bakaphp
diff --git a/‎src/Api/Controllers/AuthController.php
Lines changed: 14 additions & 2 deletions b/‎src/Api/Controllers/AuthController.php
Lines changed: 14 additions & 2 deletions
diff --git a/‎src/Api/Controllers/RolesController.php
Lines changed: 31 additions & 3 deletions b/‎src/Api/Controllers/RolesController.php
Lines changed: 31 additions & 3 deletions
diff --git a/‎src/Api/Controllers/UsersController.php
Lines changed: 19 additions & 23 deletions b/‎src/Api/Controllers/UsersController.php
Lines changed: 19 additions & 23 deletions
diff --git a/‎src/App/Setup.php
Lines changed: 5 additions & 7 deletions b/‎src/App/Setup.php
Lines changed: 5 additions & 7 deletions
@@ -22,8 +22,10 @@
 use Canvas\Notifications\ResetPassword;
 use Canvas\Notifications\Signup;
 use Canvas\Notifications\UpdateEmail;
+use Canvas\Validation;
 use Exception;
 use Phalcon\Http\Response;
+use Phalcon\Validation\Validator\Email;
 
 class AuthController extends BaseController
 {
@@ -330,13 +332,14 @@ public function loginBySocial() : Response
 
         $this->request->validate([
             'social_id' => 'required',
-            'email' => 'required|email',
             'provider' => 'required',
         ]);
 
         $source = Sources::findFirstOrFail([
             'title = ?0 and is_deleted = 0',
-            'bind' => [$request['provider']]
+            'bind' => [
+                $request['provider']
+            ]
         ]);
 
         if ($source->isApple()) {
@@ -345,6 +348,15 @@ public function loginBySocial() : Response
             $request['email'] = $appleUserInfo->email;
         }
 
+        $emailValidation = new Validation();
+        $emailValidation->add(
+            'email',
+            new Email([
+                'The email is required'
+            ])
+        );
+        $emailValidation->validate($request);
+
         return $this->response(
             $this->providerLogin($source, $request['social_id'], $request)
         );
 
@@ -7,7 +7,6 @@
 use Baka\Http\Exception\ForbiddenException;
 use Canvas\Models\Apps;
 use Canvas\Models\Roles;
-use Exception;
 use Phalcon\Http\Response;
 
 class RolesController extends BaseController
@@ -61,9 +60,38 @@ public function onConstruct()
     }
 
     /**
-     * Delete a Record.
+     * Update a record.
+     *
+     * @param mixed $id
      *
-     * @throws Exception
+     * @return Response
+     */
+    public function edit($id) : Response
+    {
+        $role = $this->getRecordById($id);
+
+        /**
+         * Can edit ecosystem roles , only on the ecosystem admin app.
+         */
+        if (
+            !$this->userData->isAdmin()
+            && Apps::CANVAS_DEFAULT_APP_ID !== $this->app->getId()
+            && (
+                $role->companies_id === Apps::CANVAS_DEFAULT_COMPANY_ID
+                || $role->apps_id === Apps::CANVAS_DEFAULT_APP_ID
+            )
+            ) {
+            throw new ForbiddenException('Cant Edit a Global App Role');
+        }
+
+        //process the input
+        $result = $this->processEdit($this->request, $role);
+
+        return $this->response($this->processOutput($result));
+    }
+
+    /**
+     * Delete a Record.
      *
      * @return Response
      */
 
@@ -12,7 +12,6 @@
 use Canvas\Mapper\UserMapper;
 use Canvas\Models\Notifications;
 use Canvas\Models\Roles;
-use Canvas\Models\UserRoles;
 use Canvas\Models\Users;
 use Canvas\Models\UsersAssociatedApps;
 use Phalcon\Http\Response;
@@ -246,7 +245,11 @@ public function changeAppUserActiveStatus(int $id, int $appsId) : Response
     {
         $userAssociatedToApp = UsersAssociatedApps::findFirstOrFail([
             'conditions' => 'users_id = ?0 and apps_id = ?1 and companies_id = ?2 and is_deleted = 0',
-            'bind' => [$id, $this->app->getId(), $this->userData->getDefaultCompany()->getId()]
+            'bind' => [
+                $id,
+                $this->app->getId(),
+                $this->userData->getDefaultCompany()->getId()
+            ]
         ]);
 
         $userAssociatedToApp->user_active = $userAssociatedToApp->user_active ? 0 : 1;
@@ -267,9 +270,9 @@ public function unsubscribe(int $id) : Response
     {
         $request = $this->request->getPostData();
 
-        if (!isset($request['notification_types'])) {
-            throw new Exception('Error Processing Request', 1);
-        }
+        $this->request->validate([
+            'notification_types' => 'required|array'
+        ]);
 
         //none admin users can only edit themselves
         if (!$this->userData->hasRole('Default.Admins') || $id == 0) {
@@ -297,31 +300,24 @@ public function unsubscribe(int $id) : Response
      */
     public function getUsersByRole(string $roleName) : Response
     {
-        $usersArray = [];
-
         if (!Roles::isRole($roleName)) {
             throw new NotFoundException(_('Role does not exist'));
         }
 
         $role = Roles::getByName(ucfirst($roleName));
 
-        // Use table users role to get a list of all users with that role and belong to current company and app
-        $userRoles = UserRoles::findOrFail([
-            'conditions' => 'apps_id = :apps_id: 
-                            and companies_id = :companies_id: 
-                            and roles_id = :roles_id: 
-                            and is_deleted = 0',
-            'bind' => [
-                'apps_id' => $this->app->getId(),
-                'companies_id' => $this->userData->getCurrentCompany()->getId(),
-                'roles_id' => $role->id
-            ]
-        ]);
+        $this->additionalSearchFields = [
+            ['is_deleted', ':', 0],
+        ];
 
-        foreach ($userRoles as $userRole) {
-            $usersArray[] = $userRole->user;
-        }
+        $this->customTableJoins = ' , user_roles as r';
+        $this->customConditions = " AND users.id = r.users_id AND  
+                        r.companies_id = {$this->userData->getCurrentCompany()->getId()}
+                        AND r.roles_id = {$role->getId()}
+                        AND r.is_deleted = 0
+                        AND r.apps_id = {$this->app->getId()}
+        ";
 
-        return $this->response($usersArray);
+        return $this->index();
     }
 }
@@ -13,10 +13,9 @@
 use Canvas\Models\Roles;
 use Canvas\Models\SystemModules;
 use Canvas\Models\Users;
-use Phalcon\Di;
 use Monolog\Handler\StreamHandler;
 use Monolog\Logger;
-
+use Phalcon\Di;
 
 class Setup
 {
@@ -261,8 +260,7 @@ public function acl() : self
         $acl = Di::getDefault()->get('acl');
         $acl->setApp($this->app);
 
-        $acl->addRole($this->app->name . '.Admins');
-        $acl->addRole($this->app->name . '.Users');
+        $acl->addRole($this->app->name . '.Manager');
 
         $acl->addComponent(
             $this->app->name . '.Users',
@@ -276,7 +274,7 @@ public function acl() : self
         );
 
         $acl->allow(
-            'Admins',
+            'Manager',
             $this->app->name . '.Users',
             [
                 'read',
@@ -320,7 +318,7 @@ public function acl() : self
             );
 
             $acl->allow(
-                'Admins',
+                'Manager',
                 $resource,
                 [
                     'read',
@@ -333,7 +331,7 @@ public function acl() : self
         }
 
         $acl->allow(
-            'Admins',
+            'Manager',
             $this->app->name . '.SettingsMenu',
             [
                 'company-settings',