feat: Allow Org admins to Remove Users from their Organization (#8705)

cgi/org.pl

@@ -358,13 +358,20 @@
 	if ($type eq "edit") {
 
 		store_org($org_ref);
-		$template_data_ref->{result} = lang("edit_org_result");
-
-		$template_data_ref->{profile_url} = canonicalize_tag_link("editors", "org-" . $orgid);
-		$template_data_ref->{profile_name} = sprintf(lang('user_s_page'), $org_ref->{name});
 	}
-	elsif ($type eq 'delete') {
+	elsif ($type eq 'user_delete') {
+
+		if (is_user_in_org_group($org_ref, $User_id, "admins")) {
+			remove_user_by_org_admin($orgid, single_param('user_id'));
+		}
+		else {
+			display_error_and_exit($Lang{error_no_permission}{$lang}, 403);
+		}
+
 	}
+	$template_data_ref->{result} = lang("edit_org_result");
+	$template_data_ref->{profile_url} = canonicalize_tag_link("editors", "org-" . $orgid);
+	$template_data_ref->{profile_name} = sprintf(lang('user_s_page'), $org_ref->{name});
 }
 
 $template_data_ref->{orgid} = $orgid;
@@ -379,6 +386,14 @@
 
 $log->debug("org form - template data", {template_data_ref => $template_data_ref}) if $log->is_debug();
 
+# allow org admins to view the list of users associated with their org
+my @org_members;
+foreach my $member_id (sort keys %{$org_ref->{members}}) {
+	my $member_user_ref = retrieve_user($member_id);
+	push @org_members, $member_user_ref;
+}
+$template_data_ref->{org_members} = \@org_members;
+
 $tt->process('web/pages/org_form/org_form.tt.html', $template_data_ref, \$html)
 	or $html = "<p>template error: " . $tt->error() . "</p>";
 

lib/ProductOpener/Display.pm

@@ -3963,14 +3963,6 @@ HTML
 						$user_template_data_ref->{edit_profile} = 1;
 						$user_template_data_ref->{orgid} = $orgid;
 					}
-					if (defined $User{pro_moderator}) {
-						my @org_members;
-						foreach my $member_id (sort keys %{$user_or_org_ref->{members}}) {
-							my $member_user_ref = retrieve_user($member_id);
-							push @org_members, $member_user_ref;
-						}
-						$user_template_data_ref->{org_members} = \@org_members;
-					}
 
 					process_template('web/pages/org_profile/org_profile.tt.html',
 						$user_template_data_ref, \$profile_html)

lib/ProductOpener/Users.pm

@@ -64,6 +64,7 @@ BEGIN {
 		&create_password_hash
 		&check_password_hash
 		&retrieve_user
+		&remove_user_by_org_admin
 
 		&check_session
 
@@ -935,6 +936,19 @@ sub retrieve_user ($user_id) {
 	return $user_ref;
 }
 
+sub remove_user_by_org_admin ($orgid, $user_id) {
+	my $groups_ref = ['admins', 'members'];
+	remove_user_from_org($orgid, $user_id, $groups_ref);
+
+	# Reset the 'org' field of the user
+	my $user_ref = retrieve_user($user_id);
+	delete $user_ref->{org};
+	delete $user_ref->{org_id};
+	my $user_file = "$data_root/users/" . get_string_id_for_lang("no_language", $user_id) . ".sto";
+	store($user_file, $user_ref);
+	return;
+}
+
 sub init_user ($request_ref) {
 
 	my $user_id = undef;

po/common/en.po

@@ -2207,6 +2207,10 @@ msgctxt "risk_level_3"
 msgid "High risks"
 msgstr "High risks"
 
+msgctxt "remove_user"
+msgid "Remove user"
+msgstr "Remove user"
+
 msgctxt "salt_equivalent"
 msgid "salt equivalent"
 msgstr "salt equivalent"

templates/web/pages/org_form/org_form.tt.html

@@ -10,6 +10,50 @@
 		<div class="panel" style="background-color:#ffdddd">The organization <strong>[% orgid %]</strong> does not exist yet. It will be created if you submit the form.</div>
 	[% END %]
 
+	[% IF org_members.size %]
+	<h2>[% lang("organization_members") %]</h2>
+		<p>[% lang("number_of_members") %][% sep %]: [% org_members.size %]</p>
+		<div style="position:relative">
+		<table>
+			<thead>
+			<tr>
+				<th>[% lang("serial_no") %]</th>
+				<th>[% lang("username") %]</th>
+				<th>[% lang("name") %]</th>
+				<th>[% lang("email") %]</th>
+				<th>[% lang("select_lang") %]</th>
+				<th>[% lang("select_country") %]</th>
+				<th>[% lang("delete_user") %]</th>
+
+			</tr>
+		</thead>
+			<tbody>
+			[% SET count = 1 %]
+			[% FOREACH users IN org_members %]
+			<tr>
+				<td>[% count %].</td>
+				<td>[% users.userid %]</td>
+				<td>[% users.name %]</td>
+				<td>[% users.email %]</td>
+				<td>[% users.initial_lc %]</td>
+				<td>[% users.initial_cc %]</td>
+				<td>
+					<form method="post" action="/cgi/org.pl" onsubmit="return confirm('Are you sure you want to remove this user?')">
+						<input type="hidden" name="action" value="process" />
+						<input type="hidden" name="type" value="user_delete" />
+						<input type="hidden" name="org_id" value="[% orgid %]">
+						<input type="hidden" name="user_id" value="[% users.userid %]">
+						<input type="submit" name="remove_user" class="button small" value="[% lang("remove_user") %]"/ />
+					</form>
+				</td>
+			</tr>
+			[% SET count = count + 1 %]
+			[% END %]
+		</tbody>
+		</table>
+	</div>
+	[% END %]
+
     <!-- Start form -->
 
     <p>[% lang('org_profile_description') %]</p>

templates/web/pages/org_profile/org_profile.tt.html

@@ -14,41 +14,6 @@
 	<p>&rarr; <a href="[% link %]" rel="noopener" target="_blank">[% lang("official_site") %]</a></p>
 [% END %]
 
-[% IF org_members.size %]
-<h2>[% lang("organization_members") %]</h2>
-	<p>[% lang("number_of_members") %][% sep %]: [% org_members.size %]</p>
-	<div style="position:relative">
-	<table>
-		<thead>
-		<tr>
-			<th>[% lang("serial_no") %]</th>
-			<th>[% lang("username") %]</th>
-			<th>[% lang("name") %]</th>
-			<th>[% lang("email") %]</th>
-			<th>[% lang("select_lang") %]</th>
-			<th>[% lang("select_country") %]</th>
-
-		</tr>
-	</thead>
-		<tbody>
-		[% FOREACH users IN org_members %]
-		[% SET count = 1 %]
-		<tr>
-			<td>[% count %].</td>
-			<td>[% users.userid %]</td>
-			<td>[% users.name %]</td>
-			<td>[% users.email %]</td>
-			<td>[% users.initial_lc %]</td>
-			<td>[% users.initial_cc %]</td>
-		</tr>
-		[% SET count = count + 1 %]
-		[% END %]
-	</tbody>
-	</table>
-</div>
-[% END %]
-
-
 <div class="row">
 
 [% FOREACH contact IN ['customer_service', 'commercial_service'] %]