From 32e064a4f9e863cba4214dcc87f40d117589707d Mon Sep 17 00:00:00 2001
From: Yuriy Bakhtin <yurabakhtin@users.noreply.github.com>
Date: Wed, 4 Sep 2024 21:11:38 +0300
Subject: [PATCH] Make "Invite new people" always possible for user with
 permission "Manage Users" (#7204)

* Make "Invite new people" always possible for user with permission "Manage Users"

* Update CHANGELOG.md
---
 CHANGELOG.md                                  |  1 +
 .../admin/controllers/UserController.php      |  6 ++--
 .../humhub/modules/admin/views/user/add.php   |  3 +-
 .../user/controllers/InviteController.php     | 28 ++++++++-----------
 .../modules/user/models/forms/Invite.php      | 22 +++++++--------
 .../modules/user/views/invite/index.php       |  5 ++--
 6 files changed, 29 insertions(+), 36 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2360fc2968..01a7cb7ba1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@ HumHub Changelog
 - Enh #7148: Improve rendering of meta search content
 - Fix #7192: Deny deleting user from single group
 - Fix #7200: Fix module description for space and user
+- Enh #7204: Make "Invite new people" always possible for user with permission "Manage Users"
 
 1.16.1 (July 1, 2024)
 ---------------------
diff --git a/protected/humhub/modules/admin/controllers/UserController.php b/protected/humhub/modules/admin/controllers/UserController.php
index c3353c95a3..f29d84e3c3 100644
--- a/protected/humhub/modules/admin/controllers/UserController.php
+++ b/protected/humhub/modules/admin/controllers/UserController.php
@@ -268,14 +268,12 @@ class UserController extends Controller
             return $this->redirect(['edit', 'id' => $registration->getUser()->id]);
         }
 
-        $adminIsAlwaysAllowed = Yii::$app->user->isAdmin();
         $invite = new InviteForm();
 
         return $this->render('add', [
             'hForm' => $registration,
-            'canInviteByEmail' => $invite->canInviteByEmail($adminIsAlwaysAllowed),
-            'canInviteByLink' => $invite->canInviteByLink($adminIsAlwaysAllowed),
-            'adminIsAlwaysAllowed' => $adminIsAlwaysAllowed,
+            'canInviteByEmail' => $invite->canInviteByEmail(),
+            'canInviteByLink' => $invite->canInviteByLink(),
         ]);
     }
 
diff --git a/protected/humhub/modules/admin/views/user/add.php b/protected/humhub/modules/admin/views/user/add.php
index d3972268ed..399d254a1b 100644
--- a/protected/humhub/modules/admin/views/user/add.php
+++ b/protected/humhub/modules/admin/views/user/add.php
@@ -9,7 +9,6 @@ use humhub\modules\ui\form\widgets\ActiveForm;
  * @var $hForm HForm
  * @var $canInviteByEmail bool
  * @var $canInviteByLink bool
- * @var $adminIsAlwaysAllowed bool
  */
 ?>
 
@@ -21,7 +20,7 @@ use humhub\modules\ui\form\widgets\ActiveForm;
 
             <?php if ($canInviteByEmail || $canInviteByLink): ?>
                 <?= ModalButton::success(Yii::t('AdminModule.user', 'Invite new people'))
-                    ->load(['/user/invite', 'adminIsAlwaysAllowed' => $adminIsAlwaysAllowed])->icon('invite')->sm() ?>
+                    ->load(['/user/invite'])->icon('invite')->sm() ?>
             <?php endif; ?>
         </div>
 
diff --git a/protected/humhub/modules/user/controllers/InviteController.php b/protected/humhub/modules/user/controllers/InviteController.php
index 295676582e..7e2840d8d1 100644
--- a/protected/humhub/modules/user/controllers/InviteController.php
+++ b/protected/humhub/modules/user/controllers/InviteController.php
@@ -8,19 +8,18 @@
 
 namespace humhub\modules\user\controllers;
 
