feat: Allowing Org Admins to Add/Invite Users (#8763)

openfoodfacts · Aug 14, 2023 · e2494e6 · e2494e6
1 parent 940b0b6
commit e2494e6
Show file tree

Hide file tree

Showing 5 changed files with 130 additions and 4 deletions.
diff --git a/cgi/org.pl b/cgi/org.pl
@@ -358,18 +358,32 @@
 	if ($type eq "edit") {
 
 		store_org($org_ref);
+		$template_data_ref->{result} = lang("edit_org_result");
 	}
 	elsif ($type eq 'user_delete') {
 
-		if (is_user_in_org_group($org_ref, $User_id, "admins")) {
-			remove_user_by_org_admin($orgid, single_param('user_id'));
+		if (is_user_in_org_group($org_ref, $User_id, "admins") or $admin or $User{pro_moderator}) {
+			remove_user_by_org_admin(single_param('org_id'), single_param('user_id'));
+			$template_data_ref->{result} = lang("edit_org_result");
 		}
 		else {
 			display_error_and_exit($Lang{error_no_permission}{$lang}, 403);
 		}
 
 	}
-	$template_data_ref->{result} = lang("edit_org_result");
+	elsif ($type eq 'add_users') {
+		if (is_user_in_org_group($org_ref, $User_id, "admins") or $admin or $User{pro_moderator}) {
+			my $email_list = remove_tags_and_quote(single_param('email_list'));
+			my $email_ref = add_users_to_org_by_admin($orgid, $email_list);
+
+			# Set the template data for display
+			$template_data_ref->{email_ref} = {
+				added => \@{$email_ref->{added}},
+				invited => \@{$email_ref->{invited}},
+			};
+		}
+	}
+
 	$template_data_ref->{profile_url} = canonicalize_tag_link("editors", "org-" . $orgid);
 	$template_data_ref->{profile_name} = sprintf(lang('user_s_page'), $org_ref->{name});
 }

diff --git a/lib/ProductOpener/Users.pm b/lib/ProductOpener/Users.pm
@@ -65,6 +65,7 @@ BEGIN {
 		&check_password_hash
 		&retrieve_user
 		&remove_user_by_org_admin
+		&add_users_to_org_by_admin
 
 		&check_session
 
@@ -936,6 +937,25 @@ sub retrieve_user ($user_id) {
 	return $user_ref;
 }
 
+sub is_email_has_off_account ($email) {
+
+	# First, check if the email exists in the users_emails.sto file
+	my $emails_ref = retrieve("$data_root/users/users_emails.sto");
+
+	if (defined $emails_ref->{$email}) {
+		my $user_id = $emails_ref->{$email}[0];
+
+		# Next, check if the user file exists and has the 'userid' field
+		my $user_file = "$data_root/users/" . get_string_id_for_lang("no_language", $user_id) . ".sto";
+		if (-e $user_file) {
+			my $user_ref = retrieve($user_file);
+			return $user_ref->{userid} if defined $user_ref->{userid};
+		}
+	}
+
+	return;    # Email is not associated with an OFF account
+}
+
 sub remove_user_by_org_admin ($orgid, $user_id) {
 	my $groups_ref = ['admins', 'members'];
 	remove_user_from_org($orgid, $user_id, $groups_ref);
@@ -949,6 +969,38 @@ sub remove_user_by_org_admin ($orgid, $user_id) {
 	return;
 }
 
+sub add_users_to_org_by_admin ($org_id, $email_list) {
+
+	my @emails_added;
+	my @emails_invited;
+
+	# Convert the email_list into an array of email addresses
+	my @emails = split(/,\s*/, $email_list);
+
+	foreach my $email (@emails) {
+
+		# Check if the email is associated with an OpenFoodFacts account
+		my $user_id = is_email_has_off_account($email);
+		if (defined $user_id) {
+			# Add the user to the organization
+			add_user_to_org($org_id, $user_id, ["members"]);
+			push @emails_added, $email;
+		}
+		else {
+
+			push @emails_invited, $email;
+
+		}
+	}
+	my $email_ref = {
+		added => \@emails_added,
+		invited => \@emails_invited,
+	};
+	$log->debug("The list of email ids ", {emails_list => $email_ref}) if $log->is_debug();
+
+	return $email_ref;
+}
+
 sub init_user ($request_ref) {
 
 	my $user_id = undef;

diff --git a/po/common/common.pot b/po/common/common.pot
@@ -111,6 +111,10 @@ msgctxt "enter_name_of_org"
 msgid "Please enter the name of your organization (company name or brand)."
 msgstr "Please enter the name of your organization (company name or brand)."
 
+msgctxt "enter_email_addresses_of_users"
+msgid "Enter email addresses of users to invite (comma-separated):"
+msgstr "Enter email addresses of users to invite (comma-separated):"
+
 msgctxt "f_this_is_a_pro_account_for_org"
 msgid "This account is a professional account associated with the producer or brand {org}. You have access to the Platform for Producers."
 msgstr "This account is a professional account associated with the producer or brand {org}. You have access to the Platform for Producers."
@@ -967,6 +971,10 @@ msgctxt "image_attribution_link_title"
 msgid "Photo detail and attribution information"
 msgstr ""
 
+msgctxt "invite_user"
+msgid "Invite Users"
+msgstr "Invite Users"
+
 msgctxt "incomplete_products_you_added"
 msgid "Products you added that need to be completed"
 msgstr ""
@@ -6527,6 +6535,14 @@ msgctxt "product_js_enter_value_between_0_and_max"
 msgid "Please enter a value between 0 and {max}."
 msgstr "Please enter a value between 0 and {max}."
 
