Skip to content

Commit

Permalink
adding some security tweaks for calendar/award admins
Browse files Browse the repository at this point in the history
  • Loading branch information
@jhandel
jhandel committed Sep 13, 2024
1 parent 3f481ab commit 8d0b2dc
Show file tree
Hide file tree
Showing 8 changed files with 61 additions and 35 deletions.
Binary file modified app/config/Migrations/schema-dump-default.lock
View file
Binary file not shown.
4 changes: 3 additions & 1 deletion app/plugins/Awards/Assets/js/controllers/rec-add-controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,9 @@ class AwardsRecommendationAddForm extends Controller {
.then(data => {
this.callIntoCourtTarget.value = data.additional_info.CallIntoCourt;
this.courtAvailabilityTarget.value = data.additional_info.CourtAvailability;
this.personToNotifyTarget.value = data.additional_info.PersonToGiveNoticeTo;
if (data.additional_info.PersonToGiveNoticeTo) {
this.personToNotifyTarget.value = data.additional_info.PersonToGiveNoticeTo;
}
if (this.callIntoCourtTarget.value != "") {
this.callIntoCourtTarget.disabled = true;
} else {
Expand Down
17 changes: 15 additions & 2 deletions app/plugins/Awards/src/Controller/EventsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
namespace Awards\Controller;

use Awards\Controller\AppController;
use Awards\Model\Entity\Recommendation;

/**
* Awards Controller
Expand Down Expand Up @@ -51,11 +52,17 @@ public function view($id = null)
'Branches' => function ($q) {
return $q->select(['id', 'name']);
},
]);

$currentUser = $this->request->getAttribute('identity');
if ($currentUser->can("view", "Awards.Recommendations")) {
$event->contain([
'RecommendationsToGive' => function ($q) {
return $q->contain(['Awards'])->select(['id', 'event_id', 'member_sca_name', 'award_id', 'specialty', 'call_into_court', 'court_availability', 'status', 'Awards.abbreviation'])->orderBy(['member_sca_name' => 'ASC']);
}
])
->first();
]);
}
$event = $event->first();

if (!$event) {
throw new \Cake\Http\Exception\NotFoundException();
Expand Down Expand Up @@ -144,6 +151,12 @@ public function delete($id = null)
$event->name = "Deleted: " . $event->name;
if ($this->Events->delete($event)) {
$this->Flash->success(__('The Event has been deleted.'));
$recs = $this->Events->RecommendationsToGive->find('all')->where(['event_id' => $event->id])->all();
foreach ($recs as $rec) {
$rec->event_id = null;
$rec->status = Recommendation::STATUS_NEED_TO_SCHEDULE;
$this->Events->RecommendationsToGive->save($rec);
}
} else {
$this->Flash->error(__('The Event could not be deleted. Please, try again.'));
return $this->redirect(['action' => 'view', $event->id]);
Expand Down
63 changes: 35 additions & 28 deletions app/plugins/Awards/templates/Events/view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,31 +48,37 @@

