diff --git a/app/Controller/AdHocAttributesController.php b/app/Controller/AdHocAttributesController.php index 909081d91..3fca69115 100644 --- a/app/Controller/AdHocAttributesController.php +++ b/app/Controller/AdHocAttributesController.php @@ -148,6 +148,12 @@ function isAuthorized() { } elseif(!empty($aha['AdHocAttribute']['org_identity_id'])) { $managed = $this->Role->isCoOrCouAdminForOrgidentity($roles['copersonid'], $aha['AdHocAttribute']['org_identity_id']); + if(!empty($roles['orgidentities'])) { + $org_ids = Hash::extract($roles, 'orgidentities.{n}.org_id'); + if(in_array($aha['AdHocAttribute']['org_identity_id'], $org_ids)) { + $self = true; + } + } } } break; diff --git a/app/Controller/AddressesController.php b/app/Controller/AddressesController.php index 4bcb6acfd..954598450 100644 --- a/app/Controller/AddressesController.php +++ b/app/Controller/AddressesController.php @@ -185,6 +185,12 @@ function isAuthorized() { } elseif(!empty($address['Address']['org_identity_id'])) { $managed = $this->Role->isCoOrCouAdminForOrgidentity($roles['copersonid'], $address['Address']['org_identity_id']); + if(!empty($roles['orgidentities'])) { + $org_ids = Hash::extract($roles, 'orgidentities.{n}.org_id'); + if(in_array($address['Address']['org_identity_id'], $org_ids)) { + $self = true; + } + } } } break; diff --git a/app/Controller/CoDepartmentsController.php b/app/Controller/CoDepartmentsController.php index 4268a828d..fe8f2f695 100644 --- a/app/Controller/CoDepartmentsController.php +++ b/app/Controller/CoDepartmentsController.php @@ -149,6 +149,7 @@ function isAuthorized() { // View identifiers? This correlates with IdentifiersController $p['identifiers'] = ($roles['cmadmin'] || $roles['coadmin'] + || $self || ($managed && $roles['couadmin'])); $this->set('permissions', $p); diff --git a/app/Controller/CoPeopleController.php b/app/Controller/CoPeopleController.php index 92f3e7cf7..31f002097 100644 --- a/app/Controller/CoPeopleController.php +++ b/app/Controller/CoPeopleController.php @@ -769,6 +769,7 @@ public function isAuthorized() { // View identifiers? This correlates with IdentifiersController $p['identifiers'] = ($roles['cmadmin'] || $roles['coadmin'] + || $self || ($managed && $roles['couadmin'])); // View history? This correlates with HistoryRecordsController diff --git a/app/Controller/EmailAddressesController.php b/app/Controller/EmailAddressesController.php index 2ee7b834d..8b1c3f233 100644 --- a/app/Controller/EmailAddressesController.php +++ b/app/Controller/EmailAddressesController.php @@ -160,6 +160,12 @@ function isAuthorized() { } elseif(!empty($emailaddress['EmailAddress']['org_identity_id'])) { $managed = $this->Role->isCoOrCouAdminForOrgidentity($roles['copersonid'], $emailaddress['EmailAddress']['org_identity_id']); + if(!empty($roles['orgidentities'])) { + $org_ids = Hash::extract($roles, 'orgidentities.{n}.org_id'); + if(in_array($emailaddress['EmailAddress']['org_identity_id'], $org_ids)) { + $self = true; + } + } } } break; diff --git a/app/Controller/IdentifiersController.php b/app/Controller/IdentifiersController.php index b1f81ef7f..eb5961f22 100644 --- a/app/Controller/IdentifiersController.php +++ b/app/Controller/IdentifiersController.php @@ -291,6 +291,7 @@ function isAuthorized() { // the identifier passed in the URL, otherwise we lookup based on the record ID. $managed = false; + $self = false; if(!empty($roles['copersonid'])) { switch($this->action) { @@ -321,6 +322,12 @@ function isAuthorized() { } elseif(!empty($identifier['Identifier']['org_identity_id'])) { $managed = $this->Role->isCoOrCouAdminForOrgidentity($roles['copersonid'], $identifier['Identifier']['org_identity_id']); + if(!empty($roles['orgidentities'])) { + $org_ids = Hash::extract($roles, 'orgidentities.{n}.org_id'); + if(in_array($identifier['Identifier']['org_identity_id'], $org_ids)) { + $self = true; + } + } } } break; @@ -356,7 +363,8 @@ function isAuthorized() { // View an existing Identifier? $p['view'] = ($roles['cmadmin'] - || $roles['coadmin'] + || $roles['coadmin'] + || $self || ($managed && $roles['couadmin'])); $this->set('permissions', $p); diff --git a/app/Controller/NamesController.php b/app/Controller/NamesController.php index cd1197495..b9a30bbee 100644 --- a/app/Controller/NamesController.php +++ b/app/Controller/NamesController.php @@ -304,6 +304,12 @@ function isAuthorized() { } elseif(!empty($name['Name']['org_identity_id'])) { $managed = $this->Role->isCoOrCouAdminForOrgidentity($roles['copersonid'], $name['Name']['org_identity_id']); + if(!empty($roles['orgidentities'])) { + $org_ids = Hash::extract($roles, 'orgidentities.{n}.org_id'); + if(in_array($name['Name']['org_identity_id'], $org_ids)) { + $self = true; + } + } } } break; diff --git a/app/Controller/OrgIdentitiesController.php b/app/Controller/OrgIdentitiesController.php index 889deeeaa..29dbac5d3 100644 --- a/app/Controller/OrgIdentitiesController.php +++ b/app/Controller/OrgIdentitiesController.php @@ -569,6 +569,7 @@ function isAuthorized() { // View identifiers? This correlates with IdentifiersController $p['identifiers'] = ($roles['cmadmin'] || $roles['coadmin'] + || $self || ($managed && $roles['couadmin'])); // View history? This correlates with HistoryRecordsController diff --git a/app/Controller/TelephoneNumbersController.php b/app/Controller/TelephoneNumbersController.php index 7b113ea0b..abd6ab9a6 100644 --- a/app/Controller/TelephoneNumbersController.php +++ b/app/Controller/TelephoneNumbersController.php @@ -163,6 +163,12 @@ function isAuthorized() { } elseif(!empty($number['TelephoneNumber']['org_identity_id'])) { $managed = $this->Role->isCoOrCouAdminForOrgidentity($roles['copersonid'], $number['TelephoneNumber']['org_identity_id']); + if(!empty($roles['orgidentities'])) { + $org_ids = Hash::extract($roles, 'orgidentities.{n}.org_id'); + if(in_array($number['TelephoneNumber']['org_identity_id'], $org_ids)) { + $self = true; + } + } } } break; diff --git a/app/Controller/UrlsController.php b/app/Controller/UrlsController.php index 6b8c37f7d..001d5b8ad 100644 --- a/app/Controller/UrlsController.php +++ b/app/Controller/UrlsController.php @@ -160,6 +160,12 @@ function isAuthorized() { } elseif(!empty($url['Url']['org_identity_id'])) { $managed = $this->Role->isCoOrCouAdminForOrgidentity($roles['copersonid'], $url['Url']['org_identity_id']); + if(!empty($roles['orgidentities'])) { + $org_ids = Hash::extract($roles, 'orgidentities.{n}.org_id'); + if(in_array($url['Url']['org_identity_id'], $org_ids)) { + $self = true; + } + } } } break;