comanage-dev - [comanage-dev] r362 - in registry/trunk/app: Config/Schema Controller Lib Model View/CoEnrollmentFlows
Subject: COmanage Developers List
List archive
[comanage-dev] r362 - in registry/trunk/app: Config/Schema Controller Lib Model View/CoEnrollmentFlows
Chronological Thread
- From:
- To:
- Subject: [comanage-dev] r362 - in registry/trunk/app: Config/Schema Controller Lib Model View/CoEnrollmentFlows
- Date: Sat, 15 Sep 2012 10:20:37 -0400
Author: benno
Date: 2012-09-15 10:20:37 -0400 (Sat, 15 Sep 2012)
New Revision: 362
Added:
registry/trunk/app/Model/CoRole.php
Modified:
registry/trunk/app/Config/Schema/schema.xml
registry/trunk/app/Controller/AppController.php
registry/trunk/app/Controller/CoEnrollmentFlowsController.php
registry/trunk/app/Controller/CoPetitionsController.php
registry/trunk/app/Lib/enum.php
registry/trunk/app/Lib/lang.php
registry/trunk/app/Model/CoEnrollmentFlow.php
registry/trunk/app/Model/CoGroup.php
registry/trunk/app/Model/Cou.php
registry/trunk/app/View/CoEnrollmentFlows/fields.inc
registry/trunk/app/View/CoEnrollmentFlows/index.ctp
Log:
Enhanced Enrollment Flow/Petition Authz (CO-402)
Modified: registry/trunk/app/Config/Schema/schema.xml
===================================================================
--- registry/trunk/app/Config/Schema/schema.xml 2012-09-15 14:19:35 UTC (rev
361)
+++ registry/trunk/app/Config/Schema/schema.xml 2012-09-15 14:20:37 UTC (rev
362)
@@ -515,8 +515,13 @@
<notnull />
<constraint>REFERENCES cm_cos(id)</constraint>
</field>
- <field name="self_enroll" type="L" />
- <field name="admin_enroll" type="C" size="1" />
+ <field name="authz_level" type="C" size="2" />
+ <field name="authz_cou_id" type="I">
+ <constraint>REFERENCES cm_cous(id)</constraint>
+ </field>
+ <field name="authz_co_group_id" type="I">
+ <constraint>REFERENCES cm_co_groups(id)</constraint>
+ </field>
<field name="approval_required" type="L" />
<field name="early_provisioning_exec" type="C" size="128" />
<field name="provisioning_exec" type="C" size="128" />
Modified: registry/trunk/app/Controller/AppController.php
===================================================================
--- registry/trunk/app/Controller/AppController.php 2012-09-15 14:19:35
UTC (rev 361)
+++ registry/trunk/app/Controller/AppController.php 2012-09-15 14:20:37
UTC (rev 362)
@@ -199,6 +199,7 @@
* - apiuser: Valid API (REST) user (for now, API users are equivalent to
cmadmins)
* - orgidentityid: Org Identity ID of current user (or false)
* - copersonid: CO Person ID of current user in current CO (or false)
+ * @todo XXX Rewrite to use Model/CoRole authz calls
*/
public function calculateCMRoles() {
Modified: registry/trunk/app/Controller/CoEnrollmentFlowsController.php
===================================================================
--- registry/trunk/app/Controller/CoEnrollmentFlowsController.php
2012-09-15 14:19:35 UTC (rev 361)
+++ registry/trunk/app/Controller/CoEnrollmentFlowsController.php
2012-09-15 14:20:37 UTC (rev 362)
@@ -69,7 +69,9 @@
$p['index'] = ($cmr['cmadmin'] || $cmr['coadmin']);
// Select a CO Enrollment Flow to create a petition from?
- $p['select'] = ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin']));
+ // Any logged in person can get to this page, however which enrollment
flows they
+ // see will be determined dynamically.
+ $p['select'] = $cmr['user'];
// View an existing CO Enrollment Flow?
$p['view'] = ($cmr['cmadmin'] || $cmr['coadmin']);
@@ -79,6 +81,67 @@
}
/**
+ * Callback after controller methods are invoked but before views are
rendered.
+ * - precondition: Request Handler component has set $this->request->params
+ * - postcondition: $cous may be set.
+ * - postcondition: $co_groups may be set.
