Consider parent can edit.
Parent can see their children list of contributions
Parents can show/edit childs
Parent can see children contribution in their list
Contribution and invopices access for parents
namespace Galette\Controllers\Crud;
use Throwable;
+use Analog\Analog;
use Galette\Controllers\CrudController;
use Slim\Http\Request;
use Slim\Http\Response;
$filters->orderby = $value;
break;
case 'member':
- if (
- ($this->login->isAdmin()
- || $this->login->isStaff())
- ) {
- if ($value == 'all') {
- $filters->filtre_cotis_adh = null;
- } else {
- $filters->filtre_cotis_adh = $value;
- }
- }
+ $filters->filtre_cotis_adh = ($value === 'all' ? null : $value);
break;
}
}
- if (!$this->login->isAdmin() && !$this->login->isStaff()) {
- $filters->filtre_cotis_adh = $this->login->id;
+ if (!$this->login->isAdmin() && !$this->login->isStaff() && $value != $this->login->id) {
+ if ($value == 'all') {
+ $value = null;
+ $filters->filtre_cotis_children = $this->login->id;
+ } else {
+ $member = new Adherent(
+ $this->zdb,
+ (int)$value,
+ [
+ 'picture' => false,
+ 'groups' => false,
+ 'dues' => false,
+ 'parent' => true
+ ]
+ );
+ if (
+ !$member->hasParent() ||
+ $member->hasParent() && $member->parent->id != $this->login->id
+ ) {
+ $value = $this->login->id;
+ Analog::log(
+ 'Trying to display contributions for member #' . $value .
+ ' without appropriate ACLs',
+ Analog::WARNING
+ );
+ }
+ }
+ $filters->filtre_cotis_children = $value;
}
$class = '\\Galette\\Repository\\' . ucwords($raw_type);
$tpl_vars['member'] = $member;
}
+ if ($filters->filtre_cotis_children != false) {
+ $member = new Adherent(
+ $this->zdb,
+ $filters->filtre_cotis_children,
+ [
+ 'picture' => false,
+ 'groups' => false,
+ 'dues' => false,
+ 'parent' => true
+ ]
+ );
+ $tpl_vars['pmember'] = $member;
+ }
+
// display page
$this->view->render(
$response,
);
$member = new Adherent($this->zdb, $id, $deps);
- if (!$member->canEdit($this->login)) {
+ if (!$member->canShow($this->login)) {
$this->flash->addMessage(
'error_detected',
_T("You do not have permission for requested URL.")
$member = new Adherent($this->zdb, $id, $deps);
$denied = null;
- if (!$member->canEdit($this->login)) {
+ if (!$member->canShow($this->login)) {
$fields = $member->getDynamicFields()->getFields();
if (!isset($fields[$fid])) {
//field does not exists or access is forbidden
}
// new or edit
- if ($this->login->isAdmin() || $this->login->isStaff() || $this->login->isGroupManager()) {
- if (isset($post['id_adh'])) {
- $member->load((int)$post['id_adh']);
- if (!$member->canEdit($this->login)) {
- //redirection should have been done before. Just throw an Exception.
- throw new \RuntimeException(
- str_replace(
- '%id',
- $member->id,
- 'No right to store member #%id'
- )
- );
- }
+ if (isset($post['id_adh'])) {
+ $member->load((int)$post['id_adh']);
+ if (!$member->canEdit($this->login)) {
+ //redirection should have been done before. Just throw an Exception.
