From e2d6784205500b8fefa54ceac1ef6e390007371f Mon Sep 17 00:00:00 2001
From: Ioannis Igoumenos <ioigoume@gmail.com>
Date: Thu, 27 Feb 2025 21:47:10 +0200
Subject: [PATCH] Fix SelfMember permissions for ExternalIdentity preview

---
 .../Component/RegistryAuthComponent.php       | 47 ++++++++++++-------
 .../Table/ExternalIdentityRolesTable.php      |  4 +-
 2 files changed, 32 insertions(+), 19 deletions(-)

diff --git a/app/src/Controller/Component/RegistryAuthComponent.php b/app/src/Controller/Component/RegistryAuthComponent.php
index 1a1ea8df7..974fb3483 100644
--- a/app/src/Controller/Component/RegistryAuthComponent.php
+++ b/app/src/Controller/Component/RegistryAuthComponent.php
@@ -955,38 +955,51 @@ public function isSelf(?int $coId, ?int $id): bool {
     $controller = $this->getController();
     $request = $controller->getRequest();
     $controllerName = $controller->getName();
-    // View self or filter by the person_id
-    $passId = $request->getParam('pass.0');
-    $queryPersonIdParam = $request->getQuery('person_id');
     $personId = $this->getPersonID($coId);
 
-    // Associated Models, e.g. MVEAs
-    $modelTable = TableRegistry::getTableLocator()->get($controllerName);
-    $primaryLinks = $modelTable->getPrimaryLinks();
-    if (in_array('person_id', $primaryLinks) && $id !== null) {
+    /* EDIT/VIEW */
+
+    if ($request->getParam('action') == 'view' && $id !== null) {
+      $modelTable = TableRegistry::getTableLocator()->get($controllerName);
       $modelEntity = $modelTable->get($id);
-      $this->cache['isSelf'][$coId] = $personId == $modelEntity->person_id;
-      return $this->cache['isSelf'][$coId];
+      // Associated Models, e.g. MVEAs
+      $primaryLinks = $modelTable->getPrimaryLinks();
+
+      if (in_array('person_id', $primaryLinks) && $modelEntity->person_id !== null) {
+        $this->cache['isSelf'][$coId] = $personId == $modelEntity->person_id;
+        return $this->cache['isSelf'][$coId];
+      } elseif (in_array('external_identity_id', $primaryLinks) && $modelEntity->external_identity_id !== null) {
+        $externalIdentityId = $modelEntity->external_identity_id;
+        $extIdentTable = TableRegistry::getTableLocator()->get('ExternalIdentities');
+        $extIdentEntity = $extIdentTable->get($externalIdentityId);
+        $extIdentityPersonId = $extIdentEntity->person_id;
+        $this->cache['isSelf'][$coId] = $personId == $extIdentityPersonId;
+        return $this->cache['isSelf'][$coId];
+      }
     }
 
-    // Associated Model for External Identity Linke to Person
+    /*    INDEX VIEWS     */
+    // View self or filter by the person_id
+    $queryPersonIdParam = $request->getQuery('person_id');
+    // Associated Model for External Identity Link to Person
     $externalIdentityIdParam = $request->getQuery('external_identity_id');
+
     if (!empty($externalIdentityIdParam)) {
       $extIdentTable = TableRegistry::getTableLocator()->get('ExternalIdentities');
       $extIdentEntity = $extIdentTable->get($externalIdentityIdParam);
       $extIdentityPersonId = $extIdentEntity->person_id;
-      $this->cache['isSelf'][$coId] = $personId == $extIdentityPersonId && $request->getParam('action') == 'index';
+      $this->cache['isSelf'][$coId] = $personId == $extIdentityPersonId;
       return $this->cache['isSelf'][$coId];
     }
 
-    $this->cache['isSelf'][$coId] = match(true) {
+    if (
       // Canvas page
-      $controllerName == 'People' && $passId == $personId => true,
+      ($controllerName == 'People' && $id == $personId)
       // Any page that we query with the person_id
-      isset($queryPersonIdParam) && $queryPersonIdParam == $personId => true,
-      // XXX Any additional self rules go here
-      default => false,
-    };
+      || (isset($queryPersonIdParam) && $queryPersonIdParam == $personId)
+      ) {
+      $this->cache['isSelf'][$coId] = true;
+    }
 
     return $this->cache['isSelf'][$coId];
   }
diff --git a/app/src/Model/Table/ExternalIdentityRolesTable.php b/app/src/Model/Table/ExternalIdentityRolesTable.php
index 2d780f8ce..eb6a2c899 100644
--- a/app/src/Model/Table/ExternalIdentityRolesTable.php
+++ b/app/src/Model/Table/ExternalIdentityRolesTable.php
@@ -159,12 +159,12 @@ public function initialize(array $config): void {
       'entity' => [
         'delete' =>   false,
         'edit' =>     false,
-        'view' =>     ['platformAdmin', 'coAdmin']
+        'view' =>     ['platformAdmin', 'coAdmin', 'selfMember']
       ],
       // Actions that operate over a table (ie: do not require an $id)
       'table' => [
         'add' =>      false,
-        'index' =>    ['platformAdmin', 'coAdmin']
+        'index' =>    ['platformAdmin', 'coAdmin', 'selfMember']
       ]
     ]);
   }