From 943e18464293df3dc0cf144fc4ef56c92f617866 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 11 Aug 2021 13:58:12 +0200
Subject: [PATCH 001/150] chg: [app_local] config defaults

---
 config/app_local.example.php | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/config/app_local.example.php b/config/app_local.example.php
index 03aeef1..aca4ef1 100644
--- a/config/app_local.example.php
+++ b/config/app_local.example.php
@@ -5,6 +5,16 @@
  * Note: It is not recommended to commit files with credentials such as app_local.php
  * into source code version control.
  */
+
+// set the baseurl here if you want to set it manually
+$baseurl = env('CEREBRATE_BASEURL', false);
+
+
+// Do not modify the this block
+$temp = parse_url($baseurl);
+$base = empty($temp['path']) ? false : $temp['path'];
+// end of block
+
 return [
     /*
      * Debug Level:
@@ -90,8 +100,12 @@ return [
         ],
     ],
     'Cerebrate' => [
-	'open' => [],
-    'dark' => 0,
-    'baseurl' => ''
+	    'open' => [],
+        'dark' => 0,
+        'baseurl' => ''
+    ],
+    'App' => [
+        'base' => $base,
+        'fullBaseUrl' => $fullBaseUrl
     ]
 ];

From 739dc25b1ee88d2d1eae32e4f4432fe41cb0c2d1 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 24 Sep 2021 13:11:39 +0200
Subject: [PATCH 002/150] fix: [Command] typo fixed as mentioned in #71

---
 src/Command/ImporterCommand.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Command/ImporterCommand.php b/src/Command/ImporterCommand.php
index c79ba76..52e11ba 100644
--- a/src/Command/ImporterCommand.php
+++ b/src/Command/ImporterCommand.php
@@ -2,7 +2,7 @@
 
 /**
  * Generic importer to feed data to cerebrate from JSON or CSV.
- * 
+ *
  * - JSON configuration file must have the `format` key which can either take the value `json` or `csv`
  *  - If `csv` is provided, the file must contains the header.
  *  - If `json` is provided, a `mapping` key on how to reach each fields using the cakephp4's Hash syntax must be provided.
@@ -10,7 +10,7 @@
  *          - The key is the field name
  *          - The value
  *              - Can either be the string representing the path from which to get the value
- *              - Or a JSON containg the `path`, the optional `override` parameter specifying if the existing data should be overriden 
+ *              - Or a JSON containg the `path`, the optional `override` parameter specifying if the existing data should be overriden
  *                and an optional `massage` function able to alter the data.
  *          - Example
  *              {
@@ -22,7 +22,7 @@
  *              },
  *
  * - The optional primary key argument provides a way to make import replayable. It can typically be used when an ID or UUID is not provided in the source file but can be replaced by something else (e.g. team-name or other type of unique data).
- * 
+ *
  */
 
 namespace App\Command;
@@ -161,7 +161,7 @@ class ImporterCommand extends Command
                     'valueField' => 'id'
                 ])->where(['meta_template_id' => $metaTemplate->id])->toArray();
             } else {
-                $this->io->error("Unkown template for UUID {$config['metaTemplateUUID']}");
+                $this->io->error("Unknown template for UUID {$config['metaTemplateUUID']}");
                 die(1);
             }
         }
@@ -192,7 +192,7 @@ class ImporterCommand extends Command
                                 $metaEntity->meta_template_field_id = $metaTemplateFieldsMapping[$fieldName];
                             } else {
                                 $hasErrors = true;
-                                $this->io->error("Field $fieldName is unkown for template {$metaTemplate->name}");
+                                $this->io->error("Field $fieldName is unknown for template {$metaTemplate->name}");
                                 break;
                             }
                         }
@@ -525,4 +525,4 @@ class ImporterCommand extends Command
     {
         return is_null($value) ? '' : $value;
     }
-}
\ No newline at end of file
+}

From b6c3aee91f2475488c7c7a1f29756c21ca84dbe5 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 21 Oct 2021 13:44:49 +0200
Subject: [PATCH 003/150] fix: [settings] invalid path to setting fixed

---
 src/Controller/UsersController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index d2235a6..e5258d0 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -162,7 +162,7 @@ class UsersController extends AppController
 
     public function register()
     {
-        if (empty(Configure::read('Cerebrate')['security.registration.self-registration'])) {
+        if (empty(Configure::read('security.registration.self-registration'))) {
             throw new UnauthorizedException(__('User self-registration is not open.'));
         }
         if ($this->request->is('post')) {

From fe500e9796a6004b2c1e8513a08f4440d56979d1 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 21 Oct 2021 13:45:24 +0200
Subject: [PATCH 004/150] fix: [settings] self registration setting path fixed

---
 templates/Users/login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/Users/login.php b/templates/Users/login.php
index d5cab0e..1f62282 100644
--- a/templates/Users/login.php
+++ b/templates/Users/login.php
@@ -24,7 +24,7 @@ use Cake\Core\Configure;
     echo $this->Form->control('password', ['type' => 'password', 'label' => 'Password', 'class' => 'form-control mb-3', 'placeholder' => __('Password')]);
     echo $this->Form->control(__('Login'), ['type' => 'submit', 'class' => 'btn btn-primary']);
     echo $this->Form->end();
-    if (!empty(Configure::read('Cerebrate')['security.registration.self-registration'])) {
+    if (!empty(Configure::read('security.registration.self-registration'))) {
         echo '<div class="text-end">';
             echo sprintf('<span class="text-secondary ms-auto" style="font-size: 0.8rem">%s <a href="/users/register" class="text-decoration-none link-primary fw-bold">%s</a></span>', __('Doesn\'t have an account?'), __('Sign up'));
         echo '</div>';
@@ -55,4 +55,4 @@ use Cake\Core\Configure;
         echo $this->Form->end();
     }
     ?>
-</div>
\ No newline at end of file
+</div>

From 7eac09a3023f4b1884b1c9afc914695b69a0ca23 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 22 Oct 2021 16:25:47 +0200
Subject: [PATCH 005/150] chg: [doc] README improved for release 1.0

---
 README.md | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index c2dfa33..33d50fa 100644
--- a/README.md
+++ b/README.md
@@ -1,24 +1,31 @@
 # cerebrate
 
-The Cerebrate Sync Platform core software.  Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools.
+Cerebrate is an [open-source platform](https://github.com/cerebrate-project) meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as [MISP](https://www.misp-project.org/)).
 
-It is currently being built under the MeliCERTes v2 project and is heavily work in progress.
+# Features
 
-# Current features
+- Advanced repository to manage individuals and organisations;
+- Key store for public encryption and signing cryptographic keys (e.g. PGP);
+- Distributed synchronisation model where multiple Cerebrate instances can be interconnected amongst organisations and/or departments;
+- Management of individuals and their affiliations to each organisations;
+- Advanced API and CLI to integrate with existing tools (e.g. importing existing directory information);
+- Dynamic model for creating new organisational structure;
+- Support existing organisational structures such as [FIRST.org](https://www.first.org/) directory, EU [CSIRTs network](https://csirtsnetwork.eu/);
+- Local tooling interconnection to easily interconnect existing tools with their native protocols;
 
-- Repository of organisations and individuals
-- Maintain signing and encryption keys
-- Maintain affiliations between organisations and individuals
+Cerebrate is developed in the scope of the MeliCERTes v2 project.
 
 ## Screenshots
 
+![Dashboard](https://www.cerebrate-project.org/assets/images/screenshots/Screenshot%20from%202021-10-19%2016-31-56.png)
+
 List of individuals along with their affiliations
 
-![List of individuals](/documentation/images/individuals.png)
+![List of individuals](https://www.cerebrate-project.org/assets/images/screenshots/Screenshot%20from%202021-10-19%2016-32-35.png)
 
 Adding organisations
 
-![Adding an organisation](/documentation/images/add_org.png)
+![Adding an organisation](https://www.cerebrate-project.org/assets/images/screenshots/Screenshot%20from%202021-10-19%2016-33-04.png)
 
 Everything is available via the API, here an example of a search query for all international organisations in the DB.
 
@@ -28,6 +35,10 @@ Managing public keys and assigning them to users both for communication and vali
 
 ![Encryption key management](/documentation/images/add_encryption_key.png)
 
+Dynamic model for creating new organisation structre
+
+![Meta Field Templates](https://www.cerebrate-project.org/assets/images/screenshots/Screenshot%20from%202021-10-19%2016-38-21.png)
+
 # Requirements and installation
 
 The platform is built on CakePHP 4 along with Bootstrap 4 and shares parts of the code-base with [MISP](https://www.github.com/MISP).
@@ -45,6 +56,7 @@ For installation via docker, refer to the [cerebrate-docker](https://github.com/
 ~~~~
     The software is released under the AGPLv3.
 
-    Copyright (C) 2019, 2020  Andras Iklody
+    Copyright (C) 2019, 2021  Andras Iklody
+    Copyright (C) 2020-2021 Sami Mokaddem
     Copyright (C) CIRCL - Computer Incident Response Center Luxembourg
 ~~~~

From 3050f7e23b9d3939020116b6121d6bdd9108a75f Mon Sep 17 00:00:00 2001
From: Andras Iklody <andras.iklody@gmail.com>
Date: Fri, 22 Oct 2021 16:44:11 +0200
Subject: [PATCH 006/150] chg: small changes to the readme

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 33d50fa..0114d21 100644
--- a/README.md
+++ b/README.md
@@ -9,9 +9,9 @@ Cerebrate is an [open-source platform](https://github.com/cerebrate-project) mea
 - Distributed synchronisation model where multiple Cerebrate instances can be interconnected amongst organisations and/or departments;
 - Management of individuals and their affiliations to each organisations;
 - Advanced API and CLI to integrate with existing tools (e.g. importing existing directory information);
-- Dynamic model for creating new organisational structure;
+- Dynamic model for creating new organisational structures;
 - Support existing organisational structures such as [FIRST.org](https://www.first.org/) directory, EU [CSIRTs network](https://csirtsnetwork.eu/);
-- Local tooling interconnection to easily interconnect existing tools with their native protocols;
+- Local tooling interconnection to easily connect existing tools with their native protocols;
 
 Cerebrate is developed in the scope of the MeliCERTes v2 project.
 

From 058314af52614fae57c0bf10c2cb29ad0ea77042 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Laurent?=
 <33688507+remil1000@users.noreply.github.com>
Date: Mon, 25 Oct 2021 15:46:04 +0200
Subject: [PATCH 007/150] Create docker-publish.yml

initial attempt at GH actions docker build and push
---
 .github/workflows/docker-publish.yml | 52 ++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 .github/workflows/docker-publish.yml

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
new file mode 100644
index 0000000..c08958f
--- /dev/null
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,52 @@
+name: Docker
+
+on:
+  push:
+    branches: [ feature/docker-ci ]
+    tags: [ 'v*.*' ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          file: docker/Dockerfile
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            "COMPOSER_VERSION=2.1.5"
+            "PHP_VERSION=7.4"
+            "DEBIAN_RELEASE=buster"

From cfe8b7cd46aa7410859be93aa153f17e5aa8d378 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Laurent?= <remi.laurent@securitymadein.lu>
Date: Mon, 25 Oct 2021 15:46:47 +0200
Subject: [PATCH 008/150] dockerfile and configuration

---
 .gitignore                       |  2 +-
 docker/Dockerfile                | 80 ++++++++++++++++++++++++++++++++
 docker/README.md                 | 47 +++++++++++++++++++
 docker/docker-compose.yml        | 28 +++++++++++
 docker/entrypoint.sh             | 20 ++++++++
 docker/etc/DocumentRoot.htaccess |  3 ++
 docker/etc/app_local.php         | 44 ++++++++++++++++++
 docker/etc/webroot.htaccess      |  3 ++
 8 files changed, 226 insertions(+), 1 deletion(-)
 create mode 100644 docker/Dockerfile
 create mode 100644 docker/README.md
 create mode 100644 docker/docker-compose.yml
 create mode 100755 docker/entrypoint.sh
 create mode 100644 docker/etc/DocumentRoot.htaccess
 create mode 100644 docker/etc/app_local.php
 create mode 100644 docker/etc/webroot.htaccess

diff --git a/.gitignore b/.gitignore
index f370d3e..cdb86ef 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,4 @@ config/app_local.php
 logs
 tmp
 vendor
-
+docker/run/
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..7e2035e
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,80 @@
+ARG COMPOSER_VERSION
+ARG PHP_VERSION
+ARG DEBIAN_RELEASE
+
+FROM php:${PHP_VERSION}-apache-${DEBIAN_RELEASE}
+
+# we need some extra libs to be installed in the runtime
+RUN apt-get update && \
+	apt-get install -y --no-install-recommends curl git zip unzip && \
+	apt-get install -y --no-install-recommends libicu-dev libxml2-dev && \
+	docker-php-ext-install intl pdo pdo_mysql mysqli simplexml && \
+	apt-get remove -y --purge libicu-dev libxml2-dev && \
+	apt-get clean && \
+	rm -rf /var/lib/apt/lists/*
+
+COPY composer.json composer.json
+
+# install composer as root
+ARG COMPOSER_VERSION
+RUN curl -sL https://getcomposer.org/installer | \
+	php -- --install-dir=/usr/bin/ --filename=composer --version=${COMPOSER_VERSION}
+
+# switch back to unprivileged user for composer install
+USER www-data
+
+RUN composer install \
+	--ignore-platform-reqs \
+	--no-interaction \
+	--no-plugins \
+	--no-scripts \
+	--prefer-dist
+
+# web server configuration
+USER root
+
+# allow .htaccess overrides and push them
+RUN a2enmod rewrite
+RUN sed -i -r '/DocumentRoot/a \\t<Directory /var/www/html/>\n\t\tAllowOverride all\n\t</Directory>' /etc/apache2/sites-available/000-default.conf
+COPY --chown=www-data docker/etc/DocumentRoot.htaccess /var/www/html/.htaccess
+COPY --chown=www-data docker/etc/webroot.htaccess /var/www/html/webroot/.htaccess
+
+# passing environment variables through apache
+RUN a2enmod env
+RUN echo 'PassEnv CEREBRATE_DB_HOST'          >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_DB_NAME'          >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_DB_PASSWORD'      >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_DB_PORT'          >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_DB_SCHEMA'        >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_DB_USERNAME'      >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_EMAIL_HOST'       >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_EMAIL_PASSWORD'   >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_EMAIL_PORT'       >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_EMAIL_TLS'        >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_EMAIL_USERNAME'   >> /etc/apache2/conf-enabled/environment.conf
+RUN echo 'PassEnv CEREBRATE_SECURITY_SALT'    >> /etc/apache2/conf-enabled/environment.conf
+
+# entrypoint
+COPY docker/entrypoint.sh /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+
+# copy actual codebase
+COPY --chown=www-data . /var/www/html
+
+# last checks with unprivileged user
+USER www-data
+
+# CakePHP seems to not handle very well externally installed components
+# this will chown/chmod/symlink all in place for its own good
+RUN composer install --no-interaction
+
+# app config override making use of environment variables
+COPY --chown=www-data docker/etc/app_local.php /var/www/html/config/app_local.php
+# version 1.0 addition requires a config/config.json file
+# can still be overriden by a docker volume
+RUN cp -a /var/www/html/config/config.example.json /var/www/html/config/config.json
+
+# also can be overridin by a docker volume
+RUN mkdir -p /var/www/html/logs
+
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 0000000..1074c0c
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,47 @@
+# Database init
+
+For the `docker-compose` setup to work you must initialize database with
+what is in `../INSTALL/mysql.sql`
+
+```
+mkdir -p run/dbinit/
+cp ../INSTALL/mysql.sql run/dbinit/
+```
+
+The MariaDB container has a volume mounted as follow
+`- ./run/dbinit:/docker-entrypoint-initdb.d/:ro`
+
+So that on startup the container will source files in this directory to seed
+the database. Once it's done the container will run normally and Cerebrate will
+be able to roll its database migration scripts
+
+# Actual data and volumes
+
+The actual database will be located in `./run/database` exposed with the
+following volume `- ./run/database:/var/lib/mysql`
+
+Application logs (CakePHP / Cerebrate) will be stored in `./run/logs`,
+volume `- ./run/logs:/var/www/html/logs`
+
+You're free to change those parameters if you're using Swarm, Kubernetes or
+your favorite config management tool to deploy this stack
+
+# Building yourself
+
+You can create the following Makefile in basedir of this repository
+and issue `make image`
+
+```
+COMPOSER_VERSION?=2.1.5
+PHP_VERSION?=7.4
+DEBIAN_RELEASE?=buster
+IMAGE_NAME?=cerebrate:latest
+
+image:
+	docker build -t $(IMAGE_NAME) \
+		-f docker/Dockerfile \
+		--build-arg COMPOSER_VERSION=$(COMPOSER_VERSION) \
+		--build-arg PHP_VERSION=$(PHP_VERSION) \
+		--build-arg DEBIAN_RELEASE=$(DEBIAN_RELEASE) \
+		.
+```
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
new file mode 100644
index 0000000..e36c8c5
--- /dev/null
+++ b/docker/docker-compose.yml
@@ -0,0 +1,28 @@
+version: "3"
+services:
+  database:
+    image: mariadb:10.6
+    restart: always
+    volumes:
+      - ./run/database:/var/lib/mysql
+      - ./run/dbinit:/docker-entrypoint-initdb.d/:ro
+    environment:
+      MARIADB_RANDOM_ROOT_PASSWORD: "yes"
+      MYSQL_DATABASE: "cerebrate"
+      MYSQL_USER: "cerebrate"
+      MYSQL_PASSWORD: "etarberec"
+  www:
+    image: $IMAGE_NAME
+    ports:
+      - "8080:80"
+    volumes:
+      - ./run/logs:/var/www/html/logs
+    environment:
+      DEBUG: "true"
+      CEREBRATE_DB_USERNAME: "cerebrate"
+      CEREBRATE_DB_PASSWORD: "etarberec"
+      CEREBRATE_DB_NAME: "cerebrate"
+      CEREBRATE_DB_HOST: database
+      CEREBRATE_SECURITY_SALT: supersecret
+    depends_on:
+      - database
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100755
index 0000000..35ef6dd
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+
+run_all_migrations() {
+	./bin/cake migrations migrate
+	./bin/cake migrations migrate -p tags
+	./bin/cake migrations migrate -p ADmad/SocialAuth
+}
+
+# waiting for DB to come up
+for try in 1 2 3 4 5 6; do
+	echo >&2 "migration - attempt $try"
+	run_all_migrations && break || true
+	sleep 5
+	[ "$try" = "6" ] && exit 1
+done
+
+exec /usr/local/bin/apache2-foreground "$@"
diff --git a/docker/etc/DocumentRoot.htaccess b/docker/etc/DocumentRoot.htaccess
new file mode 100644
index 0000000..ef9940b
--- /dev/null
+++ b/docker/etc/DocumentRoot.htaccess
@@ -0,0 +1,3 @@
+RewriteEngine on
+RewriteRule    ^$    webroot/    [L]
+RewriteRule    (.*) webroot/$1    [L]
diff --git a/docker/etc/app_local.php b/docker/etc/app_local.php
new file mode 100644
index 0000000..ac1d212
--- /dev/null
+++ b/docker/etc/app_local.php
@@ -0,0 +1,44 @@
+<?php
+$db = [
+    'username' => env('CEREBRATE_DB_USERNAME', 'cerebrate'),
+    'password' => env('CEREBRATE_DB_PASSWORD', ''),
+    'host'     => env('CEREBRATE_DB_HOST', 'localhost'),
+    'database' => env('CEREBRATE_DB_NAME', 'cerebrate'),
+];
+
+// non-default port can be set on demand - otherwise the DB driver will choose the default
+if (!empty(env('CEREBRATE_DB_PORT'))) {
+    $db['port'] = env('CEREBRATE_DB_PORT');
+}
+
+// If not using the default 'public' schema with the PostgreSQL driver set it here.
+if (!empty(env('CEREBRATE_DB_SCHEMA'))) {
+    $db['schema'] = env('CEREBRATE_DB_SCHEMA');
+}
+
+return [
+    'debug' => filter_var(env('DEBUG', false), FILTER_VALIDATE_BOOLEAN),
+
+    'Security' => [
+        'salt' => env('CEREBRATE_SECURITY_SALT'),
+    ],
+
+    'Datasources' => [
+        'default' => $db,
+    ],
+
+    'EmailTransport' => [
+        'default' => [
+            // host could be ssl://smtp.gmail.com then set port to 465
+            'host' => env('CEREBRATE_EMAIL_HOST', 'localhost'),
+            'port' => env('CEREBRATE_EMAIL_PORT', 25),
+            'username' => env('CEREBRATE_EMAIL_USERNAME', null),
+            'password' => env('CEREBRATE_EMAIL_PASSWORD', null),
+            'tls' => env('CEREBRATE_EMAIL_TLS', null)
+        ],
+    ],
+    'Cerebrate' => [
+    'open' => [],
+        'dark' => 0
+    ]
+];
diff --git a/docker/etc/webroot.htaccess b/docker/etc/webroot.htaccess
new file mode 100644
index 0000000..879f805
--- /dev/null
+++ b/docker/etc/webroot.htaccess
@@ -0,0 +1,3 @@
+RewriteEngine On
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^ index.php [L]

From 4dc79a2a5137853384f945689ae0231eae1c33f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Laurent?= <remi.laurent@securitymadein.lu>
Date: Mon, 25 Oct 2021 16:31:06 +0200
Subject: [PATCH 009/150] [skip ci] changing triggering branch in workflow

---
 .github/workflows/docker-publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index c08958f..dd01dc8 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -2,7 +2,7 @@ name: Docker
 
 on:
   push:
-    branches: [ feature/docker-ci ]
+    branches: [ main ]
     tags: [ 'v*.*' ]
   pull_request:
     branches: [ main ]

From 3916941e07f8f18badf65365ff83885cb29ed7c3 Mon Sep 17 00:00:00 2001
From: Andras Iklody <andras.iklody@gmail.com>
Date: Mon, 25 Oct 2021 18:00:33 +0200
Subject: [PATCH 010/150] chg: [docker] updated image path to the github
 package of this repo

---
 docker/docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index e36c8c5..c99ee69 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -12,7 +12,7 @@ services:
       MYSQL_USER: "cerebrate"
       MYSQL_PASSWORD: "etarberec"
   www:
-    image: $IMAGE_NAME
+    image: ghcr.io/cerebrate-project/cerebrate:main
     ports:
       - "8080:80"
     volumes:

From 8df97082584fc87a1e103fc8df399681eb47f434 Mon Sep 17 00:00:00 2001
From: DocArmoryTech <cormac.doherty@ucd.ie>
Date: Thu, 28 Oct 2021 22:23:38 +0100
Subject: [PATCH 011/150] Added missing 'Cerebrate' section

Second part of resolution to Issue #75

Added missing Cerebrate config section to resolved the following error:

```
warning: Warning (2): in_array() expects parameter 2 to be array, null given in [/var/www/cerebrate/src/Controller/Component/Navigation/sidemenu.php, line 130]
Request URL: /users/login
Referer URL: http://127.0.0.1:8000/users/login?redirect=%2F
Client IP: 127.0.0.1
```
---
 config/app_local.example.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/app_local.example.php b/config/app_local.example.php
index 87b1568..1ec0f4a 100644
--- a/config/app_local.example.php
+++ b/config/app_local.example.php
@@ -99,4 +99,8 @@ return [
             'url' => env('EMAIL_TRANSPORT_DEFAULT_URL', null),
         ],
     ],
+    'Cerebrate' => [
+        'open' => [],
+        'dark' => 0
+    ]
 ];

From 27c2d07e3ccdf552d728d4a85561a92432825a12 Mon Sep 17 00:00:00 2001
From: DocArmoryTech <cormac.doherty@ucd.ie>
Date: Thu, 28 Oct 2021 22:56:25 +0100
Subject: [PATCH 012/150] Keep composer happy with permissions

partial resolution to issue #75

create/initialise a `/var/www/.composer` director to keep composer happy and explicitly tell sudo to set the home dir `-H`
---
 INSTALL/INSTALL.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/INSTALL/INSTALL.md b/INSTALL/INSTALL.md
index a962de1..49948e8 100644
--- a/INSTALL/INSTALL.md
+++ b/INSTALL/INSTALL.md
@@ -32,8 +32,10 @@ sudo -u www-data git clone https://github.com/cerebrate-project/cerebrate.git /v
 Run composer
 
 ```bash
+mkdir -p /var/www/.composer
+sudo chown www-data:www-data /var/www/.composer
 cd /var/www/cerebrate
-sudo -u www-data composer install
+sudo -H -u www-data composer install
 ```
 
 Create a database for cerebrate

From f10e0225634ece299a4a52b9ace2f6292b55c853 Mon Sep 17 00:00:00 2001
From: DocArmoryTech <cormac.doherty@ucd.ie>
Date: Thu, 28 Oct 2021 22:58:38 +0100
Subject: [PATCH 013/150] Create logs dir

---
 logs/.gitkeep | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 logs/.gitkeep

diff --git a/logs/.gitkeep b/logs/.gitkeep
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/logs/.gitkeep
@@ -0,0 +1 @@
+

From 5c48de77795acfcdaca1b43d838a46e6db9e0159 Mon Sep 17 00:00:00 2001
From: drizzit56 <60116496+drizzit56@users.noreply.github.com>
Date: Fri, 29 Oct 2021 00:29:46 +0100
Subject: [PATCH 014/150] Adding nginx alternative config file and updating
 INSTALL.md for nginx usage

---
 INSTALL/INSTALL.md                            | 36 +++++++++++++++----
 ...ate_dev.conf => cerebrate_apache_dev.conf} |  0
 INSTALL/cerebrate_nginx.conf                  |  0
 3 files changed, 30 insertions(+), 6 deletions(-)
 rename INSTALL/{cerebrate_dev.conf => cerebrate_apache_dev.conf} (100%)
 mode change 100755 => 100644
 create mode 100644 INSTALL/cerebrate_nginx.conf

diff --git a/INSTALL/INSTALL.md b/INSTALL/INSTALL.md
index 49948e8..3685b00 100644
--- a/INSTALL/INSTALL.md
+++ b/INSTALL/INSTALL.md
@@ -1,8 +1,9 @@
 ## Requirements
 
 An Ubuntu server (18.04/20.04 should both work fine) - though other linux installations should work too.
-- apache2, mysql/mariadb, sqlite need to be installed and running
+- apache2 (or nginx), mysql/mariadb, sqlite need to be installed and running
 - php extensions for intl, mysql, sqlite3, mbstring, xml need to be installed and running
+- php extention for curl (not required but makes composer run a little faster)
 - composer
 
 ## Network requirements
@@ -17,8 +18,16 @@ Cerebrate communicates via HTTPS so in order to be able to connect to other cere
 ## Cerebrate installation instructions
 
 It should be sufficient to issue the following command to install the dependencies:
+
+- for apache
+
 ```bash
-sudo apt install apache2 mariadb-server git composer php-intl php-mbstring php-dom php-xml unzip php-ldap php-sqlite3 sqlite libapache2-mod-php php-mysql
+sudo apt install apache2 mariadb-server git composer php-intl php-mbstring php-dom php-xml unzip php-ldap php-sqlite3 php-curl sqlite libapache2-mod-php php-mysql
+```
+
+- for nginx
+```bash
+sudo apt install nginx mariadb-server git composer php-intl php-mbstring php-dom php-xml unzip php-ldap php-sqlite3 sqlite php-fpm php-curl php-mysql
 ```
 
 Clone this repository (for example into /var/www/cerebrate)
@@ -73,7 +82,7 @@ sudo -u www-data cp -a /var/www/cerebrate/config/config.example.json /var/www/ce
 sudo -u www-data vim /var/www/cerebrate/config/app_local.php
 ```
 
-mod_rewrite needs to be enabled:
+mod_rewrite needs to be enabled if __using apache__:
 
 ```bash
 sudo a2enmod rewrite
@@ -106,16 +115,31 @@ sudo rm /var/www/cerebrate/tmp/cache/persistent/*
 
 Create an apache config file for cerebrate / ssh key and point the document root to /var/www/cerebrate/webroot and you're good to go
 
-For development installs the following can be done:
+For development installs the following can be done for either apache or nginx:
 
 ```bash
+# Apache
 # This configuration is purely meant for local installations for development / testing
 # Using HTTP on an unhardened apache is by no means meant to be used in any production environment
-sudo cp /var/www/cerebrate/INSTALL/cerebrate_dev.conf /etc/apache2/sites-available/
-sudo ln -s /etc/apache2/sites-available/cerebrate_dev.conf /etc/apache2/sites-enabled/
+sudo cp /var/www/cerebrate/INSTALL/cerebrate_apache_dev.conf /etc/apache2/sites-available/
+sudo ln -s /etc/apache2/sites-available/cerebrate_apache_dev.conf /etc/apache2/sites-enabled/
 sudo service apache2 restart
 ```
 
+OR
+
+```bash
+# NGINX
+# This configuration is purely meant for local installations for development / testing
+# Using HTTP on an unhardened apache is by no means meant to be used in any production environment
+sudo cp /var/www/cerebrate/INSTALL/cerebrate_nginx.conf /etc/nginx/sites-available/
+sudo ln -s /etc/nginx/sites-available/cerebrate_nginx.conf /etc/nginx/sites-enabled/
+sudo systemctl disable apache2 # may be required if apache is using port
+sudo service nginx restart
+sudo systemctl enable nginx
+
+```
+
 Now you can point your browser to: http://localhost:8000
 
 To log in use the default credentials below:
diff --git a/INSTALL/cerebrate_dev.conf b/INSTALL/cerebrate_apache_dev.conf
old mode 100755
new mode 100644
similarity index 100%
rename from INSTALL/cerebrate_dev.conf
rename to INSTALL/cerebrate_apache_dev.conf
diff --git a/INSTALL/cerebrate_nginx.conf b/INSTALL/cerebrate_nginx.conf
new file mode 100644
index 0000000..e69de29

From e3168dacfad7980c9012f2a20e748231c21ce465 Mon Sep 17 00:00:00 2001
From: drizzit56 <60116496+drizzit56@users.noreply.github.com>
Date: Fri, 29 Oct 2021 00:33:11 +0100
Subject: [PATCH 015/150] adding nginx config

---
 INSTALL/cerebrate_nginx.conf | 37 ++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/INSTALL/cerebrate_nginx.conf b/INSTALL/cerebrate_nginx.conf
index e69de29..59ad861 100644
--- a/INSTALL/cerebrate_nginx.conf
+++ b/INSTALL/cerebrate_nginx.conf
@@ -0,0 +1,37 @@
+## Cerebrate Nginx Web Server Configuration
+server {
+        listen 8000;
+        # listen 443 ssl;
+
+        root /var/www/cerebrate/webroot;
+        error_log /var/log/nginx/cerebrate_error.log;
+        access_log /var/log/nginx/cerebrate_access.log;
+
+        # Add index.php to the list if you are using PHP
+        index index.html index.htm index.nginx-debian.html index.php;
+
+        server_name _;
+
+        # Configure Crypto Keys/Certificates/DH
+        # If enabling this setting change port above, should also set the server name
+        # ssl_certificate         /path/to/ssl/cert;
+        # ssl_certificate_key     /path/to/ssl/cert;
+
+        # enable HSTS
+        # add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
+        # add_header X-Frame-Options SAMEORIGIN;
+
+        location / {
+                try_files $uri $uri/ /index.php?$args;
+        }
+
+       location ~ \.php$ {
+               try_files $uri =404;
+               fastcgi_split_path_info ^(.+\.php)(/.+)$;
+               fastcgi_pass            unix:/var/run/php/php7.4-fpm.sock;
+               fastcgi_index           index.php;
+               include                 fastcgi_params;
+               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+               fastcgi_param PATH_INFO $fastcgi_path_info;
+       }
+}

From ae4a01160036bb1f31795d051b1aac5e6cdf1a8a Mon Sep 17 00:00:00 2001
From: Koen Van Impe <koen.vanimpe@cudeso.be>
Date: Mon, 1 Nov 2021 16:58:10 +0100
Subject: [PATCH 016/150] Update INSTALL.md