+ throw new \RuntimeException(
+ str_replace(
+ '%id',
+ $member->id,
+ 'No right to store member #%id'
+ )
+ );
}
} else {
- $member->load($this->login->id);
+ if ($member->id != '') {
+ $member->load($this->login->id);
+ }
}
// flagging required fields
use Galette\Core\Preferences;
use Galette\Core\History;
use Galette\Repository\Groups;
+use Galette\Core\Login;
use Galette\Repository\Members;
/**
*/
public function store()
{
- global $hist, $emitter;
+ global $hist, $emitter, $login;
$event = null;
+ if (!$login->isAdmin() && !$login->isStaff() && !$login->isGroupManager() && $this->id == '') {
+ $this->_parent = $login->id;
+ }
+
try {
$values = array();
$fields = self::getDbFields($this->zdb);
);
}
$success = true;
-
$event = 'member.edit';
}
}
}
break;
+ case 'parent_id':
+ return ($this->_parent instanceof Adherent) ? (int)$this->_parent->id : (int)$this->_parent;
+ break;
default:
if (!property_exists($this, $rname)) {
Analog::log(
*
* @return boolean
*/
- public function canEdit($login)
+ public function canEdit(Login $login)
{
+ //admin and staff users can edit, as well as member itself
if ($this->id && $login->id == $this->id || $login->isAdmin() || $login->isStaff()) {
return true;
}
- //check if requested member is part of managed groups
+ //parent can edit their child cards
+ if ($this->hasParent() && $this->parent_id === $login->id) {
+ return true;
+ }
+
+ //group managers can edit members of groups they manage
if ($login->isGroupManager()) {
foreach ($this->getGroups() as $g) {
if ($login->isGroupManager($g->getId())) {
return false;
}
+ /**
+ * Can current logged in user display member
+ *
+ * @param Login $login Login instance
+ *
+ * @return boolean
+ */
+ public function canShow(Login $login)
+ {
+ return $this->canEdit($login);
+ }
+
/**
* Are we currently duplicated a member?
*
public function load($id)
{
try {
- $select = $this->zdb->select(self::TABLE);
- $select->where(self::PK . ' = ' . $id);
+ $select = $this->zdb->select(self::TABLE, 'c');
+ $select->join(
+ array('a' => PREFIX_DB . Adherent::TABLE),
+ 'c.' . Adherent::PK . '=a.' . Adherent::PK,
+ array()
+ );
//restrict query on current member id if he's not admin nor staff member
if (!$this->login->isAdmin() && !$this->login->isStaff()) {
- $select->where(Adherent::PK . ' = ' . $this->login->id);
+ if (!$this->login->isGroupManager()) {
+ $select->where
+ ->nest()
+ ->equalTo('a.' . Adherent::PK, $this->login->id)
+ ->or
+ ->equalTo('a.parent_id', $this->login->id)
+ ->unnest()
+ ->and
+ ->equalTo('c.' . self::PK, $id)
+ ;
+ } else {
+ $select->where([
+ Adherent::PK => $this->login->id,
+ self::PK => $id
+ ]);
+ }
+ } else {
+ $select->where->equalTo(self::PK, $id);
}
$results = $this->zdb->execute($select);
{
global $login;
- $address = $member->address;
- if ($member->address_continuation !== '') {
- $address .= '<br/>' . $member->address_continuation;
+ $address = $member->getAddress();
+ if ($member->getAddressContinuation() !== '') {
+ $address .= '<br/>' . $member->getAddressContinuation();
}
if ($member->isMan()) {
'adh_profession' => $member->job,
'adh_company' => $member->company_name,
'adh_address' => $address,
- 'adh_zip' => $member->zipcode,
- 'adh_town' => $member->town,
- 'adh_country' => $member->country,
+ 'adh_zip' => $member->getZipcode(),
+ 'adh_town' => $member->getTown(),
+ 'adh_country' => $member->getCountry(),
'adh_phone' => $member->phone,
'adh_mobile' => $member->gsm,
+ //always take current member email, to be sure.
