From c6aefc222c96f61f3fa322afba695df8cafb0ef4 Mon Sep 17 00:00:00 2001
From: Monalika Patnaik <99353300+MonalikaPatnaik@users.noreply.github.com>
Date: Wed, 15 Nov 2023 03:04:51 +0530
Subject: [PATCH] feat: Enable Org Admins to View and Modify Member Admin
 Status (#8840)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes #8780

---------
Co-authored-by: Pierre Slamich <pierre@openfoodfacts.org>
Co-authored-by: Stéphane Gigandet <stephane@openfoodfacts.org>
Co-authored-by: Alex Garel <alex@garel.org>
---
 cgi/org.pl                                    | 39 ++++++++++++++++++-
 cpanfile                                      |  2 +-
 po/common/common.pot                          | 16 ++++++++
 po/common/en.po                               | 16 ++++++++
 templates/web/pages/org_form/org_form.tt.html | 14 +++++++
 5 files changed, 84 insertions(+), 3 deletions(-)

diff --git a/cgi/org.pl b/cgi/org.pl
index d29ea391374fa..16af8f47e88d0 100644
--- a/cgi/org.pl
+++ b/cgi/org.pl
@@ -39,7 +39,9 @@
 use Storable qw/dclone/;
 use Encode;
 use Log::Any qw($log);
-
+use Array::Diff;
+my @org_members;
+my %user_is_admin;
 my $type = single_param('type') || 'edit';
 my $action = single_param('action') || 'display';
 
@@ -384,6 +386,31 @@
 		}
 	}
 
+	elsif ($type eq 'admin_status') {
+		# verify right to change status
+		if (is_user_in_org_group($org_ref, $User_id, "admins") or $admin or $User{pro_moderator}) {
+			# inputs are in the form admin_status_<user_id>, get them among param and extract the user_id
+			my @user_ids = sort map {$_ =~ /^admin_status_/ ? $' : ()} param();
+			my @existing_admins = sort grep {is_user_in_org_group($org_ref, $_, "admins")} keys %{$org_ref->{members}};
+			my $diff = Array::Diff->diff(\@existing_admins, \@user_ids);
+
+			$log->debug("my user ids", {user_ids => @user_ids, difference => $diff})
+				if $log->is_debug();
+
+			foreach my $user_id (@{$diff->added}) {
+				add_user_to_org($org_ref, $user_id, ["admins"]);
+			}
+
+			foreach my $user_id (@{$diff->deleted}) {
+				# never remove current user from admin list
+				next if ($user_id eq $User_id);
+				remove_user_from_org($org_ref, $user_id, ["admins"]);
+			}
+
+			store_org($org_ref);
+			$template_data_ref->{result} = lang("admin_status_updated");
+		}
+	}
 	$template_data_ref->{profile_url} = canonicalize_tag_link("editors", "org-" . $orgid);
 	$template_data_ref->{profile_name} = sprintf(lang('user_s_page'), $org_ref->{name});
 }
@@ -396,12 +423,20 @@
 $log->debug("org form - template data", {template_data_ref => $template_data_ref}) if $log->is_debug();
 
 # allow org admins to view the list of users associated with their org
-my @org_members;
+
 foreach my $member_id (sort keys %{$org_ref->{members}}) {
+	if (is_user_in_org_group($org_ref, $member_id, "admins")) {
+		$user_is_admin{$member_id} = 1;
+	}
+	else {
+		$user_is_admin{$member_id} = 0;
+	}
 	my $member_user_ref = retrieve_user($member_id);
 	push @org_members, $member_user_ref;
 }
 $template_data_ref->{org_members} = \@org_members;
+$template_data_ref->{user_is_admin} = \%user_is_admin;
+$template_data_ref->{current_user_id} = $User_id;
 
 $tt->process('web/pages/org_form/org_form.tt.html', $template_data_ref, \$html)
 	or $html = "<p>template error: " . $tt->error() . "</p>";
diff --git a/cpanfile b/cpanfile
index 05bac6f0a2432..c6c5d251d6648 100644
--- a/cpanfile
+++ b/cpanfile
@@ -1,6 +1,6 @@
 # Should also be available as Debian packages
 # If a minimum version number is specified, "cpanm --skip-satisfied" will install a newer version than apt if one is available in cpan.
-
+requires 'Array::Diff';
 requires 'CGI', '>= 4.53, < 5.0'; # libcgi-pm-perl
 requires 'Tie::IxHash'; # libtie-ixhash-perl
 requires 'LWP::Authen::Digest'; # libwww-perl
diff --git a/po/common/common.pot b/po/common/common.pot
index 2b531181e2ee3..8e99762ba9bec 100644
--- a/po/common/common.pot
+++ b/po/common/common.pot
@@ -79,6 +79,18 @@ msgctxt "add_user_existing_org_pending"
 msgid "Your request to join the organization is pending approval of the organization administrator."
 msgstr "Your request to join the organization is pending approval of the organization administrator."
 