Minor installation documentation changes
---
 INSTALL/INSTALL.md | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/INSTALL/INSTALL.md b/INSTALL/INSTALL.md
index 49948e8..f09ae73 100644
--- a/INSTALL/INSTALL.md
+++ b/INSTALL/INSTALL.md
@@ -32,7 +32,7 @@ sudo -u www-data git clone https://github.com/cerebrate-project/cerebrate.git /v
 Run composer
 
 ```bash
-mkdir -p /var/www/.composer
+sudo mkdir -p /var/www/.composer
 sudo chown www-data:www-data /var/www/.composer
 cd /var/www/cerebrate
 sudo -H -u www-data composer install
@@ -40,6 +40,11 @@ sudo -H -u www-data composer install
 
 Create a database for cerebrate
 
+With a fresh install of Ubuntu sudo to the (system) root user before logging in as the mysql root
+```Bash
+sudo -i mysql -u root
+```
+
 From SQL shell:
 ```mysql
 mysql
@@ -48,6 +53,7 @@ CREATE USER 'cerebrate'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD';
 GRANT USAGE ON *.* to cerebrate@localhost;
 GRANT ALL PRIVILEGES ON cerebrate.* to cerebrate@localhost;
 FLUSH PRIVILEGES;
+QUIT;
 ```
 
 Or from Bash:
@@ -93,9 +99,9 @@ This would be, when following the steps above:
 
 Run the database schema migrations
 ```bash
-/var/www/cerebrate/bin/cake migrations migrate
-/var/www/cerebrate/bin/cake migrations migrate -p tags
-/var/www/cerebrate/bin/cake migrations migrate -p ADmad/SocialAuth
+sudo -u www-data /var/www/cerebrate/bin/cake migrations migrate
+sudo -u www-data /var/www/cerebrate/bin/cake migrations migrate -p tags
+sudo -u www-data /var/www/cerebrate/bin/cake migrations migrate -p ADmad/SocialAuth
 ```
 
 Clean cakephp caches

From 23dc460359b980becc23be813619a200ade7a822 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 14:44:07 +0100
Subject: [PATCH 017/150] new: [auditlog system] added

- port of Jakub Onderka's implementation from MISP
- Still not fully realised, lacking search functionalities
---
 src/Controller/AuditLogsController.php  |  36 ++++
 src/Model/Behavior/AuditLogBehavior.php | 214 ++++++++++++++++++++
 src/Model/Entity/AuditLog.php           |  68 +++++++
 src/Model/Table/AuditLogsTable.php      | 250 ++++++++++++++++++++++++
 4 files changed, 568 insertions(+)
 create mode 100644 src/Controller/AuditLogsController.php
 create mode 100644 src/Model/Behavior/AuditLogBehavior.php
 create mode 100644 src/Model/Entity/AuditLog.php
 create mode 100644 src/Model/Table/AuditLogsTable.php

diff --git a/src/Controller/AuditLogsController.php b/src/Controller/AuditLogsController.php
new file mode 100644
index 0000000..58a2133
--- /dev/null
+++ b/src/Controller/AuditLogsController.php
@@ -0,0 +1,36 @@
+<?php
+namespace App\Controller;
+
+use App\Controller\AppController;
+use Cake\Utility\Hash;
+use Cake\Utility\Text;
+use Cake\ORM\TableRegistry;
+use \Cake\Database\Expression\QueryExpression;
+use Cake\Http\Exception\UnauthorizedException;
+use Cake\Core\Configure;
+
+class AuditLogsController extends AppController
+{
+    public $filterFields = ['model_id', 'model', 'action', 'user_id', 'title'];
+    public $quickFilterFields = ['model', 'action', 'title'];
+    public $containFields = ['Users'];
+
+    public function index()
+    {
+        $this->CRUD->index([
+            'contain' => $this->containFields,
+            'filters' => $this->filterFields,
+            'quickFilters' => $this->quickFilterFields,
+            'afterFind' => function($data) {
+                $data['request_ip'] = inet_ntop(stream_get_contents($data['request_ip']));
+                $data['change'] = stream_get_contents($data['change']);
+                return $data;
+            }
+        ]);
+        $responsePayload = $this->CRUD->getResponsePayload();
+        if (!empty($responsePayload)) {
+            return $responsePayload;
+        }
+        $this->set('metaGroup', 'Administration');
+    }
+}
diff --git a/src/Model/Behavior/AuditLogBehavior.php b/src/Model/Behavior/AuditLogBehavior.php
new file mode 100644
index 0000000..3eacfe2
--- /dev/null
+++ b/src/Model/Behavior/AuditLogBehavior.php
@@ -0,0 +1,214 @@
+<?php
+namespace App\Model\Behavior;
+
+use ArrayObject;
+use Cake\Datasource\EntityInterface;
+use Cake\Event\EventInterface;
+use Cake\ORM\Behavior;
+use Cake\ORM\Entity;
+use Cake\ORM\Query;
+use Cake\Utility\Text;
+use Cake\Utility\Security;
+use \Cake\Http\Session;
+use Cake\Core\Configure;
+use Cake\ORM\TableRegistry;
+use App\Model\Table\AuditLogTable;
+
+class AuditLogBehavior extends Behavior
+{
+    /** @var array */
+    private $config;
+
+    /** @var array|null */
+    private $old;
+
+    /** @var AuditLog|null */
+    private $AuditLogs;
+
+    // Hash is faster that in_array
+    private $skipFields = [
+        'id' => true,
+        'lastpushedid' => true,
+        'timestamp' => true,
+        'revision' => true,
+        'modified' => true,
+        'date_modified' => true, // User
+        'current_login' => true, // User
+        'last_login' => true, // User
+        'newsread' => true, // User
+        'proposal_email_lock' => true, // Event
+    ];
+
+    public function initialize(array $config): void
+    {
+        $this->config = $config;
+    }
+
+    public function beforeSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
+    {
+        $fields = $entity->extract($entity->getVisible(), true);
+        $skipFields = $this->skipFields;
+        $fieldsToFetch = array_filter($fields, function($key) use ($skipFields) {
+            return strpos($key, '_') !== 0 && !isset($skipFields[$key]);
+        }, ARRAY_FILTER_USE_KEY);
+        // Do not fetch old version when just few fields will be fetched
+        $fieldToFetch = [];
+        if (!empty($options['fieldList'])) {
+            foreach ($options['fieldList'] as $field) {
+                if (!isset($this->skipFields[$field])) {
+                    $fieldToFetch[] = $field;
+                }
+            }
+            if (empty($fieldToFetch))  {
+                $this->old = null;
+                return true;
+            }
+        }
+        if ($entity->id) {
+            $this->old = $this->_table->find()->where(['id' => $entity->id])->contain($fieldToFetch)->first();
+        } else {
+            $this->old = null;
+        }
+        return true;
+    }
+
+    public function afterSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
+    {
+        if ($entity->id) {
+            $id = $entity->id;
+        } else {
+            $id = null;
+        }
+
+        if ($entity->isNew()) {
+            $action = $entity->getConstant('ACTION_ADD');
+        } else {
+            $action = $entity->getConstant('ACTION_EDIT');
+            if (isset($entity['deleted'])) {
+                if ($entity['deleted']) {
+                    $action = $entity->getConstant('ACTION_SOFT_DELETE');
+                } else if (!$entity['deleted'] && $this->old['deleted']) {
+                    $action = $entity->getConstant('ACTION_UNDELETE');
+                }
+            }
+        }
+        $changedFields = $this->changedFields($entity, isset($options['fieldList']) ? $options['fieldList'] : null);
+        if (empty($changedFields)) {
+            return;
+        }
+
+        $modelTitleField = $this->_table->getDisplayField();
+        if (is_callable($modelTitleField)) {
+            $modelTitle = $modelTitleField($entity, isset($this->old) ? $this->old : []);
+        } else if (isset($entity[$modelTitleField])) {
+            $modelTitle = $entity[$modelTitleField];
+        } else if ($this->old[$modelTitleField]) {
+            $modelTitle = $this->old[$modelTitleField];
+        }
+        $this->auditLogs()->insert([
+            'action' => $action,
+            'model' => $entity->getSource(),
+            'model_id' => $id,
+            'model_title' => $modelTitle,
+            'change' => $changedFields
+        ]);
+    }
+
+    public function beforeDelete(EventInterface $event, EntityInterface $entity, ArrayObject $options)
+    {
+        $this->old = $this->_table->find()->where(['id' => $entity->id])->first();
+        return true;
+    }
+
+    public function afterDelete(EventInterface $event, EntityInterface $entity, ArrayObject $options)
+    {
+        $modelTitleField = $this->_table->getDisplayField();
+        if (is_callable($modelTitleField)) {
+            $modelTitle = $modelTitleField($entity, []);
+        } else if (isset($entity[$modelTitleField])) {
+            $modelTitle = $entity[$modelTitleField];
+        }
+
+        $logEntity = $this->auditLogs()->newEntity([
+            'action' => $entity->getConstant('ACTION_DELETE'),
+            'model' => $entity->getSource(),
+            'model_id' => $this->old->id,
+            'model_title' => $modelTitle,
+            'change' => $this->changedFields($entity)
+        ]);
+        $logEntity->save();
+    }
+
+    /**
+     * @param Model $model
+     * @param array|null $fieldsToSave
+     * @return array
+     */
+    private function changedFields(EntityInterface $entity, $fieldsToSave = null)
+    {
+        $dbFields = $this->_table->getSchema()->typeMap();
+        $changedFields = [];
+        foreach ($entity->extract($entity->getVisible()) as $key => $value) {
+            if (isset($this->skipFields[$key])) {
+                continue;
+            }
+            if (!isset($dbFields[$key])) {
+                continue;
+            }
+            if ($fieldsToSave && !in_array($key, $fieldsToSave, true)) {
+                continue;
+            }
+            if (isset($entity[$key]) && isset($this->old[$key])) {
+                $old = $this->old[$key];
+            } else {
+                $old = null;
+            }
+            // Normalize
+            if (is_bool($old)) {
+                $old = $old ? 1 : 0;
+            }
+            if (is_bool($value)) {
+                $value = $value ? 1 : 0;
+            }
+            $dbType = $dbFields[$key];
+            if ($dbType === 'integer' || $dbType === 'tinyinteger' || $dbType === 'biginteger' || $dbType === 'boolean') {
+                $value = (int)$value;
+                if ($old !== null) {
+                    $old = (int)$old;
+                }
+            }
+            if ($value == $old) {
+                continue;
+            }
+            if ($key === 'password' || $key === 'authkey') {
+                $value = '*****';
+                if ($old !== null) {
+                    $old = $value;
+                }
+            }
+
+            if ($old === null) {
+                $changedFields[$key] = $value;
+            } else {
+                $changedFields[$key] = [$old, $value];
+            }
+        }
+        return $changedFields;
+    }
+
+    /**
+     * @return AuditLogs
+     */
+    public function auditLogs()
+    {
+        if ($this->AuditLogs === null) {
+            $this->AuditLogs = TableRegistry::getTableLocator()->get('AuditLogs');
+        }
+        return $this->AuditLogs;
+    }
+
+    public function log()
+    {
+
+    }
+}
diff --git a/src/Model/Entity/AuditLog.php b/src/Model/Entity/AuditLog.php
new file mode 100644
index 0000000..beabeb8
--- /dev/null
+++ b/src/Model/Entity/AuditLog.php
@@ -0,0 +1,68 @@
+<?php
+
+namespace App\Model\Entity;
+
+use App\Model\Entity\AppModel;
+use Cake\ORM\Entity;
+use Cake\Core\Configure;
+
+class AuditLog extends AppModel
+{
+    private $compressionEnabled = false;
+
+    public function __construct(array $properties = [], array $options = [])
+    {
+        $this->compressionEnabled = Configure::read('Cerebrate.log_compress') && function_exists('brotli_compress');
+        parent::__construct($properties, $options);
+    }
+
+    protected function _getTitle(): String
+    {
+        return $this->generateUserFriendlyTitle($this);
+    }
+
+    /**
+     * @param string $change
+     * @return array|string
+     * @throws JsonException
+     */
+    private function decodeChange($change)
+    {
+        if (substr($change, 0, 4) === self::BROTLI_HEADER) {
+            if (function_exists('brotli_uncompress')) {
+                $change = brotli_uncompress(substr($change, 4));
+                if ($change === false) {
+                    return 'Compressed';
+                }
+            } else {
+                return 'Compressed';
+            }
+        }
+        return json_decode($change, true);
+    }
+
+    /**
+     * @param array $auditLog
+     * @return string
+     */
+    public function generateUserFriendlyTitle($auditLog)
+    {
+        if (in_array($auditLog['action'], [self::ACTION_TAG, self::ACTION_TAG_LOCAL, self::ACTION_REMOVE_TAG, self::ACTION_REMOVE_TAG_LOCAL], true)) {
+            $attached = ($auditLog['action'] === self::ACTION_TAG || $auditLog['action'] === self::ACTION_TAG_LOCAL);
+            $local = ($auditLog['action'] === self::ACTION_TAG_LOCAL || $auditLog['action'] === self::ACTION_REMOVE_TAG_LOCAL) ? __('local') : __('global');
+            if ($attached) {
+                return __('Attached %s tag "%s" to %s #%s', $local, $auditLog['model_title'], strtolower($auditLog['model']), $auditLog['model_id']);
+            } else {
+                return __('Detached %s tag "%s" from %s #%s', $local, $auditLog['model_title'], strtolower($auditLog['model']), $auditLog['model_id']);
+            }
+        }
+
+
+        $title = "{$auditLog['model']} #{$auditLog['model_id']}";
+
+        if (isset($auditLog['model_title']) && $auditLog['model_title']) {
+            $title .= ": {$auditLog['model_title']}";
+        }
+        return $title;
+    }
+}
diff --git a/src/Model/Table/AuditLogsTable.php b/src/Model/Table/AuditLogsTable.php
new file mode 100644
index 0000000..374a156
--- /dev/null
+++ b/src/Model/Table/AuditLogsTable.php
@@ -0,0 +1,250 @@
+<?php
+namespace App\Model\Table;
+
+use App\Model\Table\AppTable;
+use Cake\ORM\Table;
+use Cake\Validation\Validator;
+use Cake\Datasource\EntityInterface;
+use Cake\Event\Event;
+use Cake\Event\EventInterface;
+use Cake\Auth\DefaultPasswordHasher;
+use Cake\Utility\Security;
+use Cake\Core\Configure;
+use Cake\Routing\Router;
+use Cake\Http\Exception\MethodNotAllowedException;
+use ArrayObject;
+
+/**
+ * @property Event $Event
+ * @property User $User
+ * @property Organisation $Organisation
+ */
+class AuditLogsTable extends AppTable
+{
+    const BROTLI_HEADER = "\xce\xb2\xcf\x81";
+    const BROTLI_MIN_LENGTH = 200;
+
+    const REQUEST_TYPE_DEFAULT = 0,
+        REQUEST_TYPE_API = 1,
+        REQUEST_TYPE_CLI = 2;
+
+    /** @var array|null */
+    private $user = null;
+
+    /** @var bool */
+    private $compressionEnabled;
+
+    /**
+     * Null when not defined, false when not enabled
+     * @var Syslog|null|false
+     */
+    private $syslog;
+
+    public function initialize(array $config): void
+    {
+        parent::initialize($config);
+        $this->addBehavior('UUID');
+        $this->addBehavior('Timestamp', [
+            'Model.beoreSave' => [
+                'created_at' => 'new'
+            ]
+        ]);
+        $this->belongsTo('Users');
+        $this->setDisplayField('info');
+        $this->compressionEnabled = Configure::read('Cerebrate.log_new_audit_compress') && function_exists('brotli_compress');
+    }
+
+    public function beforeMarshal(EventInterface $event, ArrayObject $data, ArrayObject $options)
+    {
+        if (!isset($data['request_ip'])) {
+            $ipHeader = 'REMOTE_ADDR';
+            if (isset($_SERVER[$ipHeader])) {
+                $data['request_ip'] = $_SERVER[$ipHeader];
+            } else {
+                $data['request_ip'] = '127.0.0.1';
+            }
+        }
+        foreach (['user_id', 'request_type', 'authkey_id'] as $field) {
+            if (!isset($data[$field])) {
+                if (!isset($userInfo)) {
+                    $userInfo = $this->userInfo();
+                }
+                if (!empty($userInfo[$field])) {
+                    $data[$field] = $userInfo[$field];
+                } else {
+                    $data[$field] = 0;
+                }
+            }
+        }
+
+        if (!isset($data['request_id'] ) && isset($_SERVER['HTTP_X_REQUEST_ID'])) {
+            $data['request_id'] = $_SERVER['HTTP_X_REQUEST_ID'];
+        }
+
+        // Truncate request_id
+        if (isset($data['request_id']) && strlen($data['request_id']) > 255) {
+            $data['request_id'] = substr($data['request_id'], 0, 255);
+        }
+
+        // Truncate model title
+        if (isset($data['model_title']) && mb_strlen($data['model_title']) > 255) {
+            $data['model_title'] = mb_substr($data['model_title'], 0, 252) . '...';
+        }
+
+        if (isset($data['change'])) {
+            $change = json_encode($data['change'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+            if ($this->compressionEnabled && strlen($change) >= self::BROTLI_MIN_LENGTH) {
+                $change = self::BROTLI_HEADER . brotli_compress($change, 4, BROTLI_TEXT);
+            }
+            $data['change'] = $change;
+        }
+    }
+
+    public function beforeSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
+    {
+        $entity->request_ip = inet_pton($entity->request_ip);
+        $this->logData($entity);
+        return true;
+    }
+
+    /**
+     * @param array $data
+     * @return bool
+     */
+    private function logData(EntityInterface $entity)
+    {
+        if (Configure::read('Plugin.ZeroMQ_enable') && Configure::read('Plugin.ZeroMQ_audit_notifications_enable')) {
+            $pubSubTool = $this->getPubSubTool();
+            $pubSubTool->publish($data, 'audit', 'log');
+        }
+
+        //$this->publishKafkaNotification('audit', $data, 'log');
+
+        if (Configure::read('Plugin.ElasticSearch_logging_enable')) {
+            // send off our logs to distributed /dev/null
+            $logIndex = Configure::read("Plugin.ElasticSearch_log_index");
+            $elasticSearchClient = $this->getElasticSearchTool();
+            $elasticSearchClient->pushDocument($logIndex, "log", $data);
+        }
+
+        // write to syslogd as well if enabled
+        if ($this->syslog === null) {
+            if (Configure::read('Security.syslog')) {
+                $options = [];
+                $syslogToStdErr = Configure::read('Security.syslog_to_stderr');
+                if ($syslogToStdErr !== null) {
+                    $options['to_stderr'] = $syslogToStdErr;
+                }
+                $syslogIdent = Configure::read('Security.syslog_ident');
+                if ($syslogIdent) {
+                    $options['ident'] = $syslogIdent;
+                }
+                $this->syslog = new SysLog($options);
+            } else {
+                $this->syslog = false;
+            }
+        }
+        if ($this->syslog) {
+            $entry = $data['action'];
+            $title = $entity->generateUserFriendlyTitle();
+            if ($title) {
+                $entry .= " -- $title";
+            }
+            $this->syslog->write('info', $entry);
+        }
+        return true;
+    }
+
+    /**
+     * @return array
+     */
+    public function userInfo()
+    {
+        if ($this->user !== null) {
+            return $this->user;
+        }
+
+        $this->user = ['id' => 0, /*'org_id' => 0, */'authkey_id' => 0, 'request_type' => self::REQUEST_TYPE_DEFAULT];
+
+        $isShell = (php_sapi_name() === 'cli');
+        if ($isShell) {
+            // do not start session for shell commands and fetch user info from configuration
+            $this->user['request_type'] = self::REQUEST_TYPE_CLI;
+            $currentUserId = Configure::read('CurrentUserId');
+            if (!empty($currentUserId)) {
+                $this->user['id'] = $currentUserId;
+                $userFromDb = $this->Users->find()->where(['id' => $currentUserId])->first();
+                $this->user['name'] = $userFromDb['name'];
+                $this->user['org_id'] = $userFromDb['org_id'];
+            }
+        } else {
+            $authUser = Router::getRequest()->getSession()->read('authUser');
+            if (!empty($authUser)) {
+                $this->user['id'] = $authUser['id'];
+                $this->user['user_id'] = $authUser['id'];
+                $this->user['name'] = $authUser['name'];
+                //$this->user['org_id'] = $authUser['org_id'];
+                if (isset($authUser['logged_by_authkey']) && $authUser['logged_by_authkey']) {
+                    $this->user['request_type'] = self::REQUEST_TYPE_API;
+                }
+                if (isset($authUser['authkey_id'])) {
+                    $this->user['authkey_id'] = $authUser['authkey_id'];
+                }
+            }
+        }
+        return $this->user;
+    }
+
+    public function insert(array $data)
+    {
+        $logEntity = $this->newEntity($data);
+        if ($logEntity->getErrors()) {
+            throw new Exception($logEntity->getErrors());
+        } else {
+            $this->save($logEntity);
+        }
+    }
+
+    /**
+     * @param string|int $org
+     * @return array
+     */
+    public function returnDates($org = 'all')
+    {
+        $conditions = [];
+        if ($org !== 'all') {
+            $org = $this->Organisation->fetchOrg($org);
+            if (empty($org)) {
+                throw new NotFoundException('Invalid organisation.');
+            }
+            $conditions['org_id'] = $org['id'];
+        }
+
+        $dataSource = ConnectionManager::getDataSource('default')->config['datasource'];
+        if ($dataSource === 'Database/Mysql' || $dataSource === 'Database/MysqlObserver') {
+            $validDates = $this->find('all', [
+                'recursive' => -1,
+                'fields' => ['DISTINCT UNIX_TIMESTAMP(DATE(created)) AS Date', 'count(id) AS count'],
+                'conditions' => $conditions,
+                'group' => ['Date'],
+                'order' => ['Date'],
+            ]);
+        } elseif ($dataSource === 'Database/Postgres') {
+            if (!empty($conditions['org_id'])) {
+                $condOrg = sprintf('WHERE org_id = %s', intval($conditions['org_id']));
+            } else {
+                $condOrg = '';
+            }
+            $sql = 'SELECT DISTINCT EXTRACT(EPOCH FROM CAST(created AS DATE)) AS "Date", COUNT(id) AS count
+                    FROM audit_logs
+                    ' . $condOrg . '
+                    GROUP BY "Date" ORDER BY "Date"';
+            $validDates = $this->query($sql);
+        }
+        $data = [];
+        foreach ($validDates as $date) {
+            $data[(int)$date[0]['Date']] = (int)$date[0]['count'];
+        }
+        return $data;
+    }
+}

From de2ee49ccf1cef213b9d96616b507d4160ab8c9b Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 14:44:54 +0100
Subject: [PATCH 018/150] new: [auditlogs] UI

---
 templates/AuditLogs/index.php | 65 +++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 templates/AuditLogs/index.php

diff --git a/templates/AuditLogs/index.php b/templates/AuditLogs/index.php
new file mode 100644
index 0000000..46ec90b
--- /dev/null
+++ b/templates/AuditLogs/index.php
@@ -0,0 +1,65 @@
+<?php
+echo $this->element('genericElements/IndexTable/index_table', [
+    'data' => [
+        'data' => $data,
+        'top_bar' => [
+            'children' => [
+                [
+                    'type' => 'search',
+                    'button' => __('Filter'),
+                    'placeholder' => __('Enter value to search'),
+                    'data' => '',
+                    'searchKey' => 'value'
+                ]
+            ]
+        ],
+        'fields' => [
+            [
+                'name' => '#',
+                'sort' => 'id',
+                'data_path' => 'id',
+            ],
+            [
+                'name' => __('IP'),
+                'sort' => 'request_ip',
+                'data_path' => 'request_ip',
+            ],
+            [
+                'name' => __('Username'),
+                'sort' => 'user.username',
+                'data_path' => 'user.username',
+            ],
+            [
+                'name' => __('Title'),
+                'data_path' => 'title',
+            ],
+            [
+                'name' => __('Model'),
+                'sort' => 'model',
+                'data_path' => 'model',
+            ],
+            [
+                'name' => __('Model ID'),
+                'sort' => 'model',
+                'data_path' => 'model_id',
+            ],
+            [
+                'name' => __('Action'),
+                'sort' => 'action',
+                'data_path' => 'action',
+            ],
+            [
+                'name' => __('Change'),
+                'sort' => 'change',
+                'data_path' => 'change',
+                'element' => 'json'
+            ],
+        ],
+        'title' => __('Logs'),
+        'description' => null,
+        'pull' => 'right',
+        'actions' => []
+    ]
+]);
+echo '</div>';
+?>

From af4f114f2f1928d933e556ecc016802d0d52f928 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 14:45:20 +0100
Subject: [PATCH 019/150] chg: [audit logs] tied into side menu

---
 src/Controller/Component/Navigation/sidemenu.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Controller/Component/Navigation/sidemenu.php b/src/Controller/Component/Navigation/sidemenu.php
index 16dd350..fcca213 100644
--- a/src/Controller/Component/Navigation/sidemenu.php
+++ b/src/Controller/Component/Navigation/sidemenu.php
@@ -113,6 +113,11 @@ class Sidemenu {
                             'url' => '/instance/migrationIndex',
                             'icon' => 'database',
                         ],
+                        'AuditLogs' => [
+                            'label' => __('Audit Logs'),
+                            'url' => '/auditLogs/index',
+                            'icon' => 'history',
+                        ],
                     ]
                 ],
             ],
@@ -144,4 +149,4 @@ class Sidemenu {
             ]
         ];
     }
-}
\ No newline at end of file
+}

From a305bdf9f192e448654091b3c5e7e0e82c958fbe Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 14:45:45 +0100
Subject: [PATCH 020/150] new: [mysql] added new table for audit logs

---
 INSTALL/mysql.sql | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/INSTALL/mysql.sql b/INSTALL/mysql.sql
index 88a3040..e5dcd7a 100644
--- a/INSTALL/mysql.sql
+++ b/INSTALL/mysql.sql
@@ -390,6 +390,26 @@ CREATE TABLE `meta_template_fields` (
   KEY `type` (`type`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
+CREATE TABLE IF NOT EXISTS `audit_logs` (
+    `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+    `created` datetime NOT NULL,
+    `user_id` int(10) unsigned NOT NULL,
+    `authkey_id` int(11) DEFAULT NULL,
+    `ip` varbinary(16) DEFAULT NULL,
+    `request_type` tinyint NOT NULL,
+    `request_id` varchar(191) DEFAULT NULL,
+    `action` varchar(20) NOT NULL,
+    `model` varchar(80) NOT NULL,
+    `model_id` int(10) unsigned NOT NULL,
+    `model_title` text DEFAULT NULL,
+    `change` blob,
+    PRIMARY KEY (`id`),
+    KEY `user_id` (`user_id`),
+    KEY `ip` (`ip`),
+    KEY `model` (`model`),
+    KEY `action` (`action`),
+    KEY `model_id` (`model_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
 /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;

From 72bd5641201940cd5e6e0750fbb4a584f5b11639 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 15:40:44 +0100
Subject: [PATCH 021/150] new: [migration] scripts added

- also updated mysql.sql
---
 INSTALL/mysql.sql                             | 11 ++-
 .../Migrations/20211117135403_audit_logs.php  | 96 +++++++++++++++++++
 2 files changed, 102 insertions(+), 5 deletions(-)
 create mode 100644 config/Migrations/20211117135403_audit_logs.php

diff --git a/INSTALL/mysql.sql b/INSTALL/mysql.sql
index e5dcd7a..6bd956c 100644
--- a/INSTALL/mysql.sql
+++ b/INSTALL/mysql.sql
@@ -393,14 +393,14 @@ CREATE TABLE `meta_template_fields` (
 CREATE TABLE IF NOT EXISTS `audit_logs` (
     `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
     `created` datetime NOT NULL,
-    `user_id` int(10) unsigned NOT NULL,
-    `authkey_id` int(11) DEFAULT NULL,
-    `ip` varbinary(16) DEFAULT NULL,
+    `user_id` int(10) unsigned DEFAULT NULL,
+    `authkey_id` int(10) unsigned DEFAULT NULL,
+    `request_ip` varbinary(16) DEFAULT NULL,
     `request_type` tinyint NOT NULL,
     `request_id` varchar(191) DEFAULT NULL,
-    `action` varchar(20) NOT NULL,
+    `request_action` varchar(20) NOT NULL,
     `model` varchar(80) NOT NULL,
-    `model_id` int(10) unsigned NOT NULL,
+    `model_id` int(10) unsigned DEFAULT NULL,
     `model_title` text DEFAULT NULL,
     `change` blob,
     PRIMARY KEY (`id`),
@@ -409,6 +409,7 @@ CREATE TABLE IF NOT EXISTS `audit_logs` (
     KEY `model` (`model`),
     KEY `action` (`action`),
     KEY `model_id` (`model_id`)
+    KEY `created` (`created`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
diff --git a/config/Migrations/20211117135403_audit_logs.php b/config/Migrations/20211117135403_audit_logs.php
new file mode 100644
index 0000000..c44847b
--- /dev/null
+++ b/config/Migrations/20211117135403_audit_logs.php
@@ -0,0 +1,96 @@
+<?php
+declare(strict_types=1);
+
+use Migrations\AbstractMigration;
+
+final class AuditLogs extends AbstractMigration
+{
+    /**
+     * Change Method.
+     *
+     * Write your reversible migrations using this method.
+     *
+     * More information on writing migrations is available here:
+     * https://book.cakephp.org/phinx/0/en/migrations.html#the-change-method
+     *
+     * Remember to call "create()" or "update()" and NOT "save()" when working
+     * with the Table class.
+     */
+
+    public $autoId = false; // turn off automatic `id` column create. We want it to be `int(10) unsigned`
+
+    public function change(): void
+    {
+        $exists = $this->hasTable('audit_logs');
+        if (!$exists) {
+            $table = $this->table('audit_logs', [
+                'signed' => false,
+                'collation' => 'utf8mb4_unicode_ci'
+            ]);
+            $table
+                ->addColumn('id', 'integer', [
+                    'autoIncrement' => true,
+                    'limit' => 10,
+                    'signed' => false,
+                ])
+                ->addPrimaryKey('id')
+                ->addColumn('user_id', 'integer', [
+                    'default' => null,
+                    'null' => true,
+                    'signed' => false,
+                    'length' => 10
+                ])
+                ->addColumn('authkey_id', 'integer', [
+                    'default' => null,
+                    'null' => true,
+                    'signed' => false,
+                    'length' => 10
+                ])
+                ->addColumn('request_ip', 'varbinary', [
+                    'default' => null,
+                    'null' => true,
+                    'length' => 16
+                ])
+                ->addColumn('request_type', 'boolean', [
+                    'null' => false
+                ])
+                ->addColumn('request_id', 'integer', [
+                    'default' => null,
+                    'null' => true,
+                    'signed' => false,
+                    'length' => 10
+                ])
+                ->addColumn('request_action', 'string', [
+                    'null' => false,
+                    'length' => 20
+                ])
+                ->addColumn('model', 'string', [
+                    'null' => false,
+                    'length' => 80
+                ])
+                ->addColumn('model_id', 'integer', [
+                    'default' => null,
+                    'null' => true,
+                    'signed' => false,
+                    'length' => 10
+                ])
+                ->addColumn('model_title', 'text', [
+                    'default' => null,
+                    'null' => true
+                ])
+                ->addColumn('change', 'blob', [
+                ])
+                ->addColumn('created', 'datetime', [
+                    'default' => null,
+                    'null' => false,
+                ])
+                ->addIndex('user_id')
+                ->addIndex('request_ip')
+                ->addIndex('model')
+                ->addIndex('model_id')
+                ->addIndex('request_action')
+                ->addIndex('created');
+            $table->create();
+        }
+    }
+}

From 2e1ee2d064c07322d7f074160a6de9d5512e43f6 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 15:43:52 +0100
Subject: [PATCH 022/150] new: [audit log] behaviour tied into the appropriate
 models

---
 src/Model/Table/AlignmentsTable.php            | 1 +
 src/Model/Table/AuditLogsTable.php             | 2 +-
 src/Model/Table/AuthKeysTable.php              | 3 ++-
 src/Model/Table/BroodsTable.php                | 5 +++--
 src/Model/Table/EncryptionKeysTable.php        | 1 +
 src/Model/Table/InboxTable.php                 | 4 ++--
 src/Model/Table/IndividualsTable.php           | 1 +
 src/Model/Table/InstanceTable.php              | 4 +++-
 src/Model/Table/LocalToolsTable.php            | 1 +
 src/Model/Table/MetaFieldsTable.php            | 1 +
 src/Model/Table/OrganisationsTable.php         | 1 +
 src/Model/Table/OutboxProcessorsTable.php      | 5 +++--
 src/Model/Table/OutboxTable.php                | 2 +-
 src/Model/Table/RemoteToolConnectionsTable.php | 1 +
 src/Model/Table/RolesTable.php                 | 1 +
 src/Model/Table/SettingsTable.php              | 1 +
 src/Model/Table/SharingGroupsTable.php         | 1 +
 src/Model/Table/UsersTable.php                 | 1 +
 18 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/src/Model/Table/AlignmentsTable.php b/src/Model/Table/AlignmentsTable.php
index 0914e99..c05ad90 100644
--- a/src/Model/Table/AlignmentsTable.php
+++ b/src/Model/Table/AlignmentsTable.php
@@ -12,6 +12,7 @@ class AlignmentsTable extends AppTable
     {
         parent::initialize($config);
         $this->belongsTo('Individuals');
+        $this->addBehavior('AuditLog');
         $this->belongsTo('Organisations');
         $this->addBehavior('Timestamp');
     }
diff --git a/src/Model/Table/AuditLogsTable.php b/src/Model/Table/AuditLogsTable.php
index 374a156..b65b5b2 100644
--- a/src/Model/Table/AuditLogsTable.php
+++ b/src/Model/Table/AuditLogsTable.php
@@ -145,7 +145,7 @@ class AuditLogsTable extends AppTable
             }
         }
         if ($this->syslog) {
-            $entry = $data['action'];
+            $entry = $data['request_action'];
             $title = $entity->generateUserFriendlyTitle();
             if ($title) {
                 $entry .= " -- $title";
diff --git a/src/Model/Table/AuthKeysTable.php b/src/Model/Table/AuthKeysTable.php
index 3663af9..f5336e6 100644
--- a/src/Model/Table/AuthKeysTable.php
+++ b/src/Model/Table/AuthKeysTable.php
@@ -19,10 +19,11 @@ class AuthKeysTable extends AppTable
     {
         parent::initialize($config);
         $this->addBehavior('UUID');
+        $this->addBehavior('AuditLog');
         $this->belongsTo(
             'Users'
         );
-        $this->setDisplayField('authkey');
+        $this->setDisplayField('comment');
     }
 
     public function beforeMarshal(EventInterface $event, ArrayObject $data, ArrayObject $options)
diff --git a/src/Model/Table/BroodsTable.php b/src/Model/Table/BroodsTable.php
index e1993b4..b0d3dca 100644
--- a/src/Model/Table/BroodsTable.php
+++ b/src/Model/Table/BroodsTable.php
@@ -19,6 +19,7 @@ class BroodsTable extends AppTable
         parent::initialize($config);
         $this->addBehavior('UUID');
         $this->addBehavior('Timestamp');
+        $this->addBehavior('AuditLog');
         $this->BelongsTo(
             'Organisations'
         );
@@ -278,7 +279,7 @@ class BroodsTable extends AppTable
         }
         return $jsonReply;
     }
-    
+
     /**
      * handleSendingFailed - Handle the case if the request could not be sent or if the remote rejected the connection request
      *
@@ -302,7 +303,7 @@ class BroodsTable extends AppTable
         ];
         return $creationResult;
     }
-    
+
     /**
      * handleMessageNotCreated - Handle the case if the request was sent but the remote brood did not save the message in the inbox
      *
diff --git a/src/Model/Table/EncryptionKeysTable.php b/src/Model/Table/EncryptionKeysTable.php
index 23b4867..2008e0d 100644
--- a/src/Model/Table/EncryptionKeysTable.php
+++ b/src/Model/Table/EncryptionKeysTable.php
@@ -14,6 +14,7 @@ class EncryptionKeysTable extends AppTable
     {
         parent::initialize($config);
         $this->addBehavior('UUID');
+        $this->addBehavior('AuditLog');
         $this->addBehavior('Timestamp');
         $this->belongsTo(
             'Individuals',
diff --git a/src/Model/Table/InboxTable.php b/src/Model/Table/InboxTable.php
index 0c62a80..18faf47 100644
--- a/src/Model/Table/InboxTable.php
+++ b/src/Model/Table/InboxTable.php
@@ -19,7 +19,7 @@ class InboxTable extends AppTable
         parent::initialize($config);
         $this->addBehavior('UUID');
         $this->addBehavior('Timestamp');
-
+        $this->addBehavior('AuditLog');
         $this->belongsTo('Users');
         $this->setDisplayField('title');
     }
@@ -68,7 +68,7 @@ class InboxTable extends AppTable
         if (empty($brood)) {
             $errors[] = __('Unkown brood `{0}`', $entryData['data']['cerebrateURL']);
         }
-        
+
         // $found = false;
         // foreach ($user->individual->organisations as $organisations) {
         //     if ($organisations->id == $brood->organisation_id) {
diff --git a/src/Model/Table/IndividualsTable.php b/src/Model/Table/IndividualsTable.php
index f0ba07f..70f63fd 100644
--- a/src/Model/Table/IndividualsTable.php
+++ b/src/Model/Table/IndividualsTable.php
@@ -16,6 +16,7 @@ class IndividualsTable extends AppTable
         $this->addBehavior('UUID');
         $this->addBehavior('Timestamp');
         $this->addBehavior('Tags.Tag');
+        $this->addBehavior('AuditLog');
         $this->hasMany(
             'Alignments',
             [
diff --git a/src/Model/Table/InstanceTable.php b/src/Model/Table/InstanceTable.php
index 0ec2a53..a625e79 100644
--- a/src/Model/Table/InstanceTable.php
+++ b/src/Model/Table/InstanceTable.php
@@ -18,6 +18,8 @@ class InstanceTable extends AppTable
     public function initialize(array $config): void
     {
         parent::initialize($config);
+        $this->addBehavior('AuditLog');
+        $this->setDisplayField('name');
     }
 
     public function validationDefault(Validator $validator): Validator
@@ -54,7 +56,7 @@ class InstanceTable extends AppTable
                     $timeline[$entry->date]['count'] = $entry->count;
                 }
                 $statistics[$model]['timeline'] = array_values($timeline);
-                
+
                 $startCount = $table->find()->where(['modified <' => new \DateTime("-{$days} days")])->all()->count();
                 $endCount = $statistics[$model]['amount'];
                 $statistics[$model]['variation'] = $endCount - $startCount;
diff --git a/src/Model/Table/LocalToolsTable.php b/src/Model/Table/LocalToolsTable.php
index 8f2bfea..ac29bf9 100644
--- a/src/Model/Table/LocalToolsTable.php
+++ b/src/Model/Table/LocalToolsTable.php
@@ -30,6 +30,7 @@ class LocalToolsTable extends AppTable
     public function initialize(array $config): void
     {
         parent::initialize($config);
+        $this->addBehavior('AuditLog');
         $this->addBehavior('Timestamp');
     }
 
diff --git a/src/Model/Table/MetaFieldsTable.php b/src/Model/Table/MetaFieldsTable.php
index ba4cc66..bdcb212 100644
--- a/src/Model/Table/MetaFieldsTable.php
+++ b/src/Model/Table/MetaFieldsTable.php
@@ -12,6 +12,7 @@ class MetaFieldsTable extends AppTable
     {
         parent::initialize($config);
         $this->addBehavior('UUID');
+        $this->addBehavior('AuditLog');
         $this->setDisplayField('field');
         $this->belongsTo('MetaTemplates');
         $this->belongsTo('MetaTemplateFields');
diff --git a/src/Model/Table/OrganisationsTable.php b/src/Model/Table/OrganisationsTable.php
index 254a570..d4a99b9 100644
--- a/src/Model/Table/OrganisationsTable.php
+++ b/src/Model/Table/OrganisationsTable.php
@@ -20,6 +20,7 @@ class OrganisationsTable extends AppTable
         parent::initialize($config);
         $this->addBehavior('Timestamp');
         $this->addBehavior('Tags.Tag');
+        $this->addBehavior('AuditLog');
         $this->hasMany(
             'Alignments',
             [
diff --git a/src/Model/Table/OutboxProcessorsTable.php b/src/Model/Table/OutboxProcessorsTable.php
index da26692..5812cb4 100644
--- a/src/Model/Table/OutboxProcessorsTable.php
+++ b/src/Model/Table/OutboxProcessorsTable.php
@@ -28,6 +28,7 @@ class OutboxProcessorsTable extends AppTable
         if (empty($this->outboxProcessors)) {
             $this->loadProcessors();
         }
+        $this->addBehavior('AuditLog');
     }
 
     public function getProcessor($scope, $action=null)
@@ -87,7 +88,7 @@ class OutboxProcessorsTable extends AppTable
             }
         }
     }
-    
+
     /**
      * getProcessorClass
      *
@@ -112,7 +113,7 @@ class OutboxProcessorsTable extends AppTable
             return $e->getMessage();
         }
     }
-    
+
     /**
      * createOutboxEntry
      *
diff --git a/src/Model/Table/OutboxTable.php b/src/Model/Table/OutboxTable.php
index 02fd442..a78e0c6 100644
--- a/src/Model/Table/OutboxTable.php
+++ b/src/Model/Table/OutboxTable.php
@@ -19,8 +19,8 @@ class OutboxTable extends AppTable
         parent::initialize($config);
         $this->addBehavior('UUID');
         $this->addBehavior('Timestamp');
-
         $this->belongsTo('Users');
+        $this->addBehavior('AuditLog');
         $this->setDisplayField('title');
     }
 
diff --git a/src/Model/Table/RemoteToolConnectionsTable.php b/src/Model/Table/RemoteToolConnectionsTable.php
index 7e8cf21..1e1ee25 100644
--- a/src/Model/Table/RemoteToolConnectionsTable.php
+++ b/src/Model/Table/RemoteToolConnectionsTable.php
@@ -18,6 +18,7 @@ class RemoteToolConnectionsTable extends AppTable
             'LocalTools'
         );
         $this->setDisplayField('id');
+        $this->addBehavior('AuditLog');
     }
 
     public function validationDefault(Validator $validator): Validator
diff --git a/src/Model/Table/RolesTable.php b/src/Model/Table/RolesTable.php
index 3973b1b..74f290b 100644
--- a/src/Model/Table/RolesTable.php
+++ b/src/Model/Table/RolesTable.php
@@ -12,6 +12,7 @@ class RolesTable extends AppTable
     {
         parent::initialize($config);
         $this->addBehavior('UUID');
+        $this->addBehavior('AuditLog');
         $this->hasMany(
             'Users',
             [
diff --git a/src/Model/Table/SettingsTable.php b/src/Model/Table/SettingsTable.php
index c2d71c9..7e9bcff 100644
--- a/src/Model/Table/SettingsTable.php
+++ b/src/Model/Table/SettingsTable.php
@@ -26,6 +26,7 @@ class SettingsTable extends AppTable
         parent::initialize($config);
         $this->setTable(false);
         $this->SettingsProvider = new CerebrateSettingsProvider();
+        $this->addBehavior('AuditLog');
     }
 
     public function getSettings($full=false): array
diff --git a/src/Model/Table/SharingGroupsTable.php b/src/Model/Table/SharingGroupsTable.php
index ec3791e..ff39220 100644
--- a/src/Model/Table/SharingGroupsTable.php
+++ b/src/Model/Table/SharingGroupsTable.php
@@ -15,6 +15,7 @@ class SharingGroupsTable extends AppTable
         parent::initialize($config);
         $this->addBehavior('UUID');
         $this->addBehavior('Timestamp');
+        $this->addBehavior('AuditLog');
         $this->belongsTo(
             'Users'
         );
diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index d9804a4..3a98b00 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -20,6 +20,7 @@ class UsersTable extends AppTable
         parent::initialize($config);
         $this->addBehavior('Timestamp');
         $this->addBehavior('UUID');
+        $this->addBehavior('AuditLog');
         $this->initAuthBehaviors();
         $this->belongsTo(
             'Individuals',

From 1f7756934487a44e2363ef7747953da9d537db3e Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 15:46:32 +0100
Subject: [PATCH 023/150] chg: [auditlog] log api authentication failures /
 successes

---
 src/Controller/AppController.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
index 3771796..9b44ec4 100644
--- a/src/Controller/AppController.php
+++ b/src/Controller/AppController.php
@@ -111,6 +111,7 @@ class AppController extends Controller
             }
             unset($user['password']);
             $this->ACL->setUser($user);
+            $this->request->getSession()->write('authUser', $user);
             $this->isAdmin = $user['role']['perm_admin'];
             $this->set('menu', $this->ACL->getMenu());
             $this->set('loggedUser', $this->ACL->getUser());
@@ -147,13 +148,31 @@ class AppController extends Controller
     {
         if (!empty($_SERVER['HTTP_AUTHORIZATION']) && strlen($_SERVER['HTTP_AUTHORIZATION'])) {
             $this->loadModel('AuthKeys');
+            $logModel = $this->Users->auditLogs();
             $authKey = $this->AuthKeys->checkKey($_SERVER['HTTP_AUTHORIZATION']);
             if (!empty($authKey)) {
                 $this->loadModel('Users');
                 $user = $this->Users->get($authKey['user_id']);
+                $user = $logModel->userInfo();
+                $logModel->insert([
+                    'action' => 'login',
+                    'model' => 'Users',
+                    'model_id' => $user['id'],
+                    'model_title' => $user['name'],
+                    'change' => []
+                ]);
                 if (!empty($user)) {
                     $this->Authentication->setIdentity($user);
                 }
+            } else {
+                $user = $logModel->userInfo();
+                $logModel->insert([
+                    'action' => 'login',
+                    'model' => 'Users',
+                    'model_id' => $user['id'],
+                    'model_title' => $user['name'],
+                    'change' => []
+                ]);
             }
         }
     }

From cc043733752a5e1e660a1df761267e4d008a8332 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 15:47:32 +0100
Subject: [PATCH 024/150] new: [crud component] fixes

- add hidden option
- fix afterfind
---
 src/Controller/Component/CRUDComponent.php | 29 +++++++++++++++++++---
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 64b5777..45df6d5 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -61,11 +61,25 @@ class CRUDComponent extends Component
         }
         if ($this->Controller->ParamHandler->isRest()) {
             $data = $query->all();
+            if (isset($options['hidden'])) {
+                $data->each(function($value, $key) use ($options) {
+                    $hidden = is_array($options['hidden']) ? $options['hidden'] : [$options['hidden']];
+                    $value->setHidden($hidden);
+                    return $value;
+                });
+            }
             if (isset($options['afterFind'])) {
+                $function = $options['afterFind'];
                 if (is_callable($options['afterFind'])) {
-                    $data = $options['afterFind']($data);
+                    $function = $options['afterFind'];
+                    $data->each(function($value, $key) use ($function) {
+                        return $function($value);
+                    });
                 } else {
-                    $data = $this->Table->{$options['afterFind']}($data);
+                    $t = $this->Table;
+                    $data->each(function($value, $key) use ($t, $function) {
+                        return $t->$function($value);
+                    });
                 }
             }
             $this->Controller->restResponsePayload = $this->RestResponse->viewData($data, 'json');
@@ -73,10 +87,17 @@ class CRUDComponent extends Component
             $this->Controller->loadComponent('Paginator');
             $data = $this->Controller->Paginator->paginate($query);
             if (isset($options['afterFind'])) {
+                $function = $options['afterFind'];
                 if (is_callable($options['afterFind'])) {
-                    $data = $options['afterFind']($data);
+                    $function = $options['afterFind'];
+                    $data->each(function($value, $key) use ($function) {
+                        return $function($value);
+                    });
                 } else {
-                    $data = $this->Table->{$options['afterFind']}($data);
+                    $t = $this->Table;
+                    $data->each(function($value, $key) use ($t, $function) {
+                        return $t->$function($value);
+                    });
                 }
             }
             $this->setFilteringContext($options['contextFilters'] ?? [], $params);

From bc2e2fa4887703f21ded8d8856c25b802adac304 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 15:48:49 +0100
Subject: [PATCH 025/150] new: [open] individualscontroller fix

- import badrequest exception
---
 src/Controller/Open/IndividualsController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Controller/Open/IndividualsController.php b/src/Controller/Open/IndividualsController.php
index fa75aaa..28cd51d 100644
--- a/src/Controller/Open/IndividualsController.php
+++ b/src/Controller/Open/IndividualsController.php
@@ -6,6 +6,7 @@ use App\Controller\AppController;
 use Cake\Utility\Hash;
 use Cake\Utility\Text;
 use \Cake\Database\Expression\QueryExpression;
+use Cake\Http\Exception\BadRequestException;
 use Cake\Http\Exception\NotFoundException;
 use Cake\Http\Exception\MethodNotAllowedException;
 use Cake\Http\Exception\ForbiddenException;

From 7b52d29320365b3df6b9ae6ebea6bba5e27849f3 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 15:49:28 +0100
Subject: [PATCH 026/150] new: [login] log success/failure

---
 src/Controller/UsersController.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index e5258d0..012655e 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -130,11 +130,27 @@ class UsersController extends AppController
     {
         $result = $this->Authentication->getResult();
         // If the user is logged in send them away.
+        $logModel = $this->Users->auditLogs();
         if ($result->isValid()) {
+            $user = $logModel->userInfo();
+            $logModel->insert([
+                'request_action' => 'login',
+                'model' => 'Users',
+                'model_id' => $user['id'],
+                'model_title' => $user['name'],
+                'change' => []
+            ]);
             $target = $this->Authentication->getLoginRedirect() ?? '/instance/home';
             return $this->redirect($target);
         }
         if ($this->request->is('post') && !$result->isValid()) {
+            $logModel->insert([
+                'request_action' => 'login_fail',
+                'model' => 'Users',
+                'model_id' => 0,
+                'model_title' => 'unknown_user',
+                'change' => []
+            ]);
             $this->Flash->error(__('Invalid username or password'));
         }
         $this->viewBuilder()->setLayout('login');
@@ -144,6 +160,15 @@ class UsersController extends AppController
     {
         $result = $this->Authentication->getResult();
         if ($result->isValid()) {
+            $logModel = $this->Users->auditLogs();
+            $user = $logModel->userInfo();
+            $logModel->insert([
+                'request_action' => 'logout',
+                'model' => 'Users',
+                'model_id' => $user['id'],
+                'model_title' => $user['name'],
+                'change' => []
+            ]);
             $this->Authentication->logout();
             $this->Flash->success(__('Goodbye.'));
             return $this->redirect(\Cake\Routing\Router::url('/users/login'));

From fe8e217d61d4cd480bcc0568d684fbf87dfe4e8f Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 15:57:34 +0100
Subject: [PATCH 027/150] chg: [audit log naming] renamed action to
 request_action to avoid reserved keyword usage

---
 src/Model/Behavior/AuditLogBehavior.php | 4 ++--
 src/Model/Entity/AuditLog.php           | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Model/Behavior/AuditLogBehavior.php b/src/Model/Behavior/AuditLogBehavior.php
index 3eacfe2..f7ef3df 100644
--- a/src/Model/Behavior/AuditLogBehavior.php
+++ b/src/Model/Behavior/AuditLogBehavior.php
@@ -106,7 +106,7 @@ class AuditLogBehavior extends Behavior
             $modelTitle = $this->old[$modelTitleField];
         }
         $this->auditLogs()->insert([
-            'action' => $action,
+            'request_action' => $action,
             'model' => $entity->getSource(),
             'model_id' => $id,
             'model_title' => $modelTitle,
@@ -130,7 +130,7 @@ class AuditLogBehavior extends Behavior
         }
 
         $logEntity = $this->auditLogs()->newEntity([
-            'action' => $entity->getConstant('ACTION_DELETE'),
+            'request_action' => $entity->getConstant('ACTION_DELETE'),
             'model' => $entity->getSource(),
             'model_id' => $this->old->id,
             'model_title' => $modelTitle,
diff --git a/src/Model/Entity/AuditLog.php b/src/Model/Entity/AuditLog.php
index beabeb8..74e2f41 100644
--- a/src/Model/Entity/AuditLog.php
+++ b/src/Model/Entity/AuditLog.php
@@ -47,9 +47,9 @@ class AuditLog extends AppModel
      */
     public function generateUserFriendlyTitle($auditLog)
     {
-        if (in_array($auditLog['action'], [self::ACTION_TAG, self::ACTION_TAG_LOCAL, self::ACTION_REMOVE_TAG, self::ACTION_REMOVE_TAG_LOCAL], true)) {
-            $attached = ($auditLog['action'] === self::ACTION_TAG || $auditLog['action'] === self::ACTION_TAG_LOCAL);
-            $local = ($auditLog['action'] === self::ACTION_TAG_LOCAL || $auditLog['action'] === self::ACTION_REMOVE_TAG_LOCAL) ? __('local') : __('global');
+        if (in_array($auditLog['request_action'], [self::ACTION_TAG, self::ACTION_TAG_LOCAL, self::ACTION_REMOVE_TAG, self::ACTION_REMOVE_TAG_LOCAL], true)) {
+            $attached = ($auditLog['request_action'] === self::ACTION_TAG || $auditLog['request_action'] === self::ACTION_TAG_LOCAL);
+            $local = ($auditLog['request_action'] === self::ACTION_TAG_LOCAL || $auditLog['request_action'] === self::ACTION_REMOVE_TAG_LOCAL) ? __('local') : __('global');
             if ($attached) {
                 return __('Attached %s tag "%s" to %s #%s', $local, $auditLog['model_title'], strtolower($auditLog['model']), $auditLog['model_id']);
             } else {

From ff77af0a8edabf2d62bcc3237143a0c5b7555b1f Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 15:58:06 +0100
Subject: [PATCH 028/150] new: [appmodel] moved constants related to the
 logging along with a getter to app model

---
 src/Model/Entity/AppModel.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/Model/Entity/AppModel.php b/src/Model/Entity/AppModel.php
index 84c86b3..50bfe86 100644
--- a/src/Model/Entity/AppModel.php
+++ b/src/Model/Entity/AppModel.php
@@ -6,6 +6,28 @@ use Cake\ORM\Entity;
 
 class AppModel extends Entity
 {
+    const BROTLI_HEADER = "\xce\xb2\xcf\x81";
+    const BROTLI_MIN_LENGTH = 200;
+
+    const ACTION_ADD = 'add',
+        ACTION_EDIT = 'edit',
+        ACTION_SOFT_DELETE = 'soft_delete',
+        ACTION_DELETE = 'delete',
+        ACTION_UNDELETE = 'undelete',
+        ACTION_TAG = 'tag',
+        ACTION_TAG_LOCAL = 'tag_local',
+        ACTION_REMOVE_TAG = 'remove_tag',
+        ACTION_REMOVE_TAG_LOCAL = 'remove_local_tag',
+        ACTION_LOGIN = 'login',
+        ACTION_LOGIN_FAIL = 'login_fail',
+        ACTION_LOGOUT = 'logout';
+
+
+    public function getConstant($name)
+    {
+        return constant('self::' . $name);
+    }
+
     public function getAccessibleFieldForNew(): array
     {
         return $this->_accessibleOnNew ?? [];

From 92ddd04ba0c4bfde46c69f3ecb996cd5f80a4b8c Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 15:58:52 +0100
Subject: [PATCH 029/150] fix: [JSON fields] fixed escaping issues

---
 templates/element/genericElements/IndexTable/Fields/json.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/templates/element/genericElements/IndexTable/Fields/json.php b/templates/element/genericElements/IndexTable/Fields/json.php
index 6c14248..2aca821 100644
--- a/templates/element/genericElements/IndexTable/Fields/json.php
+++ b/templates/element/genericElements/IndexTable/Fields/json.php
@@ -1,9 +1,12 @@
 <?php
-    $data = h($this->Hash->extract($row, $field['data_path']));
+    $data = $this->Hash->extract($row, $field['data_path']);
     // I feed dirty for this...
     if (is_array($data) && count($data) === 1 && isset($data[0])) {
         $data = $data[0];
     }
+    if (!is_array($data)) {
+        $data = json_decode($data, true);
+    }
     echo sprintf(
         '<div class="json_container_%s"></div>',
         h($k)

From 7f138325a8a5bd59ff83b653ce4e4a7ab63aa4c2 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 16:04:02 +0100
Subject: [PATCH 030/150] fix: [log index] use the proper action column

---
 templates/AuditLogs/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/AuditLogs/index.php b/templates/AuditLogs/index.php
index 46ec90b..a121e4f 100644
--- a/templates/AuditLogs/index.php
+++ b/templates/AuditLogs/index.php
@@ -45,8 +45,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
             ],
             [
                 'name' => __('Action'),
-                'sort' => 'action',
-                'data_path' => 'action',
+                'sort' => 'request_action',
+                'data_path' => 'request_action',
             ],
             [
                 'name' => __('Change'),

From 18b78e8eecbac57db8030fa4e9b61d81dbfb0464 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 17 Nov 2021 16:04:57 +0100
Subject: [PATCH 031/150] fix: [audit log] filtering now uses request_action
 rather than the renamed action field

---
 src/Controller/AuditLogsController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Controller/AuditLogsController.php b/src/Controller/AuditLogsController.php
index 58a2133..9717416 100644
--- a/src/Controller/AuditLogsController.php
+++ b/src/Controller/AuditLogsController.php
@@ -11,8 +11,8 @@ use Cake\Core\Configure;
 
 class AuditLogsController extends AppController
 {
-    public $filterFields = ['model_id', 'model', 'action', 'user_id', 'title'];
-    public $quickFilterFields = ['model', 'action', 'title'];
+    public $filterFields = ['model_id', 'model', 'request_action', 'user_id', 'title'];
+    public $quickFilterFields = ['model', 'request_action', 'title'];
     public $containFields = ['Users'];
 
     public function index()

From 9619989a94a2162d8a9c7f7e81a97b97e2db510a Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:24:25 +0100
Subject: [PATCH 032/150] new: [migration] organisation_id added to users

- also, grab the first org for a default
---
 config/Migrations/20211123152707_user_org.php | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 config/Migrations/20211123152707_user_org.php

diff --git a/config/Migrations/20211123152707_user_org.php b/config/Migrations/20211123152707_user_org.php
new file mode 100644
index 0000000..f615c98
--- /dev/null
+++ b/config/Migrations/20211123152707_user_org.php
@@ -0,0 +1,43 @@
+<?php
+declare(strict_types=1);
+
+use Phinx\Migration\AbstractMigration;
+
+final class UserOrg extends AbstractMigration
+{
+    /**
+     * Change Method.
+     *
+     * Write your reversible migrations using this method.
+     *
+     * More information on writing migrations is available here:
+     * https://book.cakephp.org/phinx/0/en/migrations.html#the-change-method
+     *
+     * Remember to call "create()" or "update()" and NOT "save()" when working
+     * with the Table class.
+     */
+    public function change(): void
+    {
+        $exists = $this->hasTable('users');
+        if (!$exists) {
+            $alignments = $this->table('users')
+                ->addColumn('organisation_id', 'integer', [
+                    'default' => null,
+                    'null' => true,
+                    'signed' => false,
+                    'length' => 10
+                ])
+                ->addIndex('org_id')
+                ->update();
+        }
+        $q1 = $this->getQueryBuilder();
+        $org_id = $q1->select(['min(id)'])->from('organisations')->execute()->fetchAll()[0][0];
+        if (!empty($org_id)) {
+            $q2 = $this->getQueryBuilder();
+            $q2->update('users')
+                ->set('organisation_id', $org_id)
+                ->where(['organisation_id IS NULL'])
+                ->execute();
+        }
+    }
+}

From e5e4e74cae53bc988c047958d11b194b8dd3fc68 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:25:32 +0100
Subject: [PATCH 033/150] chg: [users] associated with orgs

---
 src/Model/Table/UsersTable.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index 3a98b00..cb189aa 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -36,6 +36,13 @@ class UsersTable extends AppTable
                 'cascadeCallbacks' => false
             ]
         );
+        $this->belongsTo(
+            'Organisations',
+            [
+                'dependent' => false,
+                'cascadeCallbacks' => false
+            ]
+        );
         $this->hasMany(
             'UserSettings',
             [

From 81ab20291773a01eabc031c1f9e5e5a44b8ff92d Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:25:57 +0100
Subject: [PATCH 034/150] chg: [templates] org fields added to user templates

---
 templates/Users/add.php   | 6 ++++++
 templates/Users/index.php | 7 +++++++
 templates/Users/view.php  | 8 ++++++++
 3 files changed, 21 insertions(+)

diff --git a/templates/Users/add.php b/templates/Users/add.php
index 99bf366..f215277 100644
--- a/templates/Users/add.php
+++ b/templates/Users/add.php
@@ -14,6 +14,12 @@
                     'field' => 'username',
                     'autocomplete' => 'off'
                 ],
+                [
+                    'field' => 'organisation_id',
+                    'type' => 'dropdown',
+                    'label' => __('Associated organisation'),
+                    'options' => $dropdownData['organisation']
+                ],
                 [
                     'field' => 'password',
                     'label' => __('Password'),
diff --git a/templates/Users/index.php b/templates/Users/index.php
index 64561a1..1ff36bf 100644
--- a/templates/Users/index.php
+++ b/templates/Users/index.php
@@ -51,6 +51,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'sort' => 'username',
                 'data_path' => 'username',
             ],
+            [
+                'name' => __('Organisation'),
+                'sort' => 'organisation.name',
+                'data_path' => 'organisation.name',
+                'url' => '/organisations/view/{{0}}',
+                'url_vars' => ['organisation.id']
+            ],
             [
                 'name' => __('Email'),
                 'sort' => 'individual.email',
diff --git a/templates/Users/view.php b/templates/Users/view.php
index 760ead4..26c3c25 100644
--- a/templates/Users/view.php
+++ b/templates/Users/view.php
@@ -21,6 +21,14 @@ echo $this->element(
                 'path' => 'individual.email'
             ],
             [
+                'type' => 'generic',
+                'key' => __('Organisation'),
+                'path' => 'organisation.name',
+                'url' => '/organisations/view/{{0}}',
+                'url_vars' => 'organisation.id'
+            ],
+            [
+                'type' => 'generic',
                 'key' => __('Role'),
                 'path' => 'role.name',
                 'url' => '/roles/view/{{0}}',

From 061f3fc468dfed6a239582ea4b506b41627d3d71 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:26:29 +0100
Subject: [PATCH 035/150] chg: [profile] added org to profile menu

---
 templates/element/layouts/header/header-profile.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/element/layouts/header/header-profile.php b/templates/element/layouts/header/header-profile.php
index a35e041..1f148d6 100644
--- a/templates/element/layouts/header/header-profile.php
+++ b/templates/element/layouts/header/header-profile.php
@@ -8,10 +8,10 @@ use Cake\Routing\Router;
     </a>
     <div class="dropdown-menu dropdown-menu-end">
         <h6 class="dropdown-header">
-            <div class="fw-light"><?= __('Loggin in as') ?></div>
+            <div class="fw-light"><?= __('Logged in as') ?></div>
             <div>
                 <?= $this->SocialProvider->getIcon($this->request->getAttribute('identity')) ?>
-                <strong><?= h($this->request->getAttribute('identity')['username']) ?></strong>
+                [<?= h($loggedUser['organisation']['name']) ?>] <strong><?= h($this->request->getAttribute('identity')['username']) ?></strong>
             </div>
         </h6>
         <div class="dropdown-divider"></div>
@@ -35,4 +35,4 @@ use Cake\Routing\Router;
 </div>
 
 <style>
-</style>
\ No newline at end of file
+</style>

From ed848e9ceeaa7dc5eafc198fa64d59f0a1952c63 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:26:55 +0100
Subject: [PATCH 036/150] chg: [sharing groups] show owner org on the index

---
 templates/SharingGroups/index.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/templates/SharingGroups/index.php b/templates/SharingGroups/index.php
index 6076c6c..2aae744 100644
--- a/templates/SharingGroups/index.php
+++ b/templates/SharingGroups/index.php
@@ -35,6 +35,11 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'class' => 'short',
                 'data_path' => 'name',
             ],
+            [
+                'name' => __('Owner'),
+                'class' => 'short',
+                'data_path' => 'organisation.name'
+            ],
             [
                 'name' => __('UUID'),
                 'sort' => 'uuid',

From e708730e9706782b69a457f2be1db69692044112 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:27:14 +0100
Subject: [PATCH 037/150] chg: [roles] hide action buttons on the role index
 when they wouldn't be available anyway

---
 templates/Roles/index.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/Roles/index.php b/templates/Roles/index.php
index 2fc4c03..204d1d9 100644
--- a/templates/Roles/index.php
+++ b/templates/Roles/index.php
@@ -78,12 +78,14 @@ echo $this->element('genericElements/IndexTable/index_table', [
             [
                 'open_modal' => '/roles/edit/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
-                'icon' => 'edit'
+                'icon' => 'edit',
+                'requirement' => !empty($loggedUser['role']['perm_site_admin'])
             ],
             [
                 'open_modal' => '/roles/delete/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
-                'icon' => 'trash'
+                'icon' => 'trash',
+                'requirement' => !empty($loggedUser['role']['perm_site_admin'])
             ],
         ]
     ]

From 6d7a5553686b5ea6365039d15c2515cb8881a348 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:28:01 +0100
Subject: [PATCH 038/150] chg: [index views] slight changes

- hide inaccessible action buttons on org index
- add owner to sharing group index
---
 templates/Organisations/index.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/Organisations/index.php b/templates/Organisations/index.php
index 0448c77..4b34aab 100644
--- a/templates/Organisations/index.php
+++ b/templates/Organisations/index.php
@@ -94,12 +94,14 @@ echo $this->element('genericElements/IndexTable/index_table', [
             [
                 'open_modal' => '/organisations/edit/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
-                'icon' => 'edit'
+                'icon' => 'edit',
+                'requirement' => $loggedUser['role']['perm_admin']
             ],
             [
                 'open_modal' => '/organisations/delete/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
-                'icon' => 'trash'
+                'icon' => 'trash',
+                'requirement' => $loggedUser['role']['perm_admin']
             ],
         ]
     ]

From dad310f4348646c3c46bf319fd556877820ab84b Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:28:52 +0100
Subject: [PATCH 039/150] chg: [appcontroller] include user org in loaded user
 object during authentication

- also log username as username rather than name
---
 src/Controller/AppController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
index 9b44ec4..46c5355 100644
--- a/src/Controller/AppController.php
+++ b/src/Controller/AppController.php
@@ -102,7 +102,7 @@ class AppController extends Controller
         $this->ACL->setPublicInterfaces();
         if (!empty($this->request->getAttribute('identity'))) {
             $user = $this->Users->get($this->request->getAttribute('identity')->getIdentifier(), [
-                'contain' => ['Roles', 'Individuals' => 'Organisations', 'UserSettings']
+                'contain' => ['Roles', 'Individuals' => 'Organisations', 'UserSettings', 'Organisations']
             ]);
             if (!empty($user['disabled'])) {
                 $this->Authentication->logout();
@@ -158,7 +158,7 @@ class AppController extends Controller
                     'action' => 'login',
                     'model' => 'Users',
                     'model_id' => $user['id'],
-                    'model_title' => $user['name'],
+                    'model_title' => $user['username'],
                     'change' => []
                 ]);
                 if (!empty($user)) {

From 5483357e1cd98532a047f4d6fb2cbdf81c7e1ecf Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:29:39 +0100
Subject: [PATCH 040/150] chg: [ACL] fix permissions for org admins

- also, fix a bug with the simple permissions being ignored
---
 src/Controller/Component/ACLComponent.php | 24 ++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index 5feae97..cd38752 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -145,24 +145,24 @@ class ACLComponent extends Component
             'view' =>  ['*']
         ],
         'SharingGroups' => [
-            'add' => ['perm_admin'],
-            'addOrg' => ['perm_admin'],
-            'delete' => ['perm_admin'],
-            'edit' => ['perm_admin'],
+            'add' => ['perm_org_admin'],
+            'addOrg' => ['perm_org_admin'],
+            'delete' => ['perm_org_admin'],
+            'edit' => ['perm_org_admin'],
             'index' => ['*'],
             'listOrgs' => ['*'],
-            'removeOrg' => ['perm_admin'],
+            'removeOrg' => ['perm_org_admin'],
             'view' => ['*']
         ],
         'Users' => [
-            'add' => ['perm_admin'],
-            'delete' => ['perm_admin'],
+            'add' => ['perm_org_admin'],
+            'delete' => ['perm_org_admin'],
             'edit' => ['*'],
-            'index' => ['perm_admin'],
+            'index' => ['perm_org_admin'],
             'login' => ['*'],
             'logout' => ['*'],
             'register' => ['*'],
-            'toggle' => ['perm_admin'],
+            'toggle' => ['perm_org_admin'],
             'view' => ['*']
         ]
     );
@@ -290,6 +290,12 @@ class ACLComponent extends Component
                 if ($allConditionsMet) {
                     return true;
                 }
+            } else {
+                foreach ($this->aclList[$controller][$action] as $permission) {
+                    if ($this->user['role'][$permission]) {
+                        return true;
+                    }
+                }
             }
         }
         return false;

From 0fe7f4f9312c16df6b770ae8d866aff8444e8d41 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:30:28 +0100
Subject: [PATCH 041/150] new: [CRUD] added additional features to the CRUD
 component

- conditions passable to add/edit/index/delete
- refactored get() requests internally to finds to accomodate for additional parameters
- delete() now takes a params[] array as a second argument
---
 src/Controller/Component/CRUDComponent.php | 43 +++++++++++++++++++---
 1 file changed, 37 insertions(+), 6 deletions(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 45df6d5..4ebabff 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -50,6 +50,9 @@ class CRUDComponent extends Component
         }
         $query = $this->setFilters($params, $query, $options);
         $query = $this->setQuickFilters($params, $query, empty($options['quickFilters']) ? [] : $options['quickFilters']);
+        if (!empty($options['conditions'])) {
+            $query->where($options['conditions']);
+        }
         if (!empty($options['contain'])) {
             $query->contain($options['contain']);
         }
@@ -284,7 +287,14 @@ class CRUDComponent extends Component
             $params['contain'][] = 'Tags';
             $this->setAllTags();
         }
-        $data = $this->Table->get($id, isset($params['get']) ? $params['get'] : $params);
+        $data = $this->Table->find()->where(['id' => $id]);
+        if (!empty($params['conditions'])) {
+            $data->where($params['conditions']);
+        }
+        $data = $data->first();
+        if (empty($data)) {
+            throw new NotFoundException(__('Invalid {0}.', $this->ObjectAlias));
+        }
         $data = $this->getMetaFields($id, $data);
         if (!empty($params['fields'])) {
             $this->Controller->set('fields', $params['fields']);
@@ -414,11 +424,21 @@ class CRUDComponent extends Component
         $this->Controller->set('entity', $data);
     }
 
-    public function delete($id=false): void
+    public function delete($id=false, $params=[]): void
     {
         if ($this->request->is('get')) {
             if(!empty($id)) {
-                $data = $this->Table->get($id);
+                $data = $this->Table->find()->where([$this->Table->getAlias() . '.id' => $id]);
+                if (!empty($params['conditions'])) {
+                    $data->where($params['conditions']);
+                }
+                if (!empty($params['contain'])) {
+                    $data->contain($params['contain']);
+                }
+                $data = $data->first();
+                if (empty($data)) {
+                    throw new NotFoundException(__('Invalid {0}.', $this->ObjectAlias));
+                }
                 $this->Controller->set('id', $data['id']);
                 $this->Controller->set('data', $data);
                 $this->Controller->set('bulkEnabled', false);
@@ -430,9 +450,20 @@ class CRUDComponent extends Component
             $isBulk = count($ids) > 1;
             $bulkSuccesses = 0;
             foreach ($ids as $id) {
-                $data = $this->Table->get($id);
-                $success = $this->Table->delete($data);
-                $success = true;
+                $data = $this->Table->find()->where([$this->Table->getAlias() . '.id' => $id]);
+                if (!empty($params['conditions'])) {
+                    $data->where($params['conditions']);
+                }
+                if (!empty($params['contain'])) {
+                    $data->contain($params['contain']);
+                }
+                $data = $data->first();
+                if (!empty($data)) {
+                    $success = $this->Table->delete($data);
+                    $success = true;
+                } else {
+                    $success = false;
+                }
                 if ($success) {
                     $bulkSuccesses++;
                 }

From 22e4a90af0047dc2dfa8095c71dcef6f1e1341c3 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:32:05 +0100
Subject: [PATCH 042/150] chg: [ACL] tightened ACL for several controllers

- org admins now have access to new functionalities, added ACL for them
- Affected controllers:
  - Authkeys, encryptionkeys, users, sharinggroups
- sets defaults/restricts access accordingly
---
 src/Controller/AuthKeysController.php       | 24 +++++++++--
 src/Controller/EncryptionKeysController.php | 36 ++++++++++++++++-
 src/Controller/SharingGroupsController.php  | 19 +++++++--
 src/Controller/UsersController.php          | 44 ++++++++++++++++++---
 4 files changed, 108 insertions(+), 15 deletions(-)

diff --git a/src/Controller/AuthKeysController.php b/src/Controller/AuthKeysController.php
index 5f75b4a..9e8ac03 100644
--- a/src/Controller/AuthKeysController.php
+++ b/src/Controller/AuthKeysController.php
@@ -16,15 +16,25 @@ class AuthKeysController extends AppController
 {
     public $filterFields = ['Users.username', 'authkey', 'comment', 'Users.id'];
     public $quickFilterFields = ['authkey', ['comment' => true]];
-    public $containFields = ['Users'];
+    public $containFields = ['Users' => ['fields' => ['id', 'username']]];
 
     public function index()
     {
+        $currentUser = $this->ACL->getUser();
+        $conditions = [];
+        if (empty($currentUser['role']['perm_admin'])) {
+            $conditions['Users.organisation_id'] = $currentUser['organisation_id'];
+            if (empty($currentUser['role']['perm_org_admin'])) {
+                $conditions['Users.id'] = $currentUser['id'];
+            }
+        }
         $this->CRUD->index([
             'filters' => $this->filterFields,
             'quickFilters' => $this->quickFilterFields,
             'contain' => $this->containFields,
-            'exclude_fields' => ['authkey']
+            'exclude_fields' => ['authkey'],
+            'conditions' => $conditions,
+            'hidden' => []
         ]);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
@@ -35,7 +45,15 @@ class AuthKeysController extends AppController
 
     public function delete($id)
     {
-        $this->CRUD->delete($id);
+        $currentUser = $this->ACL->getUser();
+        $conditions = [];
+        if (empty($currentUser['role']['perm_admin'])) {
+            $conditions['Users.organisation_id'] = $currentUser['organisation_id'];
+            if (empty($currentUser['role']['perm_org_admin'])) {
+                $conditions['Users.id'] = $currentUser['id'];
+            }
+        }
+        $this->CRUD->delete($id, ['conditions' => $conditions, 'contain' => 'Users']);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
             return $responsePayload;
diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php
index 65183cb..78bec89 100644
--- a/src/Controller/EncryptionKeysController.php
+++ b/src/Controller/EncryptionKeysController.php
@@ -49,7 +49,31 @@ class EncryptionKeysController extends AppController
 
     public function add()
     {
-        $this->CRUD->add(['redirect' => $this->referer()]);
+        $orgConditions = [];
+        $currentUser = $this->ACL->getUser();
+        $params = ['redirect' => $this->referer()];
+        if (empty($currentUser['role']['perm_admin'])) {
+            $params['beforeSave'] = function($entity) {
+                if ($entity['owner_model'] === 'organisation') {
+                    $entity['owner_id'] = $currentUser['organisation_id'];
+                } else {
+                    if ($currentUser['role']['perm_org_admin']) {
+                        $validIndividuals = $this->Organisations->Alignments->find('list', [
+                            'fields' => ['distinct(individual_id)'],
+                            'conditions' => ['organisation_id' => $currentUser['organisation_id']]
+                        ]);
+                        if (!in_array($entity['owner_id'], $validIndividuals)) {
+                            throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
+                        }
+                    } else {
+                        if ($entity['owner_id'] !== $currentUser['id']) {
+                            throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
+                        }
+                    }
+                }
+            };
+        }
+        $this->CRUD->add($params);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
             return $responsePayload;
@@ -58,7 +82,8 @@ class EncryptionKeysController extends AppController
         $this->loadModel('Individuals');
         $dropdownData = [
             'organisation' => $this->Organisations->find('list', [
-                'sort' => ['name' => 'asc']
+                'sort' => ['name' => 'asc'],
+                'conditions' => $orgConditions
             ]),
             'individual' => $this->Individuals->find('list', [
                 'sort' => ['email' => 'asc']
@@ -70,12 +95,19 @@ class EncryptionKeysController extends AppController
 
     public function edit($id = false)
     {
+        $conditions = [];
+        $currentUser = $this->ACL->getUser();
         $params = [
             'fields' => [
                 'type', 'encryption_key', 'revoked'
             ],
             'redirect' => $this->referer()
         ];
+        if (empty($currentUser['role']['perm_admin'])) {
+            if (empty($currentUser['role']['perm_org_admin'])) {
+
+            }
+        }
         $this->CRUD->edit($id, $params);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
diff --git a/src/Controller/SharingGroupsController.php b/src/Controller/SharingGroupsController.php
index c8f8f79..4e98df8 100644
--- a/src/Controller/SharingGroupsController.php
+++ b/src/Controller/SharingGroupsController.php
@@ -16,10 +16,16 @@ class SharingGroupsController extends AppController
 
     public function index()
     {
+        $currentUser = $this->ACL->getUser();
+        $conditions = [];
+        if (empty($currentUser['role']['perm_admin'])) {
+            $conditions['SharingGroups.organisation_id'] = $currentUser['organisation_id'];
+        }
         $this->CRUD->index([
             'contain' => $this->containFields,
             'filters' => $this->filterFields,
-            'quickFilters' => $this->quickFilterFields
+            'quickFilters' => $this->quickFilterFields,
+            'conditions' => $conditions
         ]);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
@@ -60,7 +66,12 @@ class SharingGroupsController extends AppController
 
     public function edit($id = false)
     {
-        $this->CRUD->edit($id);
+        $params = [];
+        $currentUser = $this->ACL->getUser();
+        if (empty($currentUser['role']['perm_admin'])) {
+            $params['conditions'] = ['organisation_id' => $currentUser['organisation_id']];
+        }
+        $this->CRUD->edit($id, $params);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
             return $responsePayload;
@@ -206,11 +217,11 @@ class SharingGroupsController extends AppController
         $organisations = [];
         if (!empty($user['role']['perm_admin'])) {
             $organisations = $this->SharingGroups->Organisations->find('list')->order(['name' => 'ASC'])->toArray();
-        } else if (!empty($user['individual']['organisations'])) {
+        } else {
             $organisations = $this->SharingGroups->Organisations->find('list', [
                 'sort' => ['name' => 'asc'],
                 'conditions' => [
-                    'id IN' => array_values(\Cake\Utility\Hash::extract($user, 'individual.organisations.{n}.id'))
+                    'id' => $user['organisation_id']
                 ]
             ]);
         }
diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 012655e..0f81751 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -11,16 +11,22 @@ use Cake\Core\Configure;
 
 class UsersController extends AppController
 {
-    public $filterFields = ['Individuals.uuid', 'username', 'Individuals.email', 'Individuals.first_name', 'Individuals.last_name'];
+    public $filterFields = ['Individuals.uuid', 'username', 'Individuals.email', 'Individuals.first_name', 'Individuals.last_name', 'Organisations.name'];
     public $quickFilterFields = ['Individuals.uuid', ['username' => true], ['Individuals.first_name' => true], ['Individuals.last_name' => true], 'Individuals.email'];
-    public $containFields = ['Individuals', 'Roles', 'UserSettings'];
+    public $containFields = ['Individuals', 'Roles', 'UserSettings', 'Organisations'];
 
     public function index()
     {
+        $currentUser = $this->ACL->getUser();
+        $conditions = [];
+        if (empty($currentUser['role']['perm_admin'])) {
+            $conditions['organisation_id'] = $currentUser['organisation_id'];
+        }
         $this->CRUD->index([
             'contain' => $this->containFields,
             'filters' => $this->filterFields,
             'quickFilters' => $this->quickFilterFields,
+            'conditions' => $conditions
         ]);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
@@ -31,8 +37,12 @@ class UsersController extends AppController
 
     public function add()
     {
+        $currentUser = $this->ACL->getUser();
         $this->CRUD->add([
-            'beforeSave' => function($data) {
+            'beforeSave' => function($data) use ($currentUser) {
+                if (!$currentUser['role']['perm_admin']) {
+                    $data['organisation_id'] = $currentUser['organisation_id'];
+                }
                 $this->Users->enrollUserRouter($data);
                 return $data;
             }
@@ -41,12 +51,28 @@ class UsersController extends AppController
         if (!empty($responsePayload)) {
             return $responsePayload;
         }
+        /*
+        $alignments = $this->Users->Individuals->Alignments->find('list', [
+            //'keyField' => 'id',
+            'valueField' => 'organisation_id',
+            'groupField' => 'individual_id'
+        ])->toArray();
+        $alignments = array_map(function($value) { return array_values($value); }, $alignments);
+        */
+        $org_conditions = [];
+        if (empty($currentUser['role']['perm_admin'])) {
+            $org_conditions = ['id' => $currentUser['organisation_id']];
+        }
         $dropdownData = [
             'role' => $this->Users->Roles->find('list', [
                 'sort' => ['name' => 'asc']
             ]),
             'individual' => $this->Users->Individuals->find('list', [
                 'sort' => ['email' => 'asc']
+            ]),
+            'organisation' => $this->Users->Organisations->find('list', [
+                'sort' => ['name' => 'asc'],
+                'conditions' => $org_conditions
             ])
         ];
         $this->set(compact('dropdownData'));
@@ -59,7 +85,7 @@ class UsersController extends AppController
             $id = $this->ACL->getUser()['id'];
         }
         $this->CRUD->view($id, [
-            'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles']
+            'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles', 'Organisations']
         ]);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
@@ -70,9 +96,11 @@ class UsersController extends AppController
 
     public function edit($id = false)
     {
-        if (empty($id) || empty($this->ACL->getUser()['role']['perm_admin'])) {
-            $id = $this->ACL->getUser()['id'];
+        $currentUser = $this->ACL->getUser();
+        if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_site_admin']))) {
+            $id = $currentUser['id'];
         }
+
         $params = [
             'get' => [
                 'fields' => [
@@ -88,6 +116,7 @@ class UsersController extends AppController
         ];
         if (!empty($this->ACL->getUser()['role']['perm_admin'])) {
             $params['fields'][] = 'role_id';
+            $params['fields'][] = 'organisation_id';
         }
         $this->CRUD->edit($id, $params);
         $responsePayload = $this->CRUD->getResponsePayload();
@@ -100,6 +129,9 @@ class UsersController extends AppController
             ]),
             'individual' => $this->Users->Individuals->find('list', [
                 'sort' => ['email' => 'asc']
+            ]),
+            'organisation' => $this->Users->Organisations->find('list', [
+                'sort' => ['name' => 'asc']
             ])
         ];
         $this->set(compact('dropdownData'));

From 3cc857c42f4225b130ab3a6fda5dd8c36b526fac Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:33:26 +0100
Subject: [PATCH 043/150] fix: [auditlog] use insert() rather than save() as
 that is not available in the behavior

- fixes exception on logging deletes, blocking any actual deletions
---
 src/Model/Behavior/AuditLogBehavior.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Model/Behavior/AuditLogBehavior.php b/src/Model/Behavior/AuditLogBehavior.php
index f7ef3df..26d354c 100644
--- a/src/Model/Behavior/AuditLogBehavior.php
+++ b/src/Model/Behavior/AuditLogBehavior.php
@@ -129,14 +129,13 @@ class AuditLogBehavior extends Behavior
             $modelTitle = $entity[$modelTitleField];
         }
 
-        $logEntity = $this->auditLogs()->newEntity([
+        $this->auditLogs()->insert([
             'request_action' => $entity->getConstant('ACTION_DELETE'),
             'model' => $entity->getSource(),
             'model_id' => $this->old->id,
             'model_title' => $modelTitle,
             'change' => $this->changedFields($entity)
         ]);
-        $logEntity->save();
     }
 
     /**

From 92fee87a7f30d97c0c661fd283fa614317811681 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:34:15 +0100
Subject: [PATCH 044/150] fix: [keycloak] when enrolling users in keycloak, use
 the user organisation_id instead of the individual's first alias

---
 src/Model/Behavior/AuthKeycloakBehavior.php | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index d42a8c9..4b46a87 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -98,7 +98,7 @@ class AuthKeycloakBehavior extends Behavior
     {
         $individual = $this->_table->Individuals->find()->where(
             ['id' => $data['individual_id']]
-        )->contain(['Organisations'])->first();
+        )->first();
         $roleConditions = [
             'id' => $data['role_id']
         ];
@@ -106,10 +106,9 @@ class AuthKeycloakBehavior extends Behavior
             $roleConditions['name'] = Configure::read('keycloak.default_role_name');
         }
         $role = $this->_table->Roles->find()->where($roleConditions)->first();
-        $orgs = [];
-        foreach ($individual['organisations'] as $org) {
-            $orgs[] = $org['uuid'];
-        }
+        $org = $this->_table->Organisations->find()->where([
+            ['id' => $data['organisation_id']]
+        ]);
         $token = $this->getAdminAccessToken();
         $keyCloakUser = [
             'firstName' => $individual['first_name'],
@@ -118,7 +117,7 @@ class AuthKeycloakBehavior extends Behavior
             'email' =>  $individual['email'],
             'attributes' => [
                 'role_name' => empty($role['name']) ? Configure::read('keycloak.default_role_name') : $role['name'],
-                'org_uuid' => empty($orgs[0]) ? '' : $orgs[0]
+                'org_uuid' => $orgs['uuid']
             ]
         ];
         $keycloakConfig = Configure::read('keycloak');

From bacb3dc85e4e0b31fecb190f1f16815da05790b9 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:50:55 +0100
Subject: [PATCH 045/150] fix: [API] fixed broken API

- don't call functions specifically meant for the UI when in an ACL context
- also fixed breaking issues with the logging
---
 src/Controller/AppController.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
index 46c5355..cdd85e2 100644
--- a/src/Controller/AppController.php
+++ b/src/Controller/AppController.php
@@ -113,8 +113,10 @@ class AppController extends Controller
             $this->ACL->setUser($user);
             $this->request->getSession()->write('authUser', $user);
             $this->isAdmin = $user['role']['perm_admin'];
-            $this->set('menu', $this->ACL->getMenu());
-            $this->set('loggedUser', $this->ACL->getUser());
+            if (!$this->ParamHandler->isRest()) {
+                $this->set('menu', $this->ACL->getMenu());
+                $this->set('loggedUser', $this->ACL->getUser());
+            }
         } else if ($this->ParamHandler->isRest()) {
             throw new MethodNotAllowedException(__('Invalid user credentials.'));
         }
@@ -153,9 +155,8 @@ class AppController extends Controller
             if (!empty($authKey)) {
                 $this->loadModel('Users');
                 $user = $this->Users->get($authKey['user_id']);
-                $user = $logModel->userInfo();
                 $logModel->insert([
-                    'action' => 'login',
+                    'request_action' => 'login',
                     'model' => 'Users',
                     'model_id' => $user['id'],
                     'model_title' => $user['username'],
@@ -167,7 +168,7 @@ class AppController extends Controller
             } else {
                 $user = $logModel->userInfo();
                 $logModel->insert([
-                    'action' => 'login',
+                    'request_action' => 'login',
                     'model' => 'Users',
                     'model_id' => $user['id'],
                     'model_title' => $user['name'],

From 4bcdf9534acf33ee66f2dff51d5ec5f8168fa23d Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 01:52:03 +0100
Subject: [PATCH 046/150] chg: [cakephp] version bump

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 42a49b2..bc562a0 100644
--- a/composer.json
+++ b/composer.json
@@ -9,7 +9,7 @@
         "admad/cakephp-social-auth": "^1.1",
         "cakephp/authentication": "^2.0",
         "cakephp/authorization": "^2.0",
-        "cakephp/cakephp": "^4.0",
+        "cakephp/cakephp": "^4.3",
         "cakephp/migrations": "^3.0",
         "cakephp/plugin-installer": "^1.2",
         "erusev/parsedown": "^1.7",

From c647ae95ebd8a5881fb4173f4055f450d1295013 Mon Sep 17 00:00:00 2001
From: Andras Iklody <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 13:44:12 +0100
Subject: [PATCH 047/150] fix: typo in mysql.sql

---
 INSTALL/mysql.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/INSTALL/mysql.sql b/INSTALL/mysql.sql
index 6bd956c..936df41 100644
--- a/INSTALL/mysql.sql
+++ b/INSTALL/mysql.sql
@@ -408,7 +408,7 @@ CREATE TABLE IF NOT EXISTS `audit_logs` (
     KEY `ip` (`ip`),
     KEY `model` (`model`),
     KEY `action` (`action`),
-    KEY `model_id` (`model_id`)
+    KEY `model_id` (`model_id`),
     KEY `created` (`created`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 

From 8ca22760e029a4da62156c1d32878dd81b767673 Mon Sep 17 00:00:00 2001
From: Andras Iklody <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 13:47:10 +0100
Subject: [PATCH 048/150] fix: [mysql] create if exists rather than drop +
 create

- made sense early in development, however, it no longer does
---
 INSTALL/mysql.sql | 51 +++++++++++++++++------------------------------
 1 file changed, 18 insertions(+), 33 deletions(-)

diff --git a/INSTALL/mysql.sql b/INSTALL/mysql.sql
index 936df41..799cda8 100644
--- a/INSTALL/mysql.sql
+++ b/INSTALL/mysql.sql
@@ -19,10 +19,9 @@
 -- Table structure for table `alignment_tags`
 --
 
-DROP TABLE IF EXISTS `alignment_tags`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `alignment_tags` (
+CREATE TABLE IF NOT EXISTS `alignment_tags` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `alignment_id` int(10) unsigned NOT NULL,
   `tag_id` int(10) unsigned NOT NULL,
@@ -48,10 +47,9 @@ CREATE TABLE `alignment_tags` (
 -- Table structure for table `alignments`
 --
 
-DROP TABLE IF EXISTS `alignments`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `alignments` (
+CREATE TABLE IF NOT EXISTS `alignments` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `individual_id` int(10) unsigned NOT NULL,
   `organisation_id` int(10) unsigned NOT NULL,
@@ -68,10 +66,9 @@ CREATE TABLE `alignments` (
 -- Table structure for table `auth_keys`
 --
 
-DROP TABLE IF EXISTS `auth_keys`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `auth_keys` (
+CREATE TABLE IF NOT EXISTS `auth_keys` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `uuid` varchar(40) COLLATE utf8mb4_unicode_ci NOT NULL,
   `authkey` varchar(72) CHARACTER SET ascii DEFAULT NULL,
@@ -94,10 +91,9 @@ CREATE TABLE `auth_keys` (
 -- Table structure for table `broods`
 --
 
-DROP TABLE IF EXISTS `broods`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `broods` (
+CREATE TABLE IF NOT EXISTS `broods` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
   `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
@@ -122,10 +118,9 @@ CREATE TABLE `broods` (
 -- Table structure for table `encryption_keys`
 --
 
-DROP TABLE IF EXISTS `encryption_keys`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `encryption_keys` (
+CREATE TABLE IF NOT EXISTS `encryption_keys` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
   `type` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
@@ -145,10 +140,9 @@ CREATE TABLE `encryption_keys` (
 -- Table structure for table `individual_encryption_keys`
 --
 
-DROP TABLE IF EXISTS `individual_encryption_keys`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `individual_encryption_keys` (
+CREATE TABLE IF NOT EXISTS `individual_encryption_keys` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `individual_id` int(10) unsigned NOT NULL,
   `encryption_key_id` int(10) unsigned NOT NULL,
@@ -168,10 +162,9 @@ CREATE TABLE `individual_encryption_keys` (
 -- Table structure for table `individuals`
 --
 
-DROP TABLE IF EXISTS `individuals`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `individuals` (
+CREATE TABLE IF NOT EXISTS `individuals` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
   `email` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
@@ -190,8 +183,7 @@ CREATE TABLE `individuals` (
 -- Table structure for table `local_tools`
 --
 
-DROP TABLE IF EXISTS `local_tools`;
-CREATE TABLE `local_tools` (
+CREATE TABLE IF NOT EXISTS `local_tools` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
   `connector` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
@@ -207,10 +199,9 @@ CREATE TABLE `local_tools` (
 -- Table structure for table `organisation_encryption_keys`
 --
 
-DROP TABLE IF EXISTS `organisation_encryption_keys`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `organisation_encryption_keys` (
+CREATE TABLE IF NOT EXISTS `organisation_encryption_keys` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `organisation_id` int(10) unsigned NOT NULL,
   `encryption_key_id` int(10) unsigned NOT NULL,
@@ -226,10 +217,9 @@ CREATE TABLE `organisation_encryption_keys` (
 -- Table structure for table `organisations`
 --
 
-DROP TABLE IF EXISTS `organisations`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `organisations` (
+CREATE TABLE IF NOT EXISTS `organisations` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
   `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
@@ -252,10 +242,9 @@ CREATE TABLE `organisations` (
 -- Table structure for table `roles`
 --
 
-DROP TABLE IF EXISTS `roles`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `roles` (
+CREATE TABLE IF NOT EXISTS `roles` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
   `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
@@ -271,10 +260,9 @@ CREATE TABLE `roles` (
 -- Table structure for table `tags`
 --
 
-DROP TABLE IF EXISTS `tags`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `tags` (
+CREATE TABLE IF NOT EXISTS `tags` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
   `description` text COLLATE utf8mb4_unicode_ci,
@@ -288,10 +276,7 @@ CREATE TABLE `tags` (
 -- Table structure for table `users`
 --
 
-DROP TABLE IF EXISTS `users`;
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE `users` (
+CREATE TABLE IF NOT EXISTS `users` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
   `username` varchar(191) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
@@ -309,7 +294,7 @@ CREATE TABLE `users` (
 /*!40101 SET character_set_client = @saved_cs_client */;
 /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
 
-CREATE TABLE `sharing_groups` (
+CREATE TABLE IF NOT EXISTS `sharing_groups` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
   `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
@@ -326,7 +311,7 @@ CREATE TABLE `sharing_groups` (
   KEY `name` (`name`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
-CREATE TABLE `sgo` (
+CREATE TABLE IF NOT EXISTS `sgo` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `sharing_group_id` int(10) unsigned NOT NULL,
   `organisation_id` int(10) unsigned NOT NULL,
@@ -336,7 +321,7 @@ CREATE TABLE `sgo` (
   KEY `organisation_id` (`organisation_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
-CREATE TABLE `meta_fields` (
+CREATE TABLE IF NOT EXISTS `meta_fields` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `scope` varchar(191) NOT NULL,
   `parent_id` int(10) unsigned NOT NULL,
@@ -356,7 +341,7 @@ CREATE TABLE `meta_fields` (
   KEY `meta_template_field_id` (`meta_template_field_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
-CREATE TABLE `meta_templates` (
+CREATE TABLE IF NOT EXISTS `meta_templates` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `scope` varchar(191) NOT NULL,
   `name` varchar(191) NOT NULL,
@@ -376,7 +361,7 @@ CREATE TABLE `meta_templates` (
   KEY `uuid` (`uuid`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
-CREATE TABLE `meta_template_fields` (
+CREATE TABLE IF NOT EXISTS `meta_template_fields` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `field` varchar(191) NOT NULL,
   `type` varchar(191) NOT NULL,

From 19b98a0df4b03380f9e5b5397c2c711f346a84ed Mon Sep 17 00:00:00 2001
From: Andras Iklody <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 13:48:20 +0100
Subject: [PATCH 049/150] fix: [mysql] renamed field without renaming the
 associated index

---
 INSTALL/mysql.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/INSTALL/mysql.sql b/INSTALL/mysql.sql
index 799cda8..627a3b6 100644
--- a/INSTALL/mysql.sql
+++ b/INSTALL/mysql.sql
@@ -390,7 +390,7 @@ CREATE TABLE IF NOT EXISTS `audit_logs` (
     `change` blob,
     PRIMARY KEY (`id`),
     KEY `user_id` (`user_id`),
-    KEY `ip` (`ip`),
+    KEY `request_ip` (`request_ip`),
     KEY `model` (`model`),
     KEY `action` (`action`),
     KEY `model_id` (`model_id`),

From 2ac32911bb22ffe8f929812d8c398d16cb5c18b7 Mon Sep 17 00:00:00 2001
From: Andras Iklody <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 13:50:20 +0100
Subject: [PATCH 050/150] fix: [mysql] action field renamed without renaming
 the index

---
 INSTALL/mysql.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/INSTALL/mysql.sql b/INSTALL/mysql.sql
index 627a3b6..ed39991 100644
--- a/INSTALL/mysql.sql
+++ b/INSTALL/mysql.sql
@@ -392,7 +392,7 @@ CREATE TABLE IF NOT EXISTS `audit_logs` (
     KEY `user_id` (`user_id`),
     KEY `request_ip` (`request_ip`),
     KEY `model` (`model`),
-    KEY `action` (`action`),
+    KEY `request_action` (`request_action`),
     KEY `model_id` (`model_id`),
     KEY `created` (`created`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

From eb0a67327ae96a2b0f33f2d2e0d92cf5506da843 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 14:46:34 +0100
Subject: [PATCH 051/150] fix: [initial user] generation fixed

- requires a default organisation + org link now
---
 src/Model/Table/UsersTable.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index cb189aa..1b5d09f 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -12,6 +12,7 @@ use \Cake\Http\Session;
 use Cake\Http\Client;
 use Cake\Utility\Security;
 use Cake\Core\Configure;
+use Cake\Utility\Text;
 
 class UsersTable extends AppTable
 {
@@ -105,6 +106,12 @@ class UsersTable extends AppTable
                 'perm_admin' => 1
             ]);
             $this->Roles->save($role);
+            $this->Organisations = TableRegistry::get('Organisations');
+            $organisation = $this->Organisations->newEntity([
+                'name' => 'default_organisation',
+                'uuid' => Text::uuid()
+            ]);
+            $this->Organisations->save($organisation);
             $this->Individuals = TableRegistry::get('Individuals');
             $individual = $this->Individuals->newEntity([
                 'email' => 'admin@admin.test',
@@ -116,6 +123,7 @@ class UsersTable extends AppTable
                 'username' => 'admin',
                 'password' => 'Password1234',
                 'individual_id' => $individual->id,
+                'oganisation_id' => $organisation->id,
                 'role_id' => $role->id
             ]);
             $this->save($user);

From e8e1a16673a8aba557502e95a16a98b07e31c565 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Wed, 24 Nov 2021 22:38:39 +0100
Subject: [PATCH 052/150] chg: [search_all] Added drafty support of meta-fields

---
 src/Model/Table/InstanceTable.php | 12 ++++++++++++
 templates/Instance/search_all.php | 27 +++++++++++++++++++--------
 2 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/src/Model/Table/InstanceTable.php b/src/Model/Table/InstanceTable.php
index a625e79..95b965a 100644
--- a/src/Model/Table/InstanceTable.php
+++ b/src/Model/Table/InstanceTable.php
@@ -71,6 +71,18 @@ class InstanceTable extends AppTable
     public function searchAll($value, $limit=5, $model=null)
     {
         $results = [];
+
+        // search in metafields. FIXME: To be replaced by the meta-template system
+        $metaFieldTable = TableRegistry::get('MetaFields');
+        $query = $metaFieldTable->find()->where([
+            'value LIKE' => '%' . $value . '%'
+        ]);
+        $results['MetaFields']['amount'] = $query->count();
+        $result = $query->limit($limit)->all()->toList();
+        if (!empty($result)) {
+            $results['MetaFields']['entries'] = $result;
+        }
+
         $models = $this->seachAllTables;
         if (!is_null($model)) {
             if (in_array($model, $this->seachAllTables)) {
diff --git a/templates/Instance/search_all.php b/templates/Instance/search_all.php
index 76c46f6..bd6bb17 100644
--- a/templates/Instance/search_all.php
+++ b/templates/Instance/search_all.php
@@ -19,14 +19,25 @@
         </span>', h($tableName), $tableResult['amount']);
 
         foreach ($tableResult['entries'] as $entry) {
-            $section .= sprintf('<a class="dropdown-item" href="%s">%s</a>',
-                Cake\Routing\Router::URL([
-                    'controller' => Cake\Utility\Inflector::pluralize($entry->getSource()),
-                    'action' => 'view',
-                    h($entry['id'])
-                ]),
-                h($entry[$fieldPath])
-            );
+            if ($entry->getSource() == 'MetaFields') {
+                $section .= sprintf('<a class="dropdown-item" href="%s">%s</a>',
+                    Cake\Routing\Router::URL([
+                        'controller' => Cake\Utility\Inflector::pluralize($entry->scope),
+                        'action' => 'view',
+                        h($entry->parent_id)
+                    ]),
+                    sprintf('%s (%s::%s)', h($entry->value), h($entry->scope), h($entry->field))
+                );
+            } else {
+                $section .= sprintf('<a class="dropdown-item" href="%s">%s</a>',
+                    Cake\Routing\Router::URL([
+                        'controller' => Cake\Utility\Inflector::pluralize($entry->getSource()),
+                        'action' => 'view',
+                        h($entry['id'])
+                    ]),
+                    h($entry[$fieldPath])
+                );
+            }
         }
         $remaining = $tableResult['amount'] - count($tableResult['entries']);
         if ($remaining > 0) {

From 999f4c8539d8d4eed134cdbe346671f76ac23dc8 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Wed, 24 Nov 2021 22:49:40 +0100
Subject: [PATCH 053/150] fix: [migration:user_org] Fixed if org_id column does
 not exist

---
 config/Migrations/20211123152707_user_org.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/Migrations/20211123152707_user_org.php b/config/Migrations/20211123152707_user_org.php
index f615c98..a0772ef 100644
--- a/config/Migrations/20211123152707_user_org.php
+++ b/config/Migrations/20211123152707_user_org.php
@@ -18,16 +18,16 @@ final class UserOrg extends AbstractMigration
      */
     public function change(): void
     {
-        $exists = $this->hasTable('users');
+        $exists = $this->table('users')->hasColumn('organisation_id');
         if (!$exists) {
-            $alignments = $this->table('users')
+            $this->table('users')
                 ->addColumn('organisation_id', 'integer', [
                     'default' => null,
                     'null' => true,
                     'signed' => false,
                     'length' => 10
                 ])
-                ->addIndex('org_id')
+                ->addIndex('organisation_id')
                 ->update();
         }
         $q1 = $this->getQueryBuilder();

From 716f6b114750422e2bb96c1817a44f69575897e0 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 23:24:04 +0100
Subject: [PATCH 054/150] fix: [default user creation] explicitly create UUIDs

---
 src/Model/Table/UsersTable.php | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index 1b5d09f..37a76e1 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -97,13 +97,28 @@ class UsersTable extends AppTable
         return $rules;
     }
 
+    public function test()
+    {
+        $this->Roles = TableRegistry::get('Roles');
+        $role = $this->Roles->newEntity([
+            'name' => 'admin',
+            'perm_admin' => 1,
+            'perm_org_admin' => 1,
+            'perm_sync' => 1
+        ]);
+        $this->Roles->save($role);
+    }
+
     public function checkForNewInstance(): bool
     {
         if (empty($this->find()->first())) {
             $this->Roles = TableRegistry::get('Roles');
             $role = $this->Roles->newEntity([
                 'name' => 'admin',
-                'perm_admin' => 1
+                'uuid' => Text::uuid(),
+                'perm_admin' => 1,
+                'perm_org_admin' => 1,
+                'perm_sync' => 1
             ]);
             $this->Roles->save($role);
             $this->Organisations = TableRegistry::get('Organisations');
@@ -115,12 +130,14 @@ class UsersTable extends AppTable
             $this->Individuals = TableRegistry::get('Individuals');
             $individual = $this->Individuals->newEntity([
                 'email' => 'admin@admin.test',
+                'uuid' => Text::uuid(),
                 'first_name' => 'admin',
                 'last_name' => 'admin'
             ]);
             $this->Individuals->save($individual);
             $user = $this->newEntity([
                 'username' => 'admin',
+                'uuid' => Text::uuid(),
                 'password' => 'Password1234',
                 'individual_id' => $individual->id,
                 'oganisation_id' => $organisation->id,

From c7768921fb98d9a3027b9a0eecf353c219807f9e Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 23:32:17 +0100
Subject: [PATCH 055/150] fix: [user init] explicit uuid creation removed

- added behavior wherever it was missing
---
 src/Model/Table/OrganisationsTable.php | 1 +
 src/Model/Table/UsersTable.php         | 6 +-----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/Model/Table/OrganisationsTable.php b/src/Model/Table/OrganisationsTable.php
index d4a99b9..4e77c99 100644
--- a/src/Model/Table/OrganisationsTable.php
+++ b/src/Model/Table/OrganisationsTable.php
@@ -21,6 +21,7 @@ class OrganisationsTable extends AppTable
         $this->addBehavior('Timestamp');
         $this->addBehavior('Tags.Tag');
         $this->addBehavior('AuditLog');
+        $this->addBehavior('UUID');
         $this->hasMany(
             'Alignments',
             [
diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index 37a76e1..6b92527 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -115,7 +115,6 @@ class UsersTable extends AppTable
             $this->Roles = TableRegistry::get('Roles');
             $role = $this->Roles->newEntity([
                 'name' => 'admin',
-                'uuid' => Text::uuid(),
                 'perm_admin' => 1,
                 'perm_org_admin' => 1,
                 'perm_sync' => 1
@@ -123,21 +122,18 @@ class UsersTable extends AppTable
             $this->Roles->save($role);
             $this->Organisations = TableRegistry::get('Organisations');
             $organisation = $this->Organisations->newEntity([
-                'name' => 'default_organisation',
-                'uuid' => Text::uuid()
+                'name' => 'default_organisation'
             ]);
             $this->Organisations->save($organisation);
             $this->Individuals = TableRegistry::get('Individuals');
             $individual = $this->Individuals->newEntity([
                 'email' => 'admin@admin.test',
-                'uuid' => Text::uuid(),
                 'first_name' => 'admin',
                 'last_name' => 'admin'
             ]);
             $this->Individuals->save($individual);
             $user = $this->newEntity([
                 'username' => 'admin',
-                'uuid' => Text::uuid(),
                 'password' => 'Password1234',
                 'individual_id' => $individual->id,
                 'oganisation_id' => $organisation->id,

From 94457d3b97b262e88513b4db8aedc01cc2a8c935 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 23:36:24 +0100
Subject: [PATCH 056/150] fix: [migration] userorg migration fixed

---
 config/Migrations/20211123152707_user_org.php | 23 ++++++++-----------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/config/Migrations/20211123152707_user_org.php b/config/Migrations/20211123152707_user_org.php
index f615c98..5543e98 100644
--- a/config/Migrations/20211123152707_user_org.php
+++ b/config/Migrations/20211123152707_user_org.php
@@ -1,7 +1,7 @@
 <?php
 declare(strict_types=1);
 
-use Phinx\Migration\AbstractMigration;
+use Migrations\AbstractMigration;
 
 final class UserOrg extends AbstractMigration
 {
@@ -18,18 +18,15 @@ final class UserOrg extends AbstractMigration
      */
     public function change(): void
     {
-        $exists = $this->hasTable('users');
-        if (!$exists) {
-            $alignments = $this->table('users')
-                ->addColumn('organisation_id', 'integer', [
-                    'default' => null,
-                    'null' => true,
-                    'signed' => false,
-                    'length' => 10
-                ])
-                ->addIndex('org_id')
-                ->update();
-        }
+        $alignments = $this->table('users')
+            ->addColumn('organisation_id', 'integer', [
+                'default' => null,
+                'null' => true,
+                'signed' => false,
+                'length' => 10
+            ])
+            ->addIndex('org_id')
+            ->update();
         $q1 = $this->getQueryBuilder();
         $org_id = $q1->select(['min(id)'])->from('organisations')->execute()->fetchAll()[0][0];
         if (!empty($org_id)) {

From b009191aa68f0320a174c5f5a719f6db323ee4b1 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 23:39:27 +0100
Subject: [PATCH 057/150] fix: [migrations] user org further fixes

---
 config/Migrations/20211123152707_user_org.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/Migrations/20211123152707_user_org.php b/config/Migrations/20211123152707_user_org.php
index 5543e98..0c5bc7a 100644
--- a/config/Migrations/20211123152707_user_org.php
+++ b/config/Migrations/20211123152707_user_org.php
@@ -25,7 +25,7 @@ final class UserOrg extends AbstractMigration
                 'signed' => false,
                 'length' => 10
             ])
-            ->addIndex('org_id')
+            ->addIndex('organisation_id')
             ->update();
         $q1 = $this->getQueryBuilder();
         $org_id = $q1->select(['min(id)'])->from('organisations')->execute()->fetchAll()[0][0];

From c2cefb4311021ad24b280cc2d7784cb2fca82b81 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 24 Nov 2021 23:59:34 +0100
Subject: [PATCH 058/150] fix: [user init] generation fixed

---
 src/Model/Entity/Organisation.php      | 5 -----
 src/Model/Table/OrganisationsTable.php | 6 +-----
 src/Model/Table/UsersTable.php         | 3 ++-
 3 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/src/Model/Entity/Organisation.php b/src/Model/Entity/Organisation.php
index bc78378..6766963 100644
--- a/src/Model/Entity/Organisation.php
+++ b/src/Model/Entity/Organisation.php
@@ -10,10 +10,5 @@ class Organisation extends AppModel
     protected $_accessible = [
         '*' => true,
         'id' => false,
-        'uuid' => false,
-    ];
-
-    protected $_accessibleOnNew = [
-        'uuid' => true,
     ];
 }
diff --git a/src/Model/Table/OrganisationsTable.php b/src/Model/Table/OrganisationsTable.php
index 4e77c99..c56720e 100644
--- a/src/Model/Table/OrganisationsTable.php
+++ b/src/Model/Table/OrganisationsTable.php
@@ -11,17 +11,13 @@ class OrganisationsTable extends AppTable
 {
     public $metaFields = 'organisation';
 
-    protected $_accessible = [
-        'id' => false
-    ];
-
     public function initialize(array $config): void
     {
         parent::initialize($config);
+        $this->addBehavior('UUID');
         $this->addBehavior('Timestamp');
         $this->addBehavior('Tags.Tag');
         $this->addBehavior('AuditLog');
-        $this->addBehavior('UUID');
         $this->hasMany(
             'Alignments',
             [
diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index 6b92527..2eebd8c 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -122,7 +122,8 @@ class UsersTable extends AppTable
             $this->Roles->save($role);
             $this->Organisations = TableRegistry::get('Organisations');
             $organisation = $this->Organisations->newEntity([
-                'name' => 'default_organisation'
+                'name' => 'default_organisation',
+                'uuid' => Text::uuid()
             ]);
             $this->Organisations->save($organisation);
             $this->Individuals = TableRegistry::get('Individuals');

From 033f6d7f97cefb5c7dd1aa3f1687172f90a50493 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 25 Nov 2021 00:02:16 +0100
Subject: [PATCH 059/150] fix: [typo] organisations != oganisations

---
 src/Model/Table/UsersTable.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index 2eebd8c..61f06b8 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -137,7 +137,7 @@ class UsersTable extends AppTable
                 'username' => 'admin',
                 'password' => 'Password1234',
                 'individual_id' => $individual->id,
-                'oganisation_id' => $organisation->id,
+                'organisation_id' => $organisation->id,
                 'role_id' => $role->id
             ]);
             $this->save($user);

From b981b3f942c8d12bf6b25ebe237f52b657f1e95b Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 25 Nov 2021 00:43:22 +0100
Subject: [PATCH 060/150] fix: [conflict] resolved in user_org update script

---
 config/Migrations/20211123152707_user_org.php | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/config/Migrations/20211123152707_user_org.php b/config/Migrations/20211123152707_user_org.php
index d51fd1e..47d8a5b 100644
--- a/config/Migrations/20211123152707_user_org.php
+++ b/config/Migrations/20211123152707_user_org.php
@@ -18,7 +18,6 @@ final class UserOrg extends AbstractMigration
      */
     public function change(): void
     {
-<<<<<<< HEAD
         $exists = $this->table('users')->hasColumn('organisation_id');
         if (!$exists) {
             $this->table('users')
@@ -31,17 +30,6 @@ final class UserOrg extends AbstractMigration
                 ->addIndex('organisation_id')
                 ->update();
         }
-=======
-        $alignments = $this->table('users')
-            ->addColumn('organisation_id', 'integer', [
-                'default' => null,
-                'null' => true,
-                'signed' => false,
-                'length' => 10
-            ])
-            ->addIndex('organisation_id')
-            ->update();
->>>>>>> main
         $q1 = $this->getQueryBuilder();
         $org_id = $q1->select(['min(id)'])->from('organisations')->execute()->fetchAll()[0][0];
         if (!empty($org_id)) {

From a4f6e06e7aff9bec638abf08211a81b7ba0e647d Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 25 Nov 2021 00:55:36 +0100
Subject: [PATCH 061/150] fix: [roles index] correctly allow site admins to
 modify / remove roles

---
 templates/Roles/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/Roles/index.php b/templates/Roles/index.php
index 204d1d9..e710fd6 100644
--- a/templates/Roles/index.php
+++ b/templates/Roles/index.php
@@ -79,13 +79,13 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'open_modal' => '/roles/edit/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
                 'icon' => 'edit',
-                'requirement' => !empty($loggedUser['role']['perm_site_admin'])
+                'requirement' => !empty($loggedUser['role']['perm_admin'])
             ],
             [
                 'open_modal' => '/roles/delete/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
                 'icon' => 'trash',
-                'requirement' => !empty($loggedUser['role']['perm_site_admin'])
+                'requirement' => !empty($loggedUser['role']['perm_admin'])
             ],
         ]
     ]

From cc5c750de8d01374b0540a380fb48a6e0e52dcd6 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 25 Nov 2021 00:57:31 +0100
Subject: [PATCH 062/150] chg: [audit log] change field renamed to changed

- change is a reserved keyword
- this way quoting of field names is no longer needed in the cakePHP settings
---
 .../20211124234433_audit_changed.php          | 28 +++++++++++++++++++
 src/Controller/AppController.php              |  4 +--
 src/Controller/AuditLogsController.php        |  2 +-
 .../Component/RestResponseComponent.php       |  4 +--
 src/Controller/UsersController.php            |  6 ++--
 src/Model/Behavior/AuditLogBehavior.php       |  4 +--
 src/Model/Table/AuditLogsTable.php            | 10 +++----
 templates/AuditLogs/index.php                 |  6 ++--
 8 files changed, 46 insertions(+), 18 deletions(-)
 create mode 100644 config/Migrations/20211124234433_audit_changed.php

diff --git a/config/Migrations/20211124234433_audit_changed.php b/config/Migrations/20211124234433_audit_changed.php
new file mode 100644
index 0000000..607c630
--- /dev/null
+++ b/config/Migrations/20211124234433_audit_changed.php
@@ -0,0 +1,28 @@
+<?php
+declare(strict_types=1);
+
+use Migrations\AbstractMigration;
+
+final class AuditChanged extends AbstractMigration
+{
+    /**
+     * Change Method.
+     *
+     * Write your reversible migrations using this method.
+     *
+     * More information on writing migrations is available here:
+     * https://book.cakephp.org/phinx/0/en/migrations.html#the-change-method
+     *
+     * Remember to call "create()" or "update()" and NOT "save()" when working
+     * with the Table class.
+     */
+    public function change(): void
+    {
+        $exists = $this->table('audit_logs')->hasColumn('change');
+        if ($exists) {
+            $this->table('audit_logs')
+                ->renameColumn('change', 'changed')
+                ->update();
+        }
+    }
+}
diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
index cdd85e2..7afab70 100644
--- a/src/Controller/AppController.php
+++ b/src/Controller/AppController.php
@@ -160,7 +160,7 @@ class AppController extends Controller
                     'model' => 'Users',
                     'model_id' => $user['id'],
                     'model_title' => $user['username'],
-                    'change' => []
+                    'changed' => []
                 ]);
                 if (!empty($user)) {
                     $this->Authentication->setIdentity($user);
@@ -172,7 +172,7 @@ class AppController extends Controller
                     'model' => 'Users',
                     'model_id' => $user['id'],
                     'model_title' => $user['name'],
-                    'change' => []
+                    'changed' => []
                 ]);
             }
         }
diff --git a/src/Controller/AuditLogsController.php b/src/Controller/AuditLogsController.php
index 9717416..27bee73 100644
--- a/src/Controller/AuditLogsController.php
+++ b/src/Controller/AuditLogsController.php
@@ -23,7 +23,7 @@ class AuditLogsController extends AppController
             'quickFilters' => $this->quickFilterFields,
             'afterFind' => function($data) {
                 $data['request_ip'] = inet_ntop(stream_get_contents($data['request_ip']));
-                $data['change'] = stream_get_contents($data['change']);
+                $data['changed'] = stream_get_contents($data['changed']);
                 return $data;
             }
         ]);
diff --git a/src/Controller/Component/RestResponseComponent.php b/src/Controller/Component/RestResponseComponent.php
index 4a7346f..50fb40c 100644
--- a/src/Controller/Component/RestResponseComponent.php
+++ b/src/Controller/Component/RestResponseComponent.php
@@ -718,11 +718,11 @@ class RestResponseComponent extends Component
                 'operators' => array('equal'),
                 'help' => __('A valid x509 certificate ')
             ),
-            'change' => array(
+            'changed' => array(
                 'input' => 'text',
                 'type' => 'string',
                 'operators' => array('equal'),
-                'help' => __('The text contained in the change field')
+                'help' => __('The text contained in the changed field')
             ),
             'change_pw' => array(
                 'input' => 'radio',
diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 0f81751..6331d7b 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -170,7 +170,7 @@ class UsersController extends AppController
                 'model' => 'Users',
                 'model_id' => $user['id'],
                 'model_title' => $user['name'],
-                'change' => []
+                'changed' => []
             ]);
             $target = $this->Authentication->getLoginRedirect() ?? '/instance/home';
             return $this->redirect($target);
@@ -181,7 +181,7 @@ class UsersController extends AppController
                 'model' => 'Users',
                 'model_id' => 0,
                 'model_title' => 'unknown_user',
-                'change' => []
+                'changed' => []
             ]);
             $this->Flash->error(__('Invalid username or password'));
         }
@@ -199,7 +199,7 @@ class UsersController extends AppController
                 'model' => 'Users',
                 'model_id' => $user['id'],
                 'model_title' => $user['name'],
-                'change' => []
+                'changed' => []
             ]);
             $this->Authentication->logout();
             $this->Flash->success(__('Goodbye.'));
diff --git a/src/Model/Behavior/AuditLogBehavior.php b/src/Model/Behavior/AuditLogBehavior.php
index 26d354c..55df5e8 100644
--- a/src/Model/Behavior/AuditLogBehavior.php
+++ b/src/Model/Behavior/AuditLogBehavior.php
@@ -110,7 +110,7 @@ class AuditLogBehavior extends Behavior
             'model' => $entity->getSource(),
             'model_id' => $id,
             'model_title' => $modelTitle,
-            'change' => $changedFields
+            'changed' => $changedFields
         ]);
     }
 
@@ -134,7 +134,7 @@ class AuditLogBehavior extends Behavior
             'model' => $entity->getSource(),
             'model_id' => $this->old->id,
             'model_title' => $modelTitle,
-            'change' => $this->changedFields($entity)
+            'changed' => $this->changedFields($entity)
         ]);
     }
 
diff --git a/src/Model/Table/AuditLogsTable.php b/src/Model/Table/AuditLogsTable.php
index b65b5b2..efd6339 100644
--- a/src/Model/Table/AuditLogsTable.php
+++ b/src/Model/Table/AuditLogsTable.php
@@ -91,12 +91,12 @@ class AuditLogsTable extends AppTable
             $data['model_title'] = mb_substr($data['model_title'], 0, 252) . '...';
         }
 
-        if (isset($data['change'])) {
-            $change = json_encode($data['change'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
-            if ($this->compressionEnabled && strlen($change) >= self::BROTLI_MIN_LENGTH) {
-                $change = self::BROTLI_HEADER . brotli_compress($change, 4, BROTLI_TEXT);
+        if (isset($data['changed'])) {
+            $changed = json_encode($data['changed'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+            if ($this->compressionEnabled && strlen($changed) >= self::BROTLI_MIN_LENGTH) {
+                $changed = self::BROTLI_HEADER . brotli_compress($changed, 4, BROTLI_TEXT);
             }
-            $data['change'] = $change;
+            $data['changed'] = $changed;
         }
     }
 
diff --git a/templates/AuditLogs/index.php b/templates/AuditLogs/index.php
index a121e4f..c4657cb 100644
--- a/templates/AuditLogs/index.php
+++ b/templates/AuditLogs/index.php
@@ -49,9 +49,9 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'data_path' => 'request_action',
             ],
             [
-                'name' => __('Change'),
-                'sort' => 'change',
-                'data_path' => 'change',
+                'name' => __('Changed'),
+                'sort' => 'changed',
+                'data_path' => 'changed',
                 'element' => 'json'
             ],
         ],

From 312229751bab0a58bc2e164e1116922c864bfd59 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 25 Nov 2021 11:55:51 +0100
Subject: [PATCH 063/150] fix: [keycloak] enrollment org_id issues fixed

---
 src/Model/Behavior/AuthKeycloakBehavior.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index 4b46a87..12bb3e2 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -108,7 +108,7 @@ class AuthKeycloakBehavior extends Behavior
         $role = $this->_table->Roles->find()->where($roleConditions)->first();
         $org = $this->_table->Organisations->find()->where([
             ['id' => $data['organisation_id']]
-        ]);
+        ])->first();
         $token = $this->getAdminAccessToken();
         $keyCloakUser = [
             'firstName' => $individual['first_name'],
@@ -117,7 +117,7 @@ class AuthKeycloakBehavior extends Behavior
             'email' =>  $individual['email'],
             'attributes' => [
                 'role_name' => empty($role['name']) ? Configure::read('keycloak.default_role_name') : $role['name'],
-                'org_uuid' => $orgs['uuid']
+                'org_uuid' => $org['uuid']
             ]
         ];
         $keycloakConfig = Configure::read('keycloak');

From 15d738aa775b251941ac3209a42c98499ea3ae73 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 26 Nov 2021 10:51:58 +0100
Subject: [PATCH 064/150] fix: [forms] dropdowns overriding values from request

---
 templates/element/genericElements/Form/Fields/dropdownField.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/element/genericElements/Form/Fields/dropdownField.php b/templates/element/genericElements/Form/Fields/dropdownField.php
index 46b4c81..0bfc0e5 100644
--- a/templates/element/genericElements/Form/Fields/dropdownField.php
+++ b/templates/element/genericElements/Form/Fields/dropdownField.php
@@ -2,7 +2,7 @@
     $controlParams = [
         'options' => $fieldData['options'],
         'empty' => $fieldData['empty'] ?? false,
-        'value' => $fieldData['value'] ?? [],
+        'value' => $fieldData['value'] ?? null,
         'multiple' => $fieldData['multiple'] ?? false,
         'disabled' => $fieldData['disabled'] ?? false,
         'class' => ($fieldData['class'] ?? '') . ' formDropdown form-select'

From 2eb2459936382d20f3b2fda70449e9d13cb57533 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 26 Nov 2021 10:52:44 +0100
Subject: [PATCH 065/150] fix: [forms] added missing password form field

---
 .../element/genericElements/Form/Fields/passwordField.php   | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 templates/element/genericElements/Form/Fields/passwordField.php

diff --git a/templates/element/genericElements/Form/Fields/passwordField.php b/templates/element/genericElements/Form/Fields/passwordField.php
new file mode 100644
index 0000000..6831ce6
--- /dev/null
+++ b/templates/element/genericElements/Form/Fields/passwordField.php
@@ -0,0 +1,6 @@
+<?php
+    $params['div'] = false;
+    $params['class'] .= ' form-control';
+    $params['value'] = '';
+    echo $this->FormFieldMassage->prepareFormElement($this->Form, $params, $fieldData);
+?>

From 2406e31b729d3bf000dddc26f182e80b996fc8ff Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 26 Nov 2021 10:53:24 +0100
Subject: [PATCH 066/150] fix: [user add] form fixes

---
 templates/Users/add.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/Users/add.php b/templates/Users/add.php
index f215277..a3c90a8 100644
--- a/templates/Users/add.php
+++ b/templates/Users/add.php
@@ -25,7 +25,8 @@
                     'label' => __('Password'),
                     'type' => 'password',
                     'required' => $this->request->getParam('action') === 'add' ? 'required' : false,
-                    'autocomplete' => 'new-password'
+                    'autocomplete' => 'new-password',
+                    'value' => ''
                 ],
                 [
                     'field' => 'confirm_password',

From 7fa0537cfd0577648b75092eea43131589b2485f Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Sat, 27 Nov 2021 23:51:32 +0100
Subject: [PATCH 067/150] fix: [encryption keys] only show valid options when
 creating keys as a user

---
 src/Controller/EncryptionKeysController.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php
index 78bec89..ae2a55b 100644
--- a/src/Controller/EncryptionKeysController.php
+++ b/src/Controller/EncryptionKeysController.php
@@ -50,16 +50,25 @@ class EncryptionKeysController extends AppController
     public function add()
     {
         $orgConditions = [];
+        $individualConditions = [];
         $currentUser = $this->ACL->getUser();
         $params = ['redirect' => $this->referer()];
         if (empty($currentUser['role']['perm_admin'])) {
+            $orgConditions = [
+                'id' => $currentUser['organisation_id']
+            ];
+            if (empty($currentUser['role']['perm_org_admin'])) {
+                $individualConditions = [
+                    'id' => $currentUser['individual_id']
+                ];
+            }
             $params['beforeSave'] = function($entity) {
                 if ($entity['owner_model'] === 'organisation') {
                     $entity['owner_id'] = $currentUser['organisation_id'];
                 } else {
                     if ($currentUser['role']['perm_org_admin']) {
-                        $validIndividuals = $this->Organisations->Alignments->find('list', [
-                            'fields' => ['distinct(individual_id)'],
+                        $validIndividuals = $this->Organisations->find('list', [
+                            'fields' => ['distinct(id)'],
                             'conditions' => ['organisation_id' => $currentUser['organisation_id']]
                         ]);
                         if (!in_array($entity['owner_id'], $validIndividuals)) {
@@ -86,7 +95,8 @@ class EncryptionKeysController extends AppController
                 'conditions' => $orgConditions
             ]),
             'individual' => $this->Individuals->find('list', [
-                'sort' => ['email' => 'asc']
+                'sort' => ['email' => 'asc'],
+                'conditions' => $individualConditions
             ])
         ];
         $this->set(compact('dropdownData'));

From 22be309dc253c94e2815243a34c14d8a6df97810 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Sun, 28 Nov 2021 23:42:22 +0100
Subject: [PATCH 068/150] fix: [ACL] fix wildcard controller checks failing

---
 src/Controller/Component/ACLComponent.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index cd38752..ea0378f 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -267,9 +267,19 @@ class ACLComponent extends Component
             return true;
         }
         //$this->__checkLoggedActions($user, $controller, $action);
+        if (isset($this->aclList['*'][$action])) {
+            if ($this->evaluateAccessLeaf('*', $action)) {
+                return true;
+            }
+        }
         if (!isset($this->aclList[$controller])) {
             return $this->__error(404, __('Invalid controller.'), $soft);
         }
+        return $this->evaluateAccessLeaf($controller, $action);
+    }
+
+    private function evaluateAccessLeaf(string $controller, string $action): bool
+    {
         if (isset($this->aclList[$controller][$action]) && !empty($this->aclList[$controller][$action])) {
             if (in_array('*', $this->aclList[$controller][$action])) {
                 return true;

From c7d40d42c70728defa37b26ea4c9d1c1c7728092 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 29 Nov 2021 23:37:41 +0100
Subject: [PATCH 069/150] fix: [ACL] added missing entries

---
 src/Controller/Component/ACLComponent.php | 32 +++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index ea0378f..83cd348 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -45,6 +45,9 @@ class ACLComponent extends Component
             'index' => ['*'],
             'view' => ['*']
         ],
+        'AuditLogs' => [
+            'index' => ['perm_admin']
+        ],
         'AuthKeys' => [
             'add' => ['*'],
             'delete' => ['*'],
@@ -82,19 +85,27 @@ class ACLComponent extends Component
             'add' => ['perm_admin'],
             'delete' => ['perm_admin'],
             'edit' => ['perm_admin'],
+            'filtering' => ['*'],
             'index' => ['*'],
-            'view' => ['*']
+            'tag' => ['perm_tagger'],
+            'untag' => ['perm_tagger'],
+            'view' => ['*'],
+            'viewTags' => ['*']
         ],
         'Instance' => [
             'home' => ['*'],
             'migrate' => ['perm_admin'],
             'migrationIndex' => ['perm_admin'],
             'rollback' => ['perm_admin'],
+            'saveSetting' => ['perm_admin'],
+            'searchAll' => ['*'],
+            'settings' => ['perm_admin'],
             'status' => ['*']
         ],
         'LocalTools' => [
             'action' => ['perm_admin'],
             'add' => ['perm_admin'],
+            'batchAction' => ['perm_admin'],
             'broodTools' => ['perm_admin'],
             'connectionRequest' => ['perm_admin'],
             'connectLocal' => ['perm_admin'],
@@ -123,7 +134,10 @@ class ACLComponent extends Component
             'edit' => ['perm_admin'],
             'filtering' => ['*'],
             'index' => ['*'],
-            'view' => ['*']
+            'tag' => ['perm_tagger'],
+            'untag' => ['perm_tagger'],
+            'view' => ['*'],
+            'viewTags' => ['*']
         ],
         'Outbox' => [
             'createEntry' => ['perm_admin'],
@@ -162,8 +176,22 @@ class ACLComponent extends Component
             'login' => ['*'],
             'logout' => ['*'],
             'register' => ['*'],
+            'settings' => ['*'],
             'toggle' => ['perm_org_admin'],
             'view' => ['*']
+        ],
+        'UserSettings' => [
+            'index' => ['*'],
+            'view' => ['*'],
+            'add' => ['*'],
+            'edit' => ['*'],
+            'delete' => ['*'],
+            'getSettingByName' => ['*'],
+            'setSetting' => ['*'],
+            'saveSetting' => ['*'],
+            'getBookmarks' => ['*'],
+            'saveBookmark' => ['*'],
+            'deleteBookmark' => ['*']
         ]
     );
 

From 392faa60e48205319c873a11535f343f1d938193 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 30 Nov 2021 00:00:05 +0100
Subject: [PATCH 070/150] new: [ACL] getRoleAccess endpoint added

- prints all valid URLs for the current user's role
---
 src/Controller/AppController.php          |  5 ++
 src/Controller/Component/ACLComponent.php | 70 ++++++++++++-----------
 2 files changed, 43 insertions(+), 32 deletions(-)

diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
index 7afab70..2b0102a 100644
--- a/src/Controller/AppController.php
+++ b/src/Controller/AppController.php
@@ -188,4 +188,9 @@ class AppController extends Controller
     {
         return $this->RestResponse->viewData($this->ACL->findMissingFunctionNames());
     }
+
+    public function getRoleAccess()
+    {
+        return $this->RestResponse->viewData($this->ACL->getRoleAccess());
+    }
 }
diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index 83cd348..cac1bc0 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -435,13 +435,19 @@ class ACLComponent extends Component
         return $missing;
     }
 
+    public function getRoleAccess($role = false)
+    {
+        $urls = $this->__checkRoleAccess($role);
+        return $urls;
+    }
+
     public function printRoleAccess($content = false)
     {
         $results = [];
-        $this->Role = TableRegistry::get('Role');
+        $this->Role = TableRegistry::get('Roles');
         $conditions = [];
         if (is_numeric($content)) {
-            $conditions = array('Role.id' => $content);
+            $conditions = array('id' => $content);
         }
         $roles = $this->Role->find('all', array(
             'recursive' => -1,
@@ -457,40 +463,40 @@ class ACLComponent extends Component
         return $results;
     }
 
-    private function __checkRoleAccess($role)
+    private function __checkRoleAccess($role = false)
     {
         $result = [];
-        foreach ($this->__aclList as $controller => $actions) {
-            $controllerNames = Inflector::variable($controller) == Inflector::underscore($controller) ? array(Inflector::variable($controller)) : array(Inflector::variable($controller), Inflector::underscore($controller));
-            foreach ($controllerNames as $controllerName) {
-                foreach ($actions as $action => $permissions) {
-                    if ($role['perm_site_admin']) {
-                        $result[] = DS . $controllerName . DS . $action;
-                    } elseif (in_array('*', $permissions)) {
-                        $result[] = DS . $controllerName . DS . $action . DS . '*';
-                    } elseif (isset($permissions['OR'])) {
-                        $access = false;
-                        foreach ($permissions['OR'] as $permission) {
-                            if ($role[$permission]) {
-                                $access = true;
-                            }
+        if ($role === false) {
+            $role = $this->getUser()['role'];
+        }
+        foreach ($this->aclList as $controller => $actions) {
+            foreach ($actions as $action => $permissions) {
+                if ($role['perm_admin']) {
+                    $result[] = DS . $controller . DS . $action;
+                } elseif (in_array('*', $permissions)) {
+                    $result[] = DS . $controller . DS . $action . DS . '*';
+                } elseif (isset($permissions['OR'])) {
+                    $access = false;
+                    foreach ($permissions['OR'] as $permission) {
+                        if ($role[$permission]) {
+                            $access = true;
                         }
-                        if ($access) {
-                            $result[] = DS . $controllerName . DS . $action . DS . '*';
-                        }
-                    } elseif (isset($permissions['AND'])) {
-                        $access = true;
-                        foreach ($permissions['AND'] as $permission) {
-                            if ($role[$permission]) {
-                                $access = false;
-                            }
-                        }
-                        if ($access) {
-                            $result[] = DS . $controllerName . DS . $action . DS . '*';
-                        }
-                    } elseif (isset($permissions[0]) && $role[$permissions[0]]) {
-                        $result[] = DS . $controllerName . DS . $action . DS . '*';
                     }
+                    if ($access) {
+                        $result[] = DS . $controller . DS . $action . DS . '*';
+                    }
+                } elseif (isset($permissions['AND'])) {
+                    $access = true;
+                    foreach ($permissions['AND'] as $permission) {
+                        if ($role[$permission]) {
+                            $access = false;
+                        }
+                    }
+                    if ($access) {
+                        $result[] = DS . $controller . DS . $action . DS . '*';
+                    }
+                } elseif (isset($permissions[0]) && $role[$permissions[0]]) {
+                    $result[] = DS . $controller . DS . $action . DS . '*';
                 }
             }
         }

From fbb1a52724663eda3350d5ac3484b0c314647057 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 1 Dec 2021 14:22:02 +0100
Subject: [PATCH 071/150] new: [ACL component] new functionalities

- getRoleAccess now returns either URLs or arrays
- array format allows for easy checking of controller + action pairs
---
 src/Controller/Component/ACLComponent.php | 32 +++++++++++++++--------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index cac1bc0..afa70ff 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -37,6 +37,7 @@ class ACLComponent extends Component
         '*' => [
             'checkPermission' => ['*'],
             'generateUUID' => ['*'],
+            'getRoleAccess' => ['*'],
             'queryACL' => ['perm_admin']
         ],
         'Alignments' => [
@@ -435,10 +436,9 @@ class ACLComponent extends Component
         return $missing;
     }
 
-    public function getRoleAccess($role = false)
+    public function getRoleAccess($role = false, $url_mode = true)
     {
-        $urls = $this->__checkRoleAccess($role);
-        return $urls;
+        return $this->__checkRoleAccess($role, $url_mode);
     }
 
     public function printRoleAccess($content = false)
@@ -463,18 +463,28 @@ class ACLComponent extends Component
         return $results;
     }
 
-    private function __checkRoleAccess($role = false)
+    private function __formatControllerAction(array $results, string $controller, string $action, $url_mode = true): array
     {
-        $result = [];
+        if ($url_mode) {
+            $results[] = DS . $controller . DS . $action . DS . '*';
+        } else {
+            $results[$controller][] = $action;
+        }
+        return $results;
+    }
+
+    private function __checkRoleAccess($role = false, $url_mode = true)
+    {
+        $results = [];
         if ($role === false) {
             $role = $this->getUser()['role'];
         }
         foreach ($this->aclList as $controller => $actions) {
             foreach ($actions as $action => $permissions) {
                 if ($role['perm_admin']) {
-                    $result[] = DS . $controller . DS . $action;
+                    $results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
                 } elseif (in_array('*', $permissions)) {
-                    $result[] = DS . $controller . DS . $action . DS . '*';
+                    $results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
                 } elseif (isset($permissions['OR'])) {
                     $access = false;
                     foreach ($permissions['OR'] as $permission) {
@@ -483,7 +493,7 @@ class ACLComponent extends Component
                         }
                     }
                     if ($access) {
-                        $result[] = DS . $controller . DS . $action . DS . '*';
+                        $results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
                     }
                 } elseif (isset($permissions['AND'])) {
                     $access = true;
@@ -493,14 +503,14 @@ class ACLComponent extends Component
                         }
                     }
                     if ($access) {
-                        $result[] = DS . $controller . DS . $action . DS . '*';
+                        $results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
                     }
                 } elseif (isset($permissions[0]) && $role[$permissions[0]]) {
-                    $result[] = DS . $controller . DS . $action . DS . '*';
+                    $results = $this->__formatControllerAction($results, $controller, $action, $url_mode);
                 }
             }
         }
-        return $result;
+        return $results;
     }
 
     public function getMenu()

From e408f29a0552e0f2fbda7d84e8253b941a512bc2 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 1 Dec 2021 14:23:27 +0100
Subject: [PATCH 072/150] chg: [appcontroller] minor changes

- getRoleAccess now returns array format
- moved setting of view variables behind a rest check, to avoid additional unused actions for API queries
- current user's role access matrix passed to view via "roleAccess"
---
 src/Controller/AppController.php | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
index 2b0102a..4d41bac 100644
--- a/src/Controller/AppController.php
+++ b/src/Controller/AppController.php
@@ -116,6 +116,7 @@ class AppController extends Controller
             if (!$this->ParamHandler->isRest()) {
                 $this->set('menu', $this->ACL->getMenu());
                 $this->set('loggedUser', $this->ACL->getUser());
+                $this->set('roleAccess', $this->ACL->getRoleAccess(false, false));
             }
         } else if ($this->ParamHandler->isRest()) {
             throw new MethodNotAllowedException(__('Invalid user credentials.'));
@@ -131,18 +132,20 @@ class AppController extends Controller
         }
 
         $this->ACL->checkAccess();
-        $this->set('breadcrumb', $this->Navigation->getBreadcrumb());
-        $this->set('ajax', $this->request->is('ajax'));
-        $this->request->getParam('prefix');
-        $this->set('baseurl', Configure::read('App.fullBaseUrl'));
-        if (!empty($user) && !empty($user->user_settings_by_name['ui.bsTheme']['value'])) {
-            $this->set('bsTheme', $user->user_settings_by_name['ui.bsTheme']['value']);
-        } else {
-            $this->set('bsTheme', Configure::check('ui.bsTheme') ? Configure::read('ui.bsTheme') : 'default');
-        }
+        if (!$this->ParamHandler->isRest()) {
+            $this->set('breadcrumb', $this->Navigation->getBreadcrumb());
+            $this->set('ajax', $this->request->is('ajax'));
+            $this->request->getParam('prefix');
+            $this->set('baseurl', Configure::read('App.fullBaseUrl'));
+            if (!empty($user) && !empty($user->user_settings_by_name['ui.bsTheme']['value'])) {
+                $this->set('bsTheme', $user->user_settings_by_name['ui.bsTheme']['value']);
+            } else {
+                $this->set('bsTheme', Configure::check('ui.bsTheme') ? Configure::read('ui.bsTheme') : 'default');
+            }
 
-        if ($this->modelClass == 'Tags.Tags') {
-            $this->set('metaGroup', !empty($this->isAdmin) ? 'Administration' : 'Cerebrate');
+            if ($this->modelClass == 'Tags.Tags') {
+                $this->set('metaGroup', !empty($this->isAdmin) ? 'Administration' : 'Cerebrate');
+            }
         }
     }
 
@@ -191,6 +194,6 @@ class AppController extends Controller
 
     public function getRoleAccess()
     {
-        return $this->RestResponse->viewData($this->ACL->getRoleAccess());
+        return $this->RestResponse->viewData($this->ACL->getRoleAccess(false, false));
     }
 }

From 1e31f4d1dd8cf22784421ca455b362bfe9c85314 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 1 Dec 2021 14:25:34 +0100
Subject: [PATCH 073/150] new: [ACL Helper] check access for controller /
 action pair for given user

- accesible everywhere in the UI
---
 src/View/AppView.php          |  1 +
 src/View/Helper/ACLHelper.php | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 src/View/Helper/ACLHelper.php

diff --git a/src/View/AppView.php b/src/View/AppView.php
index 7636a87..9018168 100644
--- a/src/View/AppView.php
+++ b/src/View/AppView.php
@@ -44,5 +44,6 @@ class AppView extends View
         $this->loadHelper('FormFieldMassage');
         $this->loadHelper('Paginator', ['templates' => 'cerebrate-pagination-templates']);
         $this->loadHelper('Tags.Tag');
+        $this->loadHelper('ACL');
     }
 }
diff --git a/src/View/Helper/ACLHelper.php b/src/View/Helper/ACLHelper.php
new file mode 100644
index 0000000..e563e82
--- /dev/null
+++ b/src/View/Helper/ACLHelper.php
@@ -0,0 +1,25 @@
+<?php
+namespace App\View\Helper;
+
+use Cake\View\Helper;
+
+// This helper helps determining the brightness of a colour (initially only used for the tagging) in order to decide
+// what text colour to use against the background (black or white)
+class ACLHelper extends Helper {
+
+    private $roleAccess = [];
+
+    public function checkAccess($controller, $action) {
+        if (empty($this->roleAccess)) {
+            $this->roleAccess = $this->getView()->get('roleAccess');
+        }
+        if (
+            in_array($action, $this->roleAccess['*']) ||
+            (isset($this->roleAccess[$controller]) && in_array($action, $this->roleAccess[$controller]))
+        ) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+}

From 332f374e01965cc9c44389de381f8d15866535ca Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 1 Dec 2021 14:26:20 +0100
Subject: [PATCH 074/150] chg: [sharing group index] add button now has the new
 checkaccess conditions applied

---
 templates/SharingGroups/index.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/SharingGroups/index.php b/templates/SharingGroups/index.php
index 2aae744..96315e6 100644
--- a/templates/SharingGroups/index.php
+++ b/templates/SharingGroups/index.php
@@ -10,7 +10,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
                         'data' => [
                             'type' => 'simple',
                             'text' => __('Add sharing group'),
-                            'popover_url' => '/SharingGroups/add'
+                            'popover_url' => '/SharingGroups/add',
+                            'requirement' => $this->ACL->checkAccess('SharingGroups', 'add')
                         ]
                     ]
                 ],

From 4c7dc85d0e8a67a3fe0fcff6f2a7d2ef629b7ebe Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 1 Dec 2021 15:24:08 +0100
Subject: [PATCH 075/150] fix: [encryptions] fixed adding encryption keys

---
 src/Controller/EncryptionKeysController.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php
index ae2a55b..bafe8ce 100644
--- a/src/Controller/EncryptionKeysController.php
+++ b/src/Controller/EncryptionKeysController.php
@@ -62,16 +62,18 @@ class EncryptionKeysController extends AppController
                     'id' => $currentUser['individual_id']
                 ];
             }
-            $params['beforeSave'] = function($entity) {
+            $params['beforeSave'] = function($entity) use($currentUser) {
                 if ($entity['owner_model'] === 'organisation') {
                     $entity['owner_id'] = $currentUser['organisation_id'];
                 } else {
                     if ($currentUser['role']['perm_org_admin']) {
-                        $validIndividuals = $this->Organisations->find('list', [
-                            'fields' => ['distinct(id)'],
+                        $this->loadModel('Alignments');
+                        $validIndividuals = $this->Alignments->find('list', [
+                            'keyField' => 'individual_id',
+                            'valueField' => 'id',
                             'conditions' => ['organisation_id' => $currentUser['organisation_id']]
-                        ]);
-                        if (!in_array($entity['owner_id'], $validIndividuals)) {
+                        ])->toArray();
+                        if (!isset($validIndividuals[$entity['owner_id']])) {
                             throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
                         }
                     } else {
@@ -80,6 +82,7 @@ class EncryptionKeysController extends AppController
                         }
                     }
                 }
+                return $entity;
             };
         }
         $this->CRUD->add($params);

From 5041a57e08dc8cfc41d0d680c19d5c8b1c9a1d5f Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Sat, 4 Dec 2021 23:58:42 +0100
Subject: [PATCH 076/150] fix: [sharing groups] index members column fixed

---
 templates/SharingGroups/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/SharingGroups/index.php b/templates/SharingGroups/index.php
index 96315e6..946d19a 100644
--- a/templates/SharingGroups/index.php
+++ b/templates/SharingGroups/index.php
@@ -49,7 +49,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
             ],
             [
                 'name' => __('Members'),
-                'data_path' => 'alignments',
+                'data_path' => 'sharing_group_orgs',
                 'element' =>  'count_summary',
                 'url' => '/sharingGroups/view/{{id}}',
                 'url_data_path' => 'id'

From bb3b264cfbed3e6e5b941cc276860579bbe950d7 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Sun, 5 Dec 2021 00:02:33 +0100
Subject: [PATCH 077/150] fix: [sharing group index] fixed members link

---
 templates/SharingGroups/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/SharingGroups/index.php b/templates/SharingGroups/index.php
index 946d19a..c930bed 100644
--- a/templates/SharingGroups/index.php
+++ b/templates/SharingGroups/index.php
@@ -51,7 +51,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'name' => __('Members'),
                 'data_path' => 'sharing_group_orgs',
                 'element' =>  'count_summary',
-                'url' => '/sharingGroups/view/{{id}}',
+                'url' => '/sharingGroups/view/{{url_data}}',
                 'url_data_path' => 'id'
             ]
         ],

From b9da6195386ce73c7675520eaa44c671db4f4c46 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Thu, 16 Dec 2021 11:53:12 +0100
Subject: [PATCH 078/150] chg: [themes:packages] Replaced node-sass by
 dart-sass

---
 webroot/theme/package-lock.json | 1867 ++++++-------------------------
 webroot/theme/package.json      |    7 +-
 2 files changed, 349 insertions(+), 1525 deletions(-)

diff --git a/webroot/theme/package-lock.json b/webroot/theme/package-lock.json
index c19ec32..70d2d66 100644
--- a/webroot/theme/package-lock.json
+++ b/webroot/theme/package-lock.json
@@ -1,1555 +1,378 @@
 {
   "name": "theme",
   "version": "1.0.0",
-  "lockfileVersion": 1,
+  "lockfileVersion": 2,
   "requires": true,
-  "dependencies": {
-    "@babel/code-frame": {
-      "version": "7.14.5",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.14.5.tgz",
-      "integrity": "sha512-9pzDqyc6OLDaqe+zbACgFkb6fKMNG6CObKpnYXChRsvYGyEdc7CA2BaqeOM+vOtCS5ndmJicPJhKAwYRI6UfFw==",
-      "requires": {
-        "@babel/highlight": "^7.14.5"
-      }
-    },
-    "@babel/helper-validator-identifier": {
-      "version": "7.15.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz",
-      "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w=="
-    },
-    "@babel/highlight": {
-      "version": "7.14.5",
-      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.14.5.tgz",
-      "integrity": "sha512-qf9u2WFWVV0MppaL877j2dBtQIDgmidgjGk5VIMw3OadXvYaXn66U1BFlH2t4+t3i+8PhedppRv+i40ABzd+gg==",
-      "requires": {
-        "@babel/helper-validator-identifier": "^7.14.5",
-        "chalk": "^2.0.0",
-        "js-tokens": "^4.0.0"
-      },
-      "dependencies": {
-        "ansi-styles": {
-          "version": "3.2.1",
-          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-          "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-          "requires": {
-            "color-convert": "^1.9.0"
-          }
-        },
-        "chalk": {
-          "version": "2.4.2",
-          "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-          "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-          "requires": {
-            "ansi-styles": "^3.2.1",
-            "escape-string-regexp": "^1.0.5",
-            "supports-color": "^5.3.0"
-          }
-        },
-        "supports-color": {
-          "version": "5.5.0",
-          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-          "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-          "requires": {
-            "has-flag": "^3.0.0"
-          }
-        }
-      }
-    },
-    "@types/minimist": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/@types/minimist/-/minimist-1.2.2.tgz",
-      "integrity": "sha512-jhuKLIRrhvCPLqwPcx6INqmKeiA5EWrsCOPhrlFSrbrmU4ZMPjj5Ul/oLCMDO98XRUIwVm78xICz4EPCektzeQ=="
-    },
-    "@types/normalize-package-data": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.1.tgz",
-      "integrity": "sha512-Gj7cI7z+98M282Tqmp2K5EIsoouUEzbBJhQQzDE3jSIRk6r9gsz0oUokqIUR4u1R3dMHo0pDHM7sNOHyhulypw=="
-    },
-    "abbrev": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
-      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q=="
-    },
-    "ajv": {
-      "version": "6.12.6",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
-      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
-      "requires": {
-        "fast-deep-equal": "^3.1.1",
-        "fast-json-stable-stringify": "^2.0.0",
-        "json-schema-traverse": "^0.4.1",
-        "uri-js": "^4.2.2"
-      }
-    },
-    "amdefine": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/amdefine/-/amdefine-1.0.1.tgz",
-      "integrity": "sha1-SlKCrBZHKek2Gbz9OtFR+BfOkfU="
-    },
-    "ansi-regex": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz",
-      "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8="
-    },
-    "ansi-styles": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz",
-      "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4="
-    },
-    "aproba": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/aproba/-/aproba-1.2.0.tgz",
-      "integrity": "sha512-Y9J6ZjXtoYh8RnXVCMOU/ttDmk1aBjunq9vO0ta5x85WDQiQfUF9sIPBITdbiiIVcBo03Hi3jMxigBtsddlXRw=="
-    },
-    "are-we-there-yet": {
-      "version": "1.1.7",
-      "resolved": "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-1.1.7.tgz",
-      "integrity": "sha512-nxwy40TuMiUGqMyRHgCSWZ9FM4VAoRP4xUYSTv5ImRog+h9yISPbVH7H8fASCIzYn9wlEv4zvFL7uKDMCFQm3g==",
-      "requires": {
-        "delegates": "^1.0.0",
-        "readable-stream": "^2.0.6"
-      }
-    },
-    "arrify": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz",
-      "integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0="
-    },
-    "asn1": {
-      "version": "0.2.4",
-      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
-      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
-      "requires": {
-        "safer-buffer": "~2.1.0"
-      }
-    },
-    "assert-plus": {
+  "packages": {
+    "": {
+      "name": "theme",
       "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
-    },
-    "async-foreach": {
-      "version": "0.1.3",
-      "resolved": "https://registry.npmjs.org/async-foreach/-/async-foreach-0.1.3.tgz",
-      "integrity": "sha1-NhIfhFwFeBct5Bmpfb6x0W7DRUI="
-    },
-    "asynckit": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
-      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
-    },
-    "aws-sign2": {
-      "version": "0.7.0",
-      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
-      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg="
-    },
-    "aws4": {
-      "version": "1.11.0",
-      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.11.0.tgz",
-      "integrity": "sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA=="
-    },
-    "balanced-match": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
-    },
-    "bcrypt-pbkdf": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
-      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
-      "requires": {
-        "tweetnacl": "^0.14.3"
+      "license": "ISC",
+      "dependencies": {
+        "bootstrap": "^5.1.1",
+        "sass": "^1.45.0"
       }
     },
+    "node_modules/@popperjs/core": {
+      "version": "2.11.0",
+      "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.0.tgz",
+      "integrity": "sha512-zrsUxjLOKAzdewIDRWy9nsV1GQsKBCWaGwsZQlCgr6/q+vjyZhFgqedLfFBuI9anTPEUT4APq9Mu0SZBTzIcGQ==",
+      "peer": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/popperjs"
+      }
+    },
+    "node_modules/anymatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz",
+      "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==",
+      "dependencies": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/binary-extensions": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
+      "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/bootstrap": {
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-5.1.3.tgz",
+      "integrity": "sha512-fcQztozJ8jToQWXxVuEyXWW+dSo8AiXWKwiSSrKWsRB/Qt+Ewwza+JWoLKiTuQLaEPhdNAJ7+Dosc9DOIqNy7Q==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/bootstrap"
+      },
+      "peerDependencies": {
+        "@popperjs/core": "^2.10.2"
+      }
+    },
+    "node_modules/braces": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "dependencies": {
+        "fill-range": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/chokidar": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz",
+      "integrity": "sha512-ekGhOnNVPgT77r4K/U3GDhu+FQ2S8TnK/s2KbIGXi0SZWuwkZ2QNyfWdZW+TVfn84DpEP7rLeCt2UI6bJ8GwbQ==",
+      "dependencies": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      },
+      "engines": {
+        "node": ">= 8.10.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/fill-range": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "hasInstallScript": true,
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/immutable": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/immutable/-/immutable-4.0.0.tgz",
+      "integrity": "sha512-zIE9hX70qew5qTUjSS7wi1iwj/l7+m54KWU247nhM3v806UdGj1yDndXj+IOYxxtW9zyLI+xqFNZjTuDaLUqFw=="
+    },
+    "node_modules/is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dependencies": {
+        "binary-extensions": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dependencies": {
+        "is-extglob": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "node_modules/normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/picomatch": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.0.tgz",
+      "integrity": "sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw==",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "dependencies": {
+        "picomatch": "^2.2.1"
+      },
+      "engines": {
+        "node": ">=8.10.0"
+      }
+    },
+    "node_modules/sass": {
+      "version": "1.45.0",
+      "resolved": "https://registry.npmjs.org/sass/-/sass-1.45.0.tgz",
+      "integrity": "sha512-ONy5bjppoohtNkFJRqdz1gscXamMzN3wQy1YH9qO2FiNpgjLhpz/IPRGg0PpCjyz/pWfCOaNEaiEGCcjOFAjqw==",
+      "dependencies": {
+        "chokidar": ">=3.0.0 <4.0.0",
+        "immutable": "^4.0.0",
+        "source-map-js": ">=0.6.2 <2.0.0"
+      },
+      "bin": {
+        "sass": "sass.js"
+      },
+      "engines": {
+        "node": ">=8.9.0"
+      }
+    },
+    "node_modules/source-map-js": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.1.tgz",
+      "integrity": "sha512-4+TN2b3tqOCd/kaGRJ/sTYA0tR0mdXx26ipdolxcwtJVqEnqNYvlCAt1q3ypy4QMlYus+Zh34RNtYLoq2oQ4IA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    }
+  },
+  "dependencies": {
+    "@popperjs/core": {
+      "version": "2.11.0",
+      "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.0.tgz",