-use humhub\modules\user\Module;
-use Throwable;
-use Yii;
-use yii\base\Exception;
-use yii\base\InvalidConfigException;
-use yii\web\Controller;
-use yii\web\HttpException;
 use humhub\components\behaviors\AccessControl;
 use humhub\modules\admin\permissions\ManageGroups;
 use humhub\modules\admin\permissions\ManageUsers;
 use humhub\modules\user\models\Invite;
 use humhub\modules\user\models\forms\Invite as InviteForm;
 use humhub\widgets\ModalClose;
+use Throwable;
+use Yii;
+use yii\base\Exception;
+use yii\base\InvalidConfigException;
+use yii\web\Controller;
+use yii\web\HttpException;
 
 /**
  * InviteController for new user invites
@@ -47,12 +46,12 @@ class InviteController extends Controller
      * @return string the action result
      * @throws HttpException
      */
-    public function actionIndex($adminIsAlwaysAllowed = false)
+    public function actionIndex()
     {
         $model = new InviteForm();
 
-        $canInviteByEmail = $model->canInviteByEmail($adminIsAlwaysAllowed);
-        $canInviteByLink = $model->canInviteByLink($adminIsAlwaysAllowed);
+        $canInviteByEmail = $model->canInviteByEmail();
+        $canInviteByLink = $model->canInviteByLink();
         if (!$canInviteByEmail && !$canInviteByLink) {
             throw new HttpException(403, 'Invite denied!');
         }
@@ -71,7 +70,6 @@ class InviteController extends Controller
             'model' => $model,
             'canInviteByEmail' => $canInviteByEmail,
             'canInviteByLink' => $canInviteByLink,
-            'adminIsAlwaysAllowed' => $adminIsAlwaysAllowed,
         ]);
     }
 
@@ -98,13 +96,12 @@ class InviteController extends Controller
     }
 
     /**
-     * @param $adminIsAlwaysAllowed
      * @return string
      * @throws Throwable
      * @throws Exception
      * @throws InvalidConfigException
      */
-    public function actionResetInviteLink($adminIsAlwaysAllowed = false)
+    public function actionResetInviteLink()
     {
         $model = new InviteForm();
 
@@ -118,9 +115,8 @@ class InviteController extends Controller
 
         return $this->renderAjax('index', [
             'model' => $model,
-            'canInviteByEmail' => $model->canInviteByEmail($adminIsAlwaysAllowed),
-            'canInviteByLink' => $model->canInviteByLink($adminIsAlwaysAllowed),
-            'adminIsAlwaysAllowed' => $adminIsAlwaysAllowed,
+            'canInviteByEmail' => $model->canInviteByEmail(),
+            'canInviteByLink' => $model->canInviteByLink(),
         ]);
     }
 }
diff --git a/protected/humhub/modules/user/models/forms/Invite.php b/protected/humhub/modules/user/models/forms/Invite.php
index 7eac5b69bc..5f15795078 100644
--- a/protected/humhub/modules/user/models/forms/Invite.php
+++ b/protected/humhub/modules/user/models/forms/Invite.php
@@ -10,6 +10,7 @@ namespace humhub\modules\user\models\forms;
 
 use humhub\modules\admin\permissions\ManageGroups;
 use humhub\modules\admin\permissions\ManageUsers;
+use humhub\modules\user\models\User;
 use humhub\modules\user\Module;
 use humhub\modules\user\services\LinkRegistrationService;
 use Throwable;
@@ -17,7 +18,6 @@ use Yii;
 use yii\base\Exception;
 use yii\base\InvalidConfigException;
 use yii\base\Model;
-use humhub\modules\user\models\User;
 use yii\helpers\Url;
 use yii\validators\EmailValidator;
 
@@ -87,35 +87,35 @@ class Invite extends Model
     /**
      * Checks if external user invitation setting is enabled
      *
-     * @param bool $adminIsAlwaysAllowed
      * @return bool
      * @throws InvalidConfigException
      * @throws Throwable
      */
-    public function canInviteByEmail(bool $adminIsAlwaysAllowed = false)
+    public function canInviteByEmail()
     {
         /** @var Module $module */
         $module = Yii::$app->getModule('user');
-        return
-            (!Yii::$app->user->isGuest && $module->settings->get('auth.internalUsersCanInviteByEmail'))
-            || ($adminIsAlwaysAllowed && Yii::$app->user->can([ManageUsers::class, ManageGroups::class]));
+
+        return (!Yii::$app->user->isGuest && $module->settings->get('auth.internalUsersCanInviteByEmail'))
+            || Yii::$app->user->isAdmin()
+            || Yii::$app->user->can([ManageUsers::class, ManageGroups::class]);
     }
 
     /**
      * Checks if external user invitation setting is enabled
      *
-     * @param bool $adminIsAlwaysAllowed
      * @return bool
      * @throws Throwable
      * @throws InvalidConfigException
      */
-    public function canInviteByLink(bool $adminIsAlwaysAllowed = false)
+    public function canInviteByLink()
     {
         /** @var Module $module */
         $module = Yii::$app->getModule('user');
-        return
-            (!Yii::$app->user->isGuest && $module->settings->get('auth.internalUsersCanInviteByLink'))
-            || ($adminIsAlwaysAllowed && Yii::$app->user->can([ManageUsers::class, ManageGroups::class]));
+
+        return (!Yii::$app->user->isGuest && $module->settings->get('auth.internalUsersCanInviteByLink'))
+            || Yii::$app->user->isAdmin()
+            || Yii::$app->user->can([ManageUsers::class, ManageGroups::class]);
     }
 
     /**
diff --git a/protected/humhub/modules/user/views/invite/index.php b/protected/humhub/modules/user/views/invite/index.php
index 1f938091ab..a39b140605 100644
--- a/protected/humhub/modules/user/views/invite/index.php
+++ b/protected/humhub/modules/user/views/invite/index.php
@@ -16,7 +16,6 @@ use yii\bootstrap\ActiveForm;
  * @var $model Invite
  * @var $canInviteByEmail bool
  * @var $canInviteByLink bool
- * @var $adminIsAlwaysAllowed bool
  */
 ?>
 
@@ -49,7 +48,7 @@ use yii\bootstrap\ActiveForm;
                 <?php $form = ActiveForm::begin(); ?>
                 <?= $form->field($model, 'emails')->textarea(['rows' => '3', 'placeholder' => Yii::t('UserModule.invite', 'Email address(es)'), 'id' => 'emails'])->label(false)->hint(Yii::t('UserModule.invite', 'Separate multiple email addresses by comma.')); ?>
                 <a href="#" class="btn btn-primary" data-action-click="ui.modal.submit"
-                   data-action-url="<?= Url::to(['/user/invite', 'adminIsAlwaysAllowed' => $adminIsAlwaysAllowed]) ?>" data-ui-loader>
+                   data-action-url="<?= Url::to(['/user/invite']) ?>" data-ui-loader>
                     <?= Yii::t('UserModule.invite', 'Send invite') ?>
                 </a>
                 <?php ActiveForm::end(); ?>
@@ -73,7 +72,7 @@ use yii\bootstrap\ActiveForm;
                            data-action-confirm-header="<?= Yii::t('SpaceModule.base', 'Create new link') ?>" ,
                            data-action-confirm="<?= Yii::t('SpaceModule.base', 'Please note that any links you have previously created will become invalid as soon as you create a new one. Would you like to proceed?') ?>"
                            data-action-click="ui.modal.load"
-                           data-action-click-url="<?= Url::to(['/user/invite/reset-invite-link', 'adminIsAlwaysAllowed' => $adminIsAlwaysAllowed]) ?>">
+                           data-action-click-url="<?= Url::to(['/user/invite/reset-invite-link']) ?>">
                             <small><?= Yii::t('SpaceModule.base', 'Create new link'); ?></small>
                         </a>
                     <?php endif; ?>