rciam · lionick · Nov 12, 2020
diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
@@ -937,7 +937,7 @@ function menuAuth() {
     $p['menu']['coattrenums'] = $roles['cmadmin'] || $roles['coadmin'];
 
     // Manage any CO configuration?
-    $p['menu']['coconfig'] = $roles['cmadmin'] || $roles['coadmin'];
+    $p['menu']['coconfig'] = $roles['cmadmin'] || $roles['coadmin'] || $roles['couadmin'];
 
     // View CO departments?
     $p['menu']['codepartments'] = $roles['cmadmin'];
@@ -980,7 +980,7 @@ function menuAuth() {
     $p['menu']['idvalidate'] = $roles['cmadmin'] || $roles['coadmin'];
 
     // Manage COU definitions?
-    $p['menu']['cous'] = $roles['cmadmin'] || $roles['coadmin'];
+    $p['menu']['cous'] = $roles['cmadmin'] || $roles['coadmin'] || $roles['couadmin'];
 
     // Manage CO Email Lists
     $p['menu']['colists'] = $roles['cmadmin'] || $roles['coadmin'];

diff --git a/app/Controller/CoDashboardsController.php b/app/Controller/CoDashboardsController.php
@@ -122,7 +122,7 @@ function isAuthorized() {
     // Determine what operations this user can perform
 
     // Lock down the configuration dashboard to only cmadmin and coadmin for now (might change in future)
-    $p['configuration'] = ($roles['cmadmin'] || $roles['coadmin']);
+    $p['configuration'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['couadmin']);
 
     // View the dashboard for the specified CO?
     $p['dashboard'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['comember']);

diff --git a/app/Controller/CousController.php b/app/Controller/CousController.php
@@ -53,6 +53,22 @@ class CousController extends StandardController {
   public $view_contains = array(
     'ParentCou'
   );
+
+  function index() {
+    $roles = $this->Role->calculateCMRoles();
+
+    if($roles['couadmin'] && !$roles['coadmin'] && !$roles['cmadmin']) {
+      $coPersonId =  $this->Session->read('Auth.User.co_person_id');
+      $CoGroupMember = ClassRegistry::init('CoGroupMember');
+      $ret = $CoGroupMember->findCoPersonGroupRoles($coPersonId);
+      $coId = $this->cur_co['Co']['id'];
+      $cous = $this->Cou->potentialParents(NULL, $coId, $ret['owner'], TRUE);
+      $this->set('cous', $cous);
+    }
+    else {
+      parent::index();
+    }
+  }
 
   /**
    * Perform filtering of COU parent options for dropdown.
@@ -81,8 +97,16 @@ function beforeRender() {
           $coId = $this->cur_co['Co']['id'];
           break;
       }
-
-      $options = $this->Cou->potentialParents($couId, $coId);
+      $roles = $this->Role->calculateCMRoles();
+      if($roles['couadmin'] && !$roles['cmadmin'] && !$roles['coadmin']) {
+        $coPersonId = $this->Session->read('Auth.User.co_person_id');
+        $CoGroupMember = ClassRegistry::init('CoGroupMember');
+        $ret = $CoGroupMember->findCoPersonGroupRoles($coPersonId);
+        $options = $this->Cou->potentialParents($couId, $coId, $ret['owner']);
+      }
+      else {
+        $options = $this->Cou->potentialParents($couId, $coId);
+      }
       $this->set('parent_options', $options);
       }
     }
@@ -218,7 +242,7 @@ function checkWriteFollowups($reqdata, $curdata = null, $origdata = null) {
     if(!$this->request->is('restful') && $this->action == 'edit') {
       if(!empty($reqdata['Cou']['name'])
          && !empty($curdata['Cou']['name'])
-         && $reqdata['Cou']['name'] != $curdata['Cou']['name']) {
+         && ($reqdata['Cou']['name'] != $curdata['Cou']['name'] || $reqdata['Cou']['parent_id'] != $curdata['Cou']['parent_id'])) {
         // The COU has been renamed, so update the relevant group names
 