+ *
+ * @since COmanage Registry v0.7
+ */
+
+ function beforeRender() {
+ if(!$this->restful) {
+ $this->set('cous', $this->Co->Cou->allCous($this->cur_co['Co']['id'],
"hash"));
+
+ $args = array();
+ $args['conditions']['CoGroup.co_id'] = $this->cur_co['Co']['id'];
+
+ $this->set('co_groups', $this->Co->CoGroup->find("list", $args));
+ }
+
+ parent::beforeRender();
+ }
+
+ /**
+ * Perform any dependency checks required prior to a write (add/edit)
operation.
+ * This method is intended to be overridden by model-specific controllers.
+ *
+ * @since COmanage Registry v0.7
+ * @param Array Request data
+ * @param Array Current data
+ * @return boolean true if dependency checks succeed, false otherwise.
+ */
+
+ function checkWriteDependencies($reqdata, $curdata = null) {
+ // Make sure that a COU ID or CO Group ID was provided, if appropriate.
+
+ if(isset($reqdata['CoEnrollmentFlow']['authz_level'])) {
+ if($reqdata['CoEnrollmentFlow']['authz_level'] ==
EnrollmentAuthzEnum::CoGroupMember) {
+ if(!isset($reqdata['CoEnrollmentFlow']['authz_co_group_id'])
+ || $reqdata['CoEnrollmentFlow']['authz_co_group_id'] == "") {
+ $this->Session->setFlash(_txt('er.ef.authz.gr',
+ array(_txt('en.enrollment.authz',
null, $reqdata['CoEnrollmentFlow']['authz_level']))),
+ '', array(), 'error');
+
+ return false;
+ }
+ } elseif($reqdata['CoEnrollmentFlow']['authz_level'] ==
EnrollmentAuthzEnum::CouAdmin
+ || $reqdata['CoEnrollmentFlow']['authz_level'] ==
EnrollmentAuthzEnum::CouPerson) {
+ if(!isset($reqdata['CoEnrollmentFlow']['authz_cou_id'])
+ || $reqdata['CoEnrollmentFlow']['authz_cou_id'] == "") {
+ $this->Session->setFlash(_txt('er.ef.authz.cou',
+ array(_txt('en.enrollment.authz',
null, $reqdata['CoEnrollmentFlow']['authz_level']))),
+ '', array(), 'error');
+
+ return false;
+ }
+ }
+ }
+
+ return true;
+ }
+
+ /**
* Perform a redirect back to the controller's default view.
* - postcondition: Redirect generated
*
@@ -111,7 +174,16 @@
// Set page title
$this->set('title_for_layout', _txt('ct.co_enrollment_flows.pl'));
+ // Determine which enrollment flows the current user can see
+
+ // XXX As of Cake 2.3 (which we're not currently using), the paginate
accepts the 'findtype' parameter
+ // instead of setting the 0'th index in the array.
+ $this->paginate[0] = 'authorized';
$this->paginate['conditions']['CoEnrollmentFlow.co_id'] =
$this->cur_co['Co']['id'];
+ // This parameter is for the custom find
+ $this->paginate['authorizeCoPersonId'] =
$this->Session->read('Auth.User.co_person_id');
+ $this->paginate['contain'] = false;
+
$this->set('co_enrollment_flows', $this->paginate('CoEnrollmentFlow'));
}
}
Modified: registry/trunk/app/Controller/CoPetitionsController.php
===================================================================
--- registry/trunk/app/Controller/CoPetitionsController.php 2012-09-15
14:19:35 UTC (rev 361)
+++ registry/trunk/app/Controller/CoPetitionsController.php 2012-09-15
14:20:37 UTC (rev 362)
@@ -248,18 +248,31 @@
// Determine what operations this user can perform
+ // Some operations are authorized according to the flow configuration.
+ $flowAuthorized = false;
+
+ // If an enrollment flow was specified, check the authorization for that
flow
+
+ if(isset($this->request->named['coef'])) {
+ $flowAuthorized =
$this->CoPetition->CoEnrollmentFlow->authorizeById($this->request->named['coef'],
+
$cmr['copersonid']);
+ }
+
// Add a new CO Petition?
- $p['add'] = ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin']));
+ $p['add'] = ($flowAuthorized
+ && ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin'])));
// Approve a CO Petition?
$p['approve'] = ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin']));
$p['deny'] = $p['approve'];
// Delete an existing CO Petition?
