fixed DashWidget and groupergroup permissions

Controller/CoGrouperLitesController.php

@@ -27,8 +27,7 @@ function beforeRender()
     parent::beforeRender();
   }
 
-  public function display($id)
-  {
+  public function display($id) {
     $cfg = $this->CoGrouperLite->getConfig();
     $services_url = Router::url([
       'plugin' => "grouper_lite",
@@ -54,8 +53,7 @@ public function display($id)
    * @return Array Permissions
    */
 
-  function isAuthorized()
-  {
+  function isAuthorized() {
     $roles = $this->Role->calculateCMRoles();
 
     // Determine what operations this user can perform
@@ -65,14 +63,18 @@ function isAuthorized()
     // Note that the display permission is set at the Dashboard, not Dashboard Widget level.
     $p = $this->calculateParentPermissions($roles);
 
-    // Delete an existing CO Announcements Widget?
+    $p['add'] = ($roles['cmadmin'] || $roles['coadmin']);
+
+    // Delete an existing Grouper Widget
     $p['delete'] = ($roles['cmadmin'] || $roles['coadmin']);
 
-    // Edit an existing CO Announcements Widget?
+    // Edit an existing Grouper Widget
     $p['edit'] = ($roles['cmadmin'] || $roles['coadmin']);
 
-    // View an existing CO Announcements Widget?
-    $p['view'] = ($roles['cmadmin'] || $roles['coadmin']);
+    // View an existing Grouper Widget
+    //Not sure the difference between view and index, so will open both to comembers.
+    $p['view'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']);
+    $p['index'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']);
 
     $this->set('permissions', $p);
     return ($p[$this->action]);

Controller/GrouperGroupsController.php

@@ -19,6 +19,7 @@ public function index() {
 
   public function groupUser()
   {
+    //TODO - Not being used, can delete?
     $this->set('title', _txt('pl.grouperlite.title.root'));
 
     $this->set('groupergroupsmember', $this->GrouperGroup->optinGroups($this->userId));
@@ -133,13 +134,13 @@ public function joinGroup()
     if ($this->request->is('post')) {
       $name = $this->request->data['GroupName'];
       if($this->GrouperGroup->joinGroup($this->userId, $name)) {
-        $this->Flash->success(_txt('You have been added to the group!'));
+        $this->Flash->success(_txt('pl.grouperlite.message.flash.join-group-success'));
       } else {
-        $this->Flash->error(_txt('You are unable to join the group!'));
+        $this->Flash->error(_txt('pl.grouperlite.message.flash.join-group-failed'));
       }
       return $this->redirect(array('action' => 'groupoptin'));
     }
-    $this->Flash->error(_txt('An error occurred in joining the group, please try again later.'));
+    $this->Flash->error(_txt('pl.grouperlite.message.flash.join-group-error'));
 
   }
 
@@ -148,16 +149,19 @@ public function leaveGroup()
     if ($this->request->is('post')) {
       $name = $this->request->data['GroupName'];
       if($this->GrouperGroup->leaveGroup($this->userId, $name)) {
-        $this->Flash->success(_txt('You have been deleted from the group!'));
+        $this->Flash->success(_txt('pl.grouperlite.message.flash.leave-group-success'));
       } else {
-        $this->Flash->error(_txt('You are unable to delete the group!'));
+        $this->Flash->error(_txt('pl.grouperlite.message.flash.leave-group-failed'));
       }
       return $this->redirect(array('action' => 'groupoptin'));
     }
-    $this->Flash->error(_txt('An error occurred in leaving the group, please try again later.'));
+    $this->Flash->error(_txt('pl.grouperlite.message.flash.leave-group-error'));
   }
 
   /**
+   * NOTE: All permissions will be done on the Grouper side. All Authenticated users will be able to
+   * use this plugin for self-admin of groups.
+   *
    * Authorization for this Controller, called by Auth component
    * - precondition: Session.Auth holds data used for authz decisions
    * - postcondition: $permissions set with calculated permissions
@@ -166,35 +170,35 @@ public function leaveGroup()
    * @return Array Permissions
    */
   function isAuthorized() {
-    //TODO - I am not sure how much of COmanage roles will be needed, but will need to tweak this to meet our needs.
-    //TODO - Use Grouper user controller to pull in user information.
     $roles = $this->Role->calculateCMRoles();
 
-    //TODO - this is about all we need right now.
+    //Need to pull in UserID for access to Grouper
     if($this->Session->check('Auth.User.username')) {
       $this->userId = $this->Session->read('Auth.User.username');
     }
 
-    // Construct the permission set for this user, which will also be passed to the view.
-    $p = array();
-
     // Determine what operations this user can perform
 
-    // Delete an existing CO Provisioning Target?
-    $p['delete'] = ($roles['cmadmin'] || $roles['coadmin']);
-
-    // Edit an existing CO Provisioning Target?
-    $p['edit'] = ($roles['cmadmin'] || $roles['coadmin']);
-
-    // View all existing CO Provisioning Targets?
-    $p['index'] = ($roles['cmadmin'] || $roles['coadmin']);
+    // Construct the permission set for this user, which will also be passed to the view.
+    //Note: Leaving in this format, in case need to restrict certain pages, can just remove true and add params.
+    $p = array();
 
-    // View an existing CO Provisioning Target?
-    $p['view'] = ($roles['cmadmin'] || $roles['coadmin']);
+    $p['index'] = true;
+    $p['groupinfo'] = true;
+    $p['groupowner'] = true;
+    $p['groupmember'] = true;
+    $p['groupoptin'] = true;
+    $p['emaillistsoptin'] = true;
+    $p['emaillistsmanaged'] = true;
+    $p['emaillistsinfo'] = true;
+    $p['groupcreateform'] = true;
+    $p['groupcreate'] = true;
+    $p['joingroup'] = true;
+    $p['leavegroup'] = true;
 
     $this->set('permissions', $p);
-    //return($p[$this->action]);
-    return true;
+
+    return ($p[$this->action]);
   }
 
 }

Model/GrouperUser.php

@@ -5,7 +5,6 @@
 class GrouperUser extends GrouperLiteAppModel
 {
   //TODO - Add input validation
-  //TODO - Remove the returns, since just used for debugging and testing.
   public $name = "GrouperGroup";
   public $grouperAPI;