+      "integrity": "sha512-zrsUxjLOKAzdewIDRWy9nsV1GQsKBCWaGwsZQlCgr6/q+vjyZhFgqedLfFBuI9anTPEUT4APq9Mu0SZBTzIcGQ==",
+      "peer": true
+    },
+    "anymatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz",
+      "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==",
+      "requires": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      }
+    },
+    "binary-extensions": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
+      "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA=="
+    },
     "bootstrap": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-5.1.1.tgz",
-      "integrity": "sha512-/jUa4sSuDZWlDLQ1gwQQR8uoYSvLJzDd8m5o6bPKh3asLAMYVZKdRCjb1joUd5WXf0WwCNzd2EjwQQhupou0dA=="
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-5.1.3.tgz",
+      "integrity": "sha512-fcQztozJ8jToQWXxVuEyXWW+dSo8AiXWKwiSSrKWsRB/Qt+Ewwza+JWoLKiTuQLaEPhdNAJ7+Dosc9DOIqNy7Q==",
+      "requires": {}
     },
-    "brace-expansion": {
-      "version": "1.1.11",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
-      "requires": {
-        "balanced-match": "^1.0.0",
-        "concat-map": "0.0.1"
-      }
-    },
-    "camelcase": {
-      "version": "5.3.1",
-      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
-      "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg=="
-    },
-    "camelcase-keys": {
-      "version": "6.2.2",
-      "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-6.2.2.tgz",
-      "integrity": "sha512-YrwaA0vEKazPBkn0ipTiMpSajYDSe+KjQfrjhcBMxJt/znbvlHd8Pw/Vamaz5EB4Wfhs3SUR3Z9mwRu/P3s3Yg==",
-      "requires": {
-        "camelcase": "^5.3.1",
-        "map-obj": "^4.0.0",
-        "quick-lru": "^4.0.1"
-      }
-    },
-    "caseless": {
-      "version": "0.12.0",
-      "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
-      "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw="
-    },
-    "chalk": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
-      "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=",
-      "requires": {
-        "ansi-styles": "^2.2.1",
-        "escape-string-regexp": "^1.0.2",
-        "has-ansi": "^2.0.0",
-        "strip-ansi": "^3.0.0",
-        "supports-color": "^2.0.0"
-      }
-    },
-    "chownr": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz",
-      "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ=="
-    },
-    "cliui": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/cliui/-/cliui-5.0.0.tgz",
-      "integrity": "sha512-PYeGSEmmHM6zvoef2w8TPzlrnNpXIjTipYK780YswmIP9vjxmd6Y2a3CB2Ks6/AU8NHjZugXvo8w3oWM2qnwXA==",
-      "requires": {
-        "string-width": "^3.1.0",
-        "strip-ansi": "^5.2.0",
-        "wrap-ansi": "^5.1.0"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "4.1.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz",
-          "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg=="
-        },
-        "is-fullwidth-code-point": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
-          "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="
-        },
-        "string-width": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
-          "integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==",
-          "requires": {
-            "emoji-regex": "^7.0.1",
-            "is-fullwidth-code-point": "^2.0.0",
-            "strip-ansi": "^5.1.0"
-          }
-        },
-        "strip-ansi": {
-          "version": "5.2.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
-          "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
-          "requires": {
-            "ansi-regex": "^4.1.0"
-          }
-        }
-      }
-    },
-    "code-point-at": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/code-point-at/-/code-point-at-1.1.0.tgz",
-      "integrity": "sha1-DQcLTQQ6W+ozovGkDi7bPZpMz3c="
-    },
-    "color-convert": {
-      "version": "1.9.3",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
-      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
-      "requires": {
-        "color-name": "1.1.3"
-      }
-    },
-    "color-name": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
-    },
-    "combined-stream": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
-      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
-      "requires": {
-        "delayed-stream": "~1.0.0"
-      }
-    },
-    "concat-map": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
-    },
-    "console-control-strings": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
-      "integrity": "sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4="
-    },
-    "core-util-is": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
-      "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="
-    },
-    "cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
-      "requires": {
-        "path-key": "^3.1.0",
-        "shebang-command": "^2.0.0",
-        "which": "^2.0.1"
-      }
-    },
-    "dashdash": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
-      "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
-      "requires": {
-        "assert-plus": "^1.0.0"
-      }
-    },
-    "decamelize": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz",
-      "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA="
-    },
-    "decamelize-keys": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/decamelize-keys/-/decamelize-keys-1.1.0.tgz",
-      "integrity": "sha1-0XGoeTMlKAfrPLYdwcFEXQeN8tk=",
-      "requires": {
-        "decamelize": "^1.1.0",
-        "map-obj": "^1.0.0"
-      },
-      "dependencies": {
-        "map-obj": {
-          "version": "1.0.1",
-          "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz",
-          "integrity": "sha1-2TPOuSBdgr3PSIb2dCvcK03qFG0="
-        }
-      }
-    },
-    "delayed-stream": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
-      "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk="
-    },
-    "delegates": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz",
-      "integrity": "sha1-hMbhWbgZBP3KWaDvRM2HDTElD5o="
-    },
-    "ecc-jsbn": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
-      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
-      "requires": {
-        "jsbn": "~0.1.0",
-        "safer-buffer": "^2.1.0"
-      }
-    },
-    "emoji-regex": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz",
-      "integrity": "sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA=="
-    },
-    "env-paths": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz",
-      "integrity": "sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A=="
-    },
-    "error-ex": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz",
-      "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==",
-      "requires": {
-        "is-arrayish": "^0.2.1"
-      }
-    },
-    "escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
-    },
-    "extend": {
+    "braces": {
       "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
-      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
-    },
-    "extsprintf": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
-      "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU="
-    },
-    "fast-deep-equal": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
-      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="
-    },
-    "fast-json-stable-stringify": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
-      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw=="
-    },
-    "find-up": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
-      "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
       "requires": {
-        "locate-path": "^5.0.0",
-        "path-exists": "^4.0.0"
+        "fill-range": "^7.0.1"
       }
     },
-    "forever-agent": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
-      "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE="
-    },
-    "form-data": {
-      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz",
-      "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==",
+    "chokidar": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.2.tgz",
+      "integrity": "sha512-ekGhOnNVPgT77r4K/U3GDhu+FQ2S8TnK/s2KbIGXi0SZWuwkZ2QNyfWdZW+TVfn84DpEP7rLeCt2UI6bJ8GwbQ==",
       "requires": {
-        "asynckit": "^0.4.0",
-        "combined-stream": "^1.0.6",
-        "mime-types": "^2.1.12"
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "fsevents": "~2.3.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
       }
     },
-    "fs-minipass": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
-      "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==",
-      "requires": {
-        "minipass": "^3.0.0"
-      }
-    },
-    "fs.realpath": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
-      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8="
-    },
-    "function-bind": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
-      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="
-    },
-    "gauge": {
-      "version": "2.7.4",
-      "resolved": "https://registry.npmjs.org/gauge/-/gauge-2.7.4.tgz",
-      "integrity": "sha1-LANAXHU4w51+s3sxcCLjJfsBi/c=",
-      "requires": {
-        "aproba": "^1.0.3",
-        "console-control-strings": "^1.0.0",
-        "has-unicode": "^2.0.0",
-        "object-assign": "^4.1.0",
-        "signal-exit": "^3.0.0",
-        "string-width": "^1.0.1",
-        "strip-ansi": "^3.0.1",
-        "wide-align": "^1.1.0"
-      }
-    },
-    "gaze": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/gaze/-/gaze-1.1.3.tgz",
-      "integrity": "sha512-BRdNm8hbWzFzWHERTrejLqwHDfS4GibPoq5wjTPIoJHoBtKGPg3xAFfxmM+9ztbXelxcf2hwQcaz1PtmFeue8g==",
-      "requires": {
-        "globule": "^1.0.0"
-      }
-    },
-    "get-caller-file": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
-      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg=="
-    },
-    "get-stdin": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz",
-      "integrity": "sha1-uWjGsKBDhDJJAui/Gl3zJXmkUP4="
-    },
-    "getpass": {
-      "version": "0.1.7",
-      "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
-      "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
-      "requires": {
-        "assert-plus": "^1.0.0"
-      }
-    },
-    "glob": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz",
-      "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==",
-      "requires": {
-        "fs.realpath": "^1.0.0",
-        "inflight": "^1.0.4",
-        "inherits": "2",
-        "minimatch": "^3.0.4",
-        "once": "^1.3.0",
-        "path-is-absolute": "^1.0.0"
-      }
-    },
-    "globule": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/globule/-/globule-1.3.3.tgz",
-      "integrity": "sha512-mb1aYtDbIjTu4ShMB85m3UzjX9BVKe9WCzsnfMSZk+K5GpIbBOexgg4PPCt5eHDEG5/ZQAUX2Kct02zfiPLsKg==",
-      "requires": {
-        "glob": "~7.1.1",
-        "lodash": "~4.17.10",
-        "minimatch": "~3.0.2"
-      },
-      "dependencies": {
-        "glob": {
-          "version": "7.1.7",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.7.tgz",
-          "integrity": "sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==",
-          "requires": {
-            "fs.realpath": "^1.0.0",
-            "inflight": "^1.0.4",
-            "inherits": "2",
-            "minimatch": "^3.0.4",
-            "once": "^1.3.0",
-            "path-is-absolute": "^1.0.0"
-          }
-        }
-      }
-    },
-    "graceful-fs": {
-      "version": "4.2.8",
-      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.8.tgz",
-      "integrity": "sha512-qkIilPUYcNhJpd33n0GBXTB1MMPp14TxEsEs0pTrsSVucApsYzW5V+Q8Qxhik6KU3evy+qkAAowTByymK0avdg=="
-    },
-    "har-schema": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
-      "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI="
-    },
-    "har-validator": {
-      "version": "5.1.5",
-      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz",
-      "integrity": "sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==",
-      "requires": {
-        "ajv": "^6.12.3",
-        "har-schema": "^2.0.0"
-      }
-    },
-    "hard-rejection": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/hard-rejection/-/hard-rejection-2.1.0.tgz",
-      "integrity": "sha512-VIZB+ibDhx7ObhAe7OVtoEbuP4h/MuOTHJ+J8h/eBXotJYl0fBgR72xDFCKgIh22OJZIOVNxBMWuhAr10r8HdA=="
-    },
-    "has": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
-      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
-      "requires": {
-        "function-bind": "^1.1.1"
-      }
-    },
-    "has-ansi": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz",
-      "integrity": "sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=",
-      "requires": {
-        "ansi-regex": "^2.0.0"
-      }
-    },
-    "has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0="
-    },
-    "has-unicode": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz",
-      "integrity": "sha1-4Ob+aijPUROIVeCG0Wkedx3iqLk="
-    },
-    "hosted-git-info": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.0.2.tgz",
-      "integrity": "sha512-c9OGXbZ3guC/xOlCg1Ci/VgWlwsqDv1yMQL1CWqXDL0hDjXuNcq0zuR4xqPSuasI3kqFDhqSyTjREz5gzq0fXg==",
-      "requires": {
-        "lru-cache": "^6.0.0"
-      }
-    },
-    "http-signature": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
-      "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=",
-      "requires": {
-        "assert-plus": "^1.0.0",
-        "jsprim": "^1.2.2",
-        "sshpk": "^1.7.0"
-      }
-    },
-    "indent-string": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz",
-      "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg=="
-    },
-    "inflight": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
-      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
-      "requires": {
-        "once": "^1.3.0",
-        "wrappy": "1"
-      }
-    },
-    "inherits": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
-    },
-    "is-arrayish": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz",
-      "integrity": "sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0="
-    },
-    "is-core-module": {
-      "version": "2.7.0",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.7.0.tgz",
-      "integrity": "sha512-ByY+tjCciCr+9nLryBYcSD50EOGWt95c7tIsKTG1J2ixKKXPvF7Ej3AVd+UfDydAJom3biBGDBALaO79ktwgEQ==",
-      "requires": {
-        "has": "^1.0.3"
-      }
-    },
-    "is-fullwidth-code-point": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz",
-      "integrity": "sha1-754xOG8DGn8NZDr4L95QxFfvAMs=",
-      "requires": {
-        "number-is-nan": "^1.0.0"
-      }
-    },
-    "is-plain-obj": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz",
-      "integrity": "sha1-caUMhCnfync8kqOQpKA7OfzVHT4="
-    },
-    "is-typedarray": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
-      "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo="
-    },
-    "isarray": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
-      "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE="
-    },
-    "isexe": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
-      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA="
-    },
-    "isstream": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
-      "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo="
-    },
-    "js-base64": {
-      "version": "2.6.4",
-      "resolved": "https://registry.npmjs.org/js-base64/-/js-base64-2.6.4.tgz",
-      "integrity": "sha512-pZe//GGmwJndub7ZghVHz7vjb2LgC1m8B07Au3eYqeqv9emhESByMXxaEgkUkEqJe87oBbSniGYoQNIBklc7IQ=="
-    },
-    "js-tokens": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
-      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ=="
-    },
-    "jsbn": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
-      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM="
-    },
-    "json-parse-even-better-errors": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz",
-      "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w=="
-    },
-    "json-schema": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz",
-      "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM="
-    },
-    "json-schema-traverse": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
-      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="
-    },
-    "json-stringify-safe": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
-      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
-    },
-    "jsprim": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz",
-      "integrity": "sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=",
-      "requires": {
-        "assert-plus": "1.0.0",
-        "extsprintf": "1.3.0",
-        "json-schema": "0.2.3",
-        "verror": "1.10.0"
-      }
-    },
-    "kind-of": {
-      "version": "6.0.3",
-      "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz",
-      "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw=="
-    },
-    "lines-and-columns": {
-      "version": "1.1.6",
-      "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.1.6.tgz",
-      "integrity": "sha1-HADHQ7QzzQpOgHWPe2SldEDZ/wA="
-    },
-    "locate-path": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
-      "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
-      "requires": {
-        "p-locate": "^4.1.0"
-      }
-    },
-    "lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
-    },
-    "lru-cache": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
-      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
-      "requires": {
-        "yallist": "^4.0.0"
-      }
-    },
-    "map-obj": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-4.3.0.tgz",
-      "integrity": "sha512-hdN1wVrZbb29eBGiGjJbeP8JbKjq1urkHJ/LIP/NY48MZ1QVXUsQBV1G1zvYFHn1XE06cwjBsOI2K3Ulnj1YXQ=="
-    },
-    "meow": {
-      "version": "9.0.0",
-      "resolved": "https://registry.npmjs.org/meow/-/meow-9.0.0.tgz",
-      "integrity": "sha512-+obSblOQmRhcyBt62furQqRAQpNyWXo8BuQ5bN7dG8wmwQ+vwHKp/rCFD4CrTP8CsDQD1sjoZ94K417XEUk8IQ==",
-      "requires": {
-        "@types/minimist": "^1.2.0",
-        "camelcase-keys": "^6.2.2",
-        "decamelize": "^1.2.0",
-        "decamelize-keys": "^1.1.0",
-        "hard-rejection": "^2.1.0",
-        "minimist-options": "4.1.0",
-        "normalize-package-data": "^3.0.0",
-        "read-pkg-up": "^7.0.1",
-        "redent": "^3.0.0",
-        "trim-newlines": "^3.0.0",
-        "type-fest": "^0.18.0",
-        "yargs-parser": "^20.2.3"
-      }
-    },
-    "mime-db": {
-      "version": "1.50.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.50.0.tgz",
-      "integrity": "sha512-9tMZCDlYHqeERXEHO9f/hKfNXhre5dK2eE/krIvUjZbS2KPcqGDfNShIWS1uW9XOTKQKqK6qbeOci18rbfW77A=="
-    },
-    "mime-types": {
-      "version": "2.1.33",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.33.tgz",
-      "integrity": "sha512-plLElXp7pRDd0bNZHw+nMd52vRYjLwQjygaNg7ddJ2uJtTlmnTCjWuPKxVu6//AdaRuME84SvLW91sIkBqGT0g==",
-      "requires": {
-        "mime-db": "1.50.0"
-      }
-    },
-    "min-indent": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz",
-      "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg=="
-    },
-    "minimatch": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
-      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
-      "requires": {
-        "brace-expansion": "^1.1.7"
-      }
-    },
-    "minimist-options": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/minimist-options/-/minimist-options-4.1.0.tgz",
-      "integrity": "sha512-Q4r8ghd80yhO/0j1O3B2BjweX3fiHg9cdOwjJd2J76Q135c+NDxGCqdYKQ1SKBuFfgWbAUzBfvYjPUEeNgqN1A==",
-      "requires": {
-        "arrify": "^1.0.1",
-        "is-plain-obj": "^1.1.0",
-        "kind-of": "^6.0.3"
-      }
-    },
-    "minipass": {
-      "version": "3.1.5",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.1.5.tgz",
-      "integrity": "sha512-+8NzxD82XQoNKNrl1d/FSi+X8wAEWR+sbYAfIvub4Nz0d22plFG72CEVVaufV8PNf4qSslFTD8VMOxNVhHCjTw==",
-      "requires": {
-        "yallist": "^4.0.0"
-      }
-    },
-    "minizlib": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz",
-      "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==",
-      "requires": {
-        "minipass": "^3.0.0",
-        "yallist": "^4.0.0"
-      }
-    },
-    "mkdirp": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
-      "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw=="
-    },
-    "nan": {
-      "version": "2.15.0",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.15.0.tgz",
-      "integrity": "sha512-8ZtvEnA2c5aYCZYd1cvgdnU6cqwixRoYg70xPLWUws5ORTa/lnw+u4amixRS/Ac5U5mQVgp9pnlSUnbNWFaWZQ=="
-    },
-    "node-gyp": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/node-gyp/-/node-gyp-7.1.2.tgz",
-      "integrity": "sha512-CbpcIo7C3eMu3dL1c3d0xw449fHIGALIJsRP4DDPHpyiW8vcriNY7ubh9TE4zEKfSxscY7PjeFnshE7h75ynjQ==",
-      "requires": {
-        "env-paths": "^2.2.0",
-        "glob": "^7.1.4",
-        "graceful-fs": "^4.2.3",
-        "nopt": "^5.0.0",
-        "npmlog": "^4.1.2",
-        "request": "^2.88.2",
-        "rimraf": "^3.0.2",
-        "semver": "^7.3.2",
-        "tar": "^6.0.2",
-        "which": "^2.0.2"
-      }
-    },
-    "node-sass": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/node-sass/-/node-sass-6.0.1.tgz",
-      "integrity": "sha512-f+Rbqt92Ful9gX0cGtdYwjTrWAaGURgaK5rZCWOgCNyGWusFYHhbqCCBoFBeat+HKETOU02AyTxNhJV0YZf2jQ==",
-      "requires": {
-        "async-foreach": "^0.1.3",
-        "chalk": "^1.1.1",
-        "cross-spawn": "^7.0.3",
-        "gaze": "^1.0.0",
-        "get-stdin": "^4.0.1",
-        "glob": "^7.0.3",
-        "lodash": "^4.17.15",
-        "meow": "^9.0.0",
-        "nan": "^2.13.2",
-        "node-gyp": "^7.1.0",
-        "npmlog": "^4.0.0",
-        "request": "^2.88.0",
-        "sass-graph": "2.2.5",
-        "stdout-stream": "^1.4.0",
-        "true-case-path": "^1.0.2"
-      }
-    },
-    "nopt": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
-      "integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
-      "requires": {
-        "abbrev": "1"
-      }
-    },
-    "normalize-package-data": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-3.0.3.tgz",
-      "integrity": "sha512-p2W1sgqij3zMMyRC067Dg16bfzVH+w7hyegmpIvZ4JNjqtGOVAIvLmjBx3yP7YTe9vKJgkoNOPjwQGogDoMXFA==",
-      "requires": {
-        "hosted-git-info": "^4.0.1",
-        "is-core-module": "^2.5.0",
-        "semver": "^7.3.4",
-        "validate-npm-package-license": "^3.0.1"
-      }
-    },
-    "npmlog": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/npmlog/-/npmlog-4.1.2.tgz",
-      "integrity": "sha512-2uUqazuKlTaSI/dC8AzicUck7+IrEaOnN/e0jd3Xtt1KcGpwx30v50mL7oPyr/h9bL3E4aZccVwpwP+5W9Vjkg==",
-      "requires": {
-        "are-we-there-yet": "~1.1.2",
-        "console-control-strings": "~1.1.0",
-        "gauge": "~2.7.3",
-        "set-blocking": "~2.0.0"
-      }
-    },
-    "number-is-nan": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/number-is-nan/-/number-is-nan-1.0.1.tgz",
-      "integrity": "sha1-CXtgK1NCKlIsGvuHkDGDNpQaAR0="
-    },
-    "oauth-sign": {
-      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
-      "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="
-    },
-    "object-assign": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
-      "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM="
-    },
-    "once": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
-      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
-      "requires": {
-        "wrappy": "1"
-      }
-    },
-    "p-limit": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
-      "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
-      "requires": {
-        "p-try": "^2.0.0"
-      }
-    },
-    "p-locate": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
-      "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
-      "requires": {
-        "p-limit": "^2.2.0"
-      }
-    },
-    "p-try": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
-      "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ=="
-    },
-    "parse-json": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz",
-      "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==",
-      "requires": {
-        "@babel/code-frame": "^7.0.0",
-        "error-ex": "^1.3.1",
-        "json-parse-even-better-errors": "^2.3.0",
-        "lines-and-columns": "^1.1.6"
-      }
-    },
-    "path-exists": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
-      "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w=="
-    },
-    "path-is-absolute": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
-      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18="
-    },
-    "path-key": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
-      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q=="
-    },
-    "path-parse": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
-      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
-    },
-    "performance-now": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
-      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns="
-    },
-    "process-nextick-args": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
-      "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
-    },
-    "psl": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz",
-      "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ=="
-    },
-    "punycode": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
-      "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="
-    },
-    "qs": {
-      "version": "6.5.2",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz",
-      "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="
-    },
-    "quick-lru": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-4.0.1.tgz",
-      "integrity": "sha512-ARhCpm70fzdcvNQfPoy49IaanKkTlRWF2JMzqhcJbhSFRZv7nPTvZJdcY7301IPmvW+/p0RgIWnQDLJxifsQ7g=="
-    },
-    "read-pkg": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz",
-      "integrity": "sha512-Ug69mNOpfvKDAc2Q8DRpMjjzdtrnv9HcSMX+4VsZxD1aZ6ZzrIE7rlzXBtWTyhULSMKg076AW6WR5iZpD0JiOg==",
-      "requires": {
-        "@types/normalize-package-data": "^2.4.0",
-        "normalize-package-data": "^2.5.0",
-        "parse-json": "^5.0.0",
-        "type-fest": "^0.6.0"
-      },
-      "dependencies": {
-        "hosted-git-info": {
-          "version": "2.8.9",
-          "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz",
-          "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw=="
-        },
-        "normalize-package-data": {
-          "version": "2.5.0",
-          "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz",
-          "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==",
-          "requires": {
-            "hosted-git-info": "^2.1.4",
-            "resolve": "^1.10.0",
-            "semver": "2 || 3 || 4 || 5",
-            "validate-npm-package-license": "^3.0.1"
-          }
-        },
-        "semver": {
-          "version": "5.7.1",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
-          "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ=="
-        },
-        "type-fest": {
-          "version": "0.6.0",
-          "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz",
-          "integrity": "sha512-q+MB8nYR1KDLrgr4G5yemftpMC7/QLqVndBmEEdqzmNj5dcFOO4Oo8qlwZE3ULT3+Zim1F8Kq4cBnikNhlCMlg=="
-        }
-      }
-    },
-    "read-pkg-up": {
+    "fill-range": {
       "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz",
-      "integrity": "sha512-zK0TB7Xd6JpCLmlLmufqykGE+/TlOePD6qKClNW7hHDKFh/J7/7gCWGR7joEQEW1bKq3a3yUZSObOoWLFQ4ohg==",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
       "requires": {
-        "find-up": "^4.1.0",
-        "read-pkg": "^5.2.0",
-        "type-fest": "^0.8.1"
-      },
-      "dependencies": {
-        "type-fest": {
-          "version": "0.8.1",
-          "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz",
-          "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA=="
-        }
+        "to-regex-range": "^5.0.1"
       }
     },
-    "readable-stream": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz",
-      "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==",
-      "requires": {
-        "core-util-is": "~1.0.0",
-        "inherits": "~2.0.3",
-        "isarray": "~1.0.0",
-        "process-nextick-args": "~2.0.0",
-        "safe-buffer": "~5.1.1",
-        "string_decoder": "~1.1.1",
-        "util-deprecate": "~1.0.1"
-      }
+    "fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "optional": true
     },
-    "redent": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz",
-      "integrity": "sha512-6tDA8g98We0zd0GvVeMT9arEOnTw9qM03L9cJXaCjrip1OO764RDBLBfrB4cwzNGDj5OA5ioymC9GkizgWJDUg==",
-      "requires": {
-        "indent-string": "^4.0.0",
-        "strip-indent": "^3.0.0"
-      }
-    },
-    "request": {
-      "version": "2.88.2",
-      "resolved": "https://registry.npmjs.org/request/-/request-2.88.2.tgz",
-      "integrity": "sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==",
-      "requires": {
-        "aws-sign2": "~0.7.0",
-        "aws4": "^1.8.0",
-        "caseless": "~0.12.0",
-        "combined-stream": "~1.0.6",
-        "extend": "~3.0.2",
-        "forever-agent": "~0.6.1",
-        "form-data": "~2.3.2",
-        "har-validator": "~5.1.3",
-        "http-signature": "~1.2.0",
-        "is-typedarray": "~1.0.0",
-        "isstream": "~0.1.2",
-        "json-stringify-safe": "~5.0.1",
-        "mime-types": "~2.1.19",
-        "oauth-sign": "~0.9.0",
-        "performance-now": "^2.1.0",
-        "qs": "~6.5.2",
-        "safe-buffer": "^5.1.2",
-        "tough-cookie": "~2.5.0",
-        "tunnel-agent": "^0.6.0",
-        "uuid": "^3.3.2"
-      }
-    },
-    "require-directory": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
-      "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I="
-    },
-    "require-main-filename": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
-      "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg=="
-    },
-    "resolve": {
-      "version": "1.20.0",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.20.0.tgz",
-      "integrity": "sha512-wENBPt4ySzg4ybFQW2TT1zMQucPK95HSh/nq2CFTZVOGut2+pQvSsgtda4d26YrYcr067wjbmzOG8byDPBX63A==",
-      "requires": {
-        "is-core-module": "^2.2.0",
-        "path-parse": "^1.0.6"
-      }
-    },
-    "rimraf": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
-      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
-      "requires": {
-        "glob": "^7.1.3"
-      }
-    },
-    "safe-buffer": {
+    "glob-parent": {
       "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
-      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
-    },
-    "safer-buffer": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
-    },
-    "sass-graph": {
-      "version": "2.2.5",
-      "resolved": "https://registry.npmjs.org/sass-graph/-/sass-graph-2.2.5.tgz",
-      "integrity": "sha512-VFWDAHOe6mRuT4mZRd4eKE+d8Uedrk6Xnh7Sh9b4NGufQLQjOrvf/MQoOdx+0s92L89FeyUUNfU597j/3uNpag==",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
       "requires": {
-        "glob": "^7.0.0",
-        "lodash": "^4.0.0",
-        "scss-tokenizer": "^0.2.3",
-        "yargs": "^13.3.2"
+        "is-glob": "^4.0.1"
       }
     },
-    "scss-tokenizer": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/scss-tokenizer/-/scss-tokenizer-0.2.3.tgz",
-      "integrity": "sha1-jrBtualyMzOCTT9VMGQRSYR85dE=",
-      "requires": {
-        "js-base64": "^2.1.8",
-        "source-map": "^0.4.2"
-      }
-    },
-    "semver": {
-      "version": "7.3.5",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
-      "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
-      "requires": {
-        "lru-cache": "^6.0.0"
-      }
-    },
-    "set-blocking": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
-      "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc="
-    },
-    "shebang-command": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
-      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
-      "requires": {
-        "shebang-regex": "^3.0.0"
-      }
-    },
-    "shebang-regex": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
-      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A=="
-    },
-    "signal-exit": {
-      "version": "3.0.5",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.5.tgz",
-      "integrity": "sha512-KWcOiKeQj6ZyXx7zq4YxSMgHRlod4czeBQZrPb8OKcohcqAXShm7E20kEMle9WBt26hFcAf0qLOcp5zmY7kOqQ=="
-    },
-    "source-map": {
-      "version": "0.4.4",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.4.4.tgz",
-      "integrity": "sha1-66T12pwNyZneaAMti092FzZSA2s=",
-      "requires": {
-        "amdefine": ">=0.0.4"
-      }
-    },
-    "spdx-correct": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.1.1.tgz",
-      "integrity": "sha512-cOYcUWwhCuHCXi49RhFRCyJEK3iPj1Ziz9DpViV3tbZOwXD49QzIN3MpOLJNxh2qwq2lJJZaKMVw9qNi4jTC0w==",
-      "requires": {
-        "spdx-expression-parse": "^3.0.0",
-        "spdx-license-ids": "^3.0.0"
-      }
-    },
-    "spdx-exceptions": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.3.0.tgz",
-      "integrity": "sha512-/tTrYOC7PPI1nUAgx34hUpqXuyJG+DTHJTnIULG4rDygi4xu/tfgmq1e1cIRwRzwZgo4NLySi+ricLkZkw4i5A=="
-    },
-    "spdx-expression-parse": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz",
-      "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==",
-      "requires": {
-        "spdx-exceptions": "^2.1.0",
-        "spdx-license-ids": "^3.0.0"
-      }
-    },
-    "spdx-license-ids": {
-      "version": "3.0.10",
-      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.10.tgz",
-      "integrity": "sha512-oie3/+gKf7QtpitB0LYLETe+k8SifzsX4KixvpOsbI6S0kRiRQ5MKOio8eMSAKQ17N06+wdEOXRiId+zOxo0hA=="
-    },
-    "sshpk": {
-      "version": "1.16.1",
-      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz",
-      "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==",
-      "requires": {
-        "asn1": "~0.2.3",
-        "assert-plus": "^1.0.0",
-        "bcrypt-pbkdf": "^1.0.0",
-        "dashdash": "^1.12.0",
-        "ecc-jsbn": "~0.1.1",
-        "getpass": "^0.1.1",
-        "jsbn": "~0.1.0",
-        "safer-buffer": "^2.0.2",
-        "tweetnacl": "~0.14.0"
-      }
-    },
-    "stdout-stream": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/stdout-stream/-/stdout-stream-1.4.1.tgz",
-      "integrity": "sha512-j4emi03KXqJWcIeF8eIXkjMFN1Cmb8gUlDYGeBALLPo5qdyTfA9bOtl8m33lRoC+vFMkP3gl0WsDr6+gzxbbTA==",
-      "requires": {
-        "readable-stream": "^2.0.1"
-      }
-    },
-    "string-width": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz",
-      "integrity": "sha1-EYvfW4zcUaKn5w0hHgfisLmxB9M=",
-      "requires": {
-        "code-point-at": "^1.0.0",
-        "is-fullwidth-code-point": "^1.0.0",
-        "strip-ansi": "^3.0.0"
-      }
-    },
-    "string_decoder": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
-      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
-      "requires": {
-        "safe-buffer": "~5.1.0"
-      }
-    },
-    "strip-ansi": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
-      "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
-      "requires": {
-        "ansi-regex": "^2.0.0"
-      }
-    },
-    "strip-indent": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz",
-      "integrity": "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==",
-      "requires": {
-        "min-indent": "^1.0.0"
-      }
-    },
-    "supports-color": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz",
-      "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc="
-    },
-    "tar": {
-      "version": "6.1.11",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-6.1.11.tgz",
-      "integrity": "sha512-an/KZQzQUkZCkuoAA64hM92X0Urb6VpRhAFllDzz44U2mcD5scmT3zBc4VgVpkugF580+DQn8eAFSyoQt0tznA==",
-      "requires": {
-        "chownr": "^2.0.0",
-        "fs-minipass": "^2.0.0",
-        "minipass": "^3.0.0",
-        "minizlib": "^2.1.1",
-        "mkdirp": "^1.0.3",
-        "yallist": "^4.0.0"
-      }
-    },
-    "tough-cookie": {
-      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz",
-      "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==",
-      "requires": {
-        "psl": "^1.1.28",
-        "punycode": "^2.1.1"
-      }
-    },
-    "trim-newlines": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-3.0.1.tgz",
-      "integrity": "sha512-c1PTsA3tYrIsLGkJkzHF+w9F2EyxfXGo4UyJc4pFL++FMjnq0HJS69T3M7d//gKrFKwy429bouPescbjecU+Zw=="
-    },
-    "true-case-path": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/true-case-path/-/true-case-path-1.0.3.tgz",
-      "integrity": "sha512-m6s2OdQe5wgpFMC+pAJ+q9djG82O2jcHPOI6RNg1yy9rCYR+WD6Nbpl32fDpfC56nirdRy+opFa/Vk7HYhqaew==",
-      "requires": {
-        "glob": "^7.1.2"
-      }
-    },
-    "tunnel-agent": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
-      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
-      "requires": {
-        "safe-buffer": "^5.0.1"
-      }
-    },
-    "tweetnacl": {
-      "version": "0.14.5",
-      "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
-      "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q="
-    },
-    "type-fest": {
-      "version": "0.18.1",
-      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.18.1.tgz",
-      "integrity": "sha512-OIAYXk8+ISY+qTOwkHtKqzAuxchoMiD9Udx+FSGQDuiRR+PJKJHc2NJAXlbhkGwTt/4/nKZxELY1w3ReWOL8mw=="
-    },
-    "uri-js": {
-      "version": "4.4.1",
-      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
-      "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
-      "requires": {
-        "punycode": "^2.1.0"
-      }
-    },
-    "util-deprecate": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
-    },
-    "uuid": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
-      "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A=="
-    },
-    "validate-npm-package-license": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz",
-      "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==",
-      "requires": {
-        "spdx-correct": "^3.0.0",
-        "spdx-expression-parse": "^3.0.0"
-      }
-    },
-    "verror": {
-      "version": "1.10.0",
-      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
-      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
-      "requires": {
-        "assert-plus": "^1.0.0",
-        "core-util-is": "1.0.2",
-        "extsprintf": "^1.2.0"
-      },
-      "dependencies": {
-        "core-util-is": {
-          "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
-          "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
-        }
-      }
-    },
-    "which": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
-      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
-      "requires": {
-        "isexe": "^2.0.0"
-      }
-    },
-    "which-module": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz",
-      "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho="
-    },
-    "wide-align": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.3.tgz",
-      "integrity": "sha512-QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA==",
-      "requires": {
-        "string-width": "^1.0.2 || 2"
-      }
-    },
-    "wrap-ansi": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-5.1.0.tgz",
-      "integrity": "sha512-QC1/iN/2/RPVJ5jYK8BGttj5z83LmSKmvbvrXPNCLZSEb32KKVDJDl/MOt2N01qU2H/FkzEa9PKto1BqDjtd7Q==",
-      "requires": {
-        "ansi-styles": "^3.2.0",
-        "string-width": "^3.0.0",
-        "strip-ansi": "^5.0.0"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "4.1.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz",
-          "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg=="
-        },
-        "ansi-styles": {
-          "version": "3.2.1",
-          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-          "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-          "requires": {
-            "color-convert": "^1.9.0"
-          }
-        },
-        "is-fullwidth-code-point": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
-          "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="
-        },
-        "string-width": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
-          "integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==",
-          "requires": {
-            "emoji-regex": "^7.0.1",
-            "is-fullwidth-code-point": "^2.0.0",
-            "strip-ansi": "^5.1.0"
-          }
-        },
-        "strip-ansi": {
-          "version": "5.2.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
-          "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
-          "requires": {
-            "ansi-regex": "^4.1.0"
-          }
-        }
-      }
-    },
-    "wrappy": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
-    },
-    "y18n": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz",
-      "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ=="
-    },
-    "yallist": {
+    "immutable": {
       "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
+      "resolved": "https://registry.npmjs.org/immutable/-/immutable-4.0.0.tgz",
+      "integrity": "sha512-zIE9hX70qew5qTUjSS7wi1iwj/l7+m54KWU247nhM3v806UdGj1yDndXj+IOYxxtW9zyLI+xqFNZjTuDaLUqFw=="
     },
-    "yargs": {
-      "version": "13.3.2",
-      "resolved": "https://registry.npmjs.org/yargs/-/yargs-13.3.2.tgz",
-      "integrity": "sha512-AX3Zw5iPruN5ie6xGRIDgqkT+ZhnRlZMLMHAs8tg7nRruy2Nb+i5o9bwghAogtM08q1dpr2LVoS8KSTMYpWXUw==",
+    "is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
       "requires": {
-        "cliui": "^5.0.0",
-        "find-up": "^3.0.0",
-        "get-caller-file": "^2.0.1",
-        "require-directory": "^2.1.1",
-        "require-main-filename": "^2.0.0",
-        "set-blocking": "^2.0.0",
-        "string-width": "^3.0.0",
-        "which-module": "^2.0.0",
-        "y18n": "^4.0.0",
-        "yargs-parser": "^13.1.2"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "4.1.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz",
-          "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg=="
-        },
-        "find-up": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/find-up/-/find-up-3.0.0.tgz",
-          "integrity": "sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==",
-          "requires": {
-            "locate-path": "^3.0.0"
-          }
-        },
-        "is-fullwidth-code-point": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
-          "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="
-        },
-        "locate-path": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz",
-          "integrity": "sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==",
-          "requires": {
-            "p-locate": "^3.0.0",
-            "path-exists": "^3.0.0"
-          }
-        },
-        "p-locate": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-3.0.0.tgz",
-          "integrity": "sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==",
-          "requires": {
-            "p-limit": "^2.0.0"
-          }
-        },
-        "path-exists": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz",
-          "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU="
-        },
-        "string-width": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
-          "integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==",
-          "requires": {
-            "emoji-regex": "^7.0.1",
-            "is-fullwidth-code-point": "^2.0.0",
-            "strip-ansi": "^5.1.0"
-          }
-        },
-        "strip-ansi": {
-          "version": "5.2.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
-          "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
-          "requires": {
-            "ansi-regex": "^4.1.0"
-          }
-        },
-        "yargs-parser": {
-          "version": "13.1.2",
-          "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz",
-          "integrity": "sha512-3lbsNRf/j+A4QuSZfDRA7HRSfWrzO0YjqTJd5kjAq37Zep1CEgaYmrH9Q3GwPiB9cHyd1Y1UwggGhJGoxipbzg==",
-          "requires": {
-            "camelcase": "^5.0.0",
-            "decamelize": "^1.2.0"
-          }
-        }
+        "binary-extensions": "^2.0.0"
       }
     },
-    "yargs-parser": {
-      "version": "20.2.9",
-      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz",
-      "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w=="
+    "is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI="
+    },
+    "is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "requires": {
+        "is-extglob": "^2.1.1"
+      }
+    },
+    "is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng=="
+    },
+    "normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="
+    },
+    "picomatch": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.0.tgz",
+      "integrity": "sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw=="
+    },
+    "readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "requires": {
+        "picomatch": "^2.2.1"
+      }
+    },
+    "sass": {
+      "version": "1.45.0",
+      "resolved": "https://registry.npmjs.org/sass/-/sass-1.45.0.tgz",
+      "integrity": "sha512-ONy5bjppoohtNkFJRqdz1gscXamMzN3wQy1YH9qO2FiNpgjLhpz/IPRGg0PpCjyz/pWfCOaNEaiEGCcjOFAjqw==",
+      "requires": {
+        "chokidar": ">=3.0.0 <4.0.0",
+        "immutable": "^4.0.0",
+        "source-map-js": ">=0.6.2 <2.0.0"
+      }
+    },
+    "source-map-js": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.1.tgz",
+      "integrity": "sha512-4+TN2b3tqOCd/kaGRJ/sTYA0tR0mdXx26ipdolxcwtJVqEnqNYvlCAt1q3ypy4QMlYus+Zh34RNtYLoq2oQ4IA=="
+    },
+    "to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "requires": {
+        "is-number": "^7.0.0"
+      }
     }
   }
 }
diff --git a/webroot/theme/package.json b/webroot/theme/package.json
index 476def3..69bfdc1 100644
--- a/webroot/theme/package.json
+++ b/webroot/theme/package.json
@@ -5,13 +5,14 @@
   "main": "index.js",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
-    "autobuild": "node-sass --watch scss -o ../css/themes",
-    "build": "node-sass scss -o ../css/themes"
+    "autobuild": "sass --no-source-map --watch scss:../css/themes",
+    "build": "sass --no-source-map scss:../css/themes",
+    "build-with-map": "sass scss:../css/themes"
   },
   "author": "",
   "license": "ISC",
   "dependencies": {
     "bootstrap": "^5.1.1",
-    "node-sass": "^6.0.1"
+    "sass": "^1.45.0"
   }
 }

From e22068ec90cce7f80570f3fd328397967a332641 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Thu, 16 Dec 2021 11:53:56 +0100
Subject: [PATCH 079/150] chg: [themes] Recompiled themes using dart-sass

---
 .../additional/bootstrap-additional.css       |  315 +-
 webroot/css/themes/theme-darkly.css           |  389 ++-
 webroot/css/themes/theme-default.css          |  389 ++-
 webroot/css/themes/theme-flatly.css           |  389 ++-
 webroot/css/themes/theme-minty.css            |  389 ++-
 webroot/css/themes/theme-quartz.css           | 1156 +++----
 webroot/css/themes/theme-slate.css            | 2698 ++++++++++-------
 webroot/css/themes/theme-vapor.css            |  386 ++-
 8 files changed, 3493 insertions(+), 2618 deletions(-)

diff --git a/webroot/css/themes/additional/bootstrap-additional.css b/webroot/css/themes/additional/bootstrap-additional.css
index 4a7c905..a0fc59f 100644
--- a/webroot/css/themes/additional/bootstrap-additional.css
+++ b/webroot/css/themes/additional/bootstrap-additional.css
@@ -1,284 +1,329 @@
 /* Callout */
 .callout {
   border: 1px solid #e9ecef;
-  border-radius: .25rem;
+  border-radius: 0.25rem;
   background-color: #fff;
-  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25); }
+  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25);
+}
 
 .callout-primary {
   border-left-color: #0d6efd;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-secondary {
   border-left-color: #6c757d;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-success {
   border-left-color: #198754;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-info {
   border-left-color: #0dcaf0;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-warning {
   border-left-color: #ffc107;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-danger {
   border-left-color: #dc3545;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-light {
   border-left-color: #f8f9fa;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-dark {
   border-left-color: #212529;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 /* Toasts */
 .toast {
-  min-width: 250px; }
+  min-width: 250px;
+}
 
 .toast-primary {
   color: #04214c;
   background-color: #b6d4fe;
-  border-color: #9ec5fe; }
-  .toast-primary strong {
-    border-top-color: #85b6fe; }
+  border-color: #9ec5fe;
+}
+.toast-primary strong {
+  border-top-color: #85b6fe;
+}
 
 .toast-secondary {
   color: #202326;
   background-color: #d3d6d8;
-  border-color: #c4c8cb; }
-  .toast-secondary strong {
-    border-top-color: #b6bbbf; }
+  border-color: #c4c8cb;
+}
+.toast-secondary strong {
+  border-top-color: #b6bbbf;
+}
 
 .toast-success {
   color: #082919;
   background-color: #badbcc;
-  border-color: #a3cfbb; }
-  .toast-success strong {
-    border-top-color: #92c6af; }
+  border-color: #a3cfbb;
+}
+.toast-success strong {
+  border-top-color: #92c6af;
+}
 
 .toast-info {
   color: #043d48;
   background-color: #b6effb;
-  border-color: #9eeaf9; }
-  .toast-info strong {
-    border-top-color: #86e5f8; }
+  border-color: #9eeaf9;
+}
+.toast-info strong {
+  border-top-color: #86e5f8;
+}
 
 .toast-warning {
   color: #4d3a02;
   background-color: #ffecb5;
-  border-color: #ffe69c; }
-  .toast-warning strong {
-    border-top-color: #ffe083; }
+  border-color: #ffe69c;
+}
+.toast-warning strong {
+  border-top-color: #ffe083;
+}
 
 .toast-danger {
   color: #421015;
   background-color: #f5c2c7;
-  border-color: #f1aeb5; }
-  .toast-danger strong {
-    border-top-color: #ed98a1; }
+  border-color: #f1aeb5;
+}
+.toast-danger strong {
+  border-top-color: #ed98a1;
+}
 
 .toast-light {
   color: #4a4b4b;
   background-color: #fdfdfe;
-  border-color: #fcfdfd; }
-  .toast-light strong {
-    border-top-color: #edf3f3; }
+  border-color: #fcfdfd;
+}
+.toast-light strong {
+  border-top-color: #edf3f3;
+}
 
 .toast-dark {
   color: #0a0b0c;
   background-color: #bcbebf;
-  border-color: #a6a8a9; }
-  .toast-dark strong {
-    border-top-color: #999b9c; }
+  border-color: #a6a8a9;
+}
+.toast-dark strong {
+  border-top-color: #999b9c;
+}
 
 /* Dropdown-item */
 .dropdown-item.dropdown-item-primary {
   color: #fff;
   text-decoration: none;
-  background-color: #0d6efd; }
-
+  background-color: #0d6efd;
+}
 .dropdown-item.dropdown-item-outline-primary:hover {
   color: #fff;
-  background-color: #0d6efd; }
-
+  background-color: #0d6efd;
+}
 .dropdown-item.dropdown-item-secondary {
   color: #fff;
   text-decoration: none;
-  background-color: #6c757d; }
-
+  background-color: #6c757d;
+}
 .dropdown-item.dropdown-item-outline-secondary:hover {
   color: #fff;
-  background-color: #6c757d; }
-
+  background-color: #6c757d;
+}
 .dropdown-item.dropdown-item-success {
   color: #fff;
   text-decoration: none;
-  background-color: #198754; }
-
+  background-color: #198754;
+}
 .dropdown-item.dropdown-item-outline-success:hover {
   color: #fff;
-  background-color: #198754; }
-
+  background-color: #198754;
+}
 .dropdown-item.dropdown-item-info {
   color: #000;
   text-decoration: none;
-  background-color: #0dcaf0; }
-
+  background-color: #0dcaf0;
+}
 .dropdown-item.dropdown-item-outline-info:hover {
   color: #000;
-  background-color: #0dcaf0; }
-
+  background-color: #0dcaf0;
+}
 .dropdown-item.dropdown-item-warning {
   color: #000;
   text-decoration: none;
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .dropdown-item.dropdown-item-outline-warning:hover {
   color: #000;
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .dropdown-item.dropdown-item-danger {
   color: #fff;
   text-decoration: none;
-  background-color: #dc3545; }
-
+  background-color: #dc3545;
+}
 .dropdown-item.dropdown-item-outline-danger:hover {
   color: #fff;
-  background-color: #dc3545; }
-
+  background-color: #dc3545;
+}
 .dropdown-item.dropdown-item-light {
   color: #000;
   text-decoration: none;
-  background-color: #f8f9fa; }
-
+  background-color: #f8f9fa;
+}
 .dropdown-item.dropdown-item-outline-light:hover {
   color: #000;
-  background-color: #f8f9fa; }
-
+  background-color: #f8f9fa;
+}
 .dropdown-item.dropdown-item-dark {
   color: #fff;
   text-decoration: none;
-  background-color: #212529; }
-
+  background-color: #212529;
+}
 .dropdown-item.dropdown-item-outline-dark:hover {
   color: #fff;
-  background-color: #212529; }
+  background-color: #212529;
+}
 
 /* Progress Timeline */
 .progress-timeline {
-  padding: 0.2em 0.2em 0.5em 0.2em; }
-  .progress-timeline ul {
-    position: relative;
-    padding: 0; }
-  .progress-timeline li {
-    list-style-type: none;
-    position: relative; }
-  .progress-timeline li.progress-inactive {
-    opacity: 0.5; }
-  .progress-timeline .progress-line {
-    height: 2px; }
-  .progress-timeline .progress-line.progress-inactive {
-    opacity: 0.5; }
+  padding: 0.2em 0.2em 0.5em 0.2em;
+}
+.progress-timeline ul {
+  position: relative;
+  padding: 0;
+}
+.progress-timeline li {
+  list-style-type: none;
+  position: relative;
+}
+.progress-timeline li.progress-inactive {
+  opacity: 0.5;
+}
+.progress-timeline .progress-line {
+  height: 2px;
+}
+.progress-timeline .progress-line.progress-inactive {
+  opacity: 0.5;
+}
 
 /* Forms severity */
 .form-control.is-invalid.info {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%230dcaf0' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%230dcaf0' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.info:focus {
-    border-color: #0dcaf0;
-    box-shadow: 0 0 0 0.25rem rgba(13, 202, 240, 0.25); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%230dcaf0' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%230dcaf0' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.info:focus {
+  border-color: #0dcaf0;
+  box-shadow: 0 0 0 0.25rem rgba(13, 202, 240, 0.25);
+}
 .form-control.is-invalid.warning {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ffc107' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.warning:focus {
-    border-color: #ffc107;
-    box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25); }
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ffc107' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.warning:focus {
+  border-color: #ffc107;
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25);
+}
 
 .form-select.is-invalid:not([multiple]):not([size]).info,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%230dcaf0'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%230dcaf0' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).info:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(13, 202, 240, 0.25); }
-
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).info:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(13, 202, 240, 0.25);
+}
 .form-select.is-invalid:not([multiple]):not([size]).warning,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23ffc107'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).warning:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).warning:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25);
+}
 
 .form-check-input.is-invalid.info {
-  border-color: #0dcaf0; }
-
+  border-color: #0dcaf0;
+}
 .form-check-input.is-invalid.info:checked {
-  background-color: #0dcaf0; }
-
+  background-color: #0dcaf0;
+}
 .form-check-input.is-invalid.info ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.info:focus {
-  box-shadow: 0 0 0 0.2rem rgba(13, 202, 240, 0.25); }
-
+  box-shadow: 0 0 0 0.2rem rgba(13, 202, 240, 0.25);
+}
 .form-check-input.is-invalid.warning {
-  border-color: #ffc107; }
-
+  border-color: #ffc107;
+}
 .form-check-input.is-invalid.warning:checked {
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .form-check-input.is-invalid.warning ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.warning:focus {
-  box-shadow: 0 0 0 0.2rem rgba(255, 193, 7, 0.25); }
+  box-shadow: 0 0 0 0.2rem rgba(255, 193, 7, 0.25);
+}
 
 /* Utilities */
 .mw-75 {
-  max-width: 75% !important; }
+  max-width: 75% !important;
+}
 
 .mw-50 {
-  max-width: 50% !important; }
+  max-width: 50% !important;
+}
 
 .mw-25 {
-  max-width: 25% !important; }
+  max-width: 25% !important;
+}
 
 .mh-75 {
-  max-height: 75% !important; }
+  max-height: 75% !important;
+}
 
 .mh-50 {
-  max-height: 50% !important; }
+  max-height: 50% !important;
+}
 
 .mh-25 {
-  max-height: 25% !important; }
+  max-height: 25% !important;
+}
 
 .p-abs-center-y {
   top: 50%;
-  transform: translateY(-50%); }
+  transform: translateY(-50%);
+}
 
 .p-abs-center-x {
   left: 50%;
-  transform: translateX(-50%); }
+  transform: translateX(-50%);
+}
 
 .p-abs-center-both {
   top: 50%;
   left: 50%;
-  transform: translateX(-50%) translateY(-50%); }
+  transform: translateX(-50%) translateY(-50%);
+}
diff --git a/webroot/css/themes/theme-darkly.css b/webroot/css/themes/theme-darkly.css
index 9c4511a..eb1924f 100644
--- a/webroot/css/themes/theme-darkly.css
+++ b/webroot/css/themes/theme-darkly.css
@@ -1,287 +1,332 @@
 /* Callout */
 .callout {
   border: 1px solid 1px solid none;
-  border-radius: .25rem;
+  border-radius: 0.25rem;
   background-color: #363636;
-  box-shadow: none; }
+  box-shadow: none;
+}
 
 .callout-primary {
   border-left-color: #375a7f;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-secondary {
   border-left-color: #444;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-success {
   border-left-color: #00bc8c;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-info {
   border-left-color: #3498db;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-warning {
   border-left-color: #f39c12;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-danger {
   border-left-color: #e74c3c;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-light {
   border-left-color: #adb5bd;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-dark {
   border-left-color: #303030;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 /* Toasts */
 .toast {
-  min-width: 250px; }
+  min-width: 250px;
+}
 
 .toast-primary {
   color: #111b26;
   background-color: #c3ced9;
-  border-color: #afbdcc; }
-  .toast-primary strong {
-    border-top-color: #9fb0c2; }
+  border-color: #afbdcc;
+}
+.toast-primary strong {
+  border-top-color: #9fb0c2;
+}
 
 .toast-secondary {
   color: #141414;
   background-color: #c7c7c7;
-  border-color: #b4b4b4; }
-  .toast-secondary strong {
-    border-top-color: #a7a7a7; }
+  border-color: #b4b4b4;
+}
+.toast-secondary strong {
+  border-top-color: #a7a7a7;
+}
 
 .toast-success {
   color: #00382a;
   background-color: #b3ebdd;
-  border-color: #99e4d1; }
-  .toast-success strong {
-    border-top-color: #85dfc8; }
+  border-color: #99e4d1;
+}
+.toast-success strong {
+  border-top-color: #85dfc8;
+}
 
 .toast-info {
   color: #102e42;
   background-color: #c2e0f4;
-  border-color: #aed6f1; }
-  .toast-info strong {
-    border-top-color: #98cbed; }
+  border-color: #aed6f1;
+}
+.toast-info strong {
+  border-top-color: #98cbed;
+}
 
 .toast-warning {
   color: #492f05;
   background-color: #fbe1b8;
-  border-color: #fad7a0; }
-  .toast-warning strong {
-    border-top-color: #f9cd88; }
+  border-color: #fad7a0;
+}
+.toast-warning strong {
+  border-top-color: #f9cd88;
+}
 
 .toast-danger {
   color: #451712;
   background-color: #f8c9c5;
-  border-color: #f5b7b1; }
-  .toast-danger strong {
-    border-top-color: #f2a29a; }
+  border-color: #f5b7b1;
+}
+.toast-danger strong {
+  border-top-color: #f2a29a;
+}
 
 .toast-light {
   color: #343639;
   background-color: #e6e9eb;
-  border-color: #dee1e5; }
-  .toast-light strong {
-    border-top-color: #d0d4da; }
+  border-color: #dee1e5;
+}
+.toast-light strong {
+  border-top-color: #d0d4da;
+}
 
 .toast-dark {
   color: #0e0e0e;
   background-color: #c1c1c1;
-  border-color: #acacac; }
-  .toast-dark strong {
-    border-top-color: #9f9f9f; }
+  border-color: #acacac;
+}
+.toast-dark strong {
+  border-top-color: #9f9f9f;
+}
 
 /* Dropdown-item */
 .dropdown-item.dropdown-item-primary {
   color: #fff;
   text-decoration: none;
-  background-color: #375a7f; }
-
+  background-color: #375a7f;
+}
 .dropdown-item.dropdown-item-outline-primary:hover {
   color: #fff;
-  background-color: #375a7f; }
-
+  background-color: #375a7f;
+}
 .dropdown-item.dropdown-item-secondary {
   color: #fff;
   text-decoration: none;
-  background-color: #444; }
-
+  background-color: #444;
+}
 .dropdown-item.dropdown-item-outline-secondary:hover {
   color: #fff;
-  background-color: #444; }
-
+  background-color: #444;
+}
 .dropdown-item.dropdown-item-success {
   color: #fff;
   text-decoration: none;
-  background-color: #00bc8c; }
-
+  background-color: #00bc8c;
+}
 .dropdown-item.dropdown-item-outline-success:hover {
   color: #fff;
-  background-color: #00bc8c; }
-
+  background-color: #00bc8c;
+}
 .dropdown-item.dropdown-item-info {
   color: #fff;
   text-decoration: none;
-  background-color: #3498db; }
-
+  background-color: #3498db;
+}
 .dropdown-item.dropdown-item-outline-info:hover {
   color: #fff;
-  background-color: #3498db; }
-
+  background-color: #3498db;
+}
 .dropdown-item.dropdown-item-warning {
   color: #fff;
   text-decoration: none;
-  background-color: #f39c12; }
-
+  background-color: #f39c12;
+}
 .dropdown-item.dropdown-item-outline-warning:hover {
   color: #fff;
-  background-color: #f39c12; }
-
+  background-color: #f39c12;
+}
 .dropdown-item.dropdown-item-danger {
   color: #fff;
   text-decoration: none;
-  background-color: #e74c3c; }
-
+  background-color: #e74c3c;
+}
 .dropdown-item.dropdown-item-outline-danger:hover {
   color: #fff;
-  background-color: #e74c3c; }
-
+  background-color: #e74c3c;
+}
 .dropdown-item.dropdown-item-light {
   color: #fff;
   text-decoration: none;
-  background-color: #adb5bd; }
-
+  background-color: #adb5bd;
+}
 .dropdown-item.dropdown-item-outline-light:hover {
   color: #fff;
-  background-color: #adb5bd; }
-
+  background-color: #adb5bd;
+}
 .dropdown-item.dropdown-item-dark {
   color: #fff;
   text-decoration: none;
-  background-color: #303030; }
-
+  background-color: #303030;
+}
 .dropdown-item.dropdown-item-outline-dark:hover {
   color: #fff;
-  background-color: #303030; }
+  background-color: #303030;
+}
 
 /* Progress Timeline */
 .progress-timeline {
-  padding: 0.2em 0.2em 0.5em 0.2em; }
-  .progress-timeline ul {
-    position: relative;
-    padding: 0; }
-  .progress-timeline li {
-    list-style-type: none;
-    position: relative; }
-  .progress-timeline li.progress-inactive {
-    opacity: 0.5; }
-  .progress-timeline .progress-line {
-    height: 2px; }
-  .progress-timeline .progress-line.progress-inactive {
-    opacity: 0.5; }
+  padding: 0.2em 0.2em 0.5em 0.2em;
+}
+.progress-timeline ul {
+  position: relative;
+  padding: 0;
+}
+.progress-timeline li {
+  list-style-type: none;
+  position: relative;
+}
+.progress-timeline li.progress-inactive {
+  opacity: 0.5;
+}
+.progress-timeline .progress-line {
+  height: 2px;
+}
+.progress-timeline .progress-line.progress-inactive {
+  opacity: 0.5;
+}
 
 /* Forms severity */
 .form-control.is-invalid.info {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%233498db' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%233498db' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.info:focus {
-    border-color: #3498db;
-    box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%233498db' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%233498db' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.info:focus {
+  border-color: #3498db;
+  box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25);
+}
 .form-control.is-invalid.warning {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23f39c12' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f39c12' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.warning:focus {
-    border-color: #f39c12;
-    box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25); }
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23f39c12' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f39c12' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.warning:focus {
+  border-color: #f39c12;
+  box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25);
+}
 
 .form-select.is-invalid:not([multiple]):not([size]).info,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%233498db'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%233498db' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).info:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25); }
-
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).info:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25);
+}
 .form-select.is-invalid:not([multiple]):not([size]).warning,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23f39c12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f39c12' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).warning:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).warning:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25);
+}
 
 .form-check-input.is-invalid.info {
-  border-color: #3498db; }
-
+  border-color: #3498db;
+}
 .form-check-input.is-invalid.info:checked {
-  background-color: #3498db; }
-
+  background-color: #3498db;
+}
 .form-check-input.is-invalid.info ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.info:focus {
-  box-shadow: 0 0 0 0.2rem rgba(52, 152, 219, 0.25); }
-
+  box-shadow: 0 0 0 0.2rem rgba(52, 152, 219, 0.25);
+}
 .form-check-input.is-invalid.warning {
-  border-color: #f39c12; }
-
+  border-color: #f39c12;
+}
 .form-check-input.is-invalid.warning:checked {
-  background-color: #f39c12; }
-
+  background-color: #f39c12;
+}
 .form-check-input.is-invalid.warning ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.warning:focus {
-  box-shadow: 0 0 0 0.2rem rgba(243, 156, 18, 0.25); }
+  box-shadow: 0 0 0 0.2rem rgba(243, 156, 18, 0.25);
+}
 
 /* Utilities */
 .mw-75 {
-  max-width: 75% !important; }
+  max-width: 75% !important;
+}
 
 .mw-50 {
-  max-width: 50% !important; }
+  max-width: 50% !important;
+}
 
 .mw-25 {
-  max-width: 25% !important; }
+  max-width: 25% !important;
+}
 
 .mh-75 {
-  max-height: 75% !important; }
+  max-height: 75% !important;
+}
 
 .mh-50 {
-  max-height: 50% !important; }
+  max-height: 50% !important;
+}
 
 .mh-25 {
-  max-height: 25% !important; }
+  max-height: 25% !important;
+}
 
 .p-abs-center-y {
   top: 50%;
-  transform: translateY(-50%); }
+  transform: translateY(-50%);
+}
 
 .p-abs-center-x {
   left: 50%;
-  transform: translateX(-50%); }
+  transform: translateX(-50%);
+}
 
 .p-abs-center-both {
   top: 50%;
   left: 50%;
-  transform: translateX(-50%) translateY(-50%); }
+  transform: translateX(-50%) translateY(-50%);
+}
 
 /* Body */
 body {
@@ -290,87 +335,111 @@ body {
   /* background by SVGBackgrounds.com */
   background-attachment: fixed;
   background-size: cover;
-  background-blend-mode: soft-light; }
+  background-blend-mode: soft-light;
+}
 
 .panel {
   background-color: #363636;
   border: 1px solid #454545;
-  box-shadow: none; }
+  box-shadow: none;
+}
 
 .loading-overlay {
   background-color: #222;
-  opacity: 0.65; }
+  opacity: 0.65;
+}
 
 /* Top navbar */
 .top-navbar {
-  background-color: #375a7f; }
+  background-color: #375a7f;
+}
 
 .center-navbar nav.header-breadcrumb {
-  color: #fff; }
+  color: #fff;
+}
 
 header.top-navbar .header-menu > a:hover,
 header.top-navbar .header-breadcrumb .header-breadcrumb-item > a:hover {
-  color: #d6d6d6 !important; }
+  color: #d6d6d6 !important;
+}
 
 .top-navbar .center-navbar nav.header-breadcrumb li.header-breadcrumb-item a {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .right-navbar .header-menu a.nav-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .left-navbar .navbar-brand img {
-  filter: invert(1); }
+  filter: invert(1);
+}
 
 .top-navbar .left-navbar .navbar-brand:hover img {
-  filter: invert(1) drop-shadow(0px 0px 3px #fff); }
+  filter: invert(1) drop-shadow(0px 0px 3px #fff);
+}
 
 .top-navbar .composed-app-icon-container > .app-icon {
-  background-color: #fff; }
+  background-color: #fff;
+}
 
 .breadcrumb-link-container {
   box-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.16), 0 2px 6px 0 rgba(0, 0, 0, 0.12);
-  background-color: #adb5bd; }
+  background-color: #adb5bd;
+}
 
 /* Sidebar */
 .sidebar {
-  transition: width .08s linear;
+  transition: width 0.08s linear;
   box-shadow: none;
-  background-color: #444; }
+  background-color: #444;
+}
 
 .sidebar ~ main.content:after {
-  background: #000; }
+  background: #000;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid none; }
+  border-right: 1px solid none;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid rgba(0, 0, 0, 0.125); }
+  border-right: 1px solid rgba(0, 0, 0, 0.125);
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.active {
   background-color: #595f64;
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.have-active-child {
   background-color: #595f64;
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link:hover {
   background-color: #60676c;
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child {
-  background-color: unset; }
+  background-color: unset;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child:hover,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child:hover {
-  background-color: #60676c; }
+  background-color: #60676c;
+}
 
 ul.sidebar-elements li > a.sidebar-link.active::after {
-  background-color: var(--cerebrate-color); }
+  background-color: var(--cerebrate-color);
+}
 
 .lock-sidebar > a.btn {
-  background-color: unset; }
+  background-color: unset;
+}
diff --git a/webroot/css/themes/theme-default.css b/webroot/css/themes/theme-default.css
index d826d86..a43c429 100644
--- a/webroot/css/themes/theme-default.css
+++ b/webroot/css/themes/theme-default.css
@@ -1,287 +1,332 @@
 /* Callout */
 .callout {
   border: 1px solid #e9ecef;
-  border-radius: .25rem;
+  border-radius: 0.25rem;
   background-color: #fff;
-  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25); }
+  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25);
+}
 
 .callout-primary {
   border-left-color: #0d6efd;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-secondary {
   border-left-color: #6c757d;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-success {
   border-left-color: #198754;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-info {
   border-left-color: #0dcaf0;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-warning {
   border-left-color: #ffc107;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-danger {
   border-left-color: #dc3545;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-light {
   border-left-color: #f8f9fa;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-dark {
   border-left-color: #212529;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 /* Toasts */
 .toast {
-  min-width: 250px; }
+  min-width: 250px;
+}
 
 .toast-primary {
   color: #04214c;
   background-color: #b6d4fe;
-  border-color: #9ec5fe; }
-  .toast-primary strong {
-    border-top-color: #85b6fe; }
+  border-color: #9ec5fe;
+}
+.toast-primary strong {
+  border-top-color: #85b6fe;
+}
 
 .toast-secondary {
   color: #202326;
   background-color: #d3d6d8;
-  border-color: #c4c8cb; }
-  .toast-secondary strong {
-    border-top-color: #b6bbbf; }
+  border-color: #c4c8cb;
+}
+.toast-secondary strong {
+  border-top-color: #b6bbbf;
+}
 
 .toast-success {
   color: #082919;
   background-color: #badbcc;
-  border-color: #a3cfbb; }
-  .toast-success strong {
-    border-top-color: #92c6af; }
+  border-color: #a3cfbb;
+}
+.toast-success strong {
+  border-top-color: #92c6af;
+}
 
 .toast-info {
   color: #043d48;
   background-color: #b6effb;
-  border-color: #9eeaf9; }
-  .toast-info strong {
-    border-top-color: #86e5f8; }
+  border-color: #9eeaf9;
+}
+.toast-info strong {
+  border-top-color: #86e5f8;
+}
 
 .toast-warning {
   color: #4d3a02;
   background-color: #ffecb5;
-  border-color: #ffe69c; }
-  .toast-warning strong {
-    border-top-color: #ffe083; }
+  border-color: #ffe69c;
+}
+.toast-warning strong {
+  border-top-color: #ffe083;
+}
 
 .toast-danger {
   color: #421015;
   background-color: #f5c2c7;
-  border-color: #f1aeb5; }
-  .toast-danger strong {
-    border-top-color: #ed98a1; }
+  border-color: #f1aeb5;
+}
+.toast-danger strong {
+  border-top-color: #ed98a1;
+}
 
 .toast-light {
   color: #4a4b4b;
   background-color: #fdfdfe;
-  border-color: #fcfdfd; }
-  .toast-light strong {
-    border-top-color: #edf3f3; }
+  border-color: #fcfdfd;
+}
+.toast-light strong {
+  border-top-color: #edf3f3;
+}
 
 .toast-dark {
   color: #0a0b0c;
   background-color: #bcbebf;
-  border-color: #a6a8a9; }
-  .toast-dark strong {
-    border-top-color: #999b9c; }
+  border-color: #a6a8a9;
+}
+.toast-dark strong {
+  border-top-color: #999b9c;
+}
 
 /* Dropdown-item */
 .dropdown-item.dropdown-item-primary {
   color: #fff;
   text-decoration: none;
-  background-color: #0d6efd; }
-
+  background-color: #0d6efd;
+}
 .dropdown-item.dropdown-item-outline-primary:hover {
   color: #fff;
-  background-color: #0d6efd; }
-
+  background-color: #0d6efd;
+}
 .dropdown-item.dropdown-item-secondary {
   color: #fff;
   text-decoration: none;
-  background-color: #6c757d; }
-
+  background-color: #6c757d;
+}
 .dropdown-item.dropdown-item-outline-secondary:hover {
   color: #fff;
-  background-color: #6c757d; }
-
+  background-color: #6c757d;
+}
 .dropdown-item.dropdown-item-success {
   color: #fff;
   text-decoration: none;
-  background-color: #198754; }
-
+  background-color: #198754;
+}
 .dropdown-item.dropdown-item-outline-success:hover {
   color: #fff;
-  background-color: #198754; }
-
+  background-color: #198754;
+}
 .dropdown-item.dropdown-item-info {
   color: #000;
   text-decoration: none;
-  background-color: #0dcaf0; }
-
+  background-color: #0dcaf0;
+}
 .dropdown-item.dropdown-item-outline-info:hover {
   color: #000;
-  background-color: #0dcaf0; }
-
+  background-color: #0dcaf0;
+}
 .dropdown-item.dropdown-item-warning {
   color: #000;
   text-decoration: none;
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .dropdown-item.dropdown-item-outline-warning:hover {
   color: #000;
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .dropdown-item.dropdown-item-danger {
   color: #fff;
   text-decoration: none;
-  background-color: #dc3545; }
-
+  background-color: #dc3545;
+}
 .dropdown-item.dropdown-item-outline-danger:hover {
   color: #fff;
-  background-color: #dc3545; }
-
+  background-color: #dc3545;
+}
 .dropdown-item.dropdown-item-light {
   color: #000;
   text-decoration: none;
-  background-color: #f8f9fa; }
-
+  background-color: #f8f9fa;
+}
 .dropdown-item.dropdown-item-outline-light:hover {
   color: #000;
-  background-color: #f8f9fa; }
-
+  background-color: #f8f9fa;
+}
 .dropdown-item.dropdown-item-dark {
   color: #fff;
   text-decoration: none;
-  background-color: #212529; }
-
+  background-color: #212529;
+}
 .dropdown-item.dropdown-item-outline-dark:hover {
   color: #fff;
-  background-color: #212529; }
+  background-color: #212529;
+}
 
 /* Progress Timeline */
 .progress-timeline {
-  padding: 0.2em 0.2em 0.5em 0.2em; }
-  .progress-timeline ul {
-    position: relative;
-    padding: 0; }
-  .progress-timeline li {
-    list-style-type: none;
-    position: relative; }
-  .progress-timeline li.progress-inactive {
-    opacity: 0.5; }
-  .progress-timeline .progress-line {
-    height: 2px; }
-  .progress-timeline .progress-line.progress-inactive {
-    opacity: 0.5; }
+  padding: 0.2em 0.2em 0.5em 0.2em;
+}
+.progress-timeline ul {
+  position: relative;
+  padding: 0;
+}
+.progress-timeline li {
+  list-style-type: none;
+  position: relative;
+}
+.progress-timeline li.progress-inactive {
+  opacity: 0.5;
+}
+.progress-timeline .progress-line {
+  height: 2px;
+}
+.progress-timeline .progress-line.progress-inactive {
+  opacity: 0.5;
+}
 
 /* Forms severity */
 .form-control.is-invalid.info {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%230dcaf0' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%230dcaf0' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.info:focus {
-    border-color: #0dcaf0;
-    box-shadow: 0 0 0 0.25rem rgba(13, 202, 240, 0.25); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%230dcaf0' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%230dcaf0' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.info:focus {
+  border-color: #0dcaf0;
+  box-shadow: 0 0 0 0.25rem rgba(13, 202, 240, 0.25);
+}
 .form-control.is-invalid.warning {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ffc107' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.warning:focus {
-    border-color: #ffc107;
-    box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25); }
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ffc107' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.warning:focus {
+  border-color: #ffc107;
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25);
+}
 
 .form-select.is-invalid:not([multiple]):not([size]).info,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%230dcaf0'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%230dcaf0' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).info:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(13, 202, 240, 0.25); }
-
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).info:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(13, 202, 240, 0.25);
+}
 .form-select.is-invalid:not([multiple]):not([size]).warning,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23ffc107'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).warning:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).warning:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25);
+}
 
 .form-check-input.is-invalid.info {
-  border-color: #0dcaf0; }
-
+  border-color: #0dcaf0;
+}
 .form-check-input.is-invalid.info:checked {
-  background-color: #0dcaf0; }
-
+  background-color: #0dcaf0;
+}
 .form-check-input.is-invalid.info ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.info:focus {
-  box-shadow: 0 0 0 0.2rem rgba(13, 202, 240, 0.25); }
-
+  box-shadow: 0 0 0 0.2rem rgba(13, 202, 240, 0.25);
+}
 .form-check-input.is-invalid.warning {
-  border-color: #ffc107; }
-
+  border-color: #ffc107;
+}
 .form-check-input.is-invalid.warning:checked {
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .form-check-input.is-invalid.warning ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.warning:focus {
-  box-shadow: 0 0 0 0.2rem rgba(255, 193, 7, 0.25); }
+  box-shadow: 0 0 0 0.2rem rgba(255, 193, 7, 0.25);
+}
 
 /* Utilities */
 .mw-75 {
-  max-width: 75% !important; }
+  max-width: 75% !important;
+}
 
 .mw-50 {
-  max-width: 50% !important; }
+  max-width: 50% !important;
+}
 
 .mw-25 {
-  max-width: 25% !important; }
+  max-width: 25% !important;
+}
 
 .mh-75 {
-  max-height: 75% !important; }
+  max-height: 75% !important;
+}
 
 .mh-50 {
-  max-height: 50% !important; }
+  max-height: 50% !important;
+}
 
 .mh-25 {
-  max-height: 25% !important; }
+  max-height: 25% !important;
+}
 
 .p-abs-center-y {
   top: 50%;
-  transform: translateY(-50%); }
+  transform: translateY(-50%);
+}
 
 .p-abs-center-x {
   left: 50%;
-  transform: translateX(-50%); }
+  transform: translateX(-50%);
+}
 
 .p-abs-center-both {
   top: 50%;
   left: 50%;
-  transform: translateX(-50%) translateY(-50%); }
+  transform: translateX(-50%) translateY(-50%);
+}
 
 /* Body */
 body {
@@ -290,87 +335,111 @@ body {
   /* background by SVGBackgrounds.com */
   background-attachment: fixed;
   background-size: cover;
-  background-blend-mode: normal; }
+  background-blend-mode: normal;
+}
 
 .panel {
   background-color: #fff;
   border: none;
-  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25); }
+  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25);
+}
 
 .loading-overlay {
   background-color: #f8f9fa;
-  opacity: 0.75; }
+  opacity: 0.75;
+}
 
 /* Top navbar */
 .top-navbar {
-  background-color: #212529; }
+  background-color: #212529;
+}
 
 .center-navbar nav.header-breadcrumb {
-  color: #fff; }
+  color: #fff;
+}
 
 header.top-navbar .header-menu > a:hover,
 header.top-navbar .header-breadcrumb .header-breadcrumb-item > a:hover {
-  color: #d6d6d6 !important; }
+  color: #d6d6d6 !important;
+}
 
 .top-navbar .center-navbar nav.header-breadcrumb li.header-breadcrumb-item a {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .right-navbar .header-menu a.nav-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .left-navbar .navbar-brand img {
-  filter: invert(1); }
+  filter: invert(1);
+}
 
 .top-navbar .left-navbar .navbar-brand:hover img {
-  filter: invert(1) drop-shadow(0px 0px 3px #fff); }
+  filter: invert(1) drop-shadow(0px 0px 3px #fff);
+}
 
 .top-navbar .composed-app-icon-container > .app-icon {
-  background-color: #fff; }
+  background-color: #fff;
+}
 
 .breadcrumb-link-container {
   box-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.16), 0 2px 6px 0 rgba(0, 0, 0, 0.12);
-  background-color: #f8f9fa; }
+  background-color: #f8f9fa;
+}
 
 /* Sidebar */
 .sidebar {
-  transition: width .08s linear;
+  transition: width 0.08s linear;
   box-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.16), 0 2px 6px 0 rgba(0, 0, 0, 0.12);
-  background-color: #f8f9fa; }
+  background-color: #f8f9fa;
+}
 
 .sidebar ~ main.content:after {
-  background: #000; }
+  background: #000;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid #ddd; }
+  border-right: 1px solid #ddd;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid rgba(0, 0, 0, 0.125); }
+  border-right: 1px solid rgba(0, 0, 0, 0.125);
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link {
-  color: #000; }
+  color: #000;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.active {
   background-color: #dbdbdb;
-  color: #000; }
+  color: #000;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.have-active-child {
   background-color: #dbdbdb;
-  color: #000; }
+  color: #000;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link:hover {
   background-color: #ebebeb;
-  color: #000; }
+  color: #000;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child {
-  background-color: unset; }
+  background-color: unset;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child:hover,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child:hover {
-  background-color: #ebebeb; }
+  background-color: #ebebeb;
+}
 
 ul.sidebar-elements li > a.sidebar-link.active::after {
-  background-color: var(--cerebrate-color); }
+  background-color: var(--cerebrate-color);
+}
 
 .lock-sidebar > a.btn {
-  background-color: #f8f9fa; }
+  background-color: #f8f9fa;
+}
diff --git a/webroot/css/themes/theme-flatly.css b/webroot/css/themes/theme-flatly.css
index c94d649..50fbfd9 100644
--- a/webroot/css/themes/theme-flatly.css
+++ b/webroot/css/themes/theme-flatly.css
@@ -1,287 +1,332 @@
 /* Callout */
 .callout {
   border: 1px solid #ecf0f1;
-  border-radius: .25rem;
+  border-radius: 0.25rem;
   background-color: #fff;
-  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25); }
+  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25);
+}
 
 .callout-primary {
   border-left-color: #2c3e50;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-secondary {
   border-left-color: #95a5a6;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-success {
   border-left-color: #18bc9c;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-info {
   border-left-color: #3498db;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-warning {
   border-left-color: #f39c12;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-danger {
   border-left-color: #e74c3c;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-light {
   border-left-color: #ecf0f1;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-dark {
   border-left-color: #7b8a8b;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 /* Toasts */
 .toast {
-  min-width: 250px; }
+  min-width: 250px;
+}
 
 .toast-primary {
   color: #0d1318;
   background-color: #c0c5cb;
-  border-color: #abb2b9; }
-  .toast-primary strong {
-    border-top-color: #9da5ad; }
+  border-color: #abb2b9;
+}
+.toast-primary strong {
+  border-top-color: #9da5ad;
+}
 
 .toast-secondary {
   color: #2d3232;
   background-color: #dfe4e4;
-  border-color: #d5dbdb; }
-  .toast-secondary strong {
-    border-top-color: #c7cfcf; }
+  border-color: #d5dbdb;
+}
+.toast-secondary strong {
+  border-top-color: #c7cfcf;
+}
 
 .toast-success {
   color: #07382f;
   background-color: #baebe1;
-  border-color: #a3e4d7; }
-  .toast-success strong {
-    border-top-color: #8fdece; }
+  border-color: #a3e4d7;
+}
+.toast-success strong {
+  border-top-color: #8fdece;
+}
 
 .toast-info {
   color: #102e42;
   background-color: #c2e0f4;
-  border-color: #aed6f1; }
-  .toast-info strong {
-    border-top-color: #98cbed; }
+  border-color: #aed6f1;
+}
+.toast-info strong {
+  border-top-color: #98cbed;
+}
 
 .toast-warning {
   color: #492f05;
   background-color: #fbe1b8;
-  border-color: #fad7a0; }
-  .toast-warning strong {
-    border-top-color: #f9cd88; }
+  border-color: #fad7a0;
+}
+.toast-warning strong {
+  border-top-color: #f9cd88;
+}
 
 .toast-danger {
   color: #451712;
   background-color: #f8c9c5;
-  border-color: #f5b7b1; }
-  .toast-danger strong {
-    border-top-color: #f2a29a; }
+  border-color: #f5b7b1;
+}
+.toast-danger strong {
+  border-top-color: #f2a29a;
+}
 
 .toast-light {
   color: #474848;
   background-color: #f9fbfb;
-  border-color: #f7f9f9; }
-  .toast-light strong {
-    border-top-color: #e8eeee; }
+  border-color: #f7f9f9;
+}
+.toast-light strong {
+  border-top-color: #e8eeee;
+}
 
 .toast-dark {
   color: #25292a;
   background-color: #d7dcdc;
-  border-color: #cad0d1; }
-  .toast-dark strong {
-    border-top-color: #bcc4c5; }
+  border-color: #cad0d1;
+}
+.toast-dark strong {
+  border-top-color: #bcc4c5;
+}
 
 /* Dropdown-item */
 .dropdown-item.dropdown-item-primary {
   color: #fff;
   text-decoration: none;
-  background-color: #2c3e50; }
-
+  background-color: #2c3e50;
+}
 .dropdown-item.dropdown-item-outline-primary:hover {
   color: #fff;
-  background-color: #2c3e50; }
-
+  background-color: #2c3e50;
+}
 .dropdown-item.dropdown-item-secondary {
   color: #fff;
   text-decoration: none;
-  background-color: #95a5a6; }
-
+  background-color: #95a5a6;
+}
 .dropdown-item.dropdown-item-outline-secondary:hover {
   color: #fff;
-  background-color: #95a5a6; }
-
+  background-color: #95a5a6;
+}
 .dropdown-item.dropdown-item-success {
   color: #fff;
   text-decoration: none;
-  background-color: #18bc9c; }
-
+  background-color: #18bc9c;
+}
 .dropdown-item.dropdown-item-outline-success:hover {
   color: #fff;
-  background-color: #18bc9c; }
-
+  background-color: #18bc9c;
+}
 .dropdown-item.dropdown-item-info {
   color: #fff;
   text-decoration: none;
-  background-color: #3498db; }
-
+  background-color: #3498db;
+}
 .dropdown-item.dropdown-item-outline-info:hover {
   color: #fff;
-  background-color: #3498db; }
-
+  background-color: #3498db;
+}
 .dropdown-item.dropdown-item-warning {
   color: #fff;
   text-decoration: none;
-  background-color: #f39c12; }
-
+  background-color: #f39c12;
+}
 .dropdown-item.dropdown-item-outline-warning:hover {
   color: #fff;
-  background-color: #f39c12; }
-
+  background-color: #f39c12;
+}
 .dropdown-item.dropdown-item-danger {
   color: #fff;
   text-decoration: none;
-  background-color: #e74c3c; }
-
+  background-color: #e74c3c;
+}
 .dropdown-item.dropdown-item-outline-danger:hover {
   color: #fff;
-  background-color: #e74c3c; }
-
+  background-color: #e74c3c;
+}
 .dropdown-item.dropdown-item-light {
   color: #000;
   text-decoration: none;
-  background-color: #ecf0f1; }
-
+  background-color: #ecf0f1;
+}
 .dropdown-item.dropdown-item-outline-light:hover {
   color: #000;
-  background-color: #ecf0f1; }
-
+  background-color: #ecf0f1;
+}
 .dropdown-item.dropdown-item-dark {
   color: #fff;
   text-decoration: none;
-  background-color: #7b8a8b; }
-
+  background-color: #7b8a8b;
+}
 .dropdown-item.dropdown-item-outline-dark:hover {
   color: #fff;
-  background-color: #7b8a8b; }
+  background-color: #7b8a8b;
+}
 
 /* Progress Timeline */
 .progress-timeline {
-  padding: 0.2em 0.2em 0.5em 0.2em; }
-  .progress-timeline ul {
-    position: relative;
-    padding: 0; }
-  .progress-timeline li {
-    list-style-type: none;
-    position: relative; }
-  .progress-timeline li.progress-inactive {
-    opacity: 0.5; }
-  .progress-timeline .progress-line {
-    height: 2px; }
-  .progress-timeline .progress-line.progress-inactive {
-    opacity: 0.5; }
+  padding: 0.2em 0.2em 0.5em 0.2em;
+}
+.progress-timeline ul {
+  position: relative;
+  padding: 0;
+}
+.progress-timeline li {
+  list-style-type: none;
+  position: relative;
+}
+.progress-timeline li.progress-inactive {
+  opacity: 0.5;
+}
+.progress-timeline .progress-line {
+  height: 2px;
+}
+.progress-timeline .progress-line.progress-inactive {
+  opacity: 0.5;
+}
 
 /* Forms severity */
 .form-control.is-invalid.info {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%233498db' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%233498db' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.info:focus {
-    border-color: #3498db;
-    box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%233498db' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%233498db' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.info:focus {
+  border-color: #3498db;
+  box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25);
+}
 .form-control.is-invalid.warning {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23f39c12' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f39c12' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.warning:focus {
-    border-color: #f39c12;
-    box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25); }
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23f39c12' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f39c12' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.warning:focus {
+  border-color: #f39c12;
+  box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25);
+}
 
 .form-select.is-invalid:not([multiple]):not([size]).info,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%233498db'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%233498db' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).info:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25); }
-
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).info:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25);
+}
 .form-select.is-invalid:not([multiple]):not([size]).warning,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23f39c12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f39c12' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).warning:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).warning:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25);
+}
 
 .form-check-input.is-invalid.info {
-  border-color: #3498db; }
-
+  border-color: #3498db;
+}
 .form-check-input.is-invalid.info:checked {
-  background-color: #3498db; }
-
+  background-color: #3498db;
+}
 .form-check-input.is-invalid.info ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.info:focus {
-  box-shadow: 0 0 0 0.2rem rgba(52, 152, 219, 0.25); }
-
+  box-shadow: 0 0 0 0.2rem rgba(52, 152, 219, 0.25);
+}
 .form-check-input.is-invalid.warning {
-  border-color: #f39c12; }
-
+  border-color: #f39c12;
+}
 .form-check-input.is-invalid.warning:checked {
-  background-color: #f39c12; }
-
+  background-color: #f39c12;
+}
 .form-check-input.is-invalid.warning ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.warning:focus {
-  box-shadow: 0 0 0 0.2rem rgba(243, 156, 18, 0.25); }
+  box-shadow: 0 0 0 0.2rem rgba(243, 156, 18, 0.25);
+}
 
 /* Utilities */
 .mw-75 {
-  max-width: 75% !important; }
+  max-width: 75% !important;
+}
 
 .mw-50 {
-  max-width: 50% !important; }
+  max-width: 50% !important;
+}
 
 .mw-25 {
-  max-width: 25% !important; }
+  max-width: 25% !important;
+}
 
 .mh-75 {
-  max-height: 75% !important; }
+  max-height: 75% !important;
+}
 
 .mh-50 {
-  max-height: 50% !important; }
+  max-height: 50% !important;
+}
 
 .mh-25 {
-  max-height: 25% !important; }
+  max-height: 25% !important;
+}
 
 .p-abs-center-y {
   top: 50%;
-  transform: translateY(-50%); }
+  transform: translateY(-50%);
+}
 
 .p-abs-center-x {
   left: 50%;
-  transform: translateX(-50%); }
+  transform: translateX(-50%);
+}
 
 .p-abs-center-both {
   top: 50%;
   left: 50%;
-  transform: translateX(-50%) translateY(-50%); }
+  transform: translateX(-50%) translateY(-50%);
+}
 
 /* Body */
 body {
@@ -290,87 +335,111 @@ body {
   /* background by SVGBackgrounds.com */
   background-attachment: fixed;
   background-size: cover;
-  background-blend-mode: normal; }
+  background-blend-mode: normal;
+}
 
 .panel {
   background-color: #fff;
   border: none;
-  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25); }
+  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25);
+}
 
 .loading-overlay {
   background-color: #ecf0f1;
-  opacity: 0.75; }
+  opacity: 0.75;
+}
 
 /* Top navbar */
 .top-navbar {
-  background-color: #2c3e50; }
+  background-color: #2c3e50;
+}
 
 .center-navbar nav.header-breadcrumb {
-  color: #fff; }
+  color: #fff;
+}
 
 header.top-navbar .header-menu > a:hover,
 header.top-navbar .header-breadcrumb .header-breadcrumb-item > a:hover {
-  color: #d6d6d6 !important; }
+  color: #d6d6d6 !important;
+}
 
 .top-navbar .center-navbar nav.header-breadcrumb li.header-breadcrumb-item a {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .right-navbar .header-menu a.nav-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .left-navbar .navbar-brand img {
-  filter: invert(1); }
+  filter: invert(1);
+}
 
 .top-navbar .left-navbar .navbar-brand:hover img {
-  filter: invert(1) drop-shadow(0px 0px 3px #fff); }
+  filter: invert(1) drop-shadow(0px 0px 3px #fff);
+}
 
 .top-navbar .composed-app-icon-container > .app-icon {
-  background-color: #fff; }
+  background-color: #fff;
+}
 
 .breadcrumb-link-container {
   box-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.16), 0 2px 6px 0 rgba(0, 0, 0, 0.12);
-  background-color: #ecf0f1; }
+  background-color: #ecf0f1;
+}
 
 /* Sidebar */
 .sidebar {
-  transition: width .08s linear;
+  transition: width 0.08s linear;
   box-shadow: none;
-  background-color: #ecf0f1; }
+  background-color: #ecf0f1;
+}
 
 .sidebar ~ main.content:after {
-  background: #000; }
+  background: #000;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid none; }
+  border-right: 1px solid none;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid rgba(0, 0, 0, 0.125); }
+  border-right: 1px solid rgba(0, 0, 0, 0.125);
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link {
-  color: #000; }
+  color: #000;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.active {
   background-color: #dbdbdb;
-  color: #18bc9c; }
+  color: #18bc9c;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.have-active-child {
   background-color: #dbdbdb;
-  color: #18bc9c; }
+  color: #18bc9c;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link:hover {
   background-color: #ebebeb;
-  color: #18bc9c; }
+  color: #18bc9c;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child {
-  background-color: unset; }
+  background-color: unset;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child:hover,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child:hover {
-  background-color: #ebebeb; }
+  background-color: #ebebeb;
+}
 
 ul.sidebar-elements li > a.sidebar-link.active::after {
-  background-color: #18bc9c; }
+  background-color: #18bc9c;
+}
 
 .lock-sidebar > a.btn {
-  background-color: unset; }
+  background-color: unset;
+}
diff --git a/webroot/css/themes/theme-minty.css b/webroot/css/themes/theme-minty.css
index 6948503..c003c4b 100644
--- a/webroot/css/themes/theme-minty.css
+++ b/webroot/css/themes/theme-minty.css
@@ -1,287 +1,332 @@
 /* Callout */
 .callout {
   border: 1px solid #ecf0f1;
-  border-radius: .25rem;
+  border-radius: 0.25rem;
   background-color: #fff;
-  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25); }
+  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25);
+}
 
 .callout-primary {
   border-left-color: #2c3e50;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-secondary {
   border-left-color: #95a5a6;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-success {
   border-left-color: #18bc9c;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-info {
   border-left-color: #3498db;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-warning {
   border-left-color: #f39c12;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-danger {
   border-left-color: #e74c3c;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-light {
   border-left-color: #ecf0f1;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-dark {
   border-left-color: #7b8a8b;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 /* Toasts */
 .toast {
-  min-width: 250px; }
+  min-width: 250px;
+}
 
 .toast-primary {
   color: #0d1318;
   background-color: #c0c5cb;
-  border-color: #abb2b9; }
-  .toast-primary strong {
-    border-top-color: #9da5ad; }
+  border-color: #abb2b9;
+}
+.toast-primary strong {
+  border-top-color: #9da5ad;
+}
 
 .toast-secondary {
   color: #2d3232;
   background-color: #dfe4e4;
-  border-color: #d5dbdb; }
-  .toast-secondary strong {
-    border-top-color: #c7cfcf; }
+  border-color: #d5dbdb;
+}
+.toast-secondary strong {
+  border-top-color: #c7cfcf;
+}
 
 .toast-success {
   color: #07382f;
   background-color: #baebe1;
-  border-color: #a3e4d7; }
-  .toast-success strong {
-    border-top-color: #8fdece; }
+  border-color: #a3e4d7;
+}
+.toast-success strong {
+  border-top-color: #8fdece;
+}
 
 .toast-info {
   color: #102e42;
   background-color: #c2e0f4;
-  border-color: #aed6f1; }
-  .toast-info strong {
-    border-top-color: #98cbed; }
+  border-color: #aed6f1;
+}
+.toast-info strong {
+  border-top-color: #98cbed;
+}
 
 .toast-warning {
   color: #492f05;
   background-color: #fbe1b8;
-  border-color: #fad7a0; }
-  .toast-warning strong {
-    border-top-color: #f9cd88; }
+  border-color: #fad7a0;
+}
+.toast-warning strong {
+  border-top-color: #f9cd88;
+}
 
 .toast-danger {
   color: #451712;
   background-color: #f8c9c5;
-  border-color: #f5b7b1; }
-  .toast-danger strong {
-    border-top-color: #f2a29a; }
+  border-color: #f5b7b1;
+}
+.toast-danger strong {
+  border-top-color: #f2a29a;
+}
 
 .toast-light {
   color: #474848;
   background-color: #f9fbfb;
-  border-color: #f7f9f9; }
-  .toast-light strong {
-    border-top-color: #e8eeee; }
+  border-color: #f7f9f9;
+}
+.toast-light strong {
+  border-top-color: #e8eeee;
+}
 
 .toast-dark {
   color: #25292a;
   background-color: #d7dcdc;
-  border-color: #cad0d1; }
-  .toast-dark strong {
-    border-top-color: #bcc4c5; }
+  border-color: #cad0d1;
+}
+.toast-dark strong {
+  border-top-color: #bcc4c5;
+}
 
 /* Dropdown-item */
 .dropdown-item.dropdown-item-primary {
   color: #fff;
   text-decoration: none;
-  background-color: #2c3e50; }
-
+  background-color: #2c3e50;
+}
 .dropdown-item.dropdown-item-outline-primary:hover {
   color: #fff;
-  background-color: #2c3e50; }
-
+  background-color: #2c3e50;
+}
 .dropdown-item.dropdown-item-secondary {
   color: #fff;
   text-decoration: none;
-  background-color: #95a5a6; }
-
+  background-color: #95a5a6;
+}
 .dropdown-item.dropdown-item-outline-secondary:hover {
   color: #fff;
-  background-color: #95a5a6; }
-
+  background-color: #95a5a6;
+}
 .dropdown-item.dropdown-item-success {
   color: #fff;
   text-decoration: none;
-  background-color: #18bc9c; }
-
+  background-color: #18bc9c;
+}
 .dropdown-item.dropdown-item-outline-success:hover {
   color: #fff;
-  background-color: #18bc9c; }
-
+  background-color: #18bc9c;
+}
 .dropdown-item.dropdown-item-info {
   color: #fff;
   text-decoration: none;
-  background-color: #3498db; }
-
+  background-color: #3498db;
+}
 .dropdown-item.dropdown-item-outline-info:hover {
   color: #fff;
-  background-color: #3498db; }
-
+  background-color: #3498db;
+}
 .dropdown-item.dropdown-item-warning {
   color: #fff;
   text-decoration: none;
-  background-color: #f39c12; }
-
+  background-color: #f39c12;
+}
 .dropdown-item.dropdown-item-outline-warning:hover {
   color: #fff;
-  background-color: #f39c12; }
-
+  background-color: #f39c12;
+}
 .dropdown-item.dropdown-item-danger {
   color: #fff;
   text-decoration: none;
-  background-color: #e74c3c; }
-
+  background-color: #e74c3c;
+}
 .dropdown-item.dropdown-item-outline-danger:hover {
   color: #fff;
-  background-color: #e74c3c; }
-
+  background-color: #e74c3c;
+}
 .dropdown-item.dropdown-item-light {
   color: #000;
   text-decoration: none;
-  background-color: #ecf0f1; }
-
+  background-color: #ecf0f1;
+}
 .dropdown-item.dropdown-item-outline-light:hover {
   color: #000;
-  background-color: #ecf0f1; }
-
+  background-color: #ecf0f1;
+}
 .dropdown-item.dropdown-item-dark {
   color: #fff;
   text-decoration: none;
-  background-color: #7b8a8b; }
-
+  background-color: #7b8a8b;
+}
 .dropdown-item.dropdown-item-outline-dark:hover {
   color: #fff;
-  background-color: #7b8a8b; }
+  background-color: #7b8a8b;
+}
 
 /* Progress Timeline */
 .progress-timeline {
-  padding: 0.2em 0.2em 0.5em 0.2em; }
-  .progress-timeline ul {
-    position: relative;
-    padding: 0; }
-  .progress-timeline li {
-    list-style-type: none;
-    position: relative; }
-  .progress-timeline li.progress-inactive {
-    opacity: 0.5; }
-  .progress-timeline .progress-line {
-    height: 2px; }
-  .progress-timeline .progress-line.progress-inactive {
-    opacity: 0.5; }
+  padding: 0.2em 0.2em 0.5em 0.2em;
+}
+.progress-timeline ul {
+  position: relative;
+  padding: 0;
+}
+.progress-timeline li {
+  list-style-type: none;
+  position: relative;
+}
+.progress-timeline li.progress-inactive {
+  opacity: 0.5;
+}
+.progress-timeline .progress-line {
+  height: 2px;
+}
+.progress-timeline .progress-line.progress-inactive {
+  opacity: 0.5;
+}
 
 /* Forms severity */
 .form-control.is-invalid.info {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%233498db' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%233498db' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.info:focus {
-    border-color: #3498db;
-    box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%233498db' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%233498db' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.info:focus {
+  border-color: #3498db;
+  box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25);
+}
 .form-control.is-invalid.warning {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23f39c12' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f39c12' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.warning:focus {
-    border-color: #f39c12;
-    box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25); }
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23f39c12' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f39c12' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.warning:focus {
+  border-color: #f39c12;
+  box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25);
+}
 
 .form-select.is-invalid:not([multiple]):not([size]).info,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%233498db'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%233498db' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).info:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25); }
-
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).info:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(52, 152, 219, 0.25);
+}
 .form-select.is-invalid:not([multiple]):not([size]).warning,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23f39c12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f39c12' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).warning:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).warning:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(243, 156, 18, 0.25);
+}
 
 .form-check-input.is-invalid.info {
-  border-color: #3498db; }
-
+  border-color: #3498db;
+}
 .form-check-input.is-invalid.info:checked {
-  background-color: #3498db; }
-
+  background-color: #3498db;
+}
 .form-check-input.is-invalid.info ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.info:focus {
-  box-shadow: 0 0 0 0.2rem rgba(52, 152, 219, 0.25); }
-
+  box-shadow: 0 0 0 0.2rem rgba(52, 152, 219, 0.25);
+}
 .form-check-input.is-invalid.warning {
-  border-color: #f39c12; }
-
+  border-color: #f39c12;
+}
 .form-check-input.is-invalid.warning:checked {
-  background-color: #f39c12; }
-
+  background-color: #f39c12;
+}
 .form-check-input.is-invalid.warning ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.warning:focus {
-  box-shadow: 0 0 0 0.2rem rgba(243, 156, 18, 0.25); }
+  box-shadow: 0 0 0 0.2rem rgba(243, 156, 18, 0.25);
+}
 
 /* Utilities */
 .mw-75 {
-  max-width: 75% !important; }
+  max-width: 75% !important;
+}
 
 .mw-50 {
-  max-width: 50% !important; }
+  max-width: 50% !important;
+}
 
 .mw-25 {
-  max-width: 25% !important; }
+  max-width: 25% !important;
+}
 
 .mh-75 {
-  max-height: 75% !important; }
+  max-height: 75% !important;
+}
 
 .mh-50 {
-  max-height: 50% !important; }
+  max-height: 50% !important;
+}
 
 .mh-25 {
-  max-height: 25% !important; }
+  max-height: 25% !important;
+}
 
 .p-abs-center-y {
   top: 50%;
-  transform: translateY(-50%); }
+  transform: translateY(-50%);
+}
 
 .p-abs-center-x {
   left: 50%;
-  transform: translateX(-50%); }
+  transform: translateX(-50%);
+}
 
 .p-abs-center-both {
   top: 50%;
   left: 50%;
-  transform: translateX(-50%) translateY(-50%); }
+  transform: translateX(-50%) translateY(-50%);
+}
 
 /* Body */
 body {
@@ -290,87 +335,111 @@ body {
   /* background by SVGBackgrounds.com */
   background-attachment: fixed;
   background-size: cover;
-  background-blend-mode: normal; }
+  background-blend-mode: normal;
+}
 
 .panel {
   background-color: #fff;
   border: none;
-  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25); }
+  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25);
+}
 
 .loading-overlay {
   background-color: #ecf0f1;
-  opacity: 0.65; }
+  opacity: 0.65;
+}
 
 /* Top navbar */
 .top-navbar {
-  background-color: #2c3e50; }
+  background-color: #2c3e50;
+}
 
 .center-navbar nav.header-breadcrumb {
-  color: #fff; }
+  color: #fff;
+}
 
 header.top-navbar .header-menu > a:hover,
 header.top-navbar .header-breadcrumb .header-breadcrumb-item > a:hover {
-  color: #d6d6d6 !important; }
+  color: #d6d6d6 !important;
+}
 
 .top-navbar .center-navbar nav.header-breadcrumb li.header-breadcrumb-item a {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .right-navbar .header-menu a.nav-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .left-navbar .navbar-brand img {
-  filter: invert(1); }
+  filter: invert(1);
+}
 
 .top-navbar .left-navbar .navbar-brand:hover img {
-  filter: invert(1) drop-shadow(0px 0px 3px #fff); }
+  filter: invert(1) drop-shadow(0px 0px 3px #fff);
+}
 
 .top-navbar .composed-app-icon-container > .app-icon {
-  background-color: #fff; }
+  background-color: #fff;
+}
 
 .breadcrumb-link-container {
   box-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.16), 0 2px 6px 0 rgba(0, 0, 0, 0.12);
-  background-color: #ecf0f1; }
+  background-color: #ecf0f1;
+}
 
 /* Sidebar */
 .sidebar {
-  transition: width .08s linear;
+  transition: width 0.08s linear;
   box-shadow: none;
-  background-color: #ecf0f1; }
+  background-color: #ecf0f1;
+}
 
 .sidebar ~ main.content:after {
-  background: #000; }
+  background: #000;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid none; }
+  border-right: 1px solid none;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid rgba(0, 0, 0, 0.125); }
+  border-right: 1px solid rgba(0, 0, 0, 0.125);
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link {
-  color: #343a40; }
+  color: #343a40;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.active {
   background-color: #dbdbdb;
-  color: #18bc9c; }
+  color: #18bc9c;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.have-active-child {
   background-color: #dbdbdb;
-  color: #18bc9c; }
+  color: #18bc9c;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link:hover {
   background-color: #ebebeb;
-  color: #18bc9c; }
+  color: #18bc9c;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child {
-  background-color: unset; }
+  background-color: unset;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child:hover,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child:hover {
-  background-color: #ebebeb; }
+  background-color: #ebebeb;
+}
 
 ul.sidebar-elements li > a.sidebar-link.active::after {
-  background-color: #18bc9c; }
+  background-color: #18bc9c;
+}
 
 .lock-sidebar > a.btn {
-  background-color: unset; }
+  background-color: unset;
+}
diff --git a/webroot/css/themes/theme-quartz.css b/webroot/css/themes/theme-quartz.css
index 71469f2..83280db 100644
--- a/webroot/css/themes/theme-quartz.css
+++ b/webroot/css/themes/theme-quartz.css
@@ -1,371 +1,439 @@
 /* Callout */
 .callout {
   border: 1px solid #e9e9e8;
-  border-radius: .25rem;
+  border-radius: 0.25rem;
   background-color: transparent;
-  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25); }
+  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25);
+}
 
 .callout-primary {
   border-left-color: #e83283;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-secondary {
   border-left-color: rgba(255, 255, 255, 0.4);
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-success {
   border-left-color: #41d7a7;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-info {
   border-left-color: #39cbfb;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-warning {
   border-left-color: #ffc107;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-danger {
   border-left-color: #fd7e14;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-light {
   border-left-color: #e9e9e8;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-dark {
   border-left-color: #212529;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 /* Toasts */
 .toast {
-  min-width: 250px; }
+  min-width: 250px;
+}
 
 .toast-primary {
   color: #460f27;
   background-color: #f8c2da;
-  border-color: #f6adcd; }
-  .toast-primary strong {
-    border-top-color: #f396bf; }
+  border-color: #f6adcd;
+}
+.toast-primary strong {
+  border-top-color: #f396bf;
+}
 
 .toast-secondary {
   color: rgba(25, 25, 25, 0.82);
   background-color: rgba(255, 255, 255, 0.82);
-  border-color: rgba(255, 255, 255, 0.76); }
-  .toast-secondary strong {
-    border-top-color: rgba(242, 242, 242, 0.76); }
+  border-color: rgba(255, 255, 255, 0.76);
+}
+.toast-secondary strong {
+  border-top-color: rgba(242, 242, 242, 0.76);
+}
 
 .toast-success {
   color: #144132;
   background-color: #c6f3e5;
-  border-color: #b3efdc; }
-  .toast-success strong {
-    border-top-color: #9eebd2; }
+  border-color: #b3efdc;
+}
+.toast-success strong {
+  border-top-color: #9eebd2;
+}
 
 .toast-info {
   color: #113d4b;
   background-color: #c4effe;
-  border-color: #b0eafd; }
-  .toast-info strong {
-    border-top-color: #97e3fc; }
+  border-color: #b0eafd;
+}
+.toast-info strong {
+  border-top-color: #97e3fc;
+}
 
 .toast-warning {
   color: #4d3a02;
   background-color: #ffecb5;
-  border-color: #ffe69c; }
-  .toast-warning strong {
-    border-top-color: #ffe083; }
+  border-color: #ffe69c;
+}
+.toast-warning strong {
+  border-top-color: #ffe083;
+}
 
 .toast-danger {
   color: #4c2606;
   background-color: #fed8b9;
-  border-color: #fecba1; }
-  .toast-danger strong {
-    border-top-color: #febd88; }
+  border-color: #fecba1;
+}
+.toast-danger strong {
+  border-top-color: #febd88;
+}
 
 .toast-light {
   color: #464646;
   background-color: #f8f8f8;
-  border-color: #f6f6f6; }
-  .toast-light strong {
-    border-top-color: #e9e9e9; }
+  border-color: #f6f6f6;
+}
+.toast-light strong {
+  border-top-color: #e9e9e9;
+}
 
 .toast-dark {
   color: #0a0b0c;
   background-color: #bcbebf;
-  border-color: #a6a8a9; }
-  .toast-dark strong {
-    border-top-color: #999b9c; }
+  border-color: #a6a8a9;
+}
+.toast-dark strong {
+  border-top-color: #999b9c;
+}
 
 /* Dropdown-item */
 .dropdown-item.dropdown-item-primary {
   color: #fff;
   text-decoration: none;
-  background-color: #e83283; }
-
+  background-color: #e83283;
+}
 .dropdown-item.dropdown-item-outline-primary:hover {
   color: #fff;
-  background-color: #e83283; }
-
+  background-color: #e83283;
+}
 .dropdown-item.dropdown-item-secondary {
   color: #000;
   text-decoration: none;
-  background-color: rgba(255, 255, 255, 0.4); }
-
+  background-color: rgba(255, 255, 255, 0.4);
+}
 .dropdown-item.dropdown-item-outline-secondary:hover {
   color: #000;
-  background-color: rgba(255, 255, 255, 0.4); }
-
+  background-color: rgba(255, 255, 255, 0.4);
+}
 .dropdown-item.dropdown-item-success {
   color: #fff;
   text-decoration: none;
-  background-color: #41d7a7; }
-
+  background-color: #41d7a7;
+}
 .dropdown-item.dropdown-item-outline-success:hover {
   color: #fff;
-  background-color: #41d7a7; }
-
+  background-color: #41d7a7;
+}
 .dropdown-item.dropdown-item-info {
   color: #fff;
   text-decoration: none;
-  background-color: #39cbfb; }
-
+  background-color: #39cbfb;
+}
 .dropdown-item.dropdown-item-outline-info:hover {
   color: #fff;
-  background-color: #39cbfb; }
-
+  background-color: #39cbfb;
+}
 .dropdown-item.dropdown-item-warning {
   color: #fff;
   text-decoration: none;
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .dropdown-item.dropdown-item-outline-warning:hover {
   color: #fff;
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .dropdown-item.dropdown-item-danger {
   color: #fff;
   text-decoration: none;
-  background-color: #fd7e14; }
-
+  background-color: #fd7e14;
+}
 .dropdown-item.dropdown-item-outline-danger:hover {
   color: #fff;
-  background-color: #fd7e14; }
-
+  background-color: #fd7e14;
+}
 .dropdown-item.dropdown-item-light {
   color: #000;
   text-decoration: none;
-  background-color: #e9e9e8; }
-
+  background-color: #e9e9e8;
+}
 .dropdown-item.dropdown-item-outline-light:hover {
   color: #000;
-  background-color: #e9e9e8; }
-
+  background-color: #e9e9e8;
+}
 .dropdown-item.dropdown-item-dark {
   color: #fff;
   text-decoration: none;
-  background-color: #212529; }
-
+  background-color: #212529;
+}
 .dropdown-item.dropdown-item-outline-dark:hover {
   color: #fff;
-  background-color: #212529; }
+  background-color: #212529;
+}
 
 /* Progress Timeline */
 .progress-timeline {
-  padding: 0.2em 0.2em 0.5em 0.2em; }
-  .progress-timeline ul {
-    position: relative;
-    padding: 0; }
-  .progress-timeline li {
-    list-style-type: none;
-    position: relative; }
-  .progress-timeline li.progress-inactive {
-    opacity: 0.5; }
-  .progress-timeline .progress-line {
-    height: 2px; }
-  .progress-timeline .progress-line.progress-inactive {
-    opacity: 0.5; }
+  padding: 0.2em 0.2em 0.5em 0.2em;
+}
+.progress-timeline ul {
+  position: relative;
+  padding: 0;
+}
+.progress-timeline li {
+  list-style-type: none;
+  position: relative;
+}
+.progress-timeline li.progress-inactive {
+  opacity: 0.5;
+}
+.progress-timeline .progress-line {
+  height: 2px;
+}
+.progress-timeline .progress-line.progress-inactive {
+  opacity: 0.5;
+}
 
 /* Forms severity */
 .form-control.is-invalid.info {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%2339cbfb' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%2339cbfb' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.info:focus {
-    border-color: #39cbfb;
-    box-shadow: 0 0 0 0.25rem rgba(57, 203, 251, 0.25); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%2339cbfb' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%2339cbfb' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.info:focus {
+  border-color: #39cbfb;
+  box-shadow: 0 0 0 0.25rem rgba(57, 203, 251, 0.25);
+}
 .form-control.is-invalid.warning {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ffc107' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.warning:focus {
-    border-color: #ffc107;
-    box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25); }
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ffc107' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.warning:focus {
+  border-color: #ffc107;
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25);
+}
 
 .form-select.is-invalid:not([multiple]):not([size]).info,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%2339cbfb'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%2339cbfb' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).info:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(57, 203, 251, 0.25); }
-
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).info:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(57, 203, 251, 0.25);
+}
 .form-select.is-invalid:not([multiple]):not([size]).warning,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23ffc107'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).warning:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).warning:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25);
+}
 
 .form-check-input.is-invalid.info {
-  border-color: #39cbfb; }
-
+  border-color: #39cbfb;
+}
 .form-check-input.is-invalid.info:checked {
-  background-color: #39cbfb; }
-
+  background-color: #39cbfb;
+}
 .form-check-input.is-invalid.info ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.info:focus {
-  box-shadow: 0 0 0 0.2rem rgba(57, 203, 251, 0.25); }
-
+  box-shadow: 0 0 0 0.2rem rgba(57, 203, 251, 0.25);
+}
 .form-check-input.is-invalid.warning {
-  border-color: #ffc107; }
-
+  border-color: #ffc107;
+}
 .form-check-input.is-invalid.warning:checked {
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .form-check-input.is-invalid.warning ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.warning:focus {
-  box-shadow: 0 0 0 0.2rem rgba(255, 193, 7, 0.25); }
+  box-shadow: 0 0 0 0.2rem rgba(255, 193, 7, 0.25);
+}
 
 /* Utilities */
 .mw-75 {
-  max-width: 75% !important; }
+  max-width: 75% !important;
+}
 
 .mw-50 {
-  max-width: 50% !important; }
+  max-width: 50% !important;
+}
 
 .mw-25 {
-  max-width: 25% !important; }
+  max-width: 25% !important;
+}
 
 .mh-75 {
-  max-height: 75% !important; }
+  max-height: 75% !important;
+}
 
 .mh-50 {
-  max-height: 50% !important; }
+  max-height: 50% !important;
+}
 
 .mh-25 {
-  max-height: 25% !important; }
+  max-height: 25% !important;
+}
 
 .p-abs-center-y {
   top: 50%;
-  transform: translateY(-50%); }
+  transform: translateY(-50%);
+}
 
 .p-abs-center-x {
   left: 50%;
-  transform: translateX(-50%); }
+  transform: translateX(-50%);
+}
 
 .p-abs-center-both {
   top: 50%;
   left: 50%;
-  transform: translateX(-50%) translateY(-50%); }
+  transform: translateX(-50%) translateY(-50%);
+}
 
 /* Body */
 .panel {
   background-color: transparent;
   border: none;
-  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25); }
+  box-shadow: 0 0 35px 0 rgba(154, 161, 171, 0.25);
+}
 
 .loading-overlay {
   background-color: #e9e9e8;
-  opacity: 0.35; }
+  opacity: 0.35;
+}
 
 /* Top navbar */
 .top-navbar {
-  background-color: #e83283; }
+  background-color: #e83283;
+}
 
 .center-navbar nav.header-breadcrumb {
-  color: #fff; }
+  color: #fff;
+}
 
 header.top-navbar .header-menu > a:hover,
 header.top-navbar .header-breadcrumb .header-breadcrumb-item > a:hover {
-  color: #d6d6d6 !important; }
+  color: #d6d6d6 !important;
+}
 
 .top-navbar .center-navbar nav.header-breadcrumb li.header-breadcrumb-item a {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .right-navbar .header-menu a.nav-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .left-navbar .navbar-brand img {
-  filter: invert(1); }
+  filter: invert(1);
+}
 
 .top-navbar .left-navbar .navbar-brand:hover img {
-  filter: invert(1) drop-shadow(0px 0px 3px #fff); }
+  filter: invert(1) drop-shadow(0px 0px 3px #fff);
+}
 
 .top-navbar .composed-app-icon-container > .app-icon {
-  background-color: #fff; }
+  background-color: #fff;
+}
 
 .breadcrumb-link-container {
   box-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.16), 0 2px 6px 0 rgba(0, 0, 0, 0.12);
-  background-color: rgba(255, 255, 255, 0.4); }
+  background-color: rgba(255, 255, 255, 0.4);
+}
 
 /* Sidebar */
 .sidebar {
-  transition: width .08s linear;
+  transition: width 0.08s linear;
   box-shadow: none;
-  background-color: rgba(255, 255, 255, 0.4); }
+  background-color: rgba(255, 255, 255, 0.4);
+}
 
 .sidebar ~ main.content:after {
-  background: #000; }
+  background: #000;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid none; }
+  border-right: 1px solid none;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid rgba(0, 0, 0, 0.125); }
+  border-right: 1px solid rgba(0, 0, 0, 0.125);
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.active {
   background-color: #fff;
-  color: #343a40; }
+  color: #343a40;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.have-active-child {
   background-color: #fff;
-  color: #343a40; }
+  color: #343a40;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link:hover {
   background-color: #fff;
-  color: #343a40; }
+  color: #343a40;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child {
-  background-color: unset; }
+  background-color: unset;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child:hover,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child:hover {
-  background-color: #fff; }
+  background-color: #fff;
+}
 
 ul.sidebar-elements li > a.sidebar-link.active::after {
-  background-color: #e83283; }
+  background-color: #e83283;
+}
 
 .lock-sidebar > a.btn {
-  background-color: rgba(255, 255, 255, 0.4); }
+  background-color: rgba(255, 255, 255, 0.4);
+}
 
 .btn {
   display: inline-block;
@@ -382,427 +450,485 @@ ul.sidebar-elements li > a.sidebar-link.active::after {
   padding: 0.75rem 1.5rem;
   font-size: 1rem;
   border-radius: 0.5rem;
-  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out; }
-  @media (prefers-reduced-motion: reduce) {
-    .btn {
-      transition: none; } }
-  .btn:hover {
-    color: #fff; }
-  .btn-check:focus + .btn, .btn:focus {
-    outline: 0;
-    box-shadow: 0 0 0 0.25rem rgba(232, 50, 131, 0.25); }
-  .btn:disabled, .btn.disabled,
-  fieldset:disabled .btn {
-    pointer-events: none;
-    opacity: 0.65; }
+  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+@media (prefers-reduced-motion: reduce) {
+  .btn {
+    transition: none;
+  }
+}
+.btn:hover {
+  color: #fff;
+}
+.btn-check:focus + .btn, .btn:focus {
+  outline: 0;
+  box-shadow: 0 0 0 0.25rem rgba(232, 50, 131, 0.25);
+}
+.btn:disabled, .btn.disabled, fieldset:disabled .btn {
+  pointer-events: none;
+  opacity: 0.65;
+}
 
 .btn-primary {
   color: #fff;
   background-color: #e83283;
-  border-color: #e83283; }
-  .btn-primary:hover {
-    color: #fff;
-    background-color: #c52b6f;
-    border-color: #ba2869; }
-  .btn-check:focus + .btn-primary, .btn-primary:focus {
-    color: #fff;
-    background-color: #c52b6f;
-    border-color: #ba2869;
-    box-shadow: 0 0 0 0.25rem rgba(235, 81, 150, 0.5); }
-  .btn-check:checked + .btn-primary,
-  .btn-check:active + .btn-primary, .btn-primary:active, .btn-primary.active,
-  .show > .btn-primary.dropdown-toggle {
-    color: #fff;
-    background-color: #ba2869;
-    border-color: #ae2662; }
-    .btn-check:checked + .btn-primary:focus,
-    .btn-check:active + .btn-primary:focus, .btn-primary:active:focus, .btn-primary.active:focus,
-    .show > .btn-primary.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(235, 81, 150, 0.5); }
-  .btn-primary:disabled, .btn-primary.disabled {
-    color: #fff;
-    background-color: #e83283;
-    border-color: #e83283; }
+  border-color: #e83283;
+}
+.btn-primary:hover {
+  color: #fff;
+  background-color: #c52b6f;
+  border-color: #ba2869;
+}
+.btn-check:focus + .btn-primary, .btn-primary:focus {
+  color: #fff;
+  background-color: #c52b6f;
+  border-color: #ba2869;
+  box-shadow: 0 0 0 0.25rem rgba(235, 81, 150, 0.5);
+}
+.btn-check:checked + .btn-primary, .btn-check:active + .btn-primary, .btn-primary:active, .btn-primary.active, .show > .btn-primary.dropdown-toggle {
+  color: #fff;
+  background-color: #ba2869;
+  border-color: #ae2662;
+}
+.btn-check:checked + .btn-primary:focus, .btn-check:active + .btn-primary:focus, .btn-primary:active:focus, .btn-primary.active:focus, .show > .btn-primary.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(235, 81, 150, 0.5);
+}
+.btn-primary:disabled, .btn-primary.disabled {
+  color: #fff;
+  background-color: #e83283;
+  border-color: #e83283;
+}
 
 .btn-secondary {
   color: #000;
   background-color: rgba(255, 255, 255, 0.4);
-  border-color: rgba(255, 255, 255, 0.4); }
-  .btn-secondary:hover {
-    color: #000;
-    background-color: rgba(255, 255, 255, 0.49);
-    border-color: rgba(255, 255, 255, 0.46); }
-  .btn-check:focus + .btn-secondary, .btn-secondary:focus {
-    color: #000;
-    background-color: rgba(255, 255, 255, 0.49);
-    border-color: rgba(255, 255, 255, 0.46);
-    box-shadow: 0 0 0 0.25rem rgba(149, 149, 149, 0.5); }
-  .btn-check:checked + .btn-secondary,
-  .btn-check:active + .btn-secondary, .btn-secondary:active, .btn-secondary.active,
-  .show > .btn-secondary.dropdown-toggle {
-    color: #000;
-    background-color: rgba(255, 255, 255, 0.52);
-    border-color: rgba(255, 255, 255, 0.46); }
-    .btn-check:checked + .btn-secondary:focus,
-    .btn-check:active + .btn-secondary:focus, .btn-secondary:active:focus, .btn-secondary.active:focus,
-    .show > .btn-secondary.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(149, 149, 149, 0.5); }
-  .btn-secondary:disabled, .btn-secondary.disabled {
-    color: #000;
-    background-color: rgba(255, 255, 255, 0.4);
-    border-color: rgba(255, 255, 255, 0.4); }
+  border-color: rgba(255, 255, 255, 0.4);
+}
+.btn-secondary:hover {
+  color: #000;
+  background-color: rgba(255, 255, 255, 0.49);
+  border-color: rgba(255, 255, 255, 0.46);
+}
+.btn-check:focus + .btn-secondary, .btn-secondary:focus {
+  color: #000;
+  background-color: rgba(255, 255, 255, 0.49);
+  border-color: rgba(255, 255, 255, 0.46);
+  box-shadow: 0 0 0 0.25rem rgba(149, 149, 149, 0.5);
+}
+.btn-check:checked + .btn-secondary, .btn-check:active + .btn-secondary, .btn-secondary:active, .btn-secondary.active, .show > .btn-secondary.dropdown-toggle {
+  color: #000;
+  background-color: rgba(255, 255, 255, 0.52);
+  border-color: rgba(255, 255, 255, 0.46);
+}
+.btn-check:checked + .btn-secondary:focus, .btn-check:active + .btn-secondary:focus, .btn-secondary:active:focus, .btn-secondary.active:focus, .show > .btn-secondary.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(149, 149, 149, 0.5);
+}
+.btn-secondary:disabled, .btn-secondary.disabled {
+  color: #000;
+  background-color: rgba(255, 255, 255, 0.4);
+  border-color: rgba(255, 255, 255, 0.4);
+}
 
 .btn-success {
   color: #fff;
   background-color: #41d7a7;
-  border-color: #41d7a7; }
-  .btn-success:hover {
-    color: #fff;
-    background-color: #37b78e;
-    border-color: #34ac86; }
-  .btn-check:focus + .btn-success, .btn-success:focus {
-    color: #fff;
-    background-color: #37b78e;
-    border-color: #34ac86;
-    box-shadow: 0 0 0 0.25rem rgba(94, 221, 180, 0.5); }
-  .btn-check:checked + .btn-success,
-  .btn-check:active + .btn-success, .btn-success:active, .btn-success.active,
-  .show > .btn-success.dropdown-toggle {
-    color: #fff;
-    background-color: #34ac86;
-    border-color: #31a17d; }
-    .btn-check:checked + .btn-success:focus,
-    .btn-check:active + .btn-success:focus, .btn-success:active:focus, .btn-success.active:focus,
-    .show > .btn-success.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(94, 221, 180, 0.5); }
-  .btn-success:disabled, .btn-success.disabled {
-    color: #fff;
-    background-color: #41d7a7;
-    border-color: #41d7a7; }
+  border-color: #41d7a7;
+}
+.btn-success:hover {
+  color: #fff;
+  background-color: #37b78e;
+  border-color: #34ac86;
+}
+.btn-check:focus + .btn-success, .btn-success:focus {
+  color: #fff;
+  background-color: #37b78e;
+  border-color: #34ac86;
+  box-shadow: 0 0 0 0.25rem rgba(94, 221, 180, 0.5);
+}
+.btn-check:checked + .btn-success, .btn-check:active + .btn-success, .btn-success:active, .btn-success.active, .show > .btn-success.dropdown-toggle {
+  color: #fff;
+  background-color: #34ac86;
+  border-color: #31a17d;
+}
+.btn-check:checked + .btn-success:focus, .btn-check:active + .btn-success:focus, .btn-success:active:focus, .btn-success.active:focus, .show > .btn-success.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(94, 221, 180, 0.5);
+}
+.btn-success:disabled, .btn-success.disabled {
+  color: #fff;
+  background-color: #41d7a7;
+  border-color: #41d7a7;
+}
 
 .btn-info {
   color: #fff;
   background-color: #39cbfb;
-  border-color: #39cbfb; }
-  .btn-info:hover {
-    color: #fff;
-    background-color: #30add5;
-    border-color: #2ea2c9; }
-  .btn-check:focus + .btn-info, .btn-info:focus {
-    color: #fff;
-    background-color: #30add5;
-    border-color: #2ea2c9;
-    box-shadow: 0 0 0 0.25rem rgba(87, 211, 252, 0.5); }
-  .btn-check:checked + .btn-info,
-  .btn-check:active + .btn-info, .btn-info:active, .btn-info.active,
-  .show > .btn-info.dropdown-toggle {
-    color: #fff;
-    background-color: #2ea2c9;
-    border-color: #2b98bc; }
-    .btn-check:checked + .btn-info:focus,
-    .btn-check:active + .btn-info:focus, .btn-info:active:focus, .btn-info.active:focus,
-    .show > .btn-info.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(87, 211, 252, 0.5); }
-  .btn-info:disabled, .btn-info.disabled {
-    color: #fff;
-    background-color: #39cbfb;
-    border-color: #39cbfb; }
+  border-color: #39cbfb;
+}
+.btn-info:hover {
+  color: #fff;
+  background-color: #30add5;
+  border-color: #2ea2c9;
+}
+.btn-check:focus + .btn-info, .btn-info:focus {
+  color: #fff;
+  background-color: #30add5;
+  border-color: #2ea2c9;
+  box-shadow: 0 0 0 0.25rem rgba(87, 211, 252, 0.5);
+}
+.btn-check:checked + .btn-info, .btn-check:active + .btn-info, .btn-info:active, .btn-info.active, .show > .btn-info.dropdown-toggle {
+  color: #fff;
+  background-color: #2ea2c9;
+  border-color: #2b98bc;
+}
+.btn-check:checked + .btn-info:focus, .btn-check:active + .btn-info:focus, .btn-info:active:focus, .btn-info.active:focus, .show > .btn-info.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(87, 211, 252, 0.5);
+}
+.btn-info:disabled, .btn-info.disabled {
+  color: #fff;
+  background-color: #39cbfb;
+  border-color: #39cbfb;
+}
 
 .btn-warning {
   color: #fff;
   background-color: #ffc107;
-  border-color: #ffc107; }
-  .btn-warning:hover {
-    color: #fff;
-    background-color: #d9a406;
-    border-color: #cc9a06; }
-  .btn-check:focus + .btn-warning, .btn-warning:focus {
-    color: #fff;
-    background-color: #d9a406;
-    border-color: #cc9a06;
-    box-shadow: 0 0 0 0.25rem rgba(255, 202, 44, 0.5); }
-  .btn-check:checked + .btn-warning,
-  .btn-check:active + .btn-warning, .btn-warning:active, .btn-warning.active,
-  .show > .btn-warning.dropdown-toggle {
-    color: #fff;
-    background-color: #cc9a06;
-    border-color: #bf9105; }
-    .btn-check:checked + .btn-warning:focus,
-    .btn-check:active + .btn-warning:focus, .btn-warning:active:focus, .btn-warning.active:focus,
-    .show > .btn-warning.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(255, 202, 44, 0.5); }
-  .btn-warning:disabled, .btn-warning.disabled {
-    color: #fff;
-    background-color: #ffc107;
-    border-color: #ffc107; }
+  border-color: #ffc107;
+}
+.btn-warning:hover {
+  color: #fff;
+  background-color: #d9a406;
+  border-color: #cc9a06;
+}
+.btn-check:focus + .btn-warning, .btn-warning:focus {
+  color: #fff;
+  background-color: #d9a406;
+  border-color: #cc9a06;
+  box-shadow: 0 0 0 0.25rem rgba(255, 202, 44, 0.5);
+}
+.btn-check:checked + .btn-warning, .btn-check:active + .btn-warning, .btn-warning:active, .btn-warning.active, .show > .btn-warning.dropdown-toggle {
+  color: #fff;
+  background-color: #cc9a06;
+  border-color: #bf9105;
+}
+.btn-check:checked + .btn-warning:focus, .btn-check:active + .btn-warning:focus, .btn-warning:active:focus, .btn-warning.active:focus, .show > .btn-warning.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(255, 202, 44, 0.5);
+}
+.btn-warning:disabled, .btn-warning.disabled {
+  color: #fff;
+  background-color: #ffc107;
+  border-color: #ffc107;
+}
 
 .btn-danger {
   color: #fff;
   background-color: #fd7e14;
-  border-color: #fd7e14; }
-  .btn-danger:hover {
-    color: #fff;
-    background-color: #d76b11;
-    border-color: #ca6510; }
-  .btn-check:focus + .btn-danger, .btn-danger:focus {
-    color: #fff;
-    background-color: #d76b11;
-    border-color: #ca6510;
-    box-shadow: 0 0 0 0.25rem rgba(253, 145, 55, 0.5); }
-  .btn-check:checked + .btn-danger,
-  .btn-check:active + .btn-danger, .btn-danger:active, .btn-danger.active,
-  .show > .btn-danger.dropdown-toggle {
-    color: #fff;
-    background-color: #ca6510;
-    border-color: #be5f0f; }
-    .btn-check:checked + .btn-danger:focus,
-    .btn-check:active + .btn-danger:focus, .btn-danger:active:focus, .btn-danger.active:focus,
-    .show > .btn-danger.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(253, 145, 55, 0.5); }
-  .btn-danger:disabled, .btn-danger.disabled {
-    color: #fff;
-    background-color: #fd7e14;
-    border-color: #fd7e14; }
+  border-color: #fd7e14;
+}
+.btn-danger:hover {
+  color: #fff;
+  background-color: #d76b11;
+  border-color: #ca6510;
+}
+.btn-check:focus + .btn-danger, .btn-danger:focus {
+  color: #fff;
+  background-color: #d76b11;
+  border-color: #ca6510;
+  box-shadow: 0 0 0 0.25rem rgba(253, 145, 55, 0.5);
+}
+.btn-check:checked + .btn-danger, .btn-check:active + .btn-danger, .btn-danger:active, .btn-danger.active, .show > .btn-danger.dropdown-toggle {
+  color: #fff;
+  background-color: #ca6510;
+  border-color: #be5f0f;
+}
+.btn-check:checked + .btn-danger:focus, .btn-check:active + .btn-danger:focus, .btn-danger:active:focus, .btn-danger.active:focus, .show > .btn-danger.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(253, 145, 55, 0.5);
+}
+.btn-danger:disabled, .btn-danger.disabled {
+  color: #fff;
+  background-color: #fd7e14;
+  border-color: #fd7e14;
+}
 
 .btn-light {
   color: #000;
   background-color: #e9e9e8;
-  border-color: #e9e9e8; }
-  .btn-light:hover {
-    color: #000;
-    background-color: #ececeb;
-    border-color: #ebebea; }
-  .btn-check:focus + .btn-light, .btn-light:focus {
-    color: #000;
-    background-color: #ececeb;
-    border-color: #ebebea;
-    box-shadow: 0 0 0 0.25rem rgba(198, 198, 197, 0.5); }
-  .btn-check:checked + .btn-light,
-  .btn-check:active + .btn-light, .btn-light:active, .btn-light.active,
-  .show > .btn-light.dropdown-toggle {
-    color: #000;
-    background-color: #ededed;
-    border-color: #ebebea; }
-    .btn-check:checked + .btn-light:focus,
-    .btn-check:active + .btn-light:focus, .btn-light:active:focus, .btn-light.active:focus,
-    .show > .btn-light.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(198, 198, 197, 0.5); }
-  .btn-light:disabled, .btn-light.disabled {
-    color: #000;
-    background-color: #e9e9e8;
-    border-color: #e9e9e8; }
+  border-color: #e9e9e8;
+}
+.btn-light:hover {
+  color: #000;
+  background-color: #ececeb;
+  border-color: #ebebea;
+}
+.btn-check:focus + .btn-light, .btn-light:focus {
+  color: #000;
+  background-color: #ececeb;
+  border-color: #ebebea;
+  box-shadow: 0 0 0 0.25rem rgba(198, 198, 197, 0.5);
+}
+.btn-check:checked + .btn-light, .btn-check:active + .btn-light, .btn-light:active, .btn-light.active, .show > .btn-light.dropdown-toggle {
+  color: #000;
+  background-color: #ededed;
+  border-color: #ebebea;
+}
+.btn-check:checked + .btn-light:focus, .btn-check:active + .btn-light:focus, .btn-light:active:focus, .btn-light.active:focus, .show > .btn-light.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(198, 198, 197, 0.5);
+}
+.btn-light:disabled, .btn-light.disabled {
+  color: #000;
+  background-color: #e9e9e8;
+  border-color: #e9e9e8;
+}
 
 .btn-dark {
   color: #fff;
   background-color: #212529;
-  border-color: #212529; }
-  .btn-dark:hover {
-    color: #fff;
-    background-color: #1c1f23;
-    border-color: #1a1e21; }
-  .btn-check:focus + .btn-dark, .btn-dark:focus {
-    color: #fff;
-    background-color: #1c1f23;
-    border-color: #1a1e21;
-    box-shadow: 0 0 0 0.25rem rgba(66, 70, 73, 0.5); }
-  .btn-check:checked + .btn-dark,
-  .btn-check:active + .btn-dark, .btn-dark:active, .btn-dark.active,
-  .show > .btn-dark.dropdown-toggle {
-    color: #fff;
-    background-color: #1a1e21;
-    border-color: #191c1f; }
-    .btn-check:checked + .btn-dark:focus,
-    .btn-check:active + .btn-dark:focus, .btn-dark:active:focus, .btn-dark.active:focus,
-    .show > .btn-dark.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(66, 70, 73, 0.5); }
-  .btn-dark:disabled, .btn-dark.disabled {
-    color: #fff;
-    background-color: #212529;
-    border-color: #212529; }
+  border-color: #212529;
+}
+.btn-dark:hover {
+  color: #fff;
+  background-color: #1c1f23;
+  border-color: #1a1e21;
+}
+.btn-check:focus + .btn-dark, .btn-dark:focus {
+  color: #fff;
+  background-color: #1c1f23;
+  border-color: #1a1e21;
+  box-shadow: 0 0 0 0.25rem rgba(66, 70, 73, 0.5);
+}
+.btn-check:checked + .btn-dark, .btn-check:active + .btn-dark, .btn-dark:active, .btn-dark.active, .show > .btn-dark.dropdown-toggle {
+  color: #fff;
+  background-color: #1a1e21;
+  border-color: #191c1f;
+}
+.btn-check:checked + .btn-dark:focus, .btn-check:active + .btn-dark:focus, .btn-dark:active:focus, .btn-dark.active:focus, .show > .btn-dark.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(66, 70, 73, 0.5);
+}
+.btn-dark:disabled, .btn-dark.disabled {
+  color: #fff;
+  background-color: #212529;
+  border-color: #212529;
+}
 
 .btn-outline-primary {
   color: #e83283;
-  border-color: #e83283; }
-  .btn-outline-primary:hover {
-    color: #fff;
-    background-color: #e83283;
-    border-color: #e83283; }
-  .btn-check:focus + .btn-outline-primary, .btn-outline-primary:focus {
-    box-shadow: 0 0 0 0.25rem rgba(232, 50, 131, 0.5); }
-  .btn-check:checked + .btn-outline-primary,
-  .btn-check:active + .btn-outline-primary, .btn-outline-primary:active, .btn-outline-primary.active, .btn-outline-primary.dropdown-toggle.show {
-    color: #fff;
-    background-color: #e83283;
-    border-color: #e83283; }
-    .btn-check:checked + .btn-outline-primary:focus,
-    .btn-check:active + .btn-outline-primary:focus, .btn-outline-primary:active:focus, .btn-outline-primary.active:focus, .btn-outline-primary.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(232, 50, 131, 0.5); }
-  .btn-outline-primary:disabled, .btn-outline-primary.disabled {
-    color: #e83283;
-    background-color: transparent; }
+  border-color: #e83283;
+}
+.btn-outline-primary:hover {
+  color: #fff;
+  background-color: #e83283;
+  border-color: #e83283;
+}
+.btn-check:focus + .btn-outline-primary, .btn-outline-primary:focus {
+  box-shadow: 0 0 0 0.25rem rgba(232, 50, 131, 0.5);
+}
+.btn-check:checked + .btn-outline-primary, .btn-check:active + .btn-outline-primary, .btn-outline-primary:active, .btn-outline-primary.active, .btn-outline-primary.dropdown-toggle.show {
+  color: #fff;
+  background-color: #e83283;
+  border-color: #e83283;
+}
+.btn-check:checked + .btn-outline-primary:focus, .btn-check:active + .btn-outline-primary:focus, .btn-outline-primary:active:focus, .btn-outline-primary.active:focus, .btn-outline-primary.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(232, 50, 131, 0.5);
+}
+.btn-outline-primary:disabled, .btn-outline-primary.disabled {
+  color: #e83283;
+  background-color: transparent;
+}
 
 .btn-outline-secondary {
   color: rgba(255, 255, 255, 0.4);
-  border-color: rgba(255, 255, 255, 0.4); }
-  .btn-outline-secondary:hover {
-    color: #000;
-    background-color: rgba(255, 255, 255, 0.4);
-    border-color: rgba(255, 255, 255, 0.4); }
-  .btn-check:focus + .btn-outline-secondary, .btn-outline-secondary:focus {
-    box-shadow: 0 0 0 0.25rem rgba(255, 255, 255, 0.5); }
-  .btn-check:checked + .btn-outline-secondary,
-  .btn-check:active + .btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
-    color: #000;
-    background-color: rgba(255, 255, 255, 0.4);
-    border-color: rgba(255, 255, 255, 0.4); }
-    .btn-check:checked + .btn-outline-secondary:focus,
-    .btn-check:active + .btn-outline-secondary:focus, .btn-outline-secondary:active:focus, .btn-outline-secondary.active:focus, .btn-outline-secondary.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(255, 255, 255, 0.5); }
-  .btn-outline-secondary:disabled, .btn-outline-secondary.disabled {
-    color: rgba(255, 255, 255, 0.4);
-    background-color: transparent; }
+  border-color: rgba(255, 255, 255, 0.4);
+}
+.btn-outline-secondary:hover {
+  color: #000;
+  background-color: rgba(255, 255, 255, 0.4);
+  border-color: rgba(255, 255, 255, 0.4);
+}
+.btn-check:focus + .btn-outline-secondary, .btn-outline-secondary:focus {
+  box-shadow: 0 0 0 0.25rem rgba(255, 255, 255, 0.5);
+}
+.btn-check:checked + .btn-outline-secondary, .btn-check:active + .btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
+  color: #000;
+  background-color: rgba(255, 255, 255, 0.4);
+  border-color: rgba(255, 255, 255, 0.4);
+}
+.btn-check:checked + .btn-outline-secondary:focus, .btn-check:active + .btn-outline-secondary:focus, .btn-outline-secondary:active:focus, .btn-outline-secondary.active:focus, .btn-outline-secondary.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(255, 255, 255, 0.5);
+}
+.btn-outline-secondary:disabled, .btn-outline-secondary.disabled {
+  color: rgba(255, 255, 255, 0.4);
+  background-color: transparent;
+}
 
 .btn-outline-success {
   color: #41d7a7;
-  border-color: #41d7a7; }
-  .btn-outline-success:hover {
-    color: #fff;
-    background-color: #41d7a7;
-    border-color: #41d7a7; }
-  .btn-check:focus + .btn-outline-success, .btn-outline-success:focus {
-    box-shadow: 0 0 0 0.25rem rgba(65, 215, 167, 0.5); }
-  .btn-check:checked + .btn-outline-success,
-  .btn-check:active + .btn-outline-success, .btn-outline-success:active, .btn-outline-success.active, .btn-outline-success.dropdown-toggle.show {
-    color: #fff;
-    background-color: #41d7a7;
-    border-color: #41d7a7; }
-    .btn-check:checked + .btn-outline-success:focus,
-    .btn-check:active + .btn-outline-success:focus, .btn-outline-success:active:focus, .btn-outline-success.active:focus, .btn-outline-success.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(65, 215, 167, 0.5); }
-  .btn-outline-success:disabled, .btn-outline-success.disabled {
-    color: #41d7a7;
-    background-color: transparent; }
+  border-color: #41d7a7;
+}
+.btn-outline-success:hover {
+  color: #fff;
+  background-color: #41d7a7;
+  border-color: #41d7a7;
+}
+.btn-check:focus + .btn-outline-success, .btn-outline-success:focus {
+  box-shadow: 0 0 0 0.25rem rgba(65, 215, 167, 0.5);
+}
+.btn-check:checked + .btn-outline-success, .btn-check:active + .btn-outline-success, .btn-outline-success:active, .btn-outline-success.active, .btn-outline-success.dropdown-toggle.show {
+  color: #fff;
+  background-color: #41d7a7;
+  border-color: #41d7a7;
+}
+.btn-check:checked + .btn-outline-success:focus, .btn-check:active + .btn-outline-success:focus, .btn-outline-success:active:focus, .btn-outline-success.active:focus, .btn-outline-success.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(65, 215, 167, 0.5);
+}
+.btn-outline-success:disabled, .btn-outline-success.disabled {
+  color: #41d7a7;
+  background-color: transparent;
+}
 
 .btn-outline-info {
   color: #39cbfb;
-  border-color: #39cbfb; }
-  .btn-outline-info:hover {
-    color: #fff;
-    background-color: #39cbfb;
-    border-color: #39cbfb; }
-  .btn-check:focus + .btn-outline-info, .btn-outline-info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(57, 203, 251, 0.5); }
-  .btn-check:checked + .btn-outline-info,
-  .btn-check:active + .btn-outline-info, .btn-outline-info:active, .btn-outline-info.active, .btn-outline-info.dropdown-toggle.show {
-    color: #fff;
-    background-color: #39cbfb;
-    border-color: #39cbfb; }
-    .btn-check:checked + .btn-outline-info:focus,
-    .btn-check:active + .btn-outline-info:focus, .btn-outline-info:active:focus, .btn-outline-info.active:focus, .btn-outline-info.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(57, 203, 251, 0.5); }
-  .btn-outline-info:disabled, .btn-outline-info.disabled {
-    color: #39cbfb;
-    background-color: transparent; }
+  border-color: #39cbfb;
+}
+.btn-outline-info:hover {
+  color: #fff;
+  background-color: #39cbfb;
+  border-color: #39cbfb;
+}
+.btn-check:focus + .btn-outline-info, .btn-outline-info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(57, 203, 251, 0.5);
+}
+.btn-check:checked + .btn-outline-info, .btn-check:active + .btn-outline-info, .btn-outline-info:active, .btn-outline-info.active, .btn-outline-info.dropdown-toggle.show {
+  color: #fff;
+  background-color: #39cbfb;
+  border-color: #39cbfb;
+}
+.btn-check:checked + .btn-outline-info:focus, .btn-check:active + .btn-outline-info:focus, .btn-outline-info:active:focus, .btn-outline-info.active:focus, .btn-outline-info.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(57, 203, 251, 0.5);
+}
+.btn-outline-info:disabled, .btn-outline-info.disabled {
+  color: #39cbfb;
+  background-color: transparent;
+}
 
 .btn-outline-warning {
   color: #ffc107;
-  border-color: #ffc107; }
-  .btn-outline-warning:hover {
-    color: #fff;
-    background-color: #ffc107;
-    border-color: #ffc107; }
-  .btn-check:focus + .btn-outline-warning, .btn-outline-warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.5); }
-  .btn-check:checked + .btn-outline-warning,
-  .btn-check:active + .btn-outline-warning, .btn-outline-warning:active, .btn-outline-warning.active, .btn-outline-warning.dropdown-toggle.show {
-    color: #fff;
-    background-color: #ffc107;
-    border-color: #ffc107; }
-    .btn-check:checked + .btn-outline-warning:focus,
-    .btn-check:active + .btn-outline-warning:focus, .btn-outline-warning:active:focus, .btn-outline-warning.active:focus, .btn-outline-warning.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.5); }
-  .btn-outline-warning:disabled, .btn-outline-warning.disabled {
-    color: #ffc107;
-    background-color: transparent; }
+  border-color: #ffc107;
+}
+.btn-outline-warning:hover {
+  color: #fff;
+  background-color: #ffc107;
+  border-color: #ffc107;
+}
+.btn-check:focus + .btn-outline-warning, .btn-outline-warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.5);
+}
+.btn-check:checked + .btn-outline-warning, .btn-check:active + .btn-outline-warning, .btn-outline-warning:active, .btn-outline-warning.active, .btn-outline-warning.dropdown-toggle.show {
+  color: #fff;
+  background-color: #ffc107;
+  border-color: #ffc107;
+}
+.btn-check:checked + .btn-outline-warning:focus, .btn-check:active + .btn-outline-warning:focus, .btn-outline-warning:active:focus, .btn-outline-warning.active:focus, .btn-outline-warning.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.5);
+}
+.btn-outline-warning:disabled, .btn-outline-warning.disabled {
+  color: #ffc107;
+  background-color: transparent;
+}
 
 .btn-outline-danger {
   color: #fd7e14;
-  border-color: #fd7e14; }
-  .btn-outline-danger:hover {
-    color: #fff;
-    background-color: #fd7e14;
-    border-color: #fd7e14; }
-  .btn-check:focus + .btn-outline-danger, .btn-outline-danger:focus {
-    box-shadow: 0 0 0 0.25rem rgba(253, 126, 20, 0.5); }
-  .btn-check:checked + .btn-outline-danger,
-  .btn-check:active + .btn-outline-danger, .btn-outline-danger:active, .btn-outline-danger.active, .btn-outline-danger.dropdown-toggle.show {
-    color: #fff;
-    background-color: #fd7e14;
-    border-color: #fd7e14; }
-    .btn-check:checked + .btn-outline-danger:focus,
-    .btn-check:active + .btn-outline-danger:focus, .btn-outline-danger:active:focus, .btn-outline-danger.active:focus, .btn-outline-danger.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(253, 126, 20, 0.5); }
-  .btn-outline-danger:disabled, .btn-outline-danger.disabled {
-    color: #fd7e14;
-    background-color: transparent; }
+  border-color: #fd7e14;
+}
+.btn-outline-danger:hover {
+  color: #fff;
+  background-color: #fd7e14;
+  border-color: #fd7e14;
+}
+.btn-check:focus + .btn-outline-danger, .btn-outline-danger:focus {
+  box-shadow: 0 0 0 0.25rem rgba(253, 126, 20, 0.5);
+}
+.btn-check:checked + .btn-outline-danger, .btn-check:active + .btn-outline-danger, .btn-outline-danger:active, .btn-outline-danger.active, .btn-outline-danger.dropdown-toggle.show {
+  color: #fff;
+  background-color: #fd7e14;
+  border-color: #fd7e14;
+}
+.btn-check:checked + .btn-outline-danger:focus, .btn-check:active + .btn-outline-danger:focus, .btn-outline-danger:active:focus, .btn-outline-danger.active:focus, .btn-outline-danger.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(253, 126, 20, 0.5);
+}
+.btn-outline-danger:disabled, .btn-outline-danger.disabled {
+  color: #fd7e14;
+  background-color: transparent;
+}
 
 .btn-outline-light {
   color: #e9e9e8;
-  border-color: #e9e9e8; }
-  .btn-outline-light:hover {
-    color: #000;
-    background-color: #e9e9e8;
-    border-color: #e9e9e8; }
-  .btn-check:focus + .btn-outline-light, .btn-outline-light:focus {
-    box-shadow: 0 0 0 0.25rem rgba(233, 233, 232, 0.5); }
-  .btn-check:checked + .btn-outline-light,
-  .btn-check:active + .btn-outline-light, .btn-outline-light:active, .btn-outline-light.active, .btn-outline-light.dropdown-toggle.show {
-    color: #000;
-    background-color: #e9e9e8;
-    border-color: #e9e9e8; }
-    .btn-check:checked + .btn-outline-light:focus,
-    .btn-check:active + .btn-outline-light:focus, .btn-outline-light:active:focus, .btn-outline-light.active:focus, .btn-outline-light.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(233, 233, 232, 0.5); }
-  .btn-outline-light:disabled, .btn-outline-light.disabled {
-    color: #e9e9e8;
-    background-color: transparent; }
+  border-color: #e9e9e8;
+}
+.btn-outline-light:hover {
+  color: #000;
+  background-color: #e9e9e8;
+  border-color: #e9e9e8;
+}
+.btn-check:focus + .btn-outline-light, .btn-outline-light:focus {
+  box-shadow: 0 0 0 0.25rem rgba(233, 233, 232, 0.5);
+}
+.btn-check:checked + .btn-outline-light, .btn-check:active + .btn-outline-light, .btn-outline-light:active, .btn-outline-light.active, .btn-outline-light.dropdown-toggle.show {
+  color: #000;
+  background-color: #e9e9e8;
+  border-color: #e9e9e8;
+}
+.btn-check:checked + .btn-outline-light:focus, .btn-check:active + .btn-outline-light:focus, .btn-outline-light:active:focus, .btn-outline-light.active:focus, .btn-outline-light.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(233, 233, 232, 0.5);
+}
+.btn-outline-light:disabled, .btn-outline-light.disabled {
+  color: #e9e9e8;
+  background-color: transparent;
+}
 
 .btn-outline-dark {
   color: #212529;
-  border-color: #212529; }
-  .btn-outline-dark:hover {
-    color: #fff;
-    background-color: #212529;
-    border-color: #212529; }
-  .btn-check:focus + .btn-outline-dark, .btn-outline-dark:focus {
-    box-shadow: 0 0 0 0.25rem rgba(33, 37, 41, 0.5); }
-  .btn-check:checked + .btn-outline-dark,
-  .btn-check:active + .btn-outline-dark, .btn-outline-dark:active, .btn-outline-dark.active, .btn-outline-dark.dropdown-toggle.show {
-    color: #fff;
-    background-color: #212529;
-    border-color: #212529; }
-    .btn-check:checked + .btn-outline-dark:focus,
-    .btn-check:active + .btn-outline-dark:focus, .btn-outline-dark:active:focus, .btn-outline-dark.active:focus, .btn-outline-dark.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(33, 37, 41, 0.5); }
-  .btn-outline-dark:disabled, .btn-outline-dark.disabled {
-    color: #212529;
-    background-color: transparent; }
+  border-color: #212529;
+}
+.btn-outline-dark:hover {
+  color: #fff;
+  background-color: #212529;
+  border-color: #212529;
+}
+.btn-check:focus + .btn-outline-dark, .btn-outline-dark:focus {
+  box-shadow: 0 0 0 0.25rem rgba(33, 37, 41, 0.5);
+}
+.btn-check:checked + .btn-outline-dark, .btn-check:active + .btn-outline-dark, .btn-outline-dark:active, .btn-outline-dark.active, .btn-outline-dark.dropdown-toggle.show {
+  color: #fff;
+  background-color: #212529;
+  border-color: #212529;
+}
+.btn-check:checked + .btn-outline-dark:focus, .btn-check:active + .btn-outline-dark:focus, .btn-outline-dark:active:focus, .btn-outline-dark.active:focus, .btn-outline-dark.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(33, 37, 41, 0.5);
+}
+.btn-outline-dark:disabled, .btn-outline-dark.disabled {
+  color: #212529;
+  background-color: transparent;
+}
 
 .btn-link {
   font-weight: 400;
   color: #fff;
-  text-decoration: underline; }
-  .btn-link:hover {
-    color: #cccccc; }
-  .btn-link:disabled, .btn-link.disabled {
-    color: #6c757d; }
+  text-decoration: underline;
+}
+.btn-link:hover {
+  color: #cccccc;
+}
+.btn-link:disabled, .btn-link.disabled {
+  color: #6c757d;
+}
 
 .btn-lg {
   padding: 0.5rem 1rem;
   font-size: 1.25rem;
-  border-radius: 0.7rem; }
+  border-radius: 0.7rem;
+}
 
 .btn-sm {
   padding: 0.25rem 0.5rem;
   font-size: 0.875rem;
-  border-radius: 0.6rem; }
+  border-radius: 0.6rem;
+}
diff --git a/webroot/css/themes/theme-slate.css b/webroot/css/themes/theme-slate.css
index d8b5ba6..0d722d6 100644
--- a/webroot/css/themes/theme-slate.css
+++ b/webroot/css/themes/theme-slate.css
@@ -1,283 +1,332 @@
 /* Callout */
 .callout {
   border: 1px solid #e9ecef;
-  border-radius: .25rem;
+  border-radius: 0.25rem;
   background-color: #363636;
-  box-shadow: none; }
+  box-shadow: none;
+}
 
 .callout-primary {
   border-left-color: #3a3f44;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-secondary {
   border-left-color: #7a8288;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-success {
   border-left-color: #62c462;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-info {
   border-left-color: #5bc0de;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-warning {
   border-left-color: #f89406;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-danger {
   border-left-color: #ee5f5b;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-light {
   border-left-color: #e9ecef;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-dark {
   border-left-color: #272b30;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 /* Toasts */
 .toast {
-  min-width: 250px; }
+  min-width: 250px;
+}
 
 .toast-primary {
   color: #111314;
   background-color: #c4c5c7;
-  border-color: #b0b2b4; }
-  .toast-primary strong {
-    border-top-color: #a3a5a8; }
+  border-color: #b0b2b4;
+}
+.toast-primary strong {
+  border-top-color: #a3a5a8;
+}
 
 .toast-secondary {
   color: #252729;
   background-color: #d7dadb;
-  border-color: #cacdcf; }
-  .toast-secondary strong {
-    border-top-color: #bdc0c3; }
+  border-color: #cacdcf;
+}
+.toast-secondary strong {
+  border-top-color: #bdc0c3;
+}
 
 .toast-success {
   color: #1d3b1d;
   background-color: #d0edd0;
-  border-color: #c0e7c0; }
-  .toast-success strong {
-    border-top-color: #aee0ae; }
+  border-color: #c0e7c0;
+}
+.toast-success strong {
+  border-top-color: #aee0ae;
+}
 
 .toast-info {
   color: #1b3a43;
   background-color: #ceecf5;
-  border-color: #bde6f2; }
-  .toast-info strong {
-    border-top-color: #a8deee; }
+  border-color: #bde6f2;
+}
+.toast-info strong {
+  border-top-color: #a8deee;
+}
 
 .toast-warning {
   color: #4a2c02;
   background-color: #fddfb4;
-  border-color: #fcd49b; }
-  .toast-warning strong {
-    border-top-color: #fbc982; }
+  border-color: #fcd49b;
+}
+.toast-warning strong {
+  border-top-color: #fbc982;
+}
 
 .toast-danger {
   color: #471d1b;
   background-color: #facfce;
-  border-color: #f8bfbd; }
-  .toast-danger strong {
-    border-top-color: #f6a9a6; }
+  border-color: #f8bfbd;
+}
+.toast-danger strong {
+  border-top-color: #f6a9a6;
+}
 
 .toast-light {
   color: #464748;
   background-color: #f8f9fa;
-  border-color: #f6f7f9; }
-  .toast-light strong {
-    border-top-color: #e7e9ef; }
+  border-color: #f6f7f9;
+}
+.toast-light strong {
+  border-top-color: #e7e9ef;
+}
 
 .toast-dark {
   color: #0c0d0e;
   background-color: #bebfc1;
-  border-color: #a9aaac; }
-  .toast-dark strong {
-    border-top-color: #9c9d9f; }
+  border-color: #a9aaac;
+}
+.toast-dark strong {
+  border-top-color: #9c9d9f;
+}
 
 /* Dropdown-item */
 .dropdown-item.dropdown-item-primary {
   color: #fff;
   text-decoration: none;
-  background-color: #3a3f44; }
-
+  background-color: #3a3f44;
+}
 .dropdown-item.dropdown-item-outline-primary:hover {
   color: #fff;
-  background-color: #3a3f44; }
-
+  background-color: #3a3f44;
+}
 .dropdown-item.dropdown-item-secondary {
   color: #fff;
   text-decoration: none;
-  background-color: #7a8288; }
-
+  background-color: #7a8288;
+}
 .dropdown-item.dropdown-item-outline-secondary:hover {
   color: #fff;
-  background-color: #7a8288; }
-
+  background-color: #7a8288;
+}
 .dropdown-item.dropdown-item-success {
   color: #fff;
   text-decoration: none;
-  background-color: #62c462; }
-
+  background-color: #62c462;
+}
 .dropdown-item.dropdown-item-outline-success:hover {
   color: #fff;
-  background-color: #62c462; }
-
+  background-color: #62c462;
+}
 .dropdown-item.dropdown-item-info {
   color: #fff;
   text-decoration: none;
-  background-color: #5bc0de; }
-
+  background-color: #5bc0de;
+}
 .dropdown-item.dropdown-item-outline-info:hover {
   color: #fff;
-  background-color: #5bc0de; }
-
+  background-color: #5bc0de;
+}
 .dropdown-item.dropdown-item-warning {
   color: #fff;
   text-decoration: none;
-  background-color: #f89406; }
-
+  background-color: #f89406;
+}
 .dropdown-item.dropdown-item-outline-warning:hover {
   color: #fff;
-  background-color: #f89406; }
-
+  background-color: #f89406;
+}
 .dropdown-item.dropdown-item-danger {
   color: #fff;
   text-decoration: none;
-  background-color: #ee5f5b; }
-
+  background-color: #ee5f5b;
+}
 .dropdown-item.dropdown-item-outline-danger:hover {
   color: #fff;
-  background-color: #ee5f5b; }
-
+  background-color: #ee5f5b;
+}
 .dropdown-item.dropdown-item-light {
   color: #000;
   text-decoration: none;
-  background-color: #e9ecef; }
-
+  background-color: #e9ecef;
+}
 .dropdown-item.dropdown-item-outline-light:hover {
   color: #000;
-  background-color: #e9ecef; }
-
+  background-color: #e9ecef;
+}
 .dropdown-item.dropdown-item-dark {
   color: #fff;
   text-decoration: none;
-  background-color: #272b30; }
-
+  background-color: #272b30;
+}
 .dropdown-item.dropdown-item-outline-dark:hover {
   color: #fff;
-  background-color: #272b30; }
+  background-color: #272b30;
+}
 
 /* Progress Timeline */
 .progress-timeline {
-  padding: 0.2em 0.2em 0.5em 0.2em; }
-  .progress-timeline ul {
-    position: relative;
-    padding: 0; }
-  .progress-timeline li {
-    list-style-type: none;
-    position: relative; }
-  .progress-timeline li.progress-inactive {
-    opacity: 0.5; }
-  .progress-timeline .progress-line {
-    height: 2px; }
-  .progress-timeline .progress-line.progress-inactive {
-    opacity: 0.5; }
+  padding: 0.2em 0.2em 0.5em 0.2em;
+}
+.progress-timeline ul {
+  position: relative;
+  padding: 0;
+}
+.progress-timeline li {
+  list-style-type: none;
+  position: relative;
+}
+.progress-timeline li.progress-inactive {
+  opacity: 0.5;
+}
+.progress-timeline .progress-line {
+  height: 2px;
+}
+.progress-timeline .progress-line.progress-inactive {
+  opacity: 0.5;
+}
 
 /* Forms severity */
 .form-control.is-invalid.info {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%235bc0de' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%235bc0de' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.info:focus {
-    border-color: #5bc0de;
-    box-shadow: 0 0 0 0.25rem rgba(91, 192, 222, 0.25); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%235bc0de' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%235bc0de' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.info:focus {
+  border-color: #5bc0de;
+  box-shadow: 0 0 0 0.25rem rgba(91, 192, 222, 0.25);
+}
 .form-control.is-invalid.warning {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23f89406' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f89406' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.warning:focus {
-    border-color: #f89406;
-    box-shadow: 0 0 0 0.25rem rgba(248, 148, 6, 0.25); }
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23f89406' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f89406' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.warning:focus {
+  border-color: #f89406;
+  box-shadow: 0 0 0 0.25rem rgba(248, 148, 6, 0.25);
+}
 
 .form-select.is-invalid:not([multiple]):not([size]).info,
 .form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%235bc0de'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%235bc0de' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).info:focus,
-  .form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(91, 192, 222, 0.25); }
-
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).info:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(91, 192, 222, 0.25);
+}
 .form-select.is-invalid:not([multiple]):not([size]).warning,
 .form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23f89406'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23f89406' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).warning:focus,
-  .form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(248, 148, 6, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).warning:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(248, 148, 6, 0.25);
+}
 
 .form-check-input.is-invalid.info {
-  border-color: #5bc0de; }
-
+  border-color: #5bc0de;
+}
 .form-check-input.is-invalid.info:checked {
-  background-color: #5bc0de; }
-
+  background-color: #5bc0de;
+}
 .form-check-input.is-invalid.info ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.info:focus {
-  box-shadow: 0 0 0 0.2rem rgba(91, 192, 222, 0.25); }
-
+  box-shadow: 0 0 0 0.2rem rgba(91, 192, 222, 0.25);
+}
 .form-check-input.is-invalid.warning {
-  border-color: #f89406; }
-
+  border-color: #f89406;
+}
 .form-check-input.is-invalid.warning:checked {
-  background-color: #f89406; }
-
+  background-color: #f89406;
+}
 .form-check-input.is-invalid.warning ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.warning:focus {
-  box-shadow: 0 0 0 0.2rem rgba(248, 148, 6, 0.25); }
+  box-shadow: 0 0 0 0.2rem rgba(248, 148, 6, 0.25);
+}
 
 /* Utilities */
 .mw-75 {
-  max-width: 75% !important; }
+  max-width: 75% !important;
+}
 
 .mw-50 {
-  max-width: 50% !important; }
+  max-width: 50% !important;
+}
 
 .mw-25 {
-  max-width: 25% !important; }
+  max-width: 25% !important;
+}
 
 .mh-75 {
-  max-height: 75% !important; }
+  max-height: 75% !important;
+}
 
 .mh-50 {
-  max-height: 50% !important; }
+  max-height: 50% !important;
+}
 
 .mh-25 {
-  max-height: 25% !important; }
+  max-height: 25% !important;
+}
 
 .p-abs-center-y {
   top: 50%;
-  transform: translateY(-50%); }
+  transform: translateY(-50%);
+}
 
 .p-abs-center-x {
   left: 50%;
-  transform: translateX(-50%); }
+  transform: translateX(-50%);
+}
 
 .p-abs-center-both {
   top: 50%;
   left: 50%;
-  transform: translateX(-50%) translateY(-50%); }
+  transform: translateX(-50%) translateY(-50%);
+}
 
 /* Body */
 body {
@@ -286,90 +335,114 @@ body {
   /* background by SVGBackgrounds.com */
   background-attachment: fixed;
   background-size: cover;
-  background-blend-mode: normal; }
+  background-blend-mode: normal;
+}
 
 .panel {
   background-color: #363636;
   border: 1px solid #454545;
-  box-shadow: none; }
+  box-shadow: none;
+}
 
 .loading-overlay {
   background-color: #272b30;
-  opacity: 0.65; }
+  opacity: 0.65;
+}
 
 /* Top navbar */
 .top-navbar {
-  background-color: #3a3f44; }
+  background-color: #3a3f44;
+}
 
 .center-navbar nav.header-breadcrumb {
-  color: #fff; }
+  color: #fff;
+}
 
 header.top-navbar .header-menu > a:hover,
 header.top-navbar .header-breadcrumb .header-breadcrumb-item > a:hover {
-  color: #d6d6d6 !important; }
+  color: #d6d6d6 !important;
+}
 
 .top-navbar .center-navbar nav.header-breadcrumb li.header-breadcrumb-item a {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .right-navbar .header-menu a.nav-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .left-navbar .navbar-brand img {
-  filter: invert(1); }
+  filter: invert(1);
+}
 
 .top-navbar .left-navbar .navbar-brand:hover img {
-  filter: invert(1) drop-shadow(0px 0px 3px #fff); }
+  filter: invert(1) drop-shadow(0px 0px 3px #fff);
+}
 
 .top-navbar .composed-app-icon-container > .app-icon {
-  background-color: #fff; }
+  background-color: #fff;
+}
 
 .breadcrumb-link-container {
   box-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.16), 0 2px 6px 0 rgba(0, 0, 0, 0.12);
-  background-color: #e9ecef; }
+  background-color: #e9ecef;
+}
 
 /* Sidebar */
 .sidebar {
-  transition: width .08s linear;
+  transition: width 0.08s linear;
   box-shadow: none;
-  background-color: #7a8288; }
+  background-color: #7a8288;
+}
 
 .sidebar ~ main.content:after {
-  background: #000; }
+  background: #000;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid none; }
+  border-right: 1px solid none;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid rgba(0, 0, 0, 0.125); }
+  border-right: 1px solid rgba(0, 0, 0, 0.125);
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.active {
   background-color: #595f64;
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.have-active-child {
   background-color: #595f64;
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link:hover {
   background-color: #60676c;
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child {
-  background-color: unset; }
+  background-color: unset;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child:hover,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child:hover {
-  background-color: #60676c; }
+  background-color: #60676c;
+}
 
 ul.sidebar-elements li > a.sidebar-link.active::after {
-  background-color: var(--cerebrate-color); }
+  background-color: var(--cerebrate-color);
+}
 
 .lock-sidebar > a.btn {
-  background-color: #7a8288; }
+  background-color: #7a8288;
+}
 
 .btn {
   display: inline-block;
@@ -386,455 +459,518 @@ ul.sidebar-elements li > a.sidebar-link.active::after {
   padding: 0.375rem 0.75rem;
   font-size: 1rem;
   border-radius: 0.25rem;
-  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out; }
-  @media (prefers-reduced-motion: reduce) {
-    .btn {
-      transition: none; } }
-  .btn:hover {
-    color: #aaa; }
-  .btn-check:focus + .btn, .btn:focus {
-    outline: 0;
-    box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.25); }
-  .btn:disabled, .btn.disabled,
-  fieldset:disabled .btn {
-    pointer-events: none;
-    opacity: 0.65; }
+  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+@media (prefers-reduced-motion: reduce) {
+  .btn {
+    transition: none;
+  }
+}
+.btn:hover {
+  color: #aaa;
+}
+.btn-check:focus + .btn, .btn:focus {
+  outline: 0;
+  box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.25);
+}
+.btn:disabled, .btn.disabled, fieldset:disabled .btn {
+  pointer-events: none;
+  opacity: 0.65;
+}
 
 .btn-primary {
