Add option to restrict reports to groups

ctrlo · Aug 21, 2024 · f6d39dd · f6d39dd
1 parent 8e3cd36
commit f6d39dd
Show file tree

Hide file tree

Showing 31 changed files with 13,923 additions and 113 deletions.
diff --git a/lib/GADS.pm b/lib/GADS.pm
@@ -2814,8 +2814,7 @@ prefix '/:layout_name' => sub {
             my $user   = logged_in_user;
             my $layout = var('layout') or pass;
 
-            return forwardHome(
-                { danger => 'You do not have permission to edit reports' } )
+            return forwardHome( { danger => 'You do not have permission to edit reports' } )
               unless $layout->user_can("layout");
 
             my $base_url = request->base;
@@ -2880,6 +2879,7 @@ prefix '/:layout_name' => sub {
                 my $checkbox_fields    = [body_parameters->get_all('checkboxes')];
                 my $security_marking   = body_parameters->get('security_marking');
                 my $instance           = $layout->instance_id;
+                my $groups             = [body_parameters->get_all('groups')];
 
                 my $report = schema->resultset('Report')->create_report(
                     {
@@ -2891,25 +2891,27 @@ prefix '/:layout_name' => sub {
                         createdby        => $user,
                         layouts          => $checkbox_fields,
                         security_marking => $security_marking,
+                        groups           => $groups,
                     }
                 );
 
                 my $lo = param 'layout_name';
-                return forwardHome( { success => "Report created" },
-                    "$lo/report" );
+                return forwardHome( { success => "Report created" }, "$lo/report" );
             }
 
             my $records = [ $layout->all( user_can_read => 1 ) ];
 
             my $base_url = request->base;
+            my $groups = [ $user->groups_viewable ];
 
             my $params = {
-                header_type       => 'table_tabs',
+                header_type     => 'table_tabs',
                 layout_obj      => $layout,
                 layout          => $layout,
                 header_back_url => "${base_url}table",
                 viewtype        => 'add',
                 fields          => $records,
+                groups          => $groups,
                 breadcrumbs     => [
                     Crumb( $base_url . "table/", "Tables" ),
                     Crumb( "",                   "Table: " . $layout->name )
@@ -2938,6 +2940,7 @@ prefix '/:layout_name' => sub {
                 my $checkboxes         = [body_parameters->get_all('checkboxes')];
                 my $security_marking   = body_parameters->get('security_marking');
                 my $instance           = $layout->instance_id;
+                my $groups             = [body_parameters->get_all('groups')];
 
                 my $report_id = param('id');
 
@@ -2951,6 +2954,7 @@ prefix '/:layout_name' => sub {
                         description      => $report_description,
                         layouts          => $checkboxes,
                         security_marking => $security_marking,
+                        groups           => $groups,
                     }
                 );
 
@@ -2967,6 +2971,8 @@ prefix '/:layout_name' => sub {
 
             my $fields = $result->fields_for_render($layout);
 
+            my $groups = [ $user->groups_viewable ];
+
             my $params = {
                 header_type     => 'table_tabs',
                 layout_obj      => $layout,
@@ -2975,6 +2981,7 @@ prefix '/:layout_name' => sub {
                 report          => $result,
                 fields          => $fields,
                 viewtype        => 'edit',
+                groups          => $groups,
                 breadcrumbs     => [
                     Crumb( $base_url . "table/", "Tables" ),
                     Crumb( "",                   "Table: " . $layout->name )

diff --git a/lib/GADS/Layout.pm b/lib/GADS/Layout.pm
@@ -311,11 +311,27 @@ sub _build_security_marking {
 
 sub _build_reports
 {   my $self = shift;
-    my $reports_rs = $self->schema->resultset('Report')->search({
+
+    my $user = $self->user;
+    my @groups = $user->groups;
+    my @group_ids = map { $_->id } @groups;
+
+    my $reports_rs;
+
+    $reports_rs = $self->schema->resultset('Report')->search({
         instance_id => $self->instance_id,
         deleted => undef
-    });
-    return [$reports_rs->all];
+    },{prefetch => 'report_groups'});
+
+    unless ($user->permission->{superadmin} || $self->layout->user_can('layout')) {
+        $reports_rs = $reports_rs->search({
+            'report_groups.group_id' => { -in => \@group_ids },
+        });
+    }
+
+    my $result = [$reports_rs->all];
+
+    return $result;
 }
 
 sub _build__user_permissions_columns

diff --git a/lib/GADS/Record.pm b/lib/GADS/Record.pm
@@ -2711,9 +2711,10 @@ sub pdf
 sub get_report
 {   my ($self, $report_id, $user) = @_;
 
-    my $report = $self->schema->resultset('Report')->find($report_id)
+    my $report = $self->schema->resultset('Report')->find_with_permission($report_id, $user)
         or error __x"Report ID {id} not found", id => $report_id;
 
+    # Shouldn't happen, but I'm paranoid!
     error __x"Report ID {id} not found", id => $report_id
         if $report->deleted;
 

diff --git a/lib/GADS/Schema.pm b/lib/GADS/Schema.pm
@@ -8,7 +8,7 @@ use base 'DBIx::Class::Schema';
 
 __PACKAGE__->load_namespaces;
 
-our $VERSION = 107;
+our $VERSION = 108;
 
 our $IGNORE_PERMISSIONS;
 our $IGNORE_PERMISSIONS_SEARCH;

diff --git a/lib/GADS/Schema/Result/Group.pm b/lib/GADS/Schema/Result/Group.pm
@@ -196,4 +196,16 @@ __PACKAGE__->belongs_to(
   },
 );
 
+=head2 report_groups
+Type: has_many
+Related object: L<GADS::Schema::Result::ReportGroup>
+=cut
+
+__PACKAGE__->has_many(
+  "report_groups",
+  "GADS::Schema::Result::ReportGroup",
+  { "foreign.group_id" => "self.id" },
+  { cascade_copy => 0, cascade_delete => 0 },
+);
+
 1;