- $p['delete'] = ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin']));
+ $p['delete'] = ($flowAuthorized
+ && ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin'])));
// Edit an existing CO Petition?
- $p['edit'] = ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin']));
+ $p['edit'] = ($flowAuthorized
+ && ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin'])));
// Match against existing CO People?
// Note this same permission exists in CO People
@@ -268,7 +281,8 @@
// View all existing CO Petitions?
$p['index'] = ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin']));
- // View an existing CO Petition?
+ // View an existing CO Petition? We allow the usual suspects to view a
Petition, even
+ // if they don't have permission to edit it.
$p['view'] = ($cmr['cmadmin'] || $cmr['coadmin'] ||
!empty($cmr['couadmin']));
$this->set('permissions', $p);
Modified: registry/trunk/app/Lib/enum.php
===================================================================
--- registry/trunk/app/Lib/enum.php 2012-09-15 14:19:35 UTC (rev 361)
+++ registry/trunk/app/Lib/enum.php 2012-09-15 14:20:37 UTC (rev 362)
@@ -100,6 +100,16 @@
);*/
}
+class EnrollmentAuthzEnum {
+ const CoAdmin = 'CA';
+ const CoGroupMember = 'CG';
+ const CoOrCouAdmin = 'A';
+ const CoPerson = 'CP';
+ const CouAdmin = 'UA';
+ const CouPerson = 'UP';
+ const None = 'N';
+}
+
class ExtendedAttributeEnum {
const Integer = 'INTEGER';
const Timestamp = 'TIMESTAMP';
Modified: registry/trunk/app/Lib/lang.php
===================================================================
--- registry/trunk/app/Lib/lang.php 2012-09-15 14:19:35 UTC (rev 361)
+++ registry/trunk/app/Lib/lang.php 2012-09-15 14:20:37 UTC (rev 362)
@@ -97,7 +97,7 @@
'ct.organizations.pl' => 'Organizations',
'ct.telephone_numbers.1' => 'Telephone Number',
'ct.telephone_numbers.pl' => 'Telephone Numbers',
-
+
// Email Messages
'em.invite.subject' => 'Invitation to join %1$s',
'em.invite.body' => 'You have been invited to join %1$s. Please
click the link below to accept or decline.',
@@ -157,6 +157,16 @@
ContactEnum::Home => 'Home',
ContactEnum::Mobile => 'Mobile',
ContactEnum::Office => 'Office'),
+
+ 'en.enrollment.authz' => array(
+ EnrollmentAuthzEnum::CoAdmin => 'CO Admin',
+ EnrollmentAuthzEnum::CoGroupMember => 'CO Group Member',
+ EnrollmentAuthzEnum::CoOrCouAdmin => 'CO or COU Admin',
+ EnrollmentAuthzEnum::CoPerson => 'CO Person',
+ EnrollmentAuthzEnum::CouAdmin => 'COU Admin',
+ EnrollmentAuthzEnum::CouPerson => 'COU Person',
+ EnrollmentAuthzEnum::None => 'None'
+ ),
'en.extattr' => array(ExtendedAttributeEnum::Integer => 'Integer',
ExtendedAttributeEnum::Timestamp => 'Timestamp',
@@ -256,6 +266,8 @@
'er.ea.index' => 'Failed to update index for attribute',
'er.ea.table' => 'Failed to create CO Extended Attribute table',
'er.ea.table.d' => 'Failed to drop CO Extended Attribute table',
+ 'er.ef.authz.cou' => 'A COU must be specified for authorization type
"%1$s"',
+ 'er.ef.authz.gr' => 'A group must be specified for authorization type
"%1$s"',
'er.efcf.init' => 'Failed to set up initial CMP Enrollment
Configuration',
'er.et.default' => 'Failed to add default types',
'er.et.exists' => 'An extended type named "%1$s" already exists',
@@ -336,14 +348,14 @@
'fd.ea.order' => 'Order',
'fd.ea.order.desc' => 'The order in which this attribute will be presented
(leave blank to append at the end of the current attributes)',
'fd.et.forattr' => 'For Attribute',
- 'fd.ef.ae' => 'Enable Administrator Enrollment',
- 'fd.ef.ae.desc' => 'If enabled, allow the specified type(s) of
administrators to enroll organizational identities to the platform',
'fd.ef.aea' => 'Require Authentication For Administrator Enrollment',
'fd.ef.aea.desc' => 'If administrator enrollment is enabled, require