   color: #fff;
   background-color: #3a3f44;
-  border-color: #3a3f44; }
-  .btn-primary:hover {
-    color: #fff;
-    background-color: #31363a;
-    border-color: #2e3236; }
-  .btn-check:focus + .btn-primary, .btn-primary:focus {
-    color: #fff;
-    background-color: #31363a;
-    border-color: #2e3236;
-    box-shadow: 0 0 0 0.25rem rgba(88, 92, 96, 0.5); }
-  .btn-check:checked + .btn-primary,
-  .btn-check:active + .btn-primary, .btn-primary:active, .btn-primary.active,
-  .show > .btn-primary.dropdown-toggle {
-    color: #fff;
-    background-color: #2e3236;
-    border-color: #2c2f33; }
-    .btn-check:checked + .btn-primary:focus,
-    .btn-check:active + .btn-primary:focus, .btn-primary:active:focus, .btn-primary.active:focus,
-    .show > .btn-primary.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(88, 92, 96, 0.5); }
-  .btn-primary:disabled, .btn-primary.disabled {
-    color: #fff;
-    background-color: #3a3f44;
-    border-color: #3a3f44; }
+  border-color: #3a3f44;
+}
+.btn-primary:hover {
+  color: #fff;
+  background-color: #31363a;
+  border-color: #2e3236;
+}
+.btn-check:focus + .btn-primary, .btn-primary:focus {
+  color: #fff;
+  background-color: #31363a;
+  border-color: #2e3236;
+  box-shadow: 0 0 0 0.25rem rgba(88, 92, 96, 0.5);
+}
+.btn-check:checked + .btn-primary, .btn-check:active + .btn-primary, .btn-primary:active, .btn-primary.active, .show > .btn-primary.dropdown-toggle {
+  color: #fff;
+  background-color: #2e3236;
+  border-color: #2c2f33;
+}
+.btn-check:checked + .btn-primary:focus, .btn-check:active + .btn-primary:focus, .btn-primary:active:focus, .btn-primary.active:focus, .show > .btn-primary.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(88, 92, 96, 0.5);
+}
+.btn-primary:disabled, .btn-primary.disabled {
+  color: #fff;
+  background-color: #3a3f44;
+  border-color: #3a3f44;
+}
 
 .btn-secondary {
   color: #fff;
   background-color: #7a8288;
-  border-color: #7a8288; }
-  .btn-secondary:hover {
-    color: #fff;
-    background-color: #686f74;
-    border-color: #62686d; }
-  .btn-check:focus + .btn-secondary, .btn-secondary:focus {
-    color: #fff;
-    background-color: #686f74;
-    border-color: #62686d;
-    box-shadow: 0 0 0 0.25rem rgba(142, 149, 154, 0.5); }
-  .btn-check:checked + .btn-secondary,
-  .btn-check:active + .btn-secondary, .btn-secondary:active, .btn-secondary.active,
-  .show > .btn-secondary.dropdown-toggle {
-    color: #fff;
-    background-color: #62686d;
-    border-color: #5c6266; }
-    .btn-check:checked + .btn-secondary:focus,
-    .btn-check:active + .btn-secondary:focus, .btn-secondary:active:focus, .btn-secondary.active:focus,
-    .show > .btn-secondary.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(142, 149, 154, 0.5); }
-  .btn-secondary:disabled, .btn-secondary.disabled {
-    color: #fff;
-    background-color: #7a8288;
-    border-color: #7a8288; }
+  border-color: #7a8288;
+}
+.btn-secondary:hover {
+  color: #fff;
+  background-color: #686f74;
+  border-color: #62686d;
+}
+.btn-check:focus + .btn-secondary, .btn-secondary:focus {
+  color: #fff;
+  background-color: #686f74;
+  border-color: #62686d;
+  box-shadow: 0 0 0 0.25rem rgba(142, 149, 154, 0.5);
+}
+.btn-check:checked + .btn-secondary, .btn-check:active + .btn-secondary, .btn-secondary:active, .btn-secondary.active, .show > .btn-secondary.dropdown-toggle {
+  color: #fff;
+  background-color: #62686d;
+  border-color: #5c6266;
+}
+.btn-check:checked + .btn-secondary:focus, .btn-check:active + .btn-secondary:focus, .btn-secondary:active:focus, .btn-secondary.active:focus, .show > .btn-secondary.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(142, 149, 154, 0.5);
+}
+.btn-secondary:disabled, .btn-secondary.disabled {
+  color: #fff;
+  background-color: #7a8288;
+  border-color: #7a8288;
+}
 
 .btn-success {
   color: #fff;
   background-color: #62c462;
-  border-color: #62c462; }
-  .btn-success:hover {
-    color: #fff;
-    background-color: #53a753;
-    border-color: #4e9d4e; }
-  .btn-check:focus + .btn-success, .btn-success:focus {
-    color: #fff;
-    background-color: #53a753;
-    border-color: #4e9d4e;
-    box-shadow: 0 0 0 0.25rem rgba(122, 205, 122, 0.5); }
-  .btn-check:checked + .btn-success,
-  .btn-check:active + .btn-success, .btn-success:active, .btn-success.active,
-  .show > .btn-success.dropdown-toggle {
-    color: #fff;
-    background-color: #4e9d4e;
-    border-color: #4a934a; }
-    .btn-check:checked + .btn-success:focus,
-    .btn-check:active + .btn-success:focus, .btn-success:active:focus, .btn-success.active:focus,
-    .show > .btn-success.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(122, 205, 122, 0.5); }
-  .btn-success:disabled, .btn-success.disabled {
-    color: #fff;
-    background-color: #62c462;
-    border-color: #62c462; }
+  border-color: #62c462;
+}
+.btn-success:hover {
+  color: #fff;
+  background-color: #53a753;
+  border-color: #4e9d4e;
+}
+.btn-check:focus + .btn-success, .btn-success:focus {
+  color: #fff;
+  background-color: #53a753;
+  border-color: #4e9d4e;
+  box-shadow: 0 0 0 0.25rem rgba(122, 205, 122, 0.5);
+}
+.btn-check:checked + .btn-success, .btn-check:active + .btn-success, .btn-success:active, .btn-success.active, .show > .btn-success.dropdown-toggle {
+  color: #fff;
+  background-color: #4e9d4e;
+  border-color: #4a934a;
+}
+.btn-check:checked + .btn-success:focus, .btn-check:active + .btn-success:focus, .btn-success:active:focus, .btn-success.active:focus, .show > .btn-success.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(122, 205, 122, 0.5);
+}
+.btn-success:disabled, .btn-success.disabled {
+  color: #fff;
+  background-color: #62c462;
+  border-color: #62c462;
+}
 
 .btn-info {
   color: #fff;
   background-color: #5bc0de;
-  border-color: #5bc0de; }
-  .btn-info:hover {
-    color: #fff;
-    background-color: #4da3bd;
-    border-color: #499ab2; }
-  .btn-check:focus + .btn-info, .btn-info:focus {
-    color: #fff;
-    background-color: #4da3bd;
-    border-color: #499ab2;
-    box-shadow: 0 0 0 0.25rem rgba(116, 201, 227, 0.5); }
-  .btn-check:checked + .btn-info,
-  .btn-check:active + .btn-info, .btn-info:active, .btn-info.active,
-  .show > .btn-info.dropdown-toggle {
-    color: #fff;
-    background-color: #499ab2;
-    border-color: #4490a7; }
-    .btn-check:checked + .btn-info:focus,
-    .btn-check:active + .btn-info:focus, .btn-info:active:focus, .btn-info.active:focus,
-    .show > .btn-info.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(116, 201, 227, 0.5); }
-  .btn-info:disabled, .btn-info.disabled {
-    color: #fff;
-    background-color: #5bc0de;
-    border-color: #5bc0de; }
+  border-color: #5bc0de;
+}
+.btn-info:hover {
+  color: #fff;
+  background-color: #4da3bd;
+  border-color: #499ab2;
+}
+.btn-check:focus + .btn-info, .btn-info:focus {
+  color: #fff;
+  background-color: #4da3bd;
+  border-color: #499ab2;
+  box-shadow: 0 0 0 0.25rem rgba(116, 201, 227, 0.5);
+}
+.btn-check:checked + .btn-info, .btn-check:active + .btn-info, .btn-info:active, .btn-info.active, .show > .btn-info.dropdown-toggle {
+  color: #fff;
+  background-color: #499ab2;
+  border-color: #4490a7;
+}
+.btn-check:checked + .btn-info:focus, .btn-check:active + .btn-info:focus, .btn-info:active:focus, .btn-info.active:focus, .show > .btn-info.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(116, 201, 227, 0.5);
+}
+.btn-info:disabled, .btn-info.disabled {
+  color: #fff;
+  background-color: #5bc0de;
+  border-color: #5bc0de;
+}
 
 .btn-warning {
   color: #fff;
   background-color: #f89406;
-  border-color: #f89406; }
-  .btn-warning:hover {
-    color: #fff;
-    background-color: #d37e05;
-    border-color: #c67605; }
-  .btn-check:focus + .btn-warning, .btn-warning:focus {
-    color: #fff;
-    background-color: #d37e05;
-    border-color: #c67605;
-    box-shadow: 0 0 0 0.25rem rgba(249, 164, 43, 0.5); }
-  .btn-check:checked + .btn-warning,
-  .btn-check:active + .btn-warning, .btn-warning:active, .btn-warning.active,
-  .show > .btn-warning.dropdown-toggle {
-    color: #fff;
-    background-color: #c67605;
-    border-color: #ba6f05; }
-    .btn-check:checked + .btn-warning:focus,
-    .btn-check:active + .btn-warning:focus, .btn-warning:active:focus, .btn-warning.active:focus,
-    .show > .btn-warning.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(249, 164, 43, 0.5); }
-  .btn-warning:disabled, .btn-warning.disabled {
-    color: #fff;
-    background-color: #f89406;
-    border-color: #f89406; }
+  border-color: #f89406;
+}
+.btn-warning:hover {
+  color: #fff;
+  background-color: #d37e05;
+  border-color: #c67605;
+}
+.btn-check:focus + .btn-warning, .btn-warning:focus {
+  color: #fff;
+  background-color: #d37e05;
+  border-color: #c67605;
+  box-shadow: 0 0 0 0.25rem rgba(249, 164, 43, 0.5);
+}
+.btn-check:checked + .btn-warning, .btn-check:active + .btn-warning, .btn-warning:active, .btn-warning.active, .show > .btn-warning.dropdown-toggle {
+  color: #fff;
+  background-color: #c67605;
+  border-color: #ba6f05;
+}
+.btn-check:checked + .btn-warning:focus, .btn-check:active + .btn-warning:focus, .btn-warning:active:focus, .btn-warning.active:focus, .show > .btn-warning.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(249, 164, 43, 0.5);
+}
+.btn-warning:disabled, .btn-warning.disabled {
+  color: #fff;
+  background-color: #f89406;
+  border-color: #f89406;
+}
 
 .btn-danger {
   color: #fff;
   background-color: #ee5f5b;
-  border-color: #ee5f5b; }
-  .btn-danger:hover {
-    color: #fff;
-    background-color: #ca514d;
-    border-color: #be4c49; }
-  .btn-check:focus + .btn-danger, .btn-danger:focus {
-    color: #fff;
-    background-color: #ca514d;
-    border-color: #be4c49;
-    box-shadow: 0 0 0 0.25rem rgba(241, 119, 116, 0.5); }
-  .btn-check:checked + .btn-danger,
-  .btn-check:active + .btn-danger, .btn-danger:active, .btn-danger.active,
-  .show > .btn-danger.dropdown-toggle {
-    color: #fff;
-    background-color: #be4c49;
-    border-color: #b34744; }
-    .btn-check:checked + .btn-danger:focus,
-    .btn-check:active + .btn-danger:focus, .btn-danger:active:focus, .btn-danger.active:focus,
-    .show > .btn-danger.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(241, 119, 116, 0.5); }
-  .btn-danger:disabled, .btn-danger.disabled {
-    color: #fff;
-    background-color: #ee5f5b;
-    border-color: #ee5f5b; }
+  border-color: #ee5f5b;
+}
+.btn-danger:hover {
+  color: #fff;
+  background-color: #ca514d;
+  border-color: #be4c49;
+}
+.btn-check:focus + .btn-danger, .btn-danger:focus {
+  color: #fff;
+  background-color: #ca514d;
+  border-color: #be4c49;
+  box-shadow: 0 0 0 0.25rem rgba(241, 119, 116, 0.5);
+}
+.btn-check:checked + .btn-danger, .btn-check:active + .btn-danger, .btn-danger:active, .btn-danger.active, .show > .btn-danger.dropdown-toggle {
+  color: #fff;
+  background-color: #be4c49;
+  border-color: #b34744;
+}
+.btn-check:checked + .btn-danger:focus, .btn-check:active + .btn-danger:focus, .btn-danger:active:focus, .btn-danger.active:focus, .show > .btn-danger.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(241, 119, 116, 0.5);
+}
+.btn-danger:disabled, .btn-danger.disabled {
+  color: #fff;
+  background-color: #ee5f5b;
+  border-color: #ee5f5b;
+}
 
 .btn-light {
   color: #000;
   background-color: #e9ecef;
-  border-color: #e9ecef; }
-  .btn-light:hover {
-    color: #000;
-    background-color: #eceff1;
-    border-color: #ebeef1; }
-  .btn-check:focus + .btn-light, .btn-light:focus {
-    color: #000;
-    background-color: #eceff1;
-    border-color: #ebeef1;
-    box-shadow: 0 0 0 0.25rem rgba(198, 201, 203, 0.5); }
-  .btn-check:checked + .btn-light,
-  .btn-check:active + .btn-light, .btn-light:active, .btn-light.active,
-  .show > .btn-light.dropdown-toggle {
-    color: #000;
-    background-color: #edf0f2;
-    border-color: #ebeef1; }
-    .btn-check:checked + .btn-light:focus,
-    .btn-check:active + .btn-light:focus, .btn-light:active:focus, .btn-light.active:focus,
-    .show > .btn-light.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(198, 201, 203, 0.5); }
-  .btn-light:disabled, .btn-light.disabled {
-    color: #000;
-    background-color: #e9ecef;
-    border-color: #e9ecef; }
+  border-color: #e9ecef;
+}
+.btn-light:hover {
+  color: #000;
+  background-color: #eceff1;
+  border-color: #ebeef1;
+}
+.btn-check:focus + .btn-light, .btn-light:focus {
+  color: #000;
+  background-color: #eceff1;
+  border-color: #ebeef1;
+  box-shadow: 0 0 0 0.25rem rgba(198, 201, 203, 0.5);
+}
+.btn-check:checked + .btn-light, .btn-check:active + .btn-light, .btn-light:active, .btn-light.active, .show > .btn-light.dropdown-toggle {
+  color: #000;
+  background-color: #edf0f2;
+  border-color: #ebeef1;
+}
+.btn-check:checked + .btn-light:focus, .btn-check:active + .btn-light:focus, .btn-light:active:focus, .btn-light.active:focus, .show > .btn-light.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(198, 201, 203, 0.5);
+}
+.btn-light:disabled, .btn-light.disabled {
+  color: #000;
+  background-color: #e9ecef;
+  border-color: #e9ecef;
+}
 
 .btn-dark {
   color: #fff;
   background-color: #272b30;
-  border-color: #272b30; }
-  .btn-dark:hover {
-    color: #fff;
-    background-color: #212529;
-    border-color: #1f2226; }
-  .btn-check:focus + .btn-dark, .btn-dark:focus {
-    color: #fff;
-    background-color: #212529;
-    border-color: #1f2226;
-    box-shadow: 0 0 0 0.25rem rgba(71, 75, 79, 0.5); }
-  .btn-check:checked + .btn-dark,
-  .btn-check:active + .btn-dark, .btn-dark:active, .btn-dark.active,
-  .show > .btn-dark.dropdown-toggle {
-    color: #fff;
-    background-color: #1f2226;
-    border-color: #1d2024; }
-    .btn-check:checked + .btn-dark:focus,
-    .btn-check:active + .btn-dark:focus, .btn-dark:active:focus, .btn-dark.active:focus,
-    .show > .btn-dark.dropdown-toggle:focus {
-      box-shadow: 0 0 0 0.25rem rgba(71, 75, 79, 0.5); }
-  .btn-dark:disabled, .btn-dark.disabled {
-    color: #fff;
-    background-color: #272b30;
-    border-color: #272b30; }
+  border-color: #272b30;
+}
+.btn-dark:hover {
+  color: #fff;
+  background-color: #212529;
+  border-color: #1f2226;
+}
+.btn-check:focus + .btn-dark, .btn-dark:focus {
+  color: #fff;
+  background-color: #212529;
+  border-color: #1f2226;
+  box-shadow: 0 0 0 0.25rem rgba(71, 75, 79, 0.5);
+}
+.btn-check:checked + .btn-dark, .btn-check:active + .btn-dark, .btn-dark:active, .btn-dark.active, .show > .btn-dark.dropdown-toggle {
+  color: #fff;
+  background-color: #1f2226;
+  border-color: #1d2024;
+}
+.btn-check:checked + .btn-dark:focus, .btn-check:active + .btn-dark:focus, .btn-dark:active:focus, .btn-dark.active:focus, .show > .btn-dark.dropdown-toggle:focus {
+  box-shadow: 0 0 0 0.25rem rgba(71, 75, 79, 0.5);
+}
+.btn-dark:disabled, .btn-dark.disabled {
+  color: #fff;
+  background-color: #272b30;
+  border-color: #272b30;
+}
 
 .btn-outline-primary {
   color: #3a3f44;
-  border-color: #3a3f44; }
-  .btn-outline-primary:hover {
-    color: #fff;
-    background-color: #3a3f44;
-    border-color: #3a3f44; }
-  .btn-check:focus + .btn-outline-primary, .btn-outline-primary:focus {
-    box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.5); }
-  .btn-check:checked + .btn-outline-primary,
-  .btn-check:active + .btn-outline-primary, .btn-outline-primary:active, .btn-outline-primary.active, .btn-outline-primary.dropdown-toggle.show {
-    color: #fff;
-    background-color: #3a3f44;
-    border-color: #3a3f44; }
-    .btn-check:checked + .btn-outline-primary:focus,
-    .btn-check:active + .btn-outline-primary:focus, .btn-outline-primary:active:focus, .btn-outline-primary.active:focus, .btn-outline-primary.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.5); }
-  .btn-outline-primary:disabled, .btn-outline-primary.disabled {
-    color: #3a3f44;
-    background-color: transparent; }
+  border-color: #3a3f44;
+}
+.btn-outline-primary:hover {
+  color: #fff;
+  background-color: #3a3f44;
+  border-color: #3a3f44;
+}
+.btn-check:focus + .btn-outline-primary, .btn-outline-primary:focus {
+  box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.5);
+}
+.btn-check:checked + .btn-outline-primary, .btn-check:active + .btn-outline-primary, .btn-outline-primary:active, .btn-outline-primary.active, .btn-outline-primary.dropdown-toggle.show {
+  color: #fff;
+  background-color: #3a3f44;
+  border-color: #3a3f44;
+}
+.btn-check:checked + .btn-outline-primary:focus, .btn-check:active + .btn-outline-primary:focus, .btn-outline-primary:active:focus, .btn-outline-primary.active:focus, .btn-outline-primary.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.5);
+}
+.btn-outline-primary:disabled, .btn-outline-primary.disabled {
+  color: #3a3f44;
+  background-color: transparent;
+}
 
 .btn-outline-secondary {
   color: #7a8288;
-  border-color: #7a8288; }
-  .btn-outline-secondary:hover {
-    color: #fff;
-    background-color: #7a8288;
-    border-color: #7a8288; }
-  .btn-check:focus + .btn-outline-secondary, .btn-outline-secondary:focus {
-    box-shadow: 0 0 0 0.25rem rgba(122, 130, 136, 0.5); }
-  .btn-check:checked + .btn-outline-secondary,
-  .btn-check:active + .btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
-    color: #fff;
-    background-color: #7a8288;
-    border-color: #7a8288; }
-    .btn-check:checked + .btn-outline-secondary:focus,
-    .btn-check:active + .btn-outline-secondary:focus, .btn-outline-secondary:active:focus, .btn-outline-secondary.active:focus, .btn-outline-secondary.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(122, 130, 136, 0.5); }
-  .btn-outline-secondary:disabled, .btn-outline-secondary.disabled {
-    color: #7a8288;
-    background-color: transparent; }
+  border-color: #7a8288;
+}
+.btn-outline-secondary:hover {
+  color: #fff;
+  background-color: #7a8288;
+  border-color: #7a8288;
+}
+.btn-check:focus + .btn-outline-secondary, .btn-outline-secondary:focus {
+  box-shadow: 0 0 0 0.25rem rgba(122, 130, 136, 0.5);
+}
+.btn-check:checked + .btn-outline-secondary, .btn-check:active + .btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
+  color: #fff;
+  background-color: #7a8288;
+  border-color: #7a8288;
+}
+.btn-check:checked + .btn-outline-secondary:focus, .btn-check:active + .btn-outline-secondary:focus, .btn-outline-secondary:active:focus, .btn-outline-secondary.active:focus, .btn-outline-secondary.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(122, 130, 136, 0.5);
+}
+.btn-outline-secondary:disabled, .btn-outline-secondary.disabled {
+  color: #7a8288;
+  background-color: transparent;
+}
 
 .btn-outline-success {
   color: #62c462;
-  border-color: #62c462; }
-  .btn-outline-success:hover {
-    color: #fff;
-    background-color: #62c462;
-    border-color: #62c462; }
-  .btn-check:focus + .btn-outline-success, .btn-outline-success:focus {
-    box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.5); }
-  .btn-check:checked + .btn-outline-success,
-  .btn-check:active + .btn-outline-success, .btn-outline-success:active, .btn-outline-success.active, .btn-outline-success.dropdown-toggle.show {
-    color: #fff;
-    background-color: #62c462;
-    border-color: #62c462; }
-    .btn-check:checked + .btn-outline-success:focus,
-    .btn-check:active + .btn-outline-success:focus, .btn-outline-success:active:focus, .btn-outline-success.active:focus, .btn-outline-success.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.5); }
-  .btn-outline-success:disabled, .btn-outline-success.disabled {
-    color: #62c462;
-    background-color: transparent; }
+  border-color: #62c462;
+}
+.btn-outline-success:hover {
+  color: #fff;
+  background-color: #62c462;
+  border-color: #62c462;
+}
+.btn-check:focus + .btn-outline-success, .btn-outline-success:focus {
+  box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.5);
+}
+.btn-check:checked + .btn-outline-success, .btn-check:active + .btn-outline-success, .btn-outline-success:active, .btn-outline-success.active, .btn-outline-success.dropdown-toggle.show {
+  color: #fff;
+  background-color: #62c462;
+  border-color: #62c462;
+}
+.btn-check:checked + .btn-outline-success:focus, .btn-check:active + .btn-outline-success:focus, .btn-outline-success:active:focus, .btn-outline-success.active:focus, .btn-outline-success.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.5);
+}
+.btn-outline-success:disabled, .btn-outline-success.disabled {
+  color: #62c462;
+  background-color: transparent;
+}
 
 .btn-outline-info {
   color: #5bc0de;
-  border-color: #5bc0de; }
-  .btn-outline-info:hover {
-    color: #fff;
-    background-color: #5bc0de;
-    border-color: #5bc0de; }
-  .btn-check:focus + .btn-outline-info, .btn-outline-info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(91, 192, 222, 0.5); }
-  .btn-check:checked + .btn-outline-info,
-  .btn-check:active + .btn-outline-info, .btn-outline-info:active, .btn-outline-info.active, .btn-outline-info.dropdown-toggle.show {
-    color: #fff;
-    background-color: #5bc0de;
-    border-color: #5bc0de; }
-    .btn-check:checked + .btn-outline-info:focus,
-    .btn-check:active + .btn-outline-info:focus, .btn-outline-info:active:focus, .btn-outline-info.active:focus, .btn-outline-info.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(91, 192, 222, 0.5); }
-  .btn-outline-info:disabled, .btn-outline-info.disabled {
-    color: #5bc0de;
-    background-color: transparent; }
+  border-color: #5bc0de;
+}
+.btn-outline-info:hover {
+  color: #fff;
+  background-color: #5bc0de;
+  border-color: #5bc0de;
+}
+.btn-check:focus + .btn-outline-info, .btn-outline-info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(91, 192, 222, 0.5);
+}
+.btn-check:checked + .btn-outline-info, .btn-check:active + .btn-outline-info, .btn-outline-info:active, .btn-outline-info.active, .btn-outline-info.dropdown-toggle.show {
+  color: #fff;
+  background-color: #5bc0de;
+  border-color: #5bc0de;
+}
+.btn-check:checked + .btn-outline-info:focus, .btn-check:active + .btn-outline-info:focus, .btn-outline-info:active:focus, .btn-outline-info.active:focus, .btn-outline-info.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(91, 192, 222, 0.5);
+}
+.btn-outline-info:disabled, .btn-outline-info.disabled {
+  color: #5bc0de;
+  background-color: transparent;
+}
 
 .btn-outline-warning {
   color: #f89406;
-  border-color: #f89406; }
-  .btn-outline-warning:hover {
-    color: #fff;
-    background-color: #f89406;
-    border-color: #f89406; }
-  .btn-check:focus + .btn-outline-warning, .btn-outline-warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(248, 148, 6, 0.5); }
-  .btn-check:checked + .btn-outline-warning,
-  .btn-check:active + .btn-outline-warning, .btn-outline-warning:active, .btn-outline-warning.active, .btn-outline-warning.dropdown-toggle.show {
-    color: #fff;
-    background-color: #f89406;
-    border-color: #f89406; }
-    .btn-check:checked + .btn-outline-warning:focus,
-    .btn-check:active + .btn-outline-warning:focus, .btn-outline-warning:active:focus, .btn-outline-warning.active:focus, .btn-outline-warning.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(248, 148, 6, 0.5); }
-  .btn-outline-warning:disabled, .btn-outline-warning.disabled {
-    color: #f89406;
-    background-color: transparent; }
+  border-color: #f89406;
+}
+.btn-outline-warning:hover {
+  color: #fff;
+  background-color: #f89406;
+  border-color: #f89406;
+}
+.btn-check:focus + .btn-outline-warning, .btn-outline-warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(248, 148, 6, 0.5);
+}
+.btn-check:checked + .btn-outline-warning, .btn-check:active + .btn-outline-warning, .btn-outline-warning:active, .btn-outline-warning.active, .btn-outline-warning.dropdown-toggle.show {
+  color: #fff;
+  background-color: #f89406;
+  border-color: #f89406;
+}
+.btn-check:checked + .btn-outline-warning:focus, .btn-check:active + .btn-outline-warning:focus, .btn-outline-warning:active:focus, .btn-outline-warning.active:focus, .btn-outline-warning.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(248, 148, 6, 0.5);
+}
+.btn-outline-warning:disabled, .btn-outline-warning.disabled {
+  color: #f89406;
+  background-color: transparent;
+}
 
 .btn-outline-danger {
   color: #ee5f5b;
-  border-color: #ee5f5b; }
-  .btn-outline-danger:hover {
-    color: #fff;
-    background-color: #ee5f5b;
-    border-color: #ee5f5b; }
-  .btn-check:focus + .btn-outline-danger, .btn-outline-danger:focus {
-    box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.5); }
-  .btn-check:checked + .btn-outline-danger,
-  .btn-check:active + .btn-outline-danger, .btn-outline-danger:active, .btn-outline-danger.active, .btn-outline-danger.dropdown-toggle.show {
-    color: #fff;
-    background-color: #ee5f5b;
-    border-color: #ee5f5b; }
-    .btn-check:checked + .btn-outline-danger:focus,
-    .btn-check:active + .btn-outline-danger:focus, .btn-outline-danger:active:focus, .btn-outline-danger.active:focus, .btn-outline-danger.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.5); }
-  .btn-outline-danger:disabled, .btn-outline-danger.disabled {
-    color: #ee5f5b;
-    background-color: transparent; }
+  border-color: #ee5f5b;
+}
+.btn-outline-danger:hover {
+  color: #fff;
+  background-color: #ee5f5b;
+  border-color: #ee5f5b;
+}
+.btn-check:focus + .btn-outline-danger, .btn-outline-danger:focus {
+  box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.5);
+}
+.btn-check:checked + .btn-outline-danger, .btn-check:active + .btn-outline-danger, .btn-outline-danger:active, .btn-outline-danger.active, .btn-outline-danger.dropdown-toggle.show {
+  color: #fff;
+  background-color: #ee5f5b;
+  border-color: #ee5f5b;
+}
+.btn-check:checked + .btn-outline-danger:focus, .btn-check:active + .btn-outline-danger:focus, .btn-outline-danger:active:focus, .btn-outline-danger.active:focus, .btn-outline-danger.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.5);
+}
+.btn-outline-danger:disabled, .btn-outline-danger.disabled {
+  color: #ee5f5b;
+  background-color: transparent;
+}
 
 .btn-outline-light {
   color: #e9ecef;
-  border-color: #e9ecef; }
-  .btn-outline-light:hover {
-    color: #000;
-    background-color: #e9ecef;
-    border-color: #e9ecef; }
-  .btn-check:focus + .btn-outline-light, .btn-outline-light:focus {
-    box-shadow: 0 0 0 0.25rem rgba(233, 236, 239, 0.5); }
-  .btn-check:checked + .btn-outline-light,
-  .btn-check:active + .btn-outline-light, .btn-outline-light:active, .btn-outline-light.active, .btn-outline-light.dropdown-toggle.show {
-    color: #000;
-    background-color: #e9ecef;
-    border-color: #e9ecef; }
-    .btn-check:checked + .btn-outline-light:focus,
-    .btn-check:active + .btn-outline-light:focus, .btn-outline-light:active:focus, .btn-outline-light.active:focus, .btn-outline-light.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(233, 236, 239, 0.5); }
-  .btn-outline-light:disabled, .btn-outline-light.disabled {
-    color: #e9ecef;
-    background-color: transparent; }
+  border-color: #e9ecef;
+}
+.btn-outline-light:hover {
+  color: #000;
+  background-color: #e9ecef;
+  border-color: #e9ecef;
+}
+.btn-check:focus + .btn-outline-light, .btn-outline-light:focus {
+  box-shadow: 0 0 0 0.25rem rgba(233, 236, 239, 0.5);
+}
+.btn-check:checked + .btn-outline-light, .btn-check:active + .btn-outline-light, .btn-outline-light:active, .btn-outline-light.active, .btn-outline-light.dropdown-toggle.show {
+  color: #000;
+  background-color: #e9ecef;
+  border-color: #e9ecef;
+}
+.btn-check:checked + .btn-outline-light:focus, .btn-check:active + .btn-outline-light:focus, .btn-outline-light:active:focus, .btn-outline-light.active:focus, .btn-outline-light.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(233, 236, 239, 0.5);
+}
+.btn-outline-light:disabled, .btn-outline-light.disabled {
+  color: #e9ecef;
+  background-color: transparent;
+}
 
 .btn-outline-dark {
   color: #272b30;
-  border-color: #272b30; }
-  .btn-outline-dark:hover {
-    color: #fff;
-    background-color: #272b30;
-    border-color: #272b30; }
-  .btn-check:focus + .btn-outline-dark, .btn-outline-dark:focus {
-    box-shadow: 0 0 0 0.25rem rgba(39, 43, 48, 0.5); }
-  .btn-check:checked + .btn-outline-dark,
-  .btn-check:active + .btn-outline-dark, .btn-outline-dark:active, .btn-outline-dark.active, .btn-outline-dark.dropdown-toggle.show {
-    color: #fff;
-    background-color: #272b30;
-    border-color: #272b30; }
-    .btn-check:checked + .btn-outline-dark:focus,
-    .btn-check:active + .btn-outline-dark:focus, .btn-outline-dark:active:focus, .btn-outline-dark.active:focus, .btn-outline-dark.dropdown-toggle.show:focus {
-      box-shadow: 0 0 0 0.25rem rgba(39, 43, 48, 0.5); }
-  .btn-outline-dark:disabled, .btn-outline-dark.disabled {
-    color: #272b30;
-    background-color: transparent; }
+  border-color: #272b30;
+}
+.btn-outline-dark:hover {
+  color: #fff;
+  background-color: #272b30;
+  border-color: #272b30;
+}
+.btn-check:focus + .btn-outline-dark, .btn-outline-dark:focus {
+  box-shadow: 0 0 0 0.25rem rgba(39, 43, 48, 0.5);
+}
+.btn-check:checked + .btn-outline-dark, .btn-check:active + .btn-outline-dark, .btn-outline-dark:active, .btn-outline-dark.active, .btn-outline-dark.dropdown-toggle.show {
+  color: #fff;
+  background-color: #272b30;
+  border-color: #272b30;
+}
+.btn-check:checked + .btn-outline-dark:focus, .btn-check:active + .btn-outline-dark:focus, .btn-outline-dark:active:focus, .btn-outline-dark.active:focus, .btn-outline-dark.dropdown-toggle.show:focus {
+  box-shadow: 0 0 0 0.25rem rgba(39, 43, 48, 0.5);
+}
+.btn-outline-dark:disabled, .btn-outline-dark.disabled {
+  color: #272b30;
+  background-color: transparent;
+}
 
 .btn-link {
   font-weight: 400;
   color: #fff;
-  text-decoration: underline; }
-  .btn-link:hover {
-    color: #cccccc; }
-  .btn-link:disabled, .btn-link.disabled {
-    color: #7a8288; }
+  text-decoration: underline;
+}
+.btn-link:hover {
+  color: #cccccc;
+}
+.btn-link:disabled, .btn-link.disabled {
+  color: #7a8288;
+}
 
 .btn-lg {
   padding: 0.5rem 1rem;
   font-size: 1.25rem;
-  border-radius: 0.3rem; }
+  border-radius: 0.3rem;
+}
 
 .btn-sm {
   padding: 0.25rem 0.5rem;
   font-size: 0.875rem;
-  border-radius: 0.2rem; }
+  border-radius: 0.2rem;
+}
 
 .form-label {
-  margin-bottom: 0.5rem; }
+  margin-bottom: 0.5rem;
+}
 
 .col-form-label {
   padding-top: calc(0.375rem + 1px);
   padding-bottom: calc(0.375rem + 1px);
   margin-bottom: 0;
   font-size: inherit;
-  line-height: 1.5; }
+  line-height: 1.5;
+}
 
 .col-form-label-lg {
   padding-top: calc(0.5rem + 1px);
   padding-bottom: calc(0.5rem + 1px);
-  font-size: 1.25rem; }
+  font-size: 1.25rem;
+}
 
 .col-form-label-sm {
   padding-top: calc(0.25rem + 1px);
   padding-bottom: calc(0.25rem + 1px);
-  font-size: 0.875rem; }
+  font-size: 0.875rem;
+}
 
 .form-text {
   margin-top: 0.25rem;
   font-size: 0.875em;
-  color: #7a8288; }
+  color: #7a8288;
+}
 
 .form-control {
   display: block;
@@ -849,64 +985,81 @@ ul.sidebar-elements li > a.sidebar-link.active::after {
   border: 1px solid #ced4da;
   appearance: none;
   border-radius: 0.25rem;
-  transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out; }
-  @media (prefers-reduced-motion: reduce) {
-    .form-control {
-      transition: none; } }
-  .form-control[type="file"] {
-    overflow: hidden; }
-    .form-control[type="file"]:not(:disabled):not([readonly]) {
-      cursor: pointer; }
-  .form-control:focus {
-    color: #272b30;
-    background-color: #fff;
-    border-color: #9d9fa2;
-    outline: 0;
-    box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.25); }
-  .form-control::-webkit-date-and-time-value {
-    height: 1.5em; }
-  .form-control::placeholder {
-    color: #7a8288;
-    opacity: 1; }
-  .form-control:disabled, .form-control[readonly] {
-    background-color: #ccc;
-    opacity: 1; }
+  transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+@media (prefers-reduced-motion: reduce) {
+  .form-control {
+    transition: none;
+  }
+}
+.form-control[type=file] {
+  overflow: hidden;
+}
+.form-control[type=file]:not(:disabled):not([readonly]) {
+  cursor: pointer;
+}
+.form-control:focus {
+  color: #272b30;
+  background-color: #fff;
+  border-color: #9d9fa2;
+  outline: 0;
+  box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.25);
+}
+.form-control::-webkit-date-and-time-value {
+  height: 1.5em;
+}
+.form-control::placeholder {
+  color: #7a8288;
+  opacity: 1;
+}
+.form-control:disabled, .form-control[readonly] {
+  background-color: #ccc;
+  opacity: 1;
+}
+.form-control::file-selector-button {
+  padding: 0.375rem 0.75rem;
+  margin: -0.375rem -0.75rem;
+  margin-inline-end: 0.75rem;
+  color: #272b30;
+  background-color: #e9ecef;
+  pointer-events: none;
+  border-color: inherit;
+  border-style: solid;
+  border-width: 0;
+  border-inline-end-width: 1px;
+  border-radius: 0;
+  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+@media (prefers-reduced-motion: reduce) {
   .form-control::file-selector-button {
-    padding: 0.375rem 0.75rem;
-    margin: -0.375rem -0.75rem;
-    margin-inline-end: 0.75rem;
-    color: #272b30;
-    background-color: #e9ecef;
-    pointer-events: none;
-    border-color: inherit;
-    border-style: solid;
-    border-width: 0;
-    border-inline-end-width: 1px;
-    border-radius: 0;
-    transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out; }
-    @media (prefers-reduced-motion: reduce) {
-      .form-control::file-selector-button {
-        transition: none; } }
-  .form-control:hover:not(:disabled):not([readonly])::file-selector-button {
-    background-color: #dde0e3; }
+    transition: none;
+  }
+}
+.form-control:hover:not(:disabled):not([readonly])::file-selector-button {
+  background-color: #dde0e3;
+}
+.form-control::-webkit-file-upload-button {
+  padding: 0.375rem 0.75rem;
+  margin: -0.375rem -0.75rem;
+  margin-inline-end: 0.75rem;
+  color: #272b30;
+  background-color: #e9ecef;
+  pointer-events: none;
+  border-color: inherit;
+  border-style: solid;
+  border-width: 0;
+  border-inline-end-width: 1px;
+  border-radius: 0;
+  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+@media (prefers-reduced-motion: reduce) {
   .form-control::-webkit-file-upload-button {
-    padding: 0.375rem 0.75rem;
-    margin: -0.375rem -0.75rem;
-    margin-inline-end: 0.75rem;
-    color: #272b30;
-    background-color: #e9ecef;
-    pointer-events: none;
-    border-color: inherit;
-    border-style: solid;
-    border-width: 0;
-    border-inline-end-width: 1px;
-    border-radius: 0;
-    transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out; }
-    @media (prefers-reduced-motion: reduce) {
-      .form-control::-webkit-file-upload-button {
-        transition: none; } }
-  .form-control:hover:not(:disabled):not([readonly])::-webkit-file-upload-button {
-    background-color: #dde0e3; }
+    transition: none;
+  }
+}
+.form-control:hover:not(:disabled):not([readonly])::-webkit-file-upload-button {
+  background-color: #dde0e3;
+}
 
 .form-control-plaintext {
   display: block;
@@ -917,60 +1070,73 @@ ul.sidebar-elements li > a.sidebar-link.active::after {
   color: #aaa;
   background-color: transparent;
   border: solid transparent;
-  border-width: 1px 0; }
-  .form-control-plaintext.form-control-sm, .form-control-plaintext.form-control-lg {
-    padding-right: 0;
-    padding-left: 0; }
+  border-width: 1px 0;
+}
+.form-control-plaintext.form-control-sm, .form-control-plaintext.form-control-lg {
+  padding-right: 0;
+  padding-left: 0;
+}
 
 .form-control-sm {
   min-height: calc(1.5em + 0.5rem + 2px);
   padding: 0.25rem 0.5rem;
   font-size: 0.875rem;
-  border-radius: 0.2rem; }
-  .form-control-sm::file-selector-button {
-    padding: 0.25rem 0.5rem;
-    margin: -0.25rem -0.5rem;
-    margin-inline-end: 0.5rem; }
-  .form-control-sm::-webkit-file-upload-button {
-    padding: 0.25rem 0.5rem;
-    margin: -0.25rem -0.5rem;
-    margin-inline-end: 0.5rem; }
+  border-radius: 0.2rem;
+}
+.form-control-sm::file-selector-button {
+  padding: 0.25rem 0.5rem;
+  margin: -0.25rem -0.5rem;
+  margin-inline-end: 0.5rem;
+}
+.form-control-sm::-webkit-file-upload-button {
+  padding: 0.25rem 0.5rem;
+  margin: -0.25rem -0.5rem;
+  margin-inline-end: 0.5rem;
+}
 
 .form-control-lg {
   min-height: calc(1.5em + 1rem + 2px);
   padding: 0.5rem 1rem;
   font-size: 1.25rem;
-  border-radius: 0.3rem; }
-  .form-control-lg::file-selector-button {
-    padding: 0.5rem 1rem;
-    margin: -0.5rem -1rem;
-    margin-inline-end: 1rem; }
-  .form-control-lg::-webkit-file-upload-button {
-    padding: 0.5rem 1rem;
-    margin: -0.5rem -1rem;
-    margin-inline-end: 1rem; }
+  border-radius: 0.3rem;
+}
+.form-control-lg::file-selector-button {
+  padding: 0.5rem 1rem;
+  margin: -0.5rem -1rem;
+  margin-inline-end: 1rem;
+}
+.form-control-lg::-webkit-file-upload-button {
+  padding: 0.5rem 1rem;
+  margin: -0.5rem -1rem;
+  margin-inline-end: 1rem;
+}
 
 textarea.form-control {
-  min-height: calc(1.5em + 0.75rem + 2px); }
-
+  min-height: calc(1.5em + 0.75rem + 2px);
+}
 textarea.form-control-sm {
-  min-height: calc(1.5em + 0.5rem + 2px); }
-
+  min-height: calc(1.5em + 0.5rem + 2px);
+}
 textarea.form-control-lg {
-  min-height: calc(1.5em + 1rem + 2px); }
+  min-height: calc(1.5em + 1rem + 2px);
+}
 
 .form-control-color {
   width: 3rem;
   height: auto;
-  padding: 0.375rem; }
-  .form-control-color:not(:disabled):not([readonly]) {
-    cursor: pointer; }
-  .form-control-color::-moz-color-swatch {
-    height: 1.5em;
-    border-radius: 0.25rem; }
-  .form-control-color::-webkit-color-swatch {
-    height: 1.5em;
-    border-radius: 0.25rem; }
+  padding: 0.375rem;
+}
+.form-control-color:not(:disabled):not([readonly]) {
+  cursor: pointer;
+}
+.form-control-color::-moz-color-swatch {
+  height: 1.5em;
+  border-radius: 0.25rem;
+}
+.form-control-color::-webkit-color-swatch {
+  height: 1.5em;
+  border-radius: 0.25rem;
+}
 
 .form-select {
   display: block;
@@ -989,43 +1155,56 @@ textarea.form-control-lg {
   border: 1px solid #ced4da;
   border-radius: 0.25rem;
   transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
-  appearance: none; }
-  @media (prefers-reduced-motion: reduce) {
-    .form-select {
-      transition: none; } }
-  .form-select:focus {
-    border-color: #9d9fa2;
-    outline: 0;
-    box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.25); }
-  .form-select[multiple], .form-select[size]:not([size="1"]) {
-    padding-right: 0.75rem;
-    background-image: none; }
-  .form-select:disabled {
-    background-color: #e9ecef; }
-  .form-select:-moz-focusring {
-    color: transparent;
-    text-shadow: 0 0 0 #272b30; }
+  appearance: none;
+}
+@media (prefers-reduced-motion: reduce) {
+  .form-select {
+    transition: none;
+  }
+}
+.form-select:focus {
+  border-color: #9d9fa2;
+  outline: 0;
+  box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.25);
+}
+.form-select[multiple], .form-select[size]:not([size="1"]) {
+  padding-right: 0.75rem;
+  background-image: none;
+}
+.form-select:disabled {
+  background-color: #e9ecef;
+}
+.form-select:-moz-focusring {
+  color: transparent;
+  text-shadow: 0 0 0 #272b30;
+}
 
 .form-select-sm {
   padding-top: 0.25rem;
   padding-bottom: 0.25rem;
   padding-left: 0.5rem;
-  font-size: 0.875rem; }
+  font-size: 0.875rem;
+  border-radius: 0.2rem;
+}
 
 .form-select-lg {
   padding-top: 0.5rem;
   padding-bottom: 0.5rem;
   padding-left: 1rem;
-  font-size: 1.25rem; }
+  font-size: 1.25rem;
+  border-radius: 0.3rem;
+}
 
 .form-check {
   display: block;
   min-height: 1.5rem;
   padding-left: 1.5em;
-  margin-bottom: 0.125rem; }
-  .form-check .form-check-input {
-    float: left;
-    margin-left: -1.5em; }
+  margin-bottom: 0.125rem;
+}
+.form-check .form-check-input {
+  float: left;
+  margin-left: -1.5em;
+}
 
 .form-check-input {
   width: 1em;
@@ -1038,191 +1217,246 @@ textarea.form-control-lg {
   background-size: contain;
   border: 1px solid rgba(0, 0, 0, 0.25);
   appearance: none;
-  color-adjust: exact; }
-  .form-check-input[type="checkbox"] {
-    border-radius: 0.25em; }
-  .form-check-input[type="radio"] {
-    border-radius: 50%; }
-  .form-check-input:active {
-    filter: brightness(90%); }
-  .form-check-input:focus {
-    border-color: #9d9fa2;
-    outline: 0;
-    box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.25); }
-  .form-check-input:checked {
-    background-color: #3a3f44;
-    border-color: #3a3f44; }
-    .form-check-input:checked[type="checkbox"] {
-      background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='M6 10l3 3l6-6'/%3e%3c/svg%3e"); }
-    .form-check-input:checked[type="radio"] {
-      background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='2' fill='%23fff'/%3e%3c/svg%3e"); }
-  .form-check-input[type="checkbox"]:indeterminate {
-    background-color: #3a3f44;
-    border-color: #3a3f44;
-    background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='M6 10h8'/%3e%3c/svg%3e"); }
-  .form-check-input:disabled {
-    pointer-events: none;
-    filter: none;
-    opacity: 0.5; }
-  .form-check-input[disabled] ~ .form-check-label, .form-check-input:disabled ~ .form-check-label {
-    opacity: 0.5; }
+  color-adjust: exact;
+}
+.form-check-input[type=checkbox] {
+  border-radius: 0.25em;
+}
+.form-check-input[type=radio] {
+  border-radius: 50%;
+}
+.form-check-input:active {
+  filter: brightness(90%);
+}
+.form-check-input:focus {
+  border-color: #9d9fa2;
+  outline: 0;
+  box-shadow: 0 0 0 0.25rem rgba(58, 63, 68, 0.25);
+}
+.form-check-input:checked {
+  background-color: #3a3f44;
+  border-color: #3a3f44;
+}
+.form-check-input:checked[type=checkbox] {
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='M6 10l3 3l6-6'/%3e%3c/svg%3e");
+}
+.form-check-input:checked[type=radio] {
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='2' fill='%23fff'/%3e%3c/svg%3e");
+}
+.form-check-input[type=checkbox]:indeterminate {
+  background-color: #3a3f44;
+  border-color: #3a3f44;
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='M6 10h8'/%3e%3c/svg%3e");
+}
+.form-check-input:disabled {
+  pointer-events: none;
+  filter: none;
+  opacity: 0.5;
+}
+.form-check-input[disabled] ~ .form-check-label, .form-check-input:disabled ~ .form-check-label {
+  opacity: 0.5;
+}
 
 .form-switch {
-  padding-left: 2.5em; }
+  padding-left: 2.5em;
+}
+.form-switch .form-check-input {
+  width: 2em;
+  margin-left: -2.5em;
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='rgba%280, 0, 0, 0.25%29'/%3e%3c/svg%3e");
+  background-position: left center;
+  border-radius: 2em;
+  transition: background-position 0.15s ease-in-out;
+}
+@media (prefers-reduced-motion: reduce) {
   .form-switch .form-check-input {
-    width: 2em;
-    margin-left: -2.5em;
-    background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='rgba%280, 0, 0, 0.25%29'/%3e%3c/svg%3e");
-    background-position: left center;
-    border-radius: 2em;
-    transition: background-position 0.15s ease-in-out; }
-    @media (prefers-reduced-motion: reduce) {
-      .form-switch .form-check-input {
-        transition: none; } }
-    .form-switch .form-check-input:focus {
-      background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='%239d9fa2'/%3e%3c/svg%3e"); }
-    .form-switch .form-check-input:checked {
-      background-position: right center;
-      background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='%23fff'/%3e%3c/svg%3e"); }
+    transition: none;
+  }
+}
+.form-switch .form-check-input:focus {
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='%239d9fa2'/%3e%3c/svg%3e");
+}
+.form-switch .form-check-input:checked {
+  background-position: right center;
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='%23fff'/%3e%3c/svg%3e");
+}
 
 .form-check-inline {
   display: inline-block;
-  margin-right: 1rem; }
+  margin-right: 1rem;
+}
 
 .btn-check {
   position: absolute;
   clip: rect(0, 0, 0, 0);
-  pointer-events: none; }
-  .btn-check[disabled] + .btn, .btn-check:disabled + .btn {
-    pointer-events: none;
-    filter: none;
-    opacity: 0.65; }
+  pointer-events: none;
+}
+.btn-check[disabled] + .btn, .btn-check:disabled + .btn {
+  pointer-events: none;
+  filter: none;
+  opacity: 0.65;
+}
 
 .form-range {
   width: 100%;
   height: 1.5rem;
   padding: 0;
   background-color: transparent;
-  appearance: none; }
-  .form-range:focus {
-    outline: 0; }
-    .form-range:focus::-webkit-slider-thumb {
-      box-shadow: 0 0 0 1px #272b30, 0 0 0 0.25rem rgba(58, 63, 68, 0.25); }
-    .form-range:focus::-moz-range-thumb {
-      box-shadow: 0 0 0 1px #272b30, 0 0 0 0.25rem rgba(58, 63, 68, 0.25); }
-  .form-range::-moz-focus-outer {
-    border: 0; }
+  appearance: none;
+}
+.form-range:focus {
+  outline: 0;
+}
+.form-range:focus::-webkit-slider-thumb {
+  box-shadow: 0 0 0 1px #272b30, 0 0 0 0.25rem rgba(58, 63, 68, 0.25);
+}
+.form-range:focus::-moz-range-thumb {
+  box-shadow: 0 0 0 1px #272b30, 0 0 0 0.25rem rgba(58, 63, 68, 0.25);
+}
+.form-range::-moz-focus-outer {
+  border: 0;
+}
+.form-range::-webkit-slider-thumb {
+  width: 1rem;
+  height: 1rem;
+  margin-top: -0.25rem;
+  background-color: #3a3f44;
+  border: 0;
+  border-radius: 1rem;
+  transition: background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+  appearance: none;
+}
+@media (prefers-reduced-motion: reduce) {
   .form-range::-webkit-slider-thumb {
-    width: 1rem;
-    height: 1rem;
-    margin-top: -0.25rem;
-    background-color: #3a3f44;
-    border: 0;
-    border-radius: 1rem;
-    transition: background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
-    appearance: none; }
-    @media (prefers-reduced-motion: reduce) {
-      .form-range::-webkit-slider-thumb {
-        transition: none; } }
-    .form-range::-webkit-slider-thumb:active {
-      background-color: #c4c5c7; }
-  .form-range::-webkit-slider-runnable-track {
-    width: 100%;
-    height: 0.5rem;
-    color: transparent;
-    cursor: pointer;
-    background-color: #dee2e6;
-    border-color: transparent;
-    border-radius: 1rem; }
+    transition: none;
+  }
+}
+.form-range::-webkit-slider-thumb:active {
+  background-color: #c4c5c7;
+}
+.form-range::-webkit-slider-runnable-track {
+  width: 100%;
+  height: 0.5rem;
+  color: transparent;
+  cursor: pointer;
+  background-color: #dee2e6;
+  border-color: transparent;
+  border-radius: 1rem;
+}
+.form-range::-moz-range-thumb {
+  width: 1rem;
+  height: 1rem;
+  background-color: #3a3f44;
+  border: 0;
+  border-radius: 1rem;
+  transition: background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+  appearance: none;
+}
+@media (prefers-reduced-motion: reduce) {
   .form-range::-moz-range-thumb {
-    width: 1rem;
-    height: 1rem;
-    background-color: #3a3f44;
-    border: 0;
-    border-radius: 1rem;
-    transition: background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
-    appearance: none; }
-    @media (prefers-reduced-motion: reduce) {
-      .form-range::-moz-range-thumb {
-        transition: none; } }
-    .form-range::-moz-range-thumb:active {
-      background-color: #c4c5c7; }
-  .form-range::-moz-range-track {
-    width: 100%;
-    height: 0.5rem;
-    color: transparent;
-    cursor: pointer;
-    background-color: #dee2e6;
-    border-color: transparent;
-    border-radius: 1rem; }
-  .form-range:disabled {
-    pointer-events: none; }
-    .form-range:disabled::-webkit-slider-thumb {
-      background-color: #999; }
-    .form-range:disabled::-moz-range-thumb {
-      background-color: #999; }
+    transition: none;
+  }
+}
+.form-range::-moz-range-thumb:active {
+  background-color: #c4c5c7;
+}
+.form-range::-moz-range-track {
+  width: 100%;
+  height: 0.5rem;
+  color: transparent;
+  cursor: pointer;
+  background-color: #dee2e6;
+  border-color: transparent;
+  border-radius: 1rem;
+}
+.form-range:disabled {
+  pointer-events: none;
+}
+.form-range:disabled::-webkit-slider-thumb {
+  background-color: #999;
+}
+.form-range:disabled::-moz-range-thumb {
+  background-color: #999;
+}
 
 .form-floating {
-  position: relative; }
-  .form-floating > .form-control,
-  .form-floating > .form-select {
-    height: calc(3.5rem + 2px);
-    line-height: 1.25; }
+  position: relative;
+}
+.form-floating > .form-control,
+.form-floating > .form-select {
+  height: calc(3.5rem + 2px);
+  line-height: 1.25;
+}
+.form-floating > label {
+  position: absolute;
+  top: 0;
+  left: 0;
+  height: 100%;
+  padding: 1rem 0.75rem;
+  pointer-events: none;
+  border: 1px solid transparent;
+  transform-origin: 0 0;
+  transition: opacity 0.1s ease-in-out, transform 0.1s ease-in-out;
+}
+@media (prefers-reduced-motion: reduce) {
   .form-floating > label {
-    position: absolute;
-    top: 0;
-    left: 0;
-    height: 100%;
-    padding: 1rem 0.75rem;
-    pointer-events: none;
-    border: 1px solid transparent;
-    transform-origin: 0 0;
-    transition: opacity 0.1s ease-in-out, transform 0.1s ease-in-out; }
-    @media (prefers-reduced-motion: reduce) {
-      .form-floating > label {
-        transition: none; } }
-  .form-floating > .form-control {
-    padding: 1rem 0.75rem; }
-    .form-floating > .form-control::placeholder {
-      color: transparent; }
-    .form-floating > .form-control:focus, .form-floating > .form-control:not(:placeholder-shown) {
-      padding-top: 1.625rem;
-      padding-bottom: 0.625rem; }
-    .form-floating > .form-control:-webkit-autofill {
-      padding-top: 1.625rem;
-      padding-bottom: 0.625rem; }
-  .form-floating > .form-select {
-    padding-top: 1.625rem;
-    padding-bottom: 0.625rem; }
-  .form-floating > .form-control:focus ~ label,
-  .form-floating > .form-control:not(:placeholder-shown) ~ label,
-  .form-floating > .form-select ~ label {
-    opacity: 0.65;
-    transform: scale(0.85) translateY(-0.5rem) translateX(0.15rem); }
-  .form-floating > .form-control:-webkit-autofill ~ label {
-    opacity: 0.65;
-    transform: scale(0.85) translateY(-0.5rem) translateX(0.15rem); }
+    transition: none;
+  }
+}
+.form-floating > .form-control {
+  padding: 1rem 0.75rem;
+}
+.form-floating > .form-control::placeholder {
+  color: transparent;
+}
+.form-floating > .form-control:focus, .form-floating > .form-control:not(:placeholder-shown) {
+  padding-top: 1.625rem;
+  padding-bottom: 0.625rem;
+}
+.form-floating > .form-control:-webkit-autofill {
+  padding-top: 1.625rem;
+  padding-bottom: 0.625rem;
+}
+.form-floating > .form-select {
+  padding-top: 1.625rem;
+  padding-bottom: 0.625rem;
+}
+.form-floating > .form-control:focus ~ label,
+.form-floating > .form-control:not(:placeholder-shown) ~ label,
+.form-floating > .form-select ~ label {
+  opacity: 0.65;
+  transform: scale(0.85) translateY(-0.5rem) translateX(0.15rem);
+}
+.form-floating > .form-control:-webkit-autofill ~ label {
+  opacity: 0.65;
+  transform: scale(0.85) translateY(-0.5rem) translateX(0.15rem);
+}
 
 .input-group {
   position: relative;
   display: flex;
   flex-wrap: wrap;
   align-items: stretch;
-  width: 100%; }
-  .input-group > .form-control,
-  .input-group > .form-select {
-    position: relative;
-    flex: 1 1 auto;
-    width: 1%;
-    min-width: 0; }
-  .input-group > .form-control:focus,
-  .input-group > .form-select:focus {
-    z-index: 3; }
-  .input-group .btn {
-    position: relative;
-    z-index: 2; }
-    .input-group .btn:focus {
-      z-index: 3; }
+  width: 100%;
+}
+.input-group > .form-control,
+.input-group > .form-select {
+  position: relative;
+  flex: 1 1 auto;
+  width: 1%;
+  min-width: 0;
+}
+.input-group > .form-control:focus,
+.input-group > .form-select:focus {
+  z-index: 3;
+}
+.input-group .btn {
+  position: relative;
+  z-index: 2;
+}
+.input-group .btn:focus {
+  z-index: 3;
+}
 
 .input-group-text {
   display: flex;
@@ -1236,7 +1470,8 @@ textarea.form-control-lg {
   white-space: nowrap;
   background-color: #e9ecef;
   border: 1px solid #ced4da;
-  border-radius: 0.25rem; }
+  border-radius: 0.25rem;
+}
 
 .input-group-lg > .form-control,
 .input-group-lg > .form-select,
@@ -1244,7 +1479,8 @@ textarea.form-control-lg {
 .input-group-lg > .btn {
   padding: 0.5rem 1rem;
   font-size: 1.25rem;
-  border-radius: 0.3rem; }
+  border-radius: 0.3rem;
+}
 
 .input-group-sm > .form-control,
 .input-group-sm > .form-select,
@@ -1252,33 +1488,37 @@ textarea.form-control-lg {
 .input-group-sm > .btn {
   padding: 0.25rem 0.5rem;
   font-size: 0.875rem;
-  border-radius: 0.2rem; }
+  border-radius: 0.2rem;
+}
 
 .input-group-lg > .form-select,
 .input-group-sm > .form-select {
-  padding-right: 3rem; }
+  padding-right: 3rem;
+}
 
 .input-group:not(.has-validation) > :not(:last-child):not(.dropdown-toggle):not(.dropdown-menu),
-.input-group:not(.has-validation) > .dropdown-toggle:nth-last-child(n + 3) {
+.input-group:not(.has-validation) > .dropdown-toggle:nth-last-child(n+3) {
   border-top-right-radius: 0;
-  border-bottom-right-radius: 0; }
-
-.input-group.has-validation > :nth-last-child(n + 3):not(.dropdown-toggle):not(.dropdown-menu),
-.input-group.has-validation > .dropdown-toggle:nth-last-child(n + 4) {
+  border-bottom-right-radius: 0;
+}
+.input-group.has-validation > :nth-last-child(n+3):not(.dropdown-toggle):not(.dropdown-menu),
+.input-group.has-validation > .dropdown-toggle:nth-last-child(n+4) {
   border-top-right-radius: 0;
-  border-bottom-right-radius: 0; }
-
+  border-bottom-right-radius: 0;
+}
 .input-group > :not(:first-child):not(.dropdown-menu):not(.valid-tooltip):not(.valid-feedback):not(.invalid-tooltip):not(.invalid-feedback) {
   margin-left: -1px;
   border-top-left-radius: 0;
-  border-bottom-left-radius: 0; }
+  border-bottom-left-radius: 0;
+}
 
 .valid-feedback {
   display: none;
   width: 100%;
   margin-top: 0.25rem;
   font-size: 0.875em;
-  color: #62c462; }
+  color: #62c462;
+}
 
 .valid-tooltip {
   position: absolute;
@@ -1287,17 +1527,19 @@ textarea.form-control-lg {
   display: none;
   max-width: 100%;
   padding: 0.25rem 0.5rem;
-  margin-top: .1rem;
+  margin-top: 0.1rem;
   font-size: 0.875rem;
   color: #fff;
   background-color: rgba(98, 196, 98, 0.9);
-  border-radius: 0.25rem; }
+  border-radius: 0.25rem;
+}
 
 .was-validated :valid ~ .valid-feedback,
 .was-validated :valid ~ .valid-tooltip,
 .is-valid ~ .valid-feedback,
 .is-valid ~ .valid-tooltip {
-  display: block; }
+  display: block;
+}
 
 .was-validated .form-control:valid, .form-control.is-valid {
   border-color: #62c462;
@@ -1305,53 +1547,67 @@ textarea.form-control-lg {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3e%3cpath fill='%2362c462' d='M2.3 6.73L.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3e%3c/svg%3e");
   background-repeat: no-repeat;
   background-position: right calc(0.375em + 0.1875rem) center;
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .was-validated .form-control:valid:focus, .form-control.is-valid:focus {
-    border-color: #62c462;
-    box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.was-validated .form-control:valid:focus, .form-control.is-valid:focus {
+  border-color: #62c462;
+  box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.25);
+}
 
 .was-validated textarea.form-control:valid, textarea.form-control.is-valid {
   padding-right: calc(1.5em + 0.75rem);
-  background-position: top calc(0.375em + 0.1875rem) right calc(0.375em + 0.1875rem); }
+  background-position: top calc(0.375em + 0.1875rem) right calc(0.375em + 0.1875rem);
+}
 
 .was-validated .form-select:valid, .form-select.is-valid {
-  border-color: #62c462; }
-  .was-validated .form-select:valid:not([multiple]):not([size]), .was-validated .form-select:valid:not([multiple])[size="1"], .form-select.is-valid:not([multiple]):not([size]), .form-select.is-valid:not([multiple])[size="1"] {
-    padding-right: 4.125rem;
-    background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%233a3f44' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='M2 5l6 6 6-6'/%3e%3c/svg%3e"), url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3e%3cpath fill='%2362c462' d='M2.3 6.73L.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3e%3c/svg%3e");
-    background-position: right 0.75rem center, center right 2.25rem;
-    background-size: 16px 12px, calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .was-validated .form-select:valid:focus, .form-select.is-valid:focus {
-    border-color: #62c462;
-    box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.25); }
+  border-color: #62c462;
+}
+.was-validated .form-select:valid:not([multiple]):not([size]), .was-validated .form-select:valid:not([multiple])[size="1"], .form-select.is-valid:not([multiple]):not([size]), .form-select.is-valid:not([multiple])[size="1"] {
+  padding-right: 4.125rem;
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%233a3f44' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='M2 5l6 6 6-6'/%3e%3c/svg%3e"), url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3e%3cpath fill='%2362c462' d='M2.3 6.73L.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3e%3c/svg%3e");
+  background-position: right 0.75rem center, center right 2.25rem;
+  background-size: 16px 12px, calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.was-validated .form-select:valid:focus, .form-select.is-valid:focus {
+  border-color: #62c462;
+  box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.25);
+}
 
 .was-validated .form-check-input:valid, .form-check-input.is-valid {
-  border-color: #62c462; }
-  .was-validated .form-check-input:valid:checked, .form-check-input.is-valid:checked {
-    background-color: #62c462; }
-  .was-validated .form-check-input:valid:focus, .form-check-input.is-valid:focus {
-    box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.25); }
-  .was-validated .form-check-input:valid ~ .form-check-label, .form-check-input.is-valid ~ .form-check-label {
-    color: #62c462; }
+  border-color: #62c462;
+}
+.was-validated .form-check-input:valid:checked, .form-check-input.is-valid:checked {
+  background-color: #62c462;
+}
+.was-validated .form-check-input:valid:focus, .form-check-input.is-valid:focus {
+  box-shadow: 0 0 0 0.25rem rgba(98, 196, 98, 0.25);
+}
+.was-validated .form-check-input:valid ~ .form-check-label, .form-check-input.is-valid ~ .form-check-label {
+  color: #62c462;
+}
 
 .form-check-inline .form-check-input ~ .valid-feedback {
-  margin-left: .5em; }
+  margin-left: 0.5em;
+}
 
-.was-validated .input-group .form-control:valid, .input-group .form-control.is-valid, .was-validated
-.input-group .form-select:valid,
+.was-validated .input-group .form-control:valid, .input-group .form-control.is-valid,
+.was-validated .input-group .form-select:valid,
 .input-group .form-select.is-valid {
-  z-index: 1; }
-  .was-validated .input-group .form-control:valid:focus, .input-group .form-control.is-valid:focus, .was-validated
-  .input-group .form-select:valid:focus,
-  .input-group .form-select.is-valid:focus {
-    z-index: 3; }
+  z-index: 1;
+}
+.was-validated .input-group .form-control:valid:focus, .input-group .form-control.is-valid:focus,
+.was-validated .input-group .form-select:valid:focus,
+.input-group .form-select.is-valid:focus {
+  z-index: 3;
+}
 
 .invalid-feedback {
   display: none;
   width: 100%;
   margin-top: 0.25rem;
   font-size: 0.875em;
-  color: #ee5f5b; }
+  color: #ee5f5b;
+}
 
 .invalid-tooltip {
   position: absolute;
@@ -1360,17 +1616,19 @@ textarea.form-control-lg {
   display: none;
   max-width: 100%;
   padding: 0.25rem 0.5rem;
-  margin-top: .1rem;
+  margin-top: 0.1rem;
   font-size: 0.875rem;
   color: #fff;
   background-color: rgba(238, 95, 91, 0.9);
-  border-radius: 0.25rem; }
+  border-radius: 0.25rem;
+}
 
 .was-validated :invalid ~ .invalid-feedback,
 .was-validated :invalid ~ .invalid-tooltip,
 .is-invalid ~ .invalid-feedback,
 .is-invalid ~ .invalid-tooltip {
-  display: block; }
+  display: block;
+}
 
 .was-validated .form-control:invalid, .form-control.is-invalid {
   border-color: #ee5f5b;
@@ -1378,46 +1636,59 @@ textarea.form-control-lg {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23ee5f5b'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ee5f5b' stroke='none'/%3e%3c/svg%3e");
   background-repeat: no-repeat;
   background-position: right calc(0.375em + 0.1875rem) center;
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .was-validated .form-control:invalid:focus, .form-control.is-invalid:focus {
-    border-color: #ee5f5b;
-    box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.was-validated .form-control:invalid:focus, .form-control.is-invalid:focus {
+  border-color: #ee5f5b;
+  box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.25);
+}
 
 .was-validated textarea.form-control:invalid, textarea.form-control.is-invalid {
   padding-right: calc(1.5em + 0.75rem);
-  background-position: top calc(0.375em + 0.1875rem) right calc(0.375em + 0.1875rem); }
+  background-position: top calc(0.375em + 0.1875rem) right calc(0.375em + 0.1875rem);
+}
 
 .was-validated .form-select:invalid, .form-select.is-invalid {
-  border-color: #ee5f5b; }
-  .was-validated .form-select:invalid:not([multiple]):not([size]), .was-validated .form-select:invalid:not([multiple])[size="1"], .form-select.is-invalid:not([multiple]):not([size]), .form-select.is-invalid:not([multiple])[size="1"] {
-    padding-right: 4.125rem;
-    background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%233a3f44' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='M2 5l6 6 6-6'/%3e%3c/svg%3e"), url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23ee5f5b'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ee5f5b' stroke='none'/%3e%3c/svg%3e");
-    background-position: right 0.75rem center, center right 2.25rem;
-    background-size: 16px 12px, calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .was-validated .form-select:invalid:focus, .form-select.is-invalid:focus {
-    border-color: #ee5f5b;
-    box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.25); }
+  border-color: #ee5f5b;
+}
+.was-validated .form-select:invalid:not([multiple]):not([size]), .was-validated .form-select:invalid:not([multiple])[size="1"], .form-select.is-invalid:not([multiple]):not([size]), .form-select.is-invalid:not([multiple])[size="1"] {
+  padding-right: 4.125rem;
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%233a3f44' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='M2 5l6 6 6-6'/%3e%3c/svg%3e"), url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23ee5f5b'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ee5f5b' stroke='none'/%3e%3c/svg%3e");
+  background-position: right 0.75rem center, center right 2.25rem;
+  background-size: 16px 12px, calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.was-validated .form-select:invalid:focus, .form-select.is-invalid:focus {
+  border-color: #ee5f5b;
+  box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.25);
+}
 
 .was-validated .form-check-input:invalid, .form-check-input.is-invalid {
-  border-color: #ee5f5b; }
-  .was-validated .form-check-input:invalid:checked, .form-check-input.is-invalid:checked {
-    background-color: #ee5f5b; }
-  .was-validated .form-check-input:invalid:focus, .form-check-input.is-invalid:focus {
-    box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.25); }
-  .was-validated .form-check-input:invalid ~ .form-check-label, .form-check-input.is-invalid ~ .form-check-label {
-    color: #ee5f5b; }
+  border-color: #ee5f5b;
+}
+.was-validated .form-check-input:invalid:checked, .form-check-input.is-invalid:checked {
+  background-color: #ee5f5b;
+}
+.was-validated .form-check-input:invalid:focus, .form-check-input.is-invalid:focus {
+  box-shadow: 0 0 0 0.25rem rgba(238, 95, 91, 0.25);
+}
+.was-validated .form-check-input:invalid ~ .form-check-label, .form-check-input.is-invalid ~ .form-check-label {
+  color: #ee5f5b;
+}
 
 .form-check-inline .form-check-input ~ .invalid-feedback {
-  margin-left: .5em; }
+  margin-left: 0.5em;
+}
 
-.was-validated .input-group .form-control:invalid, .input-group .form-control.is-invalid, .was-validated
-.input-group .form-select:invalid,
+.was-validated .input-group .form-control:invalid, .input-group .form-control.is-invalid,
+.was-validated .input-group .form-select:invalid,
 .input-group .form-select.is-invalid {
-  z-index: 2; }
-  .was-validated .input-group .form-control:invalid:focus, .input-group .form-control.is-invalid:focus, .was-validated
-  .input-group .form-select:invalid:focus,
-  .input-group .form-select.is-invalid:focus {
-    z-index: 3; }
+  z-index: 2;
+}
+.was-validated .input-group .form-control:invalid:focus, .input-group .form-control.is-invalid:focus,
+.was-validated .input-group .form-select:invalid:focus,
+.input-group .form-select.is-invalid:focus {
+  z-index: 3;
+}
 
 .navbar {
   position: relative;
@@ -1426,42 +1697,48 @@ textarea.form-control-lg {
   align-items: center;
   justify-content: space-between;
   padding-top: 0;
-  padding-bottom: 0; }
-  .navbar > .container,
-  .navbar > .container-fluid, .navbar > .container-sm, .navbar > .container-md, .navbar > .container-lg, .navbar > .container-xl, .navbar > .container-xxl {
-    display: flex;
-    flex-wrap: inherit;
-    align-items: center;
-    justify-content: space-between; }
-
+  padding-bottom: 0;
+}
+.navbar > .container-xxl, .navbar > .container-xl, .navbar > .container-lg, .navbar > .container-md, .navbar > .container-sm, .navbar > .container,
+.navbar > .container-fluid {
+  display: flex;
+  flex-wrap: inherit;
+  align-items: center;
+  justify-content: space-between;
+}
 .navbar-brand {
   padding-top: 0.3125rem;
   padding-bottom: 0.3125rem;
   margin-right: 1rem;
   font-size: 1.25rem;
   text-decoration: none;
-  white-space: nowrap; }
-
+  white-space: nowrap;
+}
 .navbar-nav {
   display: flex;
   flex-direction: column;
   padding-left: 0;
   margin-bottom: 0;
-  list-style: none; }
-  .navbar-nav .nav-link {
-    padding-right: 0;
-    padding-left: 0; }
-  .navbar-nav .dropdown-menu {
-    position: static; }
+  list-style: none;
+}
+.navbar-nav .nav-link {
+  padding-right: 0;
+  padding-left: 0;
+}
+.navbar-nav .dropdown-menu {
+  position: static;
+}
 
 .navbar-text {
   padding-top: 0.5rem;
-  padding-bottom: 0.5rem; }
+  padding-bottom: 0.5rem;
+}
 
 .navbar-collapse {
   flex-basis: 100%;
   flex-grow: 1;
-  align-items: center; }
+  align-items: center;
+}
 
 .navbar-toggler {
   padding: 0.25rem 0.75rem;
@@ -1470,16 +1747,21 @@ textarea.form-control-lg {
   background-color: transparent;
   border: 1px solid transparent;
   border-radius: 0.25rem;
-  transition: box-shadow 0.15s ease-in-out; }
-  @media (prefers-reduced-motion: reduce) {
-    .navbar-toggler {
-      transition: none; } }
-  .navbar-toggler:hover {
-    text-decoration: none; }
-  .navbar-toggler:focus {
-    text-decoration: none;
-    outline: 0;
-    box-shadow: 0 0 0 0.25rem; }
+  transition: box-shadow 0.15s ease-in-out;
+}
+@media (prefers-reduced-motion: reduce) {
+  .navbar-toggler {
+    transition: none;
+  }
+}
+.navbar-toggler:hover {
+  text-decoration: none;
+}
+.navbar-toggler:focus {
+  text-decoration: none;
+  outline: 0;
+  box-shadow: 0 0 0 0.25rem;
+}
 
 .navbar-toggler-icon {
   display: inline-block;
@@ -1488,242 +1770,43 @@ textarea.form-control-lg {
   vertical-align: middle;
   background-repeat: no-repeat;
   background-position: center;
-  background-size: 100%; }
+  background-size: 100%;
+}
 
 .navbar-nav-scroll {
   max-height: var(--bs-scroll-height, 75vh);
-  overflow-y: auto; }
+  overflow-y: auto;
+}
 
 @media (min-width: 576px) {
   .navbar-expand-sm {
     flex-wrap: nowrap;
-    justify-content: flex-start; }
-    .navbar-expand-sm .navbar-nav {
-      flex-direction: row; }
-      .navbar-expand-sm .navbar-nav .dropdown-menu {
-        position: absolute; }
-      .navbar-expand-sm .navbar-nav .nav-link {
-        padding-right: 0.5rem;
-        padding-left: 0.5rem; }
-    .navbar-expand-sm .navbar-nav-scroll {
-      overflow: visible; }
-    .navbar-expand-sm .navbar-collapse {
-      display: flex !important;
-      flex-basis: auto; }
-    .navbar-expand-sm .navbar-toggler {
-      display: none; }
-    .navbar-expand-sm .offcanvas-header {
-      display: none; }
-    .navbar-expand-sm .offcanvas {
-      position: inherit;
-      bottom: 0;
-      z-index: 1000;
-      flex-grow: 1;
-      visibility: visible !important;
-      background-color: transparent;
-      border-right: 0;
-      border-left: 0;
-      transition: none;
-      transform: none; }
-    .navbar-expand-sm .offcanvas-top,
-    .navbar-expand-sm .offcanvas-bottom {
-      height: auto;
-      border-top: 0;
-      border-bottom: 0; }
-    .navbar-expand-sm .offcanvas-body {
-      display: flex;
-      flex-grow: 0;
-      padding: 0;
-      overflow-y: visible; } }
-
-@media (min-width: 768px) {
-  .navbar-expand-md {
-    flex-wrap: nowrap;
-    justify-content: flex-start; }
-    .navbar-expand-md .navbar-nav {
-      flex-direction: row; }
-      .navbar-expand-md .navbar-nav .dropdown-menu {
-        position: absolute; }
-      .navbar-expand-md .navbar-nav .nav-link {
-        padding-right: 0.5rem;
-        padding-left: 0.5rem; }
-    .navbar-expand-md .navbar-nav-scroll {
-      overflow: visible; }
-    .navbar-expand-md .navbar-collapse {
-      display: flex !important;
-      flex-basis: auto; }
-    .navbar-expand-md .navbar-toggler {
-      display: none; }
-    .navbar-expand-md .offcanvas-header {
-      display: none; }
-    .navbar-expand-md .offcanvas {
-      position: inherit;
-      bottom: 0;
-      z-index: 1000;
-      flex-grow: 1;
-      visibility: visible !important;
-      background-color: transparent;
-      border-right: 0;
-      border-left: 0;
-      transition: none;
-      transform: none; }
-    .navbar-expand-md .offcanvas-top,
-    .navbar-expand-md .offcanvas-bottom {
-      height: auto;
-      border-top: 0;
-      border-bottom: 0; }
-    .navbar-expand-md .offcanvas-body {
-      display: flex;
-      flex-grow: 0;
-      padding: 0;
-      overflow-y: visible; } }
-
-@media (min-width: 992px) {
-  .navbar-expand-lg {
-    flex-wrap: nowrap;
-    justify-content: flex-start; }
-    .navbar-expand-lg .navbar-nav {
-      flex-direction: row; }
-      .navbar-expand-lg .navbar-nav .dropdown-menu {
-        position: absolute; }
-      .navbar-expand-lg .navbar-nav .nav-link {
-        padding-right: 0.5rem;
-        padding-left: 0.5rem; }
-    .navbar-expand-lg .navbar-nav-scroll {
-      overflow: visible; }
-    .navbar-expand-lg .navbar-collapse {
-      display: flex !important;
-      flex-basis: auto; }
-    .navbar-expand-lg .navbar-toggler {
-      display: none; }
-    .navbar-expand-lg .offcanvas-header {
-      display: none; }
-    .navbar-expand-lg .offcanvas {
-      position: inherit;
-      bottom: 0;
-      z-index: 1000;
-      flex-grow: 1;
-      visibility: visible !important;
-      background-color: transparent;
-      border-right: 0;
-      border-left: 0;
-      transition: none;
-      transform: none; }
-    .navbar-expand-lg .offcanvas-top,
-    .navbar-expand-lg .offcanvas-bottom {
-      height: auto;
-      border-top: 0;
-      border-bottom: 0; }
-    .navbar-expand-lg .offcanvas-body {
-      display: flex;
-      flex-grow: 0;
-      padding: 0;
-      overflow-y: visible; } }
-
-@media (min-width: 1200px) {
-  .navbar-expand-xl {
-    flex-wrap: nowrap;
-    justify-content: flex-start; }
-    .navbar-expand-xl .navbar-nav {
-      flex-direction: row; }
-      .navbar-expand-xl .navbar-nav .dropdown-menu {
-        position: absolute; }
-      .navbar-expand-xl .navbar-nav .nav-link {
-        padding-right: 0.5rem;
-        padding-left: 0.5rem; }
-    .navbar-expand-xl .navbar-nav-scroll {
-      overflow: visible; }
-    .navbar-expand-xl .navbar-collapse {
-      display: flex !important;
-      flex-basis: auto; }
-    .navbar-expand-xl .navbar-toggler {
-      display: none; }
-    .navbar-expand-xl .offcanvas-header {
-      display: none; }
-    .navbar-expand-xl .offcanvas {
-      position: inherit;
-      bottom: 0;
-      z-index: 1000;
-      flex-grow: 1;
-      visibility: visible !important;
-      background-color: transparent;
-      border-right: 0;
-      border-left: 0;
-      transition: none;
-      transform: none; }
-    .navbar-expand-xl .offcanvas-top,
-    .navbar-expand-xl .offcanvas-bottom {
-      height: auto;
-      border-top: 0;
-      border-bottom: 0; }
-    .navbar-expand-xl .offcanvas-body {
-      display: flex;
-      flex-grow: 0;
-      padding: 0;
-      overflow-y: visible; } }
-
-@media (min-width: 1400px) {
-  .navbar-expand-xxl {
-    flex-wrap: nowrap;
-    justify-content: flex-start; }
-    .navbar-expand-xxl .navbar-nav {
-      flex-direction: row; }
-      .navbar-expand-xxl .navbar-nav .dropdown-menu {
-        position: absolute; }
-      .navbar-expand-xxl .navbar-nav .nav-link {
-        padding-right: 0.5rem;
-        padding-left: 0.5rem; }
-    .navbar-expand-xxl .navbar-nav-scroll {
-      overflow: visible; }
-    .navbar-expand-xxl .navbar-collapse {
-      display: flex !important;
-      flex-basis: auto; }
-    .navbar-expand-xxl .navbar-toggler {
-      display: none; }
-    .navbar-expand-xxl .offcanvas-header {
-      display: none; }
-    .navbar-expand-xxl .offcanvas {
-      position: inherit;
-      bottom: 0;
-      z-index: 1000;
-      flex-grow: 1;
-      visibility: visible !important;
-      background-color: transparent;
-      border-right: 0;
-      border-left: 0;
-      transition: none;
-      transform: none; }
-    .navbar-expand-xxl .offcanvas-top,
-    .navbar-expand-xxl .offcanvas-bottom {
-      height: auto;
-      border-top: 0;
-      border-bottom: 0; }
-    .navbar-expand-xxl .offcanvas-body {
-      display: flex;
-      flex-grow: 0;
-      padding: 0;
-      overflow-y: visible; } }
-
-.navbar-expand {
-  flex-wrap: nowrap;
-  justify-content: flex-start; }
-  .navbar-expand .navbar-nav {
-    flex-direction: row; }
-    .navbar-expand .navbar-nav .dropdown-menu {
-      position: absolute; }
-    .navbar-expand .navbar-nav .nav-link {
-      padding-right: 0.5rem;
-      padding-left: 0.5rem; }
-  .navbar-expand .navbar-nav-scroll {
-    overflow: visible; }
-  .navbar-expand .navbar-collapse {
+    justify-content: flex-start;
+  }
+  .navbar-expand-sm .navbar-nav {
+    flex-direction: row;
+  }
+  .navbar-expand-sm .navbar-nav .dropdown-menu {
+    position: absolute;
+  }
+  .navbar-expand-sm .navbar-nav .nav-link {
+    padding-right: 0.5rem;
+    padding-left: 0.5rem;
+  }
+  .navbar-expand-sm .navbar-nav-scroll {
+    overflow: visible;
+  }
+  .navbar-expand-sm .navbar-collapse {
     display: flex !important;
-    flex-basis: auto; }
-  .navbar-expand .navbar-toggler {
-    display: none; }
-  .navbar-expand .offcanvas-header {
-    display: none; }
-  .navbar-expand .offcanvas {
+    flex-basis: auto;
+  }
+  .navbar-expand-sm .navbar-toggler {
+    display: none;
+  }
+  .navbar-expand-sm .offcanvas-header {
+    display: none;
+  }
+  .navbar-expand-sm .offcanvas {
     position: inherit;
     bottom: 0;
     z-index: 1000;
@@ -1733,74 +1816,351 @@ textarea.form-control-lg {
     border-right: 0;
     border-left: 0;
     transition: none;
-    transform: none; }
-  .navbar-expand .offcanvas-top,
-  .navbar-expand .offcanvas-bottom {
+    transform: none;
+  }
+  .navbar-expand-sm .offcanvas-top,
+.navbar-expand-sm .offcanvas-bottom {
     height: auto;
     border-top: 0;
-    border-bottom: 0; }
-  .navbar-expand .offcanvas-body {
+    border-bottom: 0;
+  }
+  .navbar-expand-sm .offcanvas-body {
     display: flex;
     flex-grow: 0;
     padding: 0;
-    overflow-y: visible; }
+    overflow-y: visible;
+  }
+}
+@media (min-width: 768px) {
+  .navbar-expand-md {
+    flex-wrap: nowrap;
+    justify-content: flex-start;
+  }
+  .navbar-expand-md .navbar-nav {
+    flex-direction: row;
+  }
+  .navbar-expand-md .navbar-nav .dropdown-menu {
+    position: absolute;
+  }
+  .navbar-expand-md .navbar-nav .nav-link {
+    padding-right: 0.5rem;
+    padding-left: 0.5rem;
+  }
+  .navbar-expand-md .navbar-nav-scroll {
+    overflow: visible;
+  }
+  .navbar-expand-md .navbar-collapse {
+    display: flex !important;
+    flex-basis: auto;
+  }
+  .navbar-expand-md .navbar-toggler {
+    display: none;
+  }
+  .navbar-expand-md .offcanvas-header {
+    display: none;
+  }
+  .navbar-expand-md .offcanvas {
+    position: inherit;
+    bottom: 0;
+    z-index: 1000;
+    flex-grow: 1;
+    visibility: visible !important;
+    background-color: transparent;
+    border-right: 0;
+    border-left: 0;
+    transition: none;
+    transform: none;
+  }
+  .navbar-expand-md .offcanvas-top,
+.navbar-expand-md .offcanvas-bottom {
+    height: auto;
+    border-top: 0;
+    border-bottom: 0;
+  }
+  .navbar-expand-md .offcanvas-body {
+    display: flex;
+    flex-grow: 0;
+    padding: 0;
+    overflow-y: visible;
+  }
+}
+@media (min-width: 992px) {
+  .navbar-expand-lg {
+    flex-wrap: nowrap;
+    justify-content: flex-start;
+  }
+  .navbar-expand-lg .navbar-nav {
+    flex-direction: row;
+  }
+  .navbar-expand-lg .navbar-nav .dropdown-menu {
+    position: absolute;
+  }
+  .navbar-expand-lg .navbar-nav .nav-link {
+    padding-right: 0.5rem;
+    padding-left: 0.5rem;
+  }
+  .navbar-expand-lg .navbar-nav-scroll {
+    overflow: visible;
+  }
+  .navbar-expand-lg .navbar-collapse {
+    display: flex !important;
+    flex-basis: auto;
+  }
+  .navbar-expand-lg .navbar-toggler {
+    display: none;
+  }
+  .navbar-expand-lg .offcanvas-header {
+    display: none;
+  }
+  .navbar-expand-lg .offcanvas {
+    position: inherit;
+    bottom: 0;
+    z-index: 1000;
+    flex-grow: 1;
+    visibility: visible !important;
+    background-color: transparent;
+    border-right: 0;
+    border-left: 0;
+    transition: none;
+    transform: none;
+  }
+  .navbar-expand-lg .offcanvas-top,
+.navbar-expand-lg .offcanvas-bottom {
+    height: auto;
+    border-top: 0;
+    border-bottom: 0;
+  }
+  .navbar-expand-lg .offcanvas-body {
+    display: flex;
+    flex-grow: 0;
+    padding: 0;
+    overflow-y: visible;
+  }
+}
+@media (min-width: 1200px) {
+  .navbar-expand-xl {
+    flex-wrap: nowrap;
+    justify-content: flex-start;
+  }
+  .navbar-expand-xl .navbar-nav {
+    flex-direction: row;
+  }
+  .navbar-expand-xl .navbar-nav .dropdown-menu {
+    position: absolute;
+  }
+  .navbar-expand-xl .navbar-nav .nav-link {
+    padding-right: 0.5rem;
+    padding-left: 0.5rem;
+  }
+  .navbar-expand-xl .navbar-nav-scroll {
+    overflow: visible;
+  }
+  .navbar-expand-xl .navbar-collapse {
+    display: flex !important;
+    flex-basis: auto;
+  }
+  .navbar-expand-xl .navbar-toggler {
+    display: none;
+  }
+  .navbar-expand-xl .offcanvas-header {
+    display: none;
+  }
+  .navbar-expand-xl .offcanvas {
+    position: inherit;
+    bottom: 0;
+    z-index: 1000;
+    flex-grow: 1;
+    visibility: visible !important;
+    background-color: transparent;
+    border-right: 0;
+    border-left: 0;
+    transition: none;
+    transform: none;
+  }
+  .navbar-expand-xl .offcanvas-top,
+.navbar-expand-xl .offcanvas-bottom {
+    height: auto;
+    border-top: 0;
+    border-bottom: 0;
+  }
+  .navbar-expand-xl .offcanvas-body {
+    display: flex;
+    flex-grow: 0;
+    padding: 0;
+    overflow-y: visible;
+  }
+}
+@media (min-width: 1400px) {
+  .navbar-expand-xxl {
+    flex-wrap: nowrap;
+    justify-content: flex-start;
+  }
+  .navbar-expand-xxl .navbar-nav {
+    flex-direction: row;
+  }
+  .navbar-expand-xxl .navbar-nav .dropdown-menu {
+    position: absolute;
+  }
+  .navbar-expand-xxl .navbar-nav .nav-link {
+    padding-right: 0.5rem;
+    padding-left: 0.5rem;
+  }
+  .navbar-expand-xxl .navbar-nav-scroll {
+    overflow: visible;
+  }
+  .navbar-expand-xxl .navbar-collapse {
+    display: flex !important;
+    flex-basis: auto;
+  }
+  .navbar-expand-xxl .navbar-toggler {
+    display: none;
+  }
+  .navbar-expand-xxl .offcanvas-header {
+    display: none;
+  }
+  .navbar-expand-xxl .offcanvas {
+    position: inherit;
+    bottom: 0;
+    z-index: 1000;
+    flex-grow: 1;
+    visibility: visible !important;
+    background-color: transparent;
+    border-right: 0;
+    border-left: 0;
+    transition: none;
+    transform: none;
+  }
+  .navbar-expand-xxl .offcanvas-top,
+.navbar-expand-xxl .offcanvas-bottom {
+    height: auto;
+    border-top: 0;
+    border-bottom: 0;
+  }
+  .navbar-expand-xxl .offcanvas-body {
+    display: flex;
+    flex-grow: 0;
+    padding: 0;
+    overflow-y: visible;
+  }
+}
+.navbar-expand {
+  flex-wrap: nowrap;
+  justify-content: flex-start;
+}
+.navbar-expand .navbar-nav {
+  flex-direction: row;
+}
+.navbar-expand .navbar-nav .dropdown-menu {
+  position: absolute;
+}
+.navbar-expand .navbar-nav .nav-link {
+  padding-right: 0.5rem;
+  padding-left: 0.5rem;
+}
+.navbar-expand .navbar-nav-scroll {
+  overflow: visible;
+}
+.navbar-expand .navbar-collapse {
+  display: flex !important;
+  flex-basis: auto;
+}
+.navbar-expand .navbar-toggler {
+  display: none;
+}
+.navbar-expand .offcanvas-header {
+  display: none;
+}
+.navbar-expand .offcanvas {
+  position: inherit;
+  bottom: 0;
+  z-index: 1000;
+  flex-grow: 1;
+  visibility: visible !important;
+  background-color: transparent;
+  border-right: 0;
+  border-left: 0;
+  transition: none;
+  transform: none;
+}
+.navbar-expand .offcanvas-top,
+.navbar-expand .offcanvas-bottom {
+  height: auto;
+  border-top: 0;
+  border-bottom: 0;
+}
+.navbar-expand .offcanvas-body {
+  display: flex;
+  flex-grow: 0;
+  padding: 0;
+  overflow-y: visible;
+}
 
 .navbar-light .navbar-brand {
-  color: #3a3f44; }
-  .navbar-light .navbar-brand:hover, .navbar-light .navbar-brand:focus {
-    color: #3a3f44; }
-
+  color: #3a3f44;
+}
+.navbar-light .navbar-brand:hover, .navbar-light .navbar-brand:focus {
+  color: #3a3f44;
+}
 .navbar-light .navbar-nav .nav-link {
-  color: rgba(0, 0, 0, 0.55); }
-  .navbar-light .navbar-nav .nav-link:hover, .navbar-light .navbar-nav .nav-link:focus {
-    color: #3a3f44; }
-  .navbar-light .navbar-nav .nav-link.disabled {
-    color: rgba(0, 0, 0, 0.3); }
-
+  color: rgba(0, 0, 0, 0.55);
+}
+.navbar-light .navbar-nav .nav-link:hover, .navbar-light .navbar-nav .nav-link:focus {
+  color: #3a3f44;
+}
+.navbar-light .navbar-nav .nav-link.disabled {
+  color: rgba(0, 0, 0, 0.3);
+}
 .navbar-light .navbar-nav .show > .nav-link,
 .navbar-light .navbar-nav .nav-link.active {
-  color: #3a3f44; }
-
+  color: #3a3f44;
+}
 .navbar-light .navbar-toggler {
   color: rgba(0, 0, 0, 0.55);
-  border-color: rgba(0, 0, 0, 0.1); }
-
+  border-color: rgba(0, 0, 0, 0.1);
+}
 .navbar-light .navbar-toggler-icon {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%280, 0, 0, 0.55%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e"); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%280, 0, 0, 0.55%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e");
+}
 .navbar-light .navbar-text {
-  color: rgba(0, 0, 0, 0.55); }
-  .navbar-light .navbar-text a,
-  .navbar-light .navbar-text a:hover,
-  .navbar-light .navbar-text a:focus {
-    color: #3a3f44; }
+  color: rgba(0, 0, 0, 0.55);
+}
+.navbar-light .navbar-text a,
+.navbar-light .navbar-text a:hover,
+.navbar-light .navbar-text a:focus {
+  color: #3a3f44;
+}
 
 .navbar-dark .navbar-brand {
-  color: #fff; }
-  .navbar-dark .navbar-brand:hover, .navbar-dark .navbar-brand:focus {
-    color: #fff; }
-
+  color: #fff;
+}
+.navbar-dark .navbar-brand:hover, .navbar-dark .navbar-brand:focus {
+  color: #fff;
+}
 .navbar-dark .navbar-nav .nav-link {
-  color: rgba(255, 255, 255, 0.55); }
-  .navbar-dark .navbar-nav .nav-link:hover, .navbar-dark .navbar-nav .nav-link:focus {
-    color: #fff; }
-  .navbar-dark .navbar-nav .nav-link.disabled {
-    color: rgba(255, 255, 255, 0.25); }
-
+  color: rgba(255, 255, 255, 0.55);
+}
+.navbar-dark .navbar-nav .nav-link:hover, .navbar-dark .navbar-nav .nav-link:focus {
+  color: #fff;
+}
+.navbar-dark .navbar-nav .nav-link.disabled {
+  color: rgba(255, 255, 255, 0.25);
+}
 .navbar-dark .navbar-nav .show > .nav-link,
 .navbar-dark .navbar-nav .nav-link.active {
-  color: #fff; }
-
+  color: #fff;
+}
 .navbar-dark .navbar-toggler {
   color: rgba(255, 255, 255, 0.55);
-  border-color: rgba(255, 255, 255, 0.1); }
-
+  border-color: rgba(255, 255, 255, 0.1);
+}
 .navbar-dark .navbar-toggler-icon {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%28255, 255, 255, 0.55%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e"); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%28255, 255, 255, 0.55%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e");
+}
 .navbar-dark .navbar-text {
-  color: rgba(255, 255, 255, 0.55); }
-  .navbar-dark .navbar-text a,
-  .navbar-dark .navbar-text a:hover,
-  .navbar-dark .navbar-text a:focus {
-    color: #fff; }
+  color: rgba(255, 255, 255, 0.55);
+}
+.navbar-dark .navbar-text a,
+.navbar-dark .navbar-text a:hover,
+.navbar-dark .navbar-text a:focus {
+  color: #fff;
+}
diff --git a/webroot/css/themes/theme-vapor.css b/webroot/css/themes/theme-vapor.css
index ebab0cb..907bfbf 100644
--- a/webroot/css/themes/theme-vapor.css
+++ b/webroot/css/themes/theme-vapor.css
@@ -1,368 +1,436 @@
 /* Callout */
 .callout {
   border: 1px solid #e9ecef;
-  border-radius: .25rem;
+  border-radius: 0.25rem;
   background-color: #363636;
-  box-shadow: none; }
+  box-shadow: none;
+}
 
 .callout-primary {
   border-left-color: #6f42c1;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-secondary {
   border-left-color: #ea39b8;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-success {
   border-left-color: #3cf281;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-info {
   border-left-color: #1ba2f6;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-warning {
   border-left-color: #ffc107;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-danger {
   border-left-color: #e44c55;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-light {
   border-left-color: #44d9e8;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 .callout-dark {
   border-left-color: #170229;
-  border-left-width: .25rem;
-  border-left-style: solid; }
+  border-left-width: 0.25rem;
+  border-left-style: solid;
+}
 
 /* Toasts */
 .toast {
-  min-width: 250px; }
+  min-width: 250px;
+}
 
 .toast-primary {
   color: #21143a;
   background-color: #d4c6ec;
-  border-color: #c5b3e6; }
-  .toast-primary strong {
-    border-top-color: #b6a0e0; }
+  border-color: #c5b3e6;
+}
+.toast-primary strong {
+  border-top-color: #b6a0e0;
+}
 
 .toast-secondary {
   color: #461137;
   background-color: #f9c4ea;
-  border-color: #f7b0e3; }
-  .toast-secondary strong {
-    border-top-color: #f599db; }
+  border-color: #f7b0e3;
+}
+.toast-secondary strong {
+  border-top-color: #f599db;
+}
 
 .toast-success {
   color: #124927;
   background-color: #c5fbd9;
-  border-color: #b1facd; }
-  .toast-success strong {
-    border-top-color: #99f8be; }
+  border-color: #b1facd;
+}
+.toast-success strong {
+  border-top-color: #99f8be;
+}
 
 .toast-info {
   color: #08314a;
   background-color: #bbe3fc;
-  border-color: #a4dafb; }
-  .toast-info strong {
-    border-top-color: #8cd0fa; }
+  border-color: #a4dafb;
+}
+.toast-info strong {
+  border-top-color: #8cd0fa;
+}
 
 .toast-warning {
   color: #4d3a02;
   background-color: #ffecb5;
-  border-color: #ffe69c; }
-  .toast-warning strong {
-    border-top-color: #ffe083; }
+  border-color: #ffe69c;
+}
+.toast-warning strong {
+  border-top-color: #ffe083;
+}
 
 .toast-danger {
   color: #44171a;
   background-color: #f7c9cc;
-  border-color: #f4b7bb; }
-  .toast-danger strong {
-    border-top-color: #f1a1a6; }
+  border-color: #f4b7bb;
+}
+.toast-danger strong {
+  border-top-color: #f1a1a6;
+}
 
 .toast-light {
   color: #144146;
   background-color: #c7f4f8;
-  border-color: #b4f0f6; }
-  .toast-light strong {
-    border-top-color: #9debf3; }
+  border-color: #b4f0f6;
+}
+.toast-light strong {
+  border-top-color: #9debf3;
+}
 
 .toast-dark {
   color: #07010c;
   background-color: #b9b3bf;
-  border-color: #a29aa9; }
-  .toast-dark strong {
-    border-top-color: #958c9d; }
+  border-color: #a29aa9;
+}
+.toast-dark strong {
+  border-top-color: #958c9d;
+}
 
 /* Dropdown-item */
 .dropdown-item.dropdown-item-primary {
   color: #fff;
   text-decoration: none;
-  background-color: #6f42c1; }
-
+  background-color: #6f42c1;
+}
 .dropdown-item.dropdown-item-outline-primary:hover {
   color: #fff;
-  background-color: #6f42c1; }
-
+  background-color: #6f42c1;
+}
 .dropdown-item.dropdown-item-secondary {
   color: #fff;
   text-decoration: none;
-  background-color: #ea39b8; }
-
+  background-color: #ea39b8;
+}
 .dropdown-item.dropdown-item-outline-secondary:hover {
   color: #fff;
-  background-color: #ea39b8; }
-
+  background-color: #ea39b8;
+}
 .dropdown-item.dropdown-item-success {
   color: #fff;
   text-decoration: none;
-  background-color: #3cf281; }
-
+  background-color: #3cf281;
+}
 .dropdown-item.dropdown-item-outline-success:hover {
   color: #fff;
-  background-color: #3cf281; }
-
+  background-color: #3cf281;
+}
 .dropdown-item.dropdown-item-info {
   color: #fff;
   text-decoration: none;
-  background-color: #1ba2f6; }
-
+  background-color: #1ba2f6;
+}
 .dropdown-item.dropdown-item-outline-info:hover {
   color: #fff;
-  background-color: #1ba2f6; }
-
+  background-color: #1ba2f6;
+}
 .dropdown-item.dropdown-item-warning {
   color: #fff;
   text-decoration: none;
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .dropdown-item.dropdown-item-outline-warning:hover {
   color: #fff;
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .dropdown-item.dropdown-item-danger {
   color: #fff;
   text-decoration: none;
-  background-color: #e44c55; }
-
+  background-color: #e44c55;
+}
 .dropdown-item.dropdown-item-outline-danger:hover {
   color: #fff;
-  background-color: #e44c55; }
-
+  background-color: #e44c55;
+}
 .dropdown-item.dropdown-item-light {
   color: #fff;
   text-decoration: none;
-  background-color: #44d9e8; }
-
+  background-color: #44d9e8;
+}
 .dropdown-item.dropdown-item-outline-light:hover {
   color: #fff;
-  background-color: #44d9e8; }
-
+  background-color: #44d9e8;
+}
 .dropdown-item.dropdown-item-dark {
   color: #fff;
   text-decoration: none;
-  background-color: #170229; }
-
+  background-color: #170229;
+}
 .dropdown-item.dropdown-item-outline-dark:hover {
   color: #fff;
-  background-color: #170229; }
+  background-color: #170229;
+}
 
 /* Progress Timeline */
 .progress-timeline {
-  padding: 0.2em 0.2em 0.5em 0.2em; }
-  .progress-timeline ul {
-    position: relative;
-    padding: 0; }
-  .progress-timeline li {
-    list-style-type: none;
-    position: relative; }
-  .progress-timeline li.progress-inactive {
-    opacity: 0.5; }
-  .progress-timeline .progress-line {
-    height: 2px; }
-  .progress-timeline .progress-line.progress-inactive {
-    opacity: 0.5; }
+  padding: 0.2em 0.2em 0.5em 0.2em;
+}
+.progress-timeline ul {
+  position: relative;
+  padding: 0;
+}
+.progress-timeline li {
+  list-style-type: none;
+  position: relative;
+}
+.progress-timeline li.progress-inactive {
+  opacity: 0.5;
+}
+.progress-timeline .progress-line {
+  height: 2px;
+}
+.progress-timeline .progress-line.progress-inactive {
+  opacity: 0.5;
+}
 
 /* Forms severity */
 .form-control.is-invalid.info {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%231ba2f6' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%231ba2f6' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.info:focus {
-    border-color: #1ba2f6;
-    box-shadow: 0 0 0 0.25rem rgba(27, 162, 246, 0.25); }
-
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%231ba2f6' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%231ba2f6' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.info:focus {
+  border-color: #1ba2f6;
+  box-shadow: 0 0 0 0.25rem rgba(27, 162, 246, 0.25);
+}
 .form-control.is-invalid.warning {
-  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ffc107' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e"); }
-  .form-control.is-invalid.warning:focus {
-    border-color: #ffc107;
-    box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25); }
+  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23ffc107' viewBox='0 0 12 12'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e");
+}
+.form-control.is-invalid.warning:focus {
+  border-color: #ffc107;
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25);
+}
 
 .form-select.is-invalid:not([multiple]):not([size]).info,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%231ba2f6'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%231ba2f6' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).info:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.info:focus {
-    box-shadow: 0 0 0 0.25rem rgba(27, 162, 246, 0.25); }
-
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).info:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.info:focus {
+  box-shadow: 0 0 0 0.25rem rgba(27, 162, 246, 0.25);
+}
 .form-select.is-invalid:not([multiple]):not([size]).warning,
-.form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning {
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning {
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23ffc107'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23ffc107' stroke='none'/%3e%3c/svg%3e");
-  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem); }
-  .form-select.is-invalid:not([multiple]):not([size]).warning:focus,
-  .form-select.is-invalid:not([multiple])[size="1"]
-.form-select.is-invalid.warning:focus {
-    box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25); }
+  background-size: calc(0.75em + 0.375rem) calc(0.75em + 0.375rem);
+}
+.form-select.is-invalid:not([multiple]):not([size]).warning:focus,
+.form-select.is-invalid:not([multiple])[size="1"] .form-select.is-invalid.warning:focus {
+  box-shadow: 0 0 0 0.25rem rgba(255, 193, 7, 0.25);
+}
 
 .form-check-input.is-invalid.info {
-  border-color: #1ba2f6; }
-
+  border-color: #1ba2f6;
+}
 .form-check-input.is-invalid.info:checked {
-  background-color: #1ba2f6; }
-
+  background-color: #1ba2f6;
+}
 .form-check-input.is-invalid.info ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.info:focus {
-  box-shadow: 0 0 0 0.2rem rgba(27, 162, 246, 0.25); }
-
+  box-shadow: 0 0 0 0.2rem rgba(27, 162, 246, 0.25);
+}
 .form-check-input.is-invalid.warning {
-  border-color: #ffc107; }
-
+  border-color: #ffc107;
+}
 .form-check-input.is-invalid.warning:checked {
-  background-color: #ffc107; }
-
+  background-color: #ffc107;
+}
 .form-check-input.is-invalid.warning ~ .form-check-label {
-  color: unset; }
-
+  color: unset;
+}
 .form-check-input.is-invalid.warning:focus {
-  box-shadow: 0 0 0 0.2rem rgba(255, 193, 7, 0.25); }
+  box-shadow: 0 0 0 0.2rem rgba(255, 193, 7, 0.25);
+}
 
 /* Utilities */
 .mw-75 {
-  max-width: 75% !important; }
+  max-width: 75% !important;
+}
 
 .mw-50 {
-  max-width: 50% !important; }
+  max-width: 50% !important;
+}
 
 .mw-25 {
-  max-width: 25% !important; }
+  max-width: 25% !important;
+}
 
 .mh-75 {
-  max-height: 75% !important; }
+  max-height: 75% !important;
+}
 
 .mh-50 {
-  max-height: 50% !important; }
+  max-height: 50% !important;
+}
 
 .mh-25 {
-  max-height: 25% !important; }
+  max-height: 25% !important;
+}
 
 .p-abs-center-y {
   top: 50%;
-  transform: translateY(-50%); }
+  transform: translateY(-50%);
+}
 
 .p-abs-center-x {
   left: 50%;
-  transform: translateX(-50%); }
+  transform: translateX(-50%);
+}
 
 .p-abs-center-both {
   top: 50%;
   left: 50%;
-  transform: translateX(-50%) translateY(-50%); }
+  transform: translateX(-50%) translateY(-50%);
+}
 
 /* Body */
 .panel {
   background-color: #363636;
   border: 1px solid #454545;
-  box-shadow: none; }
+  box-shadow: none;
+}
 
 .loading-overlay {
   background-color: #170229;
-  opacity: 0.65; }
+  opacity: 0.65;
+}
 
 /* Top navbar */
 .top-navbar {
-  background-color: #6f42c1; }
+  background-color: #6f42c1;
+}
 
 .center-navbar nav.header-breadcrumb {
-  color: #fff; }
+  color: #fff;
+}
 
 header.top-navbar .header-menu > a:hover,
 header.top-navbar .header-breadcrumb .header-breadcrumb-item > a:hover {
-  color: #d6d6d6 !important; }
+  color: #d6d6d6 !important;
+}
 
 .top-navbar .center-navbar nav.header-breadcrumb li.header-breadcrumb-item a {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .right-navbar .header-menu a.nav-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .top-navbar .left-navbar .navbar-brand img {
-  filter: invert(1); }
+  filter: invert(1);
+}
 
 .top-navbar .left-navbar .navbar-brand:hover img {
-  filter: invert(1) drop-shadow(0px 0px 3px #fff); }
+  filter: invert(1) drop-shadow(0px 0px 3px #fff);
+}
 
 .top-navbar .composed-app-icon-container > .app-icon {
-  background-color: #fff; }
+  background-color: #fff;
+}
 
 .breadcrumb-link-container {
   box-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.16), 0 2px 6px 0 rgba(0, 0, 0, 0.12);
-  background-color: #44d9e8; }
+  background-color: #44d9e8;
+}
 
 /* Sidebar */
 .sidebar {
-  transition: width .08s linear;
+  transition: width 0.08s linear;
   box-shadow: none;
-  background-color: #170229; }
+  background-color: #170229;
+}
 
 .sidebar ~ main.content:after {
-  background: #000; }
+  background: #000;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid none; }
+  border-right: 1px solid none;
+}
 
 .sidebar .sidebar-wrapper {
-  border-right: 1px solid rgba(0, 0, 0, 0.125); }
+  border-right: 1px solid rgba(0, 0, 0, 0.125);
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link {
-  color: #fff; }
+  color: #fff;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.active {
   background-color: #343a40;
-  color: #3cf281; }
+  color: #3cf281;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link.have-active-child {
   background-color: #343a40;
-  color: #3cf281; }
+  color: #3cf281;
+}
 
 .sidebar ul.sidebar-elements li > a.sidebar-link:hover {
   background-color: #495057;
-  color: #3cf281; }
+  color: #3cf281;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child {
-  background-color: unset; }
+  background-color: unset;
+}
 
 .sidebar.expanded ul.sidebar-elements li > a.sidebar-link.have-active-child:hover,
 .sidebar:hover ul.sidebar-elements li > a.sidebar-link.have-active-child:hover {
-  background-color: #495057; }
+  background-color: #495057;
+}
 
 ul.sidebar-elements li > a.sidebar-link.active::after {
-  background-color: #6f42c1; }
+  background-color: #6f42c1;
+}
 
 .lock-sidebar > a.btn {
-  background-color: unset; }
+  background-color: unset;
+}

From f9b1c150c41bab1531e52a4a126aecc05a3594db Mon Sep 17 00:00:00 2001
From: Andras Iklody <andras.iklody@gmail.com>
Date: Fri, 17 Dec 2021 10:56:21 +0100
Subject: [PATCH 080/150] Don't ignore platform reqs in dockerfile

---
 docker/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 7e2035e..6e0cb03 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -24,7 +24,6 @@ RUN curl -sL https://getcomposer.org/installer | \
 USER www-data
 
 RUN composer install \
-	--ignore-platform-reqs \
 	--no-interaction \
 	--no-plugins \
 	--no-scripts \

From 16201369de0aa6292b914c97d4b209c41018f04f Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 17 Dec 2021 12:39:18 +0100
Subject: [PATCH 081/150] chg: wait for db before running migrations

---
 docker/docker-compose.yml |   2 +
 docker/wait-for-it.sh     | 182 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 184 insertions(+)
 create mode 100755 docker/wait-for-it.sh

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index c99ee69..6aa0b73 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -17,6 +17,8 @@ services:
       - "8080:80"
     volumes:
       - ./run/logs:/var/www/html/logs
+      - ./wait-for-it.sh:/usr/local/bin/wait-for-it.sh:ro
+    entrypoint: wait-for-it.sh -t 0 -h database -p 3306 -- /entrypoint.sh
     environment:
       DEBUG: "true"
       CEREBRATE_DB_USERNAME: "cerebrate"
diff --git a/docker/wait-for-it.sh b/docker/wait-for-it.sh
new file mode 100755
index 0000000..d990e0d
--- /dev/null
+++ b/docker/wait-for-it.sh
@@ -0,0 +1,182 @@
+#!/usr/bin/env bash
+# Use this script to test if a given TCP host/port are available
+
+WAITFORIT_cmdname=${0##*/}
+
+echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
+
+usage()
+{
+    cat << USAGE >&2
+Usage:
+    $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args]
+    -h HOST | --host=HOST       Host or IP under test
+    -p PORT | --port=PORT       TCP port under test
+                                Alternatively, you specify the host and port as host:port
+    -s | --strict               Only execute subcommand if the test succeeds
+    -q | --quiet                Don't output any status messages
+    -t TIMEOUT | --timeout=TIMEOUT
+                                Timeout in seconds, zero for no timeout
+    -- COMMAND ARGS             Execute command with args after the test finishes
+USAGE
+    exit 1
+}
+
+wait_for()
+{
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    else
+        echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout"
+    fi
+    WAITFORIT_start_ts=$(date +%s)
+    while :
+    do
+        if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then
+            nc -z $WAITFORIT_HOST $WAITFORIT_PORT
+            WAITFORIT_result=$?
+        else
+            (echo -n > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1
+            WAITFORIT_result=$?
+        fi
+        if [[ $WAITFORIT_result -eq 0 ]]; then
+            WAITFORIT_end_ts=$(date +%s)
+            echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds"
+            break
+        fi
+        sleep 1
+    done
+    return $WAITFORIT_result
+}
+
+wait_for_wrapper()
+{
+    # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
+    if [[ $WAITFORIT_QUIET -eq 1 ]]; then
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    else
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    fi
+    WAITFORIT_PID=$!
+    trap "kill -INT -$WAITFORIT_PID" INT
+    wait $WAITFORIT_PID
+    WAITFORIT_RESULT=$?
+    if [[ $WAITFORIT_RESULT -ne 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    fi
+    return $WAITFORIT_RESULT
+}
+
+# process arguments
+while [[ $# -gt 0 ]]
+do
+    case "$1" in
+        *:* )
+        WAITFORIT_hostport=(${1//:/ })
+        WAITFORIT_HOST=${WAITFORIT_hostport[0]}
+        WAITFORIT_PORT=${WAITFORIT_hostport[1]}
+        shift 1
+        ;;
+        --child)
+        WAITFORIT_CHILD=1
+        shift 1
+        ;;
+        -q | --quiet)
+        WAITFORIT_QUIET=1
+        shift 1
+        ;;
+        -s | --strict)
+        WAITFORIT_STRICT=1
+        shift 1
+        ;;
+        -h)
+        WAITFORIT_HOST="$2"
+        if [[ $WAITFORIT_HOST == "" ]]; then break; fi
+        shift 2
+        ;;
+        --host=*)
+        WAITFORIT_HOST="${1#*=}"
+        shift 1
+        ;;
+        -p)
+        WAITFORIT_PORT="$2"
+        if [[ $WAITFORIT_PORT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --port=*)
+        WAITFORIT_PORT="${1#*=}"
+        shift 1
+        ;;
+        -t)
+        WAITFORIT_TIMEOUT="$2"
+        if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --timeout=*)
+        WAITFORIT_TIMEOUT="${1#*=}"
+        shift 1
+        ;;
+        --)
+        shift
+        WAITFORIT_CLI=("$@")
+        break
+        ;;
+        --help)
+        usage
+        ;;
+        *)
+        echoerr "Unknown argument: $1"
+        usage
+        ;;
+    esac
+done
+
+if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then
+    echoerr "Error: you need to provide a host and port to test."
+    usage
+fi
+
+WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15}
+WAITFORIT_STRICT=${WAITFORIT_STRICT:-0}
+WAITFORIT_CHILD=${WAITFORIT_CHILD:-0}
+WAITFORIT_QUIET=${WAITFORIT_QUIET:-0}
+
+# Check to see if timeout is from busybox?
+WAITFORIT_TIMEOUT_PATH=$(type -p timeout)
+WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH)
+
+WAITFORIT_BUSYTIMEFLAG=""
+if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then
+    WAITFORIT_ISBUSY=1
+    # Check if busybox timeout uses -t flag
+    # (recent Alpine versions don't support -t anymore)
+    if timeout &>/dev/stdout | grep -q -e '-t '; then
+        WAITFORIT_BUSYTIMEFLAG="-t"
+    fi
+else
+    WAITFORIT_ISBUSY=0
+fi
+
+if [[ $WAITFORIT_CHILD -gt 0 ]]; then
+    wait_for
+    WAITFORIT_RESULT=$?
+    exit $WAITFORIT_RESULT
+else
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        wait_for_wrapper
+        WAITFORIT_RESULT=$?
+    else
+        wait_for
+        WAITFORIT_RESULT=$?
+    fi
+fi
+
+if [[ $WAITFORIT_CLI != "" ]]; then
+    if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then
+        echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess"
+        exit $WAITFORIT_RESULT
+    fi
+    exec "${WAITFORIT_CLI[@]}"
+else
+    exit $WAITFORIT_RESULT
+fi

From 9a0c025ca9ead013d95ce99497f5f63024dee0a5 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 17 Dec 2021 13:20:02 +0100
Subject: [PATCH 082/150] chg: clear cakephp cache

---
 docker/entrypoint.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 35ef6dd..eb04309 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -9,6 +9,14 @@ run_all_migrations() {
 	./bin/cake migrations migrate -p ADmad/SocialAuth
 }
 
+delete_model_cache() {
+	echo >&2 "Deleting cackephp cache..."
+	rm -rf ./tmp/cache/models/*
+	rm -rf ./tmp/cache/persistent/*
+}
+
+delete_model_cache
+
 # waiting for DB to come up
 for try in 1 2 3 4 5 6; do
 	echo >&2 "migration - attempt $try"

From 30700fc4e73c3f249c31c58e25e4aac3d970d941 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 17 Dec 2021 14:07:07 +0100
Subject: [PATCH 083/150] fix: typo

---
 docker/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index eb04309..e4c1bfd 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -10,7 +10,7 @@ run_all_migrations() {
 }
 
 delete_model_cache() {
-	echo >&2 "Deleting cackephp cache..."
+	echo >&2 "Deleting cakephp cache..."
 	rm -rf ./tmp/cache/models/*
 	rm -rf ./tmp/cache/persistent/*
 }

From ffac2ef78bedaa29c23d3eeeb6f99c4753257d45 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 17 Dec 2021 17:14:40 +0100
Subject: [PATCH 084/150] fix: add missing copyright notice

---
 docker/wait-for-it.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docker/wait-for-it.sh b/docker/wait-for-it.sh
index d990e0d..65b7f1f 100755
--- a/docker/wait-for-it.sh
+++ b/docker/wait-for-it.sh
@@ -1,6 +1,10 @@
 #!/usr/bin/env bash
 # Use this script to test if a given TCP host/port are available
 
+# The MIT License (MIT)
+# Copyright (c) 2016 Giles Hall
+# Source: https://github.com/vishnubob/wait-for-it
+
 WAITFORIT_cmdname=${0##*/}
 
 echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }

From 7f9418639ebe24dc4751cba40df1e06a2f9f64fe Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 20 Dec 2021 15:26:36 +0100
Subject: [PATCH 085/150] fix: [main] Prevent setting listeners if dependencies
 are not loaded

---
 webroot/js/main.js | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/webroot/js/main.js b/webroot/js/main.js
index caf5d24..c4383ff 100644
--- a/webroot/js/main.js
+++ b/webroot/js/main.js
@@ -279,10 +279,12 @@ $(document).ready(() => {
     overloadBSDropdown();
     addSupportOfNestedDropdown();
 
-    const debouncedGlobalSearch = debounce(performGlobalSearch, 400)
-    $('#globalSearch')
-        .keydown(debouncedGlobalSearch)
-        .keydown(focusSearchResults);
+    if (window.debounce) {
+        const debouncedGlobalSearch = debounce(performGlobalSearch, 400)
+        $('#globalSearch')
+            .keydown(debouncedGlobalSearch)
+            .keydown(focusSearchResults);
+    }
 
     $('.lock-sidebar a.btn-lock-sidebar').click(() => {
         const $sidebar = $('.sidebar')

From 30ec856dc3e871fd75276a54e6f67a6a4cab4cf6 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 21 Dec 2021 12:34:37 +0100
Subject: [PATCH 086/150] fix: [local_tool:batchApiAction] Various UI and
 backend fixes

---
 src/Controller/LocalToolsController.php                 | 6 +++++-
 src/Lib/default/local_tool_connectors/MispConnector.php | 2 +-
 templates/LocalTools/connector_index.php                | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/Controller/LocalToolsController.php b/src/Controller/LocalToolsController.php
index 55340f4..a0d31b9 100644
--- a/src/Controller/LocalToolsController.php
+++ b/src/Controller/LocalToolsController.php
@@ -68,7 +68,11 @@ class LocalToolsController extends AppController
             foreach ($connections as $connection) {
                 $actionDetails = $this->LocalTools->getActionDetails($actionName);
                 $params['connection'] = $connection;
-                $tmpResult = $this->LocalTools->action($this->ACL->getUser()['id'], $connection->connector, $actionName, $params, $this->request);
+                try {
+                    $tmpResult = $this->LocalTools->action($this->ACL->getUser()['id'], $connection->connector, $actionName, $params, $this->request);
+                } catch (\Exception $e) {
+                    $tmpResult = ['success' => false, 'message' => $e->getMessage(), 'data' => []];
+                }
                 $tmpResult['connection'] = $connection;
                 $results[$connection->id] = $tmpResult;
                 $successes += $tmpResult['success'] ? 1 : 0;
diff --git a/src/Lib/default/local_tool_connectors/MispConnector.php b/src/Lib/default/local_tool_connectors/MispConnector.php
index e84f082..59fd2c7 100644
--- a/src/Lib/default/local_tool_connectors/MispConnector.php
+++ b/src/Lib/default/local_tool_connectors/MispConnector.php
@@ -819,7 +819,7 @@ class MispConnector extends CommonConnectorTools
                         [
                             'field' => 'connection_ids',
                             'type' => 'hidden',
-                            'value' => $params['connection_ids']
+                            'value' => json_encode($params['connection_ids'])
                         ],
                         [
                             'field' => 'method',
diff --git a/templates/LocalTools/connector_index.php b/templates/LocalTools/connector_index.php
index e14be3b..e6ef205 100644
--- a/templates/LocalTools/connector_index.php
+++ b/templates/LocalTools/connector_index.php
@@ -155,7 +155,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
             tableData
         )
         const $footer = $(modalObject.ajaxApi.statusNode).parent()
-        modalObject.ajaxApi.statusNode.remove()
+        modalObject.ajaxApi.options.statusNode.remove()
         const $cancelButton = $footer.find('button[data-dismiss="modal"]')
         $cancelButton.text('<?= __('OK') ?>').removeClass('btn-secondary').addClass('btn-primary')
     }

From 58e32782ca8da5b1a1d04797c244d07a418a3d30 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 22 Dec 2021 12:13:27 +0100
Subject: [PATCH 087/150] chg: misp connector index changes

---
 .../local_tool_connectors/MispConnector.php   | 120 +++++++++---------
 1 file changed, 60 insertions(+), 60 deletions(-)

diff --git a/src/Lib/default/local_tool_connectors/MispConnector.php b/src/Lib/default/local_tool_connectors/MispConnector.php
index e84f082..57f9944 100644
--- a/src/Lib/default/local_tool_connectors/MispConnector.php
+++ b/src/Lib/default/local_tool_connectors/MispConnector.php
@@ -293,70 +293,70 @@ class MispConnector extends CommonConnectorTools
         $response = $this->getData('/servers/serverSettings', $params);
         $data = $response->getJson();
         if (!empty($data['finalSettings'])) {
-            $finalSettings = [
-                'type' => 'index',
-                'data' => [
-                    'data' => $data['finalSettings'],
-                    'skip_pagination' => 1,
-                    'top_bar' => [
-                        'children' => [
-                            [
-                                'type' => 'search',
-                                'button' => __('Filter'),
-                                'placeholder' => __('Enter value to search'),
-                                'data' => '',
-                                'searchKey' => 'value',
-                                'additionalUrlParams' => $urlParams
-                            ]
-                        ]
-                    ],
-                    'fields' => [
+        $finalSettings = [
+            'type' => 'index',
+            'data' => [
+                'data' => $data['finalSettings'],
+                'skip_pagination' => 1,
+                'top_bar' => [
+                    'children' => [
                         [
-                            'name' => 'Setting',
-                            'sort' => 'setting',
-                            'data_path' => 'setting',
-                        ],
-                        [
-                            'name' => 'Criticality',
-                            'sort' => 'level',
-                            'data_path' => 'level',
-                            'arrayData' => [
-                                0 => 'Critical',
-                                1 => 'Recommended',
-                                2 => 'Optional'
-                            ],
-                            'element' => 'array_lookup_field'
-                        ],
-                        [
-                            'name' => __('Value'),
-                            'sort' => 'value',
-                            'data_path' => 'value',
-                            'options' => 'options'
-                        ],
-                        [
-                            'name' => __('Type'),
-                            'sort' => 'type',
-                            'data_path' => 'type',
-                        ],
-                        [
-                            'name' => __('Error message'),
-                            'sort' => 'errorMessage',
-                            'data_path' => 'errorMessage',
-                        ]
-                    ],
-                    'title' => false,
-                    'description' => false,
-                    'pull' => 'right',
-                    'actions' => [
-                        [
-                            'open_modal' => '/localTools/action/' . h($params['connection']['id']) . '/modifySettingAction?setting={{0}}',
-                            'modal_params_data_path' => ['setting'],
-                            'icon' => 'download',
-                            'reload_url' => '/localTools/action/' . h($params['connection']['id']) . '/ServerSettingsAction'
+                            'type' => 'search',
+                            'button' => __('Filter'),
+                            'placeholder' => __('Enter value to search'),
+                            'data' => '',
+                            'searchKey' => 'value',
+                            'additionalUrlParams' => $urlParams
                         ]
                     ]
+                ],
+                'fields' => [
+                    [
+                        'name' => 'Setting',
+                        'sort' => 'setting',
+                        'data_path' => 'setting',
+                    ],
+                    [
+                        'name' => 'Criticality',
+                        'sort' => 'level',
+                        'data_path' => 'level',
+                        'arrayData' => [
+                            0 => 'Critical',
+                            1 => 'Recommended',
+                            2 => 'Optional'
+                        ],
+                        'element' => 'array_lookup_field'
+                    ],
+                    [
+                        'name' => __('Value'),
+                        'sort' => 'value',
+                        'data_path' => 'value',
+                        'options' => 'options'
+                    ],
+                    [
+                        'name' => __('Type'),
+                        'sort' => 'type',
+                        'data_path' => 'type',
+                    ],
+                    [
+                        'name' => __('Error message'),
+                        'sort' => 'errorMessage',
+                        'data_path' => 'errorMessage',
+                    ]
+                ],
+                'title' => false,
+                'description' => false,
+                'pull' => 'right',
+                'actions' => [
+                    [
+                        'open_modal' => '/localTools/action/' . h($params['connection']['id']) . '/modifySettingAction?setting={{0}}',
+                        'modal_params_data_path' => ['setting'],
+                        'icon' => 'download',
+                        'reload_url' => '/localTools/action/' . h($params['connection']['id']) . '/ServerSettingsAction'
+                    ]
                 ]
-            ];
+            ]
+        ];
             if (!empty($params['quickFilter'])) {
                 $needle = strtolower($params['quickFilter']);
                 foreach ($finalSettings['data']['data'] as $k => $v) {

From 136148705a8b53c6de7b3ac0bb67c7b757fe2e65 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 22 Dec 2021 12:26:37 +0100
Subject: [PATCH 088/150] chg: [keycloak] added screw to loosen timing issues

---
 src/Application.php                                        | 1 +
 .../Table/SettingProviders/CerebrateSettingsProvider.php   | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/src/Application.php b/src/Application.php
index a63a6ce..0bf89c9 100644
--- a/src/Application.php
+++ b/src/Application.php
@@ -118,6 +118,7 @@ class Application extends BaseApplication implements AuthenticationServiceProvid
                     'collectionFactory' => null,
                     'logErrors' => true,
                 ]));
+                \SocialConnect\JWX\JWT::$screw = Configure::check('keycloak.screw') ? Configure::read('keycloak.screw') : 0;
             }
             $middlewareQueue->add(new AuthenticationMiddleware($this))
             ->add(new BodyParserMiddleware());
diff --git a/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php b/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
index 25365de..fa80078 100644
--- a/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
+++ b/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
@@ -211,6 +211,13 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
                             },
                             'dependsOn' => 'keycloak.enabled'
                         ],
+                        'keycloak.screw' => [
+                            'name' => 'Screw',
+                            'type' => 'string',
+                            'severity' => 'info',
+                            'default' => 0,
+                            'description' => __('The misalignment allowed when validating JWT tokens between cerebrate and keycloak. Whilst crisp timings are essential for any timing push, perfect timing is only achievable by GSL participants. (given in seconds)')
+                        ],
                         'keycloak.mapping.org_uuid' => [
                             'name' => 'org_uuid mapping',
                             'type' => 'string',

From a473a9d3fb2e6a8ed7ffbdb7f37ab5c91b0d3188 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 5 Jan 2022 17:44:02 +0100
Subject: [PATCH 089/150] new: initial api and integration tests.

---
 .gitignore                                    |   2 +
 config/Migrations/schema-dump-default.lock    | Bin 42139 -> 56757 bytes
 phpunit.xml.dist                              |  18 +--
 src/Model/Table/AuditLogsTable.php            |   4 +-
 tests/Fixture/AuthKeysFixture.php             |  36 +++++
 tests/Fixture/IndividualsFixture.php          |  25 ++++
 tests/Fixture/RolesFixture.php                |  24 ++++
 tests/Fixture/UsersFixture.php                |  38 ++++++
 tests/README.md                               |  48 +++++++
 tests/TestCase/Api/UsersApiTest.php           |  40 ++++++
 tests/TestCase/ApplicationTest.php            |   6 +-
 .../Controller/PagesControllerTest.php        | 126 ------------------
 .../Controller/UsersControllerTest.php        |  32 +++++
 tests/bootstrap.php                           |  17 +++
 14 files changed, 278 insertions(+), 138 deletions(-)
 create mode 100644 tests/Fixture/AuthKeysFixture.php
 create mode 100644 tests/Fixture/IndividualsFixture.php
 create mode 100644 tests/Fixture/RolesFixture.php
 create mode 100644 tests/Fixture/UsersFixture.php
 create mode 100644 tests/README.md
 create mode 100644 tests/TestCase/Api/UsersApiTest.php
 delete mode 100644 tests/TestCase/Controller/PagesControllerTest.php
 create mode 100644 tests/TestCase/Controller/UsersControllerTest.php

diff --git a/.gitignore b/.gitignore
index f84928d..869728c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,5 @@ vendor
 webroot/theme/node_modules
 .vscode
 docker/run/
+.phpunit.result.cache
+config.json
\ No newline at end of file
diff --git a/config/Migrations/schema-dump-default.lock b/config/Migrations/schema-dump-default.lock
index 291060ccbeef6d3415e60d985954fd26141e1c02..8c9385cea7539531476901ab307ae28e67e054d4 100644
GIT binary patch
literal 56757
zcmeHQOLOBm4&I-V%5hKK>GaEe+S$3xVRsKZ$Ek8DwvwpYmb{YOkLsHLz8@%w0zuFZ
z%8sQT-x5<I2@nK6JV+(8yH~Rx)$H}F*=@4Qp7M2?*VXN(|IFUp&2Imhd`|!PHK~(_
zq)Pwz@8UUKCx85&Jgm~@@7vjXdimq*_HTdx+Z>Or(%VmdXZYoH^T?uDZPz*aPiF7v
zO^lH(>A#Qk-~H^i{=P9?yhlS`r%!1~9lo30uG0Lee!l(mZ~XgVcDv0hOg6>453|?!
z39shc)r$Uog@5t-GJQ<8tGamu|1XL)(MH{YRx`~vpm|#tzvYWEZQ7d7&_5CUyO|3O
z2m&`{y2z@m$f?6WK@ncg@@4iVTW*up{Bl(6ooq8#L1;t6+u3bVJ|%fpB{fK!CKXm{
z5(vf*M~WafRb6KJlMte8_WGlc8v2(@jS;$ax_)RR&<N0KmDG)ZlLXd}AJz}|^KG6j
zie)-qWHg8>XnU6k@<cC|Df&0t!E7r_n34D;+Ujg=#uxiRif7z*5VORb@XNYbW{=r;
zCPh21)g`1V{*`Q`E-|cRx<lEh-Xq#RkPordaKwr)oVQR82SqC*1&Sp7mKwEqM<T4u
zIhnl?!i`Cr_pI1i)%tq&BQt7H=?9}S=}DjqfBZ=^(O3{Srq+`>YC9~Mjzy7Uqb683
z!vsSr7`rL6by9w(C6?6l)@Jwgrp40Vniq9+(2PEMn>WuM9zW0TtT?gt#&eHFnZn@g
z;&p&-vaDtLn3ie2uuI%857)n-9hwPR#F_VYLtCFlhBTEaDYS(#V_3&!x=KTBoyF|e
zSfTfIJiWdFqy^nUE%t41G0#dXO{CQl#fB_fzqP<LAc-vR^yqJSUi|tCaTi(?@B}K}
z7<u#nc56zWItT3r@ucfbQ5p#)+|kmXY?oO*UlmUnbvTY<o%K{P9QE30jOhX?2<7Mu
zALg{J((?3pNTLh^m&5=Mn?m+>L(oPDRa8e%ep^3(PQOo=fHM8x7OHNZ8T&5b5H|5c
zmYaR&m@{b4ci<>gcjpY8j^VVqvCF!NHI9l8IZ5x-S^k|N5N2-`?}gkIHsOQ4m%S3w
zYNKw#jfZkVgluK^oUr&cSkqCEEE?79GaVcb;QYHo*?UeRfDC}6Q+TJxO#Q<crVc4H
zQ=h0N!DeixUuQMNCVc)A%uBy@c&fupB-?CL2DQjJrH1UnbCN&l&R0kU9y)Uw4B4+v
zNT0Nzin(46{E$8qx9!6FF^^g!D_=C>C}zX7_D(I3i7-~6HwnI?Zssl&a|2deLj%9t
z^wKL5P4|dL`kgHroPFcXUW%m=woVNBx;u2S1z--NiKF2i%S+!^!YucBio64i!%SB1
zJ{V}v&9d~#4j9K_ITkK3R?pWcYWmj${cB4bHImj*U`$6Oq6Tw%2#mtFT+|@E19c4i
zNYMhtZHM1&ME#s@JB{9Ip%-@T;2#pKo&#48b?n@(dWx7^X9D8W_3B_ex7!ACO7L!*
z95o~C)=6P7M7ni|Gz1U^kMHk}h5_g-sTNr_e@gSTL}FlISePOWoikU}NeQ6hW0)`n
z_m?LCo3$e#%}sFoa3AFI)92doGFhs<zzpi65fYxrYVtd<*y*=TR<<#%$q@kVGgxzp
z9N_@&ljwAD9e>Y`)$d^Tm7#oYjU<|7`kejAb*{k1icXVHNTng#`L2}HA%w|=Ubb_Y
zQrhg2F-*>Q!hrYNE>qK~H>;mxaIvrFF{%o~C2yio9$~0%-bO74M&q208i;og7(=dD
z)Ht$}z*v0sqsHMKsAJ&A06cz~td`w_K6wx)WUJx9k*iA!qomC2>nd@ejSx-;gPWXL
zd=5!4vvCg9R2du&vIP6GMnn|wSF-HVJAH!8YwBV>t%FPJhD||k%?mpg;OIkH6w9Gr
z1?#7$g|G3%GeuT369_LnP5j?P;mx0oyW!}}bNUn*JWr?^!#C|%hdzjee>y=^s!oD#
z&N%~%Fg4rq$Y8WrFLRNZ(*|9p)uPNyR##&_3B@?$xq%Xk>7m-X+*W})B`Dd4qFAMg
zsgz){FScSZpniN<+HC%fsr~cy!bRpoW~}<0ZRVS@_-2Y%q`JDuv@mFk__Tc!R$BKW
z4;5UyUT2}RlSV->_0iP`G{M*j6vyq%&{&)5*idWSgx}R!4)L?6mK)pLs$o^{DV~>A
zE2fR95zMC9-?Bk&G}+E2UQC%wl$V)umR7Vfn8<v=`xcLMkRZYXv^)<0?~eCAtOqvU
zm)_}K4)o0#71clQATWk122q2lJ*lJOM|xOERs0;j7?!p19ELh#A(rm&$S8{QV#SNJ
zke6}Jh%>0%EWaDXd5YwZ+G9^2ci7C)jB65T?@5lmQCi3k^lPYQD~x?c;`U(ft_*4j
zjtCs5=L73dreBKBdL;{5nX!K%p8<oKAaPTXeL^2Bh>nl;Y@iaLVgcE`ybi>@_=@!6
zbc?c@=|>dBNoV9DVF(D%)g57p68O6mQ5IU*94l#!HcKS|QXqEM8a3$#K!<g4JonEo
z(C4UXD!!3=(Q!Sv;!&Ifs{!ORoDC)$35YoIdtTSV1Z_#To70F<fZ4vSf@DLVWku8g
zT$`$65Ps8vxFHYkpR;C&`L;fJkf?!45hCs~;M91255>2E=S=!;dP+D9z2*%lTekl|
zu~2~Oxnc0SS`>81c_fL0x0v<s&*@EF+!%X&Q{*>apR>jDO^sjMBHNqlx!A6jHxKE}
zCM|IoZk;aiU|lGBUnLv6ET(+_jQIN=R_h-()dt79AG5_xGdmEtD(HCF6Y+x>&|(zN
zx~WuRaf5~Cj^)BXW6KI*N=2E0^wCJB4l7i~V|$*bQ0OJ#JSK0!l&=)Xc#qSq^TNJU
znmpKwW3`DU>^jG@+5O$e`;YJ5-+g=wu#1QGo-ykaBG9qgQBniF?AqIlDGsqCBsACi
z0=oLT5bHud2uCy$-(zJJAEdY20`4=*CR%!HAR3se6)jwk$$4=#;dnXTK6F~GpgX^E
z@evsg^DoR^o7xhs4D7P}hdG4Ov&cu;Xxo>g=wDY|2*ar!Lqud)*h&RP=vOS3g4X;8
z`ezFtH2`}*FalrKs3CX<;W3!8jaUebVLMRAz>fiU@#o0fQ1l~*-!?RDBN(|OTLa1d
zY3t`m|3SI5S1}E(qVsxFePVNl;hLE_NoEGJiF?JeX;!4cNqNjl+*Ht|{trLhaz^L&
z2-gW`(N@WX=MS*FDXJ`VHGmH04=qQ#BKQV1wzu+u*Drnz8DRlGi@^1-1j<1G-)b3w
zxyfqsEi9Vd{UI71;X5b5Hn@i?$_UuizpjEV@L6yo3P8$E0%N&sjT*`ALLG;M2V^S+
zK-atjU1bUOK!ml>1aS`OXX0G#-*SZwxhfVo-ddyD_Y{cB=?z1-JDz1B_>RBKK}IDV
zfB1c&P)ZX<2)LgwPZxE8+gSY|AH330pLc+SS80vAKj=a>fBK_F2*}G8)v&smV2Q-h
z6)B_>urVil0)xjk{Idd=05>AmHjYWP%WPDCf5$4<zY5}Nl$(G@u+U6%h(>2yO6+9i
z-VDX+!#n|$Z`!E12wVzQi&jQ63u_vXz%+LR=(2BP1SrZb>t}D(aak0LgBX|9afmz}
z2mRc4wve=}(>j^s4&&9}1D0NIDp28P<tGSKASUA~P&h7@u}N^zF7AyqH;tUIuJd$O
z6hafI>jdkKoN6d#>>vws|B|feXt|HD#y)rG=<!@uL<j7R$|ARmE}WmHEZ-qG?vi0d
zdz!>hOe3r2wgSw@X@Hgtq%cD-B8^gwKpD(#U)lQ@j)&w7xUeEyZi6IP>lM5JWPl<}
zdn&KB%1OM|?|ji<x0QitT~1w>Z#mj7@sZEU)iLdMH5h{!vU`z)wad_0Y{%9_#dg(<
z+l>f_+P@y|-|F_b{@d3B{p%tT#V@_9z_`1FENb*!9jbG{j{#h6PLx8cOt>x@w86(?
z@O$Vd7WS~0^g!TC3;4*9W{nUJ+WEl+3K&FQCleq({;r&$WbYuG4oEmg_>2UTD7R7D
z7rs9yytsqDz7X!Vr<BE~%^eTZtqACiz$Ec|cRFTj*>`<cUnXn-WgYv?2}n<gkG0_-
ziZ4CTK_e|-ChLSx#ATc2YWP##(gO7`4AUC`o96U6J@so~hdLXwczy81n2u-82G@KN
zoA+wPcMh68D}L8Egwky*Z%+8vSy0yvaCz#sF|wG8V34jpohWdqcZIQ;w`jw{J>R0n
z>R%7^Pn+^w2MURun83x7?mDB}FHTy*jR+j@SuZslLnMaL=FzYVavT3)FPh6`fR{$+
zAjqY4*i*;AmUE}kWvrzV#67$k0NZ1-L3Zq*30E@E)T>Rhm}H=u_W6{v?_Y3(tNFT~
zj}oC~M_oh$sUJ^{fS6Tm%fUh{0U`yfDdu55gNPjh-3!yCm4~&@9UreYFOCu0HWq!P
zQT~SA*YkeoIPcfnV&RHdLnnSmSf5!D(demY$3em7vN}+_Xcdf;Enz!dJddvIHZtO2
zGakMq%XZr1oiK?)n3ysda}$2g##oP~MMMFQg>fQk0QP=h1iRi*{oA(#y}MEqHH6zm
zU>q)DQKRq<)G_emMg2RwQ+)EU$dkRyg&YcTq2e%S%I^;g*LsTFm*N*PP0*KO;vge<
zw#n$uuJ&$EO5TE?7;s~?!1NF<#AW!k@E1XpB-FY2#t}Z}UYi@Y2jl@RLIPQ*Qxw==
zWbzRDE|@qqzQesi?QD&E1*Ug4z(P2`90_E-_(45^9LF&!!YZxFV;Kv?Zhstq2ccTx
z-f2yN&OMbR+Sz^=Ep{`B-yKPnPK6bPQ=xfg$090z?At1StY#h4d;kY8!lYnqMcit;
z&dt_Dp?Wr>^11HiK;ItcqXzMM35>?pF=`z4eqaPE4^jQwx7FV9;}ywc34Y7-;@4kD
z=HOyA(JvFG1bYJUFX9{oQ9mAu9*b=~{9Z=ZPp`%}ayN%Jrdx9Y;T%s)mB%jzpcq-;
zYrTo1uM&8J<##S-TxB_~(7ySa)y>_ENMuyWlL^y8N_UrTG~2(wK4}~jLI8-u_U^@j
z^kD%fd-)<_F7`&Gle*wRf8c26wo!Q6b>tLH>;kjC+e;ScdVe9-w|@Mvez>0_KD8*8
z>Cg{DgRR&53yqOJQ8))05?Zvs_iohw3pe~GxS!=U>hEwo-^m_W18dF*wDEP}SHQ}2
zW<j*{3RN_4Z6!zN%E0kb2vIw^Yp2zUv-2x;Ho-ha$ImFl&eo$b+FjU^*M?a`7vY@s
z%NppPb3KX#-a&W_X7D1Yz!<gzbqxF%@NLX!cz@bQE8u-JPR8{T!BhBbci?B4t_z&E
zq&scq?TLC=7(^ci<zaUAtowC5Jatky81zmg92`{LMlbgl`b_l5CoB?|he;kNr%G5(
z#8m6{$i1a6WKUC+AW0`+e9)6SI<SDkWx|Pv#0>Dv@mD8}?51?=fvQgGt(xF5jU}#z
zB97pn4s2z!H+Kz|KH`>lynp@d?aL>g2<aV}<54V>bY!R&o$F3A0NyiLasG^&A##+L
z?7`{=;bJ)(&+&<j#5UqA-r=zORCyqc3sF9S){%<av6w1X<3?4x3XID*8#NevKQMw_
z?Wq3k+kxH{p^h3y=|>$AKL$Lkm$_W?jX8m%LiV9Pk<Nl$M}DAyddLe?bFOpc#Pn9#
zz3?$>#0|<~MIX!@<PP=S^pvoi7C%flLDvU+bUZ07t1$eiywO!E?it6e<h0dJQ;Q$O
z&C=yP1P{}+@By^-JXx-rFJ;M+Ll|LJhz&M(h*E^9PdY7Rt<9{e@A-m`V8>2Mh6k`i
zhn{36yKm-(($?WzJNX2eI%V}iTnQ<Nt-H#|ZgvCERPZO|*!0E(L<*E_cUM-nYRq+?
zVf3-1%_e=ov_nMv)xM1pn3T6cY8n=b{$fXf?aKH72$P*`i8$hF)f2wCILH8Zov7y5
zNCE-y>Nz3vFn=nG?Pi*B7m`3;P(Mv7U{IFnDy=7R6~qqlF?xxmDb>}H4{_oTQEbNX
z2#IfmmeadZRbHd<6nTpoR+C(H)Ucv8Iv)Is%yNN~O}VAcg2ug3*DyHG%eXCMBOPTn
z)Pd1DRCOu*v>&$0`0C4ivZZh_$lKzL3HmZ7wYW-?DtX942UI}cwM+^w*on)eR1I~R
zy|~xEgc5<I1S;%ovBTsh4=_muF<;D$8?m0LbeF-a*)1+pG@!s%ABH{yt9~;YHr7P!
zhB(Y;m=;X7t$Ff2c?i+<U=J)w=)=C;<VrAUokHWTGbdj6+<mR><Y9K#v#EMVP6$hF
zx3z3zyT&xJm_aYNvW3ge2{J$ix$;T+-ZbX2@4OE0K*ffaLC!2@6GfH<Bq~i|T>evB
z?0X08>w@Z`cl)XvhPY^wJdY{9>ad{PLo(|<6YNm#Z=Esg0vI2lIQ~Lku`hNIicLm(
z;*9hWqc7v05$;Xs!(4-6TDF&-4wh3gTW-?Fq)t#jBtz%c8#`zHkY^-)?~RsjoaaMe
zf+0k>XG^=)mO`Ypnm~K!)(suNce3@>BFpAaX`Yt&s^TIWfNa@bW+@H62PD?8rc4x+
zc&q0CAjTf&JvRP0QVs(nVR*fXgtZz3^nvs)t;Z4`mr<bPGa3}x7wQdCrAmLQQZ--D
z_=_pkySHzT-rNVqH16;morNS#e^Wf()cBj0^`>1`QV4q^2oOzR1^cZIdB{^&wJ%Yw
zd51hEQD>$$ggg$KP8tc3p1d`WM+YmhTf$+St82eESQBvVxxP8nfc2Zfv0Pk;WLIdj
zYjgq^+L&EyU(euZn)%x(Lev199jb9NV_2@lj$u0pi~;S&PhUo)&72<8QSc)<nis1}
zpl^ye#(HR>qFB4Xs1w;c$b+Cy-;IiRz}z3#d>*P19us^u<91j+4||n1!U-JPpyfWN
zV~go;lB)Vzl;#T^5^06KL$AE@BGZT3pjzH(R>Tmzf@hh1$(CC<%ac5r2l-iM$On(@
z3op{t%X}Tp8{Z_Yv$eT*hB?9nn5kN^Ocz;m$vgc*&}X|^-F|v7cXvVVj#eMA*%*~W
zgK<nsjaX02Cm}r4hAmjE$T4&hAY(;Y>a6<{E7YrVCmdu}uh*5LjVmHKlCsa`BhEH5
zjVw=wzAffF3d%Pik*5}nl5q!TtYcxWE@j5FYXp$xT){YOm)T1o6y`($bETiqh=4~P
zPvXYZdQwLvCgWiRum2QjG<?R!Y@2Fu_RKel#JU~1Gwk}_hVIKOVVlK&p9u4C$sCk2
bvm0wSeGr=Vu+q+hSc3?o8C)Xf`{(}w>L?lb

delta 3761
zcmb_fdrVVj6i=ars!U!*KweVRK|$%Il*esAamE<b1v9f`4lJ#GSRQ?gW2`=gI$w*a
zCvjW0D4AKZx#5Hh&IK?^=7XRDCYv%J!R(J^hB?We*^;^QUAX1mdO>FV=gaN)I=^$i
z^ZT9C&aTi8`$7^7G*w79d1xx1RvPMTR(rkK?$vt@FmyRzqrwkkomr`Sa^31-XDM2#
z(r<RuZLPQCgn`z;aq8R)R37g#@YkOSE1;ELgB3qJ;PK7yxp;A-)4a~$96vMEofLHD
zku+}E_!+&;L@X83N}Jtlwwm2aoe$x#hHZ9}`3*B`IFEHgV3%^~A_NonEy)}Z%0+XZ
z_bv0`JQE&6{IGkxZUfq3ucYAgYD-ieS`q|i`@o7IuwAx=5o+Ep7#mmskMEQudFbHN
zR*&9hwAAX0Av&BEqI-s0itv_V&W|ozMi@RK3G>tK7d{vJ1<!0>`&{hjKeK(!%<adD
zydu<XDVsj-{KP{Raqmt+RCpls#9wU6lVum^875vbLZ0dx^|UctDN#Y2dLtRj75-Vv
zBr5-!1^8>Yw;x&(rA&#WJmg4gIL_R?m<b=<%78c97lBGPPtK7N_Q?Ll<(AbAFdF^<
z{tkPD?2<|eUng#MWyC^ud?{|Ki%-Sz-T3dIGcg<53f_T-Sz0C~@gFHpC#7nj#V3Vg
zSp<yaB!D;dtVG4+rl~@3aqRUb9LJHmGG0#MDHY0w(d}@UCIt%o)J@jHLe<+RDw-vr
z)-*u%H{CFDwvWlrbWV75{o|}7IdfQ>`}apcnlBEP=3I&A9MkjEMoTxrV0sGdytWux
za#O(m$tLFH5}gDwx#$My$sG%z!#IMMQa}Nv#yK0c2*+a^u0wU6oWsOC$U6`^2NlGz
z&2Dz1G(yy2HH^${9*=bD#%%bdTRs6S9eRqk%?fM=i7HkUq9zF9U#?0R+#v%wZ9xS5
z__ft2=3>y$JzIm#wAE0jhecG`GG0jYgv)08W_P30YjfE3wdTgjI6qMcNXkHo<U%y6
zxA4$3m4IYbBo-z92{;}j$gtfaH=^8&%ucE9h0wOzoTAYP91jAyW1tM~$>u?YeD8}M
zdfL4cx=s|47J-4{&St@H11Y33%<wiXNaWwna4*rq=Vw_%ET=uiXQF~JK`(^~0YYc_
zlCl9)PrfD{$E8<<6xhA?_X!#vyE>Wfv?&69uBZ`B@O)u{Gp*~33I7C{T^<iVRF>du
zMinu7Y(qcHKI{i)bT)H+(~1y|fUvXvGQ4K&C%p-7OWl|Wzi#%jgxlxLh4)RWI58C{
zgoj5>pnoNa(*dT+oE5B2Z8cSRWpu3y#jCXTPoiwITQi~B`2|iyy4G@<vB#1CqwagS
z9ME4V^}d9^cY7D&=%=o7*rB4ii+R|vDuACk(>Nv>7Yh_I2=yIdvG*lLzzN@a7-0o_
z)Z~KY2c^uZ?RzBw@j8DfO{yi*EC^eTBB}`0$Za*)Z5{(lbRr35d`Sr2Af(Q8qA+sy
zl33PE-5Zh`Bc=$VX@QL(7;@ra`S*GS_K89rA=x>tPGF$1a;0f7CIa_`-T@JY!E*_a
zrrwv1Bzem2|4kDG9NM)4p$zTHz%jU5R5V+qVwHg_SxHd2-y#~D0wHBc*@BZxDw!Jx
zG{Mwii}a^-7VpW?OShwrwA)<&&1?L%*!cGa_=E`x%hyREs%aIBM6ZF;bzz|S+>fY*
zt-ltAy0L;{mFFsMb!#cfSKP)cw|QW=W(*KbG-nCkQ(qR%=ix<Z_gEbPv}_Nvvt9~|
zJ7SpZ({Y5Tq=`{>%!8WtSA#7^pH7C+_S?8gKn<+s`JJ)wM+d3qS)GKLT>paI1z{%J
zCvEvEbK;G-HimO>eos4bFiPNHke0!t1x6@m8jz+kczmup2n6wUS8p-S_VgyAiVXKk
zLh;Ali#{ByE_p?^UmB#7d7;6l-0CsAC!Z2ZYx|+%vpL)gGL1Lh3ms3g*{y6JCiA*&
zb}OvBb@WO2LA^#8k`6Nk)Gi&Ix)TXMSrqW~u#^1DLTIEj+<rR}_70T52g4E2b7u#<
bb^Av_ml%s!&Gk-)+u&|g>Ws8n=kxssYtD)Z

diff --git a/phpunit.xml.dist b/phpunit.xml.dist
index 7107122..7be6529 100644
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -15,17 +15,17 @@
         <testsuite name="app">
             <directory>tests/TestCase/</directory>
         </testsuite>
-        <!-- Add plugin test suites here. -->
+        <testsuite name="controller">
+            <directory>./tests/TestCase/Controller</directory>
+        </testsuite>
+        <testsuite name="api">
+            <directory>./tests/TestCase/Api</directory>
+        </testsuite>
     </testsuites>
 
-    <!-- Setup a listener for fixtures -->
-    <listeners>
-        <listener class="Cake\TestSuite\Fixture\FixtureInjector">
-            <arguments>
-                <object class="Cake\TestSuite\Fixture\FixtureManager"/>
-            </arguments>
-        </listener>
-    </listeners>
+    <extensions>
+        <extension class="\Cake\TestSuite\Fixture\PHPUnitExtension" />
+    </extensions>
 
     <!-- Ignore vendor tests in code coverage reports -->
     <filter>
diff --git a/src/Model/Table/AuditLogsTable.php b/src/Model/Table/AuditLogsTable.php
index efd6339..7987af6 100644
--- a/src/Model/Table/AuditLogsTable.php
+++ b/src/Model/Table/AuditLogsTable.php
@@ -163,8 +163,8 @@ class AuditLogsTable extends AppTable
         if ($this->user !== null) {
             return $this->user;
         }
-
-        $this->user = ['id' => 0, /*'org_id' => 0, */'authkey_id' => 0, 'request_type' => self::REQUEST_TYPE_DEFAULT];
+        
+        $this->user = ['id' => 0, /*'org_id' => 0, */'authkey_id' => 0, 'request_type' => self::REQUEST_TYPE_DEFAULT, 'name' => ''];
 
         $isShell = (php_sapi_name() === 'cli');
         if ($isShell) {
diff --git a/tests/Fixture/AuthKeysFixture.php b/tests/Fixture/AuthKeysFixture.php
new file mode 100644
index 0000000..5924c5b
--- /dev/null
+++ b/tests/Fixture/AuthKeysFixture.php
@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+use Authentication\PasswordHasher\DefaultPasswordHasher;
+
+class AuthKeysFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public const ADMIN_API_KEY = '4cd687b314a3b9c4d83264e6195b9a3706ef4c2f';
+
+    public function init(): void
+    {
+        $hasher = new DefaultPasswordHasher();
+
+        $this->records = [
+            [
+                'id' => 1,
+                'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e5',
+                'authkey' => $hasher->hash(self::ADMIN_API_KEY),
+                'authkey_start' => '4cd6',
+                'authkey_end' => '4c2f',
+                'expiration' => 0,
+                'user_id' => 1,
+                'comment' => '',
+                'created' => time(),
+                'modified' => time()
+            ]
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/Fixture/IndividualsFixture.php b/tests/Fixture/IndividualsFixture.php
new file mode 100644
index 0000000..31261f2
--- /dev/null
+++ b/tests/Fixture/IndividualsFixture.php
@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+
+class IndividualsFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public $records = [
+        [
+            'id' => 1,
+            'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e1',
+            'email' => 'admin@admin.test',
+            'first_name' => 'admin',
+            'last_name' => 'admin',
+            'position' => 'admin',
+            'created' => '2022-01-04 10:00:00',
+            'modified' => '2022-01-04 10:00:00'
+        ]
+    ];
+}
diff --git a/tests/Fixture/RolesFixture.php b/tests/Fixture/RolesFixture.php
new file mode 100644
index 0000000..ced82a1
--- /dev/null
+++ b/tests/Fixture/RolesFixture.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+
+class RolesFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public $records = [
+        [
+            'id' => 1,
+            'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e4',
+            'name' => 'admin',
+            'is_default' => true,
+            'perm_admin' => true,
+            'perm_sync' => true,
+            'perm_org_admin' => true
+        ]
+    ];
+}
diff --git a/tests/Fixture/UsersFixture.php b/tests/Fixture/UsersFixture.php
new file mode 100644
index 0000000..df6b8bd
--- /dev/null
+++ b/tests/Fixture/UsersFixture.php
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+use Authentication\PasswordHasher\DefaultPasswordHasher;
+
+class UsersFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public const ADMIN_USER = 'admin';
+    public const ADMIN_PASSWORD = 'Password1234';
+
+    public function init(): void
+    {
+        $hasher = new DefaultPasswordHasher();
+
+
+        $this->records = [
+            [
+                'id' => 1,
+                'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e5',
+                'username' => self::ADMIN_USER,
+                'password' => $hasher->hash(self::ADMIN_PASSWORD),
+                'role_id' => 1,
+                'individual_id' => 1,
+                'disabled' => 0,
+                'organisation_id' => 1,
+                'created' => '2022-01-04 10:00:00',
+                'modified' => '2022-01-04 10:00:00'
+            ]
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 0000000..898e249
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,48 @@
+# Testing
+Add a test database to your `config/app_local.php` config file and set `debug` mode to `true`.
+```php
+'debug' => true,
+'Datasources' => [
+    'default' => [
+        ...
+    ],
+    /*
+        * The test connection is used during the test suite.
+        */
+    'test' => [
+        'host' => 'localhost',
+        'username' => 'cerebrate',
+        'password' => 'cerebrate',
+        'database' => 'cerebrate_test',
+    ],
+],
+```
+
+## Runing the tests
+
+```
+$ composer install
+$ vendor/bin/phpunit
+PHPUnit 8.5.22 by Sebastian Bergmann and contributors.
+
+.....                                     5 / 5 (100%)
+
+Time: 11.61 seconds, Memory: 26.00 MB
+
+OK (5 tests, 15 assertions)
+```
+
+Running a specific suite:
+```
+$ vendor/bin/phpunit --testsuite=api
+```
+Available suites:
+* `app`: runs all test suites
+* `api`: runs only api tests
+* `controller`: runs only controller tests
+* _to be continued ..._
+
+By default the database is re-generated before running the test suite, to skip this step and speed up the test run use the `-d skip-migrations` option:
+```
+$ vendor/bin/phpunit -d skip-migrations
+```
diff --git a/tests/TestCase/Api/UsersApiTest.php b/tests/TestCase/Api/UsersApiTest.php
new file mode 100644
index 0000000..5353305
--- /dev/null
+++ b/tests/TestCase/Api/UsersApiTest.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+
+class UsersApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function testViewMe(): void
+    {
+        // ugly hack, $_SERVER['HTTP_AUTHORIZATION'] is not set automatically in test environment
+        $_SERVER['HTTP_AUTHORIZATION'] = AuthKeysFixture::ADMIN_API_KEY;
+        $this->configRequest([
+            'headers' => [
+                // this does not work: https://book.cakephp.org/4/en/development/testing.html#testing-stateless-authentication-and-apis
+                // 'Authorization' => AuthKeysFixture::ADMIN_API_KEY,
+                'Accept' => 'application/json'
+            ]
+        ]);
+
+        $this->get('/users/view');
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::ADMIN_USER));
+    }
+}
diff --git a/tests/TestCase/ApplicationTest.php b/tests/TestCase/ApplicationTest.php
index cd09f1e..e2d3183 100644
--- a/tests/TestCase/ApplicationTest.php
+++ b/tests/TestCase/ApplicationTest.php
@@ -40,10 +40,14 @@ class ApplicationTest extends IntegrationTestCase
         $app->bootstrap();
         $plugins = $app->getPlugins();
 
-        $this->assertCount(3, $plugins);
+        $this->assertCount(7, $plugins);
         $this->assertSame('Bake', $plugins->get('Bake')->getName());
         $this->assertSame('DebugKit', $plugins->get('DebugKit')->getName());
         $this->assertSame('Migrations', $plugins->get('Migrations')->getName());
+        $this->assertSame('Authentication', $plugins->get('Authentication')->getName());
+        $this->assertSame('ADmad/SocialAuth', $plugins->get('ADmad/SocialAuth')->getName());
+        $this->assertSame('Tags', $plugins->get('Tags')->getName());
+        $this->assertSame('Cake/TwigView', $plugins->get('Cake/TwigView')->getName());
     }
 
     /**
diff --git a/tests/TestCase/Controller/PagesControllerTest.php b/tests/TestCase/Controller/PagesControllerTest.php
deleted file mode 100644
index f2958f9..0000000
--- a/tests/TestCase/Controller/PagesControllerTest.php
+++ /dev/null
@@ -1,126 +0,0 @@
-<?php
-declare(strict_types=1);
-
-/**
- * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- * @link          https://cakephp.org CakePHP(tm) Project
- * @since         1.2.0
- * @license       https://opensource.org/licenses/mit-license.php MIT License
- */
-namespace App\Test\TestCase\Controller;
-
-use Cake\Core\Configure;
-use Cake\TestSuite\IntegrationTestTrait;
-use Cake\TestSuite\TestCase;
-
-/**
- * PagesControllerTest class
- *
- * @uses \App\Controller\PagesController
- */
-class PagesControllerTest extends TestCase
-{
-    use IntegrationTestTrait;
-
-    /**
-     * testMultipleGet method
-     *
-     * @return void
-     */
-    public function testMultipleGet()
-    {
-        $this->get('/');
-        $this->assertResponseOk();
-        $this->get('/');
-        $this->assertResponseOk();
-    }
-
-    /**
-     * testDisplay method
-     *
-     * @return void
-     */
-    public function testDisplay()
-    {
-        $this->get('/pages/home');
-        $this->assertResponseOk();
-        $this->assertResponseContains('CakePHP');
-        $this->assertResponseContains('<html>');
-    }
-
-    /**
-     * Test that missing template renders 404 page in production
-     *
-     * @return void
-     */
-    public function testMissingTemplate()
-    {
-        Configure::write('debug', false);
-        $this->get('/pages/not_existing');
-
-        $this->assertResponseError();
-        $this->assertResponseContains('Error');
-    }
-
-    /**
-     * Test that missing template in debug mode renders missing_template error page
-     *
-     * @return void
-     */
-    public function testMissingTemplateInDebug()
-    {
-        Configure::write('debug', true);
-        $this->get('/pages/not_existing');
-
-        $this->assertResponseFailure();
-        $this->assertResponseContains('Missing Template');
-        $this->assertResponseContains('Stacktrace');
-        $this->assertResponseContains('not_existing.php');
-    }
-
-    /**
-     * Test directory traversal protection
-     *
-     * @return void
-     */
-    public function testDirectoryTraversalProtection()
-    {
-        $this->get('/pages/../Layout/ajax');
-        $this->assertResponseCode(403);
-        $this->assertResponseContains('Forbidden');
-    }
-
-    /**
-     * Test that CSRF protection is applied to page rendering.
-     *
-     * @reutrn void
-     */
-    public function testCsrfAppliedError()
-    {
-        $this->post('/pages/home', ['hello' => 'world']);
-
-        $this->assertResponseCode(403);
-        $this->assertResponseContains('CSRF');
-    }
-
-    /**
-     * Test that CSRF protection is applied to page rendering.
-     *
-     * @reutrn void
-     */
-    public function testCsrfAppliedOk()
-    {
-        $this->enableCsrfToken();
-        $this->post('/pages/home', ['hello' => 'world']);
-
-        $this->assertResponseCode(200);
-        $this->assertResponseContains('CakePHP');
-    }
-}
diff --git a/tests/TestCase/Controller/UsersControllerTest.php b/tests/TestCase/Controller/UsersControllerTest.php
new file mode 100644
index 0000000..0c856e8
--- /dev/null
+++ b/tests/TestCase/Controller/UsersControllerTest.php
@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Controller;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\UsersFixture;
+
+class UsersControllerTest extends TestCase
+{
+    use IntegrationTestTrait;
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users'
+    ];
+    public function testLogin(): void
+    {
+        $this->enableCsrfToken();
+        $this->enableSecurityToken();
+
+        $this->post('/users/login', [
+            'username' => UsersFixture::ADMIN_USER,
+            'password' => UsersFixture::ADMIN_PASSWORD,
+        ]);
+
+        $this->assertSessionHasKey('authUser.uuid');
+    }
+}
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 962815c..f8088be 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -1,4 +1,5 @@
 <?php
+
 declare(strict_types=1);
 
 /**
@@ -17,6 +18,8 @@ declare(strict_types=1);
 
 use Cake\Core\Configure;
 use Cake\Datasource\ConnectionManager;
+use Cake\TestSuite\Fixture\SchemaLoader;
+use Migrations\TestSuite\Migrator;
 
 /**
  * Test runner bootstrap.
@@ -50,3 +53,17 @@ ConnectionManager::alias('test_debug_kit', 'debug_kit');
 // does not allow the sessionid to be set after stdout
 // has been written to.
 session_id('cli');
+
+// Load db schema from mysql.sql and run migrations
+// super hacky way to skip migrations
+if (!in_array('skip-migrations', $_SERVER['argv'])) {
+    // TODO: Removing mysql.sql and relying only in migrations would be ideal
+    // in the meantime, `'skip' => ['*']`, prevents migrations from droping already created tables
+    (new SchemaLoader())->loadSqlFiles('./INSTALL/mysql.sql', 'test');
+    $migrator = new Migrator();
+    $migrator->runMany([
+        ['connection' => 'test', 'skip' => ['*']],
+        ['plugin' => 'Tags', 'connection' => 'test', 'skip' => ['*']],
+        ['plugin' => 'ADmad/SocialAuth', 'connection' => 'test', 'skip' => ['*']]
+    ]);
+}

From f45727704f319e6ae30e32a311266e3de8c5db08 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 5 Jan 2022 17:44:24 +0100
Subject: [PATCH 090/150] fix: deprecation warning

---
 src/Controller/Component/ParamHandlerComponent.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/Component/ParamHandlerComponent.php b/src/Controller/Component/ParamHandlerComponent.php
index f76a578..89d6cce 100644
--- a/src/Controller/Component/ParamHandlerComponent.php
+++ b/src/Controller/Component/ParamHandlerComponent.php
@@ -47,7 +47,7 @@ class ParamHandlerComponent extends Component
             return $this->isRest;
         }
         if ($this->request->is('json')) {
-            if (!empty($this->request->input()) && empty($this->request->input('json_decode'))) {
+            if (!empty($this->request->getBody()) && !empty($this->request->getParsedBody())) {
                 throw new MethodNotAllowedException('Invalid JSON input. Make sure that the JSON input is a correctly formatted JSON string. This request has been blocked to avoid an unfiltered request.');
             }
             $this->isRest = true;

From a69608530c9a31953df898a9a04643cf69e10069 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 7 Jan 2022 13:45:52 +0100
Subject: [PATCH 091/150] new: add /api openapi spec view with redoc, add faker
 to fixtures, validate api responses with openapi spec, add /api/v1/ prefix to
 api routes

---
 .gitignore                                    |   2 +-
 composer.json                                 |   3 +-
 config/routes.php                             |  22 +-
 src/Controller/ApiController.php              |  19 ++
 src/Controller/Component/ACLComponent.php     |   3 +
 templates/Api/index.php                       |   2 +
 tests/Fixture/AuthKeysFixture.php             |  52 ++++-
 tests/Fixture/IndividualsFixture.php          |  72 +++++-
 tests/Fixture/OrganisationsFixture.php        |  52 +++++
 tests/Fixture/RolesFixture.php                |  60 ++++-
 tests/Fixture/UsersFixture.php                |  78 ++++++-
 tests/Helper/ApiTestTrait.php                 |  79 +++++++
 tests/README.md                               |  11 +-
 tests/TestCase/Api/Users/UsersApiTest.php     |  55 +++++
 tests/TestCase/Api/UsersApiTest.php           |  40 ----
 .../{ => Users}/UsersControllerTest.php       |   2 +-
 tests/bootstrap.php                           |   2 +
 webroot/docs/openapi.yaml                     | 215 ++++++++++++++++++
 18 files changed, 671 insertions(+), 98 deletions(-)
 create mode 100644 src/Controller/ApiController.php
 create mode 100644 templates/Api/index.php
 create mode 100644 tests/Fixture/OrganisationsFixture.php
 create mode 100644 tests/Helper/ApiTestTrait.php
 create mode 100644 tests/TestCase/Api/Users/UsersApiTest.php
 delete mode 100644 tests/TestCase/Api/UsersApiTest.php
 rename tests/TestCase/Controller/{ => Users}/UsersControllerTest.php (93%)
 create mode 100644 webroot/docs/openapi.yaml

diff --git a/.gitignore b/.gitignore
index 869728c..ba05ac6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,4 @@ webroot/theme/node_modules
 .vscode
 docker/run/
 .phpunit.result.cache
-config.json
\ No newline at end of file
+config.json
diff --git a/composer.json b/composer.json
index bc562a0..4e1af85 100644
--- a/composer.json
+++ b/composer.json
@@ -19,7 +19,9 @@
         "cakephp/bake": "^2.0.3",
         "cakephp/cakephp-codesniffer": "~4.0.0",
         "cakephp/debug_kit": "^4.0",
+        "fzaninotto/faker": "^1.9",
         "josegonzalez/dotenv": "^3.2",
+        "league/openapi-psr7-validator": "^0.16.4",
         "phpunit/phpunit": "^8.5",
         "psy/psysh": "@stable"
     },
@@ -44,7 +46,6 @@
     "scripts": {
         "post-install-cmd": "App\\Console\\Installer::postInstall",
         "post-create-project-cmd": "App\\Console\\Installer::postInstall",
-        "post-autoload-dump": "Cake\\Composer\\Installer\\PluginInstaller::postAutoloadDump",
         "check": [
             "@test",
             "@cs-check"
diff --git a/config/routes.php b/config/routes.php
index ac1ab26..e467725 100644
--- a/config/routes.php
+++ b/config/routes.php
@@ -92,14 +92,14 @@ $routes->prefix('Open', function (RouteBuilder $routes) {
     $routes->fallbacks(DashedRoute::class);
 });
 
-/*
- * If you need a different set of middleware or none at all,
- * open new scope and define routes there.
- *
- * ```
- * $routes->scope('/api', function (RouteBuilder $builder) {
- *     // No $builder->applyMiddleware() here.
- *     // Connect API actions here.
- * });
- * ```
- */
+// API routes
+$routes->scope('/api', function (RouteBuilder $routes) {
+    // $routes->applyMiddleware('ratelimit', 'auth.api');
+    $routes->scope('/v1', function (RouteBuilder $routes) {
+        // $routes->applyMiddleware('v1compat');
+        $routes->setExtensions(['json']);
+
+        // Generic API route
+        $routes->connect('/{controller}/{action}/*');
+    });
+});
\ No newline at end of file
diff --git a/src/Controller/ApiController.php b/src/Controller/ApiController.php
new file mode 100644
index 0000000..65cd11c
--- /dev/null
+++ b/src/Controller/ApiController.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Controller;
+
+use App\Controller\AppController;
+
+class ApiController extends AppController
+{
+    /**
+     * Controller action for displaying built-in Redoc UI
+     *
+     * @return \Cake\Http\Response|null|void Renders view
+     */
+    public function index()
+    {
+        $url = '/docs/openapi.yaml';
+        $this->set('url', $url);
+    }
+}
diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index afa70ff..0c6d897 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -193,6 +193,9 @@ class ACLComponent extends Component
             'getBookmarks' => ['*'],
             'saveBookmark' => ['*'],
             'deleteBookmark' => ['*']
+        ],
+        'Api' => [
+            'index' => ['*']
         ]
     );
 
diff --git a/templates/Api/index.php b/templates/Api/index.php
new file mode 100644
index 0000000..96be4b8
--- /dev/null
+++ b/templates/Api/index.php
@@ -0,0 +1,2 @@
+<redoc spec-url='<?php echo $url ?>'></redoc>
+<script src="https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js"> </script>
\ No newline at end of file
diff --git a/tests/Fixture/AuthKeysFixture.php b/tests/Fixture/AuthKeysFixture.php
index 5924c5b..8291811 100644
--- a/tests/Fixture/AuthKeysFixture.php
+++ b/tests/Fixture/AuthKeysFixture.php
@@ -11,24 +11,60 @@ class AuthKeysFixture extends TestFixture
 {
     public $connection = 'test';
 
-    public const ADMIN_API_KEY = '4cd687b314a3b9c4d83264e6195b9a3706ef4c2f';
+    public const ADMIN_API_KEY = 'd033e22ae348aeb5660fc2140aec35850c4da997';
+    public const SYNC_API_KEY = '6b387ced110858dcbcda36edb044dc18f91a0894';
+    public const ORG_ADMIN_API_KEY = '1c4685d281d478dbcebd494158024bc3539004d0';
+    public const USER_API_KEY = '12dea96fec20593566ab75692c9949596833adc9';
 
     public function init(): void
     {
         $hasher = new DefaultPasswordHasher();
+        $faker = \Faker\Factory::create();
 
         $this->records = [
             [
-                'id' => 1,
-                'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e5',
+                'uuid' => $faker->uuid(),
                 'authkey' => $hasher->hash(self::ADMIN_API_KEY),
-                'authkey_start' => '4cd6',
-                'authkey_end' => '4c2f',
+                'authkey_start' => substr(self::ADMIN_API_KEY, 0, 4),
+                'authkey_end' => substr(self::ADMIN_API_KEY, -4),
                 'expiration' => 0,
-                'user_id' => 1,
+                'user_id' => UsersFixture::USER_ADMIN_ID,
                 'comment' => '',
-                'created' => time(),
-                'modified' => time()
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'uuid' => $faker->uuid(),
+                'authkey' => $hasher->hash(self::SYNC_API_KEY),
+                'authkey_start' => substr(self::SYNC_API_KEY, 0, 4),
+                'authkey_end' => substr(self::SYNC_API_KEY, -4),
+                'expiration' => 0,
+                'user_id' => UsersFixture::USER_SYNC_ID,
+                'comment' => '',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'uuid' => $faker->uuid(),
+                'authkey' => $hasher->hash(self::ORG_ADMIN_API_KEY),
+                'authkey_start' => substr(self::ORG_ADMIN_API_KEY, 0, 4),
+                'authkey_end' => substr(self::ORG_ADMIN_API_KEY, -4),
+                'expiration' => 0,
+                'user_id' => UsersFixture::USER_ORG_ADMIN_ID,
+                'comment' => '',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'uuid' => $faker->uuid(),
+                'authkey' => $hasher->hash(self::USER_API_KEY),
+                'authkey_start' => substr(self::USER_API_KEY, 0, 4),
+                'authkey_end' => substr(self::USER_API_KEY, -4),
+                'expiration' => 0,
+                'user_id' => UsersFixture::USER_REGULAR_USER_ID,
+                'comment' => '',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
             ]
         ];
         parent::init();
diff --git a/tests/Fixture/IndividualsFixture.php b/tests/Fixture/IndividualsFixture.php
index 31261f2..9c96f8b 100644
--- a/tests/Fixture/IndividualsFixture.php
+++ b/tests/Fixture/IndividualsFixture.php
@@ -10,16 +10,64 @@ class IndividualsFixture extends TestFixture
 {
     public $connection = 'test';
 
-    public $records = [
-        [
-            'id' => 1,
-            'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e1',
-            'email' => 'admin@admin.test',
-            'first_name' => 'admin',
-            'last_name' => 'admin',
-            'position' => 'admin',
-            'created' => '2022-01-04 10:00:00',
-            'modified' => '2022-01-04 10:00:00'
-        ]
-    ];
+    // Admin individual
+    public const INDIVIDUAL_ADMIN_ID = 1;
+
+    // Sync individual
+    public const INDIVIDUAL_SYNC_ID = 2;
+
+    // Org Admin individual
+    public const INDIVIDUAL_ORG_ADMIN_ID = 3;
+
+    // Regular User individual
+    public const INDIVIDUAL_REGULAR_USER_ID = 4;
+
+    public function init(): void
+    {
+        $faker = \Faker\Factory::create();
+
+        $this->records = [
+            [
+                'id' => self::INDIVIDUAL_ADMIN_ID,
+                'uuid' => $faker->uuid(),
+                'email' => $faker->email(),
+                'first_name' => $faker->firstName,
+                'last_name' => $faker->lastName,
+                'position' => 'admin',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::INDIVIDUAL_SYNC_ID,
+                'uuid' => $faker->uuid(),
+                'email' => $faker->email(),
+                'first_name' => $faker->firstName,
+                'last_name' => $faker->lastName,
+                'position' => 'sync',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::INDIVIDUAL_ORG_ADMIN_ID,
+                'uuid' => $faker->uuid(),
+                'email' => $faker->email(),
+                'first_name' => $faker->firstName,
+                'last_name' => $faker->lastName,
+                'position' => 'org_admin',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::INDIVIDUAL_REGULAR_USER_ID,
+                'uuid' => $faker->uuid(),
+                'email' => $faker->email(),
+                'first_name' => $faker->firstName,
+                'last_name' => $faker->lastName,
+                'position' => 'user',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ]
+        ];
+        parent::init();
+    }
 }
diff --git a/tests/Fixture/OrganisationsFixture.php b/tests/Fixture/OrganisationsFixture.php
new file mode 100644
index 0000000..d8b81f9
--- /dev/null
+++ b/tests/Fixture/OrganisationsFixture.php
@@ -0,0 +1,52 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+use Authentication\PasswordHasher\DefaultPasswordHasher;
+
+class OrganisationsFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    // Organisation A
+    public const ORGANISATION_A_ID = 1;
+
+    // Organisation B
+    public const ORGANISATION_B_ID = 2;
+
+    public function init(): void
+    {
+        $faker = \Faker\Factory::create();
+
+        $this->records = [
+            [
+                'id' => self::ORGANISATION_A_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'Organisation A',
+                'url' => $faker->url,
+                'nationality' => $faker->countryCode,
+                'sector' => 'IT',
+                'type' => '',
+                'contacts' => '',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::ORGANISATION_B_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'Organisation B',
+                'url' => $faker->url,
+                'nationality' => $faker->countryCode,
+                'sector' => 'IT',
+                'type' => '',
+                'contacts' => '',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ]
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/Fixture/RolesFixture.php b/tests/Fixture/RolesFixture.php
index ced82a1..1230e8f 100644
--- a/tests/Fixture/RolesFixture.php
+++ b/tests/Fixture/RolesFixture.php
@@ -10,15 +10,53 @@ class RolesFixture extends TestFixture
 {
     public $connection = 'test';
 
-    public $records = [
-        [
-            'id' => 1,
-            'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e4',
-            'name' => 'admin',
-            'is_default' => true,
-            'perm_admin' => true,
-            'perm_sync' => true,
-            'perm_org_admin' => true
-        ]
-    ];
+    public const ROLE_ADMIN_ID = 1;
+    public const ROLE_SYNC_ID = 2;
+    public const ROLE_ORG_ADMIN_ID = 3;
+    public const ROLE_REGULAR_USER_ID = 4;
+
+    public function init(): void
+    {
+        $faker = \Faker\Factory::create();
+
+        $this->records = [
+            [
+                'id' => self::ROLE_ADMIN_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'admin',
+                'is_default' => false,
+                'perm_admin' => true,
+                'perm_sync' => false,
+                'perm_org_admin' => false
+            ],
+            [
+                'id' => self::ROLE_SYNC_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'sync',
+                'is_default' => false,
+                'perm_admin' => false,
+                'perm_sync' => true,
+                'perm_org_admin' => false
+            ],
+            [
+                'id' => self::ROLE_ORG_ADMIN_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'org_admin',
+                'is_default' => false,
+                'perm_admin' => false,
+                'perm_sync' => false,
+                'perm_org_admin' => true
+            ],
+            [
+                'id' => self::ROLE_REGULAR_USER_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'user',
+                'is_default' => true,
+                'perm_admin' => false,
+                'perm_sync' => false,
+                'perm_org_admin' => false
+            ]
+        ];
+        parent::init();
+    }
 }
diff --git a/tests/Fixture/UsersFixture.php b/tests/Fixture/UsersFixture.php
index df6b8bd..ba35e7a 100644
--- a/tests/Fixture/UsersFixture.php
+++ b/tests/Fixture/UsersFixture.php
@@ -11,26 +11,80 @@ class UsersFixture extends TestFixture
 {
     public $connection = 'test';
 
-    public const ADMIN_USER = 'admin';
-    public const ADMIN_PASSWORD = 'Password1234';
+    // Admin user
+    public const USER_ADMIN_ID = 1;
+    public const USER_ADMIN_USERNAME = 'admin';
+    public const USER_ADMIN_PASSWORD = 'AdminPassword';
+
+    // Sync user
+    public const USER_SYNC_ID = 2;
+    public const USER_SYNC_USERNAME = 'sync';
+    public const USER_SYNC_PASSWORD = 'SyncPassword';
+
+    // Org Admin user
+    public const USER_ORG_ADMIN_ID = 3;
+    public const USER_ORG_ADMIN_USERNAME = 'org_admin';
+    public const USER_ORG_ADMIN_PASSWORD = 'OrgAdminPassword';
+
+    // Regular User user
+    public const USER_REGULAR_USER_ID = 4;
+    public const USER_REGULAR_USER_USERNAME = 'user';
+    public const USER_REGULAR_USER_PASSWORD = 'UserPassword';
+
 
     public function init(): void
     {
         $hasher = new DefaultPasswordHasher();
-
+        $faker = \Faker\Factory::create();
 
         $this->records = [
             [
-                'id' => 1,
-                'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e5',
-                'username' => self::ADMIN_USER,
-                'password' => $hasher->hash(self::ADMIN_PASSWORD),
-                'role_id' => 1,
-                'individual_id' => 1,
+                'id' => self::USER_ADMIN_ID,
+                'uuid' => $faker->uuid(),
+                'username' => self::USER_ADMIN_USERNAME,
+                'password' => $hasher->hash(self::USER_ADMIN_PASSWORD),
+                'role_id' => RolesFixture::ROLE_ADMIN_ID,
+                'individual_id' => IndividualsFixture::INDIVIDUAL_ADMIN_ID,
                 'disabled' => 0,
-                'organisation_id' => 1,
-                'created' => '2022-01-04 10:00:00',
-                'modified' => '2022-01-04 10:00:00'
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::USER_SYNC_ID,
+                'uuid' => $faker->uuid(),
+                'username' => self::USER_SYNC_USERNAME,
+                'password' => $hasher->hash(self::USER_SYNC_PASSWORD),
+                'role_id' => RolesFixture::ROLE_SYNC_ID,
+                'individual_id' => IndividualsFixture::INDIVIDUAL_SYNC_ID,
+                'disabled' => 0,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::USER_ORG_ADMIN_ID,
+                'uuid' => $faker->uuid(),
+                'username' => self::USER_ORG_ADMIN_USERNAME,
+                'password' => $hasher->hash(self::USER_ORG_ADMIN_PASSWORD),
+                'role_id' => RolesFixture::ROLE_ORG_ADMIN_ID,
+                'individual_id' => IndividualsFixture::INDIVIDUAL_ORG_ADMIN_ID,
+                'disabled' => 0,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::USER_REGULAR_USER_ID,
+                'uuid' => $faker->uuid(),
+                'username' => self::USER_REGULAR_USER_USERNAME,
+                'password' => $hasher->hash(self::USER_REGULAR_USER_PASSWORD),
+                'role_id' => RolesFixture::ROLE_REGULAR_USER_ID,
+                'individual_id' => IndividualsFixture::INDIVIDUAL_REGULAR_USER_ID,
+                'disabled' => 0,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
             ]
         ];
         parent::init();
diff --git a/tests/Helper/ApiTestTrait.php b/tests/Helper/ApiTestTrait.php
new file mode 100644
index 0000000..e749677
--- /dev/null
+++ b/tests/Helper/ApiTestTrait.php
@@ -0,0 +1,79 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Helper;
+
+use \League\OpenAPIValidation\PSR7\ValidatorBuilder;
+use \League\OpenAPIValidation\PSR7\RequestValidator;
+use \League\OpenAPIValidation\PSR7\ResponseValidator;
+use \League\OpenAPIValidation\PSR7\OperationAddress;
+
+trait ApiTestTrait
+{
+    /** @var string */
+    protected $_authToken = '';
+
+    /** @var ValidatorBuilder */
+    private $validator;
+
+    /** @var RequestValidator */
+    private $requestValidator;
+
+    /** @var ResponseValidator */
+    private $responseValidator;
+
+    public function setAuthToken(string $authToken): void
+    {
+        $this->_authToken = $authToken;
+
+        // somehow this is not set automatically in test environment
+        $_SERVER['HTTP_AUTHORIZATION'] = $authToken;
+
+        $this->configRequest([
+            'headers' => [
+                'Accept' => 'application/json',
+                'Authorization' => $this->_authToken
+            ]
+        ]);
+    }
+
+    /**
+     * Parse the OpenAPI specification and create a validator
+     * 
+     * @param string $specFile
+     * @return void
+     */
+    public function initializeValidator(string $specFile): void
+    {
+        $this->validator = (new ValidatorBuilder)->fromYamlFile($specFile);
+        $this->requestValidator = $this->validator->getRequestValidator();
+        $this->responseValidator = $this->validator->getResponseValidator();
+    }
+
+    /**
+     * Validates the API request against the OpenAPI spec
+     * 
+     * @param string $path The path to the API endpoint 
+     * @param string $method The HTTP method used to call the endpoint 
+     * @return void
+     */
+    public function validateRequest(string $endpoint, string $method = 'get'): void
+    {
+        // TODO: find a workaround to create a PSR-7 request object for validation
+        throw NotImplementedException("Unfortunately cakephp does not save the PSR-7 request object in the test context");
+    }
+
+    /**
+     * Validates the API response against the OpenAPI spec
+     * 
+     * @param string $path The path to the API endpoint 
+     * @param string $method The HTTP method used to call the endpoint
+     * @return void
+     */
+    public function validateResponse(string $endpoint, string $method = 'get'): void
+    {
+        $address = new OperationAddress($endpoint, $method);
+        $this->responseValidator->validate($address, $this->_response);
+    }
+}
diff --git a/tests/README.md b/tests/README.md
index 898e249..f37bcf3 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -1,5 +1,14 @@
 # Testing
-Add a test database to your `config/app_local.php` config file and set `debug` mode to `true`.
+
+1. Add a `cerebrate_test` database to the db:
+```mysql
+CREATE DATABASE cerebrate_test;
+GRANT ALL PRIVILEGES ON cerebrate_test.* to cerebrate@localhost;
+FLUSH PRIVILEGES;
+QUIT;
+```
+
+2. Add a the test database to your `config/app_local.php` config file and set `debug` mode to `true`.
 ```php
 'debug' => true,
 'Datasources' => [
diff --git a/tests/TestCase/Api/Users/UsersApiTest.php b/tests/TestCase/Api/Users/UsersApiTest.php
new file mode 100644
index 0000000..2f2c2b8
--- /dev/null
+++ b/tests/TestCase/Api/Users/UsersApiTest.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class UsersApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/users/view';
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testViewMe(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
+        // TODO: $this->validateRequest()
+        $this->validateResponse(self::ENDPOINT);
+    }
+
+    public function testViewById(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, UsersFixture::USER_ADMIN_ID);
+        $this->get($url);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
+        // TODO: $this->validateRequest()
+        $this->validateResponse($url);
+    }
+}
diff --git a/tests/TestCase/Api/UsersApiTest.php b/tests/TestCase/Api/UsersApiTest.php
deleted file mode 100644
index 5353305..0000000
--- a/tests/TestCase/Api/UsersApiTest.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Test\TestCase\Api;
-
-use Cake\TestSuite\IntegrationTestTrait;
-use Cake\TestSuite\TestCase;
-use App\Test\Fixture\AuthKeysFixture;
-use App\Test\Fixture\UsersFixture;
-
-class UsersApiTest extends TestCase
-{
-    use IntegrationTestTrait;
-
-    protected $fixtures = [
-        'app.Individuals',
-        'app.Roles',
-        'app.Users',
-        'app.AuthKeys'
-    ];
-
-    public function testViewMe(): void
-    {
-        // ugly hack, $_SERVER['HTTP_AUTHORIZATION'] is not set automatically in test environment
-        $_SERVER['HTTP_AUTHORIZATION'] = AuthKeysFixture::ADMIN_API_KEY;
-        $this->configRequest([
-            'headers' => [
-                // this does not work: https://book.cakephp.org/4/en/development/testing.html#testing-stateless-authentication-and-apis
-                // 'Authorization' => AuthKeysFixture::ADMIN_API_KEY,
-                'Accept' => 'application/json'
-            ]
-        ]);
-
-        $this->get('/users/view');
-
-        $this->assertResponseOk();
-        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::ADMIN_USER));
-    }
-}
diff --git a/tests/TestCase/Controller/UsersControllerTest.php b/tests/TestCase/Controller/Users/UsersControllerTest.php
similarity index 93%
rename from tests/TestCase/Controller/UsersControllerTest.php
rename to tests/TestCase/Controller/Users/UsersControllerTest.php
index 0c856e8..37dd73a 100644
--- a/tests/TestCase/Controller/UsersControllerTest.php
+++ b/tests/TestCase/Controller/Users/UsersControllerTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace App\Test\TestCase\Controller;
+namespace App\Test\TestCase\Controller\Users;
 
