fix: [encryptionKeys:ui] Aligned UI with what users can actually do

Author: mokaddem

src/Controller/EncryptionKeysController.php

@@ -21,6 +21,7 @@ class EncryptionKeysController extends AppController
 
     public function index()
     {
+        $currentUser = $this->ACL->getUser();
         $this->EncryptionKeys->initializeGpg();
         $Model = $this->EncryptionKeys;
         $this->CRUD->index([
@@ -33,7 +34,7 @@ public function index()
             ],
             'contain' => $this->containFields,
             'statisticsFields' => $this->statisticsFields,
-            'afterFind' => function($data) use ($Model) {
+            'afterFind' => function($data) use ($Model, $currentUser) {
                 if ($data['type'] === 'pgp') {
                     $keyInfo = $Model->verifySingleGPG($data);
                     $data['status'] = __('OK');
@@ -45,6 +46,7 @@ public function index()
                         $data['fingerprint'] = $keyInfo[4];
                     }
                 }
+                $data['_canBeEdited'] = $Model->canEdit($currentUser, $data);
                 return $data;
             }
         ]);
@@ -96,24 +98,12 @@ private function buildBeforeSave(array $params, $currentUser, array &$orgConditi
             }
             $params['beforeSave'] = function($entity) use($currentUser) {
                 if ($entity['owner_model'] === 'organisation') {
-                    if ($entity['owner_id'] !== $currentUser['organisation_id']) {
+                    if (!$this->EncryptionKeys->canEditForOrganisation($currentUser, $entity)) {
                         throw new MethodNotAllowedException(__('Selected organisation cannot be linked by the current user.'));
                     }
-                } else {
-                    if ($currentUser['role']['perm_org_admin']) {
-                        $this->loadModel('Alignments');
-                        $validIndividuals = $this->Alignments->find('list', [
-                            'keyField' => 'individual_id',
-                            'valueField' => 'id',
-                            'conditions' => ['organisation_id' => $currentUser['organisation_id']]
-                        ])->toArray();
-                        if (!isset($validIndividuals[$entity['owner_id']])) {
-                            throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
-                        }
-                    } else {
-                        if ($entity['owner_id'] !== $currentUser['id']) {
-                            throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
-                        }
+                } else if ($entity['owner_model'] === 'individual') {
+                    if (!$this->EncryptionKeys->canEditForIndividual($currentUser, $entity)) {
+                        throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
                     }
                 }
                 return $entity;

src/Model/Table/EncryptionKeysTable.php

@@ -3,6 +3,7 @@
 namespace App\Model\Table;
 
 use App\Model\Table\AppTable;
+use Cake\ORM\TableRegistry;
 use Cake\ORM\Table;
 use Cake\Validation\Validator;
 use Cake\Event\EventInterface;
@@ -147,4 +148,57 @@ public function initializeGpg()
             return null;
         }
     }
+
+    public function canEdit($user, $entity): bool
+    {
+        if ($entity['owner_model'] === 'organisation') {
+            return $this->canEditForOrganisation($user, $entity);
+        } else if ($entity['owner_model'] === 'individual') {
+            return $this->canEditForIndividual($user, $entity);
+        }
+        return false;
+    }
+
+    public function canEditForOrganisation($user, $entity): bool
+    {
+        if ($entity['owner_model'] !== 'organisation') {
+            return false;
+        }
+        if (!empty($user['role']['perm_admin'])) {
+            return true;
+        }
+        if (
+            $user['role']['perm_org_admin'] && 
+            $entity['owner_id'] === $user['organisation_id']
+        ) {
+            return true;
+        }
+        return false;
+    }
+
+    public function canEditForIndividual($user, $entity): bool
+    {
+        if ($entity['owner_model'] !== 'individual') {
+            return false;
+        }
+        if (!empty($user['role']['perm_admin'])) {
+            return true;
+        }
+        if ($user['role']['perm_org_admin']) {
+            $this->Alignments = TableRegistry::get('Alignments');
+            $validIndividuals = $this->Alignments->find('list', [
+                'keyField' => 'individual_id',
+                'valueField' => 'id',
+                'conditions' => ['organisation_id' => $user['organisation_id']]
+            ])->toArray();
+            if (isset($validIndividuals[$entity['owner_id']])) {
+                return true;
+            }
+        } else {
+            if ($entity['owner_id'] === $user['id']) {
+                return true;
+            }
+        }
+        return false;
+    }
 }

templates/EncryptionKeys/index.php

@@ -80,12 +80,22 @@
             [
                 'open_modal' => '/encryptionKeys/edit/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
-                'icon' => 'edit'
+                'icon' => 'edit',
+                'complex_requirement' => [
+                    'function' => function ($row, $options) {
+                        return $row['_canBeEdited'];
+                    }
+                ]
             ],
             [
                 'open_modal' => '/encryptionKeys/delete/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
-                'icon' => 'trash'
+                'icon' => 'trash',
+                'complex_requirement' => [
+                    'function' => function ($row, $options) {
+                        return $row['_canBeEdited'];
+                    }
+                ]
             ],
         ]
     ]