enrollees to authenticate to the platform in order to complete their
enrollment',
'fd.ef.aee' => 'Require Email Confirmation For Administrator
Enrollment',
'fd.ef.aee.desc' => 'If administrator enrollment is enabled, require
enrollees to confirm their email address in order to complete their
enrollment',
'fd.ef.appr' => 'Require Approval For Enrollment',
'fd.ef.appr.desc' => 'If administrator approval is required, a member of
the appropriate <tt>admin.approvers</tt> group must approve the enrollment',
+ 'fd.ef.authz' => 'Enrollment Authorization',
+ 'fd.ef.authz.desc' => 'Authorization required to execute this enrollment
flow, see <a
href="https://spaces.internet2.edu/display/COmanage/Registry+Enrollment+Flow+Configuration#RegistryEnrollmentFlowConfiguration-EnrollmentAuthorization";>Enrollment
Authorization</a> for details',
'fd.ef.cf.cmp' => 'Platform Enrollment Configuration',
'fd.ef.coef' => 'Enable Attributes Via CO Enrollment Flow',
'fd.ef.coef.desc' => 'If enabled, allow organizational identity attributes
to be collected via forms during CO enrollment flows (these attributes will
be less authoritative than those obtained via LDAP or SAML)',
@@ -367,8 +379,6 @@
'fd.ef.px.desc' => 'Executable to call to initiate user provisioning',
'fd.ef.saml' => 'Enable SAML Attribute Extraction',
'fd.ef.saml.desc' => 'If the enrollee is authenticated via a SAML IdP with
attributes released, examine the SAML assertion for authoritative attributes',
- 'fd.ef.se' => 'Enable Self Enrollment',
- 'fd.ef.se.desc' => 'If enabled, allow enrollees to begin the enrollment
process themselves',
'fd.ef.sea' => 'Require Authentication For Self Enrollment',
'fd.ef.sea.desc' => 'If self enrollment is enabled, require enrollees who
are self-enrolling to authenticate to the platform',
// (End enrollment configuration fields)
Modified: registry/trunk/app/Model/CoEnrollmentFlow.php
===================================================================
--- registry/trunk/app/Model/CoEnrollmentFlow.php 2012-09-15 14:19:35
UTC (rev 361)
+++ registry/trunk/app/Model/CoEnrollmentFlow.php 2012-09-15 14:20:37
UTC (rev 362)
@@ -32,8 +32,21 @@
// Add behaviors
public $actsAs = array('Containable');
+ // Custom find types
+ public $findMethods = array('authorized' => true);
+
// Association rules from this model to other models
- public $belongsTo = array("Co"); // A CO Enrollment Flow is attached
to a CO
+ public $belongsTo = array(
+ "CoEnrollmentFlowAuthzCoGroup" => array(
+ 'className' => 'CoGroup',
+ 'foreignKey' => 'authz_co_group_id'
+ ),
+ "CoEnrollmentFlowAuthzCou" => array(
+ 'className' => 'Cou',
+ 'foreignKey' => 'authz_cou_id'
+ ),
+ "Co"
+ );
public $hasMany = array(
// A CO Enrollment Flow has many CO Enrollment Attributes
@@ -88,4 +101,122 @@
StatusEnum::Suspended))
)
);
+
+ /**
+ * Obtain Enrollment Flows a given CO person is authorized to run.
+ * This method implements a Custom Find type.
+ *
+ * @since COmanage Registry v0.7
+ * @param Integer CO Person ID
+ * @param Integer CO ID
+ * @return Array CoEnrollmentFlow information, as returned by find
+ */
+
+ protected function _findAuthorized($state, $query, $results = array()) {
+ if($state == 'before') {
+ // Called before the find is performed
+
+ // We don't do anything special here
+
+ return $query;
+ } elseif($state == 'after') {
+ // Called after the find is performed
+
+ // Walk through the returned Enrollment Flows and see if the specified
CO Person
+ // is authorized. If the CO Person is a CMP or CO Admin, they are
always authorized.
+
+ $filteredResults = array();
+
+ foreach($results as $coEF) {
+ if($this->authorize($coEF, $query['authorizeCoPersonId'])) {
+ $filteredResults[] = $coEF;
+ }
+ }
+
+ return $filteredResults;
+ }
+ }
+
+ /**
+ * Determine if a CO Person is authorized to run an Enrollment Flow.