 use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index f8088be..9283095 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -66,4 +66,6 @@ if (!in_array('skip-migrations', $_SERVER['argv'])) {
         ['plugin' => 'Tags', 'connection' => 'test', 'skip' => ['*']],
         ['plugin' => 'ADmad/SocialAuth', 'connection' => 'test', 'skip' => ['*']]
     ]);
+}else{
+    echo "[ * ] Skipping migrations ...\n";
 }
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
new file mode 100644
index 0000000..5a55225
--- /dev/null
+++ b/webroot/docs/openapi.yaml
@@ -0,0 +1,215 @@
+openapi: 3.0.0
+info:
+  version: 1.3.0
+  title: Cerebrate Project API
+  description: |
+
+    TODO: markdown description
+
+servers:
+  - url: https://cerebrate.local
+
+tags:
+  - name: Users
+    description: "TODO: users resource descriptions"
+
+paths:
+  /api/v1/users/view:
+    get:
+      summary: "Get information about the current user"
+      operationId: viewUserMe
+      tags:
+        - Users
+      responses:
+        "200":
+          $ref: "#/components/responses/ViewUserResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/users/view/{userId}:
+    get:
+      summary: "Get information of a user by id"
+      operationId: viewUserById
+      tags:
+        - Users
+      parameters:
+        - $ref: "#/components/parameters/userId"
+      responses:
+        "200":
+          $ref: "#/components/responses/ViewUserResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+components:
+  schemas:
+    # General
+    UUID:
+      type: string
+      format: uuid
+      maxLength: 36
+      example: "c99506a6-1255-4b71-afa5-7b8ba48c3b1b"
+
+    ID:
+      type: integer
+      format: int32
+      example: 1
+
+    DateTime:
+      type: string
+      format: datetime
+      example: "2022-01-05T11:19:26+00:00"
+
+    # Users
+    Username:
+      type: string
+      example: "admin"
+
+    User:
+      type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        uuid:
+          $ref: "#/components/schemas/UUID"
+        username:
+          $ref: "#/components/schemas/Username"
+        role_id:
+          $ref: "#/components/schemas/ID"
+        individual_id:
+          $ref: "#/components/schemas/ID"
+        disabled:
+          type: boolean
+        created:
+          $ref: "#/components/schemas/DateTime"
+        modified:
+          $ref: "#/components/schemas/DateTime"
+        organisation_id:
+          $ref: "#/components/schemas/ID"
+
+    # Individuals
+
+    # Organisations
+
+    # Roles
+    RoleName:
+      type: string
+      maxLength: 255
+      example: "admin"
+
+    Role:
+      type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        name:
+          $ref: "#/components/schemas/RoleName"
+        is_default:
+          type: boolean
+        perm_admin:
+          type: boolean
+        perm_sync:
+          type: boolean
+        perm_org_admin:
+          type: boolean
+
+    # Errors
+    ApiError:
+      type: object
+      required:
+        - name
+        - message
+        - url
+      properties:
+        name:
+          type: string
+        message:
+          type: string
+        url:
+          type: string
+          example: "/users"
+
+    UnauthorizedApiError:
+      type: object
+      required:
+        - name
+        - message
+        - url
+      properties:
+        name:
+          type: string
+          example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
+        message:
+          type: string
+          example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
+        url:
+          type: string
+          example: "/users"
+
+    NotFoundApiError:
+      type: object
+      required:
+        - name
+        - message
+        - url
+      properties:
+        name:
+          type: string
+          example: "Invalid user"
+        message:
+          type: string
+          example: "Invalid user"
+        url:
+          type: string
+          example: "/users/1234"
+
+  parameters:
+    userId:
+      name: userId
+      in: path
+      description: "Numeric ID of the User"
+      required: true
+      schema:
+        $ref: "#/components/schemas/ID"
+
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: Authorization
+      description: |
+        The authorization is performed by using the following header in the HTTP requests:
+
+            Authorization: YOUR_API_KEY
+
+  # requestBodies:
+
+  responses:
+    # User
+    ViewUserResponse:
+      description: "User response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/User"
+
+    # Errors
+    ApiErrorResponse:
+      description: "Unexpected API error"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/ApiError"
+
+    UnauthorizedApiErrorResponse:
+      description: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/UnauthorizedApiError"
+
+security:
+  - ApiKeyAuth: []