+msgctxt "please_ask_users_create_account_first"
+msgid "Please ask the following users to create an Open Food Facts account first:"
+msgstr "Please ask the following users to create an Open Food Facts account first:"
+
+msgctxt "users_added_successfully"
+msgid "Users added to the organization successfully:"
+msgstr "Users added to the organization successfully:"
+
 msgctxt "product_js_sugars_warning"
 msgid "Sugars should not be higher than carbohydrates."
 msgstr "Sugars should not be higher than carbohydrates."

diff --git a/po/common/en.po b/po/common/en.po
@@ -115,6 +115,10 @@ msgctxt "enter_name_of_org"
 msgid "Please enter the name of your organization (company name or brand)."
 msgstr "Please enter the name of your organization (company name or brand)."
 
+msgctxt "enter_email_addresses_of_users"
+msgid "Enter email addresses of users to invite (comma-separated):"
+msgstr "Enter email addresses of users to invite (comma-separated):"
+
 msgctxt "f_this_is_a_pro_account_for_org"
 msgid "This account is a professional account associated with the producer or brand {org}. You have access to the Platform for Producers."
 msgstr "This account is a professional account associated with the producer or brand {org}. You have access to the Platform for Producers."
@@ -975,6 +979,10 @@ msgctxt "image_attribution_link_title"
 msgid "Photo detail and attribution information"
 msgstr "Photo detail and attribution information"
 
+msgctxt "invite_user"
+msgid "Invite Users"
+msgstr "Invite Users"
+
 msgctxt "incomplete_products_you_added"
 msgid "Products you added that need to be completed"
 msgstr "Products you added that need to be completed"
@@ -6551,6 +6559,14 @@ msgctxt "product_js_enter_value_between_0_and_max"
 msgid "Please enter a value between 0 and {max}."
 msgstr "Please enter a value between 0 and {max}."
 
+msgctxt "please_ask_users_create_account_first"
+msgid "Please ask the following users to create an Open Food Facts account first:"
+msgstr "Please ask the following users to create an Open Food Facts account first:"
+
+msgctxt "users_added_successfully"
+msgid "Users added to the organization successfully:"
+msgstr "Users added to the organization successfully:"
+
 msgctxt "product_js_sugars_warning"
 msgid "Sugars should not be higher than carbohydrates."
 msgstr "Sugars should not be higher than carbohydrates."

diff --git a/templates/web/pages/org_form/org_form.tt.html b/templates/web/pages/org_form/org_form.tt.html
@@ -43,7 +43,7 @@ <h2>[% lang("organization_members") %]</h2>
 						<input type="hidden" name="type" value="user_delete" />
 						<input type="hidden" name="org_id" value="[% orgid %]">
 						<input type="hidden" name="user_id" value="[% users.userid %]">
-						<input type="submit" name="remove_user" class="button small" value="[% lang("remove_user") %]"/ />
+						<input type="submit" name="remove_user" class="button small" value="[% lang("remove_user") %]"/>
 					</form>
 				</td>
 			</tr>
@@ -54,6 +54,15 @@ <h2>[% lang("organization_members") %]</h2>
 	</div>
 	[% END %]
 
+		<form method="post" action="/cgi/org.pl" enctype="multipart/form-data" style="margin-bottom: 20px;">
+		<p>[% lang('enter_email_addresses_of_users') %]</p>
+		<textarea id="email_list" name="email_list" style="height:100px;width:50vw"></textarea>
+		<input type="hidden" name="action" value="process" />
+		<input type="hidden" name="type" value="add_users" />
+		<input type="hidden" name="orgid" value="[% orgid %]" />
+		<input type="submit" name=".submit" class="button" value="[% lang("invite_user") %]"/>
+	</form>
+
     <!-- Start form -->
 
     <p>[% lang('org_profile_description') %]</p>
@@ -131,6 +140,25 @@ <h2>[% lang("organization_members") %]</h2>
     <!-- End form -->
 
 [% ELSIF action == 'process' %]
+
+[% IF email_ref.invited.size > 0 %]
+<h3>[% lang('please_ask_users_create_account_first') %]</h3>
+<ul>
+	[% FOREACH email IN email_ref.invited %]
+	<li>[% email %]</li>
+	[% END %]
+</ul>
+[% END %]
+
+[% IF email_ref.added.size > 0 %]
+<h3>[% lang('users_added_successfully') %]</h3>
+<ul>
+	[% FOREACH email IN email_ref.added %]
+	<li>[% email %]</li>
+	[% END %]
+</ul>
+[% END %]
+
     <p>[% result %]</p>
     <p>&rarr; <a href="[% profile_url %]">[% profile_name %]</a></p>
 [% END %]