+ *
+ * @since COmanage Registry v0.7
+ * @param Array CO Enrollment Flow, as returned by find
+ * @param Integer CO Person ID
+ * @return Boolean True if the CO Person is authorized, false otherwise
+ */
+
+ public function authorize($coEF, $coPersonId) {
+ $CoRole = ClassRegistry::init('CoRole');
+
+ // If CO Person is a CO admin, they are always authorized
+
+ if($CoRole->isCoAdmin($coPersonId, $coEF['CoEnrollmentFlow']['co_id'])) {
+ return true;
+ }
+
+ switch($coEF['CoEnrollmentFlow']['authz_level']) {
+ case EnrollmentAuthzEnum::CoAdmin:
+ // We effectively already handled this, above
+ break;
+ case EnrollmentAuthzEnum::CoGroupMember:
+ if($CoRole->isCoGroupMember($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'],
$coEF['CoEnrollmentFlow']['authz_co_group_id'])) {
+ return true;
+ }
+ break;
+ case EnrollmentAuthzEnum::CoOrCouAdmin:
+ if($CoRole->isCoOrCouAdmin($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'])) {
+ return true;
+ }
+ break;
+ case EnrollmentAuthzEnum::CoPerson:
+ if($CoRole->isCoPerson($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'])) {
+ return true;
+ }
+ break;
+ case EnrollmentAuthzEnum::CouAdmin:
+ if($CoRole->isCouAdmin($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'],
$coEF['CoEnrollmentFlow']['authz_cou_id'])) {
+ return true;
+ }
+ break;
+ case EnrollmentAuthzEnum::CouPerson:
+ if($CoRole->isCouPerson($coPersonId,
$coEF['CoEnrollmentFlow']['co_id'],
$coEF['CoEnrollmentFlow']['authz_cou_id'])) {
+ return true;
+ }
+ break;
+ case EnrollmentAuthzEnum::None:
+ // No authz required
+ return true;
+ break;
+ }
+
+ // No matching Authz found
+ return false;
+ }
+
+ /**
+ * Determine if a CO Person is authorized to run an Enrollment Flow.
+ *
+ * @since COmanage Registry v0.7
+ * @param Integer CO Enrollment Flow ID
+ * @param Integer CO Person ID
+ * @return Boolean True if the CO Person is authorized, false otherwise
+ */
+
+ public function authorizeById($coEfId, $coPersonId) {
+ // Retrieve the Enrollment Flow and pass it along
+
+ $args = array();
+ $args['conditions']['CoEnrollmentFlow.id'] = $coEfId;
+ $args['conditions']['CoEnrollmentFlow.status'] = StatusEnum::Active;
+ $args['contain'] = false;
+
+ $ef = $this->find('first', $args);
+
+ if(empty($ef)) {
+ return false;
+ }
+
+ return $this->authorize($ef, $coPersonId);
+ }
}
Modified: registry/trunk/app/Model/CoGroup.php
===================================================================
--- registry/trunk/app/Model/CoGroup.php 2012-09-15 14:19:35 UTC (rev
361)
+++ registry/trunk/app/Model/CoGroup.php 2012-09-15 14:20:37 UTC (rev
362)
@@ -32,7 +32,11 @@
// Association rules from this model to other models
public $hasMany = array(
// A CoGroup has zero or more members
- "CoGroupMember" => array('dependent' => true)
+ "CoGroupMember" => array('dependent' => true),
+ "CoEnrollmentFlowAuthzCoGroup" => array(
+ 'className' => 'CoEnrollmentFlow',
+ 'foreignKey' => 'authz_co_group_id'
+ )
);
public $belongsTo = array("Co"); // A CoGroup is attached to one
CO
@@ -87,6 +91,7 @@
* @param Integer Offset to start retrieving results from (or null)
* @param String Field to sort by (or null)
* @return Array Group information, as returned by find
+ * @todo XXX Rewrite to a custom find type
*/
function findForCoPerson($coPersonId, $limit=null, $offset=null,
$order=null) {
Modified: registry/trunk/app/Model/Cou.php
===================================================================
--- registry/trunk/app/Model/Cou.php 2012-09-15 14:19:35 UTC (rev 361)
+++ registry/trunk/app/Model/Cou.php 2012-09-15 14:20:37 UTC (rev 362)
@@ -46,7 +46,11 @@
'foreignKey'=>'parent_id'
),
"CoPersonRole",
- "CoPetition"
+ "CoPetition",
+ "CoEnrollmentFlowAuthzCou" => array(
+ 'className' => 'CoEnrollmentFlow',
+ 'foreignKey' => 'authz_cou_id'
+ )
);
// Default display field for cake generated views
@@ -87,7 +91,7 @@
)
);
- public $actsAs = array('Tree');
+ public $actsAs = array('Containable', 'Tree');
/**
* Obtain all COUs within a specified CO.
