorization"
msgid "EnrollmentFlows.collect_enrollee_email"
msgstr "Collect Enrollee Email"
+msgid "EnrollmentFlows.enable_person_find"
+msgstr "Enable People Picker for Self Service"
+
+msgid "EnrollmentFlows.enable_person_find.desc"
+msgstr "Enable people picker for self-service enrollments, see Registry Technical Manual for privacy considerations"
+
msgid "EnrollmentFlows.finalization_message_template_id"
msgstr "Finalization Message Template"
diff --git a/app/src/Controller/Component/RegistryAuthComponent.php b/app/src/Controller/Component/RegistryAuthComponent.php
index 5df86abcc..861447400 100644
--- a/app/src/Controller/Component/RegistryAuthComponent.php
+++ b/app/src/Controller/Component/RegistryAuthComponent.php
@@ -325,7 +325,7 @@ protected function calculatePermission(string $action, ?int $id=null): bool {
* Obtain the permission set for this request.
*
* @since COmanage Registry v5.0.0
- * @param int $id Subject ID, if applicable
+ * @param int|null $id Subject ID, if applicable
* @return array Array of actions and authorized roles
*/
@@ -386,6 +386,19 @@ protected function calculatePermissions(?int $id=null): array {
// Pull the table's permission definitions
$permissions = $this->getTablePermissions($table, $id);
+
+ // Calculate people picker permissions on the fly for an enrollment flow/petition
+ if(
+ $reqAction == 'pick'
+ && $modelsName == 'People'
+ && !empty($controller->getRequest()->getQuery('petition_id'))
+ ) {
+ // We need to check if this is part of an Enrollment Flow
+ $isPicker = $this->isAuthenticatedUserPicker((int)$controller->getRequest()->getQuery('petition_id'));
+ if($isPicker) {
+ $permissions['table']['pick'][] = 'authenticatedUser';
+ }
+ }
if($id) {
$readOnlyActions = ['view'];
@@ -719,8 +732,8 @@ public function getPersonID(int $coId): ?int {
* Obtain the set of permissions as provided by the table.
*
* @since COmanage Registry v5.0.0
- * @param table $table Cake Table
- * @param int $id Entity ID, if applicable
+ * @param table $table Cake Table
+ * @param int|null $id Entity ID, if applicable
* @return array Table permissions
*/
@@ -852,12 +865,35 @@ public function isApprover(int $petitionId): bool {
public function isAuthenticatedUser(): bool {
return !empty($this->authenticatedUser);
}
+
+ /**
+ * Determine if the current authenticated user is allowed to use the person picker functionality
+ * for a given petition.
+ *
+ * @param int $petitionId ID of the petition to check
+ * @return bool True if the user can use the person picker, false otherwise
+ * @since COmanage Registry v5.2.0
+ */
+
+ protected function isAuthenticatedUserPicker(int $petitionId): bool
+ {
+ if (empty($petitionId)) {
+ return false;
+ }
+
+ $Petitions = TableRegistry::getTableLocator()->get('Petitions');
+
+ // Pull the Petition to find its CO
+ $petition = $Petitions->get($petitionId, ['contain' => 'EnrollmentFlows']);
+
+ return $this->authenticatedUser && $petition->enrollment_flow->enable_person_find;
+ }
/**
* Determine if the current user is a CO Administrator.
*
* @since COmanage Registry v5.0.0
- * @param int $coId CO ID
+ * @param int|null $coId CO ID
* @return bool True if the current user is a CO Administrator
*/
diff --git a/app/templates/EnrollmentFlows/fields.inc b/app/templates/EnrollmentFlows/fields.inc
index 411633f7c..33d25752c 100644
--- a/app/templates/EnrollmentFlows/fields.inc
+++ b/app/templates/EnrollmentFlows/fields.inc
@@ -90,6 +90,7 @@ if($vv_action == 'add' || $vv_action == 'edit') {
foreach (['authz_cou_id',
'authz_group_id',
'collect_enrollee_email',
+ 'enable_person_find',
'redirect_on_duplicate',
'redirect_on_finalize',
'finalization_message_template_id'
diff --git a/app/templates/element/peopleAutocomplete.php b/app/templates/element/peopleAutocomplete.php
index c545e7b1f..ebbe5b389 100644
--- a/app/templates/element/peopleAutocomplete.php
+++ b/app/templates/element/peopleAutocomplete.php
@@ -63,6 +63,10 @@
$personRecord = $this->Petition->getRecordForId('person_id', $inputValue, ['PrimaryName', 'EmailAddresses']);
$canvasUrl = $this->Url->build(['controller' => 'people', 'action' => 'edit', $inputValue]);
}
+ $searchPeople = $this->request->getAttribute('webroot') . 'api/ajax/v2/people/pick?co_id=' . $vv_cur_co->id;
+ if (isset($vv_petition->id)) {
+ $searchPeople = $this->request->getAttribute('webroot') . 'api/ajax/v2/people/pick?co_id=' . $vv_cur_co->id . '&petition_id=' . $vv_petition->id;
+ }
?>