From 5b3bef13e2678dd5a5397bddea2e46f3dd639eeb Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 7 Jan 2022 13:47:20 +0100
Subject: [PATCH 092/150] fix: test

---
 tests/TestCase/Controller/Users/UsersControllerTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/TestCase/Controller/Users/UsersControllerTest.php b/tests/TestCase/Controller/Users/UsersControllerTest.php
index 37dd73a..7ef6e4c 100644
--- a/tests/TestCase/Controller/Users/UsersControllerTest.php
+++ b/tests/TestCase/Controller/Users/UsersControllerTest.php
@@ -23,8 +23,8 @@ class UsersControllerTest extends TestCase
         $this->enableSecurityToken();
 
         $this->post('/users/login', [
-            'username' => UsersFixture::ADMIN_USER,
-            'password' => UsersFixture::ADMIN_PASSWORD,
+            'username' => UsersFixture::USER_ADMIN_USERNAME,
+            'password' => UsersFixture::USER_ADMIN_PASSWORD,
         ]);
 
         $this->assertSessionHasKey('authUser.uuid');

From 3923064d07c7972c92c1f7f530c41ef53b9d6ff1 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 7 Jan 2022 14:37:04 +0100
Subject: [PATCH 093/150] chg: migrate mysql.sql initial schema to a phinx
 migration

---
 INSTALL/INSTALL.md                            |    6 -
 INSTALL/mysql.sql                             |  408 -----
 .../20210311000000_InitialSchema.php          | 1464 +++++++++++++++++
 debian/install                                |    1 -
 docker/README.md                              |   17 -
 docker/docker-compose.yml                     |    1 -
 tests/bootstrap.php                           |   14 +-
 7 files changed, 1469 insertions(+), 442 deletions(-)
 delete mode 100644 INSTALL/mysql.sql
 create mode 100644 config/Migrations/20210311000000_InitialSchema.php

diff --git a/INSTALL/INSTALL.md b/INSTALL/INSTALL.md
index fc6e131..f4cef5f 100644
--- a/INSTALL/INSTALL.md
+++ b/INSTALL/INSTALL.md
@@ -74,12 +74,6 @@ sudo mysql -e "GRANT ALL PRIVILEGES ON cerebrate.* to cerebrate@localhost;"
 sudo mysql -e "FLUSH PRIVILEGES;"
 ```
 
-Load the default table structure into the database
-
-```bash
-sudo mysql -u cerebrate -p cerebrate < /var/www/cerebrate/INSTALL/mysql.sql
-```
-
 create your local configuration and set the db credentials
 
 ```bash
diff --git a/INSTALL/mysql.sql b/INSTALL/mysql.sql
deleted file mode 100644
index ed39991..0000000
--- a/INSTALL/mysql.sql
+++ /dev/null
@@ -1,408 +0,0 @@
--- MySQL dump 10.16  Distrib 10.1.44-MariaDB, for debian-linux-gnu (x86_64)
---
--- Host: localhost    Database: cerebrate
--- ------------------------------------------------------
--- Server version	10.1.44-MariaDB-0ubuntu0.18.04.1
-
-/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
-/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
-/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
-/*!40101 SET NAMES utf8mb4 */;
-/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
-/*!40103 SET TIME_ZONE='+00:00' */;
-/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
-/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
-/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
-/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
-
---
--- Table structure for table `alignment_tags`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `alignment_tags` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `alignment_id` int(10) unsigned NOT NULL,
-  `tag_id` int(10) unsigned NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `alignment_id` (`alignment_id`),
-  KEY `tag_id` (`tag_id`),
-  CONSTRAINT `alignment_tags_ibfk_1` FOREIGN KEY (`alignment_id`) REFERENCES `alignments` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_10` FOREIGN KEY (`tag_id`) REFERENCES `tags` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_11` FOREIGN KEY (`alignment_id`) REFERENCES `alignments` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_12` FOREIGN KEY (`tag_id`) REFERENCES `tags` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_2` FOREIGN KEY (`tag_id`) REFERENCES `tags` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_3` FOREIGN KEY (`alignment_id`) REFERENCES `alignments` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_4` FOREIGN KEY (`tag_id`) REFERENCES `tags` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_5` FOREIGN KEY (`alignment_id`) REFERENCES `alignments` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_6` FOREIGN KEY (`tag_id`) REFERENCES `tags` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_7` FOREIGN KEY (`alignment_id`) REFERENCES `alignments` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_8` FOREIGN KEY (`tag_id`) REFERENCES `tags` (`id`),
-  CONSTRAINT `alignment_tags_ibfk_9` FOREIGN KEY (`alignment_id`) REFERENCES `alignments` (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `alignments`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `alignments` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `individual_id` int(10) unsigned NOT NULL,
-  `organisation_id` int(10) unsigned NOT NULL,
-  `type` varchar(191) COLLATE utf8mb4_unicode_ci DEFAULT 'member',
-  PRIMARY KEY (`id`),
-  KEY `individual_id` (`individual_id`),
-  KEY `organisation_id` (`organisation_id`),
-  CONSTRAINT `alignments_ibfk_1` FOREIGN KEY (`individual_id`) REFERENCES `individuals` (`id`),
-  CONSTRAINT `alignments_ibfk_2` FOREIGN KEY (`organisation_id`) REFERENCES `organisations` (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `auth_keys`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `auth_keys` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `uuid` varchar(40) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `authkey` varchar(72) CHARACTER SET ascii DEFAULT NULL,
-  `authkey_start` varchar(4) CHARACTER SET ascii DEFAULT NULL,
-  `authkey_end` varchar(4) CHARACTER SET ascii DEFAULT NULL,
-  `created` int(10) unsigned NOT NULL,
-  `expiration` int(10) unsigned NOT NULL,
-  `user_id` int(10) unsigned NOT NULL,
-  `comment` text COLLATE utf8mb4_unicode_ci,
-  PRIMARY KEY (`id`),
-  KEY `authkey_start` (`authkey_start`),
-  KEY `authkey_end` (`authkey_end`),
-  KEY `created` (`created`),
-  KEY `expiration` (`expiration`),
-  KEY `user_id` (`user_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `broods`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `broods` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
-  `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `url` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `description` text COLLATE utf8mb4_unicode_ci,
-  `organisation_id` int(10) unsigned NOT NULL,
-  `trusted` tinyint(1) DEFAULT NULL,
-  `pull` tinyint(1) DEFAULT NULL,
-  `skip_proxy` tinyint(1) DEFAULT NULL,
-  `authkey` varchar(40) CHARACTER SET ascii DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  KEY `uuid` (`uuid`),
-  KEY `name` (`name`),
-  KEY `url` (`url`),
-  KEY `authkey` (`authkey`),
-  KEY `organisation_id` (`organisation_id`),
-  FOREIGN KEY (`organisation_id`) REFERENCES `organisations` (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `encryption_keys`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `encryption_keys` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
-  `type` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `encryption_key` text COLLATE utf8mb4_unicode_ci,
-  `revoked` tinyint(1) DEFAULT NULL,
-  `expires` int(10) unsigned DEFAULT NULL,
-  `owner_id` int(10) unsigned DEFAULT NULL,
-  `owner_type` varchar(20) COLLATE utf8mb4_unicode_ci NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `uuid` (`uuid`),
-  KEY `type` (`type`),
-  KEY `expires` (`expires`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `individual_encryption_keys`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `individual_encryption_keys` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `individual_id` int(10) unsigned NOT NULL,
-  `encryption_key_id` int(10) unsigned NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `individual_id` (`individual_id`),
-  KEY `encryption_key_id` (`encryption_key_id`),
-  CONSTRAINT `individual_encryption_keys_ibfk_1` FOREIGN KEY (`individual_id`) REFERENCES `individuals` (`id`),
-  CONSTRAINT `individual_encryption_keys_ibfk_2` FOREIGN KEY (`encryption_key_id`) REFERENCES `encryption_keys` (`id`),
-  CONSTRAINT `individual_encryption_keys_ibfk_3` FOREIGN KEY (`individual_id`) REFERENCES `individuals` (`id`),
-  CONSTRAINT `individual_encryption_keys_ibfk_4` FOREIGN KEY (`encryption_key_id`) REFERENCES `encryption_keys` (`id`),
-  CONSTRAINT `individual_encryption_keys_ibfk_5` FOREIGN KEY (`individual_id`) REFERENCES `individuals` (`id`),
-  CONSTRAINT `individual_encryption_keys_ibfk_6` FOREIGN KEY (`encryption_key_id`) REFERENCES `encryption_keys` (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `individuals`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `individuals` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
-  `email` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `first_name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `last_name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `position` text COLLATE utf8mb4_unicode_ci,
-  PRIMARY KEY (`id`),
-  KEY `uuid` (`uuid`),
-  KEY `email` (`email`),
-  KEY `first_name` (`first_name`),
-  KEY `last_name` (`last_name`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `local_tools`
---
-
-CREATE TABLE IF NOT EXISTS `local_tools` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `connector` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `settings` text COLLATE utf8mb4_unicode_ci,
-  `exposed` tinyint(1) NOT NULL,
-  `description` text COLLATE utf8mb4_unicode_ci,
-  PRIMARY KEY (`id`),
-  KEY `name` (`name`),
-  KEY `connector` (`connector`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
---
--- Table structure for table `organisation_encryption_keys`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `organisation_encryption_keys` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `organisation_id` int(10) unsigned NOT NULL,
-  `encryption_key_id` int(10) unsigned NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `organisation_id` (`organisation_id`),
-  KEY `encryption_key_id` (`encryption_key_id`),
-  CONSTRAINT `organisation_encryption_keys_ibfk_1` FOREIGN KEY (`organisation_id`) REFERENCES `organisations` (`id`),
-  CONSTRAINT `organisation_encryption_keys_ibfk_2` FOREIGN KEY (`encryption_key_id`) REFERENCES `encryption_keys` (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `organisations`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `organisations` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
-  `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `url` varchar(191) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
-  `nationality` varchar(191) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
-  `sector` varchar(191) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
-  `type` varchar(191) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
-  `contacts` text COLLATE utf8mb4_unicode_ci,
-  PRIMARY KEY (`id`),
-  KEY `uuid` (`uuid`),
-  KEY `name` (`name`),
-  KEY `url` (`url`),
-  KEY `nationality` (`nationality`),
-  KEY `sector` (`sector`),
-  KEY `type` (`type`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `roles`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `roles` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
-  `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `is_default` tinyint(1) DEFAULT NULL,
-  `perm_admin` tinyint(1) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  KEY `name` (`name`),
-  KEY `uuid` (`uuid`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `tags`
---
-
-/*!40101 SET @saved_cs_client     = @@character_set_client */;
-/*!40101 SET character_set_client = utf8 */;
-CREATE TABLE IF NOT EXISTS `tags` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `description` text COLLATE utf8mb4_unicode_ci,
-  `colour` varchar(6) CHARACTER SET ascii NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `name` (`name`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-
---
--- Table structure for table `users`
---
-
-CREATE TABLE IF NOT EXISTS `users` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
-  `username` varchar(191) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
-  `password` varchar(191) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
-  `role_id` int(11) unsigned NOT NULL,
-  `individual_id` int(11) unsigned NOT NULL,
-  `disabled` tinyint(1) DEFAULT '0',
-  PRIMARY KEY (`id`),
-  KEY `uuid` (`uuid`),
-  KEY `role_id` (`role_id`),
-  KEY `individual_id` (`individual_id`),
-  CONSTRAINT `users_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `roles` (`id`),
-  CONSTRAINT `users_ibfk_2` FOREIGN KEY (`individual_id`) REFERENCES `individuals` (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-/*!40101 SET character_set_client = @saved_cs_client */;
-/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
-
-CREATE TABLE IF NOT EXISTS `sharing_groups` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
-  `name` varchar(191) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `releasability` text DEFAULT NULL,
-  `description` text DEFAULT NULL,
-  `organisation_id` int(10) unsigned NOT NULL,
-  `user_id` int(10) unsigned NOT NULL,
-  `active` tinyint(1) DEFAULT '1',
-  `local` tinyint(1) DEFAULT '1',
-  PRIMARY KEY (`id`),
-  KEY `uuid` (`uuid`),
-  KEY `user_id` (`user_id`),
-  KEY `organisation_id` (`organisation_id`),
-  KEY `name` (`name`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-CREATE TABLE IF NOT EXISTS `sgo` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `sharing_group_id` int(10) unsigned NOT NULL,
-  `organisation_id` int(10) unsigned NOT NULL,
-  `deleted` tinyint(1) DEFAULT 0,
-  PRIMARY KEY (`id`),
-  KEY `sharing_group_id` (`sharing_group_id`),
-  KEY `organisation_id` (`organisation_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-CREATE TABLE IF NOT EXISTS `meta_fields` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `scope` varchar(191) NOT NULL,
-  `parent_id` int(10) unsigned NOT NULL,
-  `field` varchar(191) NOT NULL,
-  `value` varchar(191) NOT NULL,
-  `uuid` varchar(40) CHARACTER SET ascii DEFAULT NULL,
-  `meta_template_id` int(10) unsigned NOT NULL,
-  `meta_template_field_id` int(10) unsigned NOT NULL,
-  `is_default` tinyint(1) NOT NULL DEFAULT 0,
-  PRIMARY KEY (`id`),
-  KEY `scope` (`scope`),
-  KEY `uuid` (`uuid`),
-  KEY `parent_id` (`parent_id`),
-  KEY `field` (`field`),
-  KEY `value` (`value`),
-  KEY `meta_template_id` (`meta_template_id`),
-  KEY `meta_template_field_id` (`meta_template_field_id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-CREATE TABLE IF NOT EXISTS `meta_templates` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `scope` varchar(191) NOT NULL,
-  `name` varchar(191) NOT NULL,
-  `namespace` varchar(191) NOT NULL,
-  `description` text,
-  `version` varchar(191) NOT NULL,
-  `uuid` varchar(40) CHARACTER SET ascii,
-  `source` varchar(191),
-  `enabled` tinyint(1) DEFAULT 0,
-  `is_default` tinyint(1) NOT NULL DEFAULT 0,
-  PRIMARY KEY (`id`),
-  KEY `scope` (`scope`),
-  KEY `source` (`source`),
-  KEY `name` (`name`),
-  KEY `namespace` (`namespace`),
-  KEY `version` (`version`),
-  KEY `uuid` (`uuid`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-CREATE TABLE IF NOT EXISTS `meta_template_fields` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `field` varchar(191) NOT NULL,
-  `type` varchar(191) NOT NULL,
-  `meta_template_id` int(10) unsigned NOT NULL,
-  `regex` text,
-  `multiple` tinyint(1) DEFAULT 0,
-  `enabled` tinyint(1) DEFAULT 0,
-  PRIMARY KEY (`id`),
-  CONSTRAINT `meta_template_id` FOREIGN KEY (`meta_template_id`) REFERENCES `meta_templates` (`id`),
-  KEY `field` (`field`),
-  KEY `type` (`type`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-CREATE TABLE IF NOT EXISTS `audit_logs` (
-    `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-    `created` datetime NOT NULL,
-    `user_id` int(10) unsigned DEFAULT NULL,
-    `authkey_id` int(10) unsigned DEFAULT NULL,
-    `request_ip` varbinary(16) DEFAULT NULL,
-    `request_type` tinyint NOT NULL,
-    `request_id` varchar(191) DEFAULT NULL,
-    `request_action` varchar(20) NOT NULL,
-    `model` varchar(80) NOT NULL,
-    `model_id` int(10) unsigned DEFAULT NULL,
-    `model_title` text DEFAULT NULL,
-    `change` blob,
-    PRIMARY KEY (`id`),
-    KEY `user_id` (`user_id`),
-    KEY `request_ip` (`request_ip`),
-    KEY `model` (`model`),
-    KEY `request_action` (`request_action`),
-    KEY `model_id` (`model_id`),
-    KEY `created` (`created`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
-/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
-/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
-/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
-/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
-/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
-/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-
--- Dump completed on 2020-06-22 14:30:02
diff --git a/config/Migrations/20210311000000_InitialSchema.php b/config/Migrations/20210311000000_InitialSchema.php
new file mode 100644
index 0000000..d1e2ed1
--- /dev/null
+++ b/config/Migrations/20210311000000_InitialSchema.php
@@ -0,0 +1,1464 @@
+<?php
+
+declare(strict_types=1);
+
+use Migrations\AbstractMigration;
+use Phinx\Db\Adapter\MysqlAdapter;
+
+class InitialSchema extends AbstractMigration
+{
+    public function change()
+    {
+        $this->execute('SET unique_checks=0; SET foreign_key_checks=0;');
+        $this->execute("ALTER DATABASE CHARACTER SET 'utf8mb4';");
+        $this->execute("ALTER DATABASE COLLATE='utf8mb4_general_ci';");
+        $this->table('broods', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'id',
+            ])
+            ->addColumn('name', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'uuid',
+            ])
+            ->addColumn('url', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'name',
+            ])
+            ->addColumn('description', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'url',
+            ])
+            ->addColumn('organisation_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'description',
+            ])
+            ->addColumn('trusted', 'boolean', [
+                'null' => true,
+                'default' => null,
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'organisation_id',
+            ])
+            ->addColumn('pull', 'boolean', [
+                'null' => true,
+                'default' => null,
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'trusted',
+            ])
+            ->addColumn('skip_proxy', 'boolean', [
+                'null' => true,
+                'default' => null,
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'pull',
+            ])
+            ->addColumn('authkey', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'skip_proxy',
+            ])
+            ->addIndex(['uuid'], [
+                'name' => 'uuid',
+                'unique' => false,
+            ])
+            ->addIndex(['name'], [
+                'name' => 'name',
+                'unique' => false,
+            ])
+            ->addIndex(['url'], [
+                'name' => 'url',
+                'unique' => false,
+            ])
+            ->addIndex(['authkey'], [
+                'name' => 'authkey',
+                'unique' => false,
+            ])
+            ->addIndex(['organisation_id'], [
+                'name' => 'organisation_id',
+                'unique' => false,
+            ])
+            ->addForeignKey('organisation_id', 'organisations', 'id', [
+                'constraint' => 'broods_ibfk_1',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->create();
+        $this->table('sharing_groups', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'id',
+            ])
+            ->addColumn('name', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'uuid',
+            ])
+            ->addColumn('releasability', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'name',
+            ])
+            ->addColumn('description', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'releasability',
+            ])
+            ->addColumn('organisation_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'description',
+            ])
+            ->addColumn('user_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'organisation_id',
+            ])
+            ->addColumn('active', 'boolean', [
+                'null' => true,
+                'default' => '1',
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'user_id',
+            ])
+            ->addColumn('local', 'boolean', [
+                'null' => true,
+                'default' => '1',
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'active',
+            ])
+            ->addIndex(['uuid'], [
+                'name' => 'uuid',
+                'unique' => false,
+            ])
+            ->addIndex(['user_id'], [
+                'name' => 'user_id',
+                'unique' => false,
+            ])
+            ->addIndex(['organisation_id'], [
+                'name' => 'organisation_id',
+                'unique' => false,
+            ])
+            ->addIndex(['name'], [
+                'name' => 'name',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('alignment_tags', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('alignment_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'id',
+            ])
+            ->addColumn('tag_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'alignment_id',
+            ])
+            ->addIndex(['alignment_id'], [
+                'name' => 'alignment_id',
+                'unique' => false,
+            ])
+            ->addIndex(['tag_id'], [
+                'name' => 'tag_id',
+                'unique' => false,
+            ])
+            ->addForeignKey('alignment_id', 'alignments', 'id', [
+                'constraint' => 'alignment_tags_ibfk_1',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('tag_id', 'tags', 'id', [
+                'constraint' => 'alignment_tags_ibfk_10',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('alignment_id', 'alignments', 'id', [
+                'constraint' => 'alignment_tags_ibfk_11',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('tag_id', 'tags', 'id', [
+                'constraint' => 'alignment_tags_ibfk_12',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('tag_id', 'tags', 'id', [
+                'constraint' => 'alignment_tags_ibfk_2',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('alignment_id', 'alignments', 'id', [
+                'constraint' => 'alignment_tags_ibfk_3',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('tag_id', 'tags', 'id', [
+                'constraint' => 'alignment_tags_ibfk_4',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('alignment_id', 'alignments', 'id', [
+                'constraint' => 'alignment_tags_ibfk_5',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('tag_id', 'tags', 'id', [
+                'constraint' => 'alignment_tags_ibfk_6',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('alignment_id', 'alignments', 'id', [
+                'constraint' => 'alignment_tags_ibfk_7',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('tag_id', 'tags', 'id', [
+                'constraint' => 'alignment_tags_ibfk_8',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('alignment_id', 'alignments', 'id', [
+                'constraint' => 'alignment_tags_ibfk_9',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->create();
+        $this->table('meta_templates', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('scope', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'id',
+            ])
+            ->addColumn('name', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'scope',
+            ])
+            ->addColumn('namespace', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'name',
+            ])
+            ->addColumn('description', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'namespace',
+            ])
+            ->addColumn('version', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'description',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'version',
+            ])
+            ->addColumn('source', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'uuid',
+            ])
+            ->addColumn('enabled', 'boolean', [
+                'null' => true,
+                'default' => '0',
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'source',
+            ])
+            ->addColumn('is_default', 'boolean', [
+                'null' => false,
+                'default' => '0',
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'enabled',
+            ])
+            ->addIndex(['scope'], [
+                'name' => 'scope',
+                'unique' => false,
+            ])
+            ->addIndex(['source'], [
+                'name' => 'source',
+                'unique' => false,
+            ])
+            ->addIndex(['name'], [
+                'name' => 'name',
+                'unique' => false,
+            ])
+            ->addIndex(['namespace'], [
+                'name' => 'namespace',
+                'unique' => false,
+            ])
+            ->addIndex(['version'], [
+                'name' => 'version',
+                'unique' => false,
+            ])
+            ->addIndex(['uuid'], [
+                'name' => 'uuid',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('individuals', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'id',
+            ])
+            ->addColumn('email', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'uuid',
+            ])
+            ->addColumn('first_name', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'email',
+            ])
+            ->addColumn('last_name', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'first_name',
+            ])
+            ->addColumn('position', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'last_name',
+            ])
+            ->addIndex(['uuid'], [
+                'name' => 'uuid',
+                'unique' => false,
+            ])
+            ->addIndex(['email'], [
+                'name' => 'email',
+                'unique' => false,
+            ])
+            ->addIndex(['first_name'], [
+                'name' => 'first_name',
+                'unique' => false,
+            ])
+            ->addIndex(['last_name'], [
+                'name' => 'last_name',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('organisations', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'id',
+            ])
+            ->addColumn('name', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'uuid',
+            ])
+            ->addColumn('url', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'name',
+            ])
+            ->addColumn('nationality', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'url',
+            ])
+            ->addColumn('sector', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'nationality',
+            ])
+            ->addColumn('type', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'sector',
+            ])
+            ->addColumn('contacts', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'type',
+            ])
+            ->addIndex(['uuid'], [
+                'name' => 'uuid',
+                'unique' => false,
+            ])
+            ->addIndex(['name'], [
+                'name' => 'name',
+                'unique' => false,
+            ])
+            ->addIndex(['url'], [
+                'name' => 'url',
+                'unique' => false,
+            ])
+            ->addIndex(['nationality'], [
+                'name' => 'nationality',
+                'unique' => false,
+            ])
+            ->addIndex(['sector'], [
+                'name' => 'sector',
+                'unique' => false,
+            ])
+            ->addIndex(['type'], [
+                'name' => 'type',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('encryption_keys', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'id',
+            ])
+            ->addColumn('type', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'uuid',
+            ])
+            ->addColumn('encryption_key', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'type',
+            ])
+            ->addColumn('revoked', 'boolean', [
+                'null' => true,
+                'default' => null,
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'encryption_key',
+            ])
+            ->addColumn('expires', 'integer', [
+                'null' => true,
+                'default' => null,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'revoked',
+            ])
+            ->addColumn('owner_id', 'integer', [
+                'null' => true,
+                'default' => null,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'expires',
+            ])
+            ->addColumn('owner_type', 'string', [
+                'null' => false,
+                'limit' => 20,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'owner_id',
+            ])
+            ->addIndex(['uuid'], [
+                'name' => 'uuid',
+                'unique' => false,
+            ])
+            ->addIndex(['type'], [
+                'name' => 'type',
+                'unique' => false,
+            ])
+            ->addIndex(['expires'], [
+                'name' => 'expires',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('meta_fields', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('scope', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'id',
+            ])
+            ->addColumn('parent_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'scope',
+            ])
+            ->addColumn('field', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'parent_id',
+            ])
+            ->addColumn('value', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'field',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'value',
+            ])
+            ->addColumn('meta_template_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'uuid',
+            ])
+            ->addColumn('meta_template_field_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'meta_template_id',
+            ])
+            ->addColumn('is_default', 'boolean', [
+                'null' => false,
+                'default' => '0',
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'meta_template_field_id',
+            ])
+            ->addIndex(['scope'], [
+                'name' => 'scope',
+                'unique' => false,
+            ])
+            ->addIndex(['uuid'], [
+                'name' => 'uuid',
+                'unique' => false,
+            ])
+            ->addIndex(['parent_id'], [
+                'name' => 'parent_id',
+                'unique' => false,
+            ])
+            ->addIndex(['field'], [
+                'name' => 'field',
+                'unique' => false,
+            ])
+            ->addIndex(['value'], [
+                'name' => 'value',
+                'unique' => false,
+            ])
+            ->addIndex(['meta_template_id'], [
+                'name' => 'meta_template_id',
+                'unique' => false,
+            ])
+            ->addIndex(['meta_template_field_id'], [
+                'name' => 'meta_template_field_id',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('audit_logs', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('created', 'datetime', [
+                'null' => false,
+                'after' => 'id',
+            ])
+            ->addColumn('user_id', 'integer', [
+                'null' => true,
+                'default' => null,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'created',
+            ])
+            ->addColumn('authkey_id', 'integer', [
+                'null' => true,
+                'default' => null,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'user_id',
+            ])
+            ->addColumn('request_ip', 'varbinary', [
+                'null' => true,
+                'default' => null,
+                'limit' => 16,
+                'after' => 'authkey_id',
+            ])
+            ->addColumn('request_type', 'integer', [
+                'null' => false,
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'request_ip',
+            ])
+            ->addColumn('request_id', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'request_type',
+            ])
+            ->addColumn('request_action', 'string', [
+                'null' => false,
+                'limit' => 20,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'request_id',
+            ])
+            ->addColumn('model', 'string', [
+                'null' => false,
+                'limit' => 80,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'request_action',
+            ])
+            ->addColumn('model_id', 'integer', [
+                'null' => true,
+                'default' => null,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'model',
+            ])
+            ->addColumn('model_title', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'model_id',
+            ])
+            ->addColumn('change', 'blob', [
+                'null' => true,
+                'default' => null,
+                'limit' => MysqlAdapter::BLOB_REGULAR,
+                'after' => 'model_title',
+            ])
+            ->addIndex(['user_id'], [
+                'name' => 'user_id',
+                'unique' => false,
+            ])
+            ->addIndex(['request_ip'], [
+                'name' => 'request_ip',
+                'unique' => false,
+            ])
+            ->addIndex(['model'], [
+                'name' => 'model',
+                'unique' => false,
+            ])
+            ->addIndex(['request_action'], [
+                'name' => 'request_action',
+                'unique' => false,
+            ])
+            ->addIndex(['model_id'], [
+                'name' => 'model_id',
+                'unique' => false,
+            ])
+            ->addIndex(['created'], [
+                'name' => 'created',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('organisation_encryption_keys', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('organisation_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'id',
+            ])
+            ->addColumn('encryption_key_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'organisation_id',
+            ])
+            ->addIndex(['organisation_id'], [
+                'name' => 'organisation_id',
+                'unique' => false,
+            ])
+            ->addIndex(['encryption_key_id'], [
+                'name' => 'encryption_key_id',
+                'unique' => false,
+            ])
+            ->addForeignKey('organisation_id', 'organisations', 'id', [
+                'constraint' => 'organisation_encryption_keys_ibfk_1',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('encryption_key_id', 'encryption_keys', 'id', [
+                'constraint' => 'organisation_encryption_keys_ibfk_2',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->create();
+        $this->table('users', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'id',
+            ])
+            ->addColumn('username', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'uuid',
+            ])
+            ->addColumn('password', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'username',
+            ])
+            ->addColumn('role_id', 'integer', [
+                'null' => false,
+                'limit' => MysqlAdapter::INT_REGULAR,
+                'signed' => false,
+                'after' => 'password',
+            ])
+            ->addColumn('individual_id', 'integer', [
+                'null' => false,
+                'limit' => MysqlAdapter::INT_REGULAR,
+                'signed' => false,
+                'after' => 'role_id',
+            ])
+            ->addColumn('disabled', 'boolean', [
+                'null' => true,
+                'default' => '0',
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'individual_id',
+            ])
+            ->addIndex(['uuid'], [
+                'name' => 'uuid',
+                'unique' => false,
+            ])
+            ->addIndex(['role_id'], [
+                'name' => 'role_id',
+                'unique' => false,
+            ])
+            ->addIndex(['individual_id'], [
+                'name' => 'individual_id',
+                'unique' => false,
+            ])
+            ->addForeignKey('role_id', 'roles', 'id', [
+                'constraint' => 'users_ibfk_1',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('individual_id', 'individuals', 'id', [
+                'constraint' => 'users_ibfk_2',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->create();
+        $this->table('roles', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 40,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'id',
+            ])
+            ->addColumn('name', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'uuid',
+            ])
+            ->addColumn('is_default', 'boolean', [
+                'null' => true,
+                'default' => null,
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'name',
+            ])
+            ->addColumn('perm_admin', 'boolean', [
+                'null' => true,
+                'default' => null,
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'is_default',
+            ])
+            ->addIndex(['name'], [
+                'name' => 'name',
+                'unique' => false,
+            ])
+            ->addIndex(['uuid'], [
+                'name' => 'uuid',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('tags', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('name', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'id',
+            ])
+            ->addColumn('description', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'name',
+            ])
+            ->addColumn('colour', 'string', [
+                'null' => false,
+                'limit' => 6,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'description',
+            ])
+            ->addIndex(['name'], [
+                'name' => 'name',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('individual_encryption_keys', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('individual_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'id',
+            ])
+            ->addColumn('encryption_key_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'individual_id',
+            ])
+            ->addIndex(['individual_id'], [
+                'name' => 'individual_id',
+                'unique' => false,
+            ])
+            ->addIndex(['encryption_key_id'], [
+                'name' => 'encryption_key_id',
+                'unique' => false,
+            ])
+            ->addForeignKey('individual_id', 'individuals', 'id', [
+                'constraint' => 'individual_encryption_keys_ibfk_1',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('encryption_key_id', 'encryption_keys', 'id', [
+                'constraint' => 'individual_encryption_keys_ibfk_2',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('individual_id', 'individuals', 'id', [
+                'constraint' => 'individual_encryption_keys_ibfk_3',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('encryption_key_id', 'encryption_keys', 'id', [
+                'constraint' => 'individual_encryption_keys_ibfk_4',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('individual_id', 'individuals', 'id', [
+                'constraint' => 'individual_encryption_keys_ibfk_5',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('encryption_key_id', 'encryption_keys', 'id', [
+                'constraint' => 'individual_encryption_keys_ibfk_6',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->create();
+        $this->table('meta_template_fields', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('field', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'id',
+            ])
+            ->addColumn('type', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'field',
+            ])
+            ->addColumn('meta_template_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'type',
+            ])
+            ->addColumn('regex', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'meta_template_id',
+            ])
+            ->addColumn('multiple', 'boolean', [
+                'null' => true,
+                'default' => '0',
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'regex',
+            ])
+            ->addColumn('enabled', 'boolean', [
+                'null' => true,
+                'default' => '0',
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'multiple',
+            ])
+            ->addIndex(['meta_template_id'], [
+                'name' => 'meta_template_id',
+                'unique' => false,
+            ])
+            ->addIndex(['field'], [
+                'name' => 'field',
+                'unique' => false,
+            ])
+            ->addIndex(['type'], [
+                'name' => 'type',
+                'unique' => false,
+            ])
+            ->addForeignKey('meta_template_id', 'meta_templates', 'id', [
+                'constraint' => 'meta_template_id',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->create();
+        $this->table('auth_keys', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('uuid', 'string', [
+                'null' => false,
+                'limit' => 40,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'id',
+            ])
+            ->addColumn('authkey', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 72,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'uuid',
+            ])
+            ->addColumn('authkey_start', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 4,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'authkey',
+            ])
+            ->addColumn('authkey_end', 'string', [
+                'null' => true,
+                'default' => null,
+                'limit' => 4,
+                'collation' => 'ascii_general_ci',
+                'encoding' => 'ascii',
+                'after' => 'authkey_start',
+            ])
+            ->addColumn('created', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'authkey_end',
+            ])
+            ->addColumn('expiration', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'created',
+            ])
+            ->addColumn('user_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'expiration',
+            ])
+            ->addColumn('comment', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'user_id',
+            ])
+            ->addIndex(['authkey_start'], [
+                'name' => 'authkey_start',
+                'unique' => false,
+            ])
+            ->addIndex(['authkey_end'], [
+                'name' => 'authkey_end',
+                'unique' => false,
+            ])
+            ->addIndex(['created'], [
+                'name' => 'created',
+                'unique' => false,
+            ])
+            ->addIndex(['expiration'], [
+                'name' => 'expiration',
+                'unique' => false,
+            ])
+            ->addIndex(['user_id'], [
+                'name' => 'user_id',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('local_tools', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('name', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'id',
+            ])
+            ->addColumn('connector', 'string', [
+                'null' => false,
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'name',
+            ])
+            ->addColumn('settings', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'connector',
+            ])
+            ->addColumn('exposed', 'boolean', [
+                'null' => false,
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'settings',
+            ])
+            ->addColumn('description', 'text', [
+                'null' => true,
+                'default' => null,
+                'limit' => 65535,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'exposed',
+            ])
+            ->addIndex(['name'], [
+                'name' => 'name',
+                'unique' => false,
+            ])
+            ->addIndex(['connector'], [
+                'name' => 'connector',
+                'unique' => false,
+            ])
+            ->create();
+        $this->table('alignments', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('individual_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'id',
+            ])
+            ->addColumn('organisation_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'individual_id',
+            ])
+            ->addColumn('type', 'string', [
+                'null' => true,
+                'default' => 'member',
+                'limit' => 191,
+                'collation' => 'utf8mb4_unicode_ci',
+                'encoding' => 'utf8mb4',
+                'after' => 'organisation_id',
+            ])
+            ->addIndex(['individual_id'], [
+                'name' => 'individual_id',
+                'unique' => false,
+            ])
+            ->addIndex(['organisation_id'], [
+                'name' => 'organisation_id',
+                'unique' => false,
+            ])
+            ->addForeignKey('individual_id', 'individuals', 'id', [
+                'constraint' => 'alignments_ibfk_1',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->addForeignKey('organisation_id', 'organisations', 'id', [
+                'constraint' => 'alignments_ibfk_2',
+                'update' => 'RESTRICT',
+                'delete' => 'RESTRICT',
+            ])
+            ->create();
+        $this->table('sgo', [
+            'id' => false,
+            'primary_key' => ['id'],
+            'engine' => 'InnoDB',
+            'encoding' => 'utf8mb4',
+            'collation' => 'utf8mb4_unicode_ci',
+            'comment' => '',
+            'row_format' => 'DYNAMIC',
+        ])
+            ->addColumn('id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'identity' => 'enable',
+            ])
+            ->addColumn('sharing_group_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'id',
+            ])
+            ->addColumn('organisation_id', 'integer', [
+                'null' => false,
+                'limit' => '10',
+                'signed' => false,
+                'after' => 'sharing_group_id',
+            ])
+            ->addColumn('deleted', 'boolean', [
+                'null' => true,
+                'default' => '0',
+                'limit' => MysqlAdapter::INT_TINY,
+                'after' => 'organisation_id',
+            ])
+            ->addIndex(['sharing_group_id'], [
+                'name' => 'sharing_group_id',
+                'unique' => false,
+            ])
+            ->addIndex(['organisation_id'], [
+                'name' => 'organisation_id',
+                'unique' => false,
+            ])
+            ->create();
+        $this->execute('SET unique_checks=1; SET foreign_key_checks=1;');
+    }
+}
diff --git a/debian/install b/debian/install
index 2ee55e9..12d7cc8 100755
--- a/debian/install
+++ b/debian/install
@@ -7,4 +7,3 @@ webroot /usr/share/php-cerebrate
 config /usr/share/php-cerebrate
 debian/cerebrate.local.conf /etc/apache2/sites-available/
 debian/config.php /etc/cerebrate/
-INSTALL/mysql.sql => /usr/share/dbconfig-common/data/php-cerebrate/install/mysql
diff --git a/docker/README.md b/docker/README.md
index 1074c0c..9bf0154 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -1,20 +1,3 @@
-# Database init
-
-For the `docker-compose` setup to work you must initialize database with
-what is in `../INSTALL/mysql.sql`
-
-```
-mkdir -p run/dbinit/
-cp ../INSTALL/mysql.sql run/dbinit/
-```
-
-The MariaDB container has a volume mounted as follow
-`- ./run/dbinit:/docker-entrypoint-initdb.d/:ro`
-
-So that on startup the container will source files in this directory to seed
-the database. Once it's done the container will run normally and Cerebrate will
-be able to roll its database migration scripts
-
 # Actual data and volumes
 
 The actual database will be located in `./run/database` exposed with the
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 6aa0b73..821ab5f 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -5,7 +5,6 @@ services:
     restart: always
     volumes:
       - ./run/database:/var/lib/mysql
-      - ./run/dbinit:/docker-entrypoint-initdb.d/:ro
     environment:
       MARIADB_RANDOM_ROOT_PASSWORD: "yes"
       MYSQL_DATABASE: "cerebrate"
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 9283095..6df9c27 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -54,18 +54,14 @@ ConnectionManager::alias('test_debug_kit', 'debug_kit');
 // has been written to.
 session_id('cli');
 
-// Load db schema from mysql.sql and run migrations
-// super hacky way to skip migrations
+// hacky way to skip migrations
 if (!in_array('skip-migrations', $_SERVER['argv'])) {
-    // TODO: Removing mysql.sql and relying only in migrations would be ideal
-    // in the meantime, `'skip' => ['*']`, prevents migrations from droping already created tables
-    (new SchemaLoader())->loadSqlFiles('./INSTALL/mysql.sql', 'test');
     $migrator = new Migrator();
     $migrator->runMany([
-        ['connection' => 'test', 'skip' => ['*']],
-        ['plugin' => 'Tags', 'connection' => 'test', 'skip' => ['*']],
-        ['plugin' => 'ADmad/SocialAuth', 'connection' => 'test', 'skip' => ['*']]
+        ['connection' => 'test'],
+        ['plugin' => 'Tags', 'connection' => 'test'],
+        ['plugin' => 'ADmad/SocialAuth', 'connection' => 'test']
     ]);
-}else{
+} else {
     echo "[ * ] Skipping migrations ...\n";
 }

From c14b84fcc08e4f99c98b001f08194b4239245fac Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 7 Jan 2022 17:07:09 +0100
Subject: [PATCH 094/150] chg: rename test files

---
 .../TestCase/Api/Users/IndexUsersApiTest.php  | 43 +++++++++++++++
 tests/TestCase/Api/Users/ViewUserApiTest.php  | 55 +++++++++++++++++++
 2 files changed, 98 insertions(+)
 create mode 100644 tests/TestCase/Api/Users/IndexUsersApiTest.php
 create mode 100644 tests/TestCase/Api/Users/ViewUserApiTest.php

diff --git a/tests/TestCase/Api/Users/IndexUsersApiTest.php b/tests/TestCase/Api/Users/IndexUsersApiTest.php
new file mode 100644
index 0000000..46e615d
--- /dev/null
+++ b/tests/TestCase/Api/Users/IndexUsersApiTest.php
@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class IndexUsersApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/users/index';
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testIndex(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
+        // TODO: $this->validateRequest()
+        $this->validateResponse(self::ENDPOINT);
+    }
+}
diff --git a/tests/TestCase/Api/Users/ViewUserApiTest.php b/tests/TestCase/Api/Users/ViewUserApiTest.php
new file mode 100644
index 0000000..7c5a346
--- /dev/null
+++ b/tests/TestCase/Api/Users/ViewUserApiTest.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class ViewUserApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/users/view';
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testViewMe(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
+        // TODO: $this->validateRequest()
+        $this->validateResponse(self::ENDPOINT);
+    }
+    
+    public function testViewById(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, UsersFixture::USER_ADMIN_ID);
+        $this->get($url);
+        
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
+        // TODO: $this->validateRequest()
+        $this->validateResponse($url);
+    }
+}

From 6776789fdffd6f7cd24ea6a7e7cbe4ecf1ca6298 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 7 Jan 2022 17:08:00 +0100
Subject: [PATCH 095/150] new: add /api/v1/users/index api test

---
 tests/Helper/ApiTestTrait.php             |  7 ++
 tests/README.md                           | 13 +++-
 tests/TestCase/Api/Users/UsersApiTest.php | 55 --------------
 webroot/docs/openapi.yaml                 | 89 ++++++++++++++++++-----
 4 files changed, 90 insertions(+), 74 deletions(-)
 delete mode 100644 tests/TestCase/Api/Users/UsersApiTest.php

diff --git a/tests/Helper/ApiTestTrait.php b/tests/Helper/ApiTestTrait.php
index e749677..572b7c6 100644
--- a/tests/Helper/ApiTestTrait.php
+++ b/tests/Helper/ApiTestTrait.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace App\Test\Helper;
 
+use Cake\Http\Exception\NotImplementedException;
 use \League\OpenAPIValidation\PSR7\ValidatorBuilder;
 use \League\OpenAPIValidation\PSR7\RequestValidator;
 use \League\OpenAPIValidation\PSR7\ResponseValidator;
@@ -38,6 +39,12 @@ trait ApiTestTrait
         ]);
     }
 
+    public function assertResponseContainsArray(array $expected): void
+    {
+        $responseArray = json_decode((string)$this->_response->getBody(), true);
+        throw new NotImplementedException('TODO: see codeception seeResponseContainsJson()');
+    }
+
     /**
      * Parse the OpenAPI specification and create a validator
      * 
diff --git a/tests/README.md b/tests/README.md
index f37bcf3..732aafc 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -1,5 +1,5 @@
 # Testing
-
+## Configuration
 1. Add a `cerebrate_test` database to the db:
 ```mysql
 CREATE DATABASE cerebrate_test;
@@ -55,3 +55,14 @@ By default the database is re-generated before running the test suite, to skip t
 ```
 $ vendor/bin/phpunit -d skip-migrations
 ```
+
+## Coverage
+HTML:
+```
+$ vendor/bin/phpunit --coverage-html tmp/coverage
+```
+
+XML:
+```
+$ vendor/bin/phpunit --verbose --coverage-clover=coverage.xml
+```
diff --git a/tests/TestCase/Api/Users/UsersApiTest.php b/tests/TestCase/Api/Users/UsersApiTest.php
deleted file mode 100644
index 2f2c2b8..0000000
--- a/tests/TestCase/Api/Users/UsersApiTest.php
+++ /dev/null
@@ -1,55 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Test\TestCase\Api\Users;
-
-use Cake\TestSuite\IntegrationTestTrait;
-use Cake\TestSuite\TestCase;
-use App\Test\Fixture\AuthKeysFixture;
-use App\Test\Fixture\UsersFixture;
-use App\Test\Helper\ApiTestTrait;
-
-class UsersApiTest extends TestCase
-{
-    use IntegrationTestTrait;
-    use ApiTestTrait;
-
-    protected const ENDPOINT = '/api/v1/users/view';
-
-    protected $fixtures = [
-        'app.Individuals',
-        'app.Roles',
-        'app.Users',
-        'app.AuthKeys'
-    ];
-
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
-    public function testViewMe(): void
-    {
-        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
-        $this->get(self::ENDPOINT);
-
-        $this->assertResponseOk();
-        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
-        // TODO: $this->validateRequest()
-        $this->validateResponse(self::ENDPOINT);
-    }
-
-    public function testViewById(): void
-    {
-        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
-        $url = sprintf('%s/%d', self::ENDPOINT, UsersFixture::USER_ADMIN_ID);
-        $this->get($url);
-
-        $this->assertResponseOk();
-        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
-        // TODO: $this->validateRequest()
-        $this->validateResponse($url);
-    }
-}
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index 5a55225..00fd682 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -11,9 +11,25 @@ servers:
 
 tags:
   - name: Users
-    description: "TODO: users resource descriptions"
+    description: "Users enrolled in this Cerebrate instance."
 
 paths:
+  /api/v1/users/index:
+    get:
+      summary: "Get users list"
+      operationId: getUsers
+      tags:
+        - Users
+      responses:
+        "200":
+          $ref: "#/components/responses/GetUsersResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
   /api/v1/users/view:
     get:
       summary: "Get information about the current user"
@@ -22,7 +38,7 @@ paths:
         - Users
       responses:
         "200":
-          $ref: "#/components/responses/ViewUserResponse"
+          $ref: "#/components/responses/GetUserResponse"
         "403":
           $ref: "#/components/responses/UnauthorizedApiErrorResponse"
         default:
@@ -38,7 +54,7 @@ paths:
         - $ref: "#/components/parameters/userId"
       responses:
         "200":
-          $ref: "#/components/responses/ViewUserResponse"
+          $ref: "#/components/responses/GetUserResponse"
         "403":
           $ref: "#/components/responses/UnauthorizedApiErrorResponse"
         default:
@@ -90,6 +106,11 @@ components:
         organisation_id:
           $ref: "#/components/schemas/ID"
 
+    UserList:
+      type: array
+      items:
+        $ref: "#/components/schemas/User"
+
     # Individuals
 
     # Organisations
@@ -120,51 +141,69 @@ components:
     ApiError:
       type: object
       required:
-        - name
         - message
         - url
+        - code
       properties:
-        name:
-          type: string
         message:
           type: string
         url:
           type: string
-          example: "/users"
+          example: "/api/v1/users"
+        code:
+          type: integer
+          example: 500
 
     UnauthorizedApiError:
       type: object
       required:
-        - name
         - message
         - url
+        - code
       properties:
-        name:
-          type: string
-          example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
         message:
           type: string
           example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
         url:
           type: string
-          example: "/users"
+          example: "/api/v1/users"
+        code:
+          type: integer
+          example: 403
+
+    MethodNotAllowedApiError:
+      type: object
+      required:
+        - message
+        - url
+        - code
+      properties:
+        message:
+          type: string
+          example: "You do not have permission to use this functionality."
+        url:
+          type: string
+          example: "/api/v1/users/index"
+        code:
+          type: integer
+          example: 405
 
     NotFoundApiError:
       type: object
       required:
-        - name
         - message
         - url
+        - code
       properties:
-        name:
-          type: string
-          example: "Invalid user"
         message:
           type: string
           example: "Invalid user"
         url:
           type: string
-          example: "/users/1234"
+          example: "/api/v1/users/users/view/1234"
+        code:
+          type: integer
+          example: 404
 
   parameters:
     userId:
@@ -189,13 +228,20 @@ components:
 
   responses:
     # User
-    ViewUserResponse:
+    GetUserResponse:
       description: "User response"
       content:
         application/json:
           schema:
             $ref: "#/components/schemas/User"
 
+    GetUsersResponse:
+      description: "User response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/UserList"
+
     # Errors
     ApiErrorResponse:
       description: "Unexpected API error"
@@ -211,5 +257,12 @@ components:
           schema:
             $ref: "#/components/schemas/UnauthorizedApiError"
 
+    MethodNotAllowedApiErrorResponse:
+      description: "Method not allowed. Your User Role is not allowed to access this resource."
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/MethodNotAllowedApiError"
+
 security:
   - ApiKeyAuth: []

From 28650fa91ca7a5725abfd8b23edda802d2ba61c6 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Mon, 10 Jan 2022 11:58:52 +0100
Subject: [PATCH 096/150] add: add users add/edit/delete api tests and openapi
 docs.

---
 tests/Fixture/AuthKeysFixture.php             |  8 +-
 tests/Helper/ApiTestTrait.php                 | 44 ++++++++-
 tests/TestCase/Api/Users/AddUserApiTest.php   | 77 ++++++++++++++++
 .../TestCase/Api/Users/DeleteUserApiTest.php  | 60 ++++++++++++
 tests/TestCase/Api/Users/EditUserApiTest.php  | 91 +++++++++++++++++++
 .../TestCase/Api/Users/IndexUsersApiTest.php  |  6 +-
 tests/TestCase/Api/Users/ViewUserApiTest.php  | 20 ++--
 7 files changed, 287 insertions(+), 19 deletions(-)
 create mode 100644 tests/TestCase/Api/Users/AddUserApiTest.php
 create mode 100644 tests/TestCase/Api/Users/DeleteUserApiTest.php
 create mode 100644 tests/TestCase/Api/Users/EditUserApiTest.php

diff --git a/tests/Fixture/AuthKeysFixture.php b/tests/Fixture/AuthKeysFixture.php
index 8291811..802ca5c 100644
--- a/tests/Fixture/AuthKeysFixture.php
+++ b/tests/Fixture/AuthKeysFixture.php
@@ -14,7 +14,7 @@ class AuthKeysFixture extends TestFixture
     public const ADMIN_API_KEY = 'd033e22ae348aeb5660fc2140aec35850c4da997';
     public const SYNC_API_KEY = '6b387ced110858dcbcda36edb044dc18f91a0894';
     public const ORG_ADMIN_API_KEY = '1c4685d281d478dbcebd494158024bc3539004d0';
-    public const USER_API_KEY = '12dea96fec20593566ab75692c9949596833adc9';
+    public const REGULAR_USER_API_KEY = '12dea96fec20593566ab75692c9949596833adc9';
 
     public function init(): void
     {
@@ -57,9 +57,9 @@ class AuthKeysFixture extends TestFixture
             ],
             [
                 'uuid' => $faker->uuid(),
-                'authkey' => $hasher->hash(self::USER_API_KEY),
-                'authkey_start' => substr(self::USER_API_KEY, 0, 4),
-                'authkey_end' => substr(self::USER_API_KEY, -4),
+                'authkey' => $hasher->hash(self::REGULAR_USER_API_KEY),
+                'authkey_start' => substr(self::REGULAR_USER_API_KEY, 0, 4),
+                'authkey_end' => substr(self::REGULAR_USER_API_KEY, -4),
                 'expiration' => 0,
                 'user_id' => UsersFixture::USER_REGULAR_USER_ID,
                 'comment' => '',
diff --git a/tests/Helper/ApiTestTrait.php b/tests/Helper/ApiTestTrait.php
index 572b7c6..21b0c8b 100644
--- a/tests/Helper/ApiTestTrait.php
+++ b/tests/Helper/ApiTestTrait.php
@@ -65,7 +65,7 @@ trait ApiTestTrait
      * @param string $method The HTTP method used to call the endpoint 
      * @return void
      */
-    public function validateRequest(string $endpoint, string $method = 'get'): void
+    public function assertRequestMatchesOpenApiSpec(string $endpoint, string $method = 'get'): void
     {
         // TODO: find a workaround to create a PSR-7 request object for validation
         throw NotImplementedException("Unfortunately cakephp does not save the PSR-7 request object in the test context");
@@ -78,9 +78,49 @@ trait ApiTestTrait
      * @param string $method The HTTP method used to call the endpoint
      * @return void
      */
-    public function validateResponse(string $endpoint, string $method = 'get'): void
+    public function assertResponseMatchesOpenApiSpec(string $endpoint, string $method = 'get'): void
     {
         $address = new OperationAddress($endpoint, $method);
         $this->responseValidator->validate($address, $this->_response);
     }
+
+    /** 
+     * Validates a record exists in the database
+     * 
+     * @param string $table The table name
+     * @param array $conditions The conditions to check
+     * @return void
+     * @throws \Exception
+     * @throws \Cake\Datasource\Exception\RecordNotFoundException
+     * 
+     * @see https://book.cakephp.org/4/en/orm-query-builder.html
+     */
+    public function assertDbRecordExists(string $table, array $conditions): void
+    {
+        $record = $this->getTableLocator()->get($table)->find()->where($conditions)->first();
+        if (!$record) {
+            throw new \PHPUnit\Framework\AssertionFailedError("Record not found in table '$table' with conditions: " . json_encode($conditions));
+        }
+        $this->assertNotEmpty($record);
+    }
+
+    /** 
+     * Validates a record do notexists in the database
+     * 
+     * @param string $table The table name
+     * @param array $conditions The conditions to check
+     * @return void
+     * @throws \Exception
+     * @throws \Cake\Datasource\Exception\RecordNotFoundException
+     * 
+     * @see https://book.cakephp.org/4/en/orm-query-builder.html
+     */
+    public function assertDbRecordNotExists(string $table, array $conditions): void
+    {
+        $record = $this->getTableLocator()->get($table)->find()->where($conditions)->first();
+        if ($record) {
+            throw new \PHPUnit\Framework\AssertionFailedError("Record found in table '$table' with conditions: " . json_encode($conditions));
+        }
+        $this->assertEmpty($record);
+    }
 }
diff --git a/tests/TestCase/Api/Users/AddUserApiTest.php b/tests/TestCase/Api/Users/AddUserApiTest.php
new file mode 100644
index 0000000..b3d85a3
--- /dev/null
+++ b/tests/TestCase/Api/Users/AddUserApiTest.php
@@ -0,0 +1,77 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\RolesFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class AddUserApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/users/add';
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testAddUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->post(
+            self::ENDPOINT,
+            [
+                'individual_id' => UsersFixture::USER_REGULAR_USER_ID,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'role_id' => RolesFixture::ROLE_REGULAR_USER_ID,
+                'disabled' => false,
+                'username' => 'test',
+                'password' => 'Password123456!',
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertResponseContains('"username": "test"');
+        $this->assertDbRecordExists('Users', ['username' => 'test']);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+
+    public function testAddUserNotAllowedToRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $this->post(
+            self::ENDPOINT,
+            [
+                'individual_id' => UsersFixture::USER_REGULAR_USER_ID,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'role_id' => RolesFixture::ROLE_REGULAR_USER_ID,
+                'disabled' => false,
+                'username' => 'test',
+                'password' => 'Password123456!'
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists('Users', ['username' => 'test']);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/Users/DeleteUserApiTest.php b/tests/TestCase/Api/Users/DeleteUserApiTest.php
new file mode 100644
index 0000000..dad2d1f
--- /dev/null
+++ b/tests/TestCase/Api/Users/DeleteUserApiTest.php
@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\RolesFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class DeleteUserApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/users/delete';
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testDeleteUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, UsersFixture::USER_REGULAR_USER_ID);
+        $this->delete($url);
+
+        $this->assertResponseOk();
+        $this->assertDbRecordNotExists('Users', ['id' => UsersFixture::USER_REGULAR_USER_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+
+    public function testDeleteUserNotAllowedToRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, UsersFixture::USER_ORG_ADMIN_ID);
+        $this->delete($url);
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordExists('Users', ['id' => UsersFixture::USER_ORG_ADMIN_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+}
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
new file mode 100644
index 0000000..6c94877
--- /dev/null
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -0,0 +1,91 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\RolesFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class EditUserApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/users/edit';
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testEditUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, UsersFixture::USER_REGULAR_USER_ID);
+        $this->put(
+            $url,
+            [
+                'id' => UsersFixture::USER_REGULAR_USER_ID,
+                'role_id' => RolesFixture::ROLE_ORG_ADMIN_ID,
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertDbRecordExists('Users', [
+            'id' => UsersFixture::USER_REGULAR_USER_ID,
+            'role_id' => RolesFixture::ROLE_ORG_ADMIN_ID
+        ]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+
+    public function testEditRoleNotAllowedToRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $this->put(
+            self::ENDPOINT,
+            [
+                'role_id' => RolesFixture::ROLE_ADMIN_ID,
+            ]
+        );
+
+        $this->assertDbRecordNotExists('Users', [
+            'id' => UsersFixture::USER_REGULAR_USER_ID,
+            'role_id' => RolesFixture::ROLE_ADMIN_ID
+        ]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
+    }
+
+    public function testEditSelfUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $this->put(
+            self::ENDPOINT,
+            [
+                'username' => 'test',
+            ]
+        );
+
+        $this->assertDbRecordExists('Users', [
+            'id' => UsersFixture::USER_REGULAR_USER_ID,
+            'username' => 'test'
+        ]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
+    }
+}
diff --git a/tests/TestCase/Api/Users/IndexUsersApiTest.php b/tests/TestCase/Api/Users/IndexUsersApiTest.php
index 46e615d..6721e77 100644
--- a/tests/TestCase/Api/Users/IndexUsersApiTest.php
+++ b/tests/TestCase/Api/Users/IndexUsersApiTest.php
@@ -30,14 +30,14 @@ class IndexUsersApiTest extends TestCase
         $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
     }
 
-    public function testIndex(): void
+    public function testIndexUsers(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
         $this->get(self::ENDPOINT);
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
-        // TODO: $this->validateRequest()
-        $this->validateResponse(self::ENDPOINT);
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/Users/ViewUserApiTest.php b/tests/TestCase/Api/Users/ViewUserApiTest.php
index 7c5a346..34c9c62 100644
--- a/tests/TestCase/Api/Users/ViewUserApiTest.php
+++ b/tests/TestCase/Api/Users/ViewUserApiTest.php
@@ -30,26 +30,26 @@ class ViewUserApiTest extends TestCase
         $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
     }
 
-    public function testViewMe(): void
+    public function testViewMyUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
         $this->get(self::ENDPOINT);
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
-        // TODO: $this->validateRequest()
-        $this->validateResponse(self::ENDPOINT);
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
-    
-    public function testViewById(): void
+
+    public function testViewUserById(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
-        $url = sprintf('%s/%d', self::ENDPOINT, UsersFixture::USER_ADMIN_ID);
+        $url = sprintf('%s/%d', self::ENDPOINT, UsersFixture::USER_REGULAR_USER_ID);
         $this->get($url);
-        
+
         $this->assertResponseOk();
-        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
-        // TODO: $this->validateRequest()
-        $this->validateResponse($url);
+        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_REGULAR_USER_USERNAME));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url);
     }
 }

From ce1a51cc3903315f127842c193ac7b4e7fb47bce Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Mon, 10 Jan 2022 11:59:23 +0100
Subject: [PATCH 097/150] fix: incorrect check

---
 src/Controller/Component/ParamHandlerComponent.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Controller/Component/ParamHandlerComponent.php b/src/Controller/Component/ParamHandlerComponent.php
index 89d6cce..e52e5f8 100644
--- a/src/Controller/Component/ParamHandlerComponent.php
+++ b/src/Controller/Component/ParamHandlerComponent.php
@@ -4,6 +4,7 @@ namespace App\Controller\Component;
 
 use Cake\Controller\Component;
 use Cake\Core\Configure;
+use Cake\Http\Exception\MethodNotAllowedException;
 
 class ParamHandlerComponent extends Component
 {
@@ -47,7 +48,7 @@ class ParamHandlerComponent extends Component
             return $this->isRest;
         }
         if ($this->request->is('json')) {
-            if (!empty($this->request->getBody()) && !empty($this->request->getParsedBody())) {
+            if (!empty((string)$this->request->getBody()) && empty($this->request->getParsedBody())) {
                 throw new MethodNotAllowedException('Invalid JSON input. Make sure that the JSON input is a correctly formatted JSON string. This request has been blocked to avoid an unfiltered request.');
             }
             $this->isRest = true;

From 71072f60eb8c5d9b68c19a4e750d8f3ecb37ce3e Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Mon, 10 Jan 2022 11:59:55 +0100
Subject: [PATCH 098/150] chg: extend openapi spec

---
 webroot/docs/openapi.yaml | 134 +++++++++++++++++++++++++++++++++++---
 1 file changed, 125 insertions(+), 9 deletions(-)

diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index 00fd682..f0f184f 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -3,8 +3,7 @@ info:
   version: 1.3.0
   title: Cerebrate Project API
   description: |
-
-    TODO: markdown description
+    Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools.
 
 servers:
   - url: https://cerebrate.local
@@ -22,7 +21,7 @@ paths:
         - Users
       responses:
         "200":
-          $ref: "#/components/responses/GetUsersResponse"
+          $ref: "#/components/responses/UserListResponse"
         "403":
           $ref: "#/components/responses/UnauthorizedApiErrorResponse"
         "405":
@@ -38,9 +37,11 @@ paths:
         - Users
       responses:
         "200":
-          $ref: "#/components/responses/GetUserResponse"
+          $ref: "#/components/responses/UserResponse"
         "403":
           $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
@@ -54,9 +55,85 @@ paths:
         - $ref: "#/components/parameters/userId"
       responses:
         "200":
-          $ref: "#/components/responses/GetUserResponse"
+          $ref: "#/components/responses/UserResponse"
         "403":
           $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/users/add:
+    post:
+      summary: "Add user"
+      operationId: addUser
+      tags:
+        - Users
+      requestBody:
+        $ref: "#/components/requestBodies/AddUserRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/UserResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/users/edit:
+    put:
+      summary: "Edit current user"
+      operationId: editUser
+      tags:
+        - Users
+      requestBody:
+        $ref: "#/components/requestBodies/EditUserRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/UserResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/users/edit/{userId}:
+    put:
+      summary: "Edit current user"
+      operationId: editUserById
+      tags:
+        - Users
+      parameters:
+        - $ref: "#/components/parameters/userId"
+      requestBody:
+        $ref: "#/components/requestBodies/EditUserRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/UserResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/users/delete/{userId}:
+    delete:
+      summary: "Delete user by ID"
+      operationId: deleteUserById
+      tags:
+        - Users
+      parameters:
+        - $ref: "#/components/parameters/userId"
+      responses:
+        "200":
+          $ref: "#/components/responses/UserResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
@@ -224,19 +301,58 @@ components:
 
             Authorization: YOUR_API_KEY
 
-  # requestBodies:
+  requestBodies:
+    AddUserRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              individual_id:
+                $ref: "#/components/schemas/ID"
+              organisation_id:
+                $ref: "#/components/schemas/ID"
+              role_id:
+                $ref: "#/components/schemas/ID"
+              disabled:
+                type: boolean
+              username:
+                $ref: "#/components/schemas/Username"
+              password:
+                type: string
+
+    EditUserRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              individual_id:
+                $ref: "#/components/schemas/ID"
+              organisation_id:
+                $ref: "#/components/schemas/ID"
+              role_id:
+                $ref: "#/components/schemas/ID"
+              disabled:
+                type: boolean
+              username:
+                $ref: "#/components/schemas/Username"
+              password:
+                type: string
 
   responses:
     # User
-    GetUserResponse:
+    UserResponse:
       description: "User response"
       content:
         application/json:
           schema:
             $ref: "#/components/schemas/User"
 
-    GetUsersResponse:
-      description: "User response"
+    UserListResponse:
+      description: "Users list response"
       content:
         application/json:
           schema:

From b954e1106434a2dd03433e712816626b6a49e17f Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Mon, 10 Jan 2022 16:19:58 +0100
Subject: [PATCH 099/150] add: add/edit operations api tests and openapi spec

---
 tests/README.md                               |   4 +-
 .../Organisations/AddOrganisationApiTest.php  |  85 +++++++++
 .../Organisations/EditOrganisationApiTest.php |  81 +++++++++
 tests/TestCase/Api/Users/AddUserApiTest.php   |   1 +
 .../TestCase/Api/Users/DeleteUserApiTest.php  |   1 +
 tests/TestCase/Api/Users/EditUserApiTest.php  |   1 +
 .../TestCase/Api/Users/IndexUsersApiTest.php  |   1 +
 tests/TestCase/Api/Users/ViewUserApiTest.php  |   1 +
 webroot/docs/openapi.yaml                     | 166 ++++++++++++++++++
 9 files changed, 339 insertions(+), 2 deletions(-)
 create mode 100644 tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
 create mode 100644 tests/TestCase/Api/Organisations/EditOrganisationApiTest.php

diff --git a/tests/README.md b/tests/README.md
index 732aafc..0486b3b 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -31,7 +31,7 @@ QUIT;
 
 ```
 $ composer install
-$ vendor/bin/phpunit
+$ vendor/bin/phpunit 
 PHPUnit 8.5.22 by Sebastian Bergmann and contributors.
 
 .....                                     5 / 5 (100%)
@@ -43,7 +43,7 @@ OK (5 tests, 15 assertions)
 
 Running a specific suite:
 ```
-$ vendor/bin/phpunit --testsuite=api
+$ vendor/bin/phpunit --testsuite=api --testdox
 ```
 Available suites:
 * `app`: runs all test suites
diff --git a/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
new file mode 100644
index 0000000..4f43a09
--- /dev/null
+++ b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
@@ -0,0 +1,85 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class AddOrganisationApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/organisations/add';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testAddOrganisation(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'name' => 'Test Organisation',
+                'description' => $faker->text,
+                'uuid' => $uuid,
+                'url' => 'http://example.com',
+                'nationality' => 'US',
+                'sector' => 'sector',
+                'type' => 'type',
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
+        $this->assertDbRecordExists('Organisations', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+
+    public function testAddOrganisationNotAllowedToRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'name' => 'Test Organisation',
+                'description' => $faker->text,
+                'uuid' => $uuid,
+                'url' => 'http://example.com',
+                'nationality' => 'US',
+                'sector' => 'sector',
+                'type' => 'type',
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists('Organisations', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
new file mode 100644
index 0000000..61b2cab
--- /dev/null
+++ b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
@@ -0,0 +1,81 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class EditOrganisationApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/organisations/edit';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testEditOrganisation(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_A_ID);
+        $this->put(
+            $url,
+            [
+                'name' => 'Test Organisation 4321',
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertDbRecordExists(
+            'Organisations',
+            [
+                'id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'name' => 'Test Organisation 4321',
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+
+    public function testEditOrganisationNotAllowedToRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_B_ID);
+        $this->put(
+            $url,
+            [
+                'name' => 'Test Organisation 1234'
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists(
+            'Organisations',
+            [
+                'id' => OrganisationsFixture::ORGANISATION_B_ID,
+                'name' => 'Test Organisation 1234'
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+}
diff --git a/tests/TestCase/Api/Users/AddUserApiTest.php b/tests/TestCase/Api/Users/AddUserApiTest.php
index b3d85a3..2d23f2a 100644
--- a/tests/TestCase/Api/Users/AddUserApiTest.php
+++ b/tests/TestCase/Api/Users/AddUserApiTest.php
@@ -20,6 +20,7 @@ class AddUserApiTest extends TestCase
     protected const ENDPOINT = '/api/v1/users/add';
 
     protected $fixtures = [
+        'app.Organisations',
         'app.Individuals',
         'app.Roles',
         'app.Users',
diff --git a/tests/TestCase/Api/Users/DeleteUserApiTest.php b/tests/TestCase/Api/Users/DeleteUserApiTest.php
index dad2d1f..47a0580 100644
--- a/tests/TestCase/Api/Users/DeleteUserApiTest.php
+++ b/tests/TestCase/Api/Users/DeleteUserApiTest.php
@@ -20,6 +20,7 @@ class DeleteUserApiTest extends TestCase
     protected const ENDPOINT = '/api/v1/users/delete';
 
     protected $fixtures = [
+        'app.Organisations',
         'app.Individuals',
         'app.Roles',
         'app.Users',
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
index 6c94877..5ac568a 100644
--- a/tests/TestCase/Api/Users/EditUserApiTest.php
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -20,6 +20,7 @@ class EditUserApiTest extends TestCase
     protected const ENDPOINT = '/api/v1/users/edit';
 
     protected $fixtures = [
+        'app.Organisations',
         'app.Individuals',
         'app.Roles',
         'app.Users',
diff --git a/tests/TestCase/Api/Users/IndexUsersApiTest.php b/tests/TestCase/Api/Users/IndexUsersApiTest.php
index 6721e77..403a046 100644
--- a/tests/TestCase/Api/Users/IndexUsersApiTest.php
+++ b/tests/TestCase/Api/Users/IndexUsersApiTest.php
@@ -18,6 +18,7 @@ class IndexUsersApiTest extends TestCase
     protected const ENDPOINT = '/api/v1/users/index';
 
     protected $fixtures = [
+        'app.Organisations',
         'app.Individuals',
         'app.Roles',
         'app.Users',
diff --git a/tests/TestCase/Api/Users/ViewUserApiTest.php b/tests/TestCase/Api/Users/ViewUserApiTest.php
index 34c9c62..99bdafe 100644
--- a/tests/TestCase/Api/Users/ViewUserApiTest.php
+++ b/tests/TestCase/Api/Users/ViewUserApiTest.php
@@ -18,6 +18,7 @@ class ViewUserApiTest extends TestCase
     protected const ENDPOINT = '/api/v1/users/view';
 
     protected $fixtures = [
+        'app.Organisations',
         'app.Individuals',
         'app.Roles',
         'app.Users',
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index f0f184f..a2a161e 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -11,6 +11,8 @@ servers:
 tags:
   - name: Users
     description: "Users enrolled in this Cerebrate instance."
+  - name: Organisations
+    description: "Organisations can be equivalent to legal entities or specific individual teams within such entities. Their purpose is to relate individuals to their affiliations and for release control of information using the Trust Circles."
 
 paths:
   /api/v1/users/index:
@@ -137,6 +139,44 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/organisations/add:
+    post:
+      summary: "Add organisation"
+      operationId: addOrganisation
+      tags:
+        - Organisations
+      requestBody:
+        $ref: "#/components/requestBodies/AddOrganisationRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/OrganisationResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/organisations/edit/{organisationId}:
+    put:
+      summary: "Edit organisation"
+      operationId: editOrganisation
+      tags:
+        - Organisations
+      parameters:
+        - $ref: "#/components/parameters/organisationId"
+      requestBody:
+        $ref: "#/components/requestBodies/EditOrganisationRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/OrganisationResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
 components:
   schemas:
     # General
@@ -191,6 +231,73 @@ components:
     # Individuals
 
     # Organisations
+    OrganisationName:
+      type: string
+
+    OrganisationUrl:
+      type: string
+
+    OrganisationSector:
+      type: string
+      nullable: true
+
+    OrganisationType:
+      type: string
+      nullable: true
+
+    OrganisationContacts:
+      type: string
+      nullable: true
+
+    OrganisationNationality:
+      type: string
+      nullable: true
+
+    Organisation:
+      type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        uuid:
+          $ref: "#/components/schemas/UUID"
+        name:
+          $ref: "#/components/schemas/OrganisationName"
+        url:
+          $ref: "#/components/schemas/OrganisationUrl"
+        nationality:
+          $ref: "#/components/schemas/OrganisationNationality"
+        sector:
+          $ref: "#/components/schemas/OrganisationSector"
+        type:
+          $ref: "#/components/schemas/OrganisationType"
+        contacts:
+          $ref: "#/components/schemas/OrganisationContacts"
+        created:
+          $ref: "#/components/schemas/DateTime"
+        modified:
+          $ref: "#/components/schemas/DateTime"
+        tags:
+          $ref: "#/components/schemas/TagList"
+        aligments:
+          $ref: "#/components/schemas/AligmentList"
+
+    # Tags
+    Tag:
+      type: object
+
+    TagList:
+      type: array
+      items:
+        $ref: "#/components/schemas/Tag"
+
+    # Alignments
+    Alignment:
+      type: object
+
+    AligmentList:
+      type: array
+      items:
+        $ref: "#/components/schemas/Alignment"
 
     # Roles
     RoleName:
@@ -291,6 +398,14 @@ components:
       schema:
         $ref: "#/components/schemas/ID"
 
+    organisationId:
+      name: organisationId
+      in: path
+      description: "Numeric ID of the Organisation"
+      required: true
+      schema:
+        $ref: "#/components/schemas/ID"
+
   securitySchemes:
     ApiKeyAuth:
       type: apiKey
@@ -342,6 +457,50 @@ components:
               password:
                 type: string
 
+    AddOrganisationRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              name:
+                $ref: "#/components/schemas/OrganisationName"
+              url:
+                $ref: "#/components/schemas/OrganisationUrl"
+              nationality:
+                $ref: "#/components/schemas/OrganisationNationality"
+              sector:
+                $ref: "#/components/schemas/OrganisationSector"
+              type:
+                $ref: "#/components/schemas/OrganisationType"
+              contacts:
+                $ref: "#/components/schemas/OrganisationContacts"
+
+    EditOrganisationRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              name:
+                $ref: "#/components/schemas/OrganisationName"
+              url:
+                $ref: "#/components/schemas/OrganisationUrl"
+              nationality:
+                $ref: "#/components/schemas/OrganisationNationality"
+              sector:
+                $ref: "#/components/schemas/OrganisationSector"
+              type:
+                $ref: "#/components/schemas/OrganisationType"
+              contacts:
+                $ref: "#/components/schemas/OrganisationContacts"
+
   responses:
     # User
     UserResponse:
@@ -358,6 +517,13 @@ components:
           schema:
             $ref: "#/components/schemas/UserList"
 
+    OrganisationResponse:
+      description: "Organisation response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/Organisation"
+
     # Errors
     ApiErrorResponse:
       description: "Unexpected API error"

From 241e760ad2823ea91c2bba46eb5a84bdf25b9d0d Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Mon, 10 Jan 2022 16:20:22 +0100
Subject: [PATCH 100/150] add: add API menu option

---
 src/Controller/Component/Navigation/sidemenu.php | 7 ++++++-
 src/Controller/Component/NavigationComponent.php | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Controller/Component/Navigation/sidemenu.php b/src/Controller/Component/Navigation/sidemenu.php
index fcca213..56a0154 100644
--- a/src/Controller/Component/Navigation/sidemenu.php
+++ b/src/Controller/Component/Navigation/sidemenu.php
@@ -45,7 +45,12 @@ class Sidemenu {
                     'label' => __('Broods'),
                     'icon' => $this->iconTable['Broods'],
                     'url' => '/broods/index',
-                ]
+                ],
+                'API' => [
+                    'label' => __('API'),
+                    'icon' => $this->iconTable['API'],
+                    'url' => '/api/index',
+                ],
             ],
             __('Administration') => [
                 'Roles' => [
diff --git a/src/Controller/Component/NavigationComponent.php b/src/Controller/Component/NavigationComponent.php
index f0dd453..b8caee7 100644
--- a/src/Controller/Component/NavigationComponent.php
+++ b/src/Controller/Component/NavigationComponent.php
@@ -34,6 +34,7 @@ class NavigationComponent extends Component
         'LocalTools' => 'tools',
         'Instance' => 'server',
         'Tags' => 'tags',
+        'API' => 'code',
     ];
 
     public function initialize(array $config): void

From 4dedb4702bd0eacac1e732aa3f8dfb48ecc4f37f Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Tue, 11 Jan 2022 08:20:20 +0100
Subject: [PATCH 101/150] new: [doc] Added slides about cerebrate and local
 tools synchronisations

---
 documentation/cerebrate-synchornization.pdf    | Bin 0 -> 46517 bytes
 documentation/local-tools-inter-connection.pdf | Bin 0 -> 217031 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 documentation/cerebrate-synchornization.pdf
 create mode 100644 documentation/local-tools-inter-connection.pdf

