Skip to content

Commit 3e54608

Browse files
ipulaipula
committed
fix issue in invitation and add permissions to invitation page
1 parent 71360b6 commit 3e54608

File tree

6 files changed

+78
-80
lines changed

6 files changed

+78
-80
lines changed

api/v1/invitations/InvitationController.php

+6-4
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,7 @@ public function getGroupRoutes(): void
136136

137137
Route::post('add/{type}', $this->add(...))
138138
->name('invitation.add');
139-
139+
140140
Route::put('{invitationId}/populate', $this->populate(...))
141141
->name('invitation.populate')
142142
->whereNumber('invitationId');
@@ -272,9 +272,9 @@ public function add(Request $illuminateRequest): JsonResponse
272272
'inviteeEmail.prohibited' => __('invitation.api.error.initialization.noUserIdAndEmailTogether'),
273273
'userId.prohibited' => __('invitation.api.error.initialization.noUserIdAndEmailTogether')
274274
];
275-
275+
276276
$validator = ValidatorFactory::make(
277-
$payload,
277+
$payload,
278278
$rules,
279279
$messages
280280
);
@@ -345,11 +345,13 @@ public function getMany(Request $illuminateRequest): JsonResponse
345345
->when($context, fn($query) => $query->byContextId($context->getId()))
346346
->stillActive();
347347

348+
$itemsMax = $query->clone()->count();
349+
348350
// Delegate to the specific handler for additional logic
349351
$specificData = $this->selectedHandler->getMany($illuminateRequest, $query);
350352

351353
return response()->json([
352-
'itemsMax' => $query->count(),
354+
'itemsMax' => $itemsMax,
353355
'items' => $specificData,
354356
], Response::HTTP_OK);
355357
}

classes/user/maps/Schema.php

+16-17
Original file line numberDiff line numberDiff line change
@@ -131,7 +131,6 @@ protected function mapByProperties(array $props, User $user, array $auxiliaryDat
131131
case 'canLoginAs':
132132
$output[$prop] = $this->getPropertyCanLoginAs($user);
133133
break;
134-
135134
case 'canMergeUsers':
136135
$output[$prop] = $this->getPropertyCanMergeUsers($user);
137136
break;
@@ -175,22 +174,22 @@ protected function mapByProperties(array $props, User $user, array $auxiliaryDat
175174

176175
$output[$prop] = [];
177176
foreach ($userGroups as $userGroup) {
178-
$output[$prop][] = [
179-
'id' => (int) $userGroup->id,
180-
'name' => $userGroup->getLocalizedData('name'),
181-
'abbrev' => $userGroup->getLocalizedData('abbrev'),
182-
'roleId' => (int) $userGroup->roleId,
183-
'showTitle' => (bool) $userGroup->showTitle,
184-
'permitSelfRegistration' => (bool) $userGroup->permitSelfRegistration,
185-
'permitMetadataEdit' => (bool) $userGroup->permitMetadataEdit,
186-
'recommendOnly' => (bool) $userGroup->recommendOnly,
187-
'dateStart' => UserUserGroup::withUserId($user->getId())
188-
->withUserGroupIds([$userGroup->id])
189-
->pluck('date_start')->first(),
190-
'dateEnd' => UserUserGroup::withUserId($user->getId())
191-
->withUserGroupIds([$userGroup->id])
192-
->pluck('date_end')->first(),
193-
];
177+
$userUserGroup = UserUserGroup::withUserId($user->getId())
178+
->withUserGroupIds([$userGroup->id])->get()->toArray();
179+
foreach ($userUserGroup as $userUserGroupItem) {
180+
$output[$prop][] = [
181+
'id' => (int) $userGroup->id,
182+
'name' => $userGroup->getLocalizedData('name'),
183+
'abbrev' => $userGroup->getLocalizedData('abbrev'),
184+
'roleId' => (int) $userGroup->roleId,
185+
'showTitle' => (bool) $userGroup->showTitle,
186+
'permitSelfRegistration' => (bool) $userGroup->permitSelfRegistration,
187+
'permitMetadataEdit' => (bool) $userGroup->permitMetadataEdit,
188+
'recommendOnly' => (bool) $userGroup->recommendOnly,
189+
'dateStart' => $userUserGroupItem['dateStart'],
190+
'dateEnd' => $userUserGroupItem['dateEnd'],
191+
];
192+
}
194193
}
195194
}
196195
break;

