From 8e6bdd13e78a2532b9b18c56efb9b781ced304da Mon Sep 17 00:00:00 2001
From: Ioannis Igoumenos <ioigoume@gmail.com>
Date: Mon, 12 Feb 2024 17:35:42 +0200
Subject: [PATCH] fix subnavigation permissions for related models (#152)

---
 .../Table/ExtIdentitySourceRecordsTable.php   |  3 +--
 .../Model/Table/ExternalIdentitiesTable.php   | 15 +++++++++++++++
 .../ExtIdentitySourceRecords/fields-nav.inc   |  6 ++----
 .../ExternalIdentities/fields-nav.inc         | 19 ++-----------------
 app/templates/Standard/add-edit-view.php      |  2 +-
 5 files changed, 21 insertions(+), 24 deletions(-)

diff --git a/app/src/Model/Table/ExtIdentitySourceRecordsTable.php b/app/src/Model/Table/ExtIdentitySourceRecordsTable.php
index b55509804..fec143baf 100644
--- a/app/src/Model/Table/ExtIdentitySourceRecordsTable.php
+++ b/app/src/Model/Table/ExtIdentitySourceRecordsTable.php
@@ -86,8 +86,7 @@ public function initialize(array $config): void {
       // Actions that operate over a table (ie: do not require an $id)
       'table' => [
         'add' =>      false,
-// CFM-32 Update this permission when made available via the Artifacts menu
-        'index' =>    false // ['platformAdmin', 'coAdmin'],
+        'index' =>    ['platformAdmin', 'coAdmin']
       ]
     ]);
   }
diff --git a/app/src/Model/Table/ExternalIdentitiesTable.php b/app/src/Model/Table/ExternalIdentitiesTable.php
index 7eb69122c..83fdaa6a2 100644
--- a/app/src/Model/Table/ExternalIdentitiesTable.php
+++ b/app/src/Model/Table/ExternalIdentitiesTable.php
@@ -159,6 +159,21 @@ public function initialize(array $config): void {
       'table' => [
         'add' =>      ['platformAdmin', 'coAdmin'],
         'index' =>    ['platformAdmin', 'coAdmin']
+      ],
+      // Related models whose permissions we'll need, typically for table views
+      'related' => [
+         'Names',
+         'Addresses',
+         'AdHocAttributes',
+         'EmailAddresses',
+         'ExternalIdentityRoles',
+         'ExtIdentitySourceRecords',
+         'HistoryRecords',
+         'Identifiers',
+         'JobHistoryRecords',
+         'Pronouns',
+         'TelephoneNumbers',
+         'Urls'
       ]
     ]);
   }
diff --git a/app/templates/ExtIdentitySourceRecords/fields-nav.inc b/app/templates/ExtIdentitySourceRecords/fields-nav.inc
index 8ea739688..952251c10 100644
--- a/app/templates/ExtIdentitySourceRecords/fields-nav.inc
+++ b/app/templates/ExtIdentitySourceRecords/fields-nav.inc
@@ -35,8 +35,7 @@ if(!empty($vv_obj->external_identity_id)) {
       'controller'  => 'external_identities',
       'action'      => 'view',
       $vv_obj->external_identity_id
-    ],
-    'skipPermsCheck' => true
+    ]
   ];
   $topLinks[] = [
     'icon' => 'visibility',
@@ -49,8 +48,7 @@ if(!empty($vv_obj->external_identity_id)) {
       '?' => [
         'source_key' => $vv_obj->source_key
       ]
-    ],
-    'skipPermsCheck' => true
+    ]
   ];
 }
 
diff --git a/app/templates/ExternalIdentities/fields-nav.inc b/app/templates/ExternalIdentities/fields-nav.inc
index 5a0533b3b..9624c9c13 100644
--- a/app/templates/ExternalIdentities/fields-nav.inc
+++ b/app/templates/ExternalIdentities/fields-nav.inc
@@ -53,8 +53,7 @@ $topLinks = [
       '?' => [
         'external_identity_id' => $vv_obj->id
       ]
-    ],
-    'skipPermsCheck' => true
+    ]
   ],
   [
     'icon' => 'visibility',
@@ -62,25 +61,11 @@ $topLinks = [
     'label' => __d('operation', 'view.a', [__d('controller', 'ExtIdentitySourceRecords', 1)]),
     'link' => [
       'controller' => 'ext_identity_source_records',
-      'action' => 'index',
+      'action' => 'view',
       $vv_obj->ext_identity_source_records[0]->id
     ]
   ]
 ];
-  
-if($vv_action == 'view' && !empty($vv_obj->ext_identity_source_records[0])) {
-  $topLinks[] = [
-    'icon' => 'visibility',
-    'order' => 'Default',
-    'label' => __d('operation', 'view.a', [__d('controller', 'ExtIdentitySourceRecords', 1)]),
-    'link' => [
-      'controller' => 'ext-identity-source-records',
-      'action' => 'view',
-      $vv_obj->ext_identity_source_records[0]->id
-    ],
-    'skipPermsCheck' => true
-  ];
-}
 
 // $addMenuLinks is also given slightly different treatment from the typical $topLinks found in most views: 
 // it is a page-global menu used for adding MVEAs and is given special treatment in element/mveaCanvas.php.
diff --git a/app/templates/Standard/add-edit-view.php b/app/templates/Standard/add-edit-view.php
index 7affb74bf..3dd612797 100644
--- a/app/templates/Standard/add-edit-view.php
+++ b/app/templates/Standard/add-edit-view.php
@@ -126,7 +126,7 @@
         }
       }
       
-      if($perm || !empty($t['skipPermsCheck'])) {
+      if($perm) {
         $action_args['vv_actions'][] = [
           'order' => $this->Menu->getMenuOrder($t['order']),
           'icon' => $this->Menu->getMenuIcon($t['icon']),