'adh_email' => $member->email,
'adh_login' => $member->login,
'adh_main_group' => $main_group,
private $end_date_filter = null;
private $payment_type_filter = null;
private $filtre_cotis_adh = null;
+ private $filtre_cotis_children = false;
private $filtre_transactions = null;
private $from_transaction = false;
'start_date_filter',
'end_date_filter',
'filtre_cotis_adh',
+ 'filtre_cotis_children',
'date_field',
'payment_type_filter',
'filtre_transactions',
$this->payment_type_filter = null;
$this->filtre_transactions = null;
$this->filtre_cotis_adh = null;
+ $this->filtre_cotis_children = false;
$this->from_transaction = false;
$this->max_amount = null;
}
);
}
- if (!$this->login->isAdmin() && !$this->login->isStaff()) {
+ $member_clause = null;
+ if ($this->filters->filtre_cotis_children !== false) {
+ $member_clause = [$this->login->id];
+ $member = new Adherent(
+ $this->zdb,
+ (int)$this->filters->filtre_cotis_children,
+ [
+ 'picture' => false,
+ 'groups' => false,
+ 'dues' => false,
+ 'children' => true
+ ]
+ );
+ foreach ($member->children as $child) {
+ $member_clause[] = $child->id;
+ }
+ } elseif ($this->filters->filtre_cotis_adh != null) {
+ $member_clause = [$this->filters->filtre_cotis_adh];
+ if (!$this->login->isAdmin() && !$this->login->isStaff() && $this->filters->filtre_cotis_adh != $this->login->id) {
+ $member = new Adherent(
+ $this->zdb,
+ (int)$this->filters->filtre_cotis_adh,
+ [
+ 'picture' => false,
+ 'groups' => false,
+ 'dues' => false,
+ 'parent' => true
+ ]
+ );
+ if (
+ !$member->hasParent() ||
+ $member->hasParent() && $member->parent->id != $this->login->id
+ ) {
+ Analog::log(
+ 'Trying to display contributions for member #' . $member->id .
+ ' without appropriate ACLs',
+ Analog::WARNING
+ );
+ $member_clause = [$this->login->id];
+ }
+ }
+ } elseif (!$this->login->isAdmin() && !$this->login->isStaff()) {
//non staff members can only view their own contributions
+ $member_clause = $this->login->id;
+ }
+
+ if ($member_clause !== null) {
$select->where(
array(
- 'a.' . Adherent::PK => $this->login->id
+ 'a.' . Adherent::PK => $member_clause
)
);
- } elseif ($this->filters->filtre_cotis_adh != null) {
- $select->where(
- 'a.' . Adherent::PK . ' = ' . $this->filters->filtre_cotis_adh
- );
}
+
if ($this->filters->filtre_transactions === true) {
$select->where('a.trans_id IS NULL');
}
__METHOD__ . ' | ' . $e->getMessage(),
Analog::WARNING
);
+ throw $e;
}
}
{/if}
</a>
</th>
-{if ($login->isAdmin() or $login->isStaff()) and !isset($member)}
+{if (($login->isAdmin() or $login->isStaff()) and !isset($member)) or isset($pmember)}
<th class="left">
<a href="{path_for name="contributions" data=["type" => "contributions", "option" => "order", "value" => "Galette\Filters\ContributionsList::ORDERBY_MEMBER"|constant]}">{_T string="Member"}
{if $filters->orderby eq constant('Galette\Filters\ContributionsList::ORDERBY_MEMBER')}
<td class="{$cclass} nowrap" data-title="{_T string="Date"}">{$contribution->date}</td>
<td class="{$cclass} nowrap" data-title="{_T string="Begin"}">{$contribution->begin_date}</td>
<td class="{$cclass} nowrap" data-title="{_T string="End"}">{$contribution->end_date}</td>
- {if ($login->isAdmin() or $login->isStaff()) && !isset($member)}
+ {if (($login->isAdmin() or $login->isStaff()) && !isset($member)) or isset($pmember)}
<td class="{$cclass}" data-title="{_T string="Member"}">
{if isset($member)}
{assign var="mname" value=$member->sname}
{_T string="Modification"}
</a>
</li>
-{if $login->isAdmin() or $login->isStaff()}
+{if $login->isAdmin() or $login->isStaff() || $login->id eq $member->id || ($member->hasParent() and $member->parent->id eq $login->id)}
<li>
<a
href="{path_for name="contributions" data=["type" => "contributions", "option" => "member", "value" => $member->id]}"
{_T string="View contributions"}
</a>
</li>
+{/if}
+{if $login->isAdmin() or $login->isStaff()}
<li>
<a
href="{path_for name="addContribution" data=["type" => constant('Galette\Entity\Contribution::TYPE_FEE')]}?id_adh={$member->id}"
Projects / galette.git / commitdiff