Modified: registry/trunk/app/View/CoEnrollmentFlows/fields.inc
===================================================================
--- registry/trunk/app/View/CoEnrollmentFlows/fields.inc 2012-09-15
14:19:35 UTC (rev 361)
+++ registry/trunk/app/View/CoEnrollmentFlows/fields.inc 2012-09-15
14:20:37 UTC (rev 362)
@@ -55,6 +55,38 @@
echo $this->Form->hidden('co_id', array('default' => $cur_co['Co']['id']))
. "\n";
?>
+<script type="text/javascript">
+ <!-- JS specific to these fields -->
+
+ function authz_update_gadgets() {
+ // Hide and show accordingly. Reset sub-popups to prevent superfluous
data from
+ // being saved. (ie: we don't need a group ID if not setting authz to
'CG')
+
+ document.getElementById('authzcoudiv').style.display = "none";
+ document.getElementById('authzgroupdiv').style.display = "none";
+
+ var authz = document.getElementById('CoEnrollmentFlowAuthzLevel').value;
+
+ // We set the values they way they're done below (as opposed to blanking
them
+ // out first, like for the divs) so that changing between UA and UP does
not
+ // blank out the selected COU.
+
+ if(authz == 'CG') {
+ document.getElementById('authzgroupdiv').style.display = "block";
+ document.getElementById('CoEnrollmentFlowAuthzCouId').value = "";
+ } else if(authz == 'UA' || authz == 'UP') {
+ document.getElementById('authzcoudiv').style.display = "block";
+ document.getElementById('CoEnrollmentFlowAuthzCoGroupId').value = "";
+ } else {
+ document.getElementById('CoEnrollmentFlowAuthzCoGroupId').value = "";
+ document.getElementById('CoEnrollmentFlowAuthzCouId').value = "";
+ }
+ }
+
+ function js_local_onload() {
+ authz_update_gadgets();
+ }
+</script>
<table id="<?php print $this->action; ?>_co_enrollment_configuration"
class="ui-widget">
<tbody>
<tr class="line1">
@@ -69,40 +101,101 @@
</tr>
<tr class="line2">
<td>
- <b><?php print _txt('fd.ef.se'); ?></b><br />
- <font class="desc"><?php print _txt('fd.ef.se.desc'); ?></font>
+ <?php print _txt('fd.status'); ?><font class="required">*</font>
</td>
<td>
- <?php print ($e
- ? $this->Form->input('self_enroll')
- :
Sanitize::html($co_enrollment_flows[0]['CoEnrollmentFlow']['self_enroll']));
?>
+ <?php
+ global $cm_lang, $cm_texts;
+ $attrs['value'] = (isset($co_enrollment_flows) ?
$co_enrollment_flows[0]['CoEnrollmentFlow']['status'] : StatusEnum::Active);
+ $attrs['empty'] = false;
+
+ if($e) {
+ print $this->Form->select('status',
+ $cm_texts[ $cm_lang ]['en.status'],
+ $attrs);
+
+ if($this->Form->isFieldError('status')) {
+ print $this->Form->error('status');
+ }
+ } else {
+ print _txt('en.status', null,
$co_enrollment_flows[0]['CoEnrollmentFlow']['status']);
+ }
+ ?>
</td>
</tr>
<tr class="line1">
<td>
- <b><?php print _txt('fd.ef.ae'); ?></b><br />
- <font class="desc"><?php print _txt('fd.ef.ae.desc'); ?></font>
+ <b><?php print _txt('fd.ef.authz'); ?></b><br />
+ <font class="desc"><?php print _txt('fd.ef.authz.desc'); ?></font>
</td>
<td>
<?php
global $cm_lang, $cm_texts;
+ $attrs = array();
$attrs['value'] = (isset($co_enrollment_flows)
- ?
