This fixes #100 by explicity passing add/remove team arrays

and checking each one to see if the user has the appropriate
permissions

Module.php

@@ -36,6 +36,7 @@
 use Laminas\Mvc\MvcEvent;
 use Laminas\ServiceManager\ServiceLocatorInterface;
 use Laminas\View\Renderer\PhpRenderer;
+use Teams\Mvc\Controller\Plugin\TeamAuth;
 
 class Module extends AbstractModule
 {
@@ -623,7 +624,6 @@ public function displayTeamForm(Event $event)
         if ($vars->resource) {
             $vars->offsetSet('teams', $this->listTeams($vars->resource, 'representation'));
         }
-        //TODO: this is actually a js script and needs to just be added as such
         echo $event->getTarget()->partial(
             'teams/partial/team-form'
         );
@@ -1522,7 +1522,6 @@ public function assetUpdate(Event $event)
             $em->persist($team_asset);
             endforeach;
             $em->flush();
-            $logger = $this->getServiceLocator()->get('Omeka\Logger');
         }
     }
     public function siteUpdate(Event $event)
@@ -1811,41 +1810,51 @@ public function itemUpdate(Event $event)
         $entity = $event->getParam('entity');
         $request = $event->getParam('request');
         $operation = $request->getOperation();
+        $teamAuth = new TeamAuth($em, $this->getUser());
 
         if ($operation == 'update') {
-            if (array_key_exists('team', $request->getContent())) {
+            if (array_key_exists('remove_team', $request->getContent()) ||
+                array_key_exists('add_team', $request->getContent())) {
+
+                //get ids for the item and all of its media
                 $resource_ids = [];
                 $resource_ids[$request->getId()] = true;
                 foreach ($entity->getMedia() as $media) {
                     $resource_ids[$media->getId()] = true;
                 }
-
-                $teams = $request->getContent()['team'];
 
-                //remove item associated media from all teams they were associated before form submission
-                foreach (array_keys($resource_ids) as $resource_id) {
-                    $team_resources = $em->getRepository('Teams\Entity\TeamResource')->findBy(['resource' => $resource_id]);
-                    foreach ($team_resources as $tr) {
-                        $em->remove($tr);
+                foreach ($request->getContent()['add_team'] as $team_id) {
+                    //if the user is authorized to add items to that team
+                    if ($teamAuth->teamAuthorized('add', 'resource', $team_id)) {
+                        $team = $em->getRepository('Teams\Entity\Team')->findOneBy(['id' => $team_id]);
+                        if ($team) {
+                            foreach (array_keys($resource_ids) as $resource_id) {
+                                $resource = $em->getRepository('Omeka\Entity\Resource')->findOneBy(['id' => $resource_id]);
+                                if ($resource) {
+                                    $team_resource = new TeamResource($team, $resource);
+                                    $em->persist($team_resource);
+                                }
+                            }
+                        }
                     }
                 }
                 $em->flush();
 
-                //add to teams from form
-                foreach ($teams as $team_id) {
-                    $team = $em->getRepository('Teams\Entity\Team')->findOneBy(['id' => $team_id]);
-                    foreach (array_keys($resource_ids) as $resource_id) {
-                        $resource = $em->getRepository('Omeka\Entity\Resource')->findOneBy(['id' => $resource_id]);
-                        $team_resource = new TeamResource($team, $resource);
-                        $em->persist($team_resource);
+                foreach ($request->getContent()['remove_team'] as $team_id) {
+                    if ($teamAuth->teamAuthorized('delete', 'resource', $team_id)) {
+                        foreach (array_keys($resource_ids) as $resource_id) {
+                            $team_resource = $em->getRepository('Teams\Entity\TeamResource')
+                                    ->findOneBy(['team' => $team_id, 'resource'=>$resource_id]);
+                            if ($team_resource) {
+                                $em->remove($team_resource);
+                            }
+                        }
                     }
+                    $em->flush();
                 }
-                $em->flush();
+                //once teams are updated, sync item-site
+                $this->updateItemSites($request->getId());
             }
-
-            //once teams are updated, sync item-site
-            $this->updateItemSites($request->getId());
-
         }
     }
 

asset/js/add-team-to-resource.js

@@ -22,14 +22,41 @@ $(document).ready(function() {
     });
 
 // Remove a team from the edit panel.
-    $('#team-resources').on('click', '.o-icon-delete', function(event) {
+    $('#team-resources').on('click', '.o-icon-delete.existing', function(event) {
+        event.preventDefault();
+
+        var removeLink = $(this);
+        var teamRow = $(this).closest('tr');
+        var teamInput = removeLink.closest('tr').find('input');
+        teamInput.attr('name', 'remove_team[]')
+
+        // Undo remove team link.
+        var undoRemoveLink = $('<a>', {
+            href: '#',
+            class: 'fa fa-undo',
+            title: Omeka.jsTranslate('Undo remove team'),
+            click: function(event) {
+                event.preventDefault();
+                teamInput.attr('name', 'existing_team[]');
+                teamRow.toggleClass('delete');
+                removeLink.show();
+                $(this).remove();
+            },
+        });
+
+        teamRow.toggleClass('delete');
+        undoRemoveLink.insertAfter(removeLink);
+            removeLink.hide();
+    });
+    $('#team-resources').on('click', '.o-icon-delete.new', function(event) {
         event.preventDefault();
 
         var removeLink = $(this);
         var teamRow = $(this).closest('tr');
         var teamInput = removeLink.closest('tr').find('input');
         teamInput.prop('disabled', true);
 
+
         // Undo remove team link.
         var undoRemoveLink = $('<a>', {
             href: '#',

view/teams/partial/team-form.phtml

@@ -12,10 +12,10 @@ $teamTemplate = '
     <td>
         <ul class="actions">
             <li>
-                <a href="#" class="o-icon-delete disabled" title="' . $removeStr . '" aria-label="' . $removeStr . '"></a>
+                <a href="#" class="o-icon-delete new" title="' . $removeStr . '" aria-label="' . $removeStr . '"></a>
             </li>
         </ul>
-        <input type="hidden" name="team[]">
+        <input type="hidden" name="add_team[]">
     </td>
 </tr>';
 ?>
@@ -40,13 +40,13 @@ $teamTemplate = '
                 <td>
                     <span><?php echo $team->getName()?></span>
 
-                    <input type="hidden" name="team[]" value="<?php echo $escape($team->getId()) ?>">
+                    <input type="hidden" name="existing_team[]" value="<?php echo $escape($team->getId()) ?>">
                 </td>
                 <td>
                     <ul class="actions" style="float:right">
                         <li>
                             <?php if ($this->roleAuth()->teamAuthorized('delete', 'resource',$team->getId())): ?>
-                                <a href="#" class="o-icon-delete" title="<?php echo $removeStr; ?>" aria-label="<?php echo $removeStr; ?>"></a>
+                                <a href="#" class="o-icon-delete existing" title="<?php echo $removeStr; ?>" aria-label="<?php echo $removeStr; ?>"></a>
                             <?php endif; ?>
                         </li>
                     </ul>
@@ -73,5 +73,6 @@ $teamTemplate = '
     <?php endif; ?>
     <button id="team-selector-button" class="mobile-only"><?php echo $this->translate('Add a team'); ?></button>
     <span id="team-template" data-template="<?php echo $escape($teamTemplate); ?>"></span>
-    <?php echo $this->addTeam(); ?>
+
+    <?php echo $this->addTeam(); //add the right sidebar control with the list of teams that can be added?>
 </fieldset>