diff --git a/documentation/cerebrate-synchornization.pdf b/documentation/cerebrate-synchornization.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..946306d6d1523059541316c262affe36c92b8c47
GIT binary patch
literal 46517
zcma&NV|Zlkn!nv0b)1fE8x`A5I<{?_9ou%tPCB-2n-$yU+s~evz4sjR%sc=3wAQLx
ztBzW~bsyJx-{)1Na>AmtjC3r}q<sZ_?R|}XInYc53<S0Y7SP<>^wP#QrcP!AfImkR
z=ta$~oQxglMXmImjD?L2ZH<h1d7&Mh9E|m?q1`gGRHP!-8DKjPRiCs<EJtc_g&@zy
zO%OV0Vefw5E!s$#!)!=>`jC#<x6h5h(t;xM-96n&G@j9<ZuQacM%KZLCDb-C<`RY{
zyM5faKV1#J;dBpQ?vHIdQ48N1x{;1kZ)LP%y>5<=mPo+qh8(h;B=}n0+F^B@VgoR8
z@`7T=j}zP<zXZ2Wq>Udxn>%bzKVy=8#KQYWa7)-^Zr#wNd~&%`Y~@3`xlX}Ip?<#>
zQ8|bye(ZC=!kgk}=*|?|ommquz?lA`fdMeogS<UnBOPGZ=z$**#8Ev<rP)`jnHp|3
zor;A{WGb-6Gr~A*Dp#WFQ?(y)fQw3Ud(=^BJz_<cdR}^;SQV0=MFkrIQ2Y)zum_=V
zOwyTn5TEz3$6E){L5Z25jcug`$vS3&^URd$bkwV@#U*CB7;cS!gd!@yUA!GGYc79b
z?ok^xCIkAN45KFs1Z(i*o)>dGLDg<|WbA@{3(F3a*g0~mMGkOH^X`P$@g&InJka4Q
zFbtBvrGrd8#umPgy8<G~4`m3SmoUjcQuE4ENqkMpG|V+4roFyfCR!;3<xxj4{g`~l
zD0ay7W)bB)AYN5)34+PV6lwYaAyz*gYY7X5N5T|_xN$Z&PmU`n<(XJ-D8aP|D&@d*
zCtXp$t{uhGs&r9PUZYzX<j_-?mf74X4@0*a_qNsW)2$B8MJb1DuN-x8+Y*kXR6hM>
z?^Zj|gXsx=Rdz`LHQ8FR(2z@9+NR}6aLAr2n!&2jrK6XE#1pO0*REYx*KaL#>;qb=
zl4!?+qi8j=Ur3Is9--3F@29+BXSVA04VfhRO}fp#^N)Lp>Uu%@uest#C}y*m0S9D_
z<4H;oI-$yLO*ocYVE7fpZ-<>w>>A-f!L5Gzw$w`v`DM;@l6dT>v#{lXY?soc#`*b+
zdY6HVT!K<=%ly=Pr1f-yJl46+$D$UNQNyJ%<yp20R6#_!V#~ITHZ^GFG~1MI`VIzv
zUh;lcm9_AoE7aCX`6e+ih22}6MuW;ztn#f*NNw2Bp_c-I{i`#MI*PG(O`;?0B7oA$
zNd?-o^Zqm?z2z@#)0hK<k~cXyXk#0r{~SPnw*DG((0>iJzc$#JnErbAAIDh!$AD!0
ze;JT!QW3kN-#cGbkJ`6oRqwGQ`D=MX*3lpwFdU><39Ud@q&|F3W@g13HSl8K8eil$
zlyy6d;ha8kKhCX8qXyOscci74-SMM}uVc0ly1b4*IQWOQ@O^PA=z^Btz16IX(k=ll
zcn{vZ$vFqwA$$m1okv-Bg@B=@0P3EnS$!r9smB-1$GM2hZfr~K$Cq=XT;KOoJ8vGZ
zj@*dFUlUm&W@o~XS$&dEF1?Pv{m8+aS<{bqd$fF-rV%t+R{n7Z=X&`f>R&Czbn4LY
z;O~;$vmzcWzG3;-jffI~O?R+fAFE<q!wMl>3!kd;5U7s+>YFjhl6<eO=CcjkuVBH{
zI;>^+{+6sYI=KMRvP^|e^(E`Fa(9J5kcF<tEWA(%H&*8acbT*m#Ff!?faD-55mh25
zi4C%7kEC7T0&v~it<37-Py8S@R40LneMI=(tMHK=B(j;D=L)_D(Ttdq;wW|+cU6y&
zJ;6a8u$K%QN8!+L8j~$RWYfOQ;x})YCEF`#qrHzSAj-DF&o*)JU{m~^kVOt=rhg~B
zz+Xd&OW`;FHvsvq{y>IYtgPTJ_sB@&Y#b>2^^&aj7>Za<oA16cuYQk|+Ku2(C?aHG
zod$L|V`YBi^F4Pd^RM6bwk{q<lb)y^3;BxXI%{uvqA!A7<%}aHJDR~he`gO!+?9z*
z4xYieb>;5e5|cKGZ!OQlxLf;1;>aOkzX)!b`WQW!{p>M`>&<cU?<O^)!*CL}Cy&5~
zGLVmQHRgy*0gR-bM4{9LTkOe6OgdyuorQ?B7_tT4>&L`~o81s0jf)fV3YQ5;e!U2C
zBgDp66NRKs4LnXRlxGLMd0iN>?`wwAhz3O>)(#RG_ur<%p#lS&9%rCZ^ZWgsS#uF{
znEb12KN5!$MFa*u;i+H6x-~%t9?=>>CA^?2D2yN<F$j#aDJt#H=aQWz^mPzv(GS6`
z8Z4WN8FXGyH)KmHObX?5$TA{#SgOT6EEsaPCR#hkLC(d3Zfv_beL<s;9<Gp5_woTo
ztTIea;qbxhFfSOT-B?<FrtkK|TNWrbRO5<pU%B@7%ysyez$O$pd18l<4yF`0@kmh-
zS}ha7XtAprAhC?F1;RP;oxoXc4n#!1b&WAYR52}Tu{m&Bq&~78dyUFeB2j;*VLk5~
z{ZeAaML9ys08|l(IYj`b44uC8wPZ1C^nsWvh5`ZiVhQt&kfr?(;OT*5y~YpmqQLl4
zi0y=KqntK>r{BJ{4r$S940ZA?u+TIigp?Ozn5KA3Ai+bXc!%25eu9re*o`eVE7j^H
zIKSDn_;l;oy9_bK&5E>HHbl6?Tv<jJN>n2tp7U{nG)Re)IiP!Cl5p*Sum<KDpgF;P
z4(TB0>bu+4lREv{@GtdiOV}g`ED8G7N(Al!yxbcl{6sJh$CG_)WS1R*!Dxg*(n|rx
zszonUypc(FDCoI+L`S?1_CIb!noVCo={AY1+t@LrG&KTk8#*fFwF<Y(^jC5^Tz|lz
zXz1)m%$t?N?3M-9pFqiE{7j_u*yG6#0?2%@H{?7<E)II1D6`ON?_s{L?@-*kuaNlA
zpwiV@RAu0$a=foyNqfspWRAkXJ|mlK5_pw+bD%cZ=YFJb_a$zFN42`R4;jeZQRK^O
zO>KG)u4*R6M7{@K0FEo<aHT80A;(&$N&2{~7tgBm81#&pux7Mg+JB6kn!GW&?&(<D
zX}G1Kr~0p#8G9*-*i!7YaH9t(m5l*x=CpJQTXvbIo)HRKEa<|hDuV`iXVTdyu-^|v
zdYd#rR4X()y34Y-WUZg1+Au;BOWwodoFAFxEH8f$(04aCEEOHKu8>{R9IcnEGdj+@
zOW2Cw6mvfILSgzdxJfw`7F7%vHjqX*aa4a<Y|0?PnIBuV4lWCBtwmxz85_C;!Ai6x
zCtsKm*>W3xg+JG!XSJe~9K$*`V7?olIOl)eX+xS(KR;+8m;v_&0It@wRjfKp63tjy
zCSZ2oR^JiqIiLCerjGnoA^s{Jj4X_7|12cz|D%v_{4a&%Kgo}gfQ^xZ>EAJLpUv71
zd&t@L@(a=%62JQFa4;>6LlF%c3BP15^++Cg9GG}`BBW0@1jSM>BK!B)uQ(8{B(yDf
z`B^oUet8=5n#HvX_MBNJ+?Z2Gdabls^0X%L^%Hk}5^H=C6`}wcp9P%K=q!_XjkC25
zP~n+cp7T51l=Y6s_s!17hu_612dHL2OrhVU5B7J^1iuVzfyPdZfM-2K*?OY@Prvl?
z6-GEdtA5^$#C)-`1!eB!N#RO@;MD+FO;9*U9{U^+!uXN|1OhdSu@FD8b`VT%UI1TS
zaYKE-*^9}_j3)EG1O&IgNnfWlhJg2fg4=7v-j33LZm&`H&zMH2D6#N>n=XE71iaR(
zDTEtVPx_!=1HSCI7a$T834md<e|&l^PxYu^G(P$vhkJDxhT8Ua*dgkjg9dNt*hW>p
zpL{Ywhde(KKXJCh9d3tQX`&IsA`bU*D=fy?_8`QLih`MJW6M3m*4g$l-N>|nwU4_v
zEFt<;_aePb;OY>?hL|!Y^M&BY>pbB#hC|~ceS3rVLa+1*t<QG_kXrQ)oW0y}p2PrI
zfHXLWKH<Y6gNPvhFrA<&!-{6=L*CitmrvWpk)2>uKu&N>HU3lt&n@3~$n-^@=r#}d
z=<ds2{o%^FW<eeFj2fT0E6#&E%}lfsM(mJ*gkD|9Uh=M(VO2f&Vrjd}UXJT4Q==na
z?tY5;IN2J|^ov2%2mjl}>c9<4{4fMTfbf#dqM2pBB_H~}CioiE+WQ0V+Lm{AOmOw`
zO$nSOU)%jzW#W74`>9$b+ZTVKA=90jqr3S%VWYR@nVK15;yxkZ^fvz|a65PC1)kSK
z@3V8uYY(`Y{j;mha!H7b3oo&A@7`)__QJu&!qVKvfthvLI*<QX1QrP*Q$PGFUUFe9
z34*KZ%=E*!o~x=jG&wAlA}D@i*6bAnxkRl1^89ibf;%pUKA1dHhX9kAB*bZazX(FF
zz=2@iARnxxQ`)$6|94(Cih<IaQD8n!<N2OAHjxg!#Z`$~J+o0DI#ZGyh#|>B^1)Yg
ze)Ee9e+x$#e_BY)wgQ8sGml6+{$*57In?f%!Sx+kA&1dW>3+cgn`*Yr4Hg5dcnA&{
zh-Qg={cf{8GV|mhcvJHR%fg#|WAt${uS!ZvQa((8Fs3uLL5YI<h}k1%*6gnt_m|=|
z`@`@VQn+AP{5nof^+$lm8Y$x$E?t-kFT{Fu{Yy_4%1R!yQ!_6F1Xk})0Ww1!)^+`H
z=R%}pv*!4c;W5j7^|00g$%cjo1z7!7LL?#NG0QFPQ`TPHXzVKCV4P4*O@trOSdY>;
zF_?m4sU}7R+n<CZZBysg)nmfE5pbz!((oqBr^e>&Z8(AI!jU(^<NcK5ty}(j-RNwA
zV7nFb?3($JidFU}Cs0t9T%4%o7>&_!i7361IZ07BG%iaLDi|ZiRxd$o)XJ<)bMJoa
zDTNpd;#5*_ud>oe7L}^qo%&R$=whtzy<QcqGd+_J6HZ-$CaGDmD3WTQFlpyzKMnFi
zyiJIuha$HLKm=CG)Jj&7`QbSHz{lWk46weInpwrYoGuva2h}PvRvDCHYC^z@lhD!<
zf8RL_52gwe0DzfDrH6KadM;L}J}NxU;w{5m3y`&2e`&KaEkTkhg!|E()$5p2#Mrb1
zIat$cPg&HjzNR0{S>5LD*zaB~JtSIOFcX%x%uD?}p=W%BQxJPxoUzFq0(;udiQP=v
zF2WwgiO???G4=&v$AZ~~-L91Zm^q5o^hpqf$TnZV2%Db}oG2g_4Rpn5sB^)>s8YAo
zqgchnaPi#LaddKp8ZJsUoVWX30KcU6lr9(y`s%2cnxID4R995YC=s`#5RBC$9(f*B
z7-G622{F~8Tz<^;+j*py*$;h%C6IIu@^$?*!4lTKJsRFtFJ^wZekWG6m}<P)2oo&Q
ztN+VlZ;$u6%?F*{H;rCbdS_tV!M9cgIEWSfNgO@Vf;c6S^l;q0*(YB2N$>RMRoHwZ
zr`E1E7+vdk<*>}O5{Qws(zInRx_0#JwCE1f@A?EY_|?3j?aN#!zRc{(dP<^3kj9X8
z%weGcV{KbdAc-7HgHSj>=#aOW#iB$BT4++4Q;yBZT~WZka<C>KS4gbI9x#|2%kJhw
z(-`-dcupf)K{rBM`?pDA9McwfA=_5TfF)~4VB4$8TgE4(NVKe?IAtIiCqkwpW`}LM
z;AVx<HtbZ_WmF%P<iJ^_oMY0kepCdSg|m#>4gr#cGjUm$gA03n4Za^U(j?qrK+H~C
zFiS~x%@ExKUI<0`jApShIuJDzt%yr>23N&kdpWn=#v{byHy?Ri2O37HP=`_^2kz@^
ze2~#EI-ZJs+aK4V4trvH3^$=ZU9Mg~-BNOVzS#`olq?-}p!$=av`4vm<m&Uy51b-3
zL4h=1+1!zUY@vN(bva_VexsZ}=hkVGkh`&mLHmVxX-`Juk8K-4W+jvcK(h*AZJ$fG
z1Kq6r9QVftGH*JDH6+mX+xE!(4!hH|15n0>f;V-)_qN^Bqjy~q!`K9bh=hRK`oH$`
zqIE=VG;gBh{MG}RC)4=-CBrHnJmM;}a>?JC0$|$X(meGL56;#Nzm}tBN9<+PX3+z`
zY^+<mP1d~iVF+V`w%PPq{O8)dLwuTc)Z8oc20hkxwWSA^$Y<6sJ$f#5<)%NVDbwSf
z)5sQfN)=q_^5?WiWLw*cn?m4APqbunK`ly4l8t!E(cUINu?Jk{B$yd#PPLs1V((&%
zO;Ht-Who1-JQUJ0rbY_;G!!Tc5|Pe}ut`~WVyH=@2;1H}KC;)wqiWURZ2df-x~y&;
zj?K%8E+Yey6I&{Zs7XmoV3<#GZstNOsKK*FgHW=nsH2PLRtkE<Bnk`0C@M}cBk%US
zD9a0LB@Se6m)L&OVJo)Q{+iCOt)foXI7(r;3yPC5g(+JUK?kfD1=EdU$xv#zRQ()Z
zQM{AI4cEeaRG=t<F>??&?rokU6&W*vaa1zYY^*QMj&p82ZqG}pmEcI>3L+gtm$yW-
ztWRA49I;oM-KExwlP|PuJq2&Uf;%P*X3ko5swtqmMQ&)+7EpjYkrnT)SkaZ|H$-a1
zC!{h;YqFMJN9qxo$<sN797tKn_lW0UV71YPeobGQpI-;@Fqs7xkzkC$c<_%GB6Z4C
zTqs`gnYDldl{rqkaE>cp@Q*H|N>Zd;XE%|OnLJd_VwmutW#>>=h*KRO;nWzh{D`bV
zM*stfh=}l6p^`zO-W413o7z1t4i8t3L8^<Niqe0Esc^b&@3cZzBsO$v4}FF*w3|md
z%4?WByMNT6V~ASGt9ov*nygMf0NDjHV)Xym<H+QkocqNOO(BbEkC{tSA{VGAx1)er
zps*Y?FY9#?jCV93p$}Q8w09_%)BB~Dbl#wR{Jc!=3!jfaoL6qc2BeIJJgnn6U7)BO
zUl`h;oGn_*>AAw&wsP|T^HOGjd!&%)sQ$E^lt3Cv%CG6D+XyQ!#7}#8bLUB$$Z~Yk
zDQ%XnVH-4B`E2tnN3{ZXy!SbAMfuCy8v%J);KE#Nz8%d#CDWRGV(N|pV$}#!uA?nD
z9g8=5%<d6m)Qg19NV-w{nhCDHh6>`O8V66<Gu<_$f>w1S8yt`CpLzae6eZpU$fJAW
z9A=fh4&P3C13kcWjvE@alm<Nl1L`&d_<Q^|ZD+M&2s-(I#s&9Xi*J55sj?NNIR>0s
zvS`kDpKC%j>Xr5v!ssrb+^g7j^p@ndA|q*%SoN@0qTulAGSPYTCKYvVslquL?YVSZ
zjcd}e4J8`r80Q)^da82e6Snl^qB7noq3JEzVuPrkbeWetWTS)Kh#Vv~N|2WGranJx
zzhz>DxrxhEU1_kOamZD&Pi=gjD5AZWXajlOsduPd<M0C3Nj`XCF*CmXvT4LJa_!dO
z+z7+Hs^lGG(wL?+d1G|JKC~tFW9c;E;N8T8d7#qSS9EfYo2_+Uc^|RxYO11nMU(1e
z^425uaOBM7T`?`e-A7rfdU#8+6;&!bCkFPin+T^n!uU(Rp|8(o$mtK6Sx$ft^+ETi
zM$CZn9;TKrujIYj4aRP&^9#(qB3swR+aeWX(B&`2k4_4WcjQJUF*Y^5Vv}92x|A-!
z<$BOclzP82Ud*85@u6p`&<DE*hM}t&@1jn3>;+SqOk7``@K-@5BlwH22ol|l4j_4Z
z40mw^yw~|K^i%RoKiNHBB=8gEs}PQ32z|aE$LzGt1)LIQ?y~C+n)jJY-u)8(lJgbj
zQnVe0WwS5oYNRA2b~Ib;JO1Ed>^&?oPvBH+Pz*uz5Aj&h_CWldQ)L4fy13Jv*hgN%
zJLH?UYKgt2f;ZqZLeOXP%5jU=?TL*3+h7=Wift$lTj(u>eRr89OKrLuZIzF8L+;A+
zSMwlW^7Bs@@0>$&@1?xY)khzcD&S<*y;g)4wJxA)r5cg(rL%crS0k62hk79CX7o|D
zs(M|^K5>iZv+7D!6$I}Pbqckoj=A&hEk4yPfPL$#olsaus+}yeOE@!yI|U@AUzPra
z2R+2at@CA6DEqW}-AhDGM^oLSu#(3sC^CWZs1FBE6KRP%1;Lh7%wAJgi-#SQeaOD-
z&m9Td;-<Lh!6Y#3@!kpJBcVlKNB2U{?y!6C?|3qJ9=N3s-$$S9BGA%lZY3~_la0~1
za)%b`0=BqLJ(%s{F|Pi!nfA0ZYBW@3w<kK{@Dm&|_232wWo3IlSVgbe_pzclh2vev
zveT9AjO{4b%rIiE0MokNc^m*lV8k+&`iIS?+zfPd)!GPD`8xG31#Sgi!Z=W_9>F0G
z?wLZ_x!u#ALVTF5jPrH|q3zM1z%gLCJ|o5jY+wKock}AK@8YPDM>GGtAJh5VUKHFv
zXcKhir{e@Adlq@-6qg7&4oGf$)ba=uhi+E(&9i6<_7a&GoY-Eoz$6B)q7|I%I0l?4
zZ0ICTj55@7#}mxqq`)U={@_JvYMdJZuSLOkNTy$rKTrKmSdU^X(=T=dp1dHZcA-1n
z@sV<7rK#qhx938Gt0|(W5%G~3?ETAQu4B9JAT9U`ziML4nNl%YPcRK7O$33i<-FJi
z1G%~XX5RhRg!->}H-Mdm<)8CzMuvY)yp`PTjOj&fZJdOS9St4K?VN1?D3w3EvijD>
z^dbU(y{M(l4U8T1oy=`*6pbCsO`!jBE~btI%zrlid{R)*)=iU^g&9CV3t#{cFfy^R
z5pb|GYST+N>06l_3fP!h851x-(+fBn8rwJ#uyZg%)Bp8lf9=pRF|tC_3+da58=IS&
zIsJ7WG`*sev9$^T`=3+(y8Iu_W6VVG*HVE3^q-mke=R~YGXCo~{HGRTVq*M1q>y&3
zz>j`{??IPu;T#uutkc;UWF`}2JV#jNd_Q~Z<Cp!Uk8?jaDOF^+`ET4V1K5r%AD88a
zUxM;a8T&AX0d)4pAq?9n;>s*f+c&wR7bY2rXpLLRk&a@9R#=6)1DZ^>b{<#u-F36B
z55s<B>>awEGw<oM<dfo<krtX)?4vwCSb5ekopb53(7E=`iH3Ezt)(EHXBJ#h(Rt`b
zIE|!`%LY@?($^}L#XoXfzxN&S(n!_D7ce$ZuIxG$Kh*fF{?tq>lt}APTE<5R?Al5&
zSS_vX{Nk-{?ff^{Gya=7`)ADbip~a3e`T)Z;B5Slqk{U5#(&-D|2=JU2S+C%Gku4@
zQk2&J&+R`!shS%(nK^2*{Ry0jg@Hi(KLY#LgGBI;2TcK*UddM3#{4fsNAQo>{(F%B
zr5OI@_ZXS~O8alJ{O2+dfQgym-<N^TRkmz#R8e{B+Ui`IB&^8Enpca~jpJDd>K;}J
zze?G(HFQKT*_@qMX;1i*a&F>Y+SGE@WvO$y<gto?q*wh?AmvXASK<;8gbc5OLlU_9
zPSMVS@M{!7S>FB2wcr3k7`iZSr>E;1ao8uA3y)*h?S|u|>r`6X(wtoi4W}@@Vr+a+
zy85LGO79^L(Y~2}OV2?}R}si3l$J@2PFaVq$8EK+9~fP^lD78S<S9BI0d$AobB6I4
z4ZK#TN4)q%H?Jy0+-4_gus80*h(l#f9wqYmZ(rE9juRB=tb?x$IY6|kH0t|{Z73T4
zcT_8r43^VHsn68Fcfz9TMcnEc8Tt)EPNUH0R?7uXkI#GfGt_18W|a6bF_D76!uQXq
zrekN1q|IFBjbGgNbB7Ye0v_4fq)~%rfd+S$FSzg7n}wHiY)5T(${q=ep>qfn5=%#x
zqmM_q+sQA9FG4T1s{;~;PFCT*bcR<W``qN`rFeK3EZM_S7X#d$In+Zh9y?kyE8pJa
zY%{;zl~%;f-qf%ooFw55CSVc|COoqv91}4Y4OC(HMs7}u0ZqM--r4aN47AQ!o}L_Z
zWcO}|i%&uhyHF1Gy?5(IolELYZ*S#g#pjA_GZU2@QY@BYTxxPZ*nRm;>7nDch~Rd6
z6wRZqr}GmsnMCI-(xrdWiyGE=)l*hljUoBREuL`ZXE7Ri$(j1b?&Hj=^Vyzev0-pk
zM`fU=^@PJzqV!(=mJ4RKti7GESG24xBHL$<%OnSey@2&3Br|+>6sF>-SwM~uSy4f@
z=9j}NPrF@0OR&Lh9c=WnkHS=JF^i;j&kysT)lf8?a8d+_@KX!J+HX?g^~qPXNudyQ
z&v-(cg$n@adAquh5Iv;D5GPcH*T^C?>Z0l*8F4y-(rn&~6P4nLiAU!rWT|4?VGcQj
z*6V^Be=b-O%fp7V`cIPA4U#cp(MDQPN%wTC`|%m^wCCSbW(A1o+C@ZYV|Q;B@XKfQ
zjm(RBV?*B~*fs`n^5U&SmgB?QLV*6PM?|ToI+|#_GW^8dR08uYqF!{ST13T$`F)-+
zioIs+e8I<u1+zhBPvjMNyQg6m1wTi*3N|;kW^)+{%{MzGr1{pf_Ox~+=RwK%-7tn{
z^*P9q@!@zk%NnTX^_pW_S=mwOL=m#pX}^1Z-_T8Ld3t)9^XBfIRpPuu!|Ubol8=1p
zQ)u|Kb(iMyOx&(~_VWCJU+4js1cVjNs*GX3?`+|z%3N`7c|3y#`w%q*y4Uzv;AVuM
z%^~uMeR2624Z~UTL=HrJ8Ii>^He@RnL{tmMUnqK;9TK?ey0(XW;=wPU&$W7Hhy9?x
zQW8WU&=YuWi$Oh6$+>4-EYRSE_kZ-l0r43aqT<QxJl<t^(#@pfo`gUSBTUw;T?vxx
zac)<x)?eUGZiMlUTM1KQ9T+rG;9%tej46n6vW;mlf`VE(lxoyiv0BrqMTwJTV97-F
z*t37^=?L4{I58(-twp4jsw7h<kCBaAEFj7s!%$)}WyqLjOVpqN+j8{L$3<HVJnSC1
z%QXPjTnhB6MqdW~aEI!w%B)l>i8AcCJy~|@4&`P@BV^J@=N{;kiBxHpX3`8bIW4sy
zEE2V0+-B4r?5k-&J(Ez^D~!h$)08QbusQ3fiMIdD04<eprlnkF96J1W{b||nm7Det
zGzy_P4>d%93Ya)J?B#$tI^`e@%(uMA5>8c`HluSI?w(05c(3J>-9_9b6eL8%Y>YKp
zo6w2$6dD9$z7D;Kd0MU}4Nbc;_40ZpmJJ>Q1fCFZB1CL)*oUy}OWA4jOzfClaf|}6
zP9c5{4I=Da@G`wg(hzQqfdzsH3k=MUpq13)e8`DeutJK62;i^Oo>b6ui1dL}BG68b
zu*Xx_?J+YXPGvJS1?zNajW0F?mZBy&11txoI7RF{?!QE%54I`2f*u7p0Sd<IR4u>B
ze<=+ttt?39FV6EOsgD>RVUAopHgmmVu8<<Tj}F_6Zb}c&1gM~HFv(}YCAHoyE1Io<
zJ{ohwFb8qe2u6f6<s5ZIk$-O)dd&Qcr0Y=>PE(5az)OX0uO9Zm#ZiED#ZKmjYdv!`
zSfE=*>w<KFa)F8PX>dbu8xTu2vNl)WmKvUpO@^}+1A_0>?D>?6YxjiVDkq*^%LNcS
zgVWpLHng}JBiE5KRPr2-%AOgO{(2Euq3j9ukg8SXLTz|Me>4vz_ZF#YBjIv(MMvg8
z1OlJjucqV&7xy>TD~W2$v%7iQK1bk2ybVW-fzLl)&0F$KW2H(C<xJrsL9;3<<j#DN
zslK`6^z$6L{%#;5Q{@ZY0#5RF@qv)Hy{)%MZhY%V+*G>o%A(%Nquk79WJTF;cpGeX
zTieNUi#wYHY0u>IYszyco@(<9`}mfF8h-qDZ17i!{fCfYXJY;rRQ;RU|0gm0tDgT0
z42Av!41d@e+bFtQ8`xU?EfX@bar|MzKN!Nuz|KU#!NmH%F(E4l;J+~;%YS1+ray@I
zcTC9mk3OLP28I8nnf}EROiWCF0}}tv4u7D~GLYd96h5OmuJh2y=dvM&8}|sc6*lq_
zkmbY8OJMBw_--*;Y90~#r95`-$vCa?IPWF+?CW_-Gk7>eN~x_7!Lqw67=ur)IhC}p
ztq2zeoi~vJ*Jm(JG>+M>ll!qV@w73nD(<3iYm1>|@vZ4wbq(KoF)0Od(;;x89j5BS
z=uJekN~I3_AI#ezZ_wSghy;_I-Kz}(`be=Ntjq+J(M3S-?^h{E9;diM_3LwjN!2B5
zJ<KluNrl>fs4$yHbs7Kh4;3N{t(UfUeht5~&i}jQ+5QF2|IGORhYJ5L>i+`>0jw+p
zY#hvg2ZVn;VE-Km|Is`0-$MMKT9EPo^n#4cjO^_Hp6b2_oR`u<!{w%F79inSoCz5T
zsWV<^_9{040m;w51Rz1i5K9jL)`_GU$;SJQhX9ZT3s5xh&<IgFRH#Nf6i)B+?mgTW
zBXXxh{i`+Z-D&$9x2?x$A2n9RJJ4nf*f$#<IRI&3!oKI8U9YblDTJmEL#vkWOTLv2
zkG#)_F)q~ol8xU9CL4dzE3nq7kp;HPLQYs{;-}0-d3MH}Z+$09Y!c)27t&Yw5o#us
zR?OAvv9|TDH~@c!PulNPuXz28&F5tbPl$<a=OarFk5WQN{D5HaDV5dp6r9>)-2Fkh
zcnRI~JbxVl`2ERv`pp}gsQB0=EOvZkIYp@Rm%~GL57ilc_r-uXJDRRY=QAbY{=OA2
zk}}a6gpUKrt4tsUIS^w2;kCwKuKNWfG`=U*gh{jF7&DFa=5yl*pL^6NugK-lr3>#3
ztv&!TKF7xa=MbE3>4$Fq<1D`ZD-=`YROKG1MR3k^%Q9AX19g8XduztoF12f4TLE@-
ze8Qfx1BB+~tou*PV+p3D53Gg_E(36g->x`0*!o{ora`bsV&+Wcc17zk$uhv-(9-2^
zv3E4tUm%{*eDDZj5*QjWYb!%Pbw?bH$XmqmkR}t9mp>5QF|SKVgz5yojgZdYCE7(y
zM?28xH-?P#IZ<PhFviINB(swsg0SUJ9gn^eRvP6nQ}FaZbzce`duI|Fh39U?TGI&9
zW7z(f&UZ?l=9k@hi7Ei^gm&%0Y?Yxw^4#WLq5ZBVv>4A;C?LeTVogKT26tYss@2Db
zo#rbT(;UnzGMPWA@`UlKh`7Rg!ALj-HK7nN|C6_AcbWHNy^;rx^#(#qbn_Bjsa3op
zXwA+fUrh{;C<ZusJPb>ypBlB;XOv$r^%`4zrATz{&r_09CqNyfIn0}zbs=1z5<9^#
zAKPMP81Cd}l|MyjW3Vo4FiSwVvge*JfF$s%pKuKxdI0ZJ;P9M!PgO;h);{uhlr`Tg
zmKj(2GU=7?z1}>CT|&cMF5T;U_#AxrfQTud<&9OCp~M_?OU^;7rBlNN3k&;^wx7&m
zpFWQ3(iMlv{V%1+Pi{;2QR}Q5__gS~XD+MJH>61S;#RS<M7*JmF>&Z<q_{jlKYty<
z46}JTL3}N8aj*&ET4}DL(Eje3;`xB$xgwVc6Hb6c-)GeYqlwp>z&u030u<?aj!Kwg
z95{iyYy^K}1al7LGr`S5$=*(wgN8)JFIT;%UYObKoPg$or{XSD@-Wv}`+nd!!1&8o
zi=(<rmbsLQW3m9_8a;xBmBt96J|WaP@s*bF2%(2{_uKE1g*={K#sirv%M|HZ0uj)~
zxR<)<&j-<cA*MX;OLO0jz5=I{2DaWGZu!1@@VTG;obpxaV-J0RO;w$fXqrp2L1m(8
z0e?0p>oJ?0pdYSIkIyk}+(QrLFe2w6Gr1h+NM15Ue+~b3=4mR;s0mGmDX~i;6g*@$
zOy@MkAM<^g!*h}QP2k&<Hco9RzRquNH$rMxyy#>@@yN!=$M3aqe5z=(nF{?D!y|aQ
z{I}+^jbHtK<YfIwqh?EjDs*~~aipRi?8A<F?Z{yDxqlvbyuf-%dz@a4&Zl+Vy46pA
zo$2CupHu!3dYes6+p*DRWG_G1@12p&uAs!s;OVk9N?R8g>Hm$@_cEs_uNq_}w6ls|
z*Kycr$3>QS*Du{Q-34<HUod*^I0E@)5U$`d3#8X5!@S+kjm&ffO$Mlyqeo{BpH-*b
zJv9KMetUL1YCbuSBm26JQ=moWf?ZlM%;b;~xf2fD>bx2cH|*)Yt}e+bDK35cSi`@M
zc(mPmsF!IrOaeZuc5+`nW7`(o9<f^#%HFHe^F8eKcn8ilxP4fQWV*~A;g~XL{9FdM
zVS*N=M4ANn6&SC`W=-e$+8@oIx&-&BTM@Hb)Qt%j)plg+>8y;N%kC5`uoicOG0%``
zCh%CYEDSfIuTVSMh(r$^hHKh(uHD|{_Jv64E^E~Jz~3crUPUZbXQC`+9<OLUk@mWK
zqFvAHDQAdtQaa0ua|u_FkH^HO!1fX%p3uw_EX0wT7zUru`#TEt!7wz81yfDJA*|3P
zD$>McmeyTMP&<ZSF}!oY!H1a1@kqhEybiGR8MnC#CCPbb@9)^x1EAjVvR*+KQ^rx|
zd>F@kvtLpB#{2ypJuVcT4vWn5-;v01bv&2YTpk{$IKRL4B+%Rk3DG=Pdr4_I>dCCF
z81WkA>avc9I2;Ox8T~jL8@`ZQ%V6Zk_tT2Q2n>3liO2>;jl3aDo<%=fx5%3YYompc
zQK<Z2M^anZ(rsP(Tz%g9RB~6FSnsr6o6K5kv<_(sJmEt)zo9E;o5Qgvc1$TxZu-&X
zXmK@ee&CDy(j}uMM6)MxNJP1$#~j*1fVGlBqTnZ3MIa|dCz<XjV=~%FV`7*-lbDfg
zQo)2RLRA!(LLy)bmCYQm7S6)q1>(LFsl0c>LeXJbUwGU#>uLB(4U@x?PN{xA&L$sF
zlLZlZYF<5~R}eaoX_!sFX{19+2Pm#ADwh$A3)|_EL`J=o>#O&bJ6A<OnDt?K<IIvM
zj<BqHyO8AbmhX^JBiSoGJqpl}?HIN|Y-uuEKU9~QPBA|jTgl*HIF5rNp|;e|UeHTb
z8*8qf2FdR2K(mo$H@=>%T?1>h-_rx>&OTqeSgF~~wqC1#Tf7#3{o(8S!ScB|`{9#&
zc0Okc@uS00V|lt=&|CRE|K;2L{{E)+Su@gbN2n>{L3YqyJW)k!C(W!W?(k}c>F8*M
zUqz<otsBx&1{Rr1FE4~wt4$86|MZIMmbZ7?MVsx?a}3@4$6KM))#;oqLN*8B>EYP>
zWNO}5ajJ~m9LhLDo3idtu|TtL14s<J2ds#bjV`uJ6LTb*o{goqD*EV4Zlz#EJEfD$
z4l`g^u+*9jx7<SnI{K3qW?4%clTT{nm^5SXJ-DlT)j7*j(o>|26(^%#kiQ=L=y$ny
z?blqtIzAqr=lu3H7_>;=v%5HJ2@?WsTFW@LvIfnlv_^bZ!f4+2-0EsO%{4s&_OX51
zjUniK?)|`@@x*K1T~=L<saSr#p`A0zy{QUC;&{$ab5`xV4*Z-%$LG44P4x6QT%YIj
z_Hc9@09{qz9eRT|@WBq<$qc(E4HKk8C3yf>+lEMw5VKDDlG+CWRSg?|L})|IIa>Fq
zHNfJC?&#dw?ZDC}9?1+hD=d!`4*u2A5r>R4yZQsYBxAAjm*`gCdl7i{hf$YHG5VGu
zjf#cqpQdw2lLX8wb4FqsWCNx>17itDB+Ce3U7i_TjY=Bn*V%4<o!SC*S`)=|m$n)V
ziIr20IBl)&(I}ygvQeFZ#t-U_@L_;^(!IKLUg1xaY06&VR2tb>vJA2`at-K;xnX8b
z#Z<Bh=5c1ULXL{tK#p1NK5j$fRgiM73B$4mnnpS)O??d;b#rTUkZC%If(EjITAgOi
z)z}9X#d(Ez^K1eX{;yQD4Ctx0C^m^Us5VJxspx5{=}XXGOXu3<mti}0Os;K?Ee|FR
zxc4S>IKpau>xTs+;BmJ;n__VJ3Uqj%`b-gs{CETxlD;-SCcF#2CWW|b9cP?;n+`BG
zB6*&azK#XD1HV5XGKcljl1#W*Jb~F{HUe`agxs)xgG{7JZWVmn^wk}B*?K<&ZfFfr
z%@dM1brZg{_dCUE!up4D$|}K<IxiPbnsCuWo`gScu^IWkm2W`Ao$9@g;=Ye^(SN>8
zj)UXJ`!j#EI^3kd`Qo^{_pEJbR%}aXI6y982Am`&vf*$ZM1|~Fw<2FQ4P9?`A^tct
zt!Y4XJw?BUGr}ITxHCl^l_8d`_0#&L?DP%yS4yB}&|#qd6B9Qm`asA){!VqX30KS4
zQ=K(%Ya@CgBHCgXB1FWY!MVtScdi6A3dzmVCh$a<Q|s>Q)J?RS4rN=Zr_Pt3o2=Vw
z<M|$3aFw6=n~kxQPY^{7b213qugQy(1Z-(SC28SgXK<<bb8Csi$t)h41m?-K9@utX
zZGW!e&2KA3GIbNa$r?M7ymfTWtYC(@xQ52Gm0sO6HzZS6HNA#eP`7=$02H@no}R%>
zF|D6Sq#hlk-e1&dq52*(kRMKe6w8y_sIaoIK*|OvO<k|(PdxG%(6y+NUwlb+-re6s
zKan%2r7s)yi^Vy%Ift$v`LLTtha@#>@063SLI~+q241z+7#hBgC7RKEhaW*LOmb}C
zU`--g!GkA^W$!(W93s9Q8+~K%>}+F3yNGV2JO`SEC}1h<G-yTk7*vsJ$D8(}h}bB%
z_VNIv_UX5UOINsSF?ybjWE|r;9Y>sf#}B$Pjoc&mzX&Go%ID}pz2u$l*}baKnm8sP
z!9f^g3M5`A<w38WguV#c4_wBs<sWg=35CRwh2S8Jb;?!a2u#`wG_yp*e-p$tD})mO
zjJOr&0WK^pVZISlOoHuXmEcM!2r`m1$0{nYBPTr@>(Zdvz&uUkF)c6RDhb-_W&+I-
zoCt>isiK|y55a4@Jj3ol>1dKN;XHj`*NonUC(t9cUkzMUcCh(q><p6D+8aK>1?1l^
zVO@t1r5S!<8{Ei8Nh+=33b`Ld3&B&ZTjFi06%!8x2dvP*i0!BP+w&iP5nR~7H%#{v
zYCsfq(khO|J~@W{R;|<BJH3eumn#rNe;2Z^woEwGs<}jEZO@u#zaB(6f@1*_^7i#W
z%&K!`-CwbD@ya8}^OrH=w^(U^IreD%Q1g5ms<=4V>4QDBVuUOUWv9jO5M(X3i8;XU
z2O>)F!TF;s8_ByJh=m&=!ICU;`KAG#Iz@aK58qZnX=c2%?WK9FektT^P4O(17~bzk
z5LI2!=_X>|P}lH_h4vjCokTeeE)yl^cCsoV8B!y;85q)<V;(L+-Z~djVB`zyrgSsq
zArc0+dhB<XD2b)yLBA@Jr5HzH5GM?f$rC{zWaV*8BS*g&I_TG;{b?iX57Zi#Y>J%=
zo++KPEK=^VFwkgYgdY#P2l6AO))Gc56TcE6(lF{;ru33Af6Cvcc00Z7I26+dV<k<S
z=}fPS2fyxL#Oi+2V)xLcoab)WF){?wsjP52(a7<(M4S_-(L?owR$FIPgW~pSzy>9}
z4x#_3kT0^E6AYD9<pOOOrd?uXtsmYTTut7uGHE)y9+jDh8slcUz-pP^AMnW)(z!5K
zpKq=g5e+j@6&jOlsZnuZsYpz5!?M7s^%PO8TRTm{&M^Mrt(Y|wWtbg&(pt!p9USC<
zT4njC0q&IhJ{wJGb#^%Aq>S5!UQy-Jrb;JJTQ#Y8a;|okaLGdhD|J#s=_EcwYl1fW
zq|mv_q{ZCaQ89lhiqk^QI-oeW5wo)SbmIt&s?5epW93Y}xn#gELc?yFu!*_NV*S4A
zfD}IXH=?#pa*H@+o-l5$C#L3^_Fh?eLOD0>X0l0BdG-jC3mPl)A|N`Mb-r1HI||Mr
z30vD<d7*{H>PXT#YfSMn)>7-fD#+$C6p^f`4IubU^Y`?|wvEdIhmmbU+iD-yaDMTM
z_C_yhoTpJ<bYG>7)m5vlZa64K3WMKQ^}PeK>96P?<p;yfuW(0nb91xH>+ylL>$}ce
zMyho~V+8Z8Y(!dUKeT$hw8Fh=w^@$d)FYRd7gqcftQs!#qSll{pgUj(m1|SAFW{^t
zNhTdM>20h%_cTizeL3A0Ei%3oUG;uPt709@NS#tsf7_dJX^z`55UUm1@>zNCTZt-;
zYkYrMqHcy6TvqYFM>NTh_(3p8jT_UWr^fea&`HM}Tpq8`tozbxr%nUq=p;Z2-!IPm
zQ_3UHkKKl>wi;V3->>aHpS=uU*^oz1WpF2kss=J!$?slL)s}Kpbj5uz4ouK(1Nx-O
z@nv=A7TMEG>tcKK{fJ#>RMPm?`O?yu$IscX_REDlwj^;@9FuoG$$}elOso#lp9=1G
z329H1fLQ>ywQsB-FnX;RR;iL0D}g%Nf8B^DW*+n;9?NbwFC<8z8%~RU+#4gEp3rL0
zUcBApZ@IWT7ZY!y5K!4rqK|nj8pfJ<pPLL%M`@UGoFXp;nS+>UF4FNeF~Qy&<NW1m
zU5!VlD#*M<tn~Yb3eYyS;#I3<DnobhdT81r)v%18o@!)W{uHUas<JLC#v-!c`2j=7
z{?3+{vM)wAMK|WAkOF=1lH#S}szH8Imhwc-PR2UC5ll0zL>rfsb%^NKl{nR~aq8VK
znuwLpH1Xf5>DA`yhLa(cO5>`gS!s!HsQ4!DUBn616Az(NU$aEgre57512Pw!+0h1v
zeelo@)RC9a_f|z6<mNU;4pBC$;cZC!0pnBm^|$Jz<}wk#lV#wesmBq6pI$<<57UDf
zETT>k;jb#Dz0Bv*WRD^pQSu$vLlmsJg@{@o0wKsM^_Q3=fXeyCcKVXZC^y434L%>Z
zyUnY1Q9mAkjP<aNj}j~)9Ri?yR%;dt53eIh1`%N@CNV$Q7yXkD$9Evftw{W*7&ML#
z*u|!wTE5w5TUN4TAJ#!(=UDgTE-7FWogQc~%X+xMJKdzmoQ{J%tCfjCz0b(2m*$=y
z;BYGB^{oovO$k?sov;O$<K_TEh>uM%w_J^?)XTrgxbmAiJKa@ZI{S0LS(BvATr;Y(
z?Z_h>5<dmekd)<SU8WIk2$2rt<?yA!efu<#t`G@ht@@E5F|kYMogyt<61Dc=*#8yx
z*h?pi_Js=H0`@jbp9G@Ra|RMr^%Cr?J@j<pJ2q)XNfP3q!sE|*XQs!MVzDxo7F%)$
z8AGA95$~li)6^WsTD(_+PrMbrPH~!@Blo}@P2P?CS$Sz~TiV?MwlKcoa{6vdj+%VN
zGkfo)IZ@_<NJU@Cam6}1dmlz>EZvQgfuSW*?i<Gf8l7AeR!+HS_qoy-5yb~N{3$$I
zS7g?~8{}859EC^r&l1?%YYc6ep8L4SMz-V>OMRy!`^%kEkUt6|{{_Cl&Z|e>1DUwS
z$b{^~<cu=!=rxOp3WR5!non2PEy}Tm;rMYGRhrlS1g*#@Lxs!Pa57Cr=MjifvEji(
zLR5oi3c92xO^D4tMc9!?{4^uWh`*(tv==`AWSLs6%b4X=obv1{JydcP`Euqp)84j-
zH)+z=GH(`KJy4d}t7QTEIh!7Jy#cT{iBZzd%Ug!aqjvumc0w&`8F>|{6EX$QW3bwS
zv9liC;rq6=T*JFouF@g8^U|`MZDfIH@5mKZ@YQo%miR$q*rELg>n#UD^oU!I<zSle
za(T}T79Ki!j{a>>J64KehPf4qR12Mq7=SnJB8k1%X{>$9LrSjmt8-0*O|Ac$T|O&)
ziq%2useL_s*G4OjrhF8!RL#^X3{+c`#RHa|GE6mYW3>KEY~%J*=)z11_qqXyI?qG8
z{3nt3Vo)oO7JlF5wseh)5Rz$S^!xyaL3-Mxg|O0)r<D_>4_j_#%I)zEucaAwGeQG<
z_4CdFWWBgqXxVielr<nMD6~8%UoTn1N#fgM?6YFu5};h_sU)~UK8DFM#*A{IW!{eA
zBZZXKv*pwIDX!&{mVLI@a98jhsv~S&eVApQ{ML-}acaQbY!9vM3CA$*T0JGvN;XWA
z<uGC(im)1(td)s)$-*OHhK-wLX)M;;D|nHU0Z<+)>=@3+-sc%Xq{Zi1U$V&3lqpVr
z)R3Jo{H;0RZ4}pmTiJS_>0o~$>Y1wy*~hmNg!VP%qe2#FMe+jY;Z&YbW3#93!a_af
zPTSg&7%{Y(VU(M^WZMz#WiA;^y3?#QH8n_5JM%_%LP7W_@&GTR+WT+>xp?JOHizhu
zVCB`RV}0qc+p;*g<+?NC?Rhtn<>86bl2o+GhfC>ceImoZ7KHAwvW?LaCvWY$I9U<r
znmy08-XL4muUYF-jNkH3W`n=FS=oVIxasr$mR+?0ZaAVD=He5Wz?Oi=%jHmHX&WFw
z7x&VMzU#s=)q0O==xqKdh2KTXU|D1N+r0zX;tbm$Fy}En32!s{lnwbnw~20S@DlG<
z1qb(5<=&l9{OQL1P0YQW_=QXPCt&;{p|Ew6LZUq<%B~k<`lA&U2l+nk%y9J}q2^I;
zP(TdYp$pIcoZfi6=(+moRRi<T6Za$8KGMhMmU_SG3NkvXQ{Mj}2bcGqQ{8#tv%Nc~
zuNN)-_RLj9s%nHe<c#p=6z$vRe%UhKP>wnYOpeQD<FzT7J4Oy>d)CJpKAL2eLAorf
z{*+|+wK*Z`6SJc?8C{Yn)0O$2HE2qlo95nbw-^|&U>3EqoN{w5RIu`saL^d))gkfK
zHQCdVLe5<rG(Ijey?3)h>-@Kr#!!5nOfv6gBwnX*^x~czUW$YdCrn<7fKMf$H|mGl
zSM*w72M<Hw_YftFlg~Ta!{Qx$wBF09*TSt!zgwTDEa=ORA(CTl)DJ_Xw>Id*#U5Mb
zrzT>%2R7t_x)dNA^7fMFwkp+IIrL@bNZh78P#QjS6SV71B>GMY)u(2R=$+`BPbbu7
zHbTHMW+p<h68kft&PgFCCk;r8`XLg;=DJ+SM&9>{hhSTB^@8VSZCZ1e4$Y?wT#&g6
zhvt(9`j%eZ^c~Map+=Wq#Y5AV*}>l9js>GvFkI~t&;Eqw<89S=xkh}tM!P<WGdMo7
zU_U{LLFtQ8VsHQU;@VblsLURy8$#E|mtS?L^puOAec$&v{xd-R>IW5fK4*0|U)fbX
zG~cj)v69;jfAF0VIL`1-U$<Vm_dZy+UU=V6x3Ig%jO}Zrr%vdY(kmX+2R=@L)yojE
z&q*>K&aWSn5Wbed-c;QFqImK^pwsfJTxq>(P>3Y3&Fr(yQ*SCjtbm7#JGA9~8_~@!
z;wkGjyzsIj_>z6#o6-|D>c!B<yV!Q8!E%(*nM+U8%$lufA05mckUt0Cg~*&MLO%re
zLRr5JdP@PAZS8W5huXLT^ey?V9Avv%USR71#HO-Z`I6DqDY077yTsO0<n@#ejSbkg
zLG@5ls}^)!r*bwGbmb$RoHJO5zBV+VfiaL}EbG;#5>|o?X;*MV2=oUO#G?BHen|y6
zqyAP2;s<xq363V7uJX_G*9~f1^eUAJQZY!-xa}$K#X`MM0!AyN9Y@2eorhF+g6Q^4
zs@Cc!fivW*8udA#CYSzpngugA2d^*LR?bxqT4NJPfR0+3{w2sm8+W2y!UZB_(rxe~
zyWWk?t*nmZ2Of>Xp+tm|T4+a*PsxDJIilU6037`Mc+d$|n^G3|!n^;RIa0Y+nnDt8
z*$cQoPYOWD!Pvh%2d^*tmbH9u{EI2yhJVLe1=%qx_4?wEEZHu%a_A<4Kux+n5LBD&
zueZvnAz)LteJQ3giJk3W2W1S!B%0~@y=SC$iqFEwMWk|Jx=B<@zx0Bj>+C!hg(-3%
zjhCs$0u<)lO79>O*#{*^SL9~t8S3COv>hTrzXi03wO<Dt9E+mb@Q+}J>lZQTrkD1@
zq861i&?1KqsY(pkJSmW&l**;1QKFVHDAUCi*?_cwK_~O`YD}u?heIdCt&LDg_m)Vf
ze?eAG{Uw+U-BLo>gf@7XD85@xK)yz{pUB?`H<-KLY&G0_uTHf*<LHUHJncUL&l=S>
z4qKj>29<{8ig|28*$0h@<$64<-HJII*LEme4pl+ZbP$e)I(`(U4nF55Ugswd4qC=q
zLSPK~%h3)K4Cng+sK}RkuuwQNzI)p>5!*N4!;m*u&?jo&qS#N6;>D$lzw@*I)w0P3
z0I>ek%rpJJwrq<2hnW{Pw$N8`R@Ap~l(Dt3{VzNJ$E*Ka$0iHgA3M*+{O3QFtbYtW
z6Wjl0=Q)_z|J}|5{+pfu>%{*>&;O5}O{Tx;+2mmTzw~_EluZBw?BJz)I8K|8$S+!J
z(!hB^YWrpUsEe;=2Cd@6!h}3m4-vaI2`=Jyb?@F^*CZC^qh@&B9rLYvZgsHt^{_5w
zLArWnu#-)+%#ZQq+xMr{lfi7ce&7WU-WkgO-s71kyEN%!FS&;PLF4WWoyp49`Bbv{
zy~)+GOYh5Wi=Oca>K!oaaI(`0lw_vCN{Pafk3L}khu!~2+B*kX_Oy$dT{gOG+qSFA
zwyiGPwr$(hW!pxVZEKgUsoyu}+_@*tcjC^({E?AsXXcx+W5pY>B33@{v(jm=X@)63
zB5+Wpn-h1q96?ke6>j&u=rA!JzH1na+a7Nl90fDL%MmpY(TO5EHwkLO)JD%o-6w4+
zatV)<wux=S<wm*pSZ{Ogxeq`N3!lVsdbEC)j<TLQ9w6VKz2LYz!e&A5aj`w0fNBlt
zyhp`NbT}G#*&Eo~a4=f$xR$y!o<tmDv#Q6P{F_8#`u~W3{!f|n?+^RGnT-FyKiL?V
z2>yRG=zn7WJ39KWg#Rz3z`wHRzo4T`{~aA=`ahzhjO+}I|D}X@)6?BcS*8BEyyHHl
zyNk3d4*uSn3ratfq-YgbyjsAJfx;hAJTQ)B6*Ylu(=UuTJkJm@9Da|1z<2{3BN(0_
zGVIrg4#pnW%t$7o4YMsu@J;zX^4!Z=&N?oVUD}i9_S5pR#5P}Pg={vLiu0NBw}(My
zqB1;(1vy1LSqen(D@ZyX(IEk`R=FB7(rPyJbOk^bq@jmgrSp0|(BdNosU{Zos(+cF
z!fIYgNBD;?IIhvrdC|XO?j_a~F`-Zp&*&WSFH)CSv^UgSxwF)OE3CxpKFmr@|7WHY
z7Bz_P%Y~X5)Xgr2VgrkvSZzx7w7xI%<4{QN+}T>tqUr@c35kJVEhEa75SJ&^81vY(
zzLN8G-zh|lK7S^n3swIQ--A@VOsck-TAUh1%f@!lE`5fK$&^8o$|(Rw(uFi8&md`g
zsE6YGTqqpAeKxz1v8n1K#qHN>B>z}0NzaZ}SaMat3=q8yumlk`)G06d6CHoy-RHJs
zz5*Y7!oD%SIliB!9ANmk0YsmC^lI$tw<Y$f8(g#4SdO|S^Qt7^tJJ9_zG?KBGVANM
z5;(tdw8rj;_@L#4LbxxqVe9+3L}>fLL;Vc8MHCySBmM%(88u_w%B;$~ogkLBTIByi
zye<SFMA*S{72;hDx<@^rR2M)aRCcE&S}eMOF8Naw%_9RC)LD7j)AIO=giM9cJ3t`F
zr7g;#5thQDhdcd9i8}fe3Oa!}06iC4eM&e!jZ1k}cP8}2b__G{@CnZjm7whgxn>-1
zi|^XST6^#DDc5A6BeB04<y(03ae^E70jIqOw%BiU+7Ed7te@i~Z7@Tf={!8b6k(U4
z@2n&6U0a}J7k5vr$z`z@0zBIrjYN%4kK?2>dZ~M8R+yEoABr<&Mu8IwmM)g5@Qg4C
zFbzT~ABe56%xWWEA9w->6EhEbiETE<W4`1BM1)}=5<mA9dqTrdjv|MJp&F9l@&kYL
zqW*-Uw5-lcLXj+wMUvhlVUoz{Cl-~JxeF81|EyxNvducWiHxr?e=}V>nll&cjaiQ-
zE>o^=H1sLb7tyiw0UL+Jg=#O)DPL@l$1D;~^_v2<5()7Pz-91a`U}p?<0}Lq%o4yu
zTg}2Rk4l-NlEOcA>hdOLDjkc#GfxpAT}(q<QT~(FgmP)3AQ8?`Ow{Z=P)yp`K3Glf
zupD|r6U_jGqd9rX*1C(|@KIFMtwcn0<E0HmO&53UT6!YZ&7@kS;q8dBorm<-GfSeF
z)kn^b1CL%VHYC&_K?TeF(=Qv*wDO;6I!7sb)4&VPmX`ivG{67+hQm3v*1h;Cld}Zh
z)y<j~dqy^7GP);z1%sUx9{}<3Q%M9@`g$Zqm!X3qfx}WzBS?Z8@f;YkZ<{C9vvb}W
zP)PY{_B+5r@GviA(?$ahJ4W1?(S>NLVLYi@9F6-4nR4PhmI0NiggK@zWjyVOqr}!N
z7{XdhS#b$#cdkUu{Z?Tg8#w-G=tQSwEaWDQC<H&tMy_&*=E(Gg@=uteOicwku@@H=
zl-L8lpARvDIqPi9F2v!!CAn;zO><Zqo-y&=*wca9ppV)DXPkdn1l|3&ps19FNM;}e
zB}{{+hnO2i43z4x{=<A3Be6z~KFJt!@l1QY`pW~UiIcdMI*GYOkh1cys7U?oX*bfH
z7Ig_F(P$@6!*~pmo~`T1?^*X=F;V0%mh=@i)Giv{o~Eh_vb_pB)!pvOpA%Vtumdre
zH(rxPpVdowVdD1e1<v;cwWB1|WVZ;@DSB*t<X?iL7p;x&)GKb|S<u){y<ucB#3_uj
zOR+&@pkZJu*V5@hGhtjZfwst0Swbcw*-R2NAmrgng&6Ta4SgOOF|s%Cdy`T(%`FVF
zG9>{-x#hvKE!%%OMNJvP(2S7xA)~7n`Z=HnP>5Jga+P2x#g~eOT|DY0l`d~Q&j!Pk
zwaIE^R1p>(q%oC`8MUS`|DKo9C?newb8W>ZV^Usoy-~9}5MMqy!_)}K#TE{!MwgZq
zsh9%78A&K!?jhrK)Uj+`=F|yne<KX*&IV~^*qkiEOC+#6Zi1$Vn|Y{ImKIqd6%V`J
z!W?JcYNIKFia3@;P4@m}D;@wjH**%R?KbvVRX{#+I6qFhH1kW>WE|R#k7%tgBqBr#
zW@1tXAIDVyjAoe{i3y)(i;)UtP^J|ASgYXy4(eyI$A}vzjsj+;L@u5WC+Q~$QDRWc
z$`DQy^=DPW@ODPjFiD6>Wl2z-V+P*8_<`AoPe`v1C<k*8Kmg|8wp*}*<^!I>)f_9A
zXCV$Q5^wFkzg;N4n}9!of-jWI`W^8u<Z8c=Uw5NEhF)nb);6KHtht-Yj$M~;evMAF
zlOAPyD=jLh{2Df`#7mm6lTI{nXY7^(tTtxH+D@_ZBb2@HGLo3Uvp0Z=-A01(h1RU{
z)N)nP2bStj3B726T`2?dSYKy6sl{FbsOV4wm1^a#2E3qqX}xSZZCs}1W4d=?J@Tfh
zYr(2D-;j#l23sKSP|JH`2)^U&^oNWryx+n@&c51>)+j-}__&FTOQvXLQ~HW==`1|3
zWeYi3f`c!S7z<f+5#>^&`5LQEhE25S%$`;a)zdk$2ssUjyDsw$XZ<)jZRds%<ApM;
z1|o*!B-tJ^@+H+YGfOh25fK1qx_TOP>Bi(93F8ZT0DqH@{#A21bhafYh?L<Fd9?H9
zMFHQDUt~M>6Xi0z8{E7F$D<si#22_>2QccGs5*ZiO?c-qV-F8NGwf5TN`gk3qIw{x
zV!O9sK9^Q4hvW`Jc?%Yd8-&9uV#Tr^@+p*<KznOyrXzRa%HM>tmi_G_^cM<Mmcm7-
z898N0ua#x5S42acPDiC`(bnF{U4l(-dd1#lm^X<rlZJ2B3O5BRC!dOy<iq3cHagG+
zw4j4dyYrd-c^+oC`EA)orH^0N%~N4_R2Nv70P~)q=-5Q;{0eWoC3(%HOM87c11VgL
zsr)bWuUuo+3MaDZum>Ss-JF@_nQ^|m69c}?MRrUtP8UlqSxZ*_qP4=^&c2L=#s!H!
z)Qf|XC1P`I3n#gAUA`5^gfna0Gi!#U8kapnm|}Zjw?IKVME|0a8`EJ6XSBCJWd0{r
zQ5`EYD@5jTso>V;h|(ZxSobA@u2@bbef_~O3Q{sM5jnRgGKY^)W{+cQjBTMM2zMmq
z3psU0h$%%S1)3|f%BmIIHg=8X4~cxRaGoj<oOH*h+;UxB?=f$_O$HxJ50z>8ytZ%D
zI+jjGu8w+QAM8nsQ?WUbKCi2lI=Md2(^`!9kony_B$+%UQ>bE5@|AzUjmRdj{)}l)
zm-WSHeD<-$r!5kjzARcWk1_kr{{5|wq#oF3B}?&G=vspI7XF7BV$Cs+79zuuAPoeS
zQ$7o16{YoBGB=F#m8pT0UFrtL{pABkm<^tv#e4Fk&YdBIPL+3ZZ@Nxn>NaCULj_NR
z9vmZu8M7Lq$zM>XH-<d-bspghwbMvNxIZ$z7I1)Hotbu#<6^W3oJ{p~{XVYurl-}=
zoX2yzO4|Wn(Hef9VLHPud{!6p+w_LU`L8m5XXWGPOKj>hCs~Juszz}Aj7}GN+W9kV
z70q3-G9e{p-|q#7tSO5fR<An#zA`Z0%48PNVWRc+RnZofYQ`6o>KXDH<z@=3`HP8o
z^yH9)SVqs`=i!$szDh9-c*ktt-JTD_%{1;UuldweE}8x39CzExmhI|G$}ZBGywUh|
z&lui8)cAApWEP1(SQaw&&_Nu3sHQUsVNG!1)#~_%3=Exzd{`}+P4umS(3$eMLAaRn
zh(I!!2@vkSqSDqCdhW&oUSHpBcAAT@@Yq4StZA?aV3;sjLg+`x#PH5Mg?sseOb|Yr
z&M%n(*^kXf5KBq4Hml8#B~ROY*FNLO!%c9mAr0uf&8L9VfxeE1bWis7qp1vLF)CR+
zuJ@ymy{UD;R-Cfios39&Vzrc1*Jp`erzjs+Y*&y<Cmdg@2QsT@gGlLOy(r9attC=)
zxJ$#5xcuqhOBe{iUSI`C1wQT4j}ji^(oY#e9jBLLha18R;P-@c9RUK*wL=MUUz)of
zyCr&RnGA&gfL(i-0rEO8JP33NzjEQ{3=heb*AL`~!!QN33Xg~zckp8x2p#9|r5^&$
zb;Z8#FaGLv!l~HVr=L#>kMR#T7jgqABkn&ToVfC)fTrLD^ix2jQOa~1<=w}8<nh+i
zWj=K6y|yhidemN$7rqRG>T$iCAnqNRUczv>tYAHS@%-rRA&u};Pe4E%_e!$vCv_sH
zW)r4o+y`Krcg|A_P?ZL-3-6EsY99j=(Wk3M7>{PVtR?$<=QEdd;Uiv;*ii;!Bm^?`
zzni!cs-#>>)U5_X0EWy^qPTS~#R6u~zZ7?Xy&p>iT%qrQ)|Cj-fW7<K$JU9-(GuT+
z4-{5y?tTw_P2s&<2(+318txrD(six;%Ati&@$@smbh%BeeB__H=<*&q`QY|ot0x^{
zj5wHvrMuu*O$=r-+A!G`O^1lbqRfSq2&Zb|Qs{l}Gp2v+NLV7VmgLGDBqdFkE}$y2
zP<1YESK(1eS4M4I5C74WqEha}#S`buw%n_2sF6c&neVEP_mlfK90f10`CBs+NwsfY
z!I0bN+Q)_2F})MNBiUhDez}hlGxPm+`&r6KOV1BFaZu*g9PdenujbSwxBIv%M;;K|
zBB6}mteLb}O(MJ$m@`^S1<mzBb-Aq0q{3!QzY=!8Zv&aIE7SLFNF+@23LY=7RCl-o
zFT*i}e!N%W#S2a&)aKtE)BEM~_U?>YY}t&*QwH9A*gWp-dopJD$i^BI!?Wgy;LGIk
z^zd|Yos~(QyIN+8TNf`xIZ!1@KxOFq8+OPiI$TD`-um)ps=!Lh1V7vPK3mrtN=EPX
z2U!T!y!T=F`#igzFO1&%^Wlvr{&t=HK%tzKe#kHWSRW`G2Ike-yIHyRZO#vT{Es@R
zu>m}RVBOgEq`Nur@;H@Bs1ftV&iDpk${Uc=MWGh7X^VU%n4h#43qlQO0h)FO0oB1U
zAM%%)zvug<BQ)I>mtu;syvdOOeT;n6k&*5@JAHwj&le5+&W^}*-7$|k$h1Z-dD7ra
z%1q@F0WpV8X=K<kT;x)ahxV&2NHQt*e90FoE^=H(x_9r9p0Ssnfak4!h;$O|yD``H
z0?b+ZLOl`YZGNcI-r#q10d(d>sJ#rGg!Eb*go89+@+@#Nm>=Rx{U#9wCO<cqz^-wf
znp%)gF5_+e4>NUFs2_k!NU6GJd&w*ws?ufV$`b!hv0{n;Ro4(Es$>k<nymOkZ6$9M
z$jL@g+oz6QwAO11G7Y}Hx<k+Awg~=aeVqi?yt32HamXSWE)hHq{=mPoqlE3HAGmC7
z7dH2&K`<@h@whC)k>}T{b;-r|Gmd>49*VD}Ps~ZO$bA?bVI^-2Twd^4x>zXsD@OK#
z>Tp*2n6h4wO{9<qow7p5l-^{(0$W)DP-wl=*aybd$IZqeUaBWn=gy`t&DLwA5@_H4
zUV-Q>f<fOy6-3{mTHAwje98CD8i)XcfxpD?sLi>r0NjJa!F#~~Qi})s$i}%uK8|2B
z(J`XbbSl<Sa0TG6l4bRMy}glME{B|N@H_zISlI~0uGc-0xd_hWrLxtIu>ekH>AO-t
z5)P4^g67A3B-D?SeZt?6k<B7k2lZ2I8JTsRCefb&++^G(lpbtcuh~yKI<@;Vo>w_h
zuLZdjZ}xOYgvX4_ND^eLlqzkPntvjVLNlkTBB!P$8P}X8LW&v<eG|rZXdkhyenn&Q
zLr}pZaqRu73|qD1!X{e%E4ogC9Wi4nY{oV@8S-fLdpe}biotXs*y^MJZk3^~k)}jf
zBcF4nh>%=Y%pik@K(6pGKcP7Mh%x6gf0NyV#zvxYb#OSK1Sg#gBysI#EAE)KvQpr?
zrckZh{^E~P{$_eq$XoWA!0uYYQiqxqm5v%lc1u2I+ix`K4J|bUEW14*{b~f*)hfJ>
z<2lROn~U>vS>>M9k7Kop7==t&(PEjs?crC8L}hZ40BDTiaShH68MDCws8~=`JjHM-
zVs)KInm1|BHt%TfMDJ1^>&9aP$J~#gkE)MO9o{+|t*8K_Xz}*ge)kTRmWsc0a1#_L
zm#dG^+|;X#?e1MLsrk+F3hpekF+)c<G*n4m*iC_AU`J~#jw)vzeLD?8AANcsXE|>X
zqOtb}az44dUglh$ZkO4aSF`+il&!3_sy9G9xif{itE2KvYFMmk7_g!p<7MCCimJ2(
za(zttxk6$MKCU%I!Zhe=<rA4;fbxlSbn&XO-{mbhnyWdZXPb#5Tw*Ls2RZUE1w@nL
zeXY@NP6&iQK2)Iw@D({Gi@aYxBOh8?TKHN$7PgyS;=mBhE}wfU*SAB1n?^Fb=LFBI
zmH1g7`<b@+I?c%am@jBNcb$qzr3PuByfgM`EWiB(R$|Rs5*YPmvQX)jYRT~S+3t+y
zyi8l1xfewB{4;a?-L={zaxY)@3XCePY#X^YWTy2mnx(jS;5c%6o56yN-BHPy5ON<@
zu4b|n9D>)j9KE=Ef?)|Gi^DCF1(0yzlauY}W=&~F#(&~eO&u9$mpJq=$1f(oH7q7%
zm@BzfVm4(QW{8v_3Zj@~BXQPgxGWC!`!!Jb@b4+u$TFN_?hmt4E|WJQ24(gHEu@E%
zb$va%&Qhp%Tl4xVIRPnQMd5j#%FRx1PGU1409NW;FL2>zV+*%MdSbhoOBvSiWNcnV
zKqHK|cdlVGqCHfQku?aSQ5mQht0KN3={**UCBr4=L!Yi3T^bD{G>Yb4Fc>GzyeVK*
zw9#gP6fiX1ts{3nO|W^9QNsCzOv`vVKKApJ{bIBQDpt1nQ2R`udB-Q@8fJHVW+P9u
z-w@GUqZqkz68@L7R4+aeZ=RB4yt4||HlI9a108=^^c3GR$4DetZh59WXu?ISH*8sM
zEt>LiDn+)4$bdiRvQd;OUG>3J2HiJWljZ9y<{=q6L;w>fLx7V#<jJZU|MMuk@GTfi
zK|_9@JM9_F?!y`KzKuJerVo3s4Uwx2yd>ZSH9u0c@K7tfUwG1PfV((P|4>MTOCC`7
zvYq@ih;SmrEle>=0VSO7*wAMG`%%ESu=!5B$X<D@*UdgNK0hI~%%dENl-!47JxK{-
zpn?&u73=tCxdfv+4HRLI2pmap(cqKxMSnnEG5B+i?W8fEk5)d(9|>^z{hD>n^S47}
z?o6|4z3)>oj)ePIHNN+P-*+AP55j2;mMQpd&($4EGjQx*hUxB4nYOsuAA`uAXuPVm
ztTw{k@DJqrBpKu;{<^tkGR7Lyd87e(hw2@|Gb9Baq-01rElF?XGnAY(DSl3~oT<^0
zULdv_G|HGZVVKKQ<ckhu=fhj-fW8yr*;Degk#3;JYumibk!?P_Y{*hP&y4gf$28lQ
z>*5i9$<r4&Pa9{cnOJNStr~+^0mAVLQoOMOp<)XbD6VLaH(<C9?Cmm6+nxpFBrRIl
z8Tm9muZM#AZAbJoc8T*V51FGT5TjwpgJkg%Da-(gsdRZRkQpRc1QLZtp;A;L)!!{b
z4X6RCWwk<esEAv~z&HJO4(-zjGBTwtzgc?cumX&xdC;Tzoc0zA>ASw>24;OpHobQ-
zn-AwoQnz_Nz_pxDceg)URl^N#b;pI=-6qxG>hUKsh-jdV6v!f`3R_dw+s{Go$hIA3
z+i*vki8v$8B!E{b7A+d{<_)Q`<NWfYk?-jU<@684+Wu18i3*xm|9sXKq)OLPCuD)S
z6e|5odTqw|7g92pI6z_)tq7xDtCisQB5av+*6=9ubcMF_(W;|CytbzM&1w-&B!(W1
zy?3jij1(p3VD0Lx*b*)eq}f)iY$$&(yHug&b7CrR6ynsGJM6L@%#vK7T`VklvSPL7
zp>!SmA~F-pR8oOrbSvGI6;o!vPXqByPUZ~|JN8to5~G1byLL?6cCl#_VH8WCp{wlp
zl0rZWyROmK#zW$ijGPdC)G0U8n@ftMH7@W*9{$&@Ld|}#GDG$D(#?9tP-bqY>*cuK
zS?&n!W1m`V(`8t1SI^hU;r>xBKnvYsb!)EC>M}bz<XG38*5M04nB~sjWKFhqoQE?*
zsP&405hG~Nic!wt&h2l~gci}rpa4^@*;*Ft+Gr;Yv)))M2xHmUn>6o1tpy`WyI@G@
zl7VKJ*_cNVbps5y`}X@1t%xFg>Gv@uw0|^88hXv?FkwODlEV~=T2(Mj#7Tkn+Q|Ym
z4raI}gSlWilH6cqFLcCsp*o7tCcSkJRh{1b48sRCFzLk1Il4#^C=7xc_56b(OK?Z*
z+g?H9o8g-aQctRad+iY(kgHTz%+H|KCY#xU*$B-mXUa7G(li`X!zPDY@3yUzB_zva
z^oY*5W3U=@ZCwVBU26KQhki!-_h}gH&e}DYXx%jNIw;*%xY;ZDd%g(W{a`TNv{SHB
zbUKe+9^4JF+EtiwP+iGh_g!xKtnh~6x)x6Z7Lnb-HgrmOvF7=BgYk9>I!)kgf%H#G
zs?-2y#S$G|eXi3{HhSezBnhav%U~LM#F~Ul`Y7{9Gm9z_HS7xhK9!I`MEsu0@h&gH
zpRrft#VW5e8yXKfI_`UJDU)y^0B*#N{)}3au`?OUi|6c#91o|jjh%?5$*qyAutvS^
zDd;IZueZ5~kE>C3y4dZyD|TM&^3AKEjTh>w*+hvpmf3*NAFz@bNqddg_gvFt>P>^s
zJ)JSc-TvX>oDyyMF(xyU44R+@Nuf|`+rtLDoS9oAjQLVCI^D5GTPlVu(j~48)I}N?
z+wSm?b%r^!Qv<7RX!VJqrWuZ{ZVYoY2Ub0xVDs_mJoj^iIw)IWJb$x3=#9aRN&Y~*
zB=Sd>9Q&XR7umD8HpJB_)~B~HM1i}BOA}?K!@RJXGLw`k@5EK&OWCB<<l4L@5nsvl
zHls2?01>yYns|DgrFq8o;8`1q!px2gXY6Q=Ms~xxBh-h|O}T~XlxrrfI08zFx|y#G
zJaS@_!9h%8u|$W?kbdkF{V<IsN#P|Mb&dUC7V~`ffkhC?&{WS)Y0`c@0)1l#MCM$%
z+;<MQ3>pr`pUC|UXbM6*cV|XJ!qP32B6zO`!>Whd*4X-dvNm6GoBlz|V#3jI-W+P9
z?)!vUY@>&sJpy-RL*|k|<x77|K-VBzNV;~<!fa-ebai+y8l8wK*^??2+UfLLDpa4V
zbuOPBw|zdJ`9sf}9=$`|4gvS5?!lVEvZv+{*6zjgyYldMLvT^Iw}He{Y$CG;zvpgi
zUG4DCw#T-`OJo~5tK6@T&a)PyHU-vj6_~oE=lRl_N&dQrffl{Ob_Juu_wCkLC%ejf
zV#H+C5vC}~5weq}C<U-3YY+9(P-x!C*#Q>bFc0xLkkU{aUa!1RwTHjep;I8{C;^&a
ze|BDpr{!DwU4eqRA^O?n-F^m>pBUf}ZDEFuzU4yAi8-<YDOH8i@TT3Xs}05cxwQ-$
zs6?pA?I>&ak~y5{*z<&JaUf5I2<Iz#9XJ`Ewhg+;G2qYYwIhV{wSIv<LTwxpn)LM<
zd^aO;7k4-v+d+wy8M<pmnS^G3DEXze>(r&ES7R3KagB4@MQ}(|*2}!Cv~K{0aKhOY
zipwHS^TZAh{-sZW6*ac6|MxZ!!oI3`LoYvIl`5?S7&S8tiB1{d?UjZ<My<wEtKAK!
z+4|R0rDCv6gzZxVSF~5!W%5M%2~}_5W+QfXezwNL!xSI210Khly2e~=$TqhU3q)0)
z?w2=x`{Sp_)91UVZd<;I$R%t|7PFwtT1K*^>hTP2u8mZOd0#ejuJ1!CE<oS8_9kR5
zT(@w7+dvi>!0CbR$49lTgOG@%(Ud`)r8;o4j;;^7+5IER3E$*ld-#4XeGBpZ^XcNU
zR8G(1{{B?GQ-Kk~Ho>6TX-hCcCV+4?ZqL{mKKthjc^$Zv7IaminXn49w3PoWB|(XR
zBD9wnLadt74y7cbtbYVbnlO|!WpA;-<uQsk0~ni<6C-Y}q&>$oNQCBcY)!xNZmU1M
z!V2LB$H9Xvzb<rP5J#bry{L%2D7w<l9Y@U(ihh8T4<*=b**i%wJvVhvGqD~uI))oE
z_FFrx3l0TmFGrOIPaNs?k--|m33{RdP7cDm_GOvD?9`J8d$eoAMowfc6QxXXUje~0
z@7u*=Gst2pNwcGz@cxaI<8z9X2J#g?)4K%q8{MDmLuR4~HYozfA{^aHQZCi##l~LC
z@sCV5H~&zTcMzVy(&CUqci{VL{cu&ftY3tm)-Q(>S;6B&zVDznv&g^Pul7WBJ%Xm%
z?jar-dH4zveQ=v>O6})j>~E#+`#{r(n-W3cQq=NPZ(t{GEv$j*PnMx-h5XF>aq=bg
zN1)@V{A7N}`r(5<Yx~85x~cdH1M`s1Z<1U6T%iI|4v-N?hYo53)~hVYWjb=+CEleE
zFs;0<>m``gPN%&$qb&4ATv0OtKkZk?8I7*|ne!7~frB3B^fGB!m%o@n%`YF=PkWSc
z8;U^9Z4=m2-p@22E|QClMj-fyBWN5b2JMft2zXozdz5CF-qHPt;5-7Q%31)3>=YAL
zay)}7)*ekgxL^$amJee?XZhHAV_6TePO@bNt#>}-XL2bTk7k=_(!?*<d%0QW8Ud;M
zU3P}@zdfkl7=S?Z!ud4VVMLuDa!+2%ce?Le1sO;1;UvQK*zUL~(-Nx5`5QHc?!>C9
zXl?3W=~oL07%%l>v`9<84mwJ*>d?A9<nE^ud3{5l^1uO?Q9ejrh#%b2E02qtlc&D1
zc$*U~zgk3dAy7$lFVqnh$mK%>wVY>~a_QJ*UvpZMdRBdvUa#~<zPdYF$hqVWcMp3`
zX7f77VMfZy#cT<c-acV*s-GLKaZm|MpV`H6(TVQTc#U~|stYf*_xfABIMb;05Q(gK
zeWnLyLa%wzw+IjjKCry#cfL!M`sBJ`M;O165ii@3M@AL8^21}p2hP-s{!ja$<vp(s
zyLYVj4gU|F(H2yG+g(25bgJ*O)t~eO^@wD#+(L)_hXlF7NmqFFQb*wo9g_&l2{EW^
zEpgC)q?sBZecM+YwSk^s0mqo{XrIoX-`>tMl7|MY%p>?Ir400@@-^;8`jh+im-a9~
zVGtoyB9hC=!z*#WU|=7^@-_9qdI-!g(>&rlo>HoN>`T^R++k=MxZ`M9S`4OP|Hh-L
z70=L)gkYU;UcTJS-K!J)U>I*$v|?h0dgf5Op?TF5;nYVRn;d98>5}SC5O<~})kJOy
zv8q3W5<AgNO@lw&>zd)uc8}D#{fihvUqA2265Z*S&_*%X=ra9D8jR$Tb{bdKC#IvC
z{9z3|4Xr~kILxZ15@t8T)H8{NTZ6y1PH0=KYmO+giydCGxW!%mX=yoX_j#(WC8hYR
zRM#Bi9{Z(Ll`SxA88fuz;ZS+hV`%NaQ4&32N>JD&R=T*n6ncJDRgF{$yz8gFilM!z
ztfz&J7OED5=vXgi63NcSwnSHsR?5Z(hMft#`#KyVt-$^u*^Xn+c1r;p#5{Nkmz>Ug
zhOS0EXeg0K$kNg7@{%Ah50^iF7E*CWW?$q6)`z;;wkSi`mYv8+#r(zufF6I1!$2I6
z@vk^5_Agl<8qV-%3X@rEddRnPMg~5|9-Ny@kgnrEthRxS^beu3m)-77XJvgzUPMvX
z*hGORus3RjAL_JrSMn~a=vK_3O<E=Q=2uAys#H^sWQXYAJ(D*YND_cN78<kpU7@#@
zMp#`{SyP3q1}<c%;#}6<3=|)!77j8J76!MYiG_uwMlgZ8h)LlpqvTvx-JP!ryBjei
z@2uo46BUe64HI;jO#cU-eNhcOg+?P-R10e`KXO)*`h39o_QIdklL?hlo|d&trq0K_
zw%i^J)z-MIzP!C1=om^F3~iad9Dz8tT|g-hDLELcvIbVcBoBU2KhMDU^R{GIpB0+(
zY8W#WN`XcsK7W{$x<WXqJ-@x3iUhj=I<*xPVs}sq3)?m|RdIeLXip{hT=X%qrKFB9
zN*H@cKn1lL6LnF&&8yssXu*zyPCKu@{HJ{%sXv2*2G)2LOlTl-eZ6Y6b~<L5Mln)!
zLU>lg_uI}IXw?zvSrSK$c4KhOZo%d?2MbO2pQQ6<Va$PLxxgs0Q9q5t>~nFFIjPvd
zD(d(!;7vl#QjOWz7EPyU(gaK5JrpCa7`m@W7K<Xnp5gWR{r*VKi3b>?ninWLL!utS
zC^G@`JBqV`4_R4lhABsf=>_bI@OWUw^NHsIjkm<J#7PgHPyp869co#*$;1e8bN&CE
zj^-n|PxjhJ{#?&(5SOf777%jMrqzgX0FB!N4^k#70&*WC{zc<G=-aouw$g@zd=_||
z_p9(a`=epMda41Bk!aCA&CnP#Rk6)hOr01HZFw#*%xQ7KhHy}MUKjO{>W)q%0!dOu
zT5OyPa()$yVlgW>-JWb(J#e489Bw};IjQ9W2KrdkYI&&99owQkTvA?SWM~<!KfPw@
zW5!biD%l1s`_2?P^^GthGvGtsN+)94Chv}RD5okinIfFW7S|f0jIZ+K_i784Au)Pk
zOZak@SX4CJ;KiIDf3$d|IA!cu*l9-ypRm&wc$V;Bv!PMEB$bq!V=xNQqPpLiUfql0
zU<jo(X@Ba@OvQ?<R>Z4<sSeJ%6!qzJ)wve;Tt}$lgzi%C9xW^5HVP$6*rh0yr?w|?
zxrp&gWx28gwSeoZAx>S;bm6Fim^YCCttM`RU795JvZ9KWN_~(ZG^WIDIs0fw2Up3M
zI|jPxJB^r#)(5X*^B@wHZ5jR*IF&VOFzchaYKbONri8`~5|*#cRf8nl1CxlSO49nM
zZ^1TJMW&tAk|>n|>L-PZDo@4F5xP=UC71ZUf!#_L^t@N=sA!lu3Y3_!`XoRE*O{vz
z6A<z!O_J>ASkcz9Z;kS>i=?UaQPtN2hekEQqW+i8>;n0OVv@b6)eQUnWz*q@i}eN)
zDTcf0Uy7emFLHv?j(ey$2VD*(SvVs52fZp3Tk5eN49VoboYN(i<s+ZdIR;=k)l@CA
z_tP-HCeOjyXU91i4iXg8aNe?jktB%dT7md=o;l;6^@00G_R06cK`mac_D&ti?dI@K
zF8sZD1v~`U?})<Cci;AQt8HOIIzDynvd@M5msNaxrrd|!e2!jj?=q*axM#?{Ze9?V
z&2rINqjCf8&HbkyBwYQ^ot{<!cbioUm)Kf=b$0B$@0@GSEuUxR9E0_eebR*`zaDeH
zG+vj56kpNj&R^#r%%o<3wO)_USLeR;J#~f=bnuz(3A--s(6W5MVq9e%y0o(Z9yi6i
z)mw$~UL<ZsFObyef4jtJIKiq1+(XUqY<N14uBQjy;45)M30ix+eU14oHxR66gb&;q
z_z<x6{X0R95o)L6n<0_IokZJ-td_bvy`|qA<B!v(kK1#M>T{+%Q&wNNPd4V8Letwk
z=WWO=UH1XV9iFa^>n+9Y5iNrIXdHE5%_y)gyzQ$1CL0%P-3Ishqpc~g$AP&4>AL~M
zjfKu|^L5bd%yu?LW_%jo+8e>g?f~88X-|XAHHB(BiW$`YU=}uM2Ue6Qd(yx{r??q~
zipRQQDs2z2z404w%RY+bfS2Ivm*?~}Bg#VsUTt`-_8>4`?(pnBI)f|2m%9d!;tGu@
z7R$+JU~|>A>wx(ohAsgoRH9?-o35H4(`Z@r`WZ02DMqxcfprT>Ml>crF6DX;nT{|g
zqAjDcX46cv%&k~#m~vPju@>DSxowTHp(aUgb7^kvK-ajAlH9sP#1^_5B8krSz<#RZ
zOHjw>&Q-nqTzrM3%<jpn0@)$_>cVDEpbU&8;v_YRkLdd>5JzPrX`79Lo8N)QPTxZa
z7T!J7eF2jU4C>mF7q{`>xTE4&1Ga^n6%PrlMb?!S+LFf*BHW-c2nyBz*({7<fr!^1
zffyb~GTal3EL#hSxl3Fn{S$h(74a5osKk+m=nH}wBl7Xzp{f7NKE}Yx`Tyw0nEv1D
z$AtcG$oYTs(td-^{|Pz&4_aDg1_lC7cFzA1a%T9(n*ULq{fCzJTW|WmX=&Lx|2^aU
zF9P+yGO7PvLB_(&`F~=Z6Q^P_8Bl_sc!E>shalfUq>CUa6Qzr2UJFfMe}HDe&J7ZT
z(%e2iw1qY+q6^|bwmq61C)gr%2xA<*i{W$>=6+{{_kGI^9(RrGCsU9#_9DV&XXjW$
zN3&8&>DvB2+uOIHdgOs?!ndSt9S8r+d_I=^i*%xAWNU;_dttujlCcZ_YX1JThHtWB
zG(+^^Gi&K(O?G>&a;Es~<!|Y!fe%k<g0KJ6$U$<vt4y-Z#fP;8H~zZa&1yRZR@2s1
z=49w+4`++v*y)CMBcq6O1X^%|j3KdhvOcvocI|$voy5{k1SUjvundsTZfjK=QB5!Q
zQn$a}Si)+8UN848-n(eZ8t<~0DEa|z+NU#INsplJd{4s7P!BNur`^(h3rD2x`)<kU
zRZ+^PEYm%`y{L>Yx##Tmo)621l)-bRkW|PgDPZaEwsqfqjc(t4ODnSQ7gCPt&4@eP
zhowg7XL6OWFZIh1{xR!4dqTc1oUibg=J!4(davtnX-`+idav9UmZy6AJ+)F_9Oli%
zm498H={_49&H#)hswuHz9vGY4pkGgK8N*O2w{LJE#+%#!F0cPTy4C)tJpQ-HHOqGn
z{-<&G+qTR8&3Ci1vJo&dGykjq=lUP@@;{CBJJ<i!zQ_Jo|Ihq)%=dcee`5ZL|IgTe
z#r(7OKlb>?=*z~&_OJGzbN{UWC;q#K{%75P?#uQq`Q`YJ|M1WJKXd<#{b$@i>;Bp6
zpWpwi`@V+$XY8N-{tfp1-vn_?|4k6b^xp+>O#f#=93uk*%YPBXxqE&K;<BHgHb!`u
z64S>HvI!^Qg!_r*m;@k293)2LFobkLO$8EQ)1feBn2b!_s1PeC;D8IltY?ASReB-V
z1EicP=d3$M(JKEeHvK_eTcg`tlv)0xqc&ySbG(s>sD9?d*E4g~)0OCX_2f14<lJ53
zXo_^cjRDFG`vbwjtcHKiLrNI#hc+<5<FpK;xyy0-5TqW^&ZCnE+r7`*hP5v^Vmr{i
z8T-A}<@noS7y6G$r5{MSm+-G3yW1YOKumgKn0FmNZ(?u69)4(W1f6bn)zP8{qpR(?
zam8?Z^k;vDnr4p<-E?u#T|U@`7eVsG?i=7pd4F!{*V4XG#cYExTt)>I)(spCaR}t3
zPK&(;#!o->(C@jytT`d<LHeASh{}tN;LwM0b@ip`Gm&dnHIsNcNLpxez2~+KO6@_^
z>TH0O*CzAUbOZ&*0cQdY^A!|Y&OD!e^{8SjENi%d$qq2Op@;0)a{z_z`mBI(Bi>!G
zdWM76^danE;&>s%^zv~y&pTfdxwt_UKMcUwA;I^xFob?#ZC=_T=7?Qd8gLF02>1xP
z5ZYig@c{>tK>8AbGex)V8a)$ReA2DmQ@bJ45oyD}{N5~zd=JqM3jO=YeeDjPD@Kv>
z1`6I5niuPtx*g2b?ayN!_DMc`%Wg~?(;bs>x(F@^xvhVIr+w&Zu-=3^=t~d4dP5L@
zzlGfxFhvlC1fbCSKTMPx<@RdtBE(^Qadr-K+h6{mXDZRz-+0CPbOG3M+T0u9-~_?B
zy^YcT9ru1m(iVg%CyVXB(yzQ$`Ye6Ly!ol_&!sB-BWK__>(CYi#!8TOJLvI?w2EE3
zU1tSdF$jMi2g{SY8`=7cRrJc_emL{CzRA*SYblv_N+ueP`Yd&MQ&X#9QmL!4!XaF{
z?m0z7PfNW!&+4<2lXOTV7>wEM;8508X2RaIh-9@Y<(E>xY~FG>@XSw&IFvbsKi6%F
z2_sh(E-#kQFhyrkfZ|}VMLM}qq8CyyJ)xY+l8}6DACa@TBp$C9@_cR-Ov(<Myd)J#
z_ke_zB9Yp#3Ok8$Y$=^N295ax5w~r{R5?XHQ#;<kU>-K{K|xt~2ZqYBCdH<`)dgPl
zO@FooLM5T(N~$z@^&i4eWS}yTl*~HugiMZ%20z#vJa!QwLVi`CscBv!P(;gYofXGq
z;piC%{xP(tHBpiu`bE`FB{K6%lF)+dA~^(l8i9|&D)0gK<;ahEr)R42+UEfGpb`S&
zN-g0wS);mmyviEibZ0zJ(%;g&DM7AyiB;~TyrU$6!mxUZ6wU{_6=!(_Unlm)5<{o@
zQYkO5Uxl)0HB*>A6vCUA<HTMfr!PkE>w2ZvBh}au4nBP<Fy6w6oy9|8@Oov!6F1@*
zDA(}(gbc=eZH{-!S<+!%v!?&hqsWHe@VcfyxuG{ckwtL+dAS5=GhkW};rKwF{Q@_|
zfEPZ=pR9%}MZaqwEH3iS8+uvLY&v$PsCh2k|0W&k5gvWGxq67Z46>~WNR8FQt40q~
zJ$BWZ8!l?1ME!Gb)E;gvvFO$izcBf4#hQS);vkO`l7ozCZ)ZMDARAllyNI{<g#ehl
zgiHBGuwhx2g_?8dV@o+V2$=ZENro5ePgM_8cS_)Ty-4*3c?m{`XKn`l{9>9k$vWzS
zqE;&M0;#DA_$D{Z$l;PAWy-&^<@S_Ai&fP{XMHin6;R44m1A#6ts~X2Q^`1H8w}`P
zQk3?ZsHPga4|(i=i#fP)fT}v^#?D6-jPXTRj&H%eSuXzyH&k<|J3OmbSKTi)wVq`x
zxuO3KDMMDyiqrBA#7JGvkLUwchHV2Mo8WZAM_NN9bVsyPq3bU#m|@+q77k^mk=Ym*
zNl4|;&%&CLH<eiIE5^db)gxCfI#pI-{;nhsr6{c!j^Ce9sOblWFC~>>bigQ6vK%h0
zmDvpfx@)Ki$uFa4{yit9tM>QM(OD{D<D}TK5MZFYl-1`|J!Em{TqrRu#4ZRg8;elJ
zj4Ib{RPUH<V#UK))n?G{;-!hj(t4%|UT&94hWPhZ6YMwi1WW=>75d)*7lW&0EA_dm
zJcv-^bTr2&A*w+YYz(I+H*`je3-Wc`^)fo{h4}X5<Y2IsHL6f;W4ZY_>Bq*Zn{MNQ
z@0ZBQTj(79D$dHUAtn1+Poz)+rs^?<lnL-8TzLr@_WJtwF{#FWKy1_upxCbP$od=u
z95DjN45fQk6$Lyc;^6RRpw6OrrD%v|^7bIGBh`d?bcx8nRtd08m{UhNLm)-E{L)fy
zF3d^nhNY3hjUd}HFg?;>VKGfYB^mut>MeG2mMkl@mfdF3fL2$KQB~$(=1B{&1Ebd^
zn^5w?9a?HUYX`(4;pP}vp2bl1G@}e0XhnscOiBAttCXdyB_nF`o}p1|3f*{1C?tqS
z`TXi^l_976nznFgBq+}djQ&0{MkgU;j^|xI1@}hpo{F|c9E<Xj1kgy4G2=}?cvJ?X
zgTm}eYj@08F=09p&A@ozUC77lYVNwEqIcXS_GbUukN}W)a(X7sP>$_7x}n=+hX=>u
z=#Kuu-h3!+c^=k_JH1f}C%rl5v_yBO!9#TQ?pAt!s!}P0W{=D{QH%Db*@z%lf!H9D
zJ7k8H5RD{doK1_1XCURKL{%IT)w9STUHlD7t(=6WrhGuYn$I&PJFd`R0R-$Q30Wg0
zW1l)rFXeK_)ny5IXG#rjEjgUZ)Jl<#0o3NM+Uu@4J(edOD3yD3AD*7%iz&K7!-!qo
z()ql;Z`)bx@hx|cG<vEoJpIkX*?FuRAgIEA3&Tc)ApoH|z-gHMef%;>Gg@zAPuZzr
zw!r!_IUEF9h^mO?9S4s35~r|BCu;~GytF<~bKO|rQeYiaIihns-}Feeuu9hzOVIjQ
z!d-80328>@$$5Bnxyx9EN#s^)S4~;8hXA}BBzlToX&&5ax|qp(mKby@-ejdgE!I;j
zKs+`kH7+b1py)&pQ`4eekO`OcmXeTTD7jk}#<rNFwQWA$-$Fmhcr~ZBO3f=O-FH&E
ze|EN2n{)BP5x&M=ENI^s9JMk3;?gpkIdUz>!-{t3NIw?MMWi2c1r4}QgIzSjhhh#w
zJ)wv4a)?iY(w~xM#)vjwYRobR2MI%Bc||I=3YYpxGM1H<wRs}doX$9GI^|8%jyZI~
z12<Q-#OET-QZWDhsXFmeOQ2>sH8sXUD;qo=5Fp&1H@+`dXmCqk$BVtgk09>P;ZRJm
zU>&V1?o_GI`6k1s&zO`5&t~n<k;o#$6Y^~sFmOvi_fz_a!N!QW5bx1G6KCp-IFmY3
zqt|4PA%R8-iGq}5Ch6>%IKy6Qb;O)v6^yCJs|*wKafWT;acY~AlgCrgb{o4*PCD||
zp%&TU;qN4GTz?#vd!<PbJnARaRnP!^2GOYF=q!7;i_R>i&b*R-@hZ{M8^4>fn@0P=
zGN~Qs0u}lqq~A9N_)2#L0i>tdFRt}GA|r-2NHq9+SuQS`UPCj}-L#T3d~YwP2D|8A
zy<SSJk3YY}(6+JMP22tV-7^>UrzV-m*<Z8R3>(s|{We<y_i1@X!im7OitL9R^a+Rd
z@(i-=5YHxQX{C-G)KQKL<>nqlFqCjpEr_o=>u&4*-0a@*b8_6ikKvQTo_Z_++^iOx
z`6t7BZYS`&WIN?@xROp0Hu1j>{hv!u5{V|egc_~Uk_1C}S_YGH7}u%9nTuc(Yx6b|
zwhxeD(IN-_rpZ>F4i1)<a^t8s!>>naxAa9nSPDpK9JVu8Ye-AAuIS1}%a)2-s?Iy)
zoY2oZ-c&|sxHFRhbL(z*ZuOVWIq67`KNp^Bis($haN}{vL>aFw9;~mk**bR0yS;eM
zXp46*E*y;3Dd%+6y36Tw_iTNsr_$#8v~?1@?VZziQC*)mELYp;WPe-(jGiXW_nwj`
zs}{wqHdy>;X!W{UtN$E!d)xyJi%|@1H1(oTB;%@zv-%lWut_(`9A<TLLQPDPnf?~c
zA1YxjcW_oA306vF$sH21HHz0Cb`&z-C%%IFycXW|pPBx+2u$VwR<E;ytg~6!zF|F0
zF7JQ6gM5kccmG1;y{UvTKHGZ62k<%-z3w6y6y&HHRA(4uYWMh6?zS@3M^%x%11m+3
zS?*1=X~t-Y+mKp9&g5@96^z0Rf|@o+?9>5}Xi!tYrMSsZW-~#J0#wL>0dl5IfQU_&
z==q5;u69t*_9e=V{Y<1Pt(KT7tyJNKVO7y5azN<~e{NYm+~p)G(yRXcwm9+2#OBT0
zpp@R$4OMvzdMqEb@rD1hg#ida>U1Z*bX_S*RVjd#kdv4bnW<QMdXRkmQk8g5F{<3}
z^2ghdo5JeE=8(mkYwX*S4p%9O`&ty!S~C^om28gW96ItI8QQdJ!>9&D6aGDik3F5?
z6cH4X`%VAJ=k*7|h?*9F8P<v#Ekaa|wfjUo(fu^i_xUs4W3h&4X|F>FchV2_)~ZWZ
zQX;5oQd)c#irI`*GHq*BhHo^&IKNy&<CKjrf2?%*j%6fr(b}SOD8;fZ`v7kS826|*
zs=hpJoTbJL#s2PS+Eq%^yrd-WQi;>&%Ixd*9lHT<dbQ)GH^2G{9+sx-l}$tM+IX!Q
z&h;v1(@y`m8p~k<xs)BCzGHn~qqVV@v*|Wc9~c{J!uD+<Go`1Y$y&vkeT?!&mHn<)
z6vnGIUUK3i<@Rq`sXHcHb$^RWe=Jg#B9bq{yH_lfvki>0?D(_hn7&TVzIA^aE~92m
z4Y)A^`m=_aHe=B@cR>b$&+ol_cnsho3RlXQ@yW3EVpFN|E~t0heg)&c+GzGw(K@5v
z{$O0?+t_>rb-#@~@SXx}J*s$S=DaWTcwhBBx9PZUPAw?_5diucl!-Eyh-M_E_HN3|
zWLeC1b}7dwFy@&jaZ;B6`y7Zv3oiJ)%246=@<a9N>z6Cv61b5Dxz3STHO|J4lY7yA
zq5Xcxlzsla34m8LiM_w;{#BRE<jrX0KrBu~3wYbwtm9s_l$`g~$Hi=ED|M_7alOfX
zLwLr4Xsz1X&Ez3VBv}{bck$@*dg3KzLEq%M6I=DHSp%v116LK3>(KL(=*B)dR#Urp
zPV*lX#FqB*Vn=>T3h3;tHP^>*={L$$dCuDU-|)UvHy@>9^f!?ZZ@yg}BLx5h;H6Z2
z&tw?MUHBJE9(G<z&$9(DVOd$Ek&fejZ4<iGK`Bmfyb@Eb=$CY_4AMVkv#F;0?l9`6
zEUz@ns5wWymYDt$dCe`B(V4|9EV?0dFr|3->hrQ<Zxb7;{rfk`xbzn^BG)+5k3+ec
zUq$ErpCd))8+(sa58JOD?KM4}j_323Sw8L0(zgryq`5=*FwPGYpZ=p6v{Nv9l|5M>
z&jaK+Pk++9Z^}1~0i?cP85>>0M<05hCyA~v<yx+MvKOJvS6vU>H(!eT@z`Hk3w<@c
zkn<)TG3fqbgGmJa;Y|T<#(#bcy}Tex_)Ceq?CzpHS-^0*ET>3cUEqs9jz1r7uY6V_
zUxudhRM8mlKGHGMB#^!~WaP|~XH1$#8pqQ{rvOFz9eeOTYEdJi>Hje+mud8R|C_Pj
zFPnTsVsck!n?S$yvfcxOg&b7XkHmB>%)>PyWpsDc<lfd}##NIoaWp=E?HNSi5@sym
zC3S%HYY!#z+qr3e!)h<R@Utj?sw1GP<8IpL@?uvMj&mhpKXphdcV_5{%vRrLvJYn}
zC|#aZZbnKflUM4h@fLi522XD+E^BByhOBaH$Im<werGwxFs<g)Mh1v25VIO(^NS<U
zp35ggWb;scv~9H!nWQQErN-%QK0HAFZP0WL|8~L0?kRA}nsU>+B<C4L0Uh8NG{3H9
z;2E~fJo%NlhJ;7j<XV^F=PB;KF_D}nheRO5=HSsaM)PB885&E*0tG>WZOdA&-rvo?
z((CTUb)P@>iw;0qxFJ%XIT_J|-oyLZd(yIP_Vu*G)YJ4p-jlm*qjOKmvADgVr&o7A
zbhB-yux@c7kXqXe>sE<=dx}1yCa^d-)9R1?DHSL96;D)+#ZC0f096hC{F)c;%Hov_
zod80nTBsHBiYjZQW|{-R2w_L7$Y~F(Y)6(659rwOC%%E#Y#n>6lF^~G6e$nnReZW}
zT<465oz8|zHwypT3qp|OF6FM2eciM04Y5v+O|a~2SLIrC=_J@17e}oi;|6%I?XFxt
zkdq75>HH@)XszUao*Z>d*l=-R9{61xnCtIazw~;oK#_}OF&6dE9M1ecj}`Em-?c!B
z;_2YneF4c8{ZJ&oys)eSDAghMzp|<J`2OzvN*l>!T>;j3M`{d$6vg44s9DqpRs!n+
zchpC7V8x)8NGt3EMu8NBLnD;pDC^@&qva{=^Z4cyV!*NWOWYI!qZvfrUEySRd`hGi
z^pR;8w3qamH%z6McYd{QVl3*zOtOA@nEw{0KwCqD6$kR2q<0P>)_N1hZa12noYqh@
zAIm~A*Wl>PC#O&eek0!X@ufilP)nAz$5$y^i2h{#RQFe2U)E^kY2+)LlcfFZ{%t+E
zjeMq!bP4+i7Vx2%?=<iZCoEB{hk6mKsBAu)Rghpwl2jmHoHmFaA?fq|^#TM?&yNpR
z@!jfkxP;e0Y@u28TKxEYzVfEBVsVT6kpOSTv2FA?Rapi$C+A?UK-g8xi`bWV4xDq*
zLfh>X{0MNNY-O#+--fh_8*@l7Hqep}pXxLia8D|)g=H|bT66ekaOmQh9m3h0bEdw^
z(4d9+aNZnkK9x?qu|W+!+EU*FHspv66dHk!j@Q6hfc!Q%rKHaP)!bKyMfG+2D~b{V
zN`pvuPBJs3v@|H4A|N$%w~{K|jRK+~(xFI$q=b}oE8QV2_l)tr#`oU$-rrxpd7d-R
znKgUuwf0_X?{nsSX01g+@Fn;y?8?noqjXtZ>jce*5@}!4)AK0nCUA=LTOL>wHoeVp
z@$JrG9Kdsurw~xb+m$|SOi6SP?CJV?yO3yi|J>KzjC7StrcOskCus}ZJ6bQG?Wy-g
zA{oEdG%SUkOy9U1rdN$VfQ!TAolRh4B^;Ed{oeJr>E+H{sbl#<Pr|u|8@&ERei3gk
z%l*EV>ol`xWrH`^gh2l5^)rK^;drh#E7=U<L@mu>+pb@N?Rk4=BQjzq%vD{v$+flg
zs@%8d7;DMnlrG6#k>maPvSJ8`gu|B-jq4pPp<$Yo$tsTujOWeFcB$yUEOzSl0V&JG
z9@%`$QK^SU5&JEe^r2KpW=49Z-D%Lwg>DBeJcglru9w!Whw`!Lr&n8w=rWXWX7ARJ
z9a5<y?y!sz3U12h2edpRPV|3${(U58=(cbxpHVImlXrmdiGmH~;S(H0#>-Q69S-r%
zWHNYY<(UkfPwSGn@1tymyOiR&#PGup=^v@}&(XefZ6Ky`Wi+Le%iJL*ojDmeHWcR4
zXY(b?3Q<yt%XD_!;H}7swWkUkY<p8tbGc8-o6Z>8|JA^2Z}tlVgW{m3#|`nf^dV-X
zW`1bW+c$GoG@hCpsfC5c9I`c+?t)*&A$o@HQCB8b*UQGHDe&uuaH2x(Ue7I#8Zm{~
zk#cZM?vL2v*UIYIr1S7}yj4^%6K?FYkL^^SLB7nB-yJ4?RzM-sPm$6?{PJ~5z0X|t
znb~LBgU{{rTZCe3Zbm%aJS=;&GtCxS`Z6x|`SopA3Qy^z36XvV2BCDgYI)b?kWmvZ
z<~gwFb}jX`L24LyL@Az0xI<j$e)R&K`m#q}Gk?jW)pRYv-gyP%sOmX<xbE9hg*Zxn
zKf6Sr&_uO3`4vmwNNp(w(d9GCQCY!@s;dikQPXBu2rRFJgRNSsNk3>v@q~gD7}QG8
zPn_xcg(|3znzmBp)T-eqCJSbd#OfZ|;-kc}vqAXEZt*vF&6E4d_6lp9S|rupYQ^VF
z;DdlFqD{5>9SE?ZRiZX&T?DlmJgcF#GD=D@j}abheA?*fGdEe-Oi@quQobxZL0t;*
zz7mJ~oy1+Rj*O@j_Yv!$+;a^MspQV4({8W+e4Op6PcIi97iLpf>*Wu4O-kljr>d3B
zMw!=lm83d9d=M{6+v(U#Ky02jHUyt9%y&QG>_=akMmDcJgcy<+!O?XG7y1iR)1Moy
zbi37J1y8dMMq}S*CcAzERT|wiQW@PEiKSG0ep1QHmtf3<VTNMr>b%jtsX^6!5>NiA
zZP)}&Xkn3nW_@~HI;3Z|uPt5XAw42yJL}U9`+e2u4;$D~HS~}9yPSMxk`|9+*d~WX
ziX8(=!eODM5j2!2Va8;i(`mK&b)RK>9bfrRlODaPwG}h=H7=h!xe^LCw#b0z`DDsL
z+v*T(8wNrc7=JRU`1LLjVBqM}p>KWiV$M+aG@DfC)NR*tSsg3yRPS7#?>+E*fo;W@
zN76<f-B`oxn(hcx-umTbLF08h<MqfaQ8wFCbkufPE!(7RhoegswY&3_x&iGPW%#A-
z9Zk>4!s>owVNLt+lJp!T)FBAr!hR*tQw8;m9Zz&)%)i^dCH+?Vtc!?5c-l=R`zE$V
zHq>%kP>hVSfe1%p__a>gc9}3)TBMC&7f);if_6T3c0QukIaM|xT)t0u5(ODQKu$zV
zkGlnUIVy&2_cZpU*<P!0NR-Gd2_}gV`e+nQ5Bvg<aS>@Kqr;=~*#7WY!f!Wn`$Lz+
zMZ&Oa#B@I9QMY{9g-4l0O<<m{F3KL&XI)gL^IDy1tuOKyIGBpn>n=Lies=Bn{%b-#
zRNeaIynXyi%%1(ZqZ|9`;<b4C8Qn$O@3?(Oqd!GmkiSqdzUPrz>CuvUZlM@~Fql9V
zN6`)6xYL7YM(RDVo-|)YVvCB_oQh&(xxyQoB~n##L)z+@V3zv&oUU{0krQ9ifV{`$
zt=ANSf+JjMtF4pe&-&d{%)%Xc@?8mPV&qrz7%#}Of7WdjD%v9RI!8C>x;0}&r<&Z2
zs2x!7c6nA|mmhq%b_057^VH(i!<dvgo{d(;3aGFxKe0vAt2+@!fsV;7T93862l_pi
zCv$6cPPMD|J3XR{ygV}4jNQvW9n5W!ysr>YPAd7xgtGduVCwexOXU0XD@2GX28-;R
zJlS_6mRx1!4vBK-AM{z|6_)F|>R{)V4UOC;&?VC1(`|Wmi1#i`>i`saf&QF@By;1Z
z`iwZ9g9GQr!=gC>smV7Q44$!L<cF~-AKBju<CW%XFJEIcskPm!@m5LFe;!-z78i~-
zOe4O2{aM`^tn!r%*oz%0<DQ{rFOMr^_m0hdM9vu>Tw)%QT|93Tv-3!Ld%#{nO48Vg
zv<X4~;;SkeCRcP&2PCf?wM!(j?xB2`d82<c$nV9zm)yl!7X>{9F&|yhI2G2rI;8HA
zfp~RX{9VyK7fuPPHqO8OCsg!b8O=Z-Fy?zq-7!4q|2CtU%s+wsJl~7U{>1$GfedB;
z&TPid5BpJz779lJsm;K!-%)>{PVK+S(W3q*+#kdG-vIxAB{zfqo!krxf&VAqzqb>U
z-0b3ppmLP4>x+A(f$HKnczB3|z0J`?*Gc-Ms2T8f>PGp>D-}mF2Ke3)`Zm2&ceH$!
zG^;84lKgJZ)m&kP*-oy@6mO`nX5Tc=nmc;*b>Kq<J7M)Iq!R=yrwd_xG}$l#JCb@u
z=uuTCL0aoZFfo*?<*jC|^%^l>bNh^72s5XAMh4Nmkn>u_Rr+W7&RLD+NeRy82V8E3
zG&r)$u~{!v8$StP*OX{Jc*M*hr8;POUgLB$=BiD_&Qi&C28<wEwpj7~ZP_l@1p?2I
ziRcoUop41s)lq2Iu;&hwr~gFB;_<mkX}UIunC9{E1CdS7#Z+iYS5C!+?WefzY(1%>
zY>r>KWgLBg=uzMFjP-*>)O<HsqW$1=I`68Fpqn>x@^KN4^R`H6fCyGHwo<*;{)y7q
zLScx{q=mzi?SF7M=>IYE*?;h`e?;RUK*hRW(0B~O{S!U^hK~P4(=muR295vu`B!xQ
zJ00&YBp#suMA9(`{og40x3%+Ia<p&W_uC&)0LJeX{{CGH5BeXIqoH76{@*}yq?Oy%
zfw=jOP?H0WFvFrOW@@R;T%XpWn8@>N=|k}|Q}?ckUYElu=WdJg<H40x!qKG;=DvL1
zLOdgohsQ*>T%IG+-fc)l<c6#KB6%?Zshn<nw2OsnWgzP)E4sEgYHuvJX!hy#THD%_
z*G%IT^WI&;^JBSGEVHv>t^T-|#daeO?#ORDDxTTkJVSoy$`Z%s;-QNxf=y3D`EZr;
zXsf@>?CjIa*FWA8l->*7F*pgKJNt=;@z{iY0YCJ#PVXWR=QONE#^}f9El+-Z6Vi|n
z*c^?pNw`VaAc$K)6L#qBN;OIE+XQZqZ}CDjr;`|7!4<v!hIlg!JK`y!_w{|IGZn@~
z=8OmAGnb0mDMiVNnx~G9t#I@d!Pi)+dxQ1e&r?(JVydT^wg;U)PncG3%(W{qqKmDg
z^{HKm{s^R}xsYhIo9wD=2;DY3O;AnTzxKWetE=929$a%y)NlT}KV4TsGv_O#fktsR
zqOOKLkv7iZlIgpIHTVVf@*6vBt+*SCLPVnV4olk{ew2A+6V0on-C2@XgZ=j>-&|a^
zJI|9^nTn=(vI8#vsCt@~xv&;^%Z|^bjzdD6o2^+nAYqDYMr8VYl{natg@$?LQWbW=
z9j3SRXO-&_Z|<Kz5JXNgmK_aF`3(8qw{&AXsWO^8kd8DH2{4;-PrqLs>6d}ZhVBar
zDR>ssC?a+HDDEa{r_Cr$Q;8vci5OfP38_VnIb`Wb5qia`GJQQxI0SY?QXBGPSi!CB
zB#UN!M2*gNYHlPKruH@na^Bsjlsm@O3J|@II=S$*rGxHva?4uq*!EnKBb9Npcdre5
zlux^d`CRsnLHjc9zOd=3BDW^OW^`%y($3zl&EjIsQhTSqCVFXX!Ns}swY7@wV1ZSI
z*J|=WLY_`VRnM@Bp{BmNc2P%BzYP~xJkOlp@mMPQR(ucrLoD&M%;`vZ5-!r=RmV3p
zHC=}SP3q)JFA5w{V-m?Tw_wRn<z&p**ic@{kf-Kxu!Fg%U|1Zp3~!VgG<qqOStpj<
z+=!RvkxOP{hQjPe9$G&l7i86=FK2@bJ{799MR|#@xb#k`7MYVJ%uSHVRRpn1r*?E&
zxRzdYTv`VHJCRVQ=T~YegC@=$WV#q&IXEJFR^gz7C$IlAzPYfjP(ESq_*!1U=u<MJ
z01|(sLbh`#-_$-vE-{eMl{3b<<(8|W?rpah{Crb5`}w=(nGsI6GP&a3>c?1>QOg8t
zIQDs(mTo=Km|w87DC@A)Tu*(RkI$<LRnwx8TcY{kKtosM3vPOTE0iqWvF^H}`C#Fo
zv01`^Vue!n7-3TywcNooGuEJMkD8*AJKoDT>BZVCY(_p@OqyRSwOp&LN;YK=u&O@n
z9k15c>4~?dReWK`#XzUJFuGJ&P(Jb*m6Wc0=UjGRv;<Z8s5bRls)kYGW$Qa3Z2nvz
zwD5(OB_DHfB|;s&;%`CfkR&Cks9lDO1Le8hF}+V8DV_}uf%rUEPN96ZHqwSSTWF3=
zr?VQamhtM9y+_3>aaC))0J2UMSy{%s1H68O0*mSNjr!oE#dBP!7qR$pa6(Aq${U(|
zhLcJzHR%haa!zK}&#oK_Cy$8TTk7MQOGZ0I2iZQrBVU_p>Q4<%)L1c3$>qg=Pqwyg
zN2agHWixoYwZO_kiDFXo5f{8a3itl71A0>kzZ3eLRg?WATZ$33n_!}yg`l%`HrHp|
zQ1fyIt9xI@AIubuzz5{Xz6c13@mUGBt8{X3*%I=t$N4C0KF+dwuhDHO9C^t<DTY%o
zA<^FL6&1Aq9+0*6soVM71r{;<E2N0C;pOCSt+dHlsmbM#&x@O_tyG1~1GO#iByv^t
z>IwD3rzxo5g)WxssbzOf*oQ6FOGm1|bf_D$UDoZn78CT4rOYv2s)ZD+(EoTfE%lv)
zc5|}9Cen|vfa$5ZWkhgZSaz_Pw(^DU3WMCQA%*U3nXvn5LnS!!&*t*Wx|H+Fqh=k=
z=UG-1OVBK)4o<t-iT1%Zm)W-zsSC+9G~a9ZkQWlHJ}J>G`Vc>NRREsz5)BRh2w@6W
zydRs@-Pe%4C{!`*L9(rmqdzn-sbMH1qdWTa91%K6ZS(r1Mt8|hOfJpB9u0|#Ii2OU
z5-(Hwyf*gr&uaHosiGM0Boea?#1-@=4qxGc>MMxZ?8ZdH>MWjVQ~UYqw0_{Gl8GCO
z!o#wEdPycNF8;yY_7AMcFvFO-o6qJb)nbzK=5P=EoQbIxDOJ<64BOBFY}+8ZyqKp0
z@7wy2;G{eqC@~3h#$84skX`+5okn+z`*q7>rSOp<snwh0nRoiSAIakuN*}yJ#8Ph+
zcV5U=qdv?G3g1;@ZSlZ+m-zfM($88aKP#+9m#P{rfq;0Bm$An)<|wPIdcsVu6?Pgw
z=gHwdX0vMFI-47tKo}SMS#y_k4A+C&B6D8)N^#w@xvSXz><@-n{n@YN>;`NH=smFd
z*xKo^z17TEiRO!5-NNPA?>U#!L=xofJ7T4E(1W#zIIhP%G@C%sK)i6<pJ-Zhc9ti$
zMQf8%#Ltrvc<{sv;lAL-Qo&^nm~D`)kL1Gh>%s9iFjk!vA0x~wgTN9{7YjyxB&<qG
z;`R8Z@{_jlvRiM*(%`j{7b0ZwFA*$gS#opmlIA5|6<?9Bb>lqII;0Q3eM)EVY;{<>
zIyroLLRWKeVeY`dn`&=bV=SmGp|-?+zSCFe<f2E@<tJuy-Z=(u@$fQeGA)n%XhQUo
zQ@9>Egq!PYC66xil<9s_a^xVVl#{PF=U&>S=20nZsvPtq{}R|6{ED({<_TG4-a_e&
zi;I|5jN{Q49rmoxqz%+H=_3arM(@GgruY^%oU!sNP1&7_2~_9xEIW!3Pwbk8cOHZ0
zS8PRue4F+cC~`r9Q6e+72JeCuqwbU%<IZJ7`>>oC_xbx)+KL^T&6q5e9PO1HPb!7T
z$&ahxEf3(41YVje#y$uXHn>&ObUP?IxZTc{DxJGA%M_^<)CHkkCqP`cva)hqtrADP
z=i<y=kuQAeUj1RL^vTm`QymeL%V6b>C`&cvQBKd6M;mX3X2!==kY&s@)f30M+gZN8
z=@XyW3trzcAnMVT<rvD4QYXLKId_a5Nfe&lgkM?hP?UYfL0&R@)QVKzn2`CjlUtVp
zn*ni)#{3G6JXbDFQ*5F-SI%~EvZiXg9X8Q}Y(;^ck9#B${rJN{I~FAI^1V|sEy_<P
zX{#A(JcYjI-&TICSWEV%%RZ*+<b7|-qS30!VcJe`UyFg)QqgRkv2}(P+lz~w8C1>v
zA5GQOwY6EW=LA$?2@kk5DRXn?q&LU|@B<F9NIS91u^4nY*||H$XLw3u1?z`b_3sAv
zQfS`UlN(dAvap=d@9<3G6n*3E$*^13wA<};{c}56u8uv6p`u2U2ik^{C(0cfOZvcT
zx;gU|)_p!F;rw@kH7~2Zw-A~;hGiUrC*`}Z3sU#p6|;(;R=s`e)7Eu6+&*D%!_IcK
z`Tc0~M+)EN`!X=Gx9Iusuxe}~pOcH-*{;@(RO^U2%50SlMF!nSnlv6w7w5I{*28CB
zbFK~JK?6H$ZWV9eu=DY;O~&%cX5()WNK3p%w3tJvI_X_KbDreAQt4ExNXiQ*3t4(s
zo3z^+9@m)wPk<#Lcbq9Vr@JRyTD)mj-#v`iIC`rxz3Phd*png6XZl#w)s;-BD7Kb%
zT+Hl)l7K(n?XyEu8qV?tsxDCjoJl3`7pmeUE2A~hJmrKQolWI;GKN(2l3(Y%(SlGe
zXl3|Y_B_$#6uQ&W=#pA!+z~F}vQm^~*&_W_eWmrSkfW)_6Wb1*awwIXy*=Kb$}*We
zoPCrmCm`7tw>UnlufRgR2T$5Y$8;!31b%K_H&9o#Zbg^KYq@R5+SBFvV$S~DRgb>)
z>|1Zvw~sdQTMQ8^o?8oHzOUcxv)7=8V!j^27gyG^Wn4EVte!bfDlT_nl|*KDePa5A
z%PR0ds?8iE`;5DX(d;v>|Abcz17CM*_@{<Z6NPrl$Rg!t7b?wGEe7M9P`^;$$W39Y
z$;eF>s>e~A%a94CS;O~8-q{DCCy=*qjv-X?Cb1@$(qc9>OYoH2ab!%6u?Fdh8X;d=
zhggkC23y^bOtX9y4X&m_th0>}+W5_Q?E?cUK@+{E&pdixxg!=@O12DRHVvpOuq*fR
zAX}uW*`ZAk>VX%bxxS*gTSO2MmRW?G5S6>m{S<tP_6K!&G5U(lOk*~zJi;Z?Ar%?x
z4qST<TwvZ0QMlndie9!$g9H@$`?tNmI*)&m&%erBG1o@;6`MeSMki$ui9cAl-IaqF
zM|bB%4XR8IOC3HDzFM+SS`?z*JJdOUx;nR`jD5C%Y|5(uY}Vty-y~=Sj;(oo@>MP(
zmba3>8mrcge*0?2SIGX=qisWNA#)ql#qy3*$mAsH%c_lpGbeJBiqD~b4?R>)`_9o@
zc^`6`*KQzMSx%WuuAWt*GzjwHI4eAJ=Z*fMCN-}471}@tBLe5G_oWdj6=)VOLZ7h5
z^|&6zR$1NnGqua)jtlDI0Ud2tXW8`RM^EL79;Y`^y5dUD9UBN!obyWp^_MZ@EEVG5
zGrVdfCT;Y&#{Yq@(^~)?!04tGTr$O)*lR>WI_q$)D+tSJ(T*^vNI4kD)v<9rRvSjp
zpzMUC(|9C(jrU&Q%x6+uxs}tF7ND+<v=(CqVV`G>NuSXbjT`C$++t;=iopbhDkBAr
z(l26bUN&mmX&lO2;}<J4k_#>|ikjBH)^)`I;q|n!qHx4XJa~I*1no~a-`ItIOh{4p
zXhl<?L9n51L$UrI@dk_cBT?#65~6h+mN-k_u-^VRRjR|3VQZ8GoU1)<+|+w4jXgIc
zl#a6RD9Z6AE$px?$0}a&ZJgV%12N_9956mCUogKd(Lfh^-p@YUpd!E%_a$gC*MIXo
z6AaF6YhFcPx4#=Is?3(E;w1-J!$05RwYeO((At#2zBv_c$4C`Q0;W;DKz&FZOKS+B
zl;y0saeeXetrc1-+#~<g1)}B{5#n%G3DS+OO*iBfoTH@Il8s{mb1YB!sK&_D@^@Hb
z>Lp>lbMldVkI)iALgab3T!I_EMi!4Is9@Dgy2%72HhRW}IFrsCn)5{6aH2>WBYTzg
zMrNj7lAUHagIP<5xZcf85|P0yQNyfzpar5LI`YoS@_gZB48D2ona(O9n?y&Y?M_dS
z0%>gg6}cQ@S^&(gbaUIq^%bHFjifWIL(tF?u(e6IQtTaYXvY>6iq^-7p;YeF+^Dt^
zq7B35Xtm<EsiD7NWJ;X$Abbsv^^FrV<t1h<2CUL|sy7*1vU(PF(Hu-Y$Uur4K}+*Z
zg2Z9WvhbJtSZ8&hESyVpbjB>1m)Okww-07jXPTtFWs4#4<~S@dMP*9!YvYwyy*$*9
z)nYFcuN=b+9F)0VBrtZp3JtS))-Izp(Clt8%y`Iet?|}4mJWgad;!b39c|2OtCe5*
z1Qul6CMm%vG;%p?-Oi;FA#w5A4MB5ei!sTI>Ssu)MH;-%A28s7htApak}<x-8j#G(
zsKBK*LJ?r|N2|r|XFV<WaG!?dfU@@J%{aT{llz3dUuw<s9zHP;ex#JIFY|%5cP}Qe
z^C?1M?7)R=fr%Rn*PO{K7KXUI!j^+mub^??gZgp)(W0Jd*Ovi3Rxn$Sq$<zzp8X>7
zySvNtJE9ZHiAT2&lpF{{JVWP@ddj8jp<b36q|x|W)T|FkK55<4H7&n*BQrvN*G@4$
zfq9R7`sNAUY*C6(cx27vK}U_=ZtIeoR;_SinqFuXNwd2;33J=d-NAVJZeN3li1kPj
z+Hu~sZ8;?~H^1!>9OZ@O_D|?@dkAUD_f0mB0uBi5hg!C&rbb@%F}|Gx?WS+#_>k%k
zJ|AQef6U%?H`7GG*`r2gU%386x;0pQ1O1wLU!bwdW;;v8t=UWHG$}da3Zl*QM3OGM
zo7Q_UOw|Ws5WMSMma^XaVQfTpq9#`Ji#RW29Fpmp(~tx9%M$uByfU!;sBqt3i1Wh1
zem)&*nCcoEiOhq&fCx?43r%EOR$AxH>xN_@pk|KUshRP*FCHr0pWsf?=&xEKN$Ae?
z*7K8Gm2MNfL*X0d=Tgbj-gC!L4+xuT2(@=-F3-P&G*oiORG)dRaf*9zZMs5s$skK8
z^Ncsdxywl{)~UsP08+``*VrcdJ~d(<@p8H8L8F)H9je(%#&<`&7pxYedS!cxl+Uf#
z9C$VrtjAsuzB_-a6VXIAOO;y7HRD(msv4TID@>O(YBjs<vWjLoT=+EHq5Lp$Lexgs
zv7Lo{$e?29onDu6M~G(BVl!x3mR8wszW9ED(Z$Wmw#K=RZO1uldIH<}7QL$%3dt@H
z)}6^8oaa|tM2!YrH81b+LcwNrG7Fw1?Qej_yL&Ge;(qMe-aX^lEX~##7En?_XmvXX
zX7%7JRYUGW11ZP2a7|(ZF~`7gK|78F!<VyV@19e6fI`xX(vE#dS;{Udr?*gaXMGlu
z78T!RN=3Tvk3~7o_@--HIHtQVgo50t)1F^cmQfaUIvno{GOT?*<g+^=Fv_Q_KI~&}
znYKFayngA}>zZ(NZQp+Q2H~S~T?7?x0?@h(`5#m)9za{{AL{7Ww4U(Igc3|NKbGYw
zM;I8I9Q7>6m1hhR*18<SqZFynJ~x0Wbkq25m2EZIBtQ1xVVks0Z@xJY%2%UeajRCp
zq(0Bb(<083de!nXbQui_>#;~pZ!fARZHR?rD-kF*J-dV!5OQ`{>WDR>CWF_;NIs_Z
z&_QnPv^~czenl>nraQ$?cU6d0;Smo%xeKbaci|aB1H)S;Y{PsF&5v)aWzuAHBSf6k
zAaqi@=3+TlX(NP1Hs81{Z9*gPCq109S9{XsMoY|_0$X&nB=H}MZ6kV)aYQ2U3vqN_
z5V9=Id+4BvL{v<VIKv7)B)XkhchwxFeY?Kk-H<TGWj*I<y@$6)lV9pRy(X7(5V@+d
z^I<|Fn2<`uS2H{Bh(38;d^caOWYjBom2kRTx3j!n*M5L!O*cUQlV_@Qw6veJ;-x$=
zsj(Y>kZAac0BgXVg|O+J4ys+?eiKT)SSmH9SRSawuQH*>A34BHNSVVc(tC{>T};sH
zHU3d)v}}!Yv^)<nQvNn!^ieY2#Y<}XIkGel9+{KtHraqV*T@L`y<dD$AFLRtVUb_d
zP@Ai%*(>l^Um<(##8<rgfqgxHk-Tbr+Qx_)f55{v&^o4a?BinjD1UF}>B2MSsZ6Ei
z>lU}#?uE{sl?Q&PUSHBmEK<z!>PS|Mk;;2MeAfm}l)RVBQZj6@#xK(u+_9c))}fsz
zDQHceb#MG0Nw#^Ng^<wjq^9mDJPqDAnr*s^?%TMh(bKZF6rY#8dGEqG-Pi7{S44ro
zIZcU~>yBl^cil@fnkIO8uHS3Fhl|A>!X}^5nR0_QdbaE^@F8=`Jw;qBV%%nN>12}W
zPm+vD3gXf%swww$T-Yx3UL)3vG)V-NWcx;q->;apiIiuJR(QY_Q6ktv8Amlk;eMl|
zVm=;vYxwlco~~`nKRuWK8TJY1M?wD$1pRNLJ|+JV2okqNoBV`<ehdACA;FmXHb89~
zC<qFmKv3xKDA4~J0|El(_-;9wT5HfF0Uiv@ByE8<#YE2mPuPEd=Kgo^CxjpNpD>`v
zZktAWpumj~cFPwPvEEYsZ1&#%oSTG4S*D(6u#|%O&oF+9d`*`K6u3Ea5?b3mbT{Ek
z4qTuRVQYHvKH&&EQHg%l`H{vK1RQcNOE2x=*rIS{w02yUX>MC~-d;{F+)GUHH(Z=k
z9i}Z0sP@1%NQtr$;nNSTY^u1ba2xCMQ;QdV3?JRe*Q6BcK9pIhD=ZhTWqwxPC=z(W
z(kx{orGs5ULR<x6icH=P`Z#DMQTM{P!qH{N|Cm^WGvvjmsu4t#{HIxlP1*xB*8DBO
zEe6M^{Y1F>42eS<iRh=~7oujog$YLmIk~0fk1cZasv=@$Z0z5`Qu#M3ea!S7rVlPe
zRQnG9le_#MqbdJK|M*7`=f8=lM54Y$Fk&zp4E}<NT*P2B{~WOh{VQS-`d7pv^p}W5
zX)w?s#&P(hA@txMXHa_Rk24rO7=vB`-@*Y9==&L<#<w#(0Gjz1eEJhq1>hZwOVWRn
z0boKZ4z|X(Or3Q3R3xSO)J)x+^nYdh1*BASw=?BaF*3uvIbfomziV*Q)X~=2!PwN1
z9{N3~Qqk1J!bsfKO&0^$B2Z9X1PFvcB48je908|?!T5P$aDILi1O<jdk^K66G7h%R
zc7Rs5_|zPLuxvX_=f>`Q61RZxY8MM*)0;Ble6sXT4$h_`B772n>VRxV`fmgLWqd!k
z3ZSF^zZCsu?q3!C1;>`Kbq3}U0xWn3M<;q1X0mVcDHvhS|1#jWZ!t(XFv9PAAU-t<
zC$y=Mw3M_o2m}WL*7+rX0|gu~-~eDm2nYm%f<?Xssypd^?_Nt=2N3ha4D=xVpVow7
z^t#EX1bDy?>AxzCQRn|fIOM1B?@;1@5U%22>hfb6ei4rGvmdhmWm+J5|4+xm<NKHA
z0Sw<<4>L>*94c>N;;2jiZT$4#6u}UGO#Ux|V81}1-y}&GIT@jC&AxfP<9C0@<5RXX
zwGlIRvaq%JKBM$}m{Hj{qtV~rKtSKh&Q53x8(>X*pVePi6zmsI1xn=^IoUe=upkU$
zIZ0r#09Hc)ro&he0az6Q1tt+#rY6qDrvGaD)6zh@pKW1)7x44{I52%-JmRMp0Cb2H
z;0-XKuWw=j{Uwc@OxYy`ARq`B3;_c{*bpcb&IJOqfk12=zs!r9gXvv7z-QoifM!2l
z^!#u*u$A4V|4xI!ph#d~m>0dx4;pX|2DXGhXei8n^&1Ta1G@Ty1_Gfld)RO7KoB^l
z%GYl+7#xHN@BWPjw8Jcx-)a0X<e$8l$@#k-KML@-KX_5dzhof5@V~~30v6t%yeJS7
z*xrBd4+TN|)gKCu_)9+&0t3_k#tZ%jxd08gYx%Ps6!GVrf)NPJ7X3$mD1Kmv`i%xb
z@&n7}FB<=!ybvVvZ(bCpLf{{~z&QT2C6piemn{JrX50Hs7bpS*<SzJ=26)V0Gz92R
zoncTI^3QfKC>->sePK`pkbmHJ888?KvrvE21qOrsH7|hQV{!@n(GGLv|BLpQ&0)ZT
z|I<b=IB-?`lNS!b{1fA+3?~O8;C9jha~-&4;b96aOTL@7w!o$h@Bz1%e6luoZGnyN
z#|KGzU3wt|7%D9Wm*AH|A;BOCDF_THjRK27Bq0*gP=pvlN(ApeH^FR~lD5VY=BCD0
zj?UKfd`Ku<9Js<rA>q<e{BUV8gd~)oAGm*(mXMNwpd>(;P0!KE$ieB`_5lOdBovQ@
KMM_y3@4o=j=r?-+

