/**
* Display list of all groups.
*/
public function getGroupList()
{
$thisUser = Auth::user();
$groups = ProjectHandler::listGroups();
$projects = [];
foreach ($groups as $group) {
$canView = PermissionHandler::checkProject($thisUser, $group, Permissions::PROJECT_READ);
$users = 0;
foreach (Roles::$PROJECT_ROLE_NAMES as $role) {
// List userts with $role in this group -- make [] when none
$projectRole = Sentry::findGroupByName($group . ':' . $role);
$users += sizeOf($projectRole['user_agent_ids']);
}
array_push($projects, ['name' => $group, 'canview' => $canView, 'users' => $users]);
}
$isAdmin = PermissionHandler::checkAdmin($thisUser, Permissions::ALLOW_ALL);
return View::make('projects.list')->with('projects', $projects)->with('isAdmin', $isAdmin);
}
* Alternatively it should be passed in as a GET/POST parameter
*
* $permission needs to be passed in as a filter parameter
*
* 'before' => 'permission:'.Permissions::PROJECT_ADMIN
*/
Route::filter('permission', function ($route, $request, $permission) {
$thisUser = Auth::user();
$groupName = Route::input('projectname');
// Passed in as route parameter
if (is_null($groupName)) {
$groupName = Input::get('projectname');
// Passed in as parameter parameter
}
// Check permissions
$hasPermission = PermissionHandler::checkProject($thisUser, $groupName, $permission);
if (!$hasPermission) {
return Redirect::back()->with('flashError', 'You do not have permission to perform selected action');
}
});
/**
* Require routes to have admin permissions.
*/
Route::filter('adminPermission', function () {
$thisUser = Auth::user();
// Check permissions
$isAdmin = PermissionHandler::checkAdmin($thisUser, Permissions::ALLOW_ALL);
if (!$isAdmin) {
return Redirect::back()->with('flashError', 'You do not have permission to perform selected action');
}
});
/**
* Display list of all users
*/
public function getUserlist()
{
$userlist = UserAgent::getUserlist();
// Logged in user can view other user's profiles
$viewProfiles = PermissionHandler::checkAdmin(Auth::user(), Permissions::ALLOW_ALL);
$thisUser = Auth::user();
// List of groups this user can invite people to
$groupsManaged = [];
// For each group logged in user belongs to
foreach (ProjectHandler::getUserProjects($thisUser) as $group) {
// Check if user has admin permission..
if (PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_ADMIN)) {
array_push($groupsManaged, $group['name']);
}
}
$userGroupInfo = [];
foreach ($userlist as $user) {
// List of groups $user belongs to
$usergroups = ProjectHandler::getUserProjects($user);
$usergroupnames = array_column($usergroups, 'name');
// List of groups logged in user can invite $user to join
// and that $user is not already a member of.
$inviteGroups = array_diff($groupsManaged, $usergroupnames);
$belongGroups = [];
foreach ($usergroups as $group) {
// Can logged user assign roles for this group ?
$canAssign = PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_ADMIN);
// Can logged user view info for this group ?
$canView = PermissionHandler::checkProject($thisUser, $group['name'], Permissions::PROJECT_READ);
// User cannot change his own permissions
if ($user['_id'] == $thisUser['_id']) {
$canAssign = false;
}
$group['canview'] = $canView;
$group['assignrole'] = $canAssign;
array_push($belongGroups, $group);
}
$userGroupInfo[$user['_id']] = ['groups' => $belongGroups, 'tojoin' => $inviteGroups];
}
return View::make('users.list')->with('userlist', $userlist)->with('viewProfiles', $viewProfiles)->with('usergroups', $userGroupInfo);
}