+msgctxt "admin_status_updated"
+msgid "Admin Status Updated"
+msgstr "Admin Status Updated"
+
+msgctxt "admin_status"
+msgid "Admin Status"
+msgstr "Admin Status"
+
+msgctxt "grant_remove_admin_status"
+msgid "Grant/Remove Admin status"
+msgstr "Grant/Remove Admin status"
+
 msgctxt "please_email_producers"
 msgid "Please e-mail <a href=\"mailto:producers@openfoodfacts.org\">producers@openfoodfacts.org</a> if you have any question."
 msgstr "Please e-mail <a href=\"mailto:producers@openfoodfacts.org\">producers@openfoodfacts.org</a> if you have any question."
@@ -4181,6 +4193,10 @@ msgctxt "remove_products"
 msgid "Remove all the products"
 msgstr "Remove all the products"
 
+msgctxt "remove_user"
+msgid "Remove user"
+msgstr "Remove user"
+
 msgctxt "remove_products_from_producers_platform"
 msgid "Remove all your products from the platform for producers"
 msgstr "Remove all your products from the platform for producers"
diff --git a/po/common/en.po b/po/common/en.po
index 0848ff6f40e8a..51f34d09b6e36 100644
--- a/po/common/en.po
+++ b/po/common/en.po
@@ -83,6 +83,18 @@ msgctxt "add_user_existing_org_pending"
 msgid "Your request to join the organization is pending approval of the organization administrator."
 msgstr "Your request to join the organization is pending approval of the organization administrator."
 
+msgctxt "admin_status_updated"
+msgid "Admin Status Updated"
+msgstr "Admin Status Updated"
+
+msgctxt "admin_status"
+msgid "Admin Status"
+msgstr "Admin Status"
+
+msgctxt "grant_remove_admin_status"
+msgid "Grant/Remove Admin status"
+msgstr "Grant/Remove Admin status"
+
 msgctxt "please_email_producers"
 msgid "Please e-mail <a href=\"mailto:producers@openfoodfacts.org\">producers@openfoodfacts.org</a> if you have any question."
 msgstr "Please e-mail <a href=\"mailto:producers@openfoodfacts.org\">producers@openfoodfacts.org</a> if you have any question."
@@ -4205,6 +4217,10 @@ msgctxt "remove_products"
 msgid "Remove all the products"
 msgstr "Remove all the products"
 
+msgctxt "remove_user"
+msgid "Remove user"
+msgstr "Remove user"
+
 msgctxt "remove_products_from_producers_platform"
 msgid "Remove all your products from the platform for producers"
 msgstr "Remove all your products from the platform for producers"
diff --git a/templates/web/pages/org_form/org_form.tt.html b/templates/web/pages/org_form/org_form.tt.html
index b44e0a3dadcd3..194d6d1536827 100644
--- a/templates/web/pages/org_form/org_form.tt.html
+++ b/templates/web/pages/org_form/org_form.tt.html
@@ -18,6 +18,7 @@ <h2>[% lang("organization_members") %]</h2>
 			<thead>
 			<tr>
 				<th>[% lang("serial_no") %]</th>
+				<th>[% lang("admin_status") %]</th>
 				<th>[% lang("username") %]</th>
 				<th>[% lang("name") %]</th>
 				<th>[% lang("email") %]</th>
@@ -32,6 +33,11 @@ <h2>[% lang("organization_members") %]</h2>
 			[% FOREACH users IN org_members %]
 			<tr>
 				<td>[% count %].</td>
+				<td>
+	[% SET userid = users.userid %]
+    [% SET user_in_admin_status = user_is_admin.$userid %]
+	<input form="admin_users_form" type="checkbox" name="admin_status_[% users.userid %]" value="1" class="admin-checkbox" [% IF user_in_admin_status %]checked[% END %] [% IF current_user_id == userid  %]disabled[% END %]>
+				</td>
 				<td>[% users.userid %]</td>
 				<td>[% users.name %]</td>
 				<td>[% users.email %]</td>
@@ -51,6 +57,14 @@ <h2>[% lang("organization_members") %]</h2>
 			[% END %]
 		</tbody>
 		</table>
+		<div>
+			<form id='admin_users_form' method="post" action="/cgi/org.pl">
+				<!-- admin_status_xxxx elements above are also part of it, thanks to form attribute -->
+				<input type="hidden" name="action" value="process" />
+				<input type="hidden" name="type" value="admin_status" />
+				<input type="submit" name="grant_remove_admin_status" class="button" style="margin-bottom: 10px;" value="[% lang("grant_remove_admin_status") %]"/>
+			</form>
+		</div>
 	</div>
 	[% END %]