controllers/grid/settings/user/UserGridHandler.php

+7-24
Original file line numberDiff line numberDiff line change
@@ -92,23 +92,6 @@ public function initialize($request, $args = null)
9292
// Basic grid configuration.
9393
$this->setTitle('grid.user.currentUsers');
9494

95-
// Grid actions.
96-
$router = $request->getRouter();
97-
98-
$this->addAction(
99-
new LinkAction(
100-
'addUser',
101-
new AjaxModal(
102-
$router->url($request, null, null, 'addUser', null, null),
103-
__('grid.user.add'),
104-
null,
105-
true
106-
),
107-
__('grid.user.add'),
108-
'add_user'
109-
)
110-
);
111-
11295
//
11396
// Grid columns.
11497
//
@@ -171,7 +154,7 @@ public function getTemplateVarsFromRow($row): array
171154
->withActive();
172155
})
173156
->get();
174-
157+
175158
$roles = $userGroups->map(fn (UserGroup $userGroup) => $userGroup->getLocalizedData('name'))->join(__('common.commaListSeparator'));
176159
return ['label' => $roles];
177160
}
@@ -550,18 +533,18 @@ public function removeUser($args, $request)
550533
if (!$request->checkCSRF()) {
551534
return new JSONMessage(false);
552535
}
553-
536+
554537
$context = $request->getContext();
555538
$user = $request->getUser();
556-
539+
557540
// Identify the user Id.
558541
$userId = $request->getUserVar('rowId');
559-
542+
560543
if ($userId !== null && Validation::getAdministrationLevel($userId, $user->getId(), $context->getId()) === Validation::ADMINISTRATION_PROHIBITED) {
561544
// We don't have administrative rights over this user.
562545
return new JSONMessage(false, __('grid.user.cannotAdminister'));
563546
}
564-
547+
565548
// Check if this user has any active user group assignments for this context.
566549
$activeUserGroupCount = UserGroup::query()
567550
->withContextIds($context->getId())
@@ -570,7 +553,7 @@ public function removeUser($args, $request)
570553
->withActive();
571554
})
572555
->count();
573-
556+
574557
if (!$activeUserGroupCount) {
575558
return new JSONMessage(false, __('grid.user.userNoRoles'));
576559
} else {
@@ -582,7 +565,7 @@ public function removeUser($args, $request)
582565
$query->withContextIds($context->getId());
583566
})
584567
->update(['date_end' => now()]);
585-
568+
586569
return \PKP\db\DAO::getDataChangedEvent($userId);
587570
}
588571
}

controllers/grid/users/author/AuthorGridRow.php

-18
Original file line numberDiff line numberDiff line change
@@ -101,24 +101,6 @@ public function initialize($request, $template = null)
101101
'delete'
102102
)
103103
);
104-
105-
$author = Repo::author()->get((int) $rowId, $this->getPublication()->getId());
106-
107-
if ($author && !Repo::user()->getByEmail($author->getEmail(), true)) {
108-
$this->addAction(
109-
new LinkAction(
110-
'addUser',
111-
new AjaxModal(
112-
$router->url($request, null, null, 'addUser', null, $actionArgs),
113-
__('grid.user.add'),
114-
null,
115-
true
116-
),
117-
__('grid.user.add'),
118-
'add_user'
119-
)
120-
);
121-
}
122104
}
123105
}
124106
}

locale/en/user.po

+1-1
Original file line numberDiff line numberDiff line change
@@ -855,7 +855,7 @@ msgid "orcid.field.unverified.shouldRequest"
855855
msgstr "This ORCID has not been verified. Please remove this unverified ORCID and request verification from the user/author directly."
856856