$co_enrollment_flows[0]['CoEnrollmentFlow']['admin_enroll']
- : AdministratorEnum::NoAdmin);
+ ?
$co_enrollment_flows[0]['CoEnrollmentFlow']['authz_level']
+ : EnrollmentAuthzEnum::CoOrCouAdmin);
$attrs['empty'] = false;
+ $attrs['onChange'] = 'authz_update_gadgets()';
if($e) {
- print $this->Form->select('admin_enroll',
- $cm_texts[ $cm_lang ]['en.admin'],
+ print $this->Form->select('authz_level',
+ $cm_texts[ $cm_lang
]['en.enrollment.authz'],
$attrs);
- if($this->Form->isFieldError('admin_enroll')) {
- print $this->Form->error('admin_enroll');
+ if($this->Form->isFieldError('authz_level')) {
+ print $this->Form->error('authz_level');
}
} else {
- print _txt('en.admin', null,
$co_enrollment_flows[0]['CoEnrollmentFlow']['admin_enroll']);
+ print _txt('en.enrollment.authz', null,
$co_enrollment_flows[0]['CoEnrollmentFlow']['authz_level']);
}
?>
+ <div id="authzgroupdiv" style="display:none">
+ <?php
+ if(!empty($co_groups)) {
+ $attrs = array();
+ $attrs['value'] = (isset($co_enrollment_flows)
+ ?
$co_enrollment_flows[0]['CoEnrollmentFlow']['authz_co_group_id']
+ : null);
+ $attrs['empty'] = true;
+
+ if($e) {
+ print $this->Form->select('authz_co_group_id',
+ $co_groups,
+ $attrs);
+
+ if($this->Form->isFieldError('authz_co_group_id')) {
+ print $this->Form->error('authz_co_group_id');
+ }
+ } else {
+ print $co_groups[
$co_enrollment_flows[0]['CoEnrollmentFlow']['authz_co_group_id'] ];
+ }
+ }
+ ?>
+ </div>
+ <div id="authzcoudiv" style="display:none">
+ <?php
+ if(!empty($cous)) {
+ $attrs = array();
+ $attrs['value'] = (isset($co_enrollment_flows)
+ ?
$co_enrollment_flows[0]['CoEnrollmentFlow']['authz_cou_id']
+ : null);
+ $attrs['empty'] = true;
+
+ if($e) {
+ print $this->Form->select('authz_cou_id',
+ $cous,
+ $attrs);
+
+ if($this->Form->isFieldError('authz_cou_id')) {
+ print $this->Form->error('authz_cou_id');
+ }
+ } else {
+ print $cous[
$co_enrollment_flows[0]['CoEnrollmentFlow']['authz_cou_id'] ];
+ }
+ }
+ ?>
+ </div>
</td>
</tr>
<tr class="line2">
Modified: registry/trunk/app/View/CoEnrollmentFlows/index.ctp
===================================================================
--- registry/trunk/app/View/CoEnrollmentFlows/index.ctp 2012-09-15 14:19:35
UTC (rev 361)
+++ registry/trunk/app/View/CoEnrollmentFlows/index.ctp 2012-09-15 14:20:37
UTC (rev 362)
@@ -26,9 +26,9 @@
print $this->element("pageTitle", $params);
if($permissions['add'])
- echo $this->Html->link(_txt('op.add') . ' ' .
_txt('ct.co_enrollment_flows.1'),
- array('controller' => 'co_enrollment_flows',
'action' => 'add', 'co' => $this->request->params['named']['co']),
- array('class' => 'addbutton')) . '
+ print $this->Html->link(_txt('op.add') . ' ' .
