Fix CoMember self permissions for PersonRole and ExternalIdentity tab

COmanage · Feb 26, 2025 · b8949c2 · b8949c2
1 parent e7507b7
commit b8949c2
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 4 deletions.
diff --git a/app/src/Controller/Component/RegistryAuthComponent.php b/app/src/Controller/Component/RegistryAuthComponent.php
@@ -969,6 +969,15 @@ public function isSelf(?int $coId, ?int $id): bool {
       return $this->cache['isSelf'][$coId];
     }
 
+    // Associated Model for External Identity Linke to Person
+    $externalIdentityIdParam = $request->getQuery('external_identity_id');
+    if (!empty($externalIdentityIdParam)) {
+      $extIdentTable = TableRegistry::getTableLocator()->get('ExternalIdentities');
+      $extIdentEntity = $extIdentTable->get($externalIdentityIdParam);
+      $extIdentityPersonId = $extIdentEntity->person_id;
+      $this->cache['isSelf'][$coId] = $personId == $extIdentityPersonId && $request->getParam('action') == 'index';
+      return $this->cache['isSelf'][$coId];
+    }
 
     $this->cache['isSelf'][$coId] = match(true) {
       // Canvas page

diff --git a/app/src/Controller/StandardController.php b/app/src/Controller/StandardController.php
@@ -471,6 +471,7 @@ public function edit(string $id) {
     }
 
     $this->set('vv_obj', $obj);
+    $this->set('vv_permission_view', $this->RegistryAuth->calculatePermissionsForView('edit', $obj->id));
     // XXX should we also set '$model'? cake seems to autopopulate edit fields just fine without it
     //     note index() uses $tableName, not 'vv_objs' or event 'vv_table_name'
 
@@ -805,7 +806,8 @@ public function view($id = null) {
     }
 
     $this->set('vv_obj', $obj);
-
+    $this->set('vv_permission_view', $this->RegistryAuth->calculatePermissionsForView('view', $obj->id));
+
     // PrimaryLinkTrait
     $this->getPrimaryLink();
 

diff --git a/app/src/Model/Table/ExternalIdentitiesTable.php b/app/src/Model/Table/ExternalIdentitiesTable.php
@@ -189,12 +189,12 @@ public function initialize(array $config): void {
       'entity' => [
         'delete' =>   ['platformAdmin', 'coAdmin'],
         'edit' =>     ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' =>     ['platformAdmin', 'coAdmin', 'selfMember']
       ],
       // Actions that operate over a table (ie: do not require an $id)
       'table' => [
         'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
+        'index' =>    ['platformAdmin', 'coAdmin', 'selfMember']
       ],
       // Related models whose permissions we'll need, typically for table views
       'related' => [

diff --git a/app/src/Model/Table/PersonRolesTable.php b/app/src/Model/Table/PersonRolesTable.php
@@ -209,7 +209,7 @@ public function initialize(array $config): void {
       // Actions that operate over a table (ie: do not require an $id)
       'table' => [
         'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
+        'index' =>    ['platformAdmin', 'coAdmin', 'selfMember']
       ]
     ]);
   }

diff --git a/app/src/View/Helper/TabHelper.php b/app/src/View/Helper/TabHelper.php
@@ -109,6 +109,15 @@ public function constructLinkUrl(string $tab, string|int $curId, bool $isNested
       }
       $url['?'] = $linkFilter;
     } else if ($action === 'edit') {
+      $vv_permission_set = $this->getView()->get('vv_permission_set');
+      $vv_permission_view = $this->getView()->get('vv_permission_view');
+      if ($vv_permission_set && is_array($vv_permission_set)) {
+        $permission_set = array_pop($vv_permission_set);
+        $url['action'] = $permission_set['edit'] ? 'edit' : 'view';
+      } elseif (!empty($vv_permission_view)) {
+        $url['action'] = $vv_permission_view['edit'] ? 'edit' : 'view';
+      }
+
       // I will get the id from the associated ids table
       $url[] = $vv_associated_ids[$controller];
     } else {