857857
msgid "user.removeRole.message"
858-
msgstr "Are you sure want remove this role permanently?"
858+
msgstr "Are you sure you want to permanently remove this role? This action will revoke the user's access to all information and permissions associated with this role"
859859

860860
msgid "user.futureRole.notification.message"
861861
msgstr "Your role is scheduled to begin on {$roleStartDate}"

pages/invitation/InvitationHandler.php

+48-16
Original file line numberDiff line numberDiff line change
@@ -17,18 +17,21 @@
1717
namespace PKP\pages\invitation;
1818

1919
use APP\core\Application;
20+
use APP\core\PageRouter;
2021
use APP\core\Request;
2122
use APP\facades\Repo;
2223
use APP\handler\Handler;
2324
use APP\template\TemplateManager;
2425
use PKP\context\Context;
25-
use PKP\core\PKPApplication;
26+
use PKP\core\PKPRequest;
2627
use PKP\facades\Locale;
27-
use PKP\i18n\LocaleMetadata;
2828
use PKP\invitation\core\enums\InvitationAction;
2929
use PKP\invitation\core\Invitation;
3030
use PKP\invitation\stepTypes\SendInvitationStep;
31-
use PKP\user\User;
31+
use PKP\security\authorization\ContextAccessPolicy;
32+
use PKP\security\authorization\PolicySet;
33+
use PKP\security\authorization\RoleBasedHandlerOperationPolicy;
34+
use PKP\security\Role;
3235
use PKP\userGroup\relationships\UserUserGroup;
3336

3437
class InvitationHandler extends Handler
@@ -38,6 +41,34 @@ class InvitationHandler extends Handler
3841
public const REPLY_OP_ACCEPT = 'accept';
3942
public const REPLY_OP_DECLINE = 'decline';
4043

44+
/**
45+
* @see PKPHandler::authorize()
46+
*
47+
* @param PKPRequest $request
48+
* @param array $args
49+
* @param array $roleAssignments
50+
*/
51+
public function authorize($request, &$args, $roleAssignments)
52+
{
53+
/** @var PageRouter */
54+
$router = $request->getRouter();
55+
$op = $router->getRequestedOp($request);
56+
$rolePolicy = new PolicySet(PolicySet::COMBINING_PERMIT_OVERRIDES);
57+
$rolePolicy->addPolicy(
58+
new RoleBasedHandlerOperationPolicy(
59+
$request,
60+
[Role::ROLE_ID_SITE_ADMIN, Role::ROLE_ID_MANAGER],
61+
['invite', 'editUser']
62+
)
63+
);
64+
$this->addPolicy($rolePolicy);
65+
66+
if (in_array($op, ['accept', 'decline'])) {
67+
return true;
68+
}
69+
return parent::authorize($request, $args, $roleAssignments);
70+
}
71+
4172
/**
4273
* Accept invitation handler
4374
*/
@@ -155,8 +186,8 @@ public function invite(array $args, Request $request): void
155186
$invitationModel = $invitation->invitationModel->toArray();
156187