_txt('ct.co_enrollment_flows.1'),
+ array('controller' => 'co_enrollment_flows',
'action' => 'add', 'co' => $this->request->params['named']['co']),
+ array('class' => 'addbutton')) . '
<br />
<br />
';
@@ -37,9 +37,10 @@
<table id="cous" class="ui-widget">
<thead>
<tr class="ui-widget-header">
- <th><?php echo $this->Paginator->sort('name', _txt('fd.name')); ?></th>
- <th><?php echo $this->Paginator->sort('status', _txt('fd.status'));
?></th>
- <th><?php echo _txt('fd.actions'); ?></th>
+ <th><?php print $this->Paginator->sort('name', _txt('fd.name'));
?></th>
+ <th><?php print $this->Paginator->sort('status', _txt('fd.status'));
?></th>
+ <th><?php print $this->Paginator->sort('authz_level',
_txt('fd.ef.authz')); ?></th>
+ <th><?php print _txt('fd.actions'); ?></th>
</tr>
</thead>
@@ -49,21 +50,51 @@
<tr class="line<?php print ($i % 2)+1; ?>">
<td>
<?php
- echo $this->Html->link($c['CoEnrollmentFlow']['name'],
+ print $this->Html->link($c['CoEnrollmentFlow']['name'],
array('controller' =>
'co_enrollment_flows',
'action' => ($permissions['edit'] ?
'edit' : ($permissions['view'] ? 'view' : '')), $c['CoEnrollmentFlow']['id'],
'co' => $this->request->params['named']['co']));
?>
</td>
- <td><?php echo Sanitize::html($c['CoEnrollmentFlow']['status']);
?></td>
+ <td><?php print _txt('en.status', null,
$c['CoEnrollmentFlow']['status']); ?></td>
<td>
<?php
+ print _txt('en.enrollment.authz', null,
$c['CoEnrollmentFlow']['authz_level']);
+
+ if($c['CoEnrollmentFlow']['authz_level'] ==
EnrollmentAuthzEnum::CoGroupMember) {
+ print " ("
+ .
$this->Html->link($c['CoEnrollmentFlow']['authz_co_group_id'],
+ array(
+ 'controller' => 'co_groups',
+ 'action' => 'view',
+
$c['CoEnrollmentFlow']['authz_co_group_id'],
+ 'co' =>
$c['CoEnrollmentFlow']['co_id']
+ ))
+ . ")";
+ }
+
+ if($c['CoEnrollmentFlow']['authz_level'] ==
EnrollmentAuthzEnum::CouAdmin
+ || $c['CoEnrollmentFlow']['authz_level'] ==
EnrollmentAuthzEnum::CouPerson) {
+ print " ("
+ . $this->Html->link($c['CoEnrollmentFlow']['authz_cou_id'],
+ array(
+ 'controller' => 'cous',
+ 'action' => 'view',
+
$c['CoEnrollmentFlow']['authz_cou_id'],
+ 'co' =>
$c['CoEnrollmentFlow']['co_id']
+ ))
+ . ")";
+ }
+ ?>
+ </td>
+ <td>
+ <?php
if($permissions['edit'])
- echo $this->Html->link(_txt('op.edit'),
+ print $this->Html->link(_txt('op.edit'),
array('controller' =>
'co_enrollment_flows', 'action' => 'edit', $c['CoEnrollmentFlow']['id'], 'co'
=> $this->request->params['named']['co']),
array('class' => 'editbutton')) . "\n";
if($permissions['delete'])
- echo '<button class="deletebutton" title="' . _txt('op.delete')
. '" onclick="javascript:js_confirm_delete(\'' .
_jtxt(Sanitize::html($c['CoEnrollmentFlow']['name'])) . '\', \'' .
$this->Html->url(array('controller' => 'co_enrollment_flows', 'action' =>
'delete', $c['CoEnrollmentFlow']['id'], 'co' =>
$this->request->params['named']['co'])) . '\')";>' . _txt('op.delete') .
'</button>';
+ print '<button class="deletebutton" title="' . _txt('op.delete')
. '" onclick="javascript:js_confirm_delete(\'' .
_jtxt(Sanitize::html($c['CoEnrollmentFlow']['name'])) . '\', \'' .
$this->Html->url(array('controller' => 'co_enrollment_flows', 'action' =>
'delete', $c['CoEnrollmentFlow']['id'], 'co' =>
$this->request->params['named']['co'])) . '\')";>' . _txt('op.delete') .
'</button>';
?>
<?php ; ?>
</td>
@@ -74,8 +105,8 @@
<tfoot>
<tr class="ui-widget-header">
- <th colspan="3">
- <?php echo $this->Paginator->numbers(); ?>
+ <th colspan="4">
+ <?php print $this->Paginator->numbers(); ?>
</td>
</tr>
</tfoot>
- [comanage-dev] r362 - in registry/trunk/app: Config/Schema Controller Lib Model View/CoEnrollmentFlows, svnlog, 09/15/2012
Archive powered by MHonArc 2.6.16.