<?php $this->KMP->endBlock() ?>
<?php $this->KMP->startBlock("tabButtons") ?>
<?php
$currentUser = $this->request->getAttribute('identity');
if ($currentUser->can("view", "Awards.Recommendations")): ?>
<button class="nav-link" id="nav-scheduledAwards-tab" data-bs-toggle="tab" data-bs-target="#nav-scheduledAwards"
type="button" role="tab" aria-controls="nav-scheduledAwards" aria-selected="false"
data-detail-tabs-target='tabBtn'><?= __("Scheduled Awards") ?></button>
<?php endif; ?>
<?php $this->KMP->endBlock() ?>
<?php $this->KMP->startBlock("tabContent") ?>
<?php
if ($currentUser->can("view", "Awards.Recommendations")): ?>
<div class="related tab-pane fade m-3" id="nav-scheduledAwards" role="tabpanel"
aria-labelledby="nav-scheduledAwards-tab" data-detail-tabs-target="tabContent">
<?php if (!empty($event->recommendations_to_give)) :
$csv = [];
$csv[] = ["Name", "Award", "Court Availability", "Call Into Court", "Status"];
foreach ($event->recommendations_to_give as $rec) {
$csv[] = [
$rec->member_sca_name,
$rec->award->abbreviation . ($rec->specialty ? " (" . $rec->specialty . ")" : ""),
$rec->court_availability,
$rec->call_into_court,
$rec->status,
];
}
$exportString = $this->KMP->makeCsv($csv);
//url encode the csv string
$exportString = urlencode($exportString);
//replace encoded spaces with spaces
$exportString = str_replace("+", " ", $exportString);
?>
$csv = [];
$csv[] = ["Name", "Award", "Court Availability", "Call Into Court", "Status"];
foreach ($event->recommendations_to_give as $rec) {
$csv[] = [
$rec->member_sca_name,
$rec->award->abbreviation . ($rec->specialty ? " (" . $rec->specialty . ")" : ""),
$rec->court_availability,
$rec->call_into_court,
$rec->status,
];
}
$exportString = $this->KMP->makeCsv($csv);
//url encode the csv string
$exportString = urlencode($exportString);
//replace encoded spaces with spaces
$exportString = str_replace("+", " ", $exportString);
?>
<div class="table-responsive">
<a href="data:text/csv;charset=utf-8,<?= $exportString ?>" download="recommendations.csv"
class="btn btn-primary btn-sm">Export CSV</a>
Expand All @@ -81,24 +87,24 @@ class="btn btn-primary btn-sm">Export CSV</a>
<tr>
<th scope="col"><?= h("Name") ?></th>
<th scope="col"><?= h(
"Award",
) ?></th>
"Award",
) ?></th>
<th scope="col"><?= h(
"Court Availability",
) ?></th>
"Court Availability",
) ?></th>
<th scope="col"><?= h(
"Call Into Court",
) ?></th>
"Call Into Court",
) ?></th>
<th scope="col"><?= h(
"Status",
) ?></th>
"Status",
) ?></th>
</tr>
</thead>
<tbody>
<?php foreach (
$event->recommendations_to_give
as $rec
) : ?>
$event->recommendations_to_give
as $rec
) : ?>
<tr>
<td><?= h($rec->member_sca_name) ?></td>
<td><?= h($rec->award->abbreviation) ?>
Expand All @@ -118,6 +124,7 @@ class="btn btn-primary btn-sm">Export CSV</a>
<p>No Awards Scheduled</p>
<?php endif; ?>
</div>
<?php endif; ?>
<?php $this->KMP->endBlock() ?>
<?php
echo $this->KMP->startBlock("modals");
Expand Down
3 changes: 2 additions & 1 deletion app/plugins/Awards/templates/Recommendations/add.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,8 @@
echo $this->Form->control('person_to_notify', [
'label' => 'Person to Notify',
'value' => $recommendation->person_to_notify,
'data-awards-rec-add-target' => 'personToNotify'
'data-awards-rec-add-target' => 'personToNotify',
'help' => 'Only enter a name if you know who should be notified if the crown proceeds with the recommendation.'
]);
echo $this->KMP->comboBoxControl(
$this->Form,
Expand Down
3 changes: 2 additions & 1 deletion app/plugins/Awards/templates/Recommendations/submit_recommendation.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,8 @@
echo $this->Form->control('person_to_notify', [
'label' => 'Person to Notify',
'value' => $recommendation->person_to_notify,
'data-awards-rec-add-target' => 'personToNotify'
'data-awards-rec-add-target' => 'personToNotify',
'help' => 'Only enter a name if you know who should be notified if the crown proceeds with the recommendation.'
]);
echo $this->KMP->comboBoxControl(
$this->Form,
Expand Down
4 changes: 3 additions & 1 deletion app/webroot/js/controllers.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion app/webroot/mix-manifest.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"/js/controllers.js": "/js/controllers.js?id=b760e3707960afc2875e248015e5d9ad",
"/js/controllers.js": "/js/controllers.js?id=47a78cc7826f2df31a9f6eaee47fd720",
"/js/index.js": "/js/index.js?id=05830d35bc6fe6a349e66365323c6a6a",
"/js/manifest.js": "/js/manifest.js?id=7c272cf5bb1fce790aca5d3d66720a64",
"/js/core.js": "/js/core.js?id=b1125d54a85324a90cdae0b0b8f4dac8",
Expand Down

0 comments on commit 8d0b2dc

Please sign in to comment.