157188
$invitationMode = 'edit';
158-
$payload['email']=$invitationModel['email'];
159-
$invitationData = $this->generateInvitationPayload($invitationModel['userId'],$payload,$request->getContext())['invitationPayload'];
189+
$payload['email'] = $invitationModel['email'];
190+
$invitationData = $this->generateInvitationPayload($invitationModel['userId'], $payload, $request->getContext());
160191
$user = $invitationData['user'];
161192
$invitationPayload = $invitationData['invitationPayload'];
162193
}
@@ -206,7 +237,8 @@ public function invite(array $args, Request $request): void
206237
'pageTitleDescription' => $invitation ?
207238
__(
208239
'invitation.wizard.viewPageTitleDescription',
209-
['name' => $invitationPayload['givenName'][Locale::getLocale()]]
240+
['name' => $invitationPayload['givenName'][Locale::getLocale()] ?
241+
$invitationPayload['givenName'][Locale::getLocale()] : $invitationPayload['inviteeEmail']]
210242
)
211243
: __('invitation.wizard.pageTitleDescription'),
212244
]);
@@ -228,9 +260,9 @@ public function invite(array $args, Request $request): void
228260
public function editUser($args, $request): void
229261
{
230262
$invitation = null;
231-
if(!empty($args)) {
263+
if (!empty($args)) {
232264
$invitationMode = 'editUser';
233-
$invitationData = $this->generateInvitationPayload($args[0],[],$request->getContext());
265+
$invitationData = $this->generateInvitationPayload($args[0], [], $request->getContext());
234266
$user = $invitationData['user'];
235267
$invitationPayload = $invitationData['invitationPayload'];
236268
$templateMgr = TemplateManager::getManager($request);
@@ -257,7 +289,7 @@ public function editUser($args, $request): void
257289
];
258290
$steps = new SendInvitationStep();
259291
$templateMgr->setState([
260-
'steps' => $steps->getSteps($invitation, $context,$user),
292+
'steps' => $steps->getSteps($invitation, $context, $user),
261293
'emailTemplatesApiUrl' => $request
262294
->getDispatcher()
263295
->url(
@@ -295,7 +327,7 @@ public function editUser($args, $request): void
295327
* @param Context $context
296328
* @param int $id
297329
*/
298-
private function getUserUserGroups(int $id , Context $context): array
330+
private function getUserUserGroups(int $id, Context $context): array
299331
{
300332
$userGroups = [];
301333
$userUserGroups = UserUserGroup::query()
@@ -325,11 +357,11 @@ private function getUserUserGroups(int $id , Context $context): array
325357
private function generateInvitationPayload($userId, array $payload, Context $context): array
326358
{
327359
$user = null;
328-
if($userId){
329-
$user = Repo::user()->get($userId,true);
360+
if ($userId) {
361+
$user = Repo::user()->get($userId, true);
330362
}
331363

332-
$invitationPayload =[];
364+
$invitationPayload = [];
333365
$invitationPayload['userId'] = $user ? $user->getId() : $userId;
334366
$invitationPayload['inviteeEmail'] = $user ? $user->getEmail() : $payload['email'];
335367
$invitationPayload['orcid'] = $user ? $user->getData('orcid') : $payload['orcid'];
@@ -341,12 +373,12 @@ private function generateInvitationPayload($userId, array $payload, Context $con
341373
$invitationPayload['phone'] = $user?->getPhone();
342374
$invitationPayload['mailingAddress'] = $user?->getMailingAddress();
343375
$invitationPayload['signature'] = $user?->getSignature(null);
344-
$invitationPayload['locales'] = $user? $this->getWorkingLanguages($context,$user->getLocales()) : null;
376+
$invitationPayload['locales'] = $user ? $this->getWorkingLanguages($context, $user->getLocales()) : null;
345377
$invitationPayload['reviewInterests'] = $user?->getInterestString();
346378
$invitationPayload['homePageUrl'] = $user?->getUrl();
347379
$invitationPayload['disabled'] = $user?->getData('disabled');
348380
$invitationPayload['userGroupsToAdd'] = !$payload['userGroupsToAdd'] ? [] : $payload['userGroupsToAdd'];
349-
$invitationPayload['currentUserGroups'] = !$userId ? [] : $this->getUserUserGroups($userId,$context);
381+
$invitationPayload['currentUserGroups'] = !$userId ? [] : $this->getUserUserGroups($userId, $context);
350382
$invitationPayload['userGroupsToRemove'] = [];
351383
$invitationPayload['emailComposer'] = [
352384
'emailBody' => '',
@@ -364,7 +396,7 @@ private function generateInvitationPayload($userId, array $payload, Context $con
364396
* @param $userLocales
365397
* @return string
366398
*/
367-
private function getWorkingLanguages(Context $context,$userLocales): string
399+
private function getWorkingLanguages(Context $context, $userLocales): string
368400
{
369401
$locales = $context->getSupportedLocaleNames();
370402
return join(__('common.commaListSeparator'), array_map(fn($key) => $locales[$key], $userLocales));

0 commit comments

Comments
 (0)