         $this->Cou->Co->CoGroup->addDefaults($reqdata['Cou']['co_id'], $this->Cou->id, true);
@@ -240,22 +264,35 @@ function checkWriteFollowups($reqdata, $curdata = null, $origdata = null) {
   function isAuthorized() {
     $roles = $this->Role->calculateCMRoles();             // What was authenticated
 
+    // Check if user wants to access an edit form if is admin at this COU so to give him/ her permissions to edit or delete this COU
+    if(!empty($this->request->params["pass"])) {
+      $allowEditDelete = FALSE;
+      $array_keys = array_keys($roles["admincous"]);
+      $params = $this->request->params["pass"];
+      if(in_array($this->request->params["pass"][0], array_keys($roles["admincous"]))) {
+        $allowEditDelete = TRUE;
+      }
+    }
+    else {
+      $allowEditDelete = $roles['couadmin'];
+    }
+
     // Construct the permission set for this user, which will also be passed to the view.
     $p = array();
 
     // Determine what operations this user can perform
 
     // Add a new COU?
-    $p['add'] = ($roles['cmadmin'] || $roles['coadmin']);
+    $p['add'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['couadmin']);
 
     // Delete an existing COU?
-    $p['delete'] = ($roles['cmadmin'] || $roles['coadmin']);
+    $p['delete'] = ($roles['cmadmin'] || $roles['coadmin'] || $allowEditDelete);
 
     // Edit an existing COU?
-    $p['edit'] = ($roles['cmadmin'] || $roles['coadmin']);
+    $p['edit'] = ($roles['cmadmin'] || $roles['coadmin']  || $allowEditDelete);
 
     // View all existing COUs?
-    $p['index'] = ($roles['cmadmin'] || $roles['coadmin']);
+    $p['index'] = ($roles['cmadmin'] || $roles['coadmin'] || $roles['couadmin']);
 
     // View an existing COU?
     $p['view'] = ($roles['cmadmin'] || $roles['coadmin']);

diff --git a/app/Model/Cou.php b/app/Model/Cou.php
@@ -26,6 +26,7 @@
  */
 
 class Cou extends AppModel {
+
   // Define class name for cake
   public $name = "Cou";
 
@@ -188,7 +189,7 @@ public function allCous($coId, $format="hash") {
    * @return Array Array of [id] => [name]
    */
 
-  public function potentialParents($currentCou, $coId) {
+  public function potentialParents($currentCou, $coId, $groupAdmin = FALSE, $returnOptionArray = FALSE) {
     // Editing an existing COU requires removing it and its children from the list of potential parents
     if($currentCou) {
       // Find this COU and its children
@@ -212,14 +213,28 @@ public function potentialParents($currentCou, $coId) {
     } else {
       $conditions = array();
       $conditions['Cou.co_id'] = $coId;
+      if($groupAdmin !== FALSE) {
+        $joins[0]['table'] = 'co_groups';
+        $joins[0]['alias'] = 'CoGroups';
+        $joins[0]['type'] = 'INNER';
+        $joins[0]['conditions'][0] = 'Cou.id=CoGroups.cou_id';
+        $conditions['CoGroups.id'] = $groupAdmin;
+
+      } 
     }
 
     $args = array();
     $args['conditions'] = $conditions;
+    if(!empty($joins)){
+      $args['joins'] = $joins;
+    }
     $args['contain'] = false;
 
     // Create options list all other COUS in CO
     $optionArrays = $this->find('all', $args);
+    if($returnOptionArray){
+      return $optionArrays;
+    }
     $optionList = Set::combine($optionArrays, '{n}.Cou.id','{n}.Cou.name');
 
     return $optionList;

diff --git a/app/View/CoGroups/index.ctp b/app/View/CoGroups/index.ctp
@@ -356,8 +356,8 @@
             $e = $permissions['edit'];
             $v = $permissions['view'] || $c['CoGroup']['open'];
 
-            if(!empty($permissions['owner'])
-               && in_array($c['CoGroup']['id'], $permissions['owner'])) {
+            if((!empty($permissions['owner']) && in_array($c['CoGroup']['id'], $permissions['owner'])) 
+            || in_array($c['CoGroup']['id'], $permissions['admingroups'])) {
               $d = true;
               $e = true;
             }