literal 0
HcmV?d00001

diff --git a/documentation/local-tools-inter-connection.pdf b/documentation/local-tools-inter-connection.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..5014c98957660b8756051cb84b9286d3846bcfea
GIT binary patch
literal 217031
zcmd42WpEu$lP-9~%nTN@EQ^nrnVFd^W(Hf#U@<c@gT>6u%#0Q@to(lS&CK09v2izI
ze{4rbbaiEQpE{XYl}}gYLoP2YO2_z(6_&g=zqhTou{R5riHL#7*3bf$o10$R#KzRg
zjEMQOMv-3B+{($sfnL<gz{y0|#K_jzgqIiA(aFKYz#7&qJyKaFe2oFV{YCAljiHi^
z>)l5`S^7I-I~}-(y2t5H`NqJD0`Jb)i~yOGv2PrG4*5wBdz5+PkCyKMP|ZDXMlL)O
z|A%gm&`pBzCay<o=v#MB;1aJh$j=m++OxLGeS|aT!1?)96Wy^{otGkRKMv^uPrR7!
ze*KbghBqI2EYLqz69k1t!2~eP^1l#qcsO-ju*pJ_8Fp*%PbPe7<WH`Yq4yIQEf3@o
z*LKw%NiwzEX`7+@LUJg+7ULotQqXJ`RUL4rynGx}NKyM6)#uzqegktaGY+&&`Ke1A
zE~|{nZkX1tr_9+HQduJ1e<u@ldCcNgMK#it$N+sTE}qXbMc3Vzr-(U&dJT^PZRtxk
zpr{h*%onS5Z|UA|0Y{(0Rcrc=pGW?u^0G+si9`m!p~{mzl+Fn1tdCAd*Nz=V){I?X
z_~IIw5t#1;M|6B_;dw&s$fLDWs>7K#bBDB2;h*%!WW5SvhE=nrvA0_R8PR^UyZtab
z5u@|jh2W%Y^*mcTQLv?u!n^bf8z8En6up9FN@9K?TSKqN5Gjp%Rl2QzV`L6SI=5Q0
zP9}Ec4_FP8ppM<*C1io?v-}xvSF!NKjazu#=?V8Ha$8mXlN*?{RzVpXaAM}v?~t|t
zAt5RuVt0q!diVg?9PB*~O8pDg#K!nPJm9nR*J)t?`pVw|D+BXi=|6R>|C>hv{|`KB
zUQNappAEi!vTBOM2P5_w5)*96UYn(f1=4}a!y*mScRjax@6UsR9#`E}WgI^2T+kwI
zSbnBBFJkc5w8>GvAb5>fD@A)C1>=U;Y0dlX%k_KUlchmkXV$xVv2~ysK~e@28PaSU
zhi9_Q-Rhj?yEbo|nduG|uk8gEy($%6Qk^qz>dWTXC>L;JS+TA8<MPJWmZM6|VQcXe
zgYeO2-z!_0yiYnNU@Z(G$5JIb7w&ZmS(t)GoigXdcP<f>e8(o-yW<DUiS66|`}p<q
zPj^q)d981T>7;2w=JNeyr%NEmzHaRwkMTO<K!JXVddBDPhX|BXzklnZBoYvz^NVb&
zDFo0&l!be&Ge@hZJBOK{rnz>+d9-O|aP|$-f!BCfX)UrZ9d~2+&CZ5@V|5bf9Kg*f
zB(!{F>1uIYy`RGZuY97JwZ*wEq?5^OrG;`q6H*r6Un9?}|E*My`WnI&N5^yNKygW3
z-xXJ9o`~t0CTUTS5Mu)#V6*a+`{?&x<`=L|^A+~vKoB$9ph~2TW5^aMx7-Hb$K&om
z%kV9*@19G_1t|9ZdHH_2qm+b62Q(IbjwB7s`!0rZBDOD526F7c$EGF1Vy>yQuTK|v
zM{^Q%!FIT)Qz9yt597H}rhO`{-N1zxq`A1i$N4fvvs8ww)9Jub|0-hl!4yu8j%WD(
z9a9S0O!-h_?RgmMtE!+jiT$wopJy0UwTX@5&ef3$f%Dp&`;XA6oi@7ZA7b`gHN1%*
zKGUsnnFY5`=)dslvX4ew*RV_XX3^LR)xvgdqRZ;kC_G0q+eZ+l8XeJ^e`QoQCA7^b
zdFq%if3fHjE-XwXnJ=)%*17=o4z)7w9Q+{nexv?D&n9Ny&jj6zqrJh>j9|d<^-=X{
zhZ04zVrS-^NLd86UXvEVAp=j@8q<jsLCp)R?BlB<J>3;o{!3*Hn+~Ztb@T0+(PoiV
zfp&|xEp`Fv#TfVQH-^%P8MW+)_9le*BJ1(}mCE^sdf#vLkQd9j5#B$vb>AP8$IdrJ
z8yK-*153}RpD(QzRg>e`a7ZzOE3?vg1vE^*^z@<mVkYc2n19^%#*ze$>nqk0duGV3
zre1O1Cx;QhpCafii*IDy1t&YbsFy!zyqRzZ&i{bP?X472bg$be;Y;Q`h$@R9CB%Z*
zMmEVXk~}Uh1&B#uq%YluKJ|>FT<hoU;tHP^Een%%8^ME=0^;d{O#1NCvL}a-6~NCT
zN(#;t`&e$lmb>Wk2;|1VKL9u)_wOlb0)o>=2*`L>vO<dx*ytx{uibqSF??5|4jfqP
zAi1N;al`=@bRNQcxIY6>7PPu2^2Hb_l$+pg)&@mlgt18g-4el=mMLxk!-RC~@d!8O
zcMHrVNYukI)4pQ_-DF;p4=cy%TenBid%U#gXM^hStI}TGIQnE~RNb6HW1QH$@rfeL
zmDYU{M%m}WCgpfz6ncg<Q<xY$H271`L^HOw5vYzz(y_9HIG10@&Ti>ee4!vkiuB62
zIhEakMkYVCn#c$d03it~K1%f|YCp-&7-oD=K{|p$EFJ>*rw~$o6iayPC|oSId<BJi
zb7+XWTD385mE>6}VK`+gau2}#unV&-Lf|~ne(hoYxH>)UniuKT7#9(*1_b89BVhPw
z65Gnu(#1CM+W!Xnn`Ex^O#2SdAScpY=jmg0D;z>|4`hQ7rT`4cM;R$-pp~N(@ZuMK
zTNuzO842q`95FGo-bDMl6t?<XKDl0ns6y~&CX1Ip2+TLKnz9)w>tw6{Qb_khIW(VP
zw!aNkhH)jln~NC>waoV<*@Ojxyn2ibW(QpiJ^3VR0E|#wprgv=+>k<xOG!_Ijd3%6
zf2rq7VPF*xxvAS5(7q*WWjq$=u6?O^!V<(CGX5VX{lC-s-<h6~g_-3)XMIM-|C;ud
z-R(^1)#VH=OpKi9m7EQo{@zPi8<?8VtC<^rLJTGb4kCJS6LV8Dr_VBwh+fd#$x+_K
zLCDtH&eq1n#)*iXh+fFn%GN>2&cMioUf9IN+{i>xOz_{ZL|91qU!dgQpoNivjpg$h
zB^d)pOCrX<phl7CzW~d}(#IA6SyEI&6aWGO0uTd;0{|bZ03iSvDCpnw^8o)mA)p~3
zz`-G4p`ak4;bGz7;b7t55D-z35fD)j;oy)lkx|glF)%RTk+85a(Xmm{G0^|M1O)8!
z8E^;~2nZN-1ULlr|JTPy4*&%kFaekb10ex`qJV&*fPC};z5qY~U;wbc{r&d=0SN^L
z4h;$d^C`v!0f2rA|1J7^1px(z0E7Hk0l<TO3X#E(KdY{@|7ihs;o(rlVo6uV-uFH|
zYBOPPTvMqr!ED`&G&}*z()HN}siavFCVQD~X^_&T($mF}mM+I;5sA^L8VCTnI?NK@
z#fhhx>`b?+>H-kfX`T%<ChC|pN^8~Wo{hXcoFgW(p~i2SN*IKSDHv4MT^ad{fn{CG
z1sXjDSl*3}d1@4VJC-RC#MVCqST24oQoYrRo1UGQZO7D{pQ8qbv^p7K_1}y`&spop
zo*n8YzU-P>CLYH+9P$lQ-iGZt#k>BjbGB>)SCx~UBHotb(#mD1GyIao+}!@uImOwc
z=weYOC#cn`O-}oSX=8bfO$((-gozzh?9e`PsdJ&;>!8Dne8!{h7wLE{OW{lzRmJ@q
zQg}cw^<K#R&`2xx%$bdK7c<JPn9ETy!JKUoy6-m$YI_WSIk&j~7YYE#jb>dhO)bVL
z0zo6MKKGeojp&=sO2rQknF}34`uc)Nr3-1cm%;gSQSNE{S49UE^FM`;oRv6I<($$0
zkh$~MZ`>R~8Ih*ji$P@ktgD%F<sM(En~eW4%%_Q-o)H@%es3kedoexv$Xxt}JZ&ml
z!DZ_LKoQwj5PCJwqoJUsUH6kiD{gjXcmNQIRj(plNqPogG5EPwfsAF=W~-u!$pDaX
zdh8xu+8Ft$VZ7DQ$pZcv`?U2@G>wU@sNO6Vo+8dV-o-<$w0!*%$7)?8e0Cp9E+;il
zkNb#|`zniHzV|jMb8Ni4LC-g;p^Et(dgVeg%ew^$zm1-=oY|B{fSQLtlkmlUj*yge
zs!6hTEdK%7cK`s$&o!<$tsVamx&EoK-&5ovE?jEDtKU6<rdL?}-qNYac(?sDlRcox
zI^p$mAH(+T;H|PGzFlo+^mJ<@?D_*ho(}Kk^Qj0Pv_oqKp0r?nu4Ice!VsPg!c5$|
z$s6<3#R8j!jl)a_IlD)`)}@NyP<6TA;ch*t2}JG*L-z#XZ~qPzMq~g8I4IzA7=8}p
zf7A*N0tyBJfJ8<`Lr1|NVt`^~VdW<#AtfVc0%9_Yehv}n&!GbX0s0CldW?zSb$pE=
zM6}rL53JD~@`fpQTz~}&>Au4lVx7_-+A*dcct+f*+OSkP;X&y$#tlz`S_Jhc35=$!
z7#C|aON42U7jftoHOGO>BiX~9lHZdT1NBV9e#6rh(N<QzC2`xj9YBk=U}_~=5DX^9
zC7!*cOX->BE8A5cQkDgq!&DZTkB5US{yHRCM#kP>O12bUPK6nQJ}9vVrJp-uwZZT0
z_rCT4_(d4kO*GRDHk_)i2R>Y-PSX-_K-3_DhtN+gueRSbZ$DpjqGm!=PSZ6@R-Fa?
z0nomjeC^ld#VsYgzLZ{gKf*_o`PR*1tYuYk)zW&PpP)Ar?v^p4K;k}ama*~yD5q6W
z7~ga5oU@-h+@oi$+VJ*k@<$~4;#9^IX(AF=dQ6YQr=}A#E!)(HWK&x@s(#M}*?4Id
z^mP@-1n4p}91amt89*T+Bl3{@UT#DQr$sSUM_O%4ELU*D9j8v0LMIV@Xbn`6TUFn4
z;KU)XgMPqZkBWi=@%o(t>h<H#ef60lO6i0?>fOn8@m?h(Y(+R6g^+0-+n7w|1T*^1
zntehMoqZ4b^j8yaRRt?3YkO3`ql%OS@9o}6qb>NiA@2}Rj{dSI14Sp%tL-wmxymRu
z$%nZwXnZikV+q5<6nYXfrQ0PjLncrg8|Gk1)r{>==-W}|phMJh71*qtO$`C^FEOVe
zQlOLp6nzMuk%N&sLjdCBU2u3?gNQvYU^6%Pwi=(cfxtuaFGN)GOu^7rXz_`n3@f0!
z_TdQ9X_d-btJeM>N`6$FPMf;;O;^6tH(S%|?~C-I+Rm$(wGuj$G(W>x7axkox+gL{
zdiPi!H<-iW<!RtUNKCCggdrmAqVDHe8*Z|T&`6}^DmK4%#+6tOs$`YuJoZa0P(~Gs
z5qE}pWq|xZuXQSa+k}uaGL9=!IjVZ@&Ohlsjl?|^lI+1f_s~wwFLvBd5M{08{B^5*
zsV6wJP&uY74K;-|KhHNnXi%xjSvYU%f~AKNN#+X2>hw0`(vUH#D$3fA+fDwXY>_~D
zMt@VGet66_o1$#A%$u5^I49QGgj#m^B;-q^L(P=LLeSO+fF9G+Y<}f<A{t8a;rj@Z
zg~`#6d2eX%i?+Bj%cJb@5`C^`M-P&~n>I=IodMPgi)Oqu)-sX6`zjaMT2Z=eYC|&3
z>8fZ(P2?AdywmMecL}@QTu}WH9Lccc{{2{Y&N>fP^)?;9;dw&;%mveo`tMS94?7z1
zi;5c$BW@__U68E+B@eoj*cse60|QcEBdKgN1ZkOGQa-Ijm+T38*F_)!mX%$zq61ui
zRfgkeL01FQ$f&gmz*uF{xR~vDmBQs*TBFZmV97+*pE-N%sP0>YU1f;wZJNT$$$IE9
zhG{)VV9j&kujNHPz3&(myl&g`%2+LIVu6_5#7qN9IuV|E&d!HnmkiKRX3o`tfkh0h
z+MR>vUc~dUU2nn8r3><%k*D)B@1&6p<KbB-z=y1Ai|Gxk{=v(uk}sK2`u4SB5|}>k
zJBVa&ypxoS?^CUB2`-&g%6#8D9y9WMC8REc5(dxQ8#Ordw4W*~1Q45~dUx8jRnknm
zkDq`^iwG3F5w1peccamJ(6mK2EB2rBASDU_<S&%@1P1>OE}wV;3>+1ih>@5?KoE@y
zok1bypV{vdI`Dz4;p%kBG!`paL)FOS$+ST@EqPraeA@=D<jB+$^aBHdkE<@rW?VRC
zNQ&}#5}D}r5YY$9Aqmm%*#g^8VBNF84}en0j*53-<Hbm_(1p?~WgPUIgj_m&W%Hf#
zi%%9DF$cZV@=00Ly4Cuqf*CDxjv*!qF{DooEV$q=TI5P7o7jqsNd8b}knhCCn1bZS
z6qrJR(aFp9w{zG`d8E|iOvH930v`ai+Ar-`jU&10f}E?ZG)8xAhDQri_c2Yt&wiLf
zB94a8$5fOoiR0&j^`P-!C^9OaJPPJGxGL0cPE<1QvkO|Q!+PcJD2anG+$oV7(O}Y#
zc)SKD+%$VlYG9B{C@Q}XuYYQf?jP-ef`dc;D~5cA=6`9Am=T$XNdfIsf#{?R%m$bC
zG1LF(5cIDO4=nL7qSH)OR*%vQH|=Gb^4I;^Y*;BfnKcic0#+p}Un!P;{Zk!GcVm*X
z7EueOhEAnWbX04GcT{U7T^=A^p87-H&ZQrUbrpj*ywB7*?K`>dTP1K}BwDDv=vlB>
z2ZX@y;`qilq4KARq&6OJI5Efj;6>R+3TIg&Zv1xfO!0b;U%5`}r-DI{Yv4diyM&3R
zSk)0QNf;H%%fTlRk_LD*TXAzx&$8)}`Kf+GM2Bj?e5zR^G)i+2*Z2|&jfUB&sD7y5
zDJ2q}@azK+z7d=#Om#C!w;kqXt&>1}`zNY5^4BWgBz?%n5weSDKDI0Qaca7i2NJOz
zUJ>LROkF&Lx;v|~-Z^#DkX^Y$u^b*F`tRmS*U}%T>nfa)mddBpcW@8N8v{+(#a!bs
zl|ypmcu9)L9UO1bofmVq0?WYTni8!Xu@+|%;MR(7#cS?S?w?#3JYsug&p2BGHqqY{
z2Cx-0WgTjSpLP;P27rEscQ7buC`bs1zmEQS2S5QwC1w;*Kt>}`G_d!DAYx!*HjJqu
z<rj2t%$Y_Pa;oj#CS&o7jq{Js?V0%x007Ac`W%=bMF3E%IT*x2C_AnpKnc6&-rgl{
zH`o(_MUSs0RI2qG^r<qGw~v#2c7G+sIBV`55b~&{66h9b8y>jB84NC}#^OoHhY-V>
z=}5KXLe_1F7;zi2n9d#GnYQIuKI2pxa4BiZt;S-V_KmmyL3>=Jawgz0uc`DWwcftm
zXdUym_R9?5u6m)xy&W1Gk*?qe%Sc9Og;PQy?^Brws@Q|roRK%8&>HuUNf_BL&dpp7
z;ZTG;t}jFKKUoOOu5*C!*eFkGT<98k?R8jShuV9^7`E15<c6kWvAZMi3&H~z2mEDV
zl(`5kUPZ9Cq|YENbyw7C^`4aOa?oirg(}L#neR!<2#2OS0@P}-PHw`zGqCqXqXZh%
z6-7`FW5)evg-;VjI3zP!4FHr^Sa-S7L|V2p^rzZqj0aIqj+kJ2xUmvOAZl8NN^kCb
zvj@hTcv>;;({4sev{6K`%+fZp-OXYk!~X9ia?yLXyHM9^@tIl?wEZ!*HTfNh<*t_w
zsv{qO0?O;u2!rW}*076msXn1^KGjPy4XosW6XG9$c(pjgtk)G`$4xV=BY*WVm!9yk
z{)g2U-Rj?0btqr5{!|84bN+m?_`&D4$*H%?cbiMs7<M_6bnz71zo_-fK^}ZA2Od-P
zqjXS^gP{;clVmBBKIyl-#G$z|-qLhD{D{4~j$1?mepQH<F0O!^iBW5?LAg=R$Y@}+
zzc9Xbz!$_3a5G^=Z|cfS(oCU74t|<Bj)a35@kCwQGW*(sYmW)LnSCMfvVsYPX_g(U
z9(fOq#*Jz>(E)?Y3n(5MahV(7_!=!%ptd%43h4&`1-DP;_O8jU9BG$M?lJPF{8G};
zD7=RBVv&uPIA3aGAgxJrg8X3Q*pN1Fe0Xhsrnl3l-IMYIU~RCs_K7K-3@Zz_BIhRz
zFJ&gPG^JTm9Nko<ff#vgog8E-X}86fztg#6jbqYT986ZXReQG&LjN@EkMSzorSScj
zIP5g3P%`-bE3;RkQfn#CIZ)C#VkB008o9!#!aJ_-1F(klZYDistX*Cp&^T=|mW*R;
zP%Xo{c#VD|Y4b;hUDsw?q^e7^y4KKup4%7(pS5`&-_z5=O32LEay3vS1dLawtj`t$
zlURN)N_v~VHIVCUtZ(rwIf6U3ifh6jKgCrm5Csy~Z10r2Id~+`8}{eBPFwWo0{_p_
zx74{z{Mb$viGAu0U;_<FlFJm;rbrePXYuBER>^9lWE%&?LwQ@RNQ+2kNIB9@Sj=vw
zu>PU^V5IQ2Aoo;$EY;eeH4vpOdz2}?$;|`nPdo3I#bbrqCHwN^F%5}_et7q5*R(me
zkOJ)VuR%Q`m^E9XC;g*o^bEe|)-5X;xU%M|!02kNvs}aeQL?mz>``yLxnCIuetf#7
zOMLA>X{W%hSs+2zyEC{c7MbIa;QoOP$e(t}lJHoG==~9c>c`C~nLhw`V%fUQL>M;6
zg=)Sq8qx6Ktr7fFmV(5GZBY#^?x;nw1xkVgD_IR|GAaP9tM+9vW$JQ%e0!^P0f()6
zO}o21TPXoar^nsCcbDElxv1y<TdLNo&B!xUUkaOJSY!D&onN62Z}+otV2{H$<#Ibs
zlT(mqO=OIBiXQ+%W{?Qa1ntUYm)Ryvia<j~`)_6xK)3uC%dSNpzi*`#soXCjIBSLs
zv5l26R3?;lffQ(PIN|UW>4$8lHWW3;+wR9?eSq>AA5h=Q1X7tS(!Q%(;Hg+j9O{e>
zDv9q+3B&K=h$Rg~o6tH^d-Q%n98xV2nzE+_T+?RtJ$P#+aUfSB)}LD?&vrtF!4BYa
zTdi|)7L$0BcxUo+{hw}_8-1HinYt;7Kgb<cPLaz;U&o{E8+5r9o9rqhiY=E92@cw_
z>c+r?SLs{Aw?6>8Z#08K2TRqRum`&Pdw15$2mPBO9z|2@5=wn)%xqQnTE8g8HClG9
zS*+`Ai`Sl45pawMCHbziae6KmQi1R~u4)3H52rfR2x6NGMJn7&KBo%0)i>w3SQi*4
zfqyK%j=)Bqm@yrR=Egkt++{JSQc_WbW14G4qGC}^SbN-+Wy)accv-+(L?sKPwI=Xh
zmJ4h-ymD{0L~JIAt|6tOvX0HCAv-pyIcosmmNnCq?ZcxV+DoSgxGl)O&ntsjm{omW
zDe^5ZFT=eX&JW~Kc|FFYBa1t?D;qi|^&H3x>>mW8|ALK0yGJO~RO*`hwP5JACY^bq
zD{M2N8w0l~VibKkN4QY0hsjnx$}IY0oHiv(;(?&S(ZSUZ7>1h2%)Xqae<OG>Omb2o
zML{B>U%0L2O#-}^v4mj2Ee*8bwMSuqT@}EpvdF@vxeniyQi;w!chrHA|7G8AX^W<3
zx+{>9i2az+fD$FRxH2w2N-6#2E3J}lgLN6c;N~Bd>D~w2Wi8tIf-oY?ou?AzVpqrd
zxw3dCk%4q-pQ$>Kqj`fw?Lq!hmpMgug%vMPr;v3*6DM+m4SEq63G|C)je##2O?U?l
zPVrT4d88Ta_LVUsY0*}DWBDaJRAQl*ad-QmQpeR{EpSa5jdQ(gtiiuR>5eu>mIB+@
zmCSrMDG8BIRr`17fk!0AeD_yXmm5;gyiB7dkFe|-#BXufkoqZgv{4gk!Js=|ftXi*
z{)@KtmdQQ&4m2+k1zI$&D?wfcOj=sxfh^G|p(<E39ZkJI)D2Nzu~#BQ>d=>LTgQ?v
zQdLffZtb3E!Qvppy=Di`aSvWxRq?>TkIXhniZ0eKpkeJj2H?*+D%!`sAbFqaHQuBs
zfiq)l^!Y(i#xt6qlLqWJ?p8Y(T-u$3vHV*6ahNCs8=x(1=#W=Y%tt%h-$345O}b^N
zuGT9#%jvc#X!`)0UZXU{MT`97)IIAH&QK$N!pzU5JIMb;?H~XYVnzjlPZ)zt6q8fa
z&2Y&-eYO4XMGHRScPOQc6wPJt?gdPOrgiTU&3B)HIGiA8D9X*t;kF~pkpSD!hcO)z
zTgUbH0wLQa1WKy+;HKDkzG`0jn@A-)%n_AN%0ILjAArNu_#vLj8sR;4r0qxMT#KV|
z1Ff@nQdk*4f<>m<hHC5huQJ7U)<MD?rKDTF5q)W}j*eXr_4V9(jJiD$0h_)m7h64d
z`N-<d67@fla)JeJ_;ru$&%X|Pg4cQ45*+6>GC59nu6W{V!_S#AEZHojNle5@S(zvZ
zPL_2;X_ji#b&N&$ZlNa@$m)VhsaUN;!bAKTudv`DS_W>sCTlSTv+=>D<Af){M|G1&
z>|9I8WaII|kyRJci1MWYr%)EO-E&MZ+JtcBq1tkJkxNZJIb-hht4T|HFPFTh&JC`8
z&t82{fFM`~YrvXz7cR&OU|oBNm^z5%i}7ga%X)}P-i*0yM-9zPQ^yyh0DRD{FADKe
zxPV5<i=Oq4wSGIlRW&Z4Qw!kro7mWPD&5o}%WTdh^pdWE9y+afs6{gRYF5&)$M1^8
zcdVX7ViVim9rc19G5;;1DW_prj#=3+w+ZAE#12LNeW@{{Lj5ve!V&dqbNpkRheE}-
zQPw`PsM*9d)V0ceLaObKh&tJr-+p8wL4pqTZfdK9L6p>(E0X%OLD0%C@JY126&_J5
zmJDl4dwu_+m%sl!8n&kV3&$z@nD^4Ms9nzdeMAcZ{K)S05q#frXqN^qKk%Z4KA&C$
zZE3{^JR3h{26n!FK)`5vCK@6kFJPa9sV~y6jpGkvLQDd)(?Em<Ku;Auw5-keMgItH
z=8$kh(BJ1%b>WFt@h9g9VL@A>Uyz|!9MTc{QOhX~%SLWV9xyl*YG?6|GAe$jPJx%@
zlxq8<BX6Q7KmR)T>eWdAS$E%o_d2LK+5Q2*%3`<=hvI{JOp9IZz&ibFpwJ;|Yb`Ve
zc^#;x%YIeA<l|GJ^~(Y02c*c2BfY}Kty}G5zY!%xQvOGt0||uKafXA1!up(Xue8b2
z4}gMvhj0Tsx6q(PhHmxPY+}vsYEGWb*EFm|9vS}VqxH$0h%z63-D&9dDlvCK`!s)n
zdqGTDRnZJtZ~qu>tgriAVDFEcOE6R0_g+xK$k62z<hO=NVBu_FAx`A+E$6=ljG$SD
zei;&-^g6eWY55@<T=5w+YS@{&X`ZGl6dc)j7VeLBQzFB;T)r(Vzvz4b{M&68UiqZq
z-reC$Kx!&n{d5ELfV&N~ObKm(cu1&Ti-PCb&NWM+Huhya>#xK{K1)}HzWLR-stI8n
zs;JZz!m3qY3tq}IOU%S*HRG_}q@oM7xxY=;KoRL_A~YbNlg&$dgEVXp7k~LhUcaA_
z{<?XkQP?7P7wMHKRl*||{>}zr(XyCeV}@~CbVGyzmYezx4~6twZ!u}D6U{yDhc_V2
zmb2&x^2X;ufhcThCkH)LqPSbqqwxGqa7veY0mT=dw0FcQ$(O@$YHZ$DRFA%X`~z^W
z*P~t}TnH}p0YEt1noT_7YaTtrmxXu5l6``$<qn2=KmoSY_y-c@EqFW`r?Z@~h{%ir
z=iXF40GZmkEZ>(ri!!Ia)e~%_rd<0Q=2h5C*a=LT;?@Vt+N)={y6W@f);^*s>(l_i
z=(A7X#v_vYQ}2Iz>F^ypQfX+_w$;m>AvF)jKD%r9*%9%(hw-g_73h_oK`bPS*g91S
zDFEGSsG+yZNgY#K8Q(Hzx@ST^*Br;wY*Oiuw<wHp=Dh)mjmHM|*bG=m=B#Z!OX89z
z>Q2o}sV!)<Jdf@-MMD3{D(SI7wXF(mq+}JcQ_={;zc?4jOUrEud*XYb)&%QcA9_4E
z0pDo4-m6~vdce#pN1#pT1$CF_Wb%zuJJIuX>~ZM^*i~!&h2Lf10uyIP{b@>wxsp&N
zWV!JQFEkt#AGi)<;uo;n3ton;W4%EEtiqRdoKaR;xGry{rWHT!bwA~k;(+eZx|<Y4
z?gBrrWMJhFptY-v`T*#KSZIR7YFVKcBvH|AS15&d#B_{`;XYtUdZgynD3qQ~GaBmS
zR)oByrt@_Iz&z*}6L1EP9{hiT%R9G7d~fJU!k>CH(b_tLT7A6#eWCI*`~;ZbRuHyP
zG!i?-Vy@TVKOglVBe*bUynG32TxWI*F2BJxEGFxSEaIcRrX4Y!X1_X0tAKbDDANJP
zRNvyr8!1Ujz@_*4gh6?(#J8oh`tt)oAQ~h(|9}y(tKkG^TMEHZ&$F#PRKaiJ7U132
zGss_0KC5zByNcDfcb3PT(co;L%rc1l0pJzb!2r_)&ucwlO#HShh5DoY5U2H5en*Q#
z)7Z9H((OnDZqjqe1ClMFuH0wb`)5Dvb2AJ8K)#vezL|6|+id$Rtgd<SO>&2Ob4LkY
zFMf4-kO{b%;MPwWp-}V>d4KQR-KgKpxIZ;PI^8s~s$I0@zF}$WEJYl5QN5Yu<C?_#
z=T+P{{%zNvq6yC3Nmj>6oY_g9>ln;Rx!0Qly9cE;*Dtf4lZYHvmNYr;Bvqe3%?$u8
z@agfpnf#30R49KVHwY9M#D6WfeMW9%0fo=d9Ya*poin|CdByNg;QqVbhJ42(J+53?
z?eR-m2IEhbyT2_TL1A(EyyPiV+c66gcNgd{5uxUX_;Wy$7ZLE&1Cq62^dy2Iq-qUe
zsTf&R#;}=2D{f-1MIx~lOxGLxdkH91ZIH4yW)@{^w|x=5kLis||K2>jCzo>Uyc7a;
zW!0$)sJ6@5#MnJ>$2~9VFeuBp7}UpZ^4>jAo^WW?|MT;W1bDhbrSwxn6FNKHBvg}o
zDKPaZxu<?cCm5F>2_2^PwT|()cDA_YWrGq;${%7w_hE%t`_Xg-CXO&)D0Di6&v1hA
z2Vqn8s!`zpaf?#0kmm#=o7gUXPCkS0OlPNf_OASG>0<wg=%JH^{OL~<j*BXhA3bKP
zQ|ecb9{{ciEL)Es?YPo&b@JMxX$}01z>1BPfWxDCG|U7vNO`ST;&UJET5ac*qceY#
zGb>n>Yi0(A#eUZ1tW(@UY$Op+k+tG%((>Z+ZZ(dZERMJoNZZ84C#@QX-NMcPW+3qY
z+$jAATK!|6n(j|<b@^!_hO2)J^mj22`GHjYnj)H`GYKZi-ROZOsnT<dmj7q_$P9Pk
zZ)d@SclA_@n@Kl-!dXEh>&@rx6@}&8&d|ln4vg99TOS?2lkzgnrk$pU?J_78)h<iP
zK7Ot{Q&OTS*tLvL`y#>}!4KQknyc3oood>Ow_|!w%gZj-PphS-{E$I<30XH1vwkF+
z3F}qKSajob4uPj~uB}Q+2_MwtCd7j55ObmRp;_;s9kWnfW*ywID`Y#|zWRct<iaHa
z+GeWO)`e)vStGC7GKyC3R-<XzuX_WHz!GNIuO^P>o(~$nS+>F{0$S($u;Vzudl%L_
zbF%;&S#Z=|0JM29ttUvr{b|`I<vAQ`K@Z|7bLy3~STp0W+QEY_TWI3U5;V8j!cz@$
zVH6B)K-1+=w!C<Sj&DpL&~W7tQ!%S)-pHCe@_YArmT3+4=FBNs=lJDrZ_Ug5bH$M7
zPVf8f(vIrvI#cPEn(E;aD5CG_QwL9KY9Ur8gGyjjumaBb2*m0Sj{Q}F=JAuqt5YAU
zpZdyH@%58#Od0wDx!TE6w){Dmt3Q-LC%8yk-n|{4qz8>Am>L-xggu%N8h$3|2fR2B
zK9*Ue_+YsQkz(klNkWuaxZnL3wubn-BL1&2`d<!^^J)JYhHn1p%k6)8z~_b_AM!g0
zMkM-rs0?z8|NgTSX8sp#u(i$J9_AMc#t;VMrw;&<P8hBeOm8{y;~PrvkAAmFY7eYt
zBojA&%0NPJP=(W&-mUSnpN`^uj9kbv`=mR0my+kMlv{2FFX?~}KprV%)E4oU<U`CH
z-5Sc}_-@CJ|J`FouHs0WA6Boyskv@n@vQ45QggYM#xs3dP(auVKx;$QR_&@FCNKdc
z9OE6qL_S?~OgcO_OP`I4U$b^ijQFZ$(=w%Kx%9c7dt{5F?j7?K%2C2I$JRxqaewCn
z0EWY&vi;&02<sYg^P>*z?o7HN3sQdFC&egntxY3e{7{F|{aVmF$Y#M;2W|x*zRfC6
zEk#jb)w3uPG+|Mo#zrbCB|{oIG#)CUzi*$iaGzu7gK3L`5!NbPF@16pJB1FHsBCAg
zbA{asuXt36JSRqC7g{OBPsHNU!zrxlQ*h33c6QVgry^iok$tkmqA#z(Qqiy}KAAa*
z4`>-xQs4yrJuzZm{^Otv<#(zmQ@n}4Z+wHxErvaP+}+vmmcz~4&DHIpZF=Do5qILZ
zzz=|`fIJj5d$&`!mxUrFy7o*1dwjeE9-^6y*Jm!kmLMmBKAHf@w4GrTZH5I^J%$pe
zjIs|-craI_F?##m28I+I<1E-$euAyZ4gr^C@Q|1#DaEJ2H6qO(PohlyKMY}Tm54Y7
zqgCQCP?)+)q2N5&k_KpUoRI=>S_Hj>^9}P=uP(R4{DEp#uJ!6>l#1BGJ0u?8waH*W
zYBtP=l#XS<Sc=>rERolsd;IL-dImV8r0`RJL9?{)%M;=mWBne4MlKE{o%m|>`~ise
za}rb_8)-CgM<NSb*7IFZV_{RP74X`?P;R7I2vZFa)s-wpEK4|Sv!K+*sg?vZUiVn1
z;||my+ntzWH^)4`hu3AFEiBaZ`*V0Xt`>pxcQW;%ldet1q#dqfIY+T>_4aCF>V!Ug
zQEIrhoV@cc$r4z6-{vp-BAORKbxaG^XBct20kG0)DWGGCMx=skg7arqUMFP;TH($a
zW!bb&u(VI>t3P0u$Bffn-!wC>O{Gpjv7!m8W_2>m4*&&gyx!xXQig;LcQQgjP_QP~
z?S|}?yqUtL)^P?<VFLhW$bCJ_Ny-S0`wk0S?0y&u2&1el<=(#<DG;{4gepC-!V?!(
zaB&H07RuyX^n_Q`2RV{9ULSkTckQR<;(eP5{DYSucycKP)SsZ>G%KqlY@U*Mcew>H
ztENys(qF&=4Tv@Ly4b=WOCL2d`a8bqj1v$FI9H`B-za?mJZD*a!#@BHLl9wXEMT;7
zlm<#+M?_IsJs{_S!_>+1DrW>yfx_I!onUmgT|oYe<^8J^?_Ug|7x#Er62pB4aF)iU
z=59s2c7+KF$brQyEYPRl{?z)Vl~)3Vpt9Fz5JnWn6IyBc!b)r;)8})|CfkmaHG<Sq
zgk?04;rr>`IDI(%zTLw)IhB-(pVI(n?B%HTJQ+*^fD>O0Z|J^#KdwF-&U5$T!wc?!
z71GH2)jp$df^ji>@J5|V%|82bw|dGk@iIj905^*AEoWB<zRu7&^_cSn?^Cbv0B{;G
zhi|E@@vFl|gb4scVci}|L1I&iSqt~|aeFId=}PlS(%EJh9$^txL|h%+Z|o=G4r9M8
zW+K1)$OCbXB!9Bv**iW1-ky~Zaqje{?{KXa00+s6RDlqAWq^3#94vjNerI07Ft!yb
zG$38^GFOM?DwO!SQ9#kh-ZiLofXw84bb{7ezh-(1*8~m1Ab`Ebf!sJcg@~>k<>X6i
zC;-7^fi4mh!(<s=H>d&C5HvoQ(K*n7Yb6G-E!r2t>W;gDq-rMNBj3Vkg_+V10;V<l
z$Q}0W8_)L_>tAX2#?Ty|&hIo|OM<I8+@&j=<jCbZ4RK(goQmR4U&SPp8tvzisLx5|
z*N(D~XSH4nJ<kD0uCF+?X$RzPKj#t}OrlCs{?uZ7W%=86)$K3?zLYsoDv=PH*}cD8
z<V%>Z>Y<Es`ikFBu%Hq><E*_h8Wh>U6(3z2eE?WE6^he5zuk^$&<fP~SYqrUTEvF?
z#rL1Q=va@uJ3|S+4_+1<*84X@ltsbz>iUy*s+%%YpY}tX*2U36*iSVE>!Gpdrt2nk
z5L|ApfJvFgnf@S#-hd8UkTEqDz$7U{14?y$iFpHW|AfK^VM)N|q;iKe1$L@Oo?OHg
z?VwFC`k;71;+=zz3xRf!`KdopP%fmG+HhGCWnl)z^&*hjR(|A4ztyQBx~}4<H970`
zLusubnhg2k(y7$XEbTB$x|RBvN#s8OmZl>Jl?58aO-kE#cl&Bn3H_LrAP<CQwHlk{
z+$o7vuD+Mmdz*EVkWs-HQyg{jgGF}JmqgiP*ob|wBgbOQjx#%!>f`r5EBkfd0I(a-
z+p@5c=@+2+Aj_rPX<~6y42lI;u+LQI-%57mM{ZP1FkvBKr|j|}j#He7hgw~rWT%p0
zWh9~2+U`K+{}88=TO?Qt?_+a*--Gy-PIST7X|siSFn{N3y#E#0cVuwwp?yGzbdIE~
zdUR5HIanxnjP!zmtPy-^xv|wqA_a+)XK_&Pvds*ETFM%ih|<eJL{yrmQ2Touw4HXQ
zOe-H#p0zNNMO-i50is?AEERq{ZGMAutHja@Zl!}b$UdlXuplId(InF4M_*>a9!9Bd
zI(C7&G0`4ni9F}g_jkkfYKiOY8@g5oLL<8ByZYA=%Tu&xKVy<PPLeybAkj`gA0ODZ
zKlO~~-+LG)vBRjkArtG`*m%*U+3CcgRN08kYxK}kz&KxJsZO@IbW0&V02*PL83l#X
zxF(AXumPD2mEBfyE<XJMtG=K?;=x+;4zJ3BRB5r-g+Y;+TB<(fBfc=S2GFWc?V^C<
zDp2Sr8p~8m=xJPY_BGJSj$Fv#3~l*{)pH5avC!cg-hz3sc(5!iAcT2H$jB7p-snEn
zf(v9u#^VU4@vW3`^I)+(0lZzwR4|zSk$@O6_rC0rjqhWZ9SRO9<W^k9I$=d#ja5PR
zneWQBVw^ETLa>+vUsjzPn~w=?dAN)MM!-t$fEv*ttl1IXv<z!E=9~G047rM*in(C2
z(Rl4a2wg!L6o-BSU4H`hkR2QjGEH`CNZCF(sW@gerlpmWIB8LFP4>G(bFGjcz3=0n
z!3$u}I434MEUxI$QE;2{kygAWW<R5=S9}#QdtJ0N!4X)ui0TDLcHtZ>jNF5I&B+I#
zPzExWq6!mK2SQxZHVI@Z&4WC)cFMPwV}3$p4Iy#`W<n_ZM}LPoot6>)8R2h|M-MsL
zJDSaDrPwBXlhW^CUBOEq%l|_H>p%ISe=}G=NiY8=xvKvyRrP<!RQ=Bs)PIOGu>Vd`
z{cp^f|2>se%)!7N_A{;ZFRzA3i|B9etPbpd<*T}-uV=tHp^IP!*}8&#BY_Sx?9=BL
zfe#xBtAwQuhdUt<?(WqR5mrZMhmMmth+%^Z2~&V6F3bHU=~W3`Ow|fqOJWF$vH(sh
zfbu{E4W8#~+|p`M_RKgNcPsrMO>tbZ)=LZ{P4O`5Z988fre=^H5ELSjE6vAKV={B7
zE-33c2cO4KOEoPg=T-Z-a0AE`$(@z$w}edIbm8Wtfe3+F6aHFTERQ`_JIzB4PkD(C
z)qWZ?h8+WPpsaEAn?*h!g?*p&a$ntHr5Ae)pwwyE{|MJ>K!sE;3?hoIs80q#QT@=|
z`pq0P4^&1!F9oi9D1m-$b`f2)fhAU0))Q}ijzMYVoB5{HLjhcjL42cunxa%bRo?yA
zdCTv*m0g!!WZ06h{lhD0IPu*tQr~r!1$;w`r5Qp8DDwm@z_NS1KJMGfxK{iWND#kq
zCs;}3W17N_<#<mJmUmw+Fr<<zp_-3Sb#8xDxaw^#H!=k!Yej*|I#PWP;CS`5H9J&K
z_)O0x7veC*2E%`1@KkSl)K`|`3H(BL7!8|un>xsb6~&&$+20S7r%vrqna)h5RCi}f
z+G5F2LndRiyG<QD!r{-<>DA&i_XOjk;Ctbeox<ETckXruG;x9)hhfeu$n2~5?EJ_<
zONNM%hXUd6p?(egdyz7UfC#YEb=rX<YQD}V1I+K-+|!&qF(8FGUi$&ObRc=4k=E{k
z^^$QvX?|khPmvLbHo%=|vV_8qeCkiOT{%bGY=WgGqqu-fFb4#oRFh}-`koF+Xi!*$
zE>1XTdf7KtL#;lK?`xwZGw<$pQ~+g+J-_4D9fw-Rf+j=h-78&;5eey7jw=DKmA6wO
z`)UkBC_DpSxuediM4*H`jQ*mVy66bU4h*A2tT1QvFMlK)n(?fS2l!*b%~lN)$5;L)
zw$^nZq8aczl8U~jPD*r!Ua;%}!ONAt%9Cl@rspZ)<OeERHps!DjC=27?w_L&Cdk%u
z@2t#qF4rlv2g_FGje%*6@x(yVglUbQk%K<$!K?FkOSmC`<4#<EQ+k<~YiyU@oS<H!
zVfeCG9#g|AVY>`YMuWEfg4GKPO>_=BDHyJEGj*uJ(b;Y%Nl?0dbBWUvyLBK%s6p{n
z^@Mf~vUIlBejm$z|1hFZr2k^Ic|$23+qwJq+Qzj$06Z(As>ld2XZCSXTX8~o-FF<M
z{sUMZzH_GV{lYyK5CTRuGu-Ne2pjIbG+O0Mvi9%g6#Ru8Q?@+5JnlX;ENp^#43Nq3
z;y%YH&p9MOU$<oR9L1&Mddn-E3|2;@<`%eQX%a-y)JaBhx36)GgT2T%8rcAkSP3FT
z$doEY$>KTl%^fDhXHun5V=tO{^TVCGaInG~b@4veT5L!Be9>e{gzTav@DuwrZDN=t
zj&p6Vg}dsfK75H>UFmz_B0?s5j1b{n^#~5+ds3Vfh>Vc16mUNpd}I-cLPzdx*c_d&
zqWE26xV~gz2Fhfi-<(#OexF6W8`bL3auq5B^pQxgWR52*mA_<DhcBqkLDoRa11j{<
zLg2n#Tpq65=}iy3-D$$_tXomUSfpngHJtKzO)v`+<IEQ^E~DW@gcQi=l<-Uo1C1(c
zP|7DP<mzj!0Ws{SWi-kYZhglCy?XH-81oO`c|w)Zx+)qRt;s^&+!Pe3d@^nD_yJkw
zus@bX-CACYRpE<s<g~;|5TDD8c*%B#t%(ngWM$_;kCqz&Wc<Jxu?o*s{yr2L$y)^i
zi{Hg`WGM0Gz1*?FN-Kh6&RjwM61T4RzU<ifNPXt0jFUp>DcIV~u?ky;2XW#)f!*y>
zWT6+|c@Nm#xQdaf4>OGjp!IE!1Q=kv$=T0k>ng;|2x&+poI+>cS!UgSFH{$c#hTIV
zGE#Oa?=tU_c=)<!7f{{)rX4PXZFCnWZR-B*>`OLX5b+=^Sa4;oMjpCkbEMdl1&TIJ
zQy3TGpQ8>0pfu2=V2b<TP@SQ;;e@`a%aVX(!t)*bd$C6DC+}|Mi3X#G9FZsbX8&-0
zl!cEKe!-R{L7X|kJMZHcZ;Mzb+u1H0SgjLBl`(CiMAf&6oAnmHWonh^>zys0?j|QI
zC|%(=S7Wxaj5Fdzj-6SS$&Ct5wfUYa(PuVhZzqvGJVA)+U#6iF@=X-DPX2Yf^j_8z
zvj}F3$vs_9RMA_MeCHTUQ3jm^;R*h`XYToTQ=HHv3{|Z_=ASIfH4+}Vwo9K*J0sJ?
z7MpnlOA$vk6N*h1`ke{K5%h6PZW496Od9m+vh;YCEk9>zv-_{pD&8157?ahd2%8eH
zZYIjcnqm6$pg@6*KiJKZY4+-)PUp#w%h{9hD6slVkns!T`=^MbBIwhHvb)t?*|Ab7
z0QkBLQO`r&XbM7fjpT^gizsGt*uihL4q`+6yJIE=M8pY(QiZwK(5M6BGtGdO5@cPy
z3KIet(|F}~!uaLCyeJTlLp!*}&5?{)Td;8yh!usj`!!Jugt=m4$)>d%KVL&^5FR5F
zcjWw84t~kYh>S>H?YDN8tq4GJc3K(4KJOh`N4CbejG2)2#7=9dit^}S@1dM<S?O1g
z@UK@=_{A2F!-W?dyge;fFIN0cQj`(V51x$nMuQr#oLYNmU~;R4j@+YGH-}<h&HDTl
zCoU?a4hp)2_C-8#Dr*_GIktEmneITeCO;Zb_f-};;SxNtR0$C>7rHJ&AW(fZQ3Z!5
zR2?q>?wBiAuL8BpCeeq}ris%-tMBOyU>_}8)=(@=@-rX<e`ni8BVvOJIor?$T@jNs
z4-$WzI0(pna~Zb(L!IQCL5X5@2ajZrB@XDxbKU;-9m)HYIlVO=l$vHebeQ03`u%Jp
zb$ARWH+V>f5hBD;Q%9Bb0EX;~`6|2HtR^vz8uP3Ln3~NG5dtOV$aT_hqPQ5GYxCxO
z*0@lM`lps&$d$+4;$nThI@7_MoKx<yo))w5{o=F)s18uxhxJ9kNPk!BHLDTjK~018
zA>u^YaPg=40ajs>)WIRQ5Pv+YHEyZYZj=bBzFsFhwV=`8nF)@`Zf<J><8@4&T@yB0
zkqfZIFxG~`L_YVMOTQm!e3F=FDQ;`+i@2!C-$$g=7`RWO;OGL4y+}#<LC0zphKC>b
zApZ7ZrJEZsGCiQ<`@V(*$ano|raj?TUfM`}9B%cbLgC&)Z1cU4G?xn-%xM-?AGhE0
zxFPkYi#4bY`0#a=GA6HZw7n|1Q>?&383hPZ5V3QIQ)*O{gek|&jQhDn=M{OBV`@Aw
zWZl`MNDU5a#+e{i{H6L3-;RXfX@@S(;Og4<m8o%a*9sXxRmSQX%8z6f&JF+F5}49y
zIgY!wmp$`ocXewcSSf!_XPZ4XNrH0v@}g?xxEl7`+;_05R`a<>Pr|VwjqAA^a!WSr
zm)zT3(*wjm6$q2=hczt(HJ))mnASK1l=rF*kKNr_Tk&bzXuGH|e-IZ<a8k_NrjGDZ
ziLg+Q8eOd#m+5?g^}B}y{Olcr^mTMa+@R>d#tbUG5#n+q6Y^!FnO3_feVAxdBPUZi
z4h$)|A%FKK?bV{R4f_UMOe9-%deMOpkz!ootBkXrp0@JkINOd=wZjGU@YOH-IXP}Q
z#yC}Jf3Dox-qT-udhj30VS1s`Hzhto>B5~GBm0MvLycckRu6BU+jOh^64Lb4quccd
zmiX>ZbNDD01l953ft{t*9PE1to#S`N1QxIfehC>`^6FcjM;p_NcRW&jC}i8}+|o7c
zL(BWbdHpSv>$ph7*C)#8qe&TR^2vu8jt>?7vn`OG6@AWHpkHg0hWq=3z&#cVuHD)>
zF#}=yv*{_Tsu|dBx<g4J3tdp1%7x|as}}~yjI4y2Di!&au{$SEhexhweszd4ifcuH
zZZ?j%Vy(Y<wu@T<6EZ&kfZfr!Vn0qQ@MqO(!uGh9dUVG2^)tM~v4#6#XX($)>2>mE
zBPge7@5!qoRY_|<JPwj6%%lU)1yI{*Ev|dQN)DIeGmOqvTX01>%WVa+*a`Jkvz?-u
zq@r86Mr?a<VyMMc^@s?FU}z^V`@|h9(Sez}`Md6q6}|XvOX0mc6RSc#y|Q$1rjP2z
z;x1;-k#T>IjNxPD8vSLhh=@?}fm0pjFnHIi!%muyZ0&NfmX%bKiviGP!ZIb>pTd$_
z4o)%)LO2A3=Mj#~gvs1S2X`J8%NXIoCNQOYEciPcF+E?i_?YwD)O;$t10*#hENOed
zpXC_%q2>BflNJe2B5nwl{pHTwTlISqp6k39O8UE@U@G>CweXnV2o`6~(Z%Q{6Kd0G
zd{mozAV#z$tD026NeEq^ncpmSWtF1!n{~A2TzNEGR=7CdoVe7_%TQN_P>N0yO-=W0
ziu+Hh2#&pv;=$jIefi+cx}nq&*q_6xZroVXvwa9Alc=(j{v2gn?y<JF!V1tRmCqf?
zi4GtJ&|+d$@`{^kCTyc6{yN?j18wD!Ca$79gsM1$rA>qvPC;6n!q20FJf>TGGBf2i
z-|Lza-{(T|uC2kw@sCMgzB=H|FBa;B4*kQ^A*bYvewXzP+L3*iL!&)7uI+Nq!PSUB
zaL?6R{tH=E++M|v1l7SF7W$s?7(U-wSbQNPRTo%j1zL!wGwQsb2fvQS;axk?G`B*B
z=9f$%xJE;XC+Ao!E0>g8#r!Ny&G7o~LIa-6k^7!M?_Xd3V0#=l2VG~N>5KT$a_m#m
z))fA3js(ta7W)l9o-!b`5qvz9*6sa4)7+d_C(&C_W5-UICwP9-t*Y^wd>BvjSS9?1
z7!~o6v80JdeE#c1pkQ<Nrdbsto|}J@ZWx}_fp0pyLs2yxj+vzM)ab`6_3oeJRS1pV
z5!cDHR-2BNMUF3=1QAmduY{5|5BC4lck#dJ{LDc1|HkZO`20HkKmA%}Wc_4e{s*&@
zk@5cvW+#x5h2=kqoh+YS`F|jGivRzS*y#kw{9lNj_yE8s<@A4{ZbCvpfq+AUfqrgT
z;e87JZ_-b08`x)ye{Y2Ui`aP*{ka`ZViL<XUtAyI@&RBUGWzO(&D7PI;pyRnh;-cb
zDF%QFwTQH^R8%NGJEybE1{ysCSy^FBuJsBQ+f<obomja2plgKko%`FAyv6H$dJMuR
zbj9mt$c@!Ti~xpoe?t%cy@9yU+yl7ue=+w~!ErQ;mTrrg(PCz1vY2HtOBORTS+ba!
znVHdIW@faQ(H1jK+yCBY&P<${xD#<6Za;N&NEw+~l~oDfS_^MkA7f#A4%%ot;}-`E
z!fwYdV)66j9maT#ZICeE_toOCGOzI|zF9{JO@$ExLfJt_l>NO~yo*foYiSNiU2}C8
z8dC_1M49HdSBm_k=%(<T$|s}>abFTaMA}-k>d|mVv;5-(HJLs^)g~(}KMTD*(TE?e
z2jOD7tQFGHYon+D0E}wmgH*xpd}*y_i*yxY>}8P))Qhg)F-crzb@PD%vl8lM^Pa_0
zpRQ%eHDjoBp7j~MzLf80KEUk_7_YCnr{7g9QY~LS#MgMVKRN=se^i5DkpH3g0QNHk
zBme{og9wues2JoxMgi&vS+GdR|DF*46%3vw3Ml$vS{-pOqA=WQzio8S@!aigti6%a
z=!ZTkSF-R`i8ALH4)KCXFNmN=HXw4%X<fBdd|MP2n^Rl|{u%P_+9vTJXNUB{=0kV(
z-Ja`Zkw^C7Y7hfyl|bWKU(%sx5~a*yG_uB$mW5qQ`koQ{=<ZFz;1OlSlss14uCV{_
zXiXLqrH*MAcEtT&q9G)_2y~tzsCA*yEox3~sn#*s;Q_C&B9<;L<|P25owbpUuzCoV
zb2OJo^w2d8mZGtr{=r1JfnI)gu`82U1ISuyd}6qsk#!*St?g8oaz4ZXp}Xkcl5n}u
zo3ah+wJ9p|q>lkdMl!WpxR!9#1iQOPRVr_TKC#Lrk-R}&I=TvEsyj){<O6yvSvJxf
zL@WEzBL1Hd-B=?}pDw<QNwl;CoT&;p=n><;Jd%y}oP++p?HsUU8T%3P%MHc2puUzR
z!0#j|@Q6uKF<N>=8^W48{ontiRpnKKo8%w2P<s`5_{xyJswwT-NRhx$Bs{bBX&N!7
zhnCB$KQfd~p*O_|<-r=gm(bGtnRWV$YCmy1_}wRCK3Q*3K2d|{@@^?&<ITNrHotA-
zcnKXpWoi}YyJ$U#hIsrysh((TPh(9+0h=)V-J>3Gee2nJhA2-9rBW9LmceL4>sC!E
zAuFb(%O&)ncpmyIN<S{s-&gVskQS46O|j4Y#Q{-9O>x-W%OSY$z0tF7r<?J9C$kgX
zdSKto4I>>{K)Dy%EoH8*)E3UPL~}?erClD(>-U%z<$6hW>0CNXj&p~@C7EA70L-M!
zD`8bO$!257Kl#i}Lnh(JbR;Vaa7^IIdqO;9K9%4~isZ=!_m2(wvW9E?Zdna9uxX=Z
zybx}v`q6J~B~+W`O-g8auRZ&FSx_wW0|30e8G&-9Kld{@)Suz~=K~4?1^`EaKm)?1
z$f)Q<BtjT$3VuMfOx*0;KXmCINCjk#&2pZ?D4h(2nqJ1r7ELq|E{5$P+35term($z
zpFP+VqBY_Gp3OHECACYTU($JY7=4ynV~e=a90-)^s;_lfXDkt<aNxDk?fH9lqHU1+
zyB$0Log%`@6q3+3h`wUk$Zn56O|blq2>;EKOi{UXD0lrs<5KON-M<bpi!xGk>0AA2
zMp?K?Ns$k*84M_Y=~z%Gn134akJ<+uI5LSLh>+1Sm=*mlNmzvx{<Nd+KS&Os*9v%i
zc{+fq$GMFzBB{0N^Ru_*E-8yK6l^@EyK{rbeBUHuvdya{`-q>^P<=rE6@T+V*lngj
zkQmEEdc=l~r9jB#vR2H+GuyH`WKRyM7!EId)tR>uYa+^CqxKdbTmrn9Yrz{ESB24U
zdfiPJBRE2bCv{+b#r{zzfrCTC!2Z+o|5hiV0p&>$$Sif}Bus1ujzB<&lwH`+!M}GF
z5`#?1DIh+fpq^DZuMda}{p)c9lqWsfaeu1H)irIHCXT)AMhb2+oI%@@I1q5}67-PY
zWK<rxDr_*Vn_#p|BWjwk$3wzN+m9koVXs_WQ7*)U)0d8hEU{2EPP7%rsy$NcU(vBW
zZcm)4#1F%-+8j%V(J34?Ra!mS?{@E0moOF(T`NDH2szGh(a|V7L@3{1zsb`OXnatk
zUDW*mkS$@2oyx}&>gc~OZ)nu0dcMYie<eV#@6*)W>|=4xjmvZ6^`Fa*9b!P)s?Rt(
zaCv}z()r%krLJdRleD}}ZDQ>xPjWutjGoVUY1jglQ(UK8{_w<w-ZhQr8}FW=sUO40
zv1<V@u~)E;ghSd(F@LO{F8>PIG3T?*ewgq90Lg0#maJ*#S@kDLF=~O0mr5avUmYJn
z>{{3wFNr{$%o4ZaS(7UxHj7I`R8nQ2w!i$u5s0=&US=?WHKooOo-$X^KVZBnmD{G3
zuK860=fadt6h$WV_Fkx<vF}TE8G@#Mrj5Y(cbt69f}{!GxQ0fLF3R=pD2>5Tp=qjD
zt6PiyW^^8=dqpV)$&dip7&Jf5k=`ab&zRmAG?<3Ghi4jY`<knkI`gL*)<vY!w?(X9
zP#%>?l|DZfG??V3$fqPY*kT75Ni#q^)hw7I)ib@>I~UsOMUbM;I~V=#2s;$Ol$_CV
z(SqYKctHE5rShEcN^L7?k;3*!&hD-rjda%9^6m)R^51+f*!}Ke?$hx}QBz{5H2Gsl
z7dWuXl-60ldX^CliQ$CdYVKXR9QI#S0&B5bVAQICc2Q>U?p|n9)Wv)YrhTWs=NUYj
z8qoLrN@qKP1Rbt0`|PE&NPxkoG(1Fk7|k{#$})^6nd?bIsQ6OOxPo}2L8$Qou&9CP
zw~CmlBNavG6DXL%aq9ZYajHD~*h<;DNEW?BsDpECZwuXj=F=b~er-(!21<2kjH5Ie
z?ZAuRO2emTClGWv{{f&{Vzs~>_JFdn>8ryIEf}XeJhwEJBzGA}FGuUkH}hBd8dE`x
zM?;FoBFRCjD(s%#%PK@uYE(f?$hMH0iQeqSolY%J2)tyyGPahjA<t^6eR7lIrWTYZ
z;3$1<zrtGWYGyT9L;6RVRIT>4*IY#9fG!v=PuV%dNQaF|O}t;0?(NF>kcTOz8+S`D
z%1BS})V{EQeqxD$tUWj>t3#g5=JGThmSaa(+;x&79xEWVD-OFd;^N>|Ne@9`AhI_3
z#pB=eQehS{5aOvv4X#_FnT1u*^VkZ?VbuO^VWRA8kV+^f$HW*MgjOG~weM+VCvcoP
z%OnzuuzbIS!R%hQW2|{z;^SiNz!jC5+*zNXY)G8LXCE<|*K)67o?6k+q`(4H)w(!W
zw)`?r$3_BK!Qv0U={{-RQ5+A=B#~Mn{knLhH*eP$<qSOA0=O6|sc2&HW>%GM=p~jn
zffyOs>a?XBz;@BHn)qZwZ`i7a_sd7dKzt|Q)}I*KSe)&HK~?b}H%`l6blLg7ZUrt*
z+s|<3;ds!MSwXlHN7QeL!J$sb8PeseXtE6<PbSNcgbwGW_$je@Lv(6ljG0JW`_AY7
zZWfKsyuOt?6G8jC^_SUgQrLn%4#CDM9qy#+F6jHNB)&P}_!072Q>;c`_9yw8w~2+v
zsC1hSiZvOl?ks0W3YAs;CGfV(9f#i~DG&r>ppa>f>o?7cKSkrVyj2@*L?y}IyxQgu
z!mtD^$Ghr>!Xrk-Dp-4Qn>hr{NyQ@r9Fyjf0#Sl>28iYwq~LAWe+r$_t+=N}Un{7I
zM`;SEL{TgBe-c|S5(`2ol)T?avy&5*guCxhtkU9IVjdMM>j`Ee{J|1sWmXqs*3F=3
z*~5T;FXh?>V9C&0Rrwud>R48+LkoPAQ~gn90HqlaKz{I_m(RcHF(M$}nTO0&ciB7p
zpWrd#t1W76RnxFpwPaqf7~Jd;cZr082LYq$6PMfWqBnlUzu)x{N^1ObJjC}|G}Q<$
zKLB_Z;S>Z9*)u3R(k}u?l_v6l5Yf*c0Q}vrQXc@oUd*{yzUjW33UU5!ZA&-nZ|~up
zSyV_2ADE{5fl+J~Jv5tE%}w5-E0ox%vc?>$9Dbj!(-*lfR9~^Wb86{?7xZs(`1OE4
z32LZRkxeZjL(qPm@cf}xKUybd(ea#qnd=YD4QShQsjh#^K+33F1Alu^U&E%v)b6no
ze;I4(nt1v}2U<bJFzwIHs2Z644w-HRKnSyQpNkH$I^nzklc?$H>V9Bl6yUh8^uD=O
zAeAs^^N2t;ofW@<|8clyA`r~+!m%gQEs3{#3`#n(DDRRJCe4U+J0o`!p>F0KUvvtg
zlJVp0wht;<Yq_zQPw8Djc86q#25obK^Bt*!eZDufUmYyzXE-k#4&j8=bU(QZRF5uZ
zz-G)i#P2x}ub*K$mIOZts3J*7eJ^Y3m}6n@d$=`1<l}iXxv2obh=}2G>;!vzlGJPr
z9W3e!fdDjmewda}h7`{V?ifGm$W0L!A7P{@Pu~ecKY(w~TKO(L=5_#<5_r1TW4S9y
z<+Wb-VbPWmWLD0`!Zk>dJF2?k;2P<<#cBesR4Qi`LPjTl16LdIhQ8j9$C<VKsNkkR
zn^fK^l++UTcS|)TTXBeUZ|pliX+D9%4*)WA5UAcVlta%uB5O)JGHUKoDKU=*_o*Z~
z^_*RkjNiV-Ia#YO>6p_SW5*!S!o$E^Y+mGf7yDbBk+1oah{T#rVx&E}F09DV?<1GJ
zgekRoNLAZ2+X)K}QFAfI#F|yD!VvIIY2GZ<rIvxEp#VarQo$^2-0cB%=psn124;hu
zZXUhIU3Fh`Zm}t@FDW>ux^3`ZxHOCnyFMjJIHMd1XG*V^=nyZ3QY1?UGW^mFRu^h0
zBJ#?+Y}4I+<SeMp2RS$vZ%xKm_YDoc*Cl$irU-PXL_d<NL!5G>Ci30Z7psY`19Nke
ziZoK33#3OvCh~_BRP0P%?xq_@tkJx0Xoxse{EP+JMAI@f^8*=>ODdBT5rYJA5wV~M
zeqov|sRXCOWPMZ0O4ib_x>!^eX{e^nh52PJQ;5+q)K7<Hlc-FNkwp!3(MY(RHuOGh
zHlF5u>^^B+g9?l^<cX871;ft#KtdmB**=y714&P(fgJWMCUkJ#nouQCo`=i>O_ncU
zf1r1);^13+v7lg@H<5@|UVdZP4_28Gu29-@8qeN-=<$g5Gs3o}NXEhi6`GF6i3`$-
zZwqzn)Bu(G^y^?G9K@a;1$>x)FUSAQrPHP=3X4qhUHf7};sWV(9`IbW55NS|%{VSI
zbw}kG`cxnG%_wxNAJyO_Ux)Q@bYj1qJ)R>ppFQ+v;IoGO?=%+@xH0e_(_9n)u@KO>
zLD9j_ppGdo?qAcwKXY{CVKrX~8Z_*9TT2I3!O8nr1tIZ}l^Zx;GN~1Ug=Q3QOiF!E
zrFCzj4L>$|7&JwYn+kdrNs&Wb;7OIs9IX@w(Pw`l{AsdneXEpj6i{h#@<I2kD&ae2
z=#n<e4jrP4G-a>7pW2N;z6%TE?|}<!4#~(ESVM}@$C*0x1`NKc|Iw}etuYAHzYKT&
z)EWc@=)^-r{0Fa&%bUGq@&j&U0*!Y5lGROd#vzcPz9U-tm<Z>iaBF8zkiLE*@yn^n
zOum-1(@ZsjFqzu~@FFA^2pM2hBChCBrE#T1&qSmgpS49$o#cr^h{cqXJA-`pdG;#h
z0aVu+-dDnE!`S+MWu@ZTcdeOI6Tdj|mp#NR!>PIi{!|b7&qfMx$pi6k2Q6Ur{x}2}
zI9wtV0qd4m7x%AuHn2lq9?x@^5`mfvp-~q`kQz9VXoShF4yiy(Bg114R9yo5y{p%5
zy*#|whj9leD$h4$$7wH=J$}#8WN(3#vyjLjv|m=SM8rQ<+ZU*6>Bms4@_5doYj3r)
zxnSVtHnYs6KLATiJWJ6PYgoz+AS<vl4T=Fg!XR+DY^gdFnO+YG+^8E?U-v@wXD!8w
z>w|XNV_)?cmygMWzEB2<*QrQ{moIwSmj`iihX;Q%EDfirQlG-WK~CjMLgYN65gDsq
zUYyRpHXD6>HK6j6FAn+!{R({vfUUGNdi?Iql~NgC2_3eQsxybVt(b?Xo`6iM^j^1I
zQ9zTOh{|ED93XssG~m;EMR@Kd@sfk`e!xo!%>%x2qDBrfVnw9C3nK}7L&vy}dhOci
z3p3})RmC-VCGhie*E;^Ek~$xq&8&d^NZc^pfh__+*eNT&!0U9(2Y_`Cc=r>R=i*+H
z+G<82zUy<e*^`pyi6LPquLNzzluUd8S_(x4ZE+5%y~OF5i@<A2;Q({#^Fdpt2tRVL
zL7cZi6c0~(Y*6oTm8<9y;N9OVJ^%?FUumG)#ITmlJeMFrl7~I>CzdhyE}3B*X&g8>
zy3aWTul&$v<Mr~zQ|R2}hIHB7Ld{swWLKDWq;+q?f3d!2zu5~F(E3NAhY*K|aGad|
zn*U`Xb~XVkP*MOl%9kg`jsE?n-xnO(tjGPkPS7Sks%r5*SqGPu^M;?RueodMr*Oi6
zMDovvUjq#katd#RybMByq=WWFeZe+Fh)T)SONk!QH74@vzP#t{;FCo46M=<7VAb)T
zYHmdmZ-x?U`7Nq0dkmBOQ~b}pDxTp9!(0E8SwIFi8XP`kItC(YN!0pcw-e4jwLT0&
zaf9_iqNs1FKmM`f(g8VyD$UCECKwrPjX3rlD7ra8<D1I^&FCZI@(iB~9E3PrK%4O#
z4){JEL!q8Xcamji`O)8YP?V{_`3hT=h-mau_#!lG_9_u%4S^Yjnn*9Y@Kuq?GFSn%
zCQUzW1*JDS)+@%u6(AnIWG>P!Gz%`w{N^b$Szl<LplE^RU=IcW1QGd9%@-5<V8Kh8
zI5lvk@$4as#uzY#kxyEPmN0~4U62LsusoEtcJo}V7KUv{De-+dG7t3DAcE-SyvP>J
ztwhe6nRaZ>vXZ}c)~&42j&R{I^Aah779?uLgSKG0rZ2<q27IoiS6qRw$%V@l@X`AG
zmh3>Of>_4q(t~?+OHY4#6`#Wb7OOUo{-zJK<)W4hRYC~09$fssOJqU)J56CgP@MdP
zz;NO#f2@C8fUa4zJ^DO6Eb0OVY%ufr^fqLfL`}$V16g5!Q5P=xpjZYKNc02(IB~>}
z;y{#K&_dhvD^{P2z(me`o7!p{Yy3r}7LC(&I6U>H9$`Po0S>MWigf^|kdThk&UnM)
zDKS>>@~y@ggnzE-6m}eR0l1<n2`#bAXcz}~unp<#GC@h^Bjcxn`83b|p=~M<9We{?
z7;!{u&(f|Qw7al+Oo@x%u;Cob@N4exNy+J?R{mL}VYTp{blXGlP*#$+ioH0F`aASu
z34$ab98dkzOrQY3HcTbSLnR5W0dKS{U@Q%93?Iz^^f5R9U~Y^$I$e7>S{D0Dy5G43
zkyLEQQSBZlu>#fB#Z+<8O2nqFoPe_cC#<mGem5)>kH5fLw)nBVA9W2~vQZ@fq0?R_
zd_WKZOLS3rlZdo#DBWT1UW2ZN-(lf&K8h{r`{f-h6y}`#N=KKI*ITU}9f-Xw7q|py
z2ueA1ws0U(9(=0#oNA)t_;BW2lckJ*0ms=g0GW6XZD`IX$zs~*yg5+VrONbW?;;;9
zp?4GBG;~-Cc?yxwptC+I*Gar-Eghf69M*Ro;n@tlf@5)cr22vZe3bW`;d0zFHMa~D
zAVe-Cv_ui+&j$#k0@y71{MT^bpEH90hvSO>bXxI$gZtQlr7Hb5!F|8AVVp4*pFYkf
zWQ2vGVZz`>a0=-#LBxvcEkG*h!b|B?wXx(Z;LMA{l?p#d+I=w<Mb*L}>M%va(G`%y
z)quWrf%JlGl|M&>i7qB5-rl!5Z<5neq^?mn_kJANJIQU*xt+gFUU;v)o#PKwP~*8o
zx5BlN3n9Q+aqU})>ij^i>zfrcGO(1*^B9k{24OT@3FYRS!xt<=;26r?;bC*%ADO>W
zp;geNZ&fDdCw2Vg&_D9~%lCygs+p&J15wzl=o<fu`)%+Jk5VyM{NxR#HAQwfqwns8
zEv)WKi+%-jG=>yn!;xAR6+yh_!6<u(NV@E8hbVjJJZ)#k@3b?_Vu~6wtx6^ke$m1(
zI?JOw!OI7b1xCpq_oSs7RiJJ=h*17B%*SlZziWQecT&RZ@!7><7+o~;dzHl@bnl;U
z%^%wGMH@t``?un%iep8Dyl`8$t1mp$^@fP2kxn&SAoV01!{bre^5<ab_FIb#=VIj-
zTbZw){r+qV_04%B;3EA9Hd0u&;HDu8SVVCt`tLjYki{d&yq8qZQc8pm;sQm8XC)Q+
zt1{hVvHs{!JO)?WaPRhu5w@i*xqXHNQ~J~V^~}7j$6t@y56WPT5M*icUAx1IrTDSp
zi$2}FiCBr1^oW!ODPI0MPLvG}&c9(aIfCV*9moVExiHNR<P=CM+j9=a@j^ByXoey4
zK<ElJPf1madz4uyii+4I?lGibjY>P?ex0u?A$0?kiR~;z5M@Qlrl@lcJ$@sgpO$IQ
z(5KSkA!qDBD{SyS*ZK-yvJIh~_>C0_3qKPT_xPLrx89#FZcsgi-nT}x)p5y`zm7@9
z@RJ5G?`)2w=fyeb?2T?TYIRzJkI`$VZ7>)q1h6qxc2*sSvEjNDOoFT;s*4Z)T&?PY
z_ULmTu&k;6c!@A<w~}g9e8G&7C^|+v)t^6@e&qKM^==@~O1I1^vL&naCM*>)K`c4J
zUWADG^MYK+lH@i$LeJqkn%?S*wuq!t(V6SkEh~hVVspy<@D;Ztn?d1A_rvV`Zs#>)
zAH-34m;Ip&on^4UkZ`mkPPsk%r6(Z+Gt^zx*LJ>my0p5ZbvMMzAR+e9+)i>4R)EI<
zv88&ing1v0CQhd|!ES%>6v9T70J(^9i-=T?>FXeFA*+H!7H08KY15-w^$U;C{tU`@
zNY^WrWlvm$6o;Z;j-li}TiOV(nt2QP&~&=kufyPI+NUgF7MU{b8#tC0n09H9jV;*k
zs;t#l7<0#i(c`4}#mkIVIO$8z&<|188P}Ii5?U`Lq9A<rgks6!q3eQ&hIyE96V<{Y
z{a@kfx}mm@K2Sj^=PJMUvo~tisp^9xeS~LE#fa?gqZ$xSbg&^zr)try(p>6*x6D88
z3Q5TJ(@Y25xgilZRH_|KRBD2X1yM4CS~WuI5`~HrnK3xJW{XV<?~F@dHkj~bp0o>=
z<ytO`KP@I?yFbR!jQL7<KJR55dl#sQnR-H`oKLLQ$9BiUFCXD|Vv?K2)Z|$yNj|cb
zk*i{MuzePTuK{(6bR><}R<``wvQC$92k)o6v&_fRj@1IR6sPKIzUdi5<(V6-lE*RL
z?gGA2)^_Vzo$gzD^#<9VlW{Q^9_uWYnwP3pabHP-i%--}P;XC;y&o`r;dQI3Dz17W
z4uqbmxu4#O<<;yqGhC)f8BSHlIG3xIBoOVUs7%6dreeU}>p#ezF^P+o@Fy-ee!9s8
zt~?WO1x1P+%$bE{iEA)@oUD1d(v}UEB1Pv}q`UCliGF}AT@N@hPCSx8(I>CT@b3;i
zz)Kim9WmB%YTUmab8%KzKZtw%0ynUQOXxguF|y+k$0%h-xEW?=`(3`3w~YH5B+(HW
z{E`W8Z&(9iR=BMX$eDpY=W<-4e6e?G3<_nHE7Guy6hj*JH~;WhM`1=5omQ`cNgXVq
zxo)}P@wgH6H@q>W;pS8<8}+okIRJfhHnUfAhNY8`UCJ-cK^*u5+d*Mi(8tyNA;m>=
zn8)Ldxwm~D^hWrE7Pai>Uh)OxCz5+9;P>HV_2ksL&^%~sqS%`)sMY>KVDx*_5Ko9S
zn|7Apx%3Q7eV(?i`TgWQc84U>NW@tRk7`6TNnATk*dDfXyRphp78MPAl9Vq_9vEh$
z%$EqZOjDa>l&nMTP<F<j!X(Lw)bMEtS)aG^d&*<KGOrMxo-9#EPDmR!RYW_6#HdVM
zQXO^&sdSULCBI?7e>0@IitluRgj1Nmawx^b|AaQ4t}$<B8u_u&8D(q|v@5BTDooq9
zvZB$BPG%g;0s`m#5^U!D758>Z?wId2M9>X}(pcMU>6It>yos*RH)d^S(C%l0=grto
zdC{cFy0VcoEd20XPLMz1GL+>&CAut(Ug8~;{>dD}&l&P`oaZ6|!ot2=1y_1Vr{R@s
z&H$AvRA)U+OEDK8Bkk;;+s_ciJgYN{j7#iU=qEA!VoKXVtC4hq<NHJgZppmfeCFdv
zRWWj#j*5;W%-A}+<ObrOpJBHs)F8YGrRNGs+F*-Nt6JvPEnU7iIrjVh+<f}vCLD6}
zeZ7pSj)U~9_WS71eDg>3c4pIJEE^`{nAFmrvy0uw#L7V{<8ESp4_0{?#7-q=d?kuv
zdc@XR6A>ve*^`^(qg}A#kh-5~I$hU;LZja~#CTg+;?jPnqwUk4eo1FGdYwlA)Bdcn
zMw?gY3_2+;w$^@SrcE28xU>N;=h>)w?C^7TTC3^XD}7-Uub)IlWW(>z?Pl)m>oBup
z?>3Rn^+HrCsb46D!>0}$%a*FxtAM&71UR-d=X+wSFU>}VJsjNmtjepr5+mDO=JF&~
zx&y$nv0FGo^-C#^Q5|CjAe#W6gM46*Q&`>1wJJMQN!!R$q3NMH42zCc?7!m~wvF~}
zNcn6J<X&mME4i$rxMXxQi>yv8GH%%FH0obgv%0bTup{rPfVP0dc4uN<qq+dy%<`g*
z{b;px?n^M`(67NFO_m`+nt=Nyt)icq#miilOM+<kjehG)&T?QQCbYd^;vC9=JGv~G
z7Yxp}#M5Sz|HLX{3j;Zr6Hj7kvG^kYYo&9%GDe&A9BbWmkH)o>ZuFwP*|E5uV%mti
z<!G-zZRp^qGJY<2%%9>-Qwy4`W<Iso0-kUvR`EMO97;~ee+SujGlJff&ngBf)`KSW
zCw-f)AviZ@PhGQKCx3pKpIlI}nfb&fLf)_t;eMqOf_U_J-T-Tr3%{Cl1&fk60lr8l
zV<sZeFBVBgu+38w&HHZQeA#4uMrRxTeTd31afVrS2)|Q9(dfjuT%_co(o0j@uW8U#
z9+SX%_ofldaZCrFr(hdNL26SkD6mRMQLv?jRl6*k7uJX01_TixC52-xoD~w(-jl8X
z<|kLU-;$>L%&I(zOT#+5c&DbK@!cQ_VIs$;S(MRus)IC3^CKX?jedN7ySz1``McUN
zvA`K)%?O@K;s>AFey%8dZWZCuketq!4~)a*geLg3iXW~rHFw|1^M1-NVY1=rF^+a5
zs9e~w_$<$8v(|a<?XifXSm@DBXgp6a^8B#O%=D5u#h<2|NQ_I89NP&>ODIV<xwdxu
z-7<cg6d=K;blNd$7JbC()y%>$g15FKvUwvS(a|c;ki22i>h=D3<utfknm$n3`PdGZ
zS3aTc)Xyz-`Wh;!p?JmLbHGXQE-&l6v3Dg&`nA=ls*N{p!QmI?BwM$|PUjlh>(Tqv
ztA`IOhFx*|cN_3GwY%h`Evo4sg-tRH0-G_3)x|Q~?}rF%_cglpmgAb7_ypc9TRpqw
zw?e~>Z!g`&s=8wRMpET6>GY~mO3UWXwVJ==t{Hr#48QoX(P1Inuo6er5Z>>zZB!Dw
zG5zY$J7)+xQyp=D!#~g>WIeg#5Gpu5R0gcJ9V~;_6B5LJZ}`q<-3Xm?3C?aAkvqkR
zND<>`(ib`5g@)O-TkMY02AR4?X^{>|q7lXu)j}#BHJ)ITcacNx8-GODX!U>_!>Adh
zYlM58?LYEUxn$~8*kN_xWS)YMkrb{QLgr@7xcukLNOB8fVmMSa`o7+M(+M@h2rcTc
zEx(K+!R4`O?YN15?p-*3#s~N7J!{|;#B7j8<`G9X6^k_N4eVqix@F3QqAoGx^f)84
z2~Hi|MSW{&ptwQUBjPZlp0OwINPz#hTwA>*>eja}s7_w@T`ygl%T=3H(ItAFFTwk~
zx|5`t9tECF*0HJ2D?Iz$0orj#ryC^?pFq}T9`zy7On6h)zvf2p@;17RF($*fe>@0g
zBnDC-(V;Tdl}g0?lz=Q*&--{u=^Qe5ufBNe=3%Z8aV&8gP{aMYQQ~kGrYUlMMo;OT
zu1%Tq?gZP%ri+c_(l#oTEh3l>_8N~!IQZ6_PP%o)HVmJGP1h^ZMSY7hFLYUA-qdou
zjp4Kn(RO})uN6;}Q{$n@<8ZtZzZvm?zb(g^T{y0DFd4L8ggI7l?*j5AYTkh?D_j%>
zGaO$>e#&}KV@)Z#nVN>|^V^C>Cu?cvd^3M(4;mg4(${O7A-Cz)Tt$!f%1r>hZqDU5
zKRic-5Av+{tm&E~3Lf9t1SRz2VFa6*%9@Ao0@UHX!~<86#tmByV0;&>MIlfPd(=E$
zw&JW1JSkT>wnWF{#o}>bZlav<4hR7)cmuA0s2GK)nn5otW?J2_F;u!wX7%$%f<Gg;
zu(pM|b@CKFHZt0<HT3f{d>=6zbx0C;T1)E9*^=$kyIb_j-1QL!-Gn9h5G1}L+8ZHG
z6=*zz@4lc5^5km|-T}4Ja`t}b7|!iaU#>5*R-5hQnMcer8QTi{(zIT~&zwt|<!Sfv
z9$uEe6^7PYbu7Rh#OC?H&d{aoJ@ZpDJ6h;tqVgP*b%Q>)6K+t5e2Dw;Xug`nQ=HGT
zp8AvWBu_aI%4Ro^x!oYhp2sE3>L!jSQMCBtUUVqOvA$~pzO(h8mq$;w!)T;9mNg7K
z;`mY=*@Jyn?e6~^xF;KS?w|xfdTv$r*>3ralP|w*j^or{U`FA;H$tOrE-Z$g9ebP{
zyL5>Jz&YP+ayh#XXm=XtW#-r=!9;G)h@GZz_SS%$=5X6mylBRNb7p=DwE{`c9xm~{
zBg1`U^-a5eSE$C-0%Tbc?oRO_JK>c8<@0J?`ctIiU1AfV4|&>jeI*49#oi?4wmDXb
zg)Ht8u7bz0_FEly!hWM!P!i5xJC3~Grx+r!lhzN2z2%M_>ljBrLoBe>Q?wD^GGIEN
z>Kb$sAA+9~A$aUux*6(a6XF}`I>UUySSM!^KejcphS7AxA69~Xnz<l62j|q=ed|r)
z`yl}FJF;bs0(AKhY`kcy?MlkGCD}$aR$jQ9G<*?doq6dO9*B|=6nq3p3H1y!$Aai^
zsvy>MKDb+5r5wlZMc`@z>+KjmGaqQKOPR(nJ<+JF#5y7U!MU1&A6uP=dF4}9DoZ8a
z!x+6aYv=}o^94p8(eLV1%%Ev2>r?An_iyBWeDY%(lSfw_@Hcv7(!~YtKZg}2(xrmi
zTdvR>ufP!Ce@-cXW%Q2r=4G&hR-|x)JlBeEnj&p+s`>IV3^5QvJ3lv)QTb-CiJ7jv
zUvLri>9fU&B8q3Gx7B{&_eY0S3A4c$Je_tvn}G90O**L@-klhu%~5o>>*Nx8N|-Sz
z8Ex77R_CkZ6waMs6T<k;wRYzdObcH`#y9(d=pw=rdPcJ8CK8*V$g63ucLZ;^Sbt&+
z+n=%no#!3tmsP@E6Z9VyG(5JcPSIyC=SqVTHOCR`ow&Rc3d=8ha8@SBU$WQWzez<<
z53pQ30qsQHmc9wuq{)XxE4Z2ke>!YP4kvi$(9A|;TasE6**n+5MEIE3T3HGPd)WQ}
z6Vguk^<M$3e|Bm9?ESE@vHVYfmHYo`Lx|~r@~do|{|(6`9NcWI|G}^RO~U#=2a`ww
zqe=dM7fg}>Nd8~=)jz=`e+bq8M6g0Yf`LQ*pMyz&X$=2mFbN2wMW`NK6zd2DuiBaQ
z^*DLQ8oMp?@dY1IHb`1FK<C$F!$?uP?u+$x2KmSuk9NTq@DTu5j4RFsBA%7jmBhd>
zgohg(7S~C3f~(Ws&282vdR%PLcgqn-JZ<-pxSDmVg_!j%#ip$A!DN>EJ!iQbKe{g4
zR#ugT-~2AO9La^j)LcOOxki4>%#670)!s{_?hc|CFPO;`1u?aLTr!hh+Aqc)%htQ!
zNi)8G0F+4itD}eLJWL(EtSwNU?g9*L(&1bg?h#V}^DisQ)o$dXd`rf%=?%%vx7vFb
z3(vp+7T^c6cpU>{XF4T$5O5Kn<S9{cOUwyatyLxCo_A%eR(5xID&4S`k{4V2c>)wD
zh*wwPc}x_4aa`h&9SZt(r@dv(JgjXq96ofVH-{(pv%VYV++()e!?Ds_=gc(}2g@n<
zq5E^0OEyFIXOQq%@ahGyW*Ll_tZ&Izj^m%$&HWo)J^<`mEQ8CuXn`sh@Mj9&``5bl
zkNA~um(wsnr~m*-kW))4g5~$`Am_ML1QI{|j@=E1le~Vpf;jz!Ab_W6KnMcz&lUgM
z9-zNG1ONmQ84U`UfJ4NDLQF!&%>M7AGzie=?sL$rA$vT@xgLkW!Q{o>MfoMzlutbl
zq~joi^Ozt^^p}Y)T$$P+?=p)VOJHHld{CGQ8sNUo^CL=`HWYOd1Q8C(DT2G@NPzIu
zx2BmljkDM9RPv`Z1^8341nk4r$yu%Rf#U=ZMdi-O0ZR;Hhz#=b3hxDEa<W5XmZD9`
z=`cj?^(4?4?X;#8yLRsjCj%Pq0J+iM3#l6=c*BlvI&^5YtE$Qx;Xk!_?l)A9bmNCa
z*`1<f%a&rKda25L&_4iUC7HufOyf+etIRM1I|;j!R$lgR5ntg#w6(c8G&@EO4mbDK
zlkaFDi*kRs+;NZ8CpLec7+?@r!t0n@3N!>2xBev->iVmGXG^$Nsy3N*VW-WE{Xs+I
zWlBSDNs(|tMUzO+9VzY*S4NpwQ`P7<2;zC8d(vp7+E-c`@T7PYHbe7<M|LDGr-X!Q
zlT4rocB)pY^@>{OvA7xpWHfrT0|(gZaxGUK>Nm)VHWPA>Z5XfLGMn{NJl=yfo0_hB
z)E-6t*#jEm(}ZouS?N=ah3C{)fFaq_5aY12G(_+$|Lk1rkZ<d5bJp;hBWalB&vOY+
zkM9nYWN`)ba-3^=RM^XgxAv(VjyO%$iCNsAd`OSE+@PypkX+<`R2$xo!vPZq>DNKU
z#r!RBpC9CYBUo1?w{@+O@AjQj?Y7Hyv@$w$C22+fl4ZOV)^(qlA&{G3?%%{~J%>M4
zaU<A6GL%_3+T&{<XW-{0DUY;Tsza*jXfG$S&Q31e($K`V-`L9*(n0;CX9ble-@g&e
zv2JUoRh%+|c2~viQ!35*>&#pmX5%0|-a)I}qtaHnYw81VG2Iu=UZL1>m4+eJ&nJgO
zRU5m<ccm8_oy|v)4;1gb@@?iBPgu}d5Ik4{<w~99AAq#VPX<1S<%yhtOA7<s1hX*m
zIFA~fua;M@SA8h+*)THR<4lpMi<YZ|VIP2=wm&o~)!&Q&Z~$;L{2dGb&ImyMV?K{Y
zM53tVz{Dab{C70`rD;dNFEeZuN1J>|GK4d}soVHNkK3H`7On}z$u<{nCQ1-UPh8=`
z7O-ItQd$<nu89`({PbkJP1lz`MYmNQ{v9FlO-3Q0F9>WDcK=(Q<#8D-V$ywc(7o>#
zr%^yKJ_FR{SD2FIv`_YKQb}-4R01+TTCHF^m2jIZ@Doc=J!QS46+9pnNK8ifq${_z
zNcl<MmYO}Q#N;pk)fnLUIM|<|{qM$r0>DsE!I6cCnbFXRgcX%Ym>gLCHs){E!8*0=
ztaFlfXdB8ov-3hqSd|R2_*qf;y4cKHqz*gzE&$3-OiQ?a*EByie<iAvL&YzPsl(RS
zIR|grS=ppxcgClzBL5B>BO5}ma;9;i5<7dYM+U~`7jb&{uSRIi0&B~)LqmH)))xU<
z`CnkyylE=?`vcY*oX1Y#38(s-^QdJ;Vc`ebkO7qoO>EI)41ybR8L1(ClvLF!o3x<I
z?lEqZVU<>MxQ}=IGnSUoX6c^m)68-0VpYQY_%l8G@TP^giq9%(dM#_fODXUVs0#tq
zU4X;=?STIPbxHmN36L5%{7Df|GW3f>ckE>q7Wu>J3W^%}2jth)U;gWP2Sjx5JyYG9
z)#lny;sqd<ngb@hjWmLS$)o!@j!%AbGF{jfYN&hCNNl$+c4r&i;HtZzO6-3YF7cZy
zjJy&jT|VD-<cTxT`Bg@kd{y;&Lx^Uevp|(CvNAFfl+<GbVQM~tFK=#^%(Za4S$)|t
zJg}nf0!tZ6u*CVSk|Vc*#Qq6s&Oe%LMHxs954cLu%8)=ZcwBAM!u*KlW%X568uLyZ
z0Z!igVFNV8C3oqrrBXW#YOGu;DV<3yFgcP@dZh&3N}>$&H7-y6#TCufgHDQ6B1a!1
zo89{@Qif`8*klli$G;Mdr+Kh<-63M~(V-D*w0Fj~wndx`WgvuDkC;$J?Rc{zGQx((
z1vACjTAk;VRvHK6@w;D}@IoBA9B7PYbIDNPCE*e$;zp~CsS&4mIx=<NDS5a~Bgt@;
z?(f9~sMMFI^iK>)?t_U#)^g9rrlCjnEsWDOu$hJ0Vg!ntN}70xuz6p<wD%Qg$~o$2
zNDXjx;|vie+a%8pwrbr@g0*q(ij8?ohg&PWFHH%WVw%Y~JulyRuk@{P-HYNvuH!}>
zX;g|6@p(Y@nBexVJ;5zeLcwHqRAhnsYO|b;_w9C)zAwL5;LXO9VVl<J@`;%Y@I`kt
zEcIR(I%cT5g_7RT+jiL9HHvfd9~mG|lL=l+kTeBLuy~m?=GTNKEnLCxhr>A~+M^dR
z*L${I<|EP=A|V^Ii7HDW^Eoo3Yp%2tSlg)^YTU7RlkzujaxMi>)AakHi%n*Po@o}i
zMz!TNYH1e6I=fONzKRkIdRJLW;Hhi|M1$*A)wgRsVJtMSKHSd;h&P)O2ypz0DEH5?
z<nkW}R~KJnMPMV;x-BNQ@3Y&L_ym6C?O!Vy2hUIOoq#~5%J1^JIE=|*5*4qtkdpUt
z^I44m#I1kqs&?|Su>!pvg+p@RIC3j=N5dTv!#;+1j8n3!!=*SH4^K(F_~${Z>D6A5
zbWBjty*+O*XDjKMW}pSuSmtNtof=a;Kften-uF7Caf0%tx@O->ZQ9gBW1Td7Colyg
zrnQ(1UXjb%lO0)_Jq|_g$p-ULm&;=dW;@EAUEgBK5%TaFkfS2QFEMqf1E;t;FxRCN
z(Jljt`p>2ZN3vuZvv}5a4e=ZkT{sSv;!f5xJV-2`gNeI5UBzY}1X@^~vGV27R-(De
zIw8+$ng=+?Q!Y*^gR>h8Gfei9@6!2%xy~%R6p5Z_4#2d-Yx6kJWFq$2gfK}{Y;XL;
zWT%!lnzt5cw{e%@OWYn(szAB$&5^DM@cArN=s2}9P;iptAakA2S5gIWImh;*v#h>}
z{0xZMpIoh2Sgjg+`YsbS^3JLi)!<_Jpnyc<DmIhjA{HbFdte<9^@(Jf&e2g<Jj3Ee
z6Jg{;8#<PCb-x)zqjIm^wXrLS4C+C);|1`D%xFu<4VzcvB-itPcg(3{<>CLdl;T5k
zdBukJ<?Knev@l&R)7xOFX^sADi~hmxV6A5+_9*HRwIB+5RyzNNJ(wwS&zbpop%u-c
zIb^Ajw5GJ2WyPY;|F?BPEJioFqsL}Je@Veaf}~^lke!pzQ82gOHk6QbMDU2hh8tUP
zykOo)lj4dxVqTYPl_S%M<@gIXKiYKdQ1PVa)6$ZaDZy#D<~MQqwH4VnlG}hn>T==h
z3<$in+n0IDg3EZLdSHS@wAj1L<EPs0zyT%-UVi=i1MM-~2^E5vUK$D--D`0$e@8;S
zxu!~z0MOzgS7q1N{Ps+fwb#K$ek4peLKH&9yknuf(3noZzNxI(i`Pue`U|vvvIhaQ
zb2Q6Z#Xjv^JRj_we4`Zh6%j)cTXb4BHXQM>E!5f16S|=%O%)FljN{{7!BD1?-0NSr
z%4_b0zB#4uE-|_yC_ax%*R&qtWTGIKrHS?}Z=Qc%bAJrhL4a>LkpG<oL;hpan%7Ij
zR5yEhCHS8V)?WlmVJxZl(Y+c8{A#=X3pQh?A!sD8mKg`$YLg4pd@9*dGiqxV#XtMG
z3pg`+0j)>#w@Ip_%)Wfiss8<*k046^TVVFQAmxonz$NALl-JR(Y0NLnq2CjI35f^3
zgD1qhHn&CigbKY>HvBT1vf_J`hbi0PGYj0G)jKSHPurtniP;&W+DL#r3vc|&vtCb@
z3R_R`DrdN8=qqnTOb(yEaAn+(A*SEMPK-zvVgf~7J44hVE47KXsX=rmSiq$)OzN)9
zED`zJ-Wu7qft^-F+!@BX6M<ziUK*c$6GvzxY)mmEU>DpbtX)IB@~t(TaI$R3tkoOr
zO3ey#6Qu+pAi0D$0cI@9msm;8PHT(!w1Up~D3#%GH9>K*-gp2@u>@|>L+u1TzfLMO
ziM9e4ealOOk*8aFzBMN<&;Hs{7M&CjiCA!;$Z7dtNS-oMG5_R3(6kaF7lTwu37*)*
zc1B|ska4Bf=;AFVHv!wew_@MvkBnp(fL>3`_;s=6N9n071AKW^*o0EyBW%Rsnr=w5
zFbdz|f<A<on&ZsCgXJa>Su(uJ!I-8AbatJbtciULg}-As#mvBB@~y1mLN3HFKZ$m2
zp&otsm<kOUvj(}MIuFj0RB1_2N_<2;&m#4{`6B|bqre@L;hj?&&<-U(FACXO^tF8^
zM=*+UHP=E-TxAce<n<FjRc&!>h-VO67qCcf;1;t%cyeM-h&jvbphn8Ev>f#Wa;0ja
zZ?Zo1_x+Z@1oWsT67<uyH@?GwpF4@#`~2=-@B-$qq~BMIVeXaVd=cPpxl1ntuR>&3
zJK33qTNg>vMDZb|QSI{-K%sk6Cz07M#Su>dFUTO&!H^!xGdsez!Xh4p=4!8#d3R(<
zI4bI4h(TRk;>qMXSLXuT9QK>!9L6&J&}4TwOiTt37lpJ0IeZS9=-uk`ySe$)T$qX@
zaL!#c@RMnKmLiv7W^oO2KW8d4y~L`HClir`je!<%w=&(7G3B`P1KK0#ej`E$k}Lf-
z*shXtl&@tw*l{0#I+>za{kktt9N1iX)?_XLd*M*=_{Z=oUF+X5U!0I^j^hHyq;_*)
zhDfEGwgb^^86if+_#if@0xLLcCwh9-x;wwlvFAnSf5X>HPZx{)HG9?nR7`mk=@nFo
z**z!<(-Q@=LJo5?w(LemaLhzU_hr~xp{~Fbs=TpRnpu$USBgWgYm|?l^iLTe1xJb3
z)?Oi6TzXLWMn%KU2*uf2tR%x9VUsG0i46@<!WRR%of(aMT^0EvfVLNT7!s*?(#R$@
zvVA0Z;LBbr(up`IKmBDU`u^4(w*^vLM7&r<^2;zs%!|fcnRd+*%06pk+M@MITVo00
z2Y{}iRCW7KYt$Yk;@<obu1d6s^8nci$<|V{+YU09(_{NiifEpgpZaZkOsK%vt?UyS
zMx+<Hd^XmG7r^_y*F}?+rrIwZv;~d<t&na_3v*<%o)G#%OJ#Wz0o;WANOr$sL%kb>
zoBh;3q&Z#mOwj4eJM3+H<1}oTmQ2_naDw^2*j|6`3E{YzzM05m>$UMRrU*v2W7*@D
zZkX2N838=;J*8dnRjg&+Omp1~d0qK%U4Jqwn1=Sdf@4GOxIT*S%(7^o=DQieyE%IO
zXBG2D)&QLN|7+g=hu!^aTn%K6FNv7q>SlNHdjFB3{pF1ZE9p|maYG+v$eK$NZBrMi
z)+PG4ju$ePk0oQ{w!c)CQ=4D+Ymlx64RkmeX!!wOaY8gjC!6`{Z8vrXX_Rnj4a6#=
z700VDUtw_aTmuUXKXLfIM6m{-(h}Dn2eAkf1x}z)ZOD#v4K#Z6X<4kHIx9!JoIEm8
zvcfHQ!Y?XL-}-H`a|Sz`JfTfX@1b6`I0T9|P+7!@b~48)%<2GlpDk#ZEOE%r($S3g
zl+Y=7YLv9=8d_<w4*34Cz`#}8|JGiRKP>QHqwcs%B4ES@&<5J?pZ5Nxl?Ucf<>oFk
z@3$9EUf*P_ZuCltjZshDhS~+UnxVXNMjz8J(%%H3kuTv<RD0u@MDBX>t5c+93Y@L7
z+IK+&84Y?@0V6Y*UeWpn4{vL8ghUF()x({;5W54q$8q-p3IHBhMoIKl*q1)Kd6S5<
z*FYtOUVUQn0YR-wVPb5pYETow{7HxlfK)C5E5b|9iB@&9r+TPHuMJ}72`dJ9LU#>{
z=q2|`Km15cZ!PioHVpwyTe=tpMqFeh(Kyu@Yl)UYYp_Xh(uGDMdypZc-$BymjCn@f
zv4f;w3d`o}5*sa*m?#<PAv_!mUY|l;)NH_^cQ>>sDPL^=pYHmLP6JnlKwtBJmWF@3
z>#uEg-XGWGUZy|B=Kop(0qN-v04cOMK(*h3&of2x#mpTHNWKrNlOo%^;a<1U>-&bN
z9$bI+nFK)SfCQ62K42yw=-Pl>&F}9!%67!m?|Rsx<p2#FP#Y^Y>=p*XH}eQXs33RG
zLvGF?44T2QJ^+toW1vrreoW>LKi(VseV3)ZE1n0cR6W~YHc|x($zWk!3NGRf5(O*y
zOCl%2(PcT9$s~wLpX?Q3YF6A1Vw9ef4|r4k_Mau3kR5}+1|@dO#I29H^+RYNPUV!q
z36DL#eLG}oSLh$*O$59a>(pBcB=-2>K&Xyn(X(h{FzVRRzpeCsqp^w`CM~k&5XY17
zl7bS9!c=Z{<uho)qF^%i72j<2!b;VPgvK|1R_t15TUG!quBHMDI}3}w#p3%k#<Q-2
zFGzig1uL_q136cPS8ue%lxZ&_$T`Hec-#|StIBf_)ob?+nHo#3o?%3980Zd7bL+D=
zVYZ9=`H-BtGSrt?n1d#DizrtGfUX!5sr$RkK7Y;;yNDMWIcm{H9B+UU#x~f;V8fNo
zm1~sbllwE}<={PAkRWSODylD|78Rw4N_a4p6h{NP^rjJk|M&yf9ucus=~V!GzXJqq
zU-8}$*Aiz^^X_*M+>ZU*9`gVyTf<+C3gn534AH5U_d8y*&!Y@CpB~@SMnv4|w{e-v
z@08sX7&8GQ)QBjx*)62!n4TnPIu38!7`q{$eNzT0-OH+lTNK3)5t3g-MI{V)jDB2k
z1)__YdaZblVodp**aOsa0j^+h5Iw+Pl3KV4FnAm6tUg>q3Y|?9s@k3C@%~5x<)T(9
zR`Cwgu<~Paa7b!LYvIib!npoOiJ7CKt=Z5YcO7VVL8DixQ2o9IhV+1$CTx|H93;ED
zuqmM((KqhJf!3mDCIK?E-JG>JoFAR_{9;s^XMX9)5eKO4J^kP7$FksIH#!RQL?P`k
z_X<I%=m06n%A#uWx@;=(<CS8CV`V5JwHM&1F1vnV&1lui2sjOW2FReeN8CU62v@>1
ze9f83Fq%q?Dwch$FZFc%-oAQ#cjPYRAJ;p(ZQ-zOEy!HI0Dq*0ioGA0TEgJ_CfhGs
z@)aJ8iKSwcsvV=JksXNw*0&6XJYz^zYt(;%Do=}P6d&S@JeYgMM2pXoSG%HuwgE=d
zbHNuBBK0Ocz?a=Yw>qXJR+{IFLZ_NRZkasY>v!Z__0H~LD5w`c)4a_t6d#Qo)#jv{
z*}ljULCQ0(&MtqwD}}QMCv2!hAG^|-%(RX^^`_~-myC>#ltp|q7A_3Whz#oZ*L;D9
z@TRD|C6WH0$NTkfr;?X!(Pi@lwGg3>lyjS$Cqe8}A=`HNnA{+OC6e-W2Ko-SNWWe>
zkftDeAfLXSJ94Qb5vnM@a_yuzEI4~-@VpogLl61SeJk1eBm*Nc%@;fk>N+$II|1s2
zqjA=-#SqnfDmr3wdN-<m68rYv&GMZ{z@x|hJ2z5ne@rDa92izX#om-hSuh_y!2@y{
z`sLI-Oqou+_)%AD4<dbHQ4B74U&ClT2nbs*0muF1=R{;O^@>K*W*);!8XhP?=?p8*
zWeEL5KP7^|o<VDEotKdTF;q&@Ky7(X>g)IVZ$&xZT}D1%2F4*uIEx-};-GpkD7gy}
z4s$#E9ev(ICyPUO1t*N`V&s#z1v_5%cuJs(b(WAC8aTq%<V08f<<vSH$$3Ouev5|{
zGuf9O-}9Kezk5GKB;G5d7NoZmyZ0$QnUS?(NalnaI(HLbmC5TXKzc7pJXemVv)h=K
z%WJ;Xg(rV1zwV={=u?A?{A4gTLCIvOt0k6crQ1pqPFl>Pu#CuJp0OTYsxBT$6s-yX
z8EX~BBwO1J_wd2is{8Q)KzFdGaglKIoR_ocF&<1%o0@zL1~6;G$Juh_;$Q8+O}BVo
zjpbJ?zRdb#Bb-E)*#fvqzb3JabQpPMnojmpwQ``0WPn2ru7F+ZBLj+M^3-vxdc+X`
zB$quZ<!*`nJNdIZNo8kvG-g&C{&I>1g+j=*W2yP+ff&$N4q%wBd~Y!Q@E-4+k0^a&
z(LIW)!p#H=M4~pOg7X#ed$p%pj+p8$9!5ncQSYfqNKg+5lt^IX2cW-|Zf@CC!OSRY
z%T5OqzI_4#ipwEcf&?DXK*`$$E{QWhk{VB+p9y1X{%gGZ&k@@Hcf6bFKk#lg&i@<U
z%?T{^zYFi4%tUZTU&I)`m=Gi(!wE<hp++H-Kv5V7zbeo&N-9oFZqf&j3y`StG8e0t
zxn~7NrR~prqk|PA`r-d0DTXxawor*W2^0#H9=S->oOsBxhe#<_vc7@!e=zr!v5|Az
zx^AeGbkbpFW@ct)X6`UEGcz+YLx-7}nVF%(%;{VGt-aPhM|bN;N4h_5Nu_dJmNPx<
zn$w=+8Sne+x+{HbTGoVh%p{SE&2ze+*nemH-S>LydD}ZSPM0CMOj0@J46Dt_Y1;)+
z#q;EkjIgkBcG=NrM8D-5|F?LBa%o-*Z`-3r0}vo_`W$jI<t+04a6&OPIlSpGeq;f^
z${9oy(1}B$S3MOb2N*&dkc(4q0|jIuu{k(jo_kIOBE(+$@8ce7>QUlz;W1rLtB~PH
z5)6c2uC2eGgNj9H`oq6I-;jt%Dr0{j;lKY-@PL*`L3yjmdbzBc^Uex$s&e(vRxc@|
zc(k2tE4LLSlu<9{p`^|Zdlk1{eR!BMcj2@!B|Lmit7R^LBztq4VA_$sMvgbpDD?!3
zJP$)CKTKrH?Ru=Ig$G7j&Q+wTN{dyVSHB!PUtu9MK@3u&pk|sYw;pnRILYml68>Q7
zZBarMP+H`zyxmET#|G>ty1bVWA={nH&DF#;Z1q=vvkjC~tY#8|_t(iymzq;zSUT9y
z7JN$j=|xQa2X(ag1uOy+LU*ziV<Cxn*6HSS#CwC1aM9XPw8W2K(t<x-@0%~cm<lZg
zsHPyDB1R+?v$t73&i%IB7MydhTanN;%VCO#L|eo+h#VMr-fga9LBGuZ2wQ}wg~yfp
zxIZZm)U|(hR6LX2CCd(i|A~B0k;PtB63&nig3wD&C#CNVhwTcoxKnVvj7$W7q*ma@
z<<?&*%pfJw!|^&B34EQ2;E^k8!9locR7?+}#qn?-hmY=7^D;_<Y*BYEMry*=)lDn>
zl>UXtfTT}6F-JXZQLV+{Tqc{;4qHy8JfKCR+*DbrN41M!t{h0GS#~^IODIf}W6{e2
zy~HcNN1sq->|=s~M0W_pyJQTr9REh<hskR*&p@>#g>N7PycloBz2sv>Xwsxw5&6=O
zsGk~4DOr*iD(}}qqs-`zku4d-MuVZB^Z}Y4u3%j&KX-V9X=NZ$8*ww#imsBx4X`_r
zsEukIN6=6}$(BhTa{zp~TS~zw6>6@FqT;424ST?7Uz7Dws(N7+R!f{zr%=1BZDnwl
zlB2b&(ebRDlo(&WN&wdUWqjz0QRstg(yzG(LTM9FHiNEBNZk+~*N60c4p^E38$IG#
z{?QT?mkIf;b3`+GD|R>??EX8FDh{i7mW2FJX#ePA4I=8rTu6U<4Wg<^AuDo?bA0V7
zSZ?&Jvict<1t5~Nq7(Hy$Y)5Y0Ka%cp5M3zb(6|70Jx6OpidxLk^rxDSOsV;7i+A8
zbDRbciK_U{i9`Dqz~-S3V+6$>Q#Abvd5XCq3I^V*5LjYt2+in;LX=gRn}pPEJL;?j
z1X-7`2H)v#IvMnem9aJns1fegQFqE~V>*P?5xFrp7W1zSwF#)drwljym_wel3#t=-
zFf^x#l(V)AsUIh6QC20Mt@8I~?6PIZNQpkk8S3CuODRCY>@Cp3r+_s~Im0sFZybUc
zNZd$bCkyia4xL);HcNCVJJ8;(dU$J{LZYlPoed`GZMwxuQ&!iS^(N_eJzyIyuf=>L
z61okJeNiN$tlFr{Ch5bZN|xq6?GNBdVT7lws$T65h?1juPgPdOGu>tUZYT6U4xYT}
ze@=}++EjUv-%mM=f~xgWtNN~BU_J1(6!OFp24&ufjTEu&|CFq*tnRwcc|Kn9L=vW~
z&MR#YZpT!|DnMIhA+0ANZ>A<$8dvBh9X0+WpD6hIolr5nb}i?((q?16jxiJ(Do0{;
zC~+^pB~FU0vk(0CgH+Il6+q<F;d@=HK!ADkQWd2F{BwHN^nm=IeA-u-S{^fz@;mqr
z1%&N->p-YBwD^i^Yc8wu0wWO2WJuQyJg$7@#JRH7{?Mjj)xv}^A~OllO6r8mveN~!
zxiV}x6h*zM5vkgFInFH3cnQeJ@e&6v(I&`9NhjV+nuFwZN&1<ysAOr~p+e0|=_cG?
zwma4<b(Yq4OqeReWUw-Eiq(P<d0YKrQ5BHkk^y+^IF3aJ`oM}{8dGI~t15^XF-ec%
zwcFv61Tbz|(hyl0`bihUQgOeW+CzZqNHzQzSfTO2QI<n0z~DGp1v(pb0@9~tZYl}H
z+a-6Yg0V*=U$f-==TkHSS)d~9dW2j=hQ6RXv*>2du<59-rG$R}n#Xg<E0DXN%h-j6
zZJ-r(_P7q2L$8)MLL*uomP=heh$EFq5Z414K`Pp2$E5V($DXHh*)0m5tViiwEwo}K
zQ=$pb<GKxRgC0-mRDA5<v)cK5euh({^D){~;h7}u=fTM;QnO|~oyJ*HXFU=%j1?2-
zNC#^`+-}K76p0z#B)r%MbHPF6E0O8RuvmHR<{MXklO@5@dl463a#<dKD2kRLc>Fp;
z8itu*<cwRaCGpHm7+#i?rGrXRQ%-u#^>F)G&5{N!->@>5g~rPUCQ40l7X<F%gQwI`
zS5RozciHo1^XaN?7Zq<VMbcN7Dj-dZizv~{jO_2zCr5__2LT>emHbrQe?2?&v_UsJ
zd>><80E5QE>5wD{MGX=Zc!CNQ%C`$^_%>jSl6;i^8Y|OI#U^H3qI2PnMD68tN|CIs
zegUnZ7W}bI7`vi0h>*TxCLXvKoD8k^QD8o^UJ#%?V4Iz+6%ZUN+iF1-tw(<PnDnch
z<7PYma-vh<m}45X$mbs0D52PK{4HBWPB+(FJ8%V~=aZ)G+#g+8h#Vc(<Kx#AU+H7h
zIBieN&}jcQ%ZEjic#_ZkVEgz!hf)udiJhvZ>FV1jTN~*pNb9!N{$n*)pN)J3Wn-@V
zC|8bM+0@6#E07dfvJ6!&&D}zYyoLgzTVcuFp4QI|PZu+gs4&tMFpW0J@|li1J}cVF
zo0t?{3!lDHuE_R^h<v78pNG!S7BJEleh$OW{n=|N(pYInexz(PUe1z=Tk7g)L=i5t
z3EhXa^Y#YvjAuyKWI<UK)KHkVZvjL8i9vX0#D}R1K5m{i&GGSr8G?X7#FU8}o$Jvu
zl8(=}-bT6bl!lMD6lvV67`2gMTR~Gj?onPk^g*s&dDb`>?3yxlyPnTdO%?_mcHYbp
zs5Az{a9#-Ie!g~ER5$6UAFgN_w3;zpLSo!?h>()kv?R78Jx{^?E)-0+y=sIQh8?3{
zwMgvBms(0!p1-5At?djy5z1WOL^J_58l95zvX{=co6~!BMOHk4!P>&Ig(`+NK{<}a
zUBs)eLbHnd0~!qn74ts<Wq<Dr|K4pfGIP-X{r>MV6#M_pEhq=We*<Og0C7Y?b0<f6
zV+SEyYdc#TV;d)Yz&asYD_aL8I|D;wfG2>9xuLP5nBc#C1cZf@|K$_#Z=V4UCN`G;
z0A+uh@_!IS6#M_9AYvy_&;J`J``<MWzd`)<!-WL?4w#O@{1<NapQ%c~0>Cc!e+0^a
zfIu%gv$(w0tTjrHZ8|$#EG`qRwHhjwaHH?1pu9nuxPgEq*-*D#q*N&>EPwHCWmFn%
zs!{Kmq*#IK13~GY&QUB?B*wd?qaP%(>1617`kL?xY7x%3A$Qw77Cp%~Ib9R<l63@X
z$sK~%POc8fi(3hljM%IamOV_ZNLLCX>z`-<WPTj4FD}+6uT6bc>)A2t^c;V-l57k;
zc7H^{l^dB38y1Jw9*B<XC~9+NPR5Lnpcoee^p$Wlm16Vu?(QjigkFbllV6`*x4e1%
zR{wR>U{1OtHOMC{Q?WvoiJBV8Idjn~b8BudSel#e;|ENjWDRlq3BFjdNBuJKcOK2d
z@Gqgdeybq3h8SupDamxX;h;OSgSuG*D^G9=r;hJLh>qO5V>0_A5LDCHh+F93U`0Sc
zdoz3379iIJ_8&LKm5hUBmoq|*sFy%MaQV0Qr`X4Z=mZo%Ko-c4l`8ss!I<wTYhv15
zZ}WneyFjp0i5jnv>#LZ>iK4|iEChw>m)&a1L(Vfvx@4lMjx|fMzl_-}*R?0v(uZNG
ztal#M^~6fsBRPp8lrp0YF#5Zmi}&m+wPahJc=|=G11-aDE2=ruGkF6Y&K#5Nx9Tid
z+gG+slShHpO)QtLo>h4`&({x6D|qCVF{yu*7mU8jJ|<le!3>}_Cs|d!d5D#pdk-d6
z<WXrwu+>EhzNwAhQ1!(E0tqv*!TTc$PSCm|HCJeBHQgEAZT}<RSL|2~`J|G0dL)?#
zV%K+}t$pS47dA?6Y**!;dt842;0mM#pdx=6IIzD)a{ru>|6<?}5a9uw3<L_mw3C34
zi5ZoFh~!_m%s*O@Z(E$Z6j`Qd`ywfzQAOA-zfddqfIUM0LE+H$&muwcRG(xyv!rQ)
zc4RzC)&Ydv4De7QDlk6PgF8NVrk=-RG)v?yE1BP47B1l2TUSPpwBhL6K&WM6pAY4j
zQxA%=8`NXU2NtAjWlHYGO(9<yz?Qdhv&%wZy%yS~)R?|bwl%w1)~tKTL4jm3OO~+&
zD8t*4a4k`gkH<fb3bwj26Gy#RzPum3sWDZx8@k?*xm<+&Npj<z7hCvK#Q&3hTiJW9
zYx%94W8uVTzHv>cYy8Qx>iVFI*H~L~6tz|af<)hZc^6Dd3#N-)Z?&}jx$0{}Xf0$N
zS0{)Ivq64{xUlt_eeEMty2?p^u@dcfRX}kEq~D|xy7`7`2XKG$PthxtzRhwddiC!l
zz$8{qx`K(f+T(F3Mz0;OCX2Wl$KcB4qvTd$P@v5rs=nBJh-Q!C<M_0_W)n)Wdwj5u
z7Jq>5Q;+W~8N<E`s(unQ%fsUZcDY(~=p;<5>iSI+jwmcl3u(qTurGNCnMtelQ&NY7
z^-Ku%S|+{*I){G@4SeVMF3f$CMIp>zE#lt*B<OQ0RJVCVa^?EB)tVB6`ZPIDlsKRk
z>(_Il3zwUg4{ZmzE(d&W42W^r@3<<yay#r_ADwiW=Ki$3#<+L>evX#ET8f!f>hIJ@
zavHx`{Y<mm-10OrHV@~bpd`i84$$bTqVwum(M|j5UUHMqS61=Ch3HQHatrD+GjLdR
zch2or$A$fd!)>_G`uNT7bF-Oo-G{mUlG%6*&xwpc!gFolTP-Kie3g|;W4ST3H;J(l
zs&khOS3fhs;iXs=O85^S`N5LwXtDd1nJzt-rZ$tu1&Z~D%cHI+A>?&*-3^6lnF3KP
zunV&fl&`5iuX8?31>Zg;J_~12TeLEDjA{#x(H(ejEOeQ27Mc?>g>VJ|MMX9W3xxW^
zL>q2ZzQ?EXH;7us3kI@dq~ScBq%gU<UpTBJCO(QXC$Ca-TPk1GEcSAh;>x$5YN>;9
zb7Hjg$59dSBD$J5E-ZRw^Jp(!$xnl`54(kJcgP3TIv!DRnXF!&tGU?ro3;D(A}aFa
z>JMvY^*{X{5i4oV+)PVjJlu@aogzlAyrR`&m_H)zbvsV^7f`*J_d^?1m7yODqhD*$
z5Z0A4N>DY{%pq|Cn7CE$$%yd+2L`}@z-SgPravxnSM`+6?lU7ErapI$XNJ-k-sa5S
z?ct$dG&K*WV@f%|N^c#lK<qxTN+tTQjB__<Wyzv+X45y|$N7-%2skJ{uX#gFxKfO@
zSrr{-8H0Uce~?wd#8S;fSWWq048+5vlCQi?n?N!QF=l152rnZrI{luZQw*@szOF6}
z{Z|6&FM$B)ME;#|1B_`1pa9YiAHWR~G9u9<3lb?P{*zJp2OFFR<|f^%;9!H~`}vm}
zRB!Hs;0KU|p=DQzcD|=2duJ`h2*XiAv?il<Q=3P!!R+A3{<Tn7`DlV2MLJN2+Tf?{
zoJw4Rzs^!H7Gz|K#(BpE#uc7q4-0;bN2VN;_zeAo2$!#o*=+ee7>ixTx$ciZ987vD
zoJK24EV&bO2AYjBa+~B}vwwZbuNrKo8iNc2iv}r1&5&WJfNxf_VS!y+IwD}^N-;lB
z|74m_s>(`rm~?_po_<2jhS7eo4%@U*5!+fhDQM)9aZNHhl`I8D6zTC1N|!ylXs?Ds
zBB7|9+X09R^*=ZzC<qwDzhUx!;sS;UPr!gLK*%JhfP_p$&uCz;IQLI%{wC*u&tPcx
zSm!G{NLOPOWSWb%#~<SaaDdS4GA&iM60Lma{;nGZVn1y!u~1s$Ok5=ykW_uBgAK;F
znyud^KpQbmxdEXIgpd4;cY{}OLJv;4g?b*JpIcM>!nY??_$X#aJQKT1+S?}&MdB+G
zu-^zGKA>7QRw=#J2p1iFq8!>tDSublie^;lsH;H0K!el(bW8ShNhb)Y_h02)U}vB?
znFGiNqVRjE?Ss@HgEn;t&<G<kXS?Q>hcN}a9H*W4PK|eBf1|g%z=cd&$SoNyC&53R
zoSiJ_)Qli*ajfj>G#B_G*$@~rv7cqHT=z)I_uE%hkxbLorexDykNet)F4V5uL9$$>
ziCwxxr=8h5f{>LW76z|T4>|h@baNZZdP?<Kw#~5(QWYxyP4h1VBk(WU5fl;v0ub%L
zW7vOaM+Sf@DIt-7fxQDVfOiyB^haUh{~2FbpWnwU<d~r3lvvO|H~(MBzQ4TV=MOHe
zNOK*h@$89er$A|6hVo_d6s{itJJcJVA6y&Zvuaw5Vw+u*XUAz@h8DjI#6JobDP3_W
z4!9OK)}8G*u*GX@nw4V*iY!ZW47aVQDuRh_aEFD~@Zl~vTX90M%yq27(LRUU`|ok@
z4Rn;rvv)n!iKVo4WX`uG$z^6-*=cWwxgFKiXBa-eIm;71Z|L>*xO9&6I`(?<kNafJ
zbH~;X^tT<_(LLZCS9NA!u#YjBd?kZGPTEOO)<~}`3>V2Y$OrxG@%pe}Ka?$Rz)rm)
zEga~En`<s5Poele?gb+hlxCt+GgU3@osog}G9zLveH*rQr@ImSo4u&d3M`0ro<cqO
z4Ko&kO~&P&wZ*2XE)ld|am^)Oas~5xxx_DPn2pMZSthm={gVVh-&130z0a-hslm(c
zYghM3_KkD!NMu7JG<&l&85()fuZ;l5|D3k=<}#mk@E|a-+E8UJ=w!}6I?2HWqdy*s
z@7y<p*)yC90NBa#dE_!4&^21FB}NN$Z_({r{E$WEU?3SbGf9f_dx4!(CzKgW!&-2%
zPi=cih_O6co$z#*A&_ZQ`U8|oN;nze7Dok#z2nsy$rddZ6+&U}o_1u8Zlt!$UnJ-#
z#huX-b1#Hg$5&Ws)qlk2eD$@&i+5<vHDc@__eS$E<q)#KIy0yF%65&sK{8~`#gyE{
z=F^BnXsV_8n@*K*q$eH1$gh<7<|nWfExyLxwbE*TO;&j@#ZUw2n`Z3=>ADbhg><_0
zfnw_sHBI`2mzP%)))+oQjX`dMeM$d*%_@iYxvl7Hu)$i1Y6yqVgG~!2*(Eh;={;bK
z7oH#-4&gxJ*s54hJ{cJzq;13hq0!Nz?6y{onSS4Lgu?6yQv++bOm;EQsmdyTOGO=#
zPJhwW)=ifO5M_;h3#oO)VEP$waRlMsd|V?dV%cb4Yd=t|KA55sY8h&_l<WLZVla+w
z4vG8wxa}($>yzTcVluz8|3TyCl$*Ki5NpXlZ@_-##&)Y(;$VsZYYa34biI(^O{GvY
z?nc4moXG9t+_rZkTDlXC8R7P)dugcuG*vQ&dgTw^N7k2M4^l$WOlU$@=eQl(oM-2s
z#wjKd?8pq`>EUfn9;&$Bodor)M&sjV`(&AOH_ziR4NN&e%CP~17#R%d1@Vkctuf5C
zCu4TQPu+VSF+bk9SI#t_<{zZh(~W$F%pCpzdAJ`X8QhFIq(gSi0C8E|>=(KAwB8(j
zJ#y8sY6+&VzxYgSM8gDCQ*J1prLJV&1GyK<C36(wB!DE3Tg`<l8+;CLdI;u_<3~cq
z7GC^vxguVn_#t8JS71WX>2$hF6ln}=K<lv9+zIodM!a$LMDumAzDTwQ9Qo>yx#%Oo
z=U>Ga=!>KyjU@V^D?jj5BQ<fQtGx|Sl{(K%_C5LobcZ{@=G<0##o;S!6lbgCkwyNa
zHSBK3uj{pr;TxE2zQmrP2f8`DIQ%vn*FxA$VQ2>O;NEo_(W&w+cn&r#4t+Ukj1Z~`
zHmxW5#m&SSiKO)e&PaP<7QR=@X)d&a`VAGd3wv^O`L0_cLWrXya+X^RvMM%|pxj8K
z2}?MC-sJ+p)$-Ty!}UD__YLk62He6;TF7qb;-E-x2wsr=eJyUG>)C~?W7ImGb)`81
z(n$CDdH=u`+^@6We8H!<yxqpEEaq|S`^+raDmroqnzW<0nr&xd_fYIEoVJ>bB6F#)
zDltKhPDLnliaYc1Rwy!%4cHNdg*(6bQc^qQ^!Vk1EocOMzB6+V|7cqaY1yQNP3yL!
z(S%+p76f_X&0P-KO{4}3+~zpAtrGIF^vNk9lzr5U=k2bs?T9^Qxw^!PTn^Yqj;qsZ
zZeNr@H~qQaSo=#{`x*-x%LP;7P%xgfkZsT`F%L5%fxHkJ+T3N^Lh6dq*CK%~)Z@jG
z$d0YVaNYJdlh>VYVvn2>(;=}7i#b&;Z9qGs*3^7e>}-}7PiTKq$QY#!OLP2S!jqQW
zBL?g-YE@-i=}bmpu=6<EZ54M{3x&G2I1XK8@4~BGMVjg;!2$oJ;z4&~B8#&O{H?X6
zlKtk=%~#Vb6xs=yq#BZ`<?2~p*%mRz0JLVyN|%~DV+?5(1C(4wOQKFwdqahZ<%XtC
zsrptx#*ct8yh|M*lytw=Cmsl+yNq|SWa9XnsUmuYXMi^PRgJ&d2YJn$j+`OX3^u_=
zjOB_X8J=V<Mln~gNql6EO?Bg|?C<u|fo)yvA#4*RjX4P$YFmpqA0>6O53SX`TFtQ4
z<K)nvFb}P+_KnekC5SNUurqMgdJsW@FeqR2+Kbw`<Mu-<S#?wJ6Z5<7#W|{D$dWpl
zekfrh*0|Isc@@^lp5MfxkF=GBLhRG=flTcObH?j2<Zq`uBz9Pdz(;78Alf~Lh^k)Q
zLQv=173yDNT<<a_?(lJk#rl5Y{kS8Y%HVmbtfQWECTp%k7cZE=hQD0=&=?ss$JCcA
z%uk0n#%ilehiMLme?hI08Q4eTrlX(ibbr;r*73&J`2B5!_4~%Q8GP<j#F=RIKGo*L
z5etXl_TG+qF5h3i=^w%s1neKe^`FPnzfz3<XdS};L%7!A(*tbIZ~s@qwO=0bR9O)%
z8IR>hZXutDD0f?SM36HG#~&c17oaLM3zT&}CWUfLs0U?C4uRFeLMMdl2OXoOu_|M&
z)6a>Pw=fpuM1Y{Fh%ns?zt3seHr?}Z-8+1rzVpcFXDrM>Ta!S^sRzw*f!;B^&pDQj
zX*WykCLzeFarjl#?C-C#2_U`jg?ekUNcYO_tlWq%3s&hd-s8vEU7K@ncJzI<Z6EBH
z7--7VUTNSA^%|?ZZYwwxDm&Dm0QqAgnp4px;#B?#Ff#0jM1Gwy17k!B0bvy+D7G`j
z%(!#MDtQAoa^h|kYz0)9kkh*=G&VDTD7=VwgQ~c@eBJ~n_IV$EbVky0W(=n^j$%C7
zJ8*Wi^}^E)bRrjP7ScqoX;e(%IvF_g>!^#5-!px^?~su918<s^sYwz^LzSN`$W84c
zCze<wrPO&1wz~HP?y7D!Y2$gv=FJ~)4HoUADkjD*uEo>n@-l<T4B;U;)#FQYql-qG
z^Zq8-i-WBLziY;NO9ZQKT1c&#)1v6So&zjx2WM#;h<`MZY6`N;UEsfRhXP+?SDCu0
zjzT)$EB7NQ_@lr)7Sge>31&#W9WXX>ZZB%`9~-qyK9VO&80RKbd5E>A+QnT71fQwX
z7nVo>b2g^NOcOsS^=bdGKeUJPbEH5q44BN;{EFR@jlb`6pB5WJx?kX&y%ZHoQ&X3Q
zP3DBe;gqqy$D86iFBVG8lkXL!c&q|hn5*nf<KPR$o}Q6ZZMHLk_w9V!<Lb%dCCpAq
zq;V_qU-?e9b0eb)g6V7zdJ=s2NbI@C(5fTFTb6A?3iBpJr+{xo1|NL325tpRqFEz@
zNt~d8K4^A;1E^>_E@T5Kd49Sc{zjl{@4}lTC8!ifjYB!&XuxBN;v@duaCqoe8m2D-
zqkwW0Vs*74yFmK_{S5Kb6V308qD$ouP!@3ryz{`QLic!q#jOX_H~m;e^>zOrZVqV0
zS;7(<Ho%7Z<n<pa+aDAhvFYf+qQfZk9S$EVz%BZPTB6aH;Vo}=0QqIZhOb0!Vn<?|
zu)QEE9!$f!MnLblyMh99N4vz;TO{XSF&~dIi9P8`-dJ+s2yGyA6tAdm2swZxy+){v
zp~10G#z64ES_sf(VEMK}X%?l8M^Pt)kfIGAzj1+~>`x8dICHS6%NWSl>kvC&Nv7Vp
z50_h@y0@t612?!5YkGbfcqo^;7N6N92QtQ}6Gn~%{6qcd@hHxt>iK~xN?>&k$uIGo
zv0<|862f;+fEj(PL72*-`BHk#<OglL(pIR<WC75SG~8PWPyxb32&@jc=7_KAcv@J{
zcZ<scV{<8nl~XGXpCQ}V?p(d7pm}zY0ufFdk#0Gl+YNzdrM83b8cj$@{Sm!bj4lra
zLK|FPWRVf}Ed6|Ndctq?&Z%>1uMh`k(Q1tLhw=rFD^cX51bGq6me25*3efNYKg>yS
zB?$vVth6xaXEwwg@QY{>V?@45t4ny4B1`2t)?2VLJihp}+p*S?NQ9+3zwr(BL0mOI
ze)R~1^rA`}NpP1X>+G7pQyTTAxHx~37f&L`V`l*Pefy4%2g68hvv`HyI$4mL!*ON0
zi&MoAP&jowix5Sb@v)cZ?-}0g(dfdYZufbIgL{?k9;j8+U$NulZ8`zm@@r7}93^P|
zkBrj070^TY_F3c}o@$RMa2aJN4L^eM;b9H+)~ZK5G@Zbuv6?JQ3~tZ_OA>&HxGEM^
zqZpjuX(X|N^_J>|kVp7UeQJS4{2>+lV$kp9;pqn)G6q^ShAj9uVb%qD*s)tt)pU;L
zTfDP;4?+MbePV7d!4^Aim4e@HaK1)pi~f8<PDP*;evk<MUotFcehu?lxa7t)j2Pf{
zc8Tn}BJtEozkVjOX5>9Ia!(;nNP&W(c5Ssf`BzczkZ1CkMd-juF%)B1EJ@}d^6)}6
z;XQnQCbbLaGb=i@YL_PVmMdi}GDuE~Fp4Z6G@zEzaI(gcjGLy}buH=6`%vC!x*^_N
z48a2l41B|G3oL*G&rxYnEO~QOr}8YOVE#G9p;$MDQ#}HBw)@{uWA1xB5YJ!S_nq&k
zJKQ(dok^;nJF>j{b)6y(+f#gZk{Dm5eBAc{p12?NB*1F}@NjWIoZjQB({b)~KSOfc
z!+k%^urQ8%*TcOhMysLFc^^%N<hp}%+<kXKC|o=W>H?5QhGdZV1p?X$7`({-1?T?N
z>HXK(^{>I}A2=6(?gmhy0pLyl+n)sfj5Bz`PrJ7V!^p-G<cH$6=K~7=an#8O@Y?;I
zg{&nI$hTR;VgWlr_&&@@Q@uMF*g4<0d_kY=17RZmyX!_4eD|X_Loh-$oIQAXu({qq
zf*^d%PS=oHv=KKxY7`g>kRL-IkWHv5H$@c$P?o-EMUs)?8rMK*oc^YrG#TLFu0Ih8
zgAuFgyjlZ_C}F(AlECR`jEO*+RH6VGJGs=5xlm2d!P&?8z-9KqlX`KUede`=aN$Ed
zK*A7MMY3Y<NIH)m>OgvQ9VlREwjM;_Cpx?tAHq=ekxS?P{4U{h6wH$`$?W1iJS6#E
zZ|;r)|Mye*$LIc$f+Tn}N`8qv6vaFEM-*{EqZ?xGT}fD6etTqM@)UIuMT5{zVhr1e
zSwSl>lJ=msiL>Zw+o{uUS;fBlllB8v{|!QeLIUQP{?}LwDA>c}8~ly*Tps}JrT@=d
z3;Y&yP&UaP%Lf32{(4DCU9J^elq!9;+edYiZu)fsK%pCcYw2lz@{_}F@}mlX^U1T4
zV)$9=)yyIVjls!RKqlQh;}Asr*oehN7jnbo<`s`Zmv{5r1A+oEJFTAVGpc(HMS@<?
z-en9Z$=T&KxUbXS$Kzu_r&Z5qhb*4_7C4O!N&wDOem#)FKt&JVFxiI+I1R(x;NakF
zhKqz!DC%7|3!N3;1nBbNgvcRRO~C}odBmo3_V4!|z6Q-#K4c28=$K>Ml9%IlX;sDp
zGZ9Ki2aOWoB7a2@{v45{bgh_H1fOL2B7igiOIC?zSAwJqY@I*^mj^?jGjCjixB{FW
zpb(*TMASO3OH9qXc1><zv`$Y-7E+)e8Hpz@-EFHfonG1d_=uh%lGs42w(_r=rC?%&
z(MsZ?9Q1PiSTcfKXs?eo1N{d0j1i2z`TBkq*w{5P{d0rWK#=IXv#B~s_nCumWzV5I
zm}-k4h_mC!aAqiFBpC2@1o!ZUI|p(%JwjQNoXZGc+WE+YYSiL4E`O(U{@(HZMcM)R
zi2pj30DvFpA9d^ae0Y5SI{H4q9pB#n!f1aCZe9RWg`OhZwMBgxS5SF*t8*XPEgN^j
zC66}1BXO9}G<Wm$f<e&(+kpF@-HnSK5KC!&fgK-yf6uM<ssT{g<o<MC)+uU{zd;3B
z?8F8#r+kMX&Tj*1wL&88Kfg1I`>gomYM^T_oTcJ`kn>h--8NQq>Ul_D2qlB>^Xy@O
zwa)dR90gD~JMj_(X~OWoV}l4b)A@MS0XF*sL@4=|mW&D7lf&G&$BGve6|aB2vPjS>
zUicGDU&smmQVQsaT8`u>CR~-hr#B?X|Bi0(4Y7cPdAZ9ZoMnX)H+XzFIDrBZbIEKd
zzycOqo{kWlBykBXNk`qhAq4RuTmTv~uHT1x7MKQ%)Hq7{w_{c{F)>0keHv#cI#9h%
z8ZdLD713D+qY|l(Fc{{+p50I3UJ=qLX%6^_8fs=yiSSZfY8!(AS{xd-DCpryL_aKv
zAC5!*u#{r;0d8q9wI<(aQ2aq@Cfpo*S22U)NjwiG;YP_#84|W$e@YE0AwWTZ*M1Mp
z7G;2tG`#-3l$LN|@p|>9E(sc>mh}E6S#8#fv=PTM$DSU3ltE!7%G++ZZ#O$x1tuw2
zO;6u1%J>acS+R3TyW>18WO{A%U=9-JjD-PUwnt1%n&?p5PYqMSFz-yLvrjyE%|6Ti
z?4sTJ1B@{-7#X~M^wfm`*S2b|1LKkXs3PYiX+~hQiur~rG46L2ma9blx_tOTiev!X
z5!#_0soN<cI%Og<xJB^VgO0j^V(y`BASt6}Kf|uMM)lATF{==nVvgWr|71w}1wSE@
znY6XPqi9}uwETfUTv%eVaDT~Ilzv`b2vNu^wm`-J{mjr5nE!VLB6S=5`dKAkYCLlR
zRMj6StP3QM1zC(Lb0n}al(kfI-w^#Ut)o?S@>xZH%Z%aJZ@{R<1z8fzhp$jZ)N7S#
zCrTp-H!uYde-f5Rv}0!51qM-9kuYmnN4HK&vVW(Y59O}OAU~JeR*538EX1by4LW)V
zw5FknHMN-?F%iaBr9!OHDzWz@SMQ7MC6P<0hm>#+7do$NCu2f2@K6Unx>;txK@Sm4
z0y1o-p0Nc_cJRUmJDnhuTu^ixyHcbZybvaIeO6X0vg&=}L-UlTtOzEp<b*q+S`IH`
z=!FO6K`9_+b{<}g6I;v=g<xbT8ioEHhFk(s@VM^Koawzm5i<BtZ&X4J(Nf346xr>a
z-BW?fnWcYD*r_pn{=1V?R0waO0koNQEozCf7Ce(+S*vru7Z_Lsj1`LtyT4a8O>sRz
zI;UqQW37O1G9J<C5M$nM!|sDkS)e^TI5@;1d>Z?_d3;G7g{cDj&p<Q|=&N@7L1BSl
zLj9k&8hx2XSU))fCP+2Q5%Atfz8G-iE`Lmm#~gF~B*h^gL@&e;Obu-2Fi-DemZX#)
zL%+qui6P1&m{?N!)j43vHV^t72^#N(lmxNq%^LF_Mz+lMd`QmDVy1^Dnxp0q5|C`*
zR$cWVsjOPy#QGCnN*g{&d9iNKPv6l(dT<m9Y-pOpd-zd;b|7Hi?$(W}mL|eO|1lrx
zJKMMbUCg)O0%ZR?9LWYH1e0(u6Ea|clQ!Ix7m4~(g3!o~6Ut#&B&<kVRROQq^SOPr
zQ9<4py3q(vFs*GZPsEFVss9&ty8(D_&i#`}2-;1%dlbN^te0v6Ns^2u3|-zEQ5&e#
zF60GM7Gi4XmSgW}8XECM201t8+9cQ0jc}ie?2P#R;e@xFucXn>K3bQtt8rYWk60Ex
zXgaQVYT@8})b|Z5m~D=IWtsHZ`oq*kJKa0Dem6(gg9z`y{%GOhNFrkXojc*fy(WUs
z*eI`#0!df9{=!f$@Nhr5S|I9`1M=}1Z>oOJ6s8HPhiNYaI`;Gt^tsR9r@Ko>O3{ZR
z2d%87I5<Gs!~&j&tJ?_+ME0flEY6ltE%cIg@zBB){IY`j2)aC&sJmC};v`6MJW2DG
zvL*e<ooK1&t91eJU6gX}=c1x8uiTAX26x^-u&ZVqk-C1E<JY|>u`M~{Y_6JT&BBQ^
zgPn)E(E9P7AhaylSp-K!g4!@O$ssL5@Q7Ve@r}b>2NHIT2l2V&#6VuGLyFj?o?=6L
z>_Y=Wy)Eb5>rTn<PvS=d9&m|>kKx@UfEYid&%YTTIxz3cbYcHk7p#er1>w$C=aDo_
z8L5c&b!bRWpfJ1~Ln|jV_p&S4q@oUz=~Gf*M+l0F;I3;{(RJt3RuNa&K~WZBM-v|I
zJqQR=L@}1Nc<D!H11lWNUi%Jwv#C}fiW?A<H}Gq{Ev@0zb^j&$rUJ}ufUhb+*tm$B
zq<feV$Bf(Y%_#fR|2Rq^g<BLZd5_@qw*&n&=Q%=ci#&;g3?79(SL5r{ngjD|@6{LI
zHL}0uCK<$3JaEpdAwN*87%bFz92;k6I{vDYj?{uIyQqUHDIs`tEuL49U#k76{sm?n
zQXHJ#!1OfL-k?=+0u-wNJS&nw*khW39oXkCuG=b($aTgxwc30X_hTPA>+u!w04cNw
z-Y@@dBD?u7;5?^6#D|H1`UhXxBKBO_@T7w&t2dxsp}IMoL{kWv%2IuZoYo%+Ja@Oz
ze!e#wH|b!Uy~a36Aw#6KN%G^6s1f9IQ3hF%V={q45qGMHgPzV2asKea$^>N0rm0mO
z1qRpEW=51~3R^U{T+DNdt>N&*=^Heu5stBAA=)(v4qf~|P?1BB)1LEkMhUYue;XVT
z;E$do_^Bg$yn%8OT=myNVk7IV+(g*kxz%NIfJNBz9c_dwSX4~J;qJvjw6O}91qmsO
z_tm2-D}XqF5r7%I_EyhM7vV|;-N5?gxI<<}=+^=P;q!pbp;&d-x-voQWt{*8@IPzw
zYX8o^Mhcd+{s1YBvSjqfdih~%43P)n_xL{p{r{IV)qj9~cJ}{)rTRA{#qd}3>;EgD
ze<|DB3wa1*BzJ45%nw<w_h%eX!O!x}B)LdUd1Q*>0zymyK6$-3O{$14?a?mc!7RV)
zh<&ZvJXPfL^ATlU^+iR<YdT4WM-*i+Fk!^+_+yt>(xy*G^{#6hThN)47uRs&?6j}b
zjy>*A>FL=TQSR^siblacIxSxF;8pm`;=0Bnzw|zP(`<n5<0do4GpSEQmwCO6dEq7Y
zAJvcf-c%o)W1}u%IXm$AuSJXMOB|6!)SMrPGLKPF(@xiS@NM>1KTsbIQ^wCdN(+@d
z+%lBzOY>(k-AZC;S@O?ckl2}fVrqg_zIHw&OwY<NPTM_L>`Z(jYEENbK7uo65H1V0
zi4B<ej>S+Ps_Ayt|Dc;Xy%BN`g}%Z#(Ijl3ZUJn5I}GM0`Eo$-wPt(VAL&55@-4Uh
zbHvgzb}%2aZMPmXpE%o3V{Djrg-njwW}8kgD=5433}a3+JahOZR4+sqU3-)q`o3$D
zI|{DcLT~WCakirZ48VU1aUJ10D}g+)2W-rKj0SZ7`Mi^owbEFmfmsb&rvx0-x^Z}X
zDK-tK{4@79Y5I=h<1%fBsWKYgtn-JZ=Elde!MuO+bM%!(o~QT)u9HWliI3Eon_D)6
z^c{@O!tgRw4~q9dmOW47&M_6I^NeA2{A=|<QFN@1b)IKAn8Og>iQ_|jvA*r*$Ks1F
zXM2x=t>Tx#-T8-+8Vb#C$*G3Ki%^L#i!Qmn7Ga(8^gkorg6D+`8GjV;CT#`O_`I)%
zyER3hl^=17g<B(pcj6?2>}qm@jnf{E`YC#n)}eINz63N>7gJt$!rGs<fBmt4?=?Jw
zv$7sAI_&|M6#D$y+VPq@WqDh!8(#S(i{pg-sbP)wm=v<3==K^04W6^W)gx7Ec;7u3
z!RCVG{hql1-XLgO6T5W-IEd?tej(0T*QP4{XORNp@B(uA_-j`EP{hTEZcqC|vti8Y
zqGXL*ns4vhBy$Fs?Qkl;auIiVwC>d_w!Nh$LR^=>==4sNK{~C`K1=FC_y&rW6Cfk)
zQX+3+sZ9RpVvz#po+=YgwnTo_pghO$CU;+5s}Hz_)33n(!Mqgdo+~GA-I?ZAnT_#u
zqC^<Kym`*)#hlC}CU3rM7xLe@vPgz(+1M*27q6P@6c5O>y8l9i40wD*fyTP`+6iY#
zC;M*Kwl%9Zga%IdK^RqA>7GE23wa-D*S(e05VZ{>{O}Du$eNT#rSsbK?;ia0%2)$+
z<_jW05PaAR`%LD6Nfb2TC+YaV1UfJrF=$`_SbTXC+YDT`Mxwi7C{M+@*E}l4%RYY+
zkNbOF#b`aRy%~$IJNzWvzGcVbIckEjh760K=rzQ^$86nB@@*>XC7X^A8GrffbM7c6
zHCi^eS$`Fq1+4lcA0hm4>A~%ywqVP>jfdM<YG_k^DPSENNl}UR#$(=`7+&p>c{rHD
zJ8@%u=@s!ZGmWy^)<-J%;Kv!_?ut5-FJasZq4Yd0s2PT30;)v7`$I<0mC-UeO+1i_
z=<y#N{4FAHizFT<(BxN{Y!~s48%i^G{&Cz&Fm#LM55Am!Oj1_~`fusRGiAH!dO;kb
zTe-pwfuVH0ibQXWnthlh-^MpWCf9P_XsZky)C7c-ruaC`uJRjljwdA$x3HMKzL#V?
zQ^jZal2~SGi#(&HpVJI}l-3`QY5bAcB9or<)tKFM+>A+jmRNK2tsTb&o|a~nQKK+J
zvCP{f?#HW5i0F=h1E2UnL`IlUH}M<>8~-4ruBBxmoeS(^<g03?c8RB30eF(g;5@0j
zwv@fdvn>mAi2M0OIM?T<{fPhqw7Kr=9VGE|4`@#cUamtZGtHOAvILvBf8uOT?RIZL
zUFfJlhWwHg_-<<zsIBxK4v-K@IF0Y!g{Frrrn^VH|79w3q(K-ZhJlq3{(7%r=$;G~
zK3PpL_@VY~hzF!Irwu2|3)3+m0InZ3$=x*}fUUmduBwL5<myC(@~xc9lG+wgAJWFh
zGcf8GY>20DD*@B3S^A$_{avXWKjX5cBoEd)@Ox6=?Yg!~B@r=?TGD&cTc&v>rrYpW
z=)k?41=uwl;y7W)KtH;E`AzPZ#SgrC(R)IKFC)(wAO>GxOIEmfmw=56ePZi&R-h|{
zU7n58L{=UQAg|H)3XP#ciN4Ih+TM+ZxhF8B1ZgafdK1TF7pBh3W1YKn>D_G}#LakX
zEKfw9DV}b~nN?&f(TA2BS-Hl|?vwe+oz+a1tjd@_tQ%`W#JRdNZJuE4Qq%31yy27_
zBXU}(7B)WHOg&%*8wmnzd^P9en6ny$+_~N>Jc46PZaqyFGEasr%2CsM*gXe17oj->
zLB2!IJ1BX%1AQb#7ki#?RX$GAE?(RTmiI=q(8jy>-NItA+@n6~WNjC+yB^+}ek!oX
z3dUYYCv$pf#oLPoxq~f^INslFTsWyjhljKep!?fo!<B|NZG|@W?dId6IC_5lj?!x8
z%xWe-AZr~)v#ebp(30r%JD*%=(pA8IG5&xWnM2#<u3DF#DJj~ej47n+kA~II8#r-)
zZv@mn;Hi)wSS&}u&Zh)t754bE6ebqUG)&!|D%!(X4qhPQ|Eaxyorl_9j$tuY{Z2n=
zqd^YiyHZz0(I6S5m5l_)^AxzlWZSq<hjWWibKr^xt%K^oi>^2nDtE$md*W@}fSZl`
zIn4X9|6H$!TECCC`=siIK<mu4r9Px*r&T9mS2}SvY}DA4rga@AAKoBKd%piJ`h`L(
zhk|dOd=Q@S#HH;)D<O4qYXSI~C~C(ftG3B<r?!#cep|A`^t@Cby_gUTdA!Z+^cZp1
z5J%f71+Q{sfRo@}xy^LbuhiOCxYf6r0=)^x;;lJ)ZOn|OJt?CKJI}nW$nKz(;ErT(
z=B0KH_d!g)%X9<FA18T(!X0sZ(3^CDZ}X2`1XkqIWs(~Kc5&6!D%#hn!f1%#?N~S>
zkcV9AL2fI6vsBcQpr2UdEOBWzjkX{|*cM!~Eo3Z+O%iqfBN2cfCY(TVDYa}`9mzuL
z$lVBR)ayWhjuA;X!J4IceRSqaX@fpneUkne`U8*0W<SaNRwGum`{iweZpT~3w@?Kn
z5l+zWUdP0A>ZP##tw@LKxyG~GXmSl_mAT(pgS-LbL4Z00*(0jrYvykHXl9e4AeAG$
zhHs%*=0+zaIHO>PxS^EjppDUlD8|b3xo&J=Qpdu2A!LX{WakTM4l7?vDx0m%&aKC0
zq(z2ky^R|BXc>~j{qXfBDneM~<5%Ly*V6^9d-Yb>743vz8?)aw^OGt$YP2xn-27d{
z;8vYETNK9p$)HO)>&qr20&RhiK+lUxCn<KMh@k@Ee292eBX>M`taLWJg`EJ|+#gZ#
znh8OUUZgkM3Bn*<HDyciSNxyGu4ITzB|EG>gMJ^dCYxRowTP3Cs<&==WO#-HNCwe4
z`Xh?bvwY!ZS<D3mRc7N$Xpir0bH8HWC<%JsyLswUz<kZc9bxlhMhr0>H?3mUAlH8x
z=2xig8@^*idKbl6*ki@Ku9xOWRX0Sci#^LqD42Pei-?%BFB+9Bk|Ds*EN|C&F6{^w
zzF~_vAm*tR>cx7gs61#ZWCii!!l03$dfkk<HZ|>7>mt)N-<)TB%@UBLw=Z6n<#-zi
zkb!PFkTybu)6chr>Q=OxctrJw79^irDA8GY(q~QMMF+FZF-mnTlAwGn+?AS4k$>Gc
zrDkRBZ1X>_lMtsJuN=gvBoTkI;?hLWy+O^z<o!l7>~uYTc-Rfi1yoQPffYDY>vG-K
z*oAMCj7MB$IqL28PLpPx7lMhToy-JYncwgcrtKvJZ!~c=D=o!Gsi9~L;6<bO20dn?
zj(H~721)JLrLFyv!rO|xeLhD^(Oz4btew^=ST8+A`uY|x{&F_cDC;*Bc++G*UDbGl
zHZ#|O<ql!-;Yn_CNXf&2GSq^}XKVV{;QGYZcjU3<lgbw!T9Ums_pUY$-nmU!^hZO(
zXb6s`P>y4X7U^_Jp1aym_+SVQN8Y$0$lG>(@mvh{_qKvK3n7fIUjvFSB3$@kM%$l?
z0nuFHvUX09SgOc<89$PvopY*}Lo_5U<Dz0S?gu%mhYZozfqjezMYQgwn|;TQbf#}I
z(eMUQe9NV`+n<5Ja(&y;B+ZsQdFk#E$5@w&bKSxc4Mmt#ZKccfK><Dask{e@YM2>b
zOSRoPu?@_E0cSou7Mih*Pi*;mI@oYMB`|_xY=30W+w+gq8Fcf8%t?79DzP3o{XRmy
zkK)xAFII|~%)WcBM5pHNoESMOKL_Z|v4!YjqP-E~hKr25$fK2=9?T~&yIQSu3GE`r
zn>-Y)L#hyTfs3}%=J&8<P;&lkgr$q!WUznO4M>bZSl*bX`GXhP79jLLRm1#SNtua>
zf#W~bF#j%*;pV1OcDFO8Q<wW`VQlC`r{w(8>F?hX)&{1=bZX{CPG<NFtc?F%4Fh;a
z`yZa*{x7RxSU6Y!yHt`faJ0l{r2jux!~FkJUfC6>;D4)z!Tu|+44BscuLRBC4{(TY
zkidYF1Hi;T7GS#nKXd;7+5{Mo1OROD?<^iX!0{Rgcs&jXw6p^$r(Ftkgl8oK+@sg!
zk<hk{#aG{6Hv+}R4+w~X!%B9F^MonH)n(g}vv2pU$+mv?i;uxtxx0sWs1h<$MaAY4
z{_s5x@c*f(hSe>eS-tf(+-Io2Tp0aJqgeSDrUxigbdZN5xdb_APeEbMd4`$C7<3a?
z2aX|!am50gr1*Y$qCEdBX`-X$4V@@#Tb*&QTBCyF_?b26(AA5nlG$I1Q@iAI4Q1rQ
z<7kL{HFRFQtgxfwSb$P1KY@!mHp2E$CKI{RfxXIr2!yFd6r;0%T$FP1YqU68dv%Db
zxjoq)VbcribbqDtnlR)bJC&R#BGnO4@uZAPl@KMoEg?B7@g*94lPcXE5T2TAtmPD6
z^U^YRQU91AX$7iQ^sSU8zg@;peihUN(~b=nnJj1aeE?z`T{uCQlx7phNB-7y(A6pY
zL>EjP7!Z2Ozf~ZAm8`%0WBCdQKG-)v<bi-8P*Cw%;OQ9<kdO(P5eb<7i<Je~v|Tr^
zE+~nyHMX=@mWrgkb1;E!*zSKuF^#-if9TfPiLp;s+x6MTepjewEdB{em|w{dBbvvF
zdXBzx8gG~&M7D0b|ESYY;;LuB6m+D0O}XE)bhNEj!nC`0*|hPyVRhIGo2Mt6W9YmF
zQ#&d}%gG<}41{GK%(4h_k^bE^J_S0qG`1~X#U46&-zmBz-^O9%G;P_Z{nPpF{L_OL
z)-?TmTJ6+vm{zkb&2UXizB(N|hP2rZ{QY!Azb1)E1S!sH(4a0gh6YDGQAa#c2=ROS
zrbTgsw3xXiTGVgQIxdM4{k|<=a^gtn9<2Khu@}5ICNd@EcExSQ?Y3d&KR~%#o*K-1
z9&f*qk{t)?p|PTOm~3ig41IjV{s4jg0TP2BsPB8=H5pH%a7j%!L0os6t}E~>M5ns+
zQG+w+zU&B4AX*YcthZfs(6aC08}#-61C*a17ytv6$hnq-@38K~fT}m}2Z$dLb6R~J
zG9RfUl<!U_bRKjX|24~Y<`!?)_jDSij`k0bBzbLRTKVBBZ*AFSH`n%!v^QAlQ91Gj
zs-eb|oFJ%F=rBsSC-Pp?qCE;iN~U&c+JlET_N6MF83qsrwf!2!C^P*Mgj!)%U=qrj
z*`r<+c*GS$7*~4cPo+*%_5K9i{$aLe6NW?U=uPK6DFU?~rBbc-yzP80*R+Fk8U0}6
z&`|KqjZpr6e*I%Gtn?1V#g@97CyW9jaYg+B_@8o9M02oAnpEv3-Fcumel+$UK9H0|
zKS~`vSfiI_LYFik+?r%-)Zu8pb(3fbCH_nzYmz0?%x~@wJ;H&|E~YkVGlI20Wv8+-
z!7>6dYyufR^QSByz|c_xT(va+q}RbfApe2B|MnPv`xY<+L?nW5`0&Um3W`ekdxQ*3
z0`m5C|6I6$gd%{k=NM;H9!8R4m}Xi)3b|Dkm2Lr{%VqLO_bCUbG{O*N5PeJ@u7ViY
zlJi*q6!<~ZUb6{j;vA!1TANbofbs5#evE<H+H72BZ2T>A4I{{<Cf{-Q@4ND40fp4m
zKKgZfPTHn{Eu(Ai)|Fm?U0TgxCjIPMCzRK;w2LZ)Nf&ji@crcv5TN}4JOEHS0Z3W@
zZTdei5WosBL<A&7K<feJ6AJl^0`mXKSOc%a*fZe+M^~e6Y^gwl4H8Y^O)BRd!xFyW
zhYe%5&~_^;po<uw=}~471<^1L34=ID4{r89b#R8*W!ZqK&<Cyyx3sd*+`&jjU%L~(
zxt?H#gK*cLmRstkXW0#<qFCdu0N#sDeTiNGMfkrt^?%5EP(Y9U1LD8TkpGhPfB+L9
zF?@p;KqjPTWCkcH8#p-D;S<^W2jtJ8DE*AD@9QUKQcg@L_;-pHK-Rxm6IoR-nl~}1
zd#!drEWlx<ZMsir?tBh%qQ7~O?DX5F`e*I~Ou_ePzmUAziw^wW&?rNj^W2by_3#Vs
z-pz^9ETmBv&dQELSb`tV`kxlz$JY%Fds^0HsO^go3D6f#JUM?cw0P|-C@|!R#u8~Z
zm=g7EeUQF7Lqw0WUn*%H#TVIV7-sw^s)XsoN%}G0S>$oTBQ>0Uv@oGD&H2k``71*Y
z!Ug;!Xon8e^Qq-w{zc*{KQ*KRI&F00>i43b7}_=Qs#?;<m-7+pAE0b^nVu6}CEM2(
zUsp)Iz3mLh4cgsc><K&>xbMCG(4AFi7s$lzZ?E2Z%sx#l?FLdXWkqF%_Nz;4I>~D~
z*$RUZTK1JVfv4`yEuWRb0`|y*jtH$hA|&l0Y`B)Az<J^BpdD5yMqnAb+_wXjsR({k
zh8@=Tw_>W9k!1(AYFx88OQq|hy=rfsVaHEYwlX|p%F*r(E^5hrAC=>~Un-A?0&J}U
z1wYILE~rGMh>E_>+PsIO7>5m0SSf{Ir+r1al6J5--zL_{cfetT9r13FMwJsK*AE?2
zSPX7OoO}TW$C#lzdfAk{>ttzXFsJ_yZSMeFS;MT2#!e>5L=)Q++qP}nwrx&~iOq>^
z+qP}%?s>m+zVqLzb8+hacUP)XdsS98R`=6S_j<Y;rznzs3}=M9p(LO3RctjexI8lZ
zNtA0o+?@<<A8fI26Gwk0f^C1)PMAv-YYKt$O3lLyOr>JK2Z_4;@j=Z?UK<Z!@`Jfg
zOGheAl#JLy<(`aRK$AHD@+SXUN5+A!il#k8w?DEa@~s#rq)J`Pm;;Jv6Gtv`1Yeos
z_RpTr^P|%Gw@2qJ+)J0ztqH_!fOPiNn{zGo)~L~#?Y;`ZTprlO&=1mDlTXH&E;Q~7
z2u=F`^r{MD&M^pdfRdWA$?EyN)7H(=y7yqV*AR1SwD3$D&t!QIkp<EylH)Q%o3p>I
z%{ez<lJjK5>8>>CEvxA=Pu3Su`)?uz9U}~p>w(kk)zIy4Y31J{sPeyn@Sf*+Uf)kh
zh4xlOSk&H)?-QtSBvHhS;$uK6rEOdjJ4}fd=Q%1LFMLmVK#+Jv>uwyQ;XHX!*&1rI
zaeP>RegQp}Sk10<{{kVV=GN9Kk#w{nv18g#98EB*1Q83RT#Z@4a~2?-+1<}7K{9E<
zdY*WF;5T=-`lBVgn~mn3c{ZH#1w{H`rdilY%=xQ{|7HI19m1NbG%wACuxM@uvD;vX
z8InC0g}y>QMj{ZjY8Lm%y!i;z|Hc*c?E|SlS{JuwLKhlI7lunedrm=PfXwk!kC}8;
zBxdx4lPv2{Z2oen9^0hQ<perUEL9JJjI?TXr#cf}fbIN!;_<EQ5;q~?6doC0bk_MJ
zknLW%W1+OeU*^<?WF8MUqEY5J@k1TH{K=jB7d~Uh;Qm=+7OR+(<q&Z`*ieauVw3~3
zy|ueF=0@1snKD!3dY`J8Sc<Ie`ppepw##5*Yt<!cTfRWOXDz6gNkwsF>y9W9$f2~x
z)7E8ieZ-*{Sg?p7PTRy;-p}CmKOg2Ck%+Qh4L{R2BthB?DTi!sTP?m*rx31^5~;jU
zx-T4wH;GG-M2FFzao&Ddj*@->)jY@&%G}<FaBj0yueQ4`WnSMjMMkuDd}m~ybO^Fy
za8$^XnzP4J^`e(`G<W8X<fVr$rQSR=haD!~t=%HBP_}%T%nIRKR$@ro4-iX{DJZFI
zu4IYje#tuCfGw@uH->R@rfyfwcExn=(kow9+1W>@$Vq@${{qsuM9UTohbt$A;4k@6
zU4@f3$gFqH4ueB6<n2E74a=>$Ts++*YAw?*KO11`79XYmK7O`IB)LJ*Akt?&Y5q*%
zh}A@%<}dvAk}eLC1IO6*H!70-YbG!_*uQ!9e<-H^&IG=u`#Tl5_U2zbXMk2-UV`@(
zb(Up{1X%{Pqqdjb3211(7{WYoP%@(jE}tvWqYufU%WWF524hzDp$$VuA^tzP{W{dc
zfHos?Iuxe^m2kX3Eu{~?u$FM!9<*P4S<Lo?ai^wpH*d`b`tit>^S8sRah@Z+O*xc^
zR4{!c=}hRsZn(DA`YR{3!2}3p^vCYr4WXt*aUs>aGp+*kbD<8Z+^p3nimytaNxX#u
zq<@S$OHLT0!ktHh$kI+pHO%@G%5yDJ{dC{AEbROe`@=#dRaB1U=4Y5>L4fkqsGnT5
zOZN74oq!SK1nc?;b->Q+yYdvV!z+cXDaWPZ5K=+DfTj?<WO>a!(n`%lol4<b_3;ml
zN@~_Q#bY<zXm8umUqqy9^a)*=@-C+XFt;Lfu4XoK3Tto>3b%UUOY(z@75hp>yyeWf
zIOn6YTI;=}F?l|O2HulMRncT2xo}QUSR|BNXDa85TMH+E9USU~v9ld?SvAsQzJQoU
zA&el2i`2LpI?*|Gr{`|5usc6Cale~%dh1vkYxtojev{(NL}2>^frLb?z@L1xpLQ+x
zhN3_USY+=P4o##e&7J&qYH@(#GTKs(e(@4d1#-~6?*Eh{&~qRIQbDh`st8F4+TbRg
z{_@~n`73$QFQf6aO@Yk4RT?XW6R<_kZG*OSd)}o;>xGM&5xpo+|4*p8`E1-Bzq4=)
zB*2WiMHjw*z;oR0boE*-O_fhrmEJ))>+Eo*@~9cRQYwWTn&-juk(fR#7UitcD?ZY%
z1r6dV^Fbcg^4%m$4R8933?kS4I4t*0n0EYTH4hR)LtJZ`As<n%?rJG-(&Hq9D-1FV
z+@Fb7HPV1FnQ0dehX9SgtMXV<ma`5Pt;ocqXKilfP->0^CHb?=?R%?Pw7@1z_IE`s
zKeL@HA=3ajj`_HJ)@hST0XZBOMY>*1^<4XcibT&{N+nX%>G&Np3ssuvx52ZJ;yQEU
z@NVR%N%NGQ*Gj`8(xf8C+yQV!dk(#zlS*)w@4g_9IhC0OnFYO8ZwotUqhqDiGF8Dc
zKW+U%jdIsI)K*c)u^`R!8_MZe);4K12;YrVpd*JS&=Z_igV0twG;6nuo$4xbqNxTy
zpDDo*sZi%CJ%M<hxQ-cjfM!r2@x=w8W{U-)^l1zYlf(y*@N=#6=1CnQ;dACR!u091
zMrN`skvVKfx;oTodxPkOQQJ7vV!TcfzNgiT3uTBRfeGmoCc%T?)5Y}odW7Snxt$*7
zN(YeEG98O`K5?D!e}_fpe~_RhHKA^W-CtrN7U542ul~<8`JWsP@otKp7*U}Qpk*CB
zdrDPRoZ`A&5eGv1br-|7BmGd@#PtO<0wvjnT{lGyJO#Bk^?o-p_tR@k%4rII2p`}h
zxCl`Huv8Kx089WzjD!7~rvAkfMEt*sym)(nuG0TM=B55+*N6j?^XNU|7#Uri%X!Gi
zzu1M>H(ze#GBRQwz6XVh%y8?3Ax}X^o3K~%@Wtp@+jOC<2T6BGZN!nK`_FJ_wM;!m
zc4(g5X<ym4;)J{N97~|7|H=QcV*~`6i$3S_Ht%g@PG~u@;Z(AN@;!r?IHa%c%;(R=
zuQAjH3=9bO5jJTVvGMu8C`kIR+~B|VfBco+;u9d!^Xtpo`{&L8fUvgb-_#nhpV%3n
z55=$F59$DP7ieMY+wxTawVPxS1&;Ow!UU@WSK<y0lJyr5E%r1rFQC;7&Vl{hO^^;4
z_k`u+T>x?E_&FF8>W@dR=6ui}5!320Gddl!&O7(BUz;8WFjOx{wSaq&vRz?|X3iB#
zYUCwOTws3}5Rv|C8Z8*$yZyJ+@n6j?_VECv<27Aw&&<Cvm%m7j_%@=E9R$;MZTPV7
z5&k1<z)IVU=Od%CYm)aas;C}_4QhAV(#67;oG5k&)He=kP=*UaDc1?OGJRcVpAd|{
z+Y-I1HO5-)mC5F&K`?D~7vT-L&qA%9dM=bG9?73ClbmYGJv0eE6Dmer-bHfYm1R~D
zi7<SS`Vd+HlT5FaRf_GCP84IUvEz)?V(TnyH#@`m2-s~Nx?4KN;-Ei!!1=j{AJHsI
zG(RN(icqg`x9`;U{zHH01{*0@c^6KJbm$rJz_<7efj4X#Oe_`w0@^S94;W{dD+mV1
zCJPkJW&h$^`rYpa-?TT?m;d;c#m?<RKJ;`Kl3pN^FGgPF=Re&|<i~p67rVzCB6Rq(
zhvc}(iM@NvxmFb?o53bqt~9qGP$U%5-q#jAaYX9YYy4k7Xg#uZY<%1pfQ8KbP6lcn
zCU$R>L7Vi7;6Gr??}3&{^A!9k+HW|__@H$m5TmZq_LCJRDFUj+DAj-$TkKfIol3Nq
z-HKlIz;S=l?C^5i^<_Qe{&a_o>*d#T0<z)CdH(=Urf^b83nu8GiQ5?@1V?m7Vli@G
z4VERl&mRfcHfXi1>Srz)I=|teKWH&f^O1(ShlC-KC`!oM^aK|VTPw#u)&cT!0y^=t
z;8y!C=erlfbZ<05#9~}$gg?PLtP~k+VJ))YuH|zmde+ZpTlAE%y1@^EyI_<}=Pd=o
zVGI%ghl*aM>WXL}+DJZ%eHn&yzXQkQEC=Q<7vpr=CC+npM|V-?If>KY_%QRTvn4`e
zb47XCWs&!AY1j_LBw1ECMOdkRFlHNyuL3#_<p&UM>`15wF@?>%QqRmC5EhUNJ9Fq$
zDC@}@JlS>%Y7S;4F15|wJ^jMoKw(S-W(P(y%q5J-K~R=LI;EC)#>Z{r`e5=&X_^Vo
z5$M(jde?o%Uhx&KmxP?n;-D|YA}S_t7oicV^1XBb4`u}|VK^7`dldqrQE!KC9gmGM
zgx}A}*?HprL!ZO&=R&#sTcff6h+cn~b^U!rsJD~|w$uS$;YDD)dJZO#dpTwSG37Qs
zIJ<`@eXGx{Y?QhMvl#4(q8WB+NS$Z|0frn%8-F4u^1g7l91tdG;FX=81PD)f!b2ai
zR29YOwwCMUH&P)noXOzLo#L|~U<ijy=N@(?#4vi%ltdsfUu}h^$~7>?5ptw^LFTiY
zWF(UdBakYzV>o=Lwq3gM%0C4nYZR_VgVr=CMx#uD9a_*8d_Ac_!ly3%O@0(&@Tkg9
z@ke{KT~T7#dxw1G3v<c1TNtcFQ-h+vqwIMF*GS^VzD3EBq_7>sy_+J@Ot&DR1d3d9
zt?NKRTTHuF4U%AV$E6bhEpC0cqXZ&%*a1>e+8^HijnG6qY7XRrI~CL6j|>zjw&!aP
z={&h77~Nt(|N7+2!NwYlIs<C5=|n5H?r4v<E`-{)Xg_=w=7N+D+zkxq-8K-xkXM6&
z?f_w{s{pnJ!iau>6*F-NwgIDLUeIoDp{T!C8-xd+cRPX`UY~=K3G%A_Ne@FKGU&hT
z#$amzG-DOz2Og^{Yh?7qNw6^2xs3i^rJH{c&mLy1WSwA(ELWHv|53YAtGa_qS)XLI
z2M@g>N|`^3dQ~a%qlmqB6|G_7CShwp(G3@@=Hc3~p<Z~Elgs>=PPZ_(FjRbBNxgq4
z63<2jc!VWM&$R%Xs6Ugbt?gWIRjQ{k*MEq|Zm&6~&_fz>I`t&+w3#RRZSoh!5aIF)
z^Tt35^QOiJ9yPR>dkA#>5>1SSvFl<25*@@FOpofj9|Xfyk?(&i*ZQZ%{&x!2|I2d!
zzvWu=?Eg)%|3Bqg4D|T_`{Y^|TCh$i!i$|7jA>v{wuo%E$jQ9zC~7FELWn`W#_>Y|
z0XgNcu%lD~c>#HZh=@qqsNlL^w@UiJz$8eZ6=MR=1h=GMVFY1*T)_wN<4&#%8=4Dq
zj2nsKCbt+<m+UA<#A)eOW!0UU&R3P5<^0r^^oX(T9-4%|>dBqI;wUxm7zD|S>?Yy4
zp0o;)`|eUUSIqiR@cEhSgo$?Zoq$kFI^*yM5%cxzf<Y|IDZtQ6GJ<mqA>uf;luF@%
zz$4*h>CiZle{`)D)FUI*q+<6K4m)dUkV1fmOUy|Q8wAIlybBZNMh$pJ4Ox*WOpO>H
z#Es4@+lwjqw4P%N$iN|CvLbHsJ>!MTIR~FxFC5GtN0fz>J!3OSXF`uDT&A}n3Jg3l
zJ{RM}V?N8L3X1Ruv3nxrLP1NESBbNT!Spwr%?<+>k7{Sx!1V1bthbMW7`5!e_UV_`
zOS<VB_u+SEr!C#gza<6Aa@mU+wj^dz5kWF*sTb?qy_vYxW|CY8mGJG&&Fb?gjFlai
zjYZ6ZNxsXb!+-6@c_F;o<-V8iiR*Myb0C$~V0dRT!kfOSrkiGz&@p+<>&jn&%&{%O
z=LdTKgh5CluMgI`2BX#GB@-GA4;A`a*YiXXW=M95hFzN4j_j^DrojF=$($(%mCHT?
z139+z+ZkUe=aN1=?gqO_eI}bJOsIMBYh3TozEXajxeNUoVy{L39#s&SIhA<o;F0dj
zQ1wHizSwAy_$Z25bo%ymC}^MKaln&YERFywE>Y5;S<sfchaIT}L~iH&tS(X)gm)fc
zd8>6k8=Dt*hyt2%k=o&AIIsd0HF|6o9!8vbpLO1@SZG`a_WpIWngjX5*qWv3mN{PM
zSE!}VD;`!lOkXmMY!!6Ot`LSM0<1c><mV)$K=v~;5=aZU%n-iAKy_4&(g8#-7L+Z1
zyZ?0;p1!-Vu)&Cai%_!LI3h!qEG1{Cy}Of4IBF<n6}e{+;|aq<9UBYO$llbIh6u7Y
z9Vk4~STua76A15yKL?F7c?Q^Z++g$Ik$5aM1h#^&DPGL?KMrtGWMgI#X7f)R(sM&Y
zV+#tOP$ZGf)?yn1<3j2lRY>uOv(VoA2I0U0!0~jS?Vc5&x`8u$iN9l%NXMloSd1J4
zamolY20?P6Ji_=7HTo$in}<G8oE-xli_X|E3_|5Hr_*w|w?)Nx+f4B-Jd_6F<OTPu
z`Kgie)Wmt08n2nPhs7*N%)Onr@GA0^TYigt1Y^BxQs{vrlV+i}FnJZ(c6H7q`Fwj<
zfzJF;O2xrKaP|T=3aQ`1Wik}~nZG#^({UBhWY|ZrhtmT;ZPBot929#qv~FKz7HJXM
zTINM0`Dw8ItpTX4P>bKUUTa9XkZDOmM2c<Rj=6gpyUR~LZZzcApjNp=TRAma8f;*+
zRmV*KQMJBXVg9(J5GBH=5-M6AZlYFQvPZNY1S5Ps^3C|~{QQX<^8nlor;g)!DCph9
z3KoRU4wu4y1IdGC{K1HZH6Oo<_V1Kv{nJj!=sgCnS#_qi_Qq44UwF9z7K6=+jxcm4
zO(JeP)KK<4d9xiES4m8i)4KZw2BGv)@m!clu&+E7v@Z1XUjtENLr~G%Qpw20zs%?}
zC0ybMoP5#iB3T2d92A4FiY!~L#U0XaoRZ_%?c9IDy58fncTMzJVrp8x`RvEoj_bRd
z1&8<E8i80xPe<c05FI`3x1S6rGX(-;2#=1hFgPGZA%b^m;}P?2Ru5g_{b2W*9E@~W
zE$ViEjFHk@X*s(-u{86Zs^n=FL(xuu&WPMm%%=q(qap)QXU=t8lFr`!G8iRp5s6Z#
z)j&;bir8#!&up@l5R9E*Q0lTg)%jKY%>kutz}<>uQZd&d+NE!6D|C{pl6}e>z1J3{
zO~O}*cx-|c0<fL@aiZMFOI{L6Wn5?i%<VxvK0|qZKR@pGZt^Q@?UX8c8^a~Er5JLX
z_s;x{k9rVoV_z<;0w^N97s~n~y3K?0j>GXo0IF>`jE9Bpnt&*$u$Rwu4O?f8Cu}hd
zit;l`$0IbXm8N2Q-0HW!T#(A@w6^H8R2#-K%JBrKGcc+{1#n=lWkeWlO+<W@k{cdx
z90Y<?o?huKVNZgI8RVjj%O8d>*7(Q*tNkf!C<jI@`XFfGh(WB{%tR6&N10kled}?Q
z7ReoFglzNnCh|b2$9d=k2Yl#FI^mbQ`eH-gU{4Ud8iL_rad(o9YJq-bVBD|ip#%P-
z{&LQ*ft1kHl*odnjS1I3p6!NFf7wAfYvIOV3Hx*fVFvBU)n1jEY?gTaH2s2MYUyRt
zIyx>T58`4cH(HvOW%c^J9G1bI2?g;*M&V?ySZz0-!;I<KWf68JhtB2m7dO)~Kgjez
zQWy*kh&Ys~W3^pWiZ8dej~5Td6*>;kN0<4{{`m2nBjenYA*{A*fE0k-g{6xiZ!diD
ztEwk_UW-a59uwZ}V<Y|2`WB`RCl_llZLiV}5=kbCl0zPf;C@Au#0a#^NTAnl*kjFf
z)}Xgct8VO^R^CQ|EHpoD3X#76SA_@_H+obbURdlW7FrqfSgt>j;4kTom=Vj{TWK2h
z5IZ&zYU!dn(+Uv~eWueQx?Z}}$mOvscADJMgp6mIsjE0(&Lf$4s5G`8?=!nK^$H<1
zO+dX8X}{rHYPP#t(0#W&PT1HAxg^HO==WkDDvP!0GA!v25Q7gWtP~3j>9z}M+z}AS
zB4(cb+X7`<XC?BjCH&+v6Cr{fvBAm;xEb0p`AT}V>l73Qzcvj$OKROu%D|wgf}+0T
z`3q_sfy)LjLr3B^AE2l|)48m;u-Y3q5g=;rjkp+Abca3igY<gp8uZb~fVcw}AolkV
zbVl#Gv{}cqp<-r5UQ+(9T$*qUc$M}yF|~>8&yAwi`n@#Jk7D3Yg`0z;U0^G?P@d<-
zIIwsqNpy@-Hp*dz<}c_D=$yXKnrmZ*6D|$QagT>GXZ=ZD3t8U1W#`zQ<mi`sY>lfv
z3dj0FJX&X7=b>C@D5nn=q8UoKE*&_p9x=0t(@3B-Vc))BxRJQNMo1XSF&X;y6nA?U
zUPV*!V`(|0Amuv&d+crn$%0~U&EBM;L_JjeN5X!Wbqhus;PqvkvBW%yWtL?>Fw%1v
zn#`{)RI3TuD(o#KRKz#w>j<=j$;PXNQz-9EIG#|aazz4-wuqghSFiS{9W{08E44#^
zp_&0Ygn1Dpvl&b$<nJ{Hj)6GXnc%QVUn{(Ry<7bZ`1M1_>SuP`YmGu3u&j)`v7Fqf
z5k-rBlgA#2;4PGX;x6JT1n-)kho|Uy9TXJv<r%6SNbh;*^TlJwIq8+8;rKLjenHb&
z7WQn{6cC4{5dtA$fwgfL4#gwj&Sm*@&row8?>;7#^7~}CT)*XO*_-h(0f@jm7t@tB
zEv47bNd<yWedyZYgScO7xi2Q&oU<I`SkU?(5Hl&TA`$0&)QA!U!%-GS6!~tT_}C&E
zS%NTX`rjJ8*q9P8xflep-VYL|m?4JvH}TkRxoFWCKF;!5$JKs`;%I6F^$e%9uHu5?
z2mP$PtXx*z&^wo0Me%rl4_KQ}m9a{pn#cWNVulrsz<*3chZ)++h5($rrmYjgvlebq
z7KOK}1ClMg7rxKc^ZrRIxCV|hhnYosc>@U<-Z!M#$Re3h@IxRlxkw7;S2*N_zdWJd
z<=v+(sqA}ORL>-oid8(7z+g_P*2rq3&&?XGtf%YFp_aW3i!^3#`|B8qZ%dpmZVR$+
zr@!#;-ze~@mvD$D6+&sSxF<Li@y;{jgp73jc8^~0jE=xPFq$#}5H-ej{b(#;Mpb7j
z5#cZNzY_WcCS=Z+(-dD*);@l4SL^%et)y|vpnKXKx&35xTzW8oFmiLhJ*Ll}U~rk|
zWRqxindwp-xLNiGJ+hK_4AC6qS}q;xqor=|p7A8>X1Yh6%ZTATMr<li4J`F9wi<yr
z_S*w`O>ixd6n7wyw>efw!D4tYs!|qY<&A5aVW+nzZ3#6Y4$90+*?adcBz(O@atEz0
zVuWLwlMZLBbxXZG_;G(MldF4R`ju$FME{3ia>F#COr=~WetoOoVxjyV9qMhE9nz@p
z!zhFCPo&`D2bx~1b?>f;WXI(bixi4X8((T~g(xVymx-<K>4Um$R!_I!;f)`-C@Gpl
ztkF?noUulBO4djI$j%5!WEVPodm5*UhyC6=+^go=pXaYd?YK8q->;=H9`*VWNk18r
zMld&rr^gP`P)uLUoHh4Vnzr9#Ozd7buD-9rRqN!YUo8$hWMg#&c^qlA+*p9|>1W2e
zDvLWHw^L2FQ+<Z8DY$W9`JKk{lzVBM43#ZkNmfZO1V8k)iyMF`c_iWRsx@+7Z~b>k
z=(JWODnc^0ki*M!Z+TPg$h^bZ$o$7M+Z1|jh1ArJuSHSZ$oV??o;6@fU(+MQK0sN=
zj`bV((VIgQ_r60^lt9`Y^Lcqyau5Fwi^b!t=4hE>3~C*_5Xg6a**y%BnB}66_Ju=i
zina_PrP+EV5-CTDEkz{TJqg_Bo`$I8lQXDkl)GzeL^W67d~xb}sInXuN)I7?clpB7
z{3Hn$heEx3=!j?u)9g|FiXpwv{bn774r~G4{q{7L6%c5KdD#5L=OT=~_`O?Da#e%-
z_q5#)Ch081LH?%;OAD$|y%=|cg>PD~o2Dt2feijTrl?8%g6mK5ZW+f%2ryBDnZCrp
zTsKqqaEihV;|%#!&bVY`SRGGs8T6OkS{#RyN9Uoe1LY}HBXb*(Y{7%2+>S3%zaNop
z+mJ&2AR*2_+aqB1*gHXKR7YE+;fEpNL*+_+K;qlGV#3^Qz+c13I&&zD4-XFO<@9lp
z?7ZL7V^g^KJi_HR2pY>tR25h<)-pO}dKnyX6j+xrx50De99X>{M<9vsjWZEj_d1cS
zUDTkGM1;I_{XWCEQH~{ay(K_kLJ?a}L+F3xFiRk$IN18rbGubx_uX`m`p{OuQiMMO
zRcow@0Cc5TIu~htaLgS+;6Zi_PqmXk`EgmNwiJ!AU;<{|+Dq+T#leWUA`=)gSn$lq
zw{;;)%cuS|*aEt<7K*?&Btf`xtYPR>#s0hIUXkR{I{i$T`4hjh32s}b>C+H9O^&Hc
z>dm=NMLp+c*TP=}*6e7nfa~$?fN)?uqj7|>eTWO-w1bt0@OyU(U_?NjMDu@kgX!p5
zMN@(3;|Z`$2w^~0MH3RXhs9j7ANle)(tN$MW0#ZvtRmtOh8lTJSaBODB51;k_bmYF
zw`D}i`{oIQAiLn)W7Qu3gVt-4IV0v0#1RABj91$P(xgac8<!ff9j6Y(4MOk&T1*KV
zMP^uD`NJoUw~BAfSKlKqj^XHAiJj(a)gEam4^R7Ob75NO;$~%uv&<ccxgv3I@pY&M
z;pRRTf5wIYIpG?Akgo{r4syVw(d#=U;(lCxv{ay(fFZ9KYBg{@q4gdFi8kr%CdmlP
z$;u_EA7B*?Q|nqHK0+0oVt<4bhD|y!Uc{LaYI*p?Eu4d`XiqNsRmxcnV@Wn=x*%6~
zXc%q$ufn8)EQRp;38H=i_R;(S4x`QNB7qVkbF3^jrSA;GY!OQ&zkHZhorKK=u}R78
zv4k@tcR(0LbRJyEnr(yFC}PuqBvf~=Pq)i(UnGh$slGHl8QE3br8@mPCt+Upc;0n|
ze*}8{7E@DJpO%sj>r3H3k)cdn%q>$QK?tQBg~AM1k^80*a}=s{r-a=~gT%FX%AWRW
z{YtVkqW}2HG<%(zkt{M4{eBOBf<D9akh0X7#^C!9JFD^OJvr{g)%ckq)xsZR`@(Xe
zxBUo(tKEWcyx5CZaJlj_@oG5#QB_}W_3CVY6Xia1(+0ow9+aAx{@5`ulfr7XEM#Hg
zYhi)LosdOZX5OgUco<)(cxvD@;DXfCI*&?s8KYM{A^-Cnm0@klKy;7IRL7==))K3E
z<Q)tM!)GcYji%w<Sosa_##3t-2I7MRkG`7fW$oFMRhw~a3+B<ph2WOw_A{<xcX9gB
zKCQ=7u;H+2I=#dfUjo5*LqH*IL+!jvMDW{Q7jT91I_rNUPyMHe^tUv{#LUL{Z+R*M
zBcQbO9|bEZV;fU|3YCHBZ?)+^2ds-&={p(!Ys5Ma4~(OegR#Cfj9X^3@>mr%GvdY@
zReKB*s%nyUW8tD09|&PvT)Y~-3SZbXPM%TX)>Q4<<q#B&nbU%+%+g(ESvuc&SF<e7
zGarA%l=8@*XN+jVPT$YIkN4iMi{+-NBVKJaU6MOjR|bgN`j+aR?8cglu8C1^yDQxa
z_8b0jTU!~&Jd|-s(%MtouD6sevZ;6hIbYAOF=V#k2Ls7z#A<W|Nk8}DC0$$F^|K7m
zNH>k)vd0_+vHTY!oSk3diC-6&I-hP+p9`W}<MJ^<^Am=>Z^!DtBnInDU@ZD_D-eJe
zH8d?X;xS|+M^AlUdyEAWOVB1#5V7c~@U=!Hgr3I3|15&uUh0Ad#QmrtW~lM^3yvV*
zC!Sn&Q`sFA-9D#h%Z8t*cU^*+ITsE>UXoV_T`nnj{OB<j@+k5|j4c?=5|37jWEDel
zq*5!Xfg?OK!nFlAg3ARlYSJLjzf4rXE)s+(aZzSbk@)dLt|*+#NKc2G;fSC>p}uOE
z4{S<_0keUSIPKf;UBY;ro*MlO6otP-N%=XYG?*Rq*LR0UOe>8LoAkzY*QK&r9{hNR
z1bJQ2I8qqa{T|Ci($|-z13jyRl2_WCGx)|w+Hqh-^K%CESr!P4YdIF6Kh=H(603)h
z=Fto+?t<$=2r@@CvY&yTN7);{?q*>Z+XNCzQ1U7yr;ZA{ZhNb%|Jb$YjP`D62`67~
zB;5sU$TmV<p>O*`O*&tMr!_;Hgso5Z0IBr2qR;nRPiY7vGCWEjMyYDG#hU9H<EOU9
z2sQWzwXceqDP6Gmmlf#eCvhf_xEk%lh%i?UlQ$E1t8o~Zi?&9ad0a=xX@U@E^6kz7
z_gGZuE6Cu?5Y815<P;ow+zXsxpV8a3A!><cW_wLDN;LYHU}v!5n<^Y3;5(b6`#OPm
z*UTyGcgqVZltAJhZMwp*WjAk_oX#K~1R80URbG0dh$NlamEfG(h}DbI);6$~av{>R
z)-CSUEc>s(uPkr17YTUolNw|`+@EJmYX+~;S!rj+5tV*@38`6Rdo&|K7dP%+pPzBZ
ze@N`l`;g4;NJtqyc|>td^}nFq>jK%`Yz=KAf4yL8xgo7p_h^2hJ|GOs|91}h*YEzi
zA{!&qfBEPCve4^4{qvt~T>sDh8H2@&*gmCtZN=xrJ4^}<1>&-FhTmyTjUS3%OdO+M
zf!vS&<r7hz7GI+d*(;Ww?xRv?Ib8SF_`WwBPc}k>`jFfotjDwcd4@MOWxK8m+xGhM
zdL-~6&*Z9J73I%WeaXFihuQe4S(!XFR?Nyx#uMi5tHUIWH<C$AtFr#$`t<1Sgv}M-
zdRMF)(@$I+h$Bvsi6A8!z+O04ee`W?&)r>sYhp8^F(;t|!f^((m)<@4vT5x0aY)kP
z>eFQb`v7Xd1eY)yaww07>^*s3+?s9wlCNe_L31vk|G6Qj;<6Yo*~koeA@4;h7kLhN
zXZI(h(-gM%>>oj%Pg6cb2GGM}cq@Fp$CWsIHyI6gm8syT?uMalHx{Njon(zLQZhmw
zhaXAGeiKJ(SGHOr1*)x(H)3V$sq@>CE+O(kO0a0Z)gj`I8Dfh;7zT5o44V?X1vXR@
z4bl<f<*a{Ok@Jum@uiVEB>J}iazn$o)4+ysIH7ASM}hq00m)sQ+gC9YF}eyifQ#;b
zPvUV&;`r;LRQs!zHRjNcbIpgH)D4)Hki^d@#`8;v1<<{yEjO>e`L!Zeg)#K^nLX;a
zz>vCd3mTa7;@L)tZy{%(iyvbQQp{w!a(&>QtFr4t*&9L{Y}TR{=v^R9^4S|l2Ya_p
z`9J~Mv^^9q-yU4SYovkGf#wfvJ!yZD?@=~iUgP+$@3a;}ZvS|Cx=`=<zAWkixdn9<
z@Ft4??LIrGR5)_{*~VVxh*n#MuQfx}Fd<hqua!)6`N+d$MRUGYD-M2?YC5&VuYb3}
zh9o51o)1seC~bK1gyY=kY=ORuuK?@;rQrL>l7h!B5pVYX@Qc&1XeVbl_Q_8F36yZO
z3(BU`LkN^i;Zy&4OO-!?1L_L!J@cxT+;`Q7GE{wTfjLnbxBkMHR2F}*0BsvFIV`9`
z8>0ExnR<fEd^W3kJHdp4kSHyq&i<IF0IFG)8Ui%df|amAtZF~=y`0<#V4+EPL@1eW
z-xaOGOww3Tfk{Y`I?y$a<R1OYFCBi^Yuxfrk*`4H{joI&)k@?@0xxy+j*XF_!y_*=
zTCrD(7c(B(Q<`JxE8`h6VLXyYI@lOqRI=PylgChg?8|K|ZzJrn>FD>cRdB=4bT+IU
z(67a*qx$ow%VPrCI{pl?ucFvk7qUa888@UMlFCT-l(Ky*2`X|y(G?Tv2Be&@x$;Sf
zB}uHd({oRTg!GU5hKP^4(wZl#mX|IZ!j3UB+qJxvVj$TQZNV-A(0>OH|Jg~x&O-lR
z@bEtw55UUs?|pv^O#gS|0T})V;{gD>SYZC6!G!Uj1{0Y7l_p$dxhkQKtX^uLRlRM&
zlWp8(*-mD%$1vvQ;S=U1NEu@Hg+Y&-!==vU#IPI2q#_PvI!>}fN(qrrkwYjstUmeA
zHkyW-T)|I-cxP{w4V+e0RcSr&ENFMwTdiE0ejD;teZA5Bs=A+&VBwv2v3Is_e0j|H
zdeZe+k7ZHj#$>8@wVU@`5PM4TU0J*}JJx#9#QwU#+xlEv+1Qv7X?<<-^)gkQ+8DTm
z967prd{{qSe6PAz7+9sjwZWZq&O9$)Q+d7AMB0``Mat{EaD7dD%c!gi75ylKkhov+
zRVv%r-O+kz>)jh&*sy=6J+T;Ay@by!`$(D8_Wk4R;%Hw%Zewr0eK{j{$;HKmO@$8j
z7Ft;cJ6m;TWoxVY@^<C4N71A4@z&-0oSU9i8CaL-DY#!b+my%9C5*I=Q~s%{|8wES
zuHowwt7CyCNes6_EHo3HY|Xc}R6B0LmdEr&w?Rut1r{qW*9>Lnb1Jq$Yla~>_*Jox
zmx;Ai5r<VZl=jExn6GNB>m6SK+vi=E<-C2l?N`=$7462hWZRb{)v_+tN<N6T_UV#C
ziTc1{sI3t<zm9gRHh9)u+iAmDvs<&+M)$<XAm7(}V~u=&VXJS&MZl$o+uji|rSIEN
zTjyae*qVTQ)OMN5H(K&6$)31*3)tYDoVA0`TWM6$*r}fns%sv3Z{E^RTgvCB^VMgE
z1Os~ps^YeqD4C~5QyoR05tN5&Z;i=qqB~jz+MYHtNk%-ucOe(7!72L(0%WE8>)nNP
zwlJ<AzegLiH!`g|Ukp>KD!TS&W|Himo_uo@ecvX!D0|tNEH}m{>{o74k>cYq1)vCm
z;*bfs2th#h-tZ{Do|?WIE!VxSCVwVRA`t{33REOATP}Spv3~t=w#|HhO)9+mdkW$i
zF(t?A)z`DB@={3h<liF#70DG9)U{cCvp@bm3u6}S;QxEPA$Jr1@AFkTTSUOAfX$w)
ze-G!e%wqu#L&;;E!vFn`CGZarf6to_@d*6;cNYKOP7gRgKd;nm;_>~|dQ$N5`TYEN
zyV~lq)fu11Y8}r$Q>}Gq_=d-$#zE9?r13SIE1aQQK|vq@MIp^%yUFEzI<H=5!tMDe
zb@{Ef*7Zt9E1ku9b*@-;B5cK~!@oc_i)YR@M-~VD39o!*Wua^?S8~Z2*#EbJ;zZbl
zg4JfL_gjp%Mm9+mtIbwRBovA2#AdCs<`g_upo62MBxSe)J~y}b$RE^{YAt01QkX~%
z>MSjDf)SvZFqo=T_5#57rA9(PK)`4+KAnJ_unbhLS}h|f$w*{!cP|2XeDMp?nJ+n8
z(z%~TF`t3xg}=UYT!)r1uhw6giLg)$&m~*yvDI@qIyf*eGD^~+>IZbRJ_QW=-D%bg
zci1aFOQkb(fGNsnG+k}}Ff1Ai+ido@c#Tj7R3!R(pk*!tfk+Y%34+vq<mToIIE-hq
zGcqtB8yHSya|>8isMkSQ%HHJ#FJsW@`IWjxKV(5=Fxb3bsjI6yd^I;eZ;{C|(vqR^
zS8tNrJ4s&;$^OpN=I(5&_5R`!zL=McxGiL@_oEA;3J!uI=!c1ujFHY@LDjYL0}f7g
zl5`UyhJztpBLs|84hi|-a5IxG_F!pzjLvA%Xz;L>k%<B1N4>=Tce@8;@_Sx5rzk-;
z=jR{zY-%vq4D?9AXf!&lU)u!4p+GVZ8%N_Aw6S3A9uJs=#hsq{fD5%?Z~ye+?QomH
zssUUim9ev0BW|quw(6|i_H^mGclc8%?=6a(hlfA^%3FdSHg5^+8zu*K_BT9kmQH-v
z%gwXt!gA?{^q5JSW=x##M6r*bfqI#j>kXnlV?iT|I~2ZJ`I#_PyJ$-g(sB_RlMido
z$L-cbGS9j#9@^zqh$2k`@Te*=4#pO6^(oCxkLxe~f+6AO1R<TE5ZvyVgk4K+9rma9
zKbRDmJ%`F%8dhCzIqYxi7k`cd|8<x}X*IRfIP8E1%Ox~XE3@%gtTENsz8tHSMs0Qs
zY6?<|HVx-PTCH{pGuR4<%Yb;mrUJ%|5_4E`nB`H&BU%=VMPw17RbayV5YN4$)Mfe?
zNM5gcy&2@^ihErm;e_km;JWhAto%ExF7P$i^YpW(=|+<a2<dd+_h)&qu*k?ziBhFP
zj)b*#=eKlcU^<t`Wa_c0sZi8Fc|iy}{LGp$4Uhb1@EOYh&4z~{Q!A~^cyNC|3OTKZ
zb(IPYoO)wTva8FVYmKbRwkT;ZWtb$w+*cc}K*2b?=A*;(T|K-cBnS6tbz!5X&*bu|
zVluXERA<qIRC98k;pHC?ulL7uzAF*R<fIJH!a>W~+;6S1t70Agsqr-PF<<G<<x5pV
zz%uc8d!T<YrXr)gy}i4ePu!Nv>$xTsDLt1}&z|lH0unu*X)&Y*Q*As#aoN?LXuS3s
z$po`eu=U`ua_t%k)?xy^1Go>~kSzFQwvy~T-U$X2Y>!0US~_>-V{=d?qS16q7YRD~
z=(ar<bHIP|iQ=D+j6}Np^fYpF18rB*dh;FDrl)M>IRL)~U@3G%yG&$c#g0q3MW^rw
zO53sB!2TIbujKJh6v8S+4xZ*0A~7-H{8>2$BzT7R5Uqd<FB&^I!Q=Bv>}BVtC=|?q
z`JImd07|tWbZ3|AEskYTX^f^J!NI6xGK}{jHBh(0g)}3!oA~2Ezx5rarfaT2>Nxci
z*icP07;@5kY4P`qB#xs2j&cyMr;ji-KOZnrtCrNK67y;8b%@tvQJ=5M3g-631Mctn
zz^K+u_#hIFB6RkKvIFrAhoEDa{0}}M78L%};ELms^emQe(e2@dro48wF4@_l^38)t
ze3H76r??)qk+Cts-35n>`AlopzHQVdo5wku!U{&cI<B7LG@9EbuiJ1c5DYYufS5bv
z_wyJW&Y*F%E}xG?GFf~UJ1)b)sOf3Bx_sr6m%+eokTo)H2y{L1n1)K#C!JlT)RXgb
zD|ZYqj6F_%Y}k%kfWf-^p_Z%kF%s;6$HYSl>T<GJtO~%;`R*79zECUJ{u1L4g1+Q6
z8!nwQjmctbae9&96g_&(YA<NQ5JnR+3tzBY8cPfdk7gGCYlvzmT@dV{)aDC|j+5;#
zPnW!Ld6b=-<bN0<t!TqIj;A<iE^o(|Ty2TL=|pUEFzr(opD0*uHWP3aP=EY$X(*QV
z4-aj&I<>>1{rrIRd9t}ZNr{K<Pv$1xZs4OW-dKY!7zd>+FHnVm%u#7C(32n$Jp`@J
zQ66DUa7N5qiU|l5fPM}T7K?Sr6N1k$_w<_fAKUNN4+nH#5_JO{?UuOyF)~7|{yt<l
z<Cspkh|n(?cC~%Mba^;k<^j>?cK%0i*Rx0d@TigvZGD)cw`;M74ZzB10H6a{=PVR<
zm}ol=c<ayA>cv!KRa?yzBjJRg<itWy1P7SnR#wY3{GZULcSlpE6X_(xqHb=@Kj<?)
zyd}mOFHk#WXWsU?sJR55n1$@`2ish)?APnAszd$|WKRLUscAVslge@T-v$=^_vv~S
zb2}6~h7^DBU$=@gyYORKC^<w_6P->L75`dJp0J9GOP4<nYL}G-YE#Pd8;ZLzWz$kF
zk*K}$87C3|F{Ku;hGKqCduxM)lXTEfF!%`w1R*L^xnFPh)SJ(NfPyyoTnXF>J5;FE
z3V5*DBAXn;Po!*ZT?6oZ5l@$}n@+r|YiDKU4G;zOr2EYQ0e?C^pX$`Ajyh%&$lC{p
zJXSF-C56m78nI2fhAjz_&!nIKO-9Ei+GmzB>(Xb&08OYGI)sZa71#R}OFd4P!$Y}r
z2VaNS90t$b-T8_n7R|eFaB;Iu)b`}j^9j$()=*QvQCEpQX?~umvPnQPxsvZ$H1_v4
zM*KF0bhUiJ@JHTgQt7l#Xe>Z@l|K|C`3Z@DQ>FHt@0buv?*aN#6Tk@g6Ax!E6|uLK
zRuMFefc^%=g7)u7NV!xjVD$9#zdNl8SW*88_#tX9i;k9T#;Z{cXI-D2W^D*r!l_fb
zJRBUfYV}~2f*2}6cx?M;tBpeUgOMq;+FY1@Wic4sHURf)E@d?BgX|IVOI=<DM7sFe
zo9|@SD~;aTeB0Z(L<OR+bEXr*R*oNNxLjUfhf?n%<)2sjk@ARwq;AV4^w;Q~#1Yg`
z0m?M*;K<JaUef^pGmWjj0DyP(LP~#crhsZ9nzCMX{dEQaI6(A0KRyQ;2wQu)<n&9`
z*VnAKA>$qvhzMiExBGs2dfsy9@fJdE6-uLhz<UVYWb*-GNU50Hk&u{pVYyU!poLd^
zvEG3Wj3}F5^b=qZ>9oJwSj=zk0B&H%HtmrkZv^z0D$+yW-G>y}jkxdbpZI`6a4t9o
zIwOAZf+vf8)}0a%<bFWH`$zlbTFqA!ZvGyjEZUq#xui;EwDsxxt$~k<kz-Q1DwV-5
z`uPI4`-9gUreG#^;aqR5CZN;(tg-q2a>MiYPJX{ga72jjRe35neF1BKMyXB5E2es!
zX493M%OhG>Ke%OigRh|Cv-UV3^27Q#R(MPRAO=zA>8TS%LEP;IWXIQHrZpr`F$oia
z?!X5YZNwM&VPq~&W^;o8gA(n*Q@0g?yFV4+wAI_&q1vqvD7-S89j;vfIFO?Tn6@3j
zua%HS0}?)GXU?8S6g8U2A#?t+=tMeATf|7ieFzx<L+;;|v;C#}51amlUcx#``wyWW
zg`LMbK>vqRAAtY=LaqO&%shG;YidttcIID?(*0+z{~ZMXfBG)|uhR=4fW_Qo(T&Wu
zkjq8^+-5jzCZvkT>%KWA(o;i2!`x&fKq{NVaCMwLc~Uqn=U3?L2V@T_m8$34W!7eS
zX{q^S74C6#Ve;><lC=GSu@vU4QxZ~=B&DDkdU~@7)2ZwfrJ&a3g|fP@?cCk|939dm
zvV~p6rOKYg3(on-EsXIwte2M;PS*?bt&#FpLF={j2F>~x<EpJ*R@<$zctJ)CCMUMl
z$?1ih2~GJshu^nsl5F#(p`_#!SO?_aq7k%PA#7lfhyFs%bwAzI@NgVRH=j~tL+Dph
z`BJcKzRAyGsSJV`-om0hPIo376GKbgu@)YKwHD9nW+wexrFHP9j%aJ{rVvAKvQCc&
z4T9eQHscaA3H9~r{AaNckVv`UaO@#Fkh@PlYEC!1ms>o>07igLcT8n-(rOF*)@?LE
zMHa3Cq)|Js(HXNO`@l^?!b9Zy1zx#a0Vw2(9)>%+g<S}^lu!P(7_6VJ=&^&xJ`WpM
z50|`hoBadD1rfF`A4mK9)H<!}fb`^EVca3HNb2kPCg16ye`HQtvyp#g1M?%uT<%s@
zMn=RzTH`%RKX|7I)l@=aw8Xv>L-csx8xl@J%#A=hoxyPNcxx~tUbcg{%RO-UmuS8C
zvCPAPylqghD86uk=J@ki>E`g*7#5dPKfv+n*mYaINQjB=0bX_-3Lv$L6p2L!_8q{Q
zDgm`8h2y92sX*h-srmh-(^#oHPZzx8!RqLUP<VnKpc6+*TOZxIeYyHOfb3umrQZ1D
zHfb06UIc(MdNra#BDm}x>!sNlm-poIIpiEJ{8RJgtR|D$R5T+GgR2j~qOmw#u3y0W
zU`3r0%4NJz2xut)s%)*;ak%LXDInN4D4Q8%_>#%kZK_tvy*sSX<yu<FN*4;?8|g@0
zXfPh2uW030u;{enJjar1c>4BWk$2ZKhM9TNmP^jT(JVZ|2f5k`1FUVIDb$+s3ssAN
zXse$+soT7NeoF7Oe`N1*_J}ha?tX{f>thYK8nws$_82J%O{*i7#pAe?-Lc{Euz(|{
z?fK}>)8cW#G1yCs(}Brs9iNm$LZeU3*TF}Y8o!|6=OHM=zJR4>mG@jcmAP=6l5N|K
z$R{iqH*ar0B%q9$ixFk$Mb-_O-`(l5A#dodsL0FfuvJ43b++;WiO`d-XTH*6`R&C5
zDbZK7+9q{JKP0FAVB-xy$f4kNqSFczU0v6MZ)lRcd$YKG`Lo5HSY8%Z96y+JO`yM+
z&k%Wy+PMt%0Bl9=t~Z1*RBh)p%Pu=42%iPcvBHaf(>}5{S_~nQdYDnv6x|5R1tw8;
zy9mD`iym8VtY8Puw?bt*b~H#hr1tw~n4Atw{91Ff+cDohUc6oeU$WC(>C+&YtYEw6
zeU(BVFzYKE9*M3lhJ^%p2k^>thpX<1(lI;~M19PDxCMXk@d8$A1brYln9VE}`#r=h
zQI<diKC<AqMU#oNBSx!zK*V%<7)+}>!elc4+&z%|*+D?Y%Zuj>VqQR@#nS8c@>7ji
zJ3vRkq@Y_)u_5!UPuEt-Bns;1G}H0#4+uDsx4dYk5J=%0&y-ChBdMzdh2LFv^a?{I
z*gO^$^_^&j*o?R;TV}h%rc*iJMPgpy!9^+L(83@oaD#bT43BJ-cx?Fn0z+dlX0e83
zGW*4T)q^4EF|E~Kl@!w0Rhu>3-#dxPF@Yfmld`+K2SMeyno+5C#t-m%UUCug-^hzd
z86^DqDf6+X0AO*m6v;tV@EKu-PPirDC&(7K(N)fzgAK`>ZtwdPw|>rrY|-J-3z!TV
zu@c090>lBR*1q)YehFU%cz^pwS>@3Mrz^8B(?Q-Uy&DpoKAqukAyNJJRj7q$#mL2B
ztV1=XCKZT#nTHbYdVC0+-JlQclP(dTNP5MN<W0HblGaA(><~<CLp=rWv{Z6haE{z-
zR;EG>%=vVOa#lIXV}g*Xyaf55fb5vp7x3Zz)I9*qeis>n$ODRl49(08eSR=NShAl4
zPGtVup(dQHlM+*=DL`g>a@p~Qu|&sbM$2S#^$AK(sF!31-Ej{fl%&#W2)<5!8=g=4
zE9LZOFAy9+<B+@jR|940qssttk{Td~808v;GfXgYJdBi|FMQ@Q3{+GtTUrXkO2|Hr
zl~_Cp1r0qgESz<J$_k|TJ%r^DZTRPjG1xd$E6HJNNy#xFDKQjxxO^A37eAvPczdEC
zM=_!7504PgAdkPy(|H>F^$VpQ$pTIiRf$=|UUN#u07AtKV23jm${E3tDH6p3w*5n7
zdMHG=(mPuI0{WfI_g?v(o<!r(c)Z@T(OQzWdcq-M_*hPY23m$iAJ;p9Rh!)w2-4W^
z*GN^Evsg7eYcA&%fc!pShlz<Ao8aI|POtfZo&QM?2y8BTv>hoI+yc%Uf=Xqa>{uHn
zFi*%MWf6*@)0Mz^yb3D3ceB|Yc2G=1*D%Vk9s!#HjuiJG`26N{6ZR40ArKYYAq*g2
zfbmAgfq2ns@)5Ms!cHbL69phBtV_#@kO_=c(@qmv3CTG7aVADh*pFEO4E2rNO0Abc
zbiB&IPrtZhuIWKDSaJ3Y?Joe&_M1nt00ZZLkjY}#)DlSQMHVOchRso->D=l8nt+?n
zM>C5*UziI+_bo@Rm0f-si@eQxVl}Qm6>U0(Og0P2)5_@qq8|bU;S?<k4K>nZ8imHn
zzOBS46)08D30k`&m;Txd)ElBUcg%XLwwx|>sh@<X*u$L^m7|Pctzi0ikatTiRRIOU
z8Gw3-N{A34RgdRymcMl&C5rhq8}$djm$Sf$v~=q<c>GMp+EqJ-H@9~MnA3dmvR&9t
zluF{IKuRA8eU8WdNi2mV>o)+|TShRqkMPH52$2tI<n%aiMnN8g<!QB#n6cm8H@62U
z(GvpYlM~K3^$^RHkW1){u4hmvmCX#LDiw&;w(GC%TR<9&`T+4HRdZim;7GLc)I|AA
z<X)V5yl?__2PvL>_<%~4IYPQLhc(W$76JvT!@n(uU?7L@sK+a~bTDqSTj=LzP1D)*
zkMF;j2+WK;KpR4DA_)y2=O#c=#4cK^080&mnQ51>%rNH(4$-jB7O>2irE0E2&69C=
za|O1EOyGbyphH@mV4Mq{a(_E8Q~pIQ_oDGsk}OKN2;>uO4Wi-a&EWYNmjw4-Ei!0<
zprLcJA8ZxpcH*n!(BGrv*#XIWw88KGxD?GMKsW-}V~OJpz8HQKY(<8R7?5%)iNwr}
z99s0`^dgG#iwK%7dPQmBLdnX*w>h|xh#<Z5xO)H#5P-@B-FCWLtOmUUl;c}r)KzW6
zOqm_<sHYC3=^P)|ldadz4u$w_`84(tFtQy0ci8T=zzh8bzZW?ceqmCJ7f7HD0!nbe
z6f{{bx0f`eBzu1^dlF}v&RRimJ77~fR!9-b0l&7)gGdjNP@e}VH*h6>Rzz#S;GCDc
z2eo#<f}oy#R4ozr)0~&NB0YPz-7p?Gv?~A-wR-uwQ7SVa0X3U;Ax@V|v>)Fs?X;f&
znMNhsz;Rq_&~3EFNc3+e;ZG0{OT;iE?40Lj;m>Y(_LLC6WUKD^vJC8Gx7LBBRwQ=*
zs|6T*9aD0q!hlV`+K|)~8IlhFG{}pj_d{twu2Dh*-jPd@siOzN0%0wpNGL$<6Wp~-
z3xhXa!sh2Z7$Hjq+Kdjn04ShDD*o&Mh7DdtJ5;OQe15(ml8A7=yh<!yVdvoWxmCIo
zw#`v5)SJdCAwN+XKk~p!N@XRi=W83&l-8H~C3ZE7$v^l+QxHQT!-2|7ZK4-t|I)nH
zU`p!|@UBBlxd~4GB>vLIqCfqBX@7;=p>JI{XU*wCc??f(v;kPxVeS;tSX45~`sW#l
zN)F|Rg`AT~voV#5xU#;^2OgUfhI2456ajEF*bPy(tr6;@?27>3G5o#A%Z0}S#3<F1
z|0dsKf#NXM#uGz&-exgA!T-VBTSry-b!)>S0@4lQrW+)rL%O?5x=Ucwv1z2c1QZ16
z5>Nr@?rsDWkVd*&_!j<t&v~AAoacP!jPbqiJ3jt!2z&2)-}hQ`&3Vl^uXU}%RdhAE
z5<P<^ipBKEIq|G9yk_L5KRFbhQLLPXhD!uQNTLz^na%%L#M|iN>XAnuSPEg{m%fo&
zn&C)ei5IERg7zB*H^f6{^?K?#jmhVaR*&A?!X_9+o3eS##46fPo<z!tMaQN_L@aAu
zN|mh|i?5lwfinIw&3lK9S-h$)u$Y*_kiYi&Y%LVMF#lvnC{GtspfL(jI{nd^i4>T}
zW4t^M;gO^bX;PntIDfdqJ{nu0d)HoXJDSJWO}LJ9+3n3IBX5nf)LGjdsPiqnuwr~F
zG9;_McQLv*&;h%P>Bv_O6!jk(V|<J01YS90T8Jk^RF$$x{?#L*#fJF$kxvQZ40A=x
zsnXNBX8PJt<0&Rm2Ktjem;?IfcS$#6{%F6@IWs&Hsj&9dhcg5VdA^4O`D#OxS1FuT
zT#}j~;(x<yPJ6;_i)P99Ikx~rvhgUH%5AbJ(aUDvOL^Qk3xy&n;(?p%67<A%3!CF*
zg+9t$jMM%@{1tmmenq<CC-z_#D%{b~*_`mzp}jrW{m-^$FNzIcLS;y%;_cO}T`NyR
zIrHf;x139OMmO<MJ&vp|qs~?OmE(p+A%a&YJ?vWhN&<QL=Wp?!YQXGE2F^$to-?iq
zg|dfIsCTs4OlNq7<|K|jCF$pRYJ&~hDfX|Xr(wLb_OAlPx)T-agA+h$Wh_m(ugXE9
zrE7E)Mon)ibG%S!Jj6cjk>kqv3te&PwF>e6Or4%t<U%WTK)h*9+Vm}Y)9TuqNwA!Q
z*{J0YzvJoMygco9?dZ^Pn!`B^F1t;2Emwg<QJVGpegXbjl$ec3jf~M+FB??CI-5)R
zU;G@6A-xQlk#&<we4JC$zIx{weuz*+(Dkj*%g9HUJb66RA5k4&og}$N61dvWbdLI|
z9=?xSm?x<ZRjxaVVQR)IQacp(yV95{PcerLmiwRJ))ir0+jI?n9QRWVkNH)({<J?D
z4<{FAxAYuR4r;qyoDO*l&u@Jr_cWj~&?mxEubPxq(*)e?lbmxQ?=*6Aa-33UZfI3J
zvvQsnfz(H2q>Y-XIjqTN&DPpF?Z#Wj<{7Fj@~v*e%HSyEIf@J_{PT+?suTB<o26Xf
zFdpU$g0L*(uz34=If6&`lj;P)bILRY*KbUpoK$u|-qSG!pyOJ!NpURoeW4$lD54jW
zgs-GVc`Ftp1QJvA*cjC9vv}?#daUhl+o}SFks*w<dOG|HuEI6P641D)DCu9L{Pj?o
z(}fGK0d*bT_8PnIh8`_N4(h;Pd}LTvWB{QDm73Ag3?POHnJDg-M~@uDww|<rXdc+w
z`hnoPbj%n;ck{Q9<cCus8j9?nr6Np$uV0fHHo6j7bZVN5=>NVFw9~1*Al15sAtW_s
zv$_mHuyw76lKutB$U<mUbv~P@%}Hc8wDtr?PX}j8h;J{lmQ2tkz$uKGl0@>6x%b2`
zV3mqp8k+t<C}sA=j7nQu>@Y>_U}MP^GBJneK|p?4{-Wy5v&G(JGrSMlQGB?FsPEAy
zLjFwTp*Yd9w~maf`3F!!Q#;JxH~GBt#vikk;pPiI&F;KExh(|AG0}Ewt}+fZXug#%
zj{YX)W@avvLr1z4N8=OfkjjZ*>&backIksKiLMaA+eP2O^eA8Z`5EdtEm1K~-tQbh
zA8je}%*qe>V+z*MnOmp(gj2tYV1L^}g3Do_A?SWBXP37p|78uMcybtMQYV5{4Hr$U
zoVb=yC(Wg8VGyVa90NS|=LzA7)D>6O%R1@&mT{!u*1Z&Nk1DJ`W3@gJy@=#r?65^4
zEbI*xe-FdIyAb@i5N(4Z>}EGL4O|K-e4Rnq@KG2%PJOQUlGF-w&~%UD(Is4^bfuQP
z9g07fyv}iFULME@$FcxD|3&tB|Dqq`kBe2C#{~$3kRovf?5-P90;-1wV(-w_VB)b9
zO%#4wrM`5mobie#qTLrt@tML!B|Og=vM-A4H9n{d)_@wFn43(XWcMhWBR)sV&3t5m
z<Knklc*K@%9y72^uN&Y(5hWu|Smv?K&G*H&K(!+$+FHmQEy~qKcXSE@rY9PMvuf}B
zQ|J}-y22{a_Ov@m11NgV$KRI_5ht&HVjpwVC(*OtQr4u^chStK4Bk8+tqq>uA1f4o
z^t!usRIA8mB`PlAF=`0Q*az9;>TP%x;=YqKgS#iz&jslbO7IYZpQqfxS|gGQL4oio
z0&oG362<*;)38>RN~VGqub*y5k%r@Bvzn~Rd1Q~|s)P!`hh+o=1ae6@TR*nBlWLD5
zG=;dVwUg0wv=W-O%7AFkSv!9Isfa8brLUxa?EM!0NoaR%vEjM5jyQ>C#l6D~k;VT_
zJpQzc^VD1C@&ii?Xs;uruoy8IcHV^r*fh#UWhq|G(yO7gGMaD`e2q@#{j~o43RJ7V
z+HsQ#!O-9y(Adn{VVMQYTx=WN+WpeUDy8J$aJiJbyUV!C3S!{ly~xgY5j_c@vGtTN
zA6p9lMNLa%65_DA6k4(~S4qgea=N`5ghW#I{nz{_xqk9dNalha6DVJ<y+(*i;cbA0
zYs;_DDUCNMrzeXddQPuh<Ncun$jPUJa}xeA1~fBnZ>|0=WupAe5-7+YTC6onzJI-h
zy|t31C5+~tWKeQ&-uxH4ApZkTmEVJ}oWI5jTNduX8KFFpQJp~u_Y{MEE(;^*=B={H
z%3suk{)dy0?!V{;X<<Y#DvBjZkmiCi-mFH&ESN{ow?w@=IRX924gLn0M)A^U&JZhT
zS76=hTJp27_#KR5gL0XB^_J`IEK-3{B%hFw2`C~`u7gr@2A{XXU7Prk|4aJY9x{;}
z(98bvx%%AthaK>X<NiJJa<D0nR`MUQb{|n6YfM9|MvSb#eMY6Uxll*_wHOOAivOzw
zA@u~W6ZA$8v*5b!Fj8)JZ8pjU9T{)UG%PJ?$NBx25@o9u!Gr6-S#HLFOt!rM6rh?F
z6dIk5r;8`DnB6M;;00cIFV_1aMVj6PifiuL8r1tp9!qolzV($es6lMTr40!VmXhqb
zVAe4=YAC-jTH0S|>Y;gJ-H8Pu^f>$Bb;ug(mIeLzlJEhW<4&h6^`ild>Hxq)i#43r
ztv*G=@Owf)8hE4OQB?MUhdhOx&(zdxW5`ISSk5iE_aZ1SFHeLJ{VBfyC+7~hzjzvZ
z!50z!29tda4ZX@zQiz>W%o|tBXP}dNr&8TrIH{3jn+_)T^Ft7pV%~iPjXJ3T4iK4U
zOtXm}O;`?N-zDoi06&R&Q7rlDGUn4Hgd1_G6#x<IxHvLl+pdrKJkHL}JGN7NAf;M`
zZ-XZz{^5@m9W2(-9wJ<Yo);9fF!R}^W_6;#w+Hk@h>YSv5-u(yq8k1jBu%xhm;IW=
ztcLZ(bMQ#o<%TZMAFkuczbbzdSfkwasDRE9BIBF;+XD;@2xtqm@;4duupASzG`pN<
z9{l)X-*D3v<~XEVJ$5suaE(Tm53$=id5e%58nd&|kmca43!^%k<(Pl+bD_z*<<-c-
zQw*ge?`%rElh7M7O>vFKY{urIQZc8yv*+4g85nL`psdv1Hl$bcOtTncX|={UVShg<
zjzoCuDi!14E<g8MdzZXoiS2z)fd4tPWfL@kYIbLk4~@-U34;Rf#UuOKP%|5{5aPPG
zqynzN9&rn>6;3s1I2~xhERLbqxtuQm!or#mNxiG)C}bQJPceJpU}wkPN7VIH3UDx%
zMHRKQv_OIZYJB$JvX7UjdKQ|!kuDPsmJuZ8s<(MgQr_Q>hC}3~Z$Fq_W2xh#qt1rt
z%8lXe(1dgwP^v4LeGysqM)#v(gW>*l^6m?FzA2AXrOGdruXuTf-f<}NASQ$X%#|f>
zX~8#HY_)ow{5A8v51m3HC1@)4mgQDPO<yNJ)2@h^C>OkrzO@&yrM(=2WPG)r$4C(G
zHn+6gl9Io-e?egXvg!q(|4D-CuCo9*7F>6AWe58&j8#A`dyPpN84=@qvug9R-~&iW
zY+b*;toP)+t$R<W;G(a8^S<HS@|wBUd%wBBv84zwB4$`4<u_RMajqp3wDK9Ju#a{d
zJeI}d0NLmH+B2=P*zo9RpR*m%YfQWW119LX`8e(L$B!R;$LlLnYrk`3#C8Y)cYvEo
zpgk|hXMy!8LF~;vzL{f1iRW2WX$*k_{kN{-`(C%}nZEF3wyc{Hc#7m#z^p)gf`Mwi
zdQ$-iu=h<Ze1coRvH=xew^t_<pmv?HRd>2Mao0Vh_w@aU3~o{)uoyR2_hP$On7eGI
zC$+)Bgv&VQh)lHxW&Gj9>{0^e0odp7pCjA!wS>*r+!>dC%>?8c;JJ4BT?t?h8Wj|F
z01hz~;a<OD24-3T;>yNwjm;wVY`_7p-%+ybRBw=g*VBi{s`;Vf=ty)~CRA&f_IvaG
zDxX*_*6o}kgB?+@DV4BIK!Z=Q#06Mmo_@z&*1b3XCkaf%uGT&OFG5(P2vnnJ+Xh6G
zd&7OlFbdIpr^`<W95h&0{~(F^{QddBg`%F{Irp!r;`(9UPxU{q`QH-Dq~5Nn>%ugA
zOg&w1n&_}y|NL0Ag-CaGaOW4~r`t|~_8Bb}1n5;k7yWxjMrvFQ!8gQ@v@*7Fw~6H!
zSfsh;S{1TPLM*U~q&bT~yaO+9!V#dj_vh)sPIeTVR1uNmA~%xmscaUwIz<PYo=Fbb
z3-swfym3r^G2K5QBHNUbDl}Q~uZEpP5zj~XKQYaMXbXKi;GXm*^D-3H!T+bxr<Rhv
z@CoDZw|*3dO7wJUeAM5at=!n6xu07Ku#t|?pY2clQcGb#XmYyfWeX1kjIOt?sj{FL
z4cbx%liTmU+L_tnXno)TerE9|mBo?5WXbuCBG+fB&S_i8X>P=7wZ9tD>7)yTiHuGQ
zy$-F}n<-O|yUp!U7IIq8sC7L&;=+ayvnXb8zo1l;-CtW>#USIs4s^<8OPz+!&H48h
zeKml6J>L@?_ZT1g?h(aA4u*|A3V%BWaBx67vmJOYv48>X^2mvekz57EcH0xFxLcv9
zl!_Dqs!T!X_d4kw(%&arF>n2%8oe=j{SW0_6?P`#KfRV#wwtY!*2jTSaWYY|2radB
z^iXyGUdZ-dJZE4CRWquju<mCPZi0#L=g(hb8a2X5#_2D{k`M;8KrtHyJ&v=S9n4YD
za8FzoA{r49fyvIGooG`+dU}KBuOpBT`+v0jR`hb9=^8^Ob$nvNYUH$Zf1&70S<|c6
zw4iv5dI#bG&t088AmtQZ?R~n9kd<w3={;vCRLT+!NR7zyR{$MdEKuDjopk(Es@Y?8
zQKVgAC{GbbEVxi*0WmL*jk?xv37MUpZC|uKL3||sokehBT=;G~!{T<ETo`uCFQE+u
zN$1^<&)d!7(x=_DCsO@kam#o?j|x*O7Dgc#-DNL)5z+nM-$-dg>GczVSwbi3t`}ZQ
zM>0`?QC53k+5uE3=UC7ooUiQjRzH1M&;h-y!QY_K1JXVUYQVY^^tfH#(6~DBIJEY;
zSuLKatp&l#Zt=7HMTG&G<LTTfVC?-2i>p81`<5-Qy#!5Mkdc)w{-psO9bL-KHUTLB
zbZk8pc;e2uz{N&4NE<mcQ#g*_eVICF=q-;?r!g07rTe|NxYQ-7pckSL5z*Tg&r=j+
z)NiFcA~k+O>Q<Nezph*SbYUwNrZ`F?`n7qGqp9sxmL|ktX@TqHcO^88cr3EOdsEgh
z3pQbW>}AKfXN1byJ+=Z5l)TV8G*o7}UkjK5eO3Tv?Y{6@`Uz-v!C`|cu>{L-Z8$iF
z)(Vr5QEt#Nu`>6$m39Ncds!1T*8A*t^+*MLenZe#yHdMXS?}Hzd}e8KTJ8L0Vn*A#
zG5PiwJ~XB+kfQ1E;BbQUx3AycjN3(RL@7M?y!U}hq+&VGLSf$EyOu|7ANZ?qB*o)S
z-dDZ4qac12ff6F0l~fBOVTZrnZSpp1(3J28jd?YG{aRNG#a5}h?^kP@4G#;pVzf@*
z%Sk{xySv(sMIAq_;#PT;0!Pd{)9BU^Q`WR_Cxoau+SlL>!t403GKIXtI3&0GN=&=A
zf`77@5UUm$3A9K>V`OekmauELfvLr~{feooI{EtETOcl$=<@sibsX`xC)1F3?KO-`
z*drLke1MdS{qe3*av-E-6mo!__(5+`6lPRl_jr!mWQ%F+oo<fUQX)AQGdSRTZ!9T(
zt@N9>`!??7;Hm-7Jt}@|Aq}-dnLE;iYE%@L@&NpnEe^^Rp1=9|=;-KZXb{-+0hLkR
zt_cpV(!?xYN*Wp*8nRMeNHJZ&<Jjm}*RsD#RQAIC`r<H2N)_76=X*<O8czSwDw`)W
zIJmpBo5E5&0)vF3S<;)8LOz(it=O|D$5A#_wK-{nNk`Y52pKHbp%8iPX@?nV4~xr7
zDF=sgP`lUNR|m*-<pHGx01i~raoUw0$x0Q54Gx(L0XdGY?qjel=QZ25{wv{CUzFIa
z(9jhfn2t#v=tgnkdCb?Hi{w`NcVMyNCgqr|1fwE9lW`ph>;QdEMx$|ynKa~y4Ho(@
z(ct+f5m7ZOGJog&hL9@yYnk1J&H~#W(i{I)?D+hAK<ndGqY)>+)V|*sE}e2uSJz^b
zhkwuT`~ey=vZO#f(Yy8`2q406Dnotd@56kr-dFpI1|v>J#w*ZTo~}32$Pi;RxA48a
zlB!q;pd}VKs__kr6@ndc(sJ+3#pnTZ{54+LG9zT0w-BHEi9us~y!2azb{T4;(>BJ{
z^VOKeW&GMmv?o~vAo88YQ->v(f)XZ7d_dIM+849IYSHgk3P@2vfe551;rk}qAFpn_
zu|Zp>lffZS1`DSh4djY9q|>F|6^vZOw!FNTXpl>?Q^AjUJgXpFj2i2C?2-I>QEV3H
z2j*~lY|(1T+5gw&>k=6J*zmiSJa53!^w^op{}ynlZW$TI_{U)4iCeCsRrb$$=4#VE
z^2ji>E^^R;wU7cLofnr!{sR5$KcSgnAkDTAc6Lzk&p+t&+=bEn#aCgUgiOQTXLa#k
z&`v|$MDAJRc}(I>CM17<SOuzs^l#saMT%c>F1!U?1_c4qU$OW;j;kI<fGGaSmE|5J
z2vWD)VUc86k28bdoitf>@~Mbd2197=e$BcEXa>zZ_9jhzmuWH{171&=tcotW=seiG
z@K&bW{PWWv6csKP9;?i$X=nX6CK1YfU+?L$>+lcY5;*ho_%8~3e}EX%dsJ{c!8#oO
zN7?QFCHaM%`}SK_^XI>w-E>F<db59btu4P1bdNx$6<QuP9a{azZ!1Eh5dWHgym!WZ
z_4cpFK>bIK?L_u>)-5mmH|Bb?wC{@zF7;0qzZg^?&RbUcub;ximA{ALzoy%Ok^ld`
z89>DD-_1aN_wnY8#jA&OBL=I--&c?JR3a^2aZ7b|G9;ht`}l>F)!}QcX{4FqV<61F
z^Jb%1oOIv#Q*Ovd?CcI-w9?V1Oa2JCypG<S@oZXS#)6<Sm0?XfqB^s@rRVz#j6Frw
zE~}{(Q0ZVkGpeX*#OL17HG~wca&NqwJoz)_axt=%gu42Wq9qlUrnRz9<KrbFf;H?t
zc?E^{uvg7iNB>FD#!1SzqY@ECE42yr`x*xW7gIS(5zn8m&=DliMwo>Bx!6b2sM3d9
z=znHGE3Qiutdl=;Q`)m!0wCi(Xbhh+bJ8?U^v*gm>1pn;(1JD&jA{t#{8&6c@Xx5Z
zwITiUfmiLGdcv@yk1JNJw6snA!+n>@@6H7H-Ot-{J7^Uum6|?to$I*XZo4Y#ex=<p
z5aJXGvB=Nk5r|#8bzOF$P8T~yNi6tt|HEwK?swew4&&Rapu_ErL87-x_S~xY?yDe@
z5j8EdQNtL@sg#I=d%5LoM<a@89scx&#?1Q{=Z1zM)!>S&v43vb%{Xtj*^QN#gX7im
zM+E1Q?3KdUx9kw4QurF7s7P6PW#y6Ha39j$8lN&e+6&pu(--H;Mzx7YOH>bkG+rC8
z=Di)CviHVpQh>clN=KzR{^`_<waC!!-*ej`TagHMJ|r$S3Oa8Q<1i{Vjh&m4CcnNd
zJw~;Ih1eTOb|n<u^wk_uH;tWX>~+UCPTCC(a1I5?8|AluJ!tI0Jn|`DrOCGuGPgx>
zc$@yZm5uDk>01zz7ygY<Sn@(4lTZA4SjIl1ZeQ9zrX1Z2?ff8OqSD2A*s$J`zBRP0
z;Tv>;&Hi@$*KsPv6OA6|#JU^|-r4k9U=R=Miq!>8lai3rUSh55!3AJA?+Av)u5|Os
z-#9UzbO)Lhk}F{?t?~hkJb%G|IaGX{Dz6UZCF>g+n!vlkd^vI2osOost&VW#Grgzc
zp!>C8=}=!5+Bh^h*qE+OLB5f7?ZV;0<xO?0E!=Ix65M$`_%J&spGR)#GL+|!pH*vn
z(jhnnWe{_i^=*|A&$?N+A075hTnLYiNn#Pz=<KHZ`QV6(isQJq*hTjogG3nLnZ|g4
zrO#@&!2W;%<T@sX!{a|2Z+sMg^xTx0cp+Sw6n}=9RV$F*xKpv7*f;0#?6vf#vg}6p
zM&0F!iY>dgy%xAgZeFmK{^Q&=o_9McryB(?1d!L=ZQ20TdwH34M^jHt-Fc12usSV>
zwAiHF))tL0fNggh>87iyX!J<|D%7L&UL6J#uchI;b1~YR*+zJ`WM5Fw-mPzTB6XYu
zj?46RRwb*I+>Ch>*UX62a_tqC3C=lxU9oE5m0)xQd%dp?9CI>8_Y;Rhp|u|t;CDm1
zmZsl7my*5YLka!L6A#!AJ7=R37i!(N%k`lm9Q2zpM5x-W{t5m83&Bjsf**~BS9mV7
zvV<>ewqsV<{6`^*Zl|G(R!yG|+O*f6pBpZe_g28ney%lcv&!p%<aR~&&-1!IA9r7@
zhk}a2{)tz()xwvlc9)aYmoH~$CAZLjq$gx=_{z0;r$j4=drLB%UPGjFk6Hb_ZXc)~
zj{G)~==zZ{6DPN?-oD`Ln`IihpmR+PoyYy-64pqm?9ZVS8%;`n&zi#wYHgctyk{ty
z)qncm3?e*&usQK3%NiOQCcrv2w*AJ;)PJW8>sB4LepWYa*=(kw!|GT{va({*5%O*O
z(rVv8bE(P?%e}t*k>BQpf3~jmxVIQ9?Zvuon+N3qo;FYLDoNCE#itL(={=vGdCk^6
zE&H7#oOJ_`%@qy$@d@Ix{}F9V`&Llui*d_1oJq(KOzn?rLyxYScQh*)1O~6RT>5R6
zkFVIqW+caydw1qpvxdPc8P?sh1+alp>g%}7=-3z@Kv(y<+~cY_@SXvGkz4FQ-2FkA
zb-)flsGuMfEsNjvf_VOwkD1wCiL@8?{_%th%1Or?!b{Q~bEs^}#*SA?Rz`M&PuAkL
zSSG0Er+1(<hbhWUpfw+b?VEruBYq104(4V2%e3RfTT%kpia+N8qaPt92uqQjo=vKI
z84E{G?;LUj_><m|!g9q7MiMtAz>6~2I{Nqki>N?n+;{YF-iP1&?T3H-GwK%l9wDed
ztMUJN%OBkG8TQAeGv)JKcpHI_%c1|zTsgo$_eRsX^_J5+yDKE{DaP8k-U7-q<_eTa
z=V!(Dd*_l>39c(@YPmrWI>H<UFQ!M`Y91VIeO>)$5GqQm#l|hv(<l8aprzG5YFcYb
zi#IZ9&Ii|Y5FG{sM$0Am#~+NZ+IX(+(3H{+y)<`vuj0ewHJk&y5mlxnh?}jIHz;s*
z)5oR=2*|yHq-O7CM*pt2`2LND{&#KU3r8m-%UWGEm$w4L1<(qzIf%-=2~?~G_2$1C
z@Bh@vU+1{=u(LavL0u}2)OTyLxU*A2e&c>7D5k~L)Nmek7pdj~3?v+FYKi{u_6Gms
z=s7knHooWou{-$BhTOl!J^tIn=l;jLgE{`Us?oLu-XB}k@!?Y4=;ve2e?8aj&v8co
zfBwe@zAp0t+`pNQKO=NM?rePA|D25fthB=MKT=xJQiKxopf!zDjPeEGCnVD&>o6I=
zP#XL3gDGBoEa^Mv<3{Fp^0$6ur)(Szj_*y`NVn02$r$9?lCGO?R)SE49G&VSzYVfT
zonmi8{h6{BYFh}L&#uolaIOmT_8Rpc!+RM{HGJNf`uMv>j@c+>1X{0rV|=_<C8H#S
z;Fcly%B^s5{`+~K>Ip^o3*XyQEc$~(DNIo@fdv)bN8w>UH@hb$UcAh4pXj<?y|GM=
zN-bis5vR9c?Gt>TS|glQ>3v?q;S}6K!F8B+AjofeNV8&4iJ2pw?HcmHra0xD25+}s
zZhWngpY9h*S&67s`EV%(q_mQ6I0=HPM=!T9E-$hWMSD4Q616|Uz3w6mdA-RHb;y*-
zxEm-R({`v}T`$N=5N_TxD5Oe~KqRsy|K;>e|ECkVGjdX;kf%vFzRXIhk!j4vXCa<g
zFX@gi`pM1k7(eXjMva7D=cwToh@pgk)#ld9VizD+uxLIKndD+$Q<XVX)ssYQ_bg0I
zC?Yt^unB84Otis4L*;);%XdL+%i8b>A5LHF?qS{JQ#)I!dFry}ktoUBGSQro2x%Ym
z!1P}8-Z#^C&tkYuWBA3!<l(Glr8$M3<xB|_t+4lD?7hguoY^x<rC_AFj(jpaQ`odZ
zd$dD4J}CRD_`NTDd6_^1>p;)iq3y%xXRsKhPv=<vSr5QTeB2N0j%$2JD8hmYm+QI~
zAFUFM7}O#eerkTTXxA05yhP%PTlH)jQ)I8>x)twTwM1~s(D30&bsTQ|-ugru^&lO=
zY*NQ+)G3pfqG>v+85IyERCv-_4Et;lVVXmn7WeFnf_b5<jr*5V+qXvKiMbb8b-1#r
zxhFD6Fy5oU{=)*|&9h#g$LG@hND7mANCo!ghS;KYXBpuFv)n2=UnyP$G{<n`cS>+K
zF;UvZ&8$;d_~gvFYRm;Z3TpZhPtPA8-+&gjAf-<GA#OZAK@Pny1H$fuaLVOo{>V<|
zdk{L%c~A_cF|d);fW(B-BgPkT2CzBSzfD#b&pSwFdz3t>f37R@-gF-FwNBn`#%35v
zkjk7S{6Hvz#94MLgUQighnVE;2cfiNeb1f*3WiCNIG1-{pU$1U<bL}SQ#{z6M$e$k
z30n3%XJ?3_KI(gX(Kp?Xf;{D%Sd3pjPw!xD$IjxvoHeSp4B;No>f~LqS@<Safn7fI
z$<irsN7evoA5%J*b|QH`T86jP?y<vnZ_4k<y?w(ARp~gmvsLBHEdm<f>rhzy1kfCo
z2PS@oVtl-|i8n*v{dgYT>%Gh?%a-JsTKmBy>V3JVdV`nU<8rZ0eo=Vo25O6muUw9t
zkIMb&pDMXpKi}kj#8a(7Tyzj<$6Tu*Dz0j%p<Opmk?A-SGhgtSMGTHO0mG7N$=Q^r
z(+wH(^J1<RT$_`9y313nQA;)`%Z{bZc|H+*0dwp}W+^mij8_%{ezJCrz%C~f1l?uU
z3#JSA;<i$+I%>I~S(i0lD&v#T?-f!BwXYYB92)t|uS?=NjyWV<5!)u^L=o!9y`4Ez
z4xY<qJWN`(G1f3~dtS;(m8O}2J<Jc~8&ull8x|sZwDYvj{WPh;p=|atZqH~qCeHld
z`NV&y+pw`e{}-qDpXF^h{)h55<#;?;^XJ;0F`NaY?z1VnRP(Khc<#aX@>A50vR{zT
z99;9cfB*fY7a_(Hc2%|QrliT`<-S<J8cXbzxTB^DmDPW|4!_rO%hBYwETp)zwXxlT
z%N&<ex9!S{wrav<lp*-hVY}sY^27voXC4uO>2vG;_CMrp)}ZGn=bOBqly0f#P)pOq
z<339@lnvYo1zx3JH)ltt^(_jlOUjisIYY(f6>a)ep^gfMx!xY{GjF{V_b#op<ETio
zXJW&`H`+cIjUazZ6exCk-S`Ac=~Z#Qji|9cGkxjxHs%Em>w_-e*Oi3iTPw+EA-O?`
zzB&4Rx)1K9Zl1R*2yK&kasBpxGRmpHzKKq3P^ciZ9`vN^nf1fpI~_~6)?;tUEMi-~
z6&FzIX2={+3f3Sxo-pYrKyvrCRkiR;-atB@`t%KxtIC9;by=k-ITA(wv_YRkpssqY
zc@=*tDq3KICHjChGHlsQ>`|T#{nC>_ug@|W^{rd4r}~j7Yr8X4iY&t4dWJQ^G?JHa
zh)X%ML&&{sM8C)-(d1;s_KuZQ+Aw%JFn{iBR^o!Z5_^=Db8_=E=y|rR%d698<2zPy
zY)mwKTE|4kvz8-YXVZz~jOX@>eroH0eI+j}wIXYi_!I4)uK8T@h8{}8NswFK3O$&g
zsI(mpq=L}h43s|8_|;vLKdgh7Q=iV|T2$eJ1ypM0M$(MX<{ykUp^{@KsUpGcyj9lG
zc*c%yZsqEF{ZmLGPI1$t(KM~-Lv;`g<xBEV&wKavxBDaPxeMx<mwQa?6O|l=M5WAg
zOpVO75K7)R`LvcJ)%$3f+h4a^$7|A&otKkURjk!XiqQSqsaS@(tL$mWpJawUs*Y9B
z9e%7?@|9y1^=!ad3YCXi)>bA?a$R0OKGRWBcZ8>NIkbu+=dhbm#NL(U3)qhF;{m6c
z#~-m8A}hv+a&nB`rS+p?vo8>H^y{+-8Yd>yzs45rM9ol0tM$-Rxt6n586uyw*(Nf*
zh-Jhn-ti>fF169=@tqq+6J*S3OtM3-UT>-v8*#S5s5V%@M|OWj^L3Io<VE{Sp6PdF
z1mD>jD4$)IPN`TQ>r0|hWfAz|!-gE~L#rd<ztFkOy9yg%6O`ufxl43Ha*h2RRs`ei
z<@0om+?{G@5Wl>fhmpQou0@@TLeszTA<Afvt7(g{`fLwrbiIQ+sy_R7$07e&$M+zJ
zkL{mwRviBTs^ENtzvZkr|ER|NH*!|HT79v^l2}dOv{z@x^EfCyiZ#d6K4Ui%)pWu+
zJwy}ZAon@kKc;jp{+RN130~z@J<PD{ijtl3J<YMj^>^Ntk1M9mr`#6Y6x5J|yA7in
zGQ+pRJnTo8H{aLiO49}>+;I?(c&E}o_t<FpDHiXZ?@pAi<C4wzxXk;+a@U*l>M2d>
z`?FOnN{YAfZw#GI#1Trzo;SEUErk4z{m~`*W9@h0_Vw<r+w}wQ<{6Eqr)#FZGPJak
z^p@MXmzOr)zvtDtG5v|KrFnO9BE!PZ+pxU#*fY8GHq^E0728DTv}K31dAm6flox#N
z%JNL9md%b4x))v-34hIq=VdQyOA!;(f=??^qzS+lb7vR}^7(N)k8b^xRzBEJ^Om^>
zjqLFv!*4s(9G!qlxkA5HJ^^8S98@YZOC9<;>B7gdQ;p<2y7M!Yjh+{$dBoSouh@_!
zQTQk%cq#YrzNz9iS{O+qlQ_#%&qR+Zb5Zl)<vd@sB`t{|BE_;)!_mT&P^41dqdDWI
zmh~l%wwjz&HyL<Ku)0!dK}0M1MY^Jc`bD~dCS6zMWFRH~R&+)+e>ww_ypYnOa=Jv)
zhkkmQ*dHtEj~pH*ftz4W4V9Zp5!NNo0Vkk|W)110;qAtmK9l7^Nz~U2HhxS3A56hw
za+&uaw#Yf=H3Oe|-`8nG6>|KxM-Rx*x}8T|)J6l}5lcO?fu6Y&P(M!p^m@;EiTd@d
z>V<iaUYtiME7sfPrx;WxRfr1Q$9!~R@L_K~q$eG!iDrSoA{9bpDG{wJfycKkWTfG`
zdPI2YHzk&^)=lea3jU;V(m0Z_&NW9V-99)qnh1NG+FsX0!WT_gQ5A-zG?|9OH0y>(
zG!+X3(pytn1-LIZhP^n;j!7a#He!=K2NELQ_R=@jO<l2y_x16KmDh}XjnGk&O2`<M
z<Av5oe!7WQHj+HiBE;Tb6ALzQrC?puky=~cJ8ytFX_~yl`O<LUyPw$X_@az`RN!Oy
zEbaO-R`*wLDn?9O{rm=*_gfRk(UBP5y9Qe(ev0o&&s?)}gt>%aH5>y2X)FrcnFi<F
zx$?Fa7NwzA!g@S*fk+&;RhN&y5uf?hF<@aRCm=|3n~a&pFP|;-KXMFx+KT<2L66vu
zF5PK?_6xeXDu4PL^|K$pbKXZ+e|f^ijulkHLfm8Al(73w@EP{cLqmoO%fcIW?BIr|
zbqRA>cgw`@DyQ()-#1heVv<mCY&nE@o2tzlb4vL8wxf~6#$!dq(tnERJFxG#Mk^A9
z_2D%{SLDf9&XaZ!cFV`0|AIr!xz@!dnt@j(Iy;nl_F-;Er5#R!5#_lP53Y+wCm|_&
zP(b3l?UIm5hRLbtSjyGkmzrrqGD)2y2dV^ggyT7iSDrrnCRx5Bh&w4wAifkrC7QE$
z-L_H-vq4`g`9i{;OB&><E5~gxR2!%DWZM8cYq}1TI!}*TiJ7N-5_@O#HCOe-*|o7d
zWzz3rE=E_K6v|NSI9OIlCibvp+RKdiH<NXxhQ!zmkp)JU5@_~iq&?o`J;}YQ?xy+$
zogx@zdIM$(8CHRY?QLBH9Y0xoe4iStIP({@Asu7>)Y^;vH}L0=m-~|vvOoW4g3ihQ
zpVT)w@6*KpUVRg|Ly!}G)84c*Hc!A~K(^-mc^G=JUJFNtmW9LmxBwT3`!#2M)qQ%%
zYmH`m61kmw!RYC{nCfrf*oHLBf`6DY(*-oiZ+0h+ZX>R}DYX3;o0+m()Lei<BtSoI
z`)#DtpH5q*Y%lA5{Kj3D!_v-EB@<!j>%3lHms$Ml3o9n?6T$|cTSpYU3m+@6T_JOy
zKI7q_xR8Hi<4Z%sl$vn5S-k{;<jPcQr80`VzNmWP@_~uP^1h~v9!;0z4$*WkjmEfG
z9Umpnl-1WWj=l2~t-5mdijg6~g_0CbEiHzL*|Hi@>n`DM(lDOmL-}&NDNkklF}%(v
z0?5q~!4}rP#r<G%YF-4&A!n^)W{v`ocQzIB%o2%amK7RO7Wm}HFSjqdf%<0Nz51qD
zjBG@+xz!U%g=*uow;&;;J@y<RH$!7I-qHG^Ty*`M0cAoIzGOEkrt6g$VzSL34^eo%
zbPgvXgOF}|ugDYSA><fc%aI88-W9616m6e=N>NcGWr_VVBP<txka{3YE?v=9Kr^W5
zI^=6$%Qej+b0X_?uk9D1aIftroNGd@6%oU)b_hq(gXS-34iC>>7v=P&X>lMNQczd>
zxLLNEwP2Sp2~SUlurfnkuOIfoy%uxid%8X*pY@9$-^7uNNixrQd@IY4JjcE@k}VUw
z>nL>}g@vySaS(43ebPi~O-c8Uc^LHRQ}}gk!GcKVZM$y#$my2^o;UUQGw1Qz5A;Ui
zrkC@}aSM!vL}#@AsP{cNYx6Z&V2(rSNqB`=jG)bFs*vzv%5}1p<NfB^TjfXn98ZNg
zv~iH5^D5^eeicfnFgDRqDxcmyrPOvK7HPRlN43pid{IsLV|ykz2FFm<Mu=8%HozDe
zg42bFqgJz|QaooD#QL#A3WbZ>$+ou_e~@q&$a_-SdptF*rx*&Agf>zZ48c)l1gJSY
z5NCirQJll-6R`ga5wTV&ecplBZp&j|u3CMasrm(7!gH|`gD;Vv2CmrU_k(-+zK_IK
z3r-r?=s><NxsAJn5%QOOU-sYfeVRbNZvg00H&Bi_G|j-E`qt#h7C^p_;_Lq+-?#D)
z`94D+-**p*GzX33f^ANd-%HUq3n1_}{w3e1EBvlrJtD%+uqL5Ufw=mEFIHPuMb}T3
z+nT38#v<(1U)Ss*^)SOF{5u!$j{*=7p8Aif5a&PAqW{T(QU6k+<KX4~e>pIUlk47z
zp!^$9#VQW9gF34_nwVLzN?5qtm|6UbfFI|5Hm3H!3ivf4YvA<-RTyz>H1X{Z4SI3x
zH(y)sZQnI*EYwvL8Z9m`nPaPps^H-}^%(rX??Mn2m2?tU=_Jwqab7+D&B6ZM-TvHn
z5ntOKyXcPf8M$KVm;RER#D_P&beMF{7=Z*AJNt4}Z}0NC=FM%*!hWf3b(0T#<L`%m
z+TX#+@3#EhN-hz7G>7i|wGXeGRJj{{;Tvr)v`$aPaY1=Bm>0PS;ZetT)(8EEn$>d)
zT)qbHDewQT0hs3pzf0b=q(VhBF_pCoL+-1oZ*V<EY^S1Kxb^Reo#0)%B^qN<$T{Wr
z^h7K%Mh;WN;!^c{7F>Kkn(rSy2VL>SKds&A(ZBTFxK93bldaMJkGza=A+<659v!ix
z)@g-PPA$Z8FpUkm*t|QQA5}^Dqt+=mJ2)dFBZ`nU_9<8Y%Y;<)2#}eQ3iS5(Zvifx
z&GO4yM-vm1r4OR7HCo(UTpFC$P@MY)22jcLfG)|^>2_ZdUFv!`IXnB&XtsETVN?Ie
zi2upv*gLLQTi+^-`gxHl@^VIt)eHIEw&=x6v?~^X*j$Nb=^W(EbTb?5WRprdb|$?9
zrL)p%gx`IK-e3QdF&sM`Ep7M9L)6750-lbpt|!6BxWk!(QE@KogHBpEN+#E5yAuV9
z>c30CgUC4Q>OOUrO$+E~<-wYI|H4CK;1b+P$eW1V;IJ?=-}!ns46@;l4l}TiFnkrL
z+db3zn8x*Lx<E0VJ%-b6X7q5vksD~p)z#IND<M$i;o#umak}r!Bv46DmmBB>Ym{oC
zqZ2<A7Z=}+QGB(i^Tk}2<_sMQg_?(q^NivFxx2}TFs$aKy*(D8976xSAAD7;`F0KO
z2lC}pnJ&BMs$Y=_`|Tv>K3;r4e?x0T@g1<mOHa_7K2wBp@cPthmTDoZt8FQYh=|C^
zMRqvZiUP?eFz_2&8o+w!tbZC4Qb|Q0oSvSZoJfoil8q%un3+R0bg#R?o1T4!R#}g=
zck*P!MnD4?)C<Tv;c6yh!MN)k#rR&Iy%+XhV2}=k3i#jNfE&Sjf}0Q!NUn@Q!k>2%
zGmb?}tgoWt__H-|Tsof%Ogpf{aQ6>mVP<G#LIRA8D9?UhpL_f?iCiFRKKu@C8A|72
z<>o#++x@=jv65?zvOQURe6%M2`eD^DY$dHVkwzYfI)%oJv8IsqoNrB`P8GDY+<mqG
z-YJ2AeLw5!g-RwXgM)(x4eou)BMq*<DBCN)e8C_UnE7HM&zA{!kfG?1y_wJOMoS_<
zX(^SXN6mK4>^+|g;?m5kj!<-&=%Z&z<{vJ_gVrivzci^#OMCKhK%980L{qQP^AN~n
zEwuRi-`)QHHBmUAWGzU;zTV7cGfo}MX*((7)A@F9q3Hz`)ynSonlMZ<Eh!u#A}?US
zH#a`Sl$4aq;6u66anlfAe72Kc6VhII8Ao)-a0z5D+|l?Bwx&woJk!3qxIiQ3#Ufi%
z2=MGp5J7gdwt&Mr=6T9#{mErxm<PJ>lYNPiD&dHwH@MDagR<CTf1#_nzv4t{(erQ_
zAu*<?JC3YEVDvQ-CKmp%(iu9QumwYxz4PgoCh_4?N0{}8wT^5%G!p)k^`Z3I<csf>
zR?3G{lf~+vy}y+k3{`|DvYB-ovr^+D>$UhbWo2bOmagh;1@;$iCvl5O#4h0zA|H`9
z_M&x4Sy{O!MBFLS<5BH<=zM+12|2Ecak3>%bNiB`fl9e!0dGiqyBJ^CntEmOb9oP-
zLa756)2>5RltMzv;~ok9&@~H2a(lW=uiDlP7<An=5guN!9O;m&I29$9o?)Fcf;|ei
z6m?Myg*?nmG2B`?OUU<Z=jCL+latfqozZM~UE3-r-X6c-SJ@_tGBQ{jv5v07NN7)<
zdmj8mC1ep{784U&^&IV_LL|n+uZStOUu+gESq4gyOV2ntdFgZT(VJ}90oRz#wDYk<
ztO&6TXFqMT(`qj^F$*7G9T->OEWp>_2*1UlS#J(B|4@gG7(zfs5O@+C5>jpd-Tm@t
z&AKHxG22O6KA1)L3!#?F?TuHbSrk;KA1R!2PMZ1&1ULsUHu$k&k9cgxAAM%lt$O^{
zm^~HeW$^r%L*&DNGwixx`1v{)q%wj22fBhgQEq(7j!eC1)K+al2!Vlt{WHN(<F(ER
z+>tEduz?6irwFHc=1Zvt_uY8>=R}VmuwdCCZBSw$iMC6x3M-wh_9fBB&{tic1R@|H
zOhcdbim0lNjpxgQ5wp(Q1&ece^8mdTT}aGWh3Q+FUf3f}=z_k{GNe|)#>OTF!qeT%
zYeXLwjw^{kCLK#0(I{CLluPM%s3|9h;;vt5iOx>O7y2DVoA|QMeOK2rq}L=FX&YI+
zX#n&BQLG(C50Do{Ua2*~+<KOszyzmKdwf^zTKcZ^o<AbadOdkWUFCPqa+!8TCh-^3
zE)>q{tHgII(Kx-t!hXb><(H%AIg--Kx8b$~_UB;vuXzS{JXWbD6@;B66-#Psq`;|^
zYB6if6@4$G7C)(eGoqf{Owp`4Orof$D4Ee7^>HIT`T!kRWtDGRTiY}3atSoBoN*U(
z;-Z@?kNBSI5>!p<h<XQy8Y;QuO2ycnpvzwdOrv|ZohYb<hoUW|WEQq6kB+4Xw-b>Y
z$T5p9h+%Z`A3a*k`K28rcZU8LGnUt)AFs*D5x#*6r^(6rO9}KtzEsuvQ9wsq*jk)*
zg(`1$h>oz&#dEo2TlQ7Ezzq70T=!q&lEWq!h&k=t%g>6iaUP(Lre1{FVLw=g<HL3m
zOLuxPU?j@-iE7Uw*^$0Kg;`IdQu0!u3)Zf&&klI^kLFUFeXrX&b8>UXluRso<0+gy
zMp!bIAuYF8r8oAKmP3G|v78$L{U9F#U1Y$@{e3^Am;KcI*+o@jPTaB&whXHRit^tC
zdY|ox?(4-OMI^U~og1a#$`|81<v3^;pp&Uy>dA%PsyBZ&@5AXt){JkF#3Wo?hWWBD
znkVmf1Z{t-c$UT9suRzh#F<+bXlX3@R?<;G&!<C9XtGFk1-NSv@*r%c!JE>kJ4Z3{
zsVt&*$&hF=VbTU*@)E1aoU&Y`P3=4<-2*Y5<gy?D%#a}F)a*d49i7yAVo5p}o=Hb4
zu)qaq-X0CG!pz<>(9^3p*gdo(J6zdQM+6E;wg6eca-qf^Yuc<v&A<#}nmd7VPX>ek
zoA~$uEZ~j9!ykYA8T-6W)N!|So4a;fvr_UGWE$7fFBMxXoQ51y#A)8sDm|HV5nj+A
z_|{qJ9G$beU#Teq3KaL?hJtOY)-$o5JPF4-{sss9Y`_6BE-gL0cA0L7r7Bk@2qa*E
z_P}hrJ|`w74&que5M3!>b_4gh*z8;SV_{?jb8$G0twT;u0fWLPS3C^ES~OGG-*2fM
zAzvrw^zK(-7E}Jqx02jfp>KRfAsbL)e%Hs$46soE5wM0n8#Etoj^$?g-@dF9)zH9m
z$3#Wt7{SF&ZpOyJ2^tWz8YZUJiyghXK|kCkjvv3c@Wi(E<K6rL0MX}%Wbx|xk)FxZ
zC7RDHeuCu-_}^TMBK=)yuj`=X36DjCx}G&1DNxfamx2IUVi`5g^O0`wW)I*(`49Z;
zUZIr2dQKm{t93WC0hL{!XDxlDosG07XJ=A1u7}HAw0e<3yd|y{<otOl-8^=Of7X@}
z5WnSCPRlpnw1+IJV5~%mqD>v5Z#Prux}QuW^aA<VzQs&F7pd8I1CNog;t(InEn<yO
zY4`$j>HT?>oz0W1FjwW_15a1}L*!&{?GPQ}D-QLUAdr=;WLcNoEV~MQ@V3!vgj64o
z&29F^vBIcDN_0FmTEfIkJ_5VrF}+=XYbvXe?$gCjT|BU}orpJ^o7Tr25m{^z;o&Mn
z1jmQy^2oV>=wgTDK34te+fy!EdU(|ciciF`&<sIuE!U5amQ}xO{zM&ZjcD_ldWY4J
ziweEXWSx8II=dRDQV|^;4J^8}8#wXJ7+mB|tfrf?8^h3i^Ke<he#1}WJQBy*J`zD%
zh>GTpjt6wdirwbTMV>@jw-IBLV3XXVi>s?hS0S$>iA%eOER5GuDk|~pI8BGu7GAet
z_EnBH$EXe)5ydQ=72l*?AO>>?3mfra<GlsCitwKuQlTFLhX)5GZhI-RPSAb(ex`Z;
z2<XTr?=w2x9D_HCdBP^<Bk?)GDxw!4N=M+_R7Q2HZI?Eeu_Hu&5Sn`Q_`r`*DuI1Y
zJag|Cc%M<dcyZlB=AYcLHXdF|E_L>38dnPB1hpt-zGh(I75z3fGb3cyr7jo&Xa!UA
zFbDy4v_)!>V7Im?O!JkP4-*rUfad}El?MQ5(wdFVYjRDW!(#c*QjPqGo*Rp3XiNeC
zq5_F}8IEy{xGbUW2?9*Ec-XRzwN_`Y%d<Y9veUNr{i}UcR1|LR3GII2hw83h${D=a
z#X%7AAz=NVXco-}7nMabyu7?j)o8xp?FyZc1Fb~?0kDZ{mNz5((Zc`|CxYG_0PGj)
z-Q>^Eo18M>ydJ9B%zmMnqut5(5tig4<9FSB5GeXM@m+Fqa1_1wFaUKG`gK9Emq4Ob
zaU8k~ag-;193i^eJIJi}^+`1AMbUZ$GHr7<k5HD{dNj>q+H;eKuyYyvC<0~xbAn}T
zr#~`agxNbvI=V^45`!2oPpuG(<@L;O=oBC{`X=CX=bC-J9UNG`B0qjS3R$FKU}V(&
zVvf9naFmjn>34Z#kqsAni8!sQ(OHX9{&ephE}c^NtRk#Sk4{B8ndb-ZvVrp<Y#5Kq
zv}j1KeG|xTYiCzOe^TkP^tOV0K;rxEuU`?QvnxGuV;9S;TgpomDYosv#Z_5YAB`53
z88m455m4QcOKE9MgW+C9n#Q;eUAPcGELy^*!|^#<l|6KhJT?ERKdQ4L(b<83yC@Rp
z29`5`PjCGF#V_T_!OeX^Ra^iNQKA_E5m9XG12IS!#I>Fk8j1)Tw)n-kv>`6T1@1sV
z9Oa$J$RN%mwkMurTHA*ft-}u^46!JYEm;R;dmWuwUtq<WWy^ATp?7uy4^Qz>KcNP?
zNZGdD(qfVdO*8J}2?`2w-(O(%izF_mzmtea%Zx-#PDlv+DDrH7d%H9mYvZA|DCHsZ
z@KtvV<P*jrOPR>+Thv;VPKC>BNbF_k0xujql32#F;LF22*$24+hRdZu`BW*LTQQj?
z4~aH<b!lrr_=zcl$$eH)`tvUAw}Q&>BKgB@m^i>B5u-dpxSNpm`xH2D@B`F`c9dr@
z8+Zqqx1#?yv*Z6F^`5-nBmI~GSKnUn{y)Wo|5sA=|Keu;?|yggjY`+Vbt!?M|03N>
z!b+LcPntZZMGkFTzgVZu2q=gbO(EKJNj|Z)4GrEf7|hEHWUxcuzkl!PLGu3`ixs@0
zr%e~{Q}D@Li+mHpvJtlB=Z^s?i2{cLgfI{Ea{2$l)9dP4oI<91LxzcosWC6~HIVsb
zQ_`0}no3HsMMnx@jnc#YrtWRatm-Mw<blShyGj48^XjeID{7gwN4_0krGMASde&w*
z^KGh+?hQf8U?i$<2aSf)`IT9XYW+(qVz!vLvK2DKp{wDF=2GQw4bo8;*N;Lx#ow{x
zN|i%27<Jg6@t?$e+3;QznGc@N=R#jgtUXR|wJaB6R$Fp%alut?eJ@#UJB3wPsvM=^
z3Eqx$62ra@Z6k3lF3eznn7;Ks6c)d(zgm?+D6pL>87><~2*+h>xc@zrrgB_lkzW2b
zcb?o}4u4}HRA;>WHs3e7R5?LI=EwZJys(-*a_8VItdk8~7#Cc4B^|NM?U>bu23*+x
zS9++uzHd%mP@rL^yJo%q=So)Doe-MJMA1chNb@nYDBVj<Zx(A{FiCiF8G+{O^7?v#
z+Zz_`opK><wFKk7k3OS3{Q-=bQ*KFTsUddZG)~(19<16~oW)P956yqzfMnU_^j9JZ
zyu9Vw>t<ENo48x`0VVEe)Y#3fBwG9jfKJX{I*xDy_sA5L>FpbwtI+A2pDPvV-r3Q<
z@X|Ngy6D<j{0#faL!Q+*u?Dz$;2V=id8!I_ka#+e!ZMM|h1}H28LnCK0!U;{Nm2&;
zQGCVK^*L%OQeIl|c8Y#fIWv%fdy&}54=#>>6<Xjk#<jrp#YF#h(krc$BOqBFoNA%3
zmXCVzdb|?{yyppc&t~_{Ca1p+jOz5qfQ^;W+-G1$<--ruls^CVe`O12ghZYKZle?2
zhByq}eL=FYSL#k&IdcQ=30f$L2gmM=(?S=cp-}lSq8jPvSH1kayu36tG*j#V@ZR3u
zewFSGd}WGEC!}CAS7if2&CXm1jk@|KWbV+SR4AVZ{m%ZJrLp(54IaT#oXHWCb!U#m
z#?g&C-Z`wHp~2vdBXH1G{*geNyJ2~CUk2A@hxzSvL~Lv(*DI}bZhIZ}0pt_(UHaX0
zhEk|~{d)=pv#r@wQ=i=Lx6<yC?PSa3>oYIzgarg{lA6cr-Clu<G(6}e_LjE<MXoR%
zT0TA^8r*&p?IrWRNsOyd_svjNk5SGP{VdmY$vtly33&g8eQ(#Rm$7ZV=aBswLd`)j
zZ7X;NkD2T6ABj*PCJ-DP98D@X2e<h1wX<n#6AcF~?RpX|8Y0@0*2I^jAE4G@EGDJ!
zU&ie3a(iCxhZr;tG9S#tpz|>`%VwepqBWcKzSyysV^gyt{Ul0<=)F>)XmYswv+eaS
zNGAjD^Ouv~*u_K9MEi)j?R19TalK?8fCtYzs>o-T3h{KP_dc>Y<VCDaO}Oi-|DLNP
zkSgxb)K{ZtTtMvpXAGO}-ilpF>Feu*R03#g=O@SX_R92R7Ludi&)1&gj(-8C{alsP
zO85Fw6YMlHCZ<}RTZf%1q&XYkVXyu&)t>P6A>Bk28rcQ2pmxo&Wu*Zo3SRd2T^OGv
z(=qF>?icKXYL_YXo#CKj(p2%_@#5ypXR2uce$q2C>?k1^7l`8l$+i3(GJNfUiO2x8
zy?OWUDG7=Feyo;UK`A6oE~<94TuE|Gf@h_6x6I^t9+Rbc5ZCbYxnY4r-|3x>$BPw%
z>~>K!2CE%!K1tp9&_g}_h3V9=u4*@%OStNKvlU3uRES16My?t+F=X)r6pIEUc@X52
zIXXEPifPX&#@XGQa@r5kcd-cPrizO)HfeXh)+l~#I$bEj9dSdg_?0qWd&<3dz&3wA
zd+r=rr7*L*Wk<e-(c>dtOicTwZG)kcVMdRAXds&rWH=UmOqlm8fyX(f<Ne`p%r9t`
zK4$v^3_8GW?gw1jW<5%bPb%iAg<-x+Gd+XgS;`=I=on%?oGwt^<8Ec=vYj;k`yzyb
z-$WO6oWvh@HzU35$uuWy$xyQ%W&ZM_<W9)3ptLeD`30!j?UYP;pKhJ@v6z=?mF+|(
zwK$6mey%aUdh&*fg{2&To3p*%#Q%r6w~ng%{n~_8x;qbD5&|M|C;@3fB%~xnKtk$p
z5Trr68>Eqxkd~4-bc=LI9ZBi#oSX0STk}5enrE$d=9zhC<}d23!})wZ_r33HU)Qzw
zetiNy)e<jlw(=6B`RU*|_vd-9Yq$1vxkRI~hW!bjf@t)Aty`|h<IPEWFwz6HKeO%h
z__&(u<xMCvU-yq@-VMq}$<xn}L-^}ohVu=bI-ull^gpgt+pVYs(RY*bzSsG7cGe&Y
zQFQIlx;@Zu(YY7Q3W6-(5uOTs>tS<R4U3JF6MD1*_ASmsjxXSZGFgM99LP<&P+W9<
z5heI=_qWiXpdcJ;Cz`o&Dycq>e?=h8{r$;-n*l)t-{ls;__aa${oJd?A|Gq~*Cd<Z
zZM4@QdWRtR@$5(N)^{~rj6MI+HGkW={%9(IWx}|(xcDwYh9*WCN(yYGnRSJ5(!IHh
zlk@N`q*groN5&9t@Fq%Y5VIEWDY#6Lf2_+p$op<yix>&9)PP;ekp+uKv(s`i75bbG
z3%@2(a6A@?3w`z)f#1@5+wl=xB0V_I7BId{pWL{+VI&qR2&=?T$^8yD{Lq*(g`;fF
z3PQcP2g%fni`~7HzOE}}<b?Ik1_>(}E))taL1Ic>X?=6}88L<NZ!i5Ue1r41hC8k1
z84YOd6tmh6Uj#Qk0qa7Z>d?tv!El4)Z-3Wp*zND4+Hb0nns0~tM@`PC;gz?FO5j|{
z^FgSec<kz{Lf?PkH)DoRI{OS5c<SZ0Ev>Gu&W6%fFuv6JLSDEBt{ER7gsjkpN&1G)
zO%2t=2?20c4hHvL6kR1#FA9L8K<RdfhHq~&F8BkujcY?tgC2r$tDDk6*|}MqNEN(s
zxxq^zhN<y~&p01uWMo8+Zx;`S+(8cm@W%O}QMX2-og4C{72^VnlQ$wZYo~%J2I=-1
z=Wu7|+G`8Ka@Nfc8baXZvTKl)AkK_=qw2NuONrk4B)JjE$}eu3l{i<OZa<j-rm<Pt
zco#cJq`AAM10YY<2D$3UKE)>HGvSBlBs#6JuYJJ22J(-r^<B~+jX6wx@z0E&szAh@
z^g~#32W|h){n@e`(2scXp`oE~n%t@_1~b6^{~@YQZ#hx?8{{>h_biajKJLr{ns<4F
zRLcvD5wJ*n?0Inn{`mPD6XV{=$xA@xVP9Wg8>W-LVpB;Ga67Wp$<Jm|FVU+8?+N1A
z{Yl5Zc#fEu7zqi9(wFfPAeQj)4Y#+qSIogDdrpVJKpfD&o|%aW@VX1Lvc&l^U>`3)
zz!6C;>2(E|e{38aK*+A_aj!nEBLQtuUOa%qB-~GM$*bPB`Z{e+n3<UYBIOqc9|;#G
zGB_#<23T=0Y9}9Xn5JF0l9J6&UZPJkR7rqb@YS`@qer+QX(AuY!K8)>4k~{07vOxc
zMP?w3De4A>$(O8{zFZz}LS6RW#@8CR2PSwb0ZLjedpSyxV7a@$zrO;oyHb;4AGd-J
zNN8#CHl;lE8$R0pWl6L|@sttshxIt00(yME0<bD(Y2j5>Re+REMwKRurkp)qWUd#t
zv$J~{lC1metn1T#l#Xuj+9gx)N&AGU?lQMhR^%tT92NQ}?=bcJff#0$i0ka^EI<Md
zPN@|?oVh$@3K3LvK-V5us$y;FtwY##>MroR**tPUG<CrAkhjz-)Oaosh{&R4LsVFe
zb9&g!)NoIDdV1E{{EkgXNXW=Q*!+I7a1J(w^+a*+uU}pu%>)7sxW}D%0Zk`6b6iZn
z5uRcaq1*aZmT*uX0^+#)=}vFL<20b4Tm~=yOy&pN1G2&tW05Gz>DL!Y-ux2l$x_VL
z9ZR?P_u49yOtKHWF4prw4;LV(v}qAqa+sTdj20}Z<Pj*C0+o`K6imlnY7XFn+*>s@
zLezUs$9oIyON)yg0bN>wxWRaD%Y$>lx$d^qBKPjyGEiM!X=t>yx638qm$keJCf~2J
z8pqCiP|@2y%r-6|B+pRuek2!5J6igjtC-ofu(0s?^XGsO(xJnD+c`6%fBa~uD@2<h
z|C3CPIwmHjR5ictw15Z|)3vt4J)eq-3ZOpa!KQ+HPW=5*$6@eoHT(q_yCUE;0Md_j
zUY~1#KB3aV_U`-x3B@ZF`)R+}5mGk+I`NyNX;(L9{q@~IV+_8JRt;90y1F`{GCXSl
z=dluXC@NE{mV7ITk0K<LO5;f<CX*)H{4DgI62$|!aPj5kWzM49`{yrT?#$GdDVF33
zYYqBZ-v4I>g;NV+pFWvh1A<s86c%di4+JcP*EMx5W1lM+T?ItV2Z=m}q1%6fz5p~j
zpm><f0p^}g3YUWS%@)wI>_|`-CE9E;F+M$JAcTtPF$vg5hXOgPC&Z!X-US6FMUDMJ
zTR^KHMwtD$f9qXilb|AwM~}9EW;=E7v@9<vgv=kt09*K6w+k}-AahO4V?2lusZo||
zr%_d>C1RM2EaOuRU2>EtD9H<_<a@9%5YB+^$Vn6|^x#;el*pjgtp78+I6LPQ+U6?1
zz{TlqRIDF0B^nu;%i2&DlK~5XlW_b!vg)-b%v6eR0Iiip&(1GQH2$5igpxQg+t<+q
z&BFhzBGFPX8aKW`b@kq~n1KEf9^{!e*UAJcDOpuHV69~M6oq`18A?fa91T*UqX`#W
z0N)(^m!eL7$n<rrRzHN39{!q<xZsp9Dk_TLL~gw^fIQETr)4pFiJe_%O1G|behpoB
zce0GWibM`)v+twQIMm(|m8p<jD41q3^t+U(dWPJ!ImgTK?+kiUAR@UU3jTm)YJv)>
z=8^c7%&%Zm19)zMHC><R7J69*POVLZPXiWLUA3I>3-hI}hyqc<yUPXeUxW&SfKJnM
z!)F7{`Fc1<0S6nqoTA848LJ%$Hcp6?N0_bbra9OpSSudtpTraM*Rz#mJJ~O^3m(f2
zgnXspDyZlbIv7ROLQ0uMlKoK3Jjnq3mv%X;wy&Sxih{XGVBq;7DJfRfvx2Lq;7L^N
znz%8>206I|H&zIz_0kaB-PxpB(ah$MC<Fq*1YQ2i0oFcu;&c3HRVF$<DTaY&;z|5z
z4hih^mTj0rp4!jog#&c82Skyvk1dB7xK?bprYhJJ{OdTs<oBTI#&fwcVVFn_eC36s
z5b>nRp0iBX!&-FXog;#=7mKL#^Zs?m79c?Vl-sQ=D8NK8a(ay23ykXR?Ja!$olP5X
zh0G_{xv=0?LRQP`iu-mOVDO!XKVz`oMV$6MWgmw-;#bi4BFYnGpP5E0j+>8!L>4Cu
z-O%xHxG<jnYffm!HDCDy(t9iJOcS0m;`h~kZwlw9c7mV#u}5e3mM=qw#(tY)(zn1@
zn6YI~U(?;Ibs%Re(FG^NK9T1O5@b0SM$f}St#9O&FP-S>*f|fX{f<I$j2-e8K^T&Q
zp5nRqTDki1n8?xbCR8j#>el)k0+>Sw;_Vn>^B=vR_>$k^lVBzv4~_pgF3deAD2oHq
z!mPArMz*`mYAs@0Y(m8f2Il2Bul}T}z?X~hWR{e?lc1RlP9k!1S&Ea!P98W)!<|jb
z0K>V)t$Tli>4>IN)U8sDbS*m1e;Aq;;BXU|)X3QNtu>la26z(8pGbZOO3jqKmqEY*
zv!1?Y$&@Z?AA*RGkYU<#Tn1`6bdMGq95i1E%Opz@b+U@~Wnn&3YJ8AMgDfy?sBuj%
zbGy3(@7}RU0KGctEHHsaYOzz{BG9m-yF0aN%rX)#Vnc&0-+_GYgKRwg&|4vaSXf`@
zXw&Mx6B3M@O%Mg#OAv>&iCyYN0Hda}j_%A3d^plCs>B@EhGuGE>Tx+ch7~5ASLcUB
zbpT8NEqT96^yyQ>lL#R0Hi8(IfMP{ZjEO9G{e2a1zOdOk9|)E01ej=*ot-^oF<Wjd
z6Giv5+|<r)r_uHBh;_H~kM0nbh%LBoZca{7`#<;a0rq%rbGIs$vA!=uioltl^pir4
zS)$=xCS{2v=RDB<T@*nQ2Uoeix{_`9L{3g7!85cKyZ#Xznr)&&GI^o(o*#R!@JP`y
zK~_Xdh}Cyb$u~7sUse`XiFQ#{QBjI$B(afVw9H6yr2{fd+vTLgrW>xF<3KJbj?EuA
z)#QHagMzW4yb8-4=~~#+ddj?N!KhaeLh_J_3dH*8I*tw^BCNKUms}#B0tv7PueC1%
zw;4{==w#V)#4{W7K)v<mQJ3|@L1asw`Y&YpF!ac31<&V9Z00NzPY!KG*2Opag-ytb
zAxy{{g@QIF48ykX90C@3BLR*U;h{QF7Ud`~7pR408yKU+okLdPMHy(r4*&y@)cD2M
zi-zXU!AgH!nfhp{Q8QiJJroh|n@0A9H8+~4Zlp5?jV|ipLBSCE5|ornaI%B54+zx#
ze|CgD&g{R&0M%gWms}2taZhirD}YO2*>zk#n7Xr_Oqqk99j2o{t@I}XSVkEnv%JRJ
zzp(mWpTe0uI4?W=z4=1$kNHI{fzC`b)?~tlqW8veqf<c0)k6l?IIBd#q8!A$0-Kf7
zSKwUWeS_EXnVp#3W)EAlSr|KoV88x;eVjDep3coPN(1W-(<jFiX2jg_<v0SOi`S$s
zVJ<K<Px-Os(eTV?L^<^T+<5gId1Gf5l<jo(WVfXy2RQj+^@B~3Pc!$4rIF=0Mn*;g
z-94%X!is1DQe$*=sCC8coR(JVpJiLiC!s(4Q|E;#4CA#>na~+2EzQ_oBz^kEJ8$<&
zf>8D~F-iXLhZy8|WhWF>5jPYgHtVX1mxeS*KDkv#IGa+kf;4~QH6eE<EM7JK5Q<5p
zIh2pZRzk_ReCUr*mjJl_1AzR|fP?%$;O+Xqf-wHyc->Q*5GT<5h){Zqrr7>1#hu@d
zu;G6$^Ww;ZU7gIp0*NcXe;-T}At51I>R67cd<Se}=z@T2ws2<wxZUmgqWa0Zo2zr+
z5(93yzLxGNdU_Fu4w3bbLJoyIoSbbxY<^dEmeQ0504&9P6M#b@3Z2Go1(4f*2gI@p
z_$3IGz>Y=71>U&7r-u@1mzKxPZCmbn`H^NABpjuVK#ZYvXJuoXuGRrflaRMymkO_t
zbL;i^^t}L)p3^P}NX7L$5xFKyq{t)*Pd5jLgT>CU-MNOKDB!86s#FHKm|79YS=RQR
zg~%Um&p3aLxkDbC>~}}O6kSLWjG+d=$;rZ33iyw15q$8)j{T)>Amq|*0;uV*!?*_M
zFnMr%8GmAr{#;X4b>Fj{oJ}<&d={hzbCqWO%Ti`+nSs3Q>{7v-BkV*(L@|kpf2Rcq
zyX`|^Qj8r6FxW1b{mPtc)a>>7;~k_H0^7zy_PTg$bt;k-dC%fk+Wy`iq0b5u3Y>sE
z5_G^_MUR4llJ0_e5r~4g4+OsVo~Gk?YmgfI%?a-1Lsd!8@@|~#Ttcwd9|*>EJU*Sd
zd3n!54brg}F@GK75t5S!MuQt=+602ULKNM=uU{`!Rlo3C;7bn~%c{p<Y^bAXmgqTk
zg;T9vnVXvf7(Td;GTCweg@<X&r~3d&cR0yLuuO{Y?CgLb34%UP+hDrbB(Po)+4Vy2
zOoz>Y)FSo)$E~@{Z<n(@W1udEzB*hTAQA=^h0|T+U@COCGmN6(`cDB6PNlG1fy(IM
zP#Ju`x4mL$^v<jVOa$pJ7a&n{Keh8HHfol@eyF{;v;?N=hA-8?kn<XBK%2G$eg{0(
z$_J;?zyTxcA}#%3CjeN=f`!*15U5?picB{ZRRB(UN(yJq`s@#WZ2gxnfAKb79h_|I
zFF+h-g3`J}8~H?e*PNMQ2@%XZ<g!GG>)?a{&y~13;`t^=YPc2SRj~((YjB+0b$BW*
zmmfMF@j~AVDe~U&2NN;wa&mInY`}V0UngeI!D~?W$wr|o(BFT}wjmMT4AwR)7Z;9m
zH&_GyRChKzKzi@d8;}~L0QD0Uc=mG2%hhN!Yt%H<?dxHg1(}2rE_?Sjfg?fQ3_?QU
zrzeN&mU+r(l?r6hz7=x%hbk%lzMd<6WU{&!aZGu#>yYfWRwp3wcc76a#3Gj4vN~nY
zz}i&L^A8N%;J!rX`~se?F)I(x%d$N@{~WVqKpTXjTCwaeKX4+gk<~}>?93t($(Bnv
zI~<hEaTI(%(gEBb3O;Czt{fa3Q<TR^-(MQVThTn|1IU~})34z4sEZAEfzbS{3*4ps
zlDrqft_Lh9(m26!ZZ;h=GYtU6F+HrPd_T%|5jejF(KV{Iqva7uAug^3zhYpx_ti(k
z#~|PrqmGIP$|k^@GH_xd>FptwEIW0(PnAB(kIjEl#<NzLfD^r%&`TTPBQD!2-#`!$
zh(#mrqUQhYqN~LRrQ(Tk8>&Guzr`<xLjY#Db|UjtzW_rdrQIi~;mxb%ref$kZ(TZQ
zQfS`^7@Coh5nv{iiX9Sot8j)Z^oblD9o^&<q<kzg6D}I+Lp@M6&G^);2d(DWq$(NW
zug}HNy21{aCvtLfw$sxUtEAQ;cV?r%>U3Yb5}G_OYvx@R)bhflj;<@NfdlRMvuDo7
z?P=iD{3Ym1HvX3*_<jI}oZ^^zfd?U`QRf9ni-5pa%#2FLpuMcn3s$FW|4Q+w&M#l|
zHQ*E+R|0l50JUOkH3v|SB7tGdpLyj>_+1a7X3bhkNNT`8wy*<P0b5|Sl&_`WDt}VZ
zWP{dM!^^>ewF!*7C&1x~6EI)lfI|AX_>p0~W(R|$DnR8*%hG4(XXx)h4<wS6@AWaj
zy!+=f1p%R!r_5|dj|VE4_)7A-fcJ-(cCjwwqU=+KHc3}rX6fSK`}R#0iJU0}R{>g~
zQgF*zLERvneOD#4&UM6a;j4$|u1a7N046>Vn`(rMLM{(>c6LVj(-J(*Le;Q%>^ztO
z!h@=$=xV&ewA=oB7!C$mO#84c(aqaVXt@NiCKl&dgi6G3LDn?0TV@-a37YiO)8d`t
z%hmShUxBSuF5$4OD8S0rDZdkwK&M`$KAIh$oeyX>ku=(r$8pr-8f?LETt4hvUe~r@
z#Nqfiot3m)Skfi>H1BW~w-JJdYcVTu-WT>Z5kNRVfQ2kF&U?i|32E)miKiAJs{wn5
z`w?|@!iR2@tlF?vDBw$@bxa&M4%7^k;u@AFjl9W@TORJ3!JFAzS%<v0AYh%vTeDoq
zcXs|j0OC$i0E)hpLn6#?1>)Ucc1K`fV9^D-RI=tr%IB^v9v(6o4+F7(gRh!`Uucko
z^uzAN)uDS4!19s3D4j^Y9X5O6Q5i`*Hv=qz*6<6qL+H>_S2v(n{<*ZIa9HpMsweMy
zz=k_KJnVcSei2A^cW#Ml*E?;p)#w}p4|F`!?cI165bKGUU<__g!RPo~ONwA@TX~P-
z@U!Ud3h`#Y!{!^;i~p1oHK8G;)CUI!<W%T@b-CI~izuWWF$~PZ#V?Ydbh2n2Mf3%c
zAcN#qT>t)}^^o=REmI@ytS>7oqhuhH<CBnhquFobKpRRW!J}J#&oCCSf`CVvnST$O
zU9x+EMM<ZNtcB5Ag#)i|ilzkcU1Cap+@eg&1^3<!;(>x!nk2^QVG1^C!P7goaNMZL
zZCw7}XE}E7ZEWra_kuJh&FSLcvK$ZuGIBvEi~&Fy<3GjYN{&uW4w;Lo0skxH9I|F-
zYU(&YJl0mR4spXl`1l4*(Bo+X4}FK!=OUPt;vNw;FzT^@Tk~gq9V^iV<U}BSsicj_
z*~1%?1J)dNFT;Ar*6Q|SV!m(WZG#<9a7Oyik`v^<Q)7gLtG>|mL^*x310S|_xxINB
zudf(vituro#Rsl=xrYx@8PUfm-TDy~PMg}rrl!G4$t%Qg?3V!j&W_c^sNeP@vt9do
zd!H4`;C%pVR-JVCmAq|u#6E?g;u>E(N|SlK{#8PdR0s~AtEAab=CcBSc(1)rW+b3K
z-Igvn_GHGe>N*PS0i)O11x!=G#>YO0v>g390C+|CF*stP!C_`DJf)%V>>fV7MB4jz
z0C@lg%5h?yOIfg}_0F4vsQCdbyQpbfz|%K6I$9xCZ)%b)A!`ki6e=nz)eLbe0C)Nm
zdDkID2%lr%kCvjeH@lloSA@7fgb@VmkyHNh4B)rSoboUf416g}Jl5UzY+vc0pxdlv
zjoJgbyEVqYAK`kqy3mpJv9AU2IPbPVJ_PQZZ_tydO*Gr~fne_8vPTgxhFajO=k1`=
zLG`3*GDChE$zhWI-7=?X{zEqHf%jk<=rFh4a*tlZW2(U!CUE_@-PiYl88nVi`5*tr
z)JqU+z(xVa_-}wS1-PuUySqVDF4sirKjn9cXhNtb-f0RQzgn>|KHh<1%nF?Utm@FA
zb;VP)aJr+FPPuTJvC|Cu-4a3s+C{?2^G+k;<KqFd_0GcLi!eM}E{vRM2sGFQd>*C;
zcnrY8{8U_A)+LTj1(X%UCnui+so~CWR{)~%{?443G6tAE0~pSEP+|hU^S(K^h<gW=
zb5Ip=1ytnEA9rVJcR{U0`7U7hnV6YX5G8;%07wjQ<`%?s)YNW(Tgk=#OG!`98?=N9
zwVgf!CpLhwz;QYYd?zDtfW={tDFKIVs*K;$(bcv3_pkHT)bQ1}r|u`fY1TawnI{Xa
zPu%J5fPHgM_V-@VH>|bI=221_L|SQ%Zl@mveLe2bx&5YvGS{|Hzuj9eXzF-9tquPW
zx0p;EVw;QR&P`pqIWa3B-Mk?@1U1KqJ^#>tZ*Eq1F7kQ(c#hLky&^k5$BoslHFMdp
zD5Fay_)W>zPHST^q-*_Vp#Qpd<j8hf?o51c>J)*9TAwhS$KmUH4APer$XB&?G?mg&
z+o41!tI$18J2%4@7IR(uBMB+udz-PN=Uv@677q>CY$UTU30ToBm2a&5HC;@^W-3=G
zR35;cZpI!<HFPMRmpdyZ6xr3-Jj(Mhk=!QEp#_Jr9w><bz*v1da|ERI&H%(3q_aES
zDCe`)8*;GuXpp_rPv#(qublPzyTUm4XCdpCiWZfc5>krf3IH$gD9<i0%U*v+kEl$o
z_#pzYQG6z_^8>!U+3lE9_JL11e!NBe20#r#0RdT>Q8XeN9e!nMZOBGf(@yB>&t$)k
zH6UyPpFAiNYVtU*6#mS>%?;XeTMXSB_e>SE{+y6N26C;<%`m@3c2IuPhZn8KGT#A>
z{snf~U=kk+7gz$nz=&2kG>2-CB;~RQ3!iQM{=SGh@E(b{2GRQ9;J_cI+k2lCu#F(1
zaX)$_aEj*<;Api8iS}QZd(qw<puAv?*f*0>DZIue=<JiM#*z2DY|3wVquChZ*?d~S
zX**jYvJuowV11$P-`=n;e^MTg`@T#iq`m-O_uSA@X6`fAZHY{9uTX5oBU;8@sSp@x
z{s;Sf4Kts*^aaJboCbkQWzS|w0lcw@?UGc1%=lqo$93#qiXjuSrJ8vS<t2yYgv3uI
zhO^@bNt6UDkUf0;S_AcEdFcMm@IZ)<mxtC2hDDJ+4TjF}%;(!_;|7>wC$Cw{LoLD;
zLOD$+zaG?^{RswZ$7}(&@fR5G#=VuA_x<Hx>n3ep$Z(uquoR@LeaqCpa|8p)JZJLc
z=Gt8|b}dKbT6bdq;6O=HQ5Y0h0V}B2<#sKou6XAEq6YpMW*MJc^Val-R`v^SQM9@M
zu0>rt4o}nm&)mSrL9}VPscr%?j&N;aGcxW5OojH)C;+(pIWsYPFH7~Ru~lkxyRr55
z0Pa`5BMy_nfrfXN`N2H4M)RZ20CDC#%K)6&)$zZ8xC3B}!Ho+z1_27_r_X<p>`RPa
z_IN+y{pi;P^ms`VKfn)~<^cr`<R8M!MDrjJ026TvJt@@zfSY!6^}PsVR*ZMi<quUe
zT1M^V*$_Ty{&RSgkEQgHx<VSY%v2>mXwD{E^y*sk?D>&WgA^)RO5&DJh}$GRWC=u9
za!&MWKW=^T-PC;{{|;l$*O*>H-f1ikPs@&B4!-6bwN@IoQ*adFZB3M`FVeR<T5azr
zyO|4*jmmZ!gXYG~3HE9urM`(~rt98TzEm;bsHz#s>;|i1_G=90EuD0=SzB|B-I<&s
zg9dBVlj|>EkN5WVVS}ox&0nW>AT@hV+_3kVU%mCy65ph`Pnuh1+`tS+17DCec(i|H
zx&F`srJ3H0yE+<GEvQ$=>tkGFUs+wvmeFi-dmnUcgORYD%x?k2R+b`d%>!U61|?I(
z)1)irFAwo-pS)t`)VAVY=s1S}HTGH7@#*OoQKzCxEi`bnRYH2UK;#4A+2koZJErID
zuXHg`5e9ZODJf}-=rW<=Sz7>3#e)jhlda?g3zAh(ASNzaUl-$>mr0~hX-omCZO--<
z&JX|g)6Y~}>*(qRH)H~zpRP}6|NC|YU>Zm}1KYEs0O!WUnH_rqu5oZkI!>duqnjg-
z$AZo!Y?KFMAY7NVA}T0>y?vG{c+-CD%c<BFJ&T-$-sGt;&tBeYj6{1*b#_46WZ6BJ
zxNfN}cZ-5QJIb_4*4(OnX|c+^cqboUdGaZF?PI=&1&v4y(RRQXDW``_sJ+4gRHEkO
z%|J|sn2l0ws!alHILPqJJ)<_PP?qQIm|!C>x+}^&?aIn(o;XbC!t;7D#!a=~FcjFC
zUt=0us>4;aG}0cnu5JYJ?0RSPUhM%H4pX<#E2iec9S)~}&)v#?%9sXX+CN=l0%Ns1
zlzSB;y3qSbH<+d~cdm<SqK*{V5&3pCW3*>XxjZ~^4mII+(+qRvrS&~0YrEdUKpalR
zB&cA$rCn9EY<-mzM&IIOcfn{6r%^&HWt)|!G3-l&FKE1OOJ+O0wVu<{C}pBImkm+A
z`f@*34T~f$_W@}CVComp4#x@|w0!yV))Hb98+cm=H?-lkefxPqBQrJCQ9YVccsmJ*
z0E$7MLKs~k-J2KH*ZDQA8YwX~>QBQy2y#dZV2{Yi8?4>mc2o|Bc+8TLD<GVF9cOz^
z+;GrVckP+~aF#)W#AAMq+3@D80c~3oWVmxruoN)xj$I85W&w4eE*2s+ra47PCO82B
zxKe^h`YoF7v+Ix@vZ9N*2IsK9{RPRxj01grN~)?xH8#lwkD+$6E`S;Vnxl;Q$u6=?
zd=VrI%XE3TKQV~2aVvHpBebIBP4R!(-xdz9ago6uSB1sH*d3PI^7eUfk_+n_G!;MQ
zDSA@PhR8D}zMwOsyxdVFCy0cj4a*F(o+MaBse~L5R#;VNe%6osR;<(T?B}a6vSq(x
zRAs&#!o_dBD9wil<%I&4;Uu0Ya@L>-1Wa$iB^6oGVJ`)&ibkN+%Rhs_Os0;mw|{3d
zi{tYLcoRtHD#c*Fz#Ti6cLB0;wkI~fKsUt&$avB7Nowl7qxDyOk4<(UATLx_RE(Ac
zS@$A3E<S!BH7J0x1i`n?kI)5}yZLZ^Q_WWT5=@rBF$dT|+2U^(fln~v#roJiQ8*7a
z%bKy>IZ%*iA5gqWC!0~n<$LJW`FE3!SaF{XKyxo>YAJW>SeezfR@k1OL~yn}9~%4k
zo{e6PI-7T$SGi>Vh`oYmZWz+7{OgmR-oB%T8)~_8s5sd|4k}3PG<sr*Zu3b;Svo2n
zbu!FN_b+8(YsAG9^3Y*DA7HZbGd3J9X8wRES-l@Ja%>w>79Awa%xBMO)^@~h^GROC
z${?KJLghs6XE4cl<QSeRZMc%gEqptd!gl54-PL&5ex6+WH+BtnEkS!MK38*3-||ZD
zwIRyhvo+bFNSOx<BE8p=*hV5sli%~U&v)<DOO$}&BfC2%W$frPaWN2$$gI#EBzcH}
zZ=Uv>lL$dm`wI=bK{{W1m-wp4Y2ng_=f4yQlvW9@^@?*SRUx?)tR?TH1C9&`W*$-V
zIFL;~c#xB_5Uarh!Qzr<%6q_eiT?2mQ2=+I{=GyObH{y>c6yS45szg^gGNUcYc5s(
z`zI+6VOW|t;R1bCTq}cJ3Rgz{sG+S?D{p>f11hs%qQ-8{idX_r6aKufD^U$aiUq9M
z=9+a%4M4$wulSm>`PVEuKTzHWObOr_gHaEyfNiauKhwMh2QAS53!45b9rLLoGpNpd
zfZBtVz7&vsARi&zY!4z(h$74Q{<igjhq&Wf^ud0u6Eb>dh-|;Ea-`aCw*(Tj8Su@|
z*I&HDDV|=Y!2IjR&dAe%hWD-I-gcvyPC0MZE}|bdB}vzqhf|8g7nS*J!%5deVKld8
z@-R*A&kjGdn)}S5!LC+j$nwvB_?pxcl^g<oRt))Ynx?Hl?y}BZF$SqV=m%t-`)TRH
zIa(uyXvE1J3o!}u(*#23iRXpm2c$0GC_qL+L^ejfDHvfh-*^sw0#V+u&OU2u@*Vnn
zP|HX-Rg%i`WeQiGn;PDPhwup}CI~N|2USg5IPI;5=(e9qxtu$i4wrjL_+Dh`9O5a9
zWCAkpu6lPn57$FRj|!<UORd5BNKZ=;Nq9w-z*0}JmJX26N+AWpXO%1h^NQa0dS7Py
zcA8K2GiqUexwQs7ES!93idW5cR}-T}%R{C_(pqd$*GK?M^IF>~QkhLviF?Vd&_!`z
zah4zl^)c5NI=#fpt^7?^m8Mq`s^>6T=}fBCOE1S_FWcel^#KnVjeuN&IjP)*ve2}c
zjXV)PORl`v?0o6!x0%GRPVrb?j6>b3E1%vfV?BA6B4+WE?{^AN&NWtFaAfeYMo8z9
zBh5w_{9gZ3By$HX_vGn1@~Gyw>BIR|a}C+>qKi)V)YQY(f33v$FIp-;F;Gmz)Ra(F
zr;~otRj@eoiaL&J>=~$Z>Dtt9yw7>{hF+yvQ;5C@O<sv}hgP^T+oC8PmRV~_Oh-b(
z?2!Wu6}rzsMJG0PTOV-YblPKRtNk{SI}1#j3CtjJd?5G%_>&2RLFF0I49FvQk<De$
z3-q>`S}5(8XQ#G9425maN`NFwr@3nR3e@3+5GG++X}T)+LWh#tMiOwgUdAVD(U+!=
zLG<`nciU4!MHFwR5OA{2cu6Ou+Kiz9vhSR@KHf)Kg%znQMxKr~>Y^4X7o*1Ynf^TR
zx7H0i-4dQj#xw!KSftgPCpijRg!kcSQu-ofXc#19{n%DF;(#Ys&T#Yhy#u8H%%yaj
zE<(x^-Q<DmE9*ksY&ctP3T>e2>ISFA-wPy#joKx8CPqJoCn2m0fJHw@8w5@;6XZ`~
zfbI_t4?zg$lB}#c5|>LhpJl7W>H(ZP<HLsvkyNJ?HvrU}#{IM22!)ojg1N=SAiXW2
z2Xv0)l`s#(D`_PRQkQ)XWGD<Xw{)>4q;tFho_(X^H6Bor%J39FiR5r0Q!S++a-^j8
z>5nsxkb$LhPDI7qsa<_^5tkbi590B}fY;t5nJbIJg(XD&ed<~gcI3y|-4!D1?Lw9f
z5r#T>Fhv64lb11HwLBVmrHr2USvj^(h7<jGw*eW=$tAicN4<>rKK2~Re@>tx*%O=V
zk)B#4sY*4kvf|n|fi>b1|9S9LuJPZb$LpO;X-lQgHOdG(ZA!Dn3og)ks?<N_IUOzi
zbdY~tp&aEe#JUk-d)f^B_Aq_2Yrm6CT(Hu`(sG)C@60A+K{3I=|Ir0Hw(avT>O0$d
zM-f$7*|;8<>KB0l4-VazaUHPacsR1pdehMnKGej=y&#KIX;Xg|@|Qz5i1P~6cB<h!
za%N#;D$s^;Duzq4gSx-sI^YqT0Yra$cc#)9D2zRSG(;=*5!CEg|5>}Mgnx^sK&s~e
zdItb}+N1Af;$f=Or(p6JO8%Rxq=jFnL)kOC2fx#(@FH+}hi#ztO=DTDU7F+TzXapQ
zJVMXkza>{_-45Y=K%q&BRc%uEsCHH7_Z2#y>NW<loUwI;@}PV4uYugUCyJqaJmI;D
zZc_zHsi+a@rez<n{8`^j7q;{rk}4m{0bqh^VeiaaiUn6YLzit64>SiR^89=PS}XW;
z>iJn<-g)+uy8J&6%c+&&*zrq{i4RgCz!s2PNrfB=qg%=7U9=n5-@`NWeg@mJzKx^Q
zy>Yn-#2VqJ?ks-!enapPZSBU^;*ai{K^@I~yra|2^Jy2v20U^-Lh;3mb$5coiV5y0
zonJy6^EajzQnwGtB9*GJk<l-I3;%h$!8xbTU~$7v-GL|>_eAOazGpQE$dv-`ct3vO
zKJRTx4X@QOCD9=3rz|fT8GSc&4)6>v%;?{YIedk6oW{RI=5W5CwBUY9h2+EH;V$_Z
zE3d4{Pm|2X`N1<8T-XEVX!O5{5v1MYpoEw8Q0|q6guo&|H_w_bE{?5-kJ_KA4TDGa
zq7k@7SdZ>CWI_sR|3FMMWkoQwK>3$;sR0!k*~-dFzzu299odpIjf;!h(FatQ1bweI
zsDzg%WcvW=bn%CC<n46iyM3mjdRW1>-3~-!PPoQ7A?hKKvg+r2S+5l%89i01w>dD(
z<!{Aqeo6T!ez2+NKT1mwc2o8swaBmXZ?jAa7C<8d$=j<BfCc-*2$)fJIn1Eq>~)Hn
z9AOUA?~4$(&dYL3WWsKH22eIZ;=<k%jE5n}k>(3bU$e}B7q-*$b@c&`opaBrPoM6^
zof_Z&h5wi5$|zG5PX=g0$|8Hc=Mbg7pU@7NTJXm^K0LPq`5eWbLYaVK$Vi@_8)yjt
zCmlW%{E)#)KbPx;VV4&B+wb5q$!PNE=1Ugd@+n_l<X(3(n(-oJM7eS%PUTV0o7^wC
zE!@ox@kbIiYPOEid84GNi9;;h)Hit*N-?WvR7MAaaC8pj(5szMJvW!o<6kQ3$!iga
ztgy|<xP-3AAr#_QXfHgN5&21lT*nE~3tg+K?}UreZwq*vcDSoQrN&0zuGM%)l)2T&
zrqP>7{mPeLBGh0G`}tcK;o?%X?5WEU_7fR&T*f#+^Vpq!g5_2@O5mo^Ikbn6PZ0Aj
z>j1tqbU?R^+B=0|_%(v@siIQ6yf&+!bPyjRUm%6g`msZ%3vV@UqWS92aCwdd?2R*t
zUk7*`H64h~9Im=y4UDA`(!ni3uE*uf@88Z2s3=iJTBl)W&-Qa9$}lt&xPwaRF`t6W
z7xO`&UknaHE@G^yLBQ4=81r-$A~+FRfWwE+qgnL;uaidrn^ZWN{sErNch^JnrV2Xw
zgvf1muIwksN;8}d<CV`}_9A)~e?T=-XUe#(a(5fW)x@sd4=>#K&>PHr>%6u2UpYB{
zKt{9qZ>6!Q{FxO}um9K;6g5I4v}6{$)3>r;1A>s2b`!w-m#t76Mf;UKyaKs5Z!&r_
zlaulnHaEGvc5$|kf#UA(|1(9f|J@Q$+(Qb~$}93*jy?fOzch&+|0AFCj=>@FvTdN!
zdXi@g_+%s79z}g)7lAMO_ht<k$qJt0U3WL1=3SNGrV;I^#J%TyOma@47~g|1<^V{3
zqCj2dr#O+Sak)mbm#3MH*(&6#QQ>)45XWzQw#?8Q<?BVH<XxVFKAIyj;!xKY71H<d
zFbA2s@kZQ@O@*39ho)qVGRt^6<I&Ul&d`0@`|FWh#{_1iUzjURJbg*e>*2u$0;(Fj
zC=s-=@2+V1`6i5SUdXz|nV44ze65FzA7s^i^UY;)9irS4t4|bu9p}j!^sEF8BS}DN
zx^B5JPGIgq!(bFy4$lZPL0zl%5)P?4ZNl}V_fI&5<on=q8aXSX-Js3BF=z9sR@3q+
zB0308?zQ{vGHAGegjwbIHBnhAHHQjsGRZ50^pDm&<1@PQC((3Jv0i9yZyruiJ0&-(
zykI-)g1>Z&&uF01hm(&iVx7=jWk2BvmDr<Tt8HD5!3YB60M3j3-SSrVijGr4Y}?92
zk{It@oUg_=?nVVEZx9|K*fmyKg)Tta$EhYMmhrIeg%bV+zSJz%f_uR3ip&WTV7CCj
zI|K-#gPCm8W8<0>TBzeI9cG|Jd-ZG>9zs-SlWVa34{!#ji-35Yo8vx?nw|YL;q0qU
ztoFI5%t{AZF2#6=EVl$L7-8HP=e+8<qc2wwjBxR>Wuf|@&iPT`M}|2!E`<d11N1@<
zMZbq#iTND_MVZlxrf`{tq^o<ha1oFmHUdc$w9)U#6{A!Hz<P9K1o%E1Xr2$(J`9^M
z7;&+*>h*hTLVJM@CmVU}Rp`xP5HeO7AN77J*MQMU@v<gnKHKo|i;abs5SFJ)9}jq4
zh#vmg-cFB?cLZ)rz=_WT3mix~qwx-jOcR-#jB12mQrqhaDnSuZqu!A6O6mWUJn;Wd
zFRA}IzY+dfpq(SH;l|sDkyrTVzxrhWBH$4p<EU8wD!XAKCdSGM<c!?x%oy0(=kD7Q
z`D%^a{?4_wltqEg3xXXjr{_d>x`YUycOR6~ZQ^dY(yHYGL<6PCS|h+tz)7a<9n#+6
zr?zJf@jF_ehnT#4?~$XV1)VF6Z{8e}t$mwh=jm&A&;lY40=FQ9uHJ5!bZ)vr7vWr{
z*Qrtl8GAN;j}dDDkoKm?+wmeFyBjsbQ}TLx5~uev15pQ2+mKDb<lCke=nG#VQ^#d`
zj5g0V%<(2{RX=A_58)3hg@kNB%Cj)2tJ>cfz8%V{$n$@`V8y{F`Pt3|3Yg^j5|Z2j
zrWs|0*J3Blj#e5p?JXx7xQg;tM@A^tuSL>+exXKRBkz6={}tTT3oyiq@Aw}=;hp#%
zSdn{*#T?SgZIk$NLx^=<h?Pm}qaoYf&AL+4LrN_Pe}%fOAl)_PO!4rf&b+hdX2s-o
za+UFp4$jJ~-E`m|WVp&8zh!tm+NXYHd)|&T2lg`FOx5vFA9=qY#ca4LRBxeRbZRbH
zWfWYA*&fFBe%(FAqfj-BgPe-q%l{*)8$`S&^pKJ7Gx66H;zQHt`k)VOH}oAc+C-P=
zcCx-2;p{AvR`0ZgI6WwL6!wXCn3BG&ncBLYC_&>O2JLwm?)PwYe7YLL+cwE?x}9Lc
zRJfX$Is7&)Q6I5%D_E6fs1pj*D~^Zp^U#~w$C<+7r44o_l1)Eg#WZ=F!y3iPcsm!U
zO?wfvy$8ZAfW`kzZMMYJ+frvg=N}w}KV3~lea(5$O~-AF@3sJW#Uz(0Q1M}xl%`Fi
zP4ktB*P|vfB-l@r--Xdx<ZI2raVl8tShpBuDDm>g^dYHXb4`8n@apT+VWBCw8pfgh
zKlgR%1(I??EAfdGYzHzEmzR(A!6Y;>A*TovIrZdO<e|IjY1vg#nB26PTRhL#Lj{b8
zje=ANm-m%tKYFnCZ3Rrx6vsXPinX97&%f|%$Ca)d7ovhoP6ST+d<4%1wr<bLv74C+
zIb6tTgWmj5VK#K|p37d?BhT#?-^^X7S;*4Bj@cS`Ue9Q(U5W$NvW6W84pNuy7A(S4
zS(8P`*C5K#8Ap#C{SN|t^b#LoS^7d6urgRd-oO5pTa~ypQ`>Fnt2kBA%c3=DY%z)z
z!I<9Gr|xZI<KZz{TU`WGjDvoa^)mCA_Xi#$ARltF>z$#eDEr^)hh^Rt?B-KMtY<Hn
z#0Cod<u5J-U1;{@;-uzImXWoXZ5Lmt(K1zTCuUyN!W&D!2;fMk{45uz+jMjHl;LJw
z?T#JX2PdBJ=Qrz+7+MAb!h7q4*V7vl4?T3Ac(=#G{@9Nc1oL^V>!uQic>-)?=Rw~@
z*`c@t7O24H=kQOK#w*tTOY#5qso3<+0^hs{oysUqrN>c?o?oXNdPz++B}6pPL}?6c
z%x-+!#w+aW+X+7^ye+ANqnpQ0NAu*Bw~vd|El<DIJ?AZ$T7eXCs6U+mDu5zy$RFLV
z-_)U}uV!=qG6&x`%EKqueme&Mv>*S-lgc20hW0f`?4H!a)s8ig-H(~Q40oM)&i^*1
zoJxIUOZyD#&gQAu>ECSePk+Dv!*yME`tSdulCzZhI|Z51%=cSK(A_r)RR38m`R;xG
zN9x}=Oo4I5!_yNKm!+SAj;@%wR2&KyC258VgGCtD?nvCd-a?(YF!}z7d-U%dFb0dX
zd1T4xZ(*qc-Xzq=PTesEX+Qks8BJrFPUg=R*(#lRfo_c}FyXW@1}_ncj|JI+a^L;m
zF6y;`{i#cX@1AMb)@IUJ;@uiG7?;9Qxb{cvbQ3nJx9d+kw@qOYpk6O>;qTwSdiwU*
z!Z_pK#a4~xR!a6Psu|j~csptbF6t3-rCT^pewVr%&5C{0q4FnOBqZDC3l#xPZM2^@
zq&l5Z=DkQvy)RKjv1lzJ&*8@^(D%=4PbMhAYbi^QQ6FZzedK|8OSa1$OV=T|Z^X$l
zc03!t;erp2IjQ7JqW)AY5sLV-knP53Fi+^s7KU<)n9~9kg~I;UtgRsh8R`8H<e<HJ
z6Cn>QSTe5D#~r!D2^J<zTXpOoS<S&;D-pXEbp>xQ6QLbndKX)oV9p8Py6_kDp4&4O
zS^PcdI^{Re<n`}|EDpYd|Cz6C=mVXHg6vCJ?&@<sxGr5%@f1<Ct>EojR0`Yg&KQ~j
zbAwEsHgQ_;#_u1E``5S><2VZkfoJ@$Y3fe5?*<5WFw$852E_r*pcn+$DjR`+4zS?B
z5otM;>GNuC0R>d9(LQyn;?^(9NS_-p`zDW`+$P=L@7Vrp;Kz3AZ;0yfJguBQ^zDk_
zJ6@TtnMMgi8taC`HZh8aUkiHnR;%NahTbMZ<X&HNt$%Yyny+3BnK}Nho#PH1<m|o7
zPK14**cN;JeGoMff(G`e#<L2Yd-cw{88I<%Pz5zLHC1ZZ0Q9dTP}c@*P*qSm2s{MV
zNKcnAD$brS=hujs3w?QQ<#Nqgrfl8q!OZ)pYHjFd_M-|YS9VR8`5?U^t%s|_OZAeT
z*VMbmcC^EO^Q*E)j`7%7qw{$!eICJc!*B2TpSrB3Xt{f79Y<t7do^1hVJqS>ajs7g
zmC^jV>*fyy-~L5YKEP0ltSxWu*L~ckM$G}WlP5cCl%R6hS$&~Ts{I^^+nnz36RPwB
z6B&)6dk};#KuT^7#b;MW_Rx<E+Mm`adziLP_%%csrB%9}R)p0G*iQVlnT7R2uP#-I
z>D}45c^+{(Y>Iw;<e9U1767Fezw5cgdH-Ye4X{JV;?3r((vQPHy|&ZE(K;}qfFud{
zF7O$LVu6=6idO8TFM$g@K4Hf-HGBKVZNQuh8W91Y{tcKjL95Ox+Zl2n(6bJ_xZ6B9
z7r1U$x}oy~QL&I~=eZf>i~ZH=g%g#k8xue0r=pZR8T`wulyq~vNioGo5sfdoD|oXL
z8dny7`2Kzs_VUKc<)p*@+Um{e$4)%AE5dd^_rOG6T#J{h0Rei45iv5jyYnlk=Xy#Z
z@i#dbcp@T!`cQ10M{Ptzy3wM)?N?%H@)^1KB`4}U4;gY_g)Z#3x4H6%sR|kU$0r?G
z$mM&<Eh3{Jj88S)Zr>;!4x^Z@Ly&<HO5W+eKP<-Tc|Kfi<}HBQS6*q|a&YZDb&W~C
z+-WNbO7Hs0m<#_I&Of=cvfLzdmK2~*xH$gdYSqu;4Pv1F_Gl%SOsq5VQ0ThSV{&+<
zA!^Pw?dH$#Z%MB=3G3`Pvx?Iix6&FF*2@-zK6~WA`VJbePLYnGwWL2(cXK`S%NVpK
zcO;T8m%MT@e6W;j(wq0CBKi5nYTZXnl=%ecQ`}Cvt}V)*@XWc+a>Iu+slHX*ATsY^
zU7nATfry+dZJG!JE!-p|C6Obwpb4s<9x57ICosLNtO(jplLCUz9Vl=>rGO1(wt|SX
z`YSz*d;b*lmjs%8C;CwM(9jTQTqmu$M}d5qCcF=_F7O10W|`HjMpMzL-!w@batoe5
z6{CLB98VW75c2?sVz3_{zsGil#rsID9|51YUvEtM<O9R&j#At|+BNR!?=*Ujt3iwl
zE!8`SXq-0&PYGwTBp#umf`t#is9R`J6=8JxkOGa)Ks6MHbwY6;MpAqIPMs?U6~eQ1
zpCvhk@?U#`Ox`7lbh{<vOgD{FCmbflNtfSzo?79lASPk4<V7^^wwwlb+Cs1L@KJ4O
z>Ku<(srxDXaooD~srI_)*N?Ie;2~E0&iX#-Oec2h`FD7}smlm)NLhh}bV-Pbpe&zf
zHD*jX5Jk}_kNk?fI75H&2kgbLT6%J$LV2&FD;3mwCrDTe^Iurn54!=Vrs*dM72SGