UIUCLibrary · alexdryden · Nov 4, 2022 · Nov 4, 2022 · Nov 4, 2022 · Nov 4, 2022
diff --git a/Module.php b/Module.php
@@ -36,6 +36,7 @@
 use Laminas\Mvc\MvcEvent;
 use Laminas\ServiceManager\ServiceLocatorInterface;
 use Laminas\View\Renderer\PhpRenderer;
+use Teams\Mvc\Controller\Plugin\TeamAuth;
 
 class Module extends AbstractModule
 {
@@ -623,7 +624,6 @@ public function displayTeamForm(Event $event)
         if ($vars->resource) {
             $vars->offsetSet('teams', $this->listTeams($vars->resource, 'representation'));
         }
-        //TODO: this is actually a js script and needs to just be added as such
         echo $event->getTarget()->partial(
             'teams/partial/team-form'
         );
@@ -1522,7 +1522,6 @@ public function assetUpdate(Event $event)
             $em->persist($team_asset);
             endforeach;
             $em->flush();
-            $logger = $this->getServiceLocator()->get('Omeka\Logger');
         }
     }
     public function siteUpdate(Event $event)
@@ -1811,41 +1810,51 @@ public function itemUpdate(Event $event)
         $entity = $event->getParam('entity');
         $request = $event->getParam('request');
         $operation = $request->getOperation();
+        $teamAuth = new TeamAuth($em, $this->getUser());
 
         if ($operation == 'update') {
-            if (array_key_exists('team', $request->getContent())) {
+            if (array_key_exists('remove_team', $request->getContent()) ||
+                array_key_exists('add_team', $request->getContent())) {
+
+                //get ids for the item and all of its media
                 $resource_ids = [];
                 $resource_ids[$request->getId()] = true;
                 foreach ($entity->getMedia() as $media) {
                     $resource_ids[$media->getId()] = true;
                 }
-
-                $teams = $request->getContent()['team'];
 
-                //remove item associated media from all teams they were associated before form submission
-                foreach (array_keys($resource_ids) as $resource_id) {
-                    $team_resources = $em->getRepository('Teams\Entity\TeamResource')->findBy(['resource' => $resource_id]);
-                    foreach ($team_resources as $tr) {
-                        $em->remove($tr);
+                foreach ($request->getContent()['add_team'] as $team_id) {
+                    //if the user is authorized to add items to that team
+                    if ($teamAuth->teamAuthorized('add', 'resource', $team_id)) {
+                        $team = $em->getRepository('Teams\Entity\Team')->findOneBy(['id' => $team_id]);
+                        if ($team) {
+                            foreach (array_keys($resource_ids) as $resource_id) {
+                                $resource = $em->getRepository('Omeka\Entity\Resource')->findOneBy(['id' => $resource_id]);
+                                if ($resource) {
+                                    $team_resource = new TeamResource($team, $resource);
+                                    $em->persist($team_resource);
+                                }
+                            }
+                        }
                     }
                 }
                 $em->flush();
 
-                //add to teams from form
-                foreach ($teams as $team_id) {
-                    $team = $em->getRepository('Teams\Entity\Team')->findOneBy(['id' => $team_id]);
-                    foreach (array_keys($resource_ids) as $resource_id) {
-                        $resource = $em->getRepository('Omeka\Entity\Resource')->findOneBy(['id' => $resource_id]);
-                        $team_resource = new TeamResource($team, $resource);
-                        $em->persist($team_resource);
+                foreach ($request->getContent()['remove_team'] as $team_id) {
+                    if ($teamAuth->teamAuthorized('delete', 'resource', $team_id)) {
+                        foreach (array_keys($resource_ids) as $resource_id) {
+                            $team_resource = $em->getRepository('Teams\Entity\TeamResource')
+                                    ->findOneBy(['team' => $team_id, 'resource'=>$resource_id]);
+                            if ($team_resource) {
+                                $em->remove($team_resource);
+                            }
+                        }
                     }
+                    $em->flush();
                 }
-                $em->flush();
+                //once teams are updated, sync item-site
+                $this->updateItemSites($request->getId());
             }
-
-            //once teams are updated, sync item-site
-            $this->updateItemSites($request->getId());
-
         }
     }
 

diff --git a/asset/js/add-team-to-resource.js b/asset/js/add-team-to-resource.js
@@ -22,14 +22,41 @@ $(document).ready(function() {
     });
 
 // Remove a team from the edit panel.
-    $('#team-resources').on('click', '.o-icon-delete', function(event) {
+    $('#team-resources').on('click', '.o-icon-delete.existing', function(event) {
+        event.preventDefault();
+
+        var removeLink = $(this);
+        var teamRow = $(this).closest('tr');
+        var teamInput = removeLink.closest('tr').find('input');
+        teamInput.attr('name', 'remove_team[]')
+
+        // Undo remove team link.
+        var undoRemoveLink = $('<a>', {
+            href: '#',
+            class: 'fa fa-undo',
+            title: Omeka.jsTranslate('Undo remove team'),
+            click: function(event) {
+                event.preventDefault();
+                teamInput.attr('name', 'existing_team[]');
+                teamRow.toggleClass('delete');
+                removeLink.show();
+                $(this).remove();
+            },
+        });
+
+        teamRow.toggleClass('delete');
+        undoRemoveLink.insertAfter(removeLink);
+            removeLink.hide();
+    });
+    $('#team-resources').on('click', '.o-icon-delete.new', function(event) {
         event.preventDefault();
 
         var removeLink = $(this);
         var teamRow = $(this).closest('tr');
         var teamInput = removeLink.closest('tr').find('input');
         teamInput.prop('disabled', true);
 
+
         // Undo remove team link.
         var undoRemoveLink = $('<a>', {
             href: '#',

diff --git a/src/Mvc/Controller/Plugin/TeamAuth.php b/src/Mvc/Controller/Plugin/TeamAuth.php
@@ -4,6 +4,7 @@
 use Doctrine\ORM\EntityManager;
 use InvalidArgumentException;
 use Laminas\Mvc\Controller\Plugin\AbstractPlugin;
+use \Omeka\Entity\User;
 
 /**
  * Controller plugin for authorize the current user.
@@ -18,32 +19,34 @@ class TeamAuth extends AbstractPlugin
      */
     protected $entityManager;
 
+    /**
+     * @var \Omeka\Entity\User
+     */
+    protected $user;
+
     /**
      * Construct the plugin.
      *
      * @param EntityManager $entityManager
      */
-    public function __construct(EntityManager $entityManager)
+    public function __construct(EntityManager $entityManager, User $user)
     {
         $this->entityManager = $entityManager;
+        $this->user = $user;
     }
 
-    public function user()
-    {
-        return $this->getController()->identity();
-    }
 
     public function isGlobAdmin()
     {
-        return $this->user()->getRole() === 'global_admin';
+        return $this->user->getRole() === 'global_admin';
     }
 
     public function isSuper()
     {
-        return ($this->isGlobAdmin() && $this->user()->getId() === 1);
+        return ($this->isGlobAdmin() && $this->user->getId() === 1);
     }
 
-    public function teamAuthorized(string $action, string $domain)
+    public function teamAuthorized(string $action, string $domain, int $context=0): bool
     {
         //validate inputs
         if (!in_array($action, $this->actions)) {
@@ -69,7 +72,7 @@ public function teamAuthorized(string $action, string $domain)
         }
 
         $em = $this->entityManager;
-        $user_id = $this->user()->getId();
+        $user_id = $this->user->getId();
         $authorized = false;
 
 

diff --git a/src/View/Helper/RoleAuth.php b/src/View/Helper/RoleAuth.php
@@ -37,7 +37,7 @@ public function isSuper()
         return ($this->isGlobAdmin() && $this->user()->getId() === 1);
     }
 
-    public function teamAuthorized(string $action, string $domain)
+    public function teamAuthorized(string $action, string $domain, int $context=0)
     {
         //validate inputs
         if (!in_array($action, $this->actions)) {
@@ -67,10 +67,21 @@ public function teamAuthorized(string $action, string $domain)
         $authorized = false;
 
 
+        if ($context > 0) {
+            //determine if the user is part of that team
+            $has_role = $em->getRepository('Teams\Entity\TeamUser')
+            ->findOneBy(['user' => $user_id, 'team'=>$context]);
+
+        } else {
+            //get the users current team
+            $has_role = $em->getRepository('Teams\Entity\TeamUser')
+                ->findOneBy(['is_current' => true, 'user'=>$user_id]);
+        }
+
+
+
         //if the user has a current team
-        if ($has_role = $em->getRepository('Teams\Entity\TeamUser')
-            ->findOneBy(['is_current' => true, 'user'=>$user_id])
-            ) {
+        if ($has_role) {
             $current_role = $has_role->getRole();
 
             //go through each domain and determine if user is authorized for actions in that domain

diff --git a/view/teams/partial/add-team.phtml b/view/teams/partial/add-team.phtml
@@ -3,24 +3,27 @@ $escape = $this->plugin('escapeHtml');
 
 // Teams are already sorted.
 $teamsByInitial = [];
-if (extension_loaded('mbstring')) {
-    foreach ($teams as $team) {
-        $initial = mb_substr($team->name(), 0, 1);
-        $teamsByInitial[mb_strtolower($initial)][] = $team;
-    }
-} else {
-    foreach ($teams as $team) {
-        $initial = substr($team->name(), 0, 1);
-        $teamsByInitial[strtolower($initial)][] = $team;
+$totalCount = 0;
+foreach ($this->teams as $team) {
+    if ($this->roleAuth()->teamAuthorized('add', 'resource', $team->id())) {
+        $totalCount+=1;
+        if (extension_loaded('mbstring')) {
+            $initial = mb_substr($team->name(), 0, 1);
+            $teamsByInitial[mb_strtolower($initial)][] = $team;
+        } else {
+            $initial = substr($team->name(), 0, 1);
+            $teamsByInitial[strtolower($initial)][] = $team;
+        }
     }
 }
+
 ?>
 <div id="team-selector" class='selector sidebar active'>
     <a href="#" class="mobile-only sidebar-close o-icon-close"><span class="screen-reader-text"><?php echo $this->translate('Close Me'); ?></span></a>
     <h3><?php echo $this->translate('Click on a team to add it to the edit panel.'); ?></h3>
     <input type="text" class="selector-filter" placeholder="<?php echo $escape($this->translate('Filter teams')); ?>">
     <ul>
-        <li class="total-count-heading"><?php echo $this->translate('All teams'); ?> (<span class="selector-total-count"><?php echo count($teams); ?></span>)
+        <li class="total-count-heading"><?php echo $this->translate('All teams'); ?> (<span class="selector-total-count"><?php echo $totalCount; ?></span>)
             <ul class="selectable-list">
                 <?php foreach ($teamsByInitial as $initial => $teams): ?>
                 <li class="selector-parent">

diff --git a/view/teams/partial/team-form-no-id.phtml b/view/teams/partial/team-form-no-id.phtml
@@ -44,8 +44,9 @@ $teamTemplate = '
                     <td>
                         <ul class="actions" style="float:right">
                             <li>
-
-                                <a href="#" class="o-icon-delete" title="<?php echo $removeStr; ?>" aria-label="<?php echo $removeStr; ?>"></a>
+                                <?php if ($this->roleAuth()->teamAuthorized('delete', 'resource',$team->getId())): ?>
+                                    <a href="#" class="o-icon-delete" title="<?php echo $removeStr; ?>" aria-label="<?php echo $removeStr; ?>"></a>
+                                <?php endif; ?>
                             </li>
                         </ul>
                     </td>
@@ -60,21 +61,6 @@ $teamTemplate = '
 
         </tbody>
     </table>
-    <!--    --><?// else:
-    //        ?>
-    <!--        <div class="no-resources">-->
-    <!--            <p>-->
-    <!--                --><?php //echo $this->translate('There are no teams for this resource.');?>
-    <!--                <br />-->
-    <!--                --><?php //echo $this->translate('Add existing teams using the interface to the right.');?>
-    <!--            </p>-->
-    <!--        </div>-->
-    <!---->
-    <!---->
-    <!---->
-    <!--    --><?php //endif;?>
-
-
     <button id="team-selector-button" class="mobile-only"><?php echo $this->translate('Add a team'); ?></button>
     <span id="team-template" data-template="<?php echo $escape($teamTemplate); ?>"></span>
     <?php echo $this->addTeam(); ?>

diff --git a/view/teams/partial/team-form.phtml b/view/teams/partial/team-form.phtml
@@ -12,10 +12,10 @@ $teamTemplate = '
     <td>
         <ul class="actions">
             <li>
-                <a href="#" class="o-icon-delete" title="' . $removeStr . '" aria-label="' . $removeStr . '"></a>
+                <a href="#" class="o-icon-delete new" title="' . $removeStr . '" aria-label="' . $removeStr . '"></a>
             </li>
         </ul>
-        <input type="hidden" name="team[]">
+        <input type="hidden" name="add_team[]">
     </td>
 </tr>';
 ?>
@@ -40,13 +40,14 @@ $teamTemplate = '
                 <td>
                     <span><?php echo $team->getName()?></span>
 
-                    <input type="hidden" name="team[]" value="<?php echo $escape($team->getId()) ?>">
+                    <input type="hidden" name="existing_team[]" value="<?php echo $escape($team->getId()) ?>">
                 </td>
                 <td>
                     <ul class="actions" style="float:right">
                         <li>
-
-                            <a href="#" class="o-icon-delete" title="<?php echo $removeStr; ?>" aria-label="<?php echo $removeStr; ?>"></a>
+                            <?php if ($this->roleAuth()->teamAuthorized('delete', 'resource',$team->getId())): ?>
+                                <a href="#" class="o-icon-delete existing" title="<?php echo $removeStr; ?>" aria-label="<?php echo $removeStr; ?>"></a>
+                            <?php endif; ?>
                         </li>
                     </ul>
                 </td>
@@ -72,5 +73,6 @@ $teamTemplate = '
     <?php endif; ?>
     <button id="team-selector-button" class="mobile-only"><?php echo $this->translate('Add a team'); ?></button>
     <span id="team-template" data-template="<?php echo $escape($teamTemplate); ?>"></span>
-    <?php echo $this->addTeam(); ?>
+
+    <?php echo $this->addTeam(); //add the right sidebar control with the list of teams that can be added?>
 </fieldset>