From b8949c209e71f55c2963c8476732e2e642d70e60 Mon Sep 17 00:00:00 2001
From: Ioannis Igoumenos <ioigoume@gmail.com>
Date: Wed, 26 Feb 2025 16:58:22 +0200
Subject: [PATCH] Fix CoMember self permissions for PersonRole and
 ExternalIdentity tab

---
 app/src/Controller/Component/RegistryAuthComponent.php | 9 +++++++++
 app/src/Controller/StandardController.php              | 4 +++-
 app/src/Model/Table/ExternalIdentitiesTable.php        | 4 ++--
 app/src/Model/Table/PersonRolesTable.php               | 2 +-
 app/src/View/Helper/TabHelper.php                      | 9 +++++++++
 5 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/app/src/Controller/Component/RegistryAuthComponent.php b/app/src/Controller/Component/RegistryAuthComponent.php
index 6981a369b..1a1ea8df7 100644
--- a/app/src/Controller/Component/RegistryAuthComponent.php
+++ b/app/src/Controller/Component/RegistryAuthComponent.php
@@ -969,6 +969,15 @@ public function isSelf(?int $coId, ?int $id): bool {
       return $this->cache['isSelf'][$coId];
     }
 
+    // Associated Model for External Identity Linke to Person
+    $externalIdentityIdParam = $request->getQuery('external_identity_id');
+    if (!empty($externalIdentityIdParam)) {
+      $extIdentTable = TableRegistry::getTableLocator()->get('ExternalIdentities');
+      $extIdentEntity = $extIdentTable->get($externalIdentityIdParam);
+      $extIdentityPersonId = $extIdentEntity->person_id;
+      $this->cache['isSelf'][$coId] = $personId == $extIdentityPersonId && $request->getParam('action') == 'index';
+      return $this->cache['isSelf'][$coId];
+    }
 
     $this->cache['isSelf'][$coId] = match(true) {
       // Canvas page
diff --git a/app/src/Controller/StandardController.php b/app/src/Controller/StandardController.php
index 8d5f7e6ab..07afec6e2 100644
--- a/app/src/Controller/StandardController.php
+++ b/app/src/Controller/StandardController.php
@@ -471,6 +471,7 @@ public function edit(string $id) {
     }
     
     $this->set('vv_obj', $obj);
+    $this->set('vv_permission_view', $this->RegistryAuth->calculatePermissionsForView('edit', $obj->id));
     // XXX should we also set '$model'? cake seems to autopopulate edit fields just fine without it
     //     note index() uses $tableName, not 'vv_objs' or event 'vv_table_name'
     
@@ -805,7 +806,8 @@ public function view($id = null) {
     }
     
     $this->set('vv_obj', $obj);
-    
+    $this->set('vv_permission_view', $this->RegistryAuth->calculatePermissionsForView('view', $obj->id));
+
     // PrimaryLinkTrait
     $this->getPrimaryLink();
     
diff --git a/app/src/Model/Table/ExternalIdentitiesTable.php b/app/src/Model/Table/ExternalIdentitiesTable.php
index dca4900e6..3cd797d23 100644
--- a/app/src/Model/Table/ExternalIdentitiesTable.php
+++ b/app/src/Model/Table/ExternalIdentitiesTable.php
@@ -189,12 +189,12 @@ public function initialize(array $config): void {
       'entity' => [
         'delete' =>   ['platformAdmin', 'coAdmin'],
         'edit' =>     ['platformAdmin', 'coAdmin'],
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' =>     ['platformAdmin', 'coAdmin', 'selfMember']
       ],
       // Actions that operate over a table (ie: do not require an $id)
       'table' => [
         'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
+        'index' =>    ['platformAdmin', 'coAdmin', 'selfMember']
       ],
       // Related models whose permissions we'll need, typically for table views
       'related' => [
diff --git a/app/src/Model/Table/PersonRolesTable.php b/app/src/Model/Table/PersonRolesTable.php
index 7c388d2f1..41791badd 100644
--- a/app/src/Model/Table/PersonRolesTable.php
+++ b/app/src/Model/Table/PersonRolesTable.php
@@ -209,7 +209,7 @@ public function initialize(array $config): void {
       // Actions that operate over a table (ie: do not require an $id)
       'table' => [
         'add' =>      ['platformAdmin', 'coAdmin'],
-        'index' =>    ['platformAdmin', 'coAdmin']
+        'index' =>    ['platformAdmin', 'coAdmin', 'selfMember']
       ]
     ]);
   }
diff --git a/app/src/View/Helper/TabHelper.php b/app/src/View/Helper/TabHelper.php
index 678f80096..0f040dbf5 100644
--- a/app/src/View/Helper/TabHelper.php
+++ b/app/src/View/Helper/TabHelper.php
@@ -109,6 +109,15 @@ public function constructLinkUrl(string $tab, string|int $curId, bool $isNested
       }
       $url['?'] = $linkFilter;
     } else if ($action === 'edit') {
+      $vv_permission_set = $this->getView()->get('vv_permission_set');
+      $vv_permission_view = $this->getView()->get('vv_permission_view');
+      if ($vv_permission_set && is_array($vv_permission_set)) {
+        $permission_set = array_pop($vv_permission_set);
+        $url['action'] = $permission_set['edit'] ? 'edit' : 'view';
+      } elseif (!empty($vv_permission_view)) {
+        $url['action'] = $vv_permission_view['edit'] ? 'edit' : 'view';
+      }
+
       // I will get the id from the associated ids table
       $url[] = $vv_associated_ids[$controller];
     } else {