Restrict from_body editing to superusers

Superusers can set a user's from_body to any value, but a normal staff user can only set another user's from_body to the same as their own or undefined. This is presented in the UI as a 'staff' tickbox.
author: Dave Arter <davea@mysociety.org> 2016-08-02 17:32:50 +0100
committer: Dave Arter <davea@mysociety.org> 2016-08-17 15:35:42 +0100
commit: 4eb4658ad589d01d58b239993e201c47325a2eb4 (patch)
tree: b679f70a78d16ebf035cd395c914ea06865a6732
parent: 91c5520c7078f2caa3cbdbdcff4f86a29d9d7390 (diff)
2 files changed, 40 insertions, 19 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index 91af480a8..ce2a653a2 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -1148,10 +1148,18 @@ sub user_edit : Path('user_edit') : Args(1) {
         $user->name( $c->get_param('name') );
         $user->email( $c->get_param('email') );
         $user->phone( $c->get_param('phone') ) if $c->get_param('phone');
-        $user->from_body( $c->get_param('body') || undef );
         $user->flagged( $c->get_param('flagged') || 0 );
         # Only superusers can grant superuser status
         $user->is_superuser( ( $c->user->is_superuser && $c->get_param('is_superuser') ) || 0 );
+        # Superusers can set from_body to any value, but other staff can only
+        # set from_body to the same value as their own from_body.
+        if ($c->user->is_superuser) {
+            $user->from_body( $c->get_param('body') || undef );
+        } elsif ($c->get_param('body') eq $c->user->from_body->id) {
+            $user->from_body( $c->user->from_body );
+        } else {
+            $user->from_body( undef );
+        }
 
         unless ($user->email) {
             $c->stash->{field_errors}->{email} = _('Please enter a valid email');
diff --git a/templates/web/base/admin/user-form.html b/templates/web/base/admin/user-form.html
index 2942494a7..96a51486b 100644
--- a/templates/web/base/admin/user-form.html
+++ b/templates/web/base/admin/user-form.html
@@ -22,25 +22,38 @@
         <input type='text' id='email' name='email' value='[% user.email | html %]'></li>
         <li><label for="phone">[% loc('Phone:') %]</label>
         <input type='text' id='phone' name='phone' value='[% user.phone | html %]'></li>
-        <li>
-          <div class="admin-hint">
-            <p>
-              [% loc(
-                "Normal (public) users should not be associated with any <strong>body</strong>.<br>
-                Authorised staff users can be associated with the body they represent.<br>
-                Depending on the implementation, staff users may have access to the dashboard (summary of
-                activity across their body), the ability to hide reports or set special report statuses.")
-              %]
-            </p>
-          </div>
-          [% loc('Body:') %] <select id='body' name='body'>
-            <option value=''>[% loc('No body') %]</option>
-        [% FOR body IN bodies %]
-            <option value="[% body.id %]"[% ' selected' IF body.id == user.from_body.id %]>[% body.name %]</option>
+
+        [% IF c.user.is_superuser %]
+          <li>
+            <div class="admin-hint">
+              <p>
+                [% loc(
+                  "Normal (public) users should not be associated with any <strong>body</strong>.<br>
+                  Authorised staff users can be associated with the body they represent.<br>
+                  Depending on the implementation, staff users may have access to the dashboard (summary of
+                  activity across their body), the ability to hide reports or set special report statuses.")
+                %]
+              </p>
+            </div>
+            [% loc('Body:') %] <select id='body' name='body'>
+              <option value=''>[% loc('No body') %]</option>
+          [% FOR body IN bodies %]
+              <option value="[% body.id %]"[% ' selected' IF body.id == user.from_body.id %]>[% body.name %]</option>
+          [% END %]
+          </select>
+          [% IF user.from_body AND user.has_permission_to('moderate', user.from_body.id) %]*[% END %]
+          </li>
+        [% ELSE %]
+          <li>
+            <div class="admin-hint">
+              <p>
+                [% loc("Staff users have permission to log in to the admin.") %]
+              </p>
+            </div>
+            [% loc('Staff:') %] <input type="checkbox" id="body" name="body" value="[% c.user.from_body.id %]" [% user.from_body.id == c.user.from_body.id ? ' checked' : '' %]>
+          </li>
         [% END %]
-        </select>
-        [% IF user.from_body AND user.has_permission_to('moderate', user.from_body.id) %]*[% END %]
-        </li>
+
       [% IF c.cobrand.moniker != 'zurich' %]
         <li>
           <div class="admin-hint">
author	Dave Arter <davea@mysociety.org>	2016-08-02 17:32:50 +0100
committer	Dave Arter <davea@mysociety.org>	2016-08-17 15:35:42 +0100
commit	4eb4658ad589d01d58b239993e201c47325a2eb4 (patch)
tree	b679f70a78d16ebf035cd395c914ea06865a6732
parent	91c5520c7078f2caa3cbdbdcff4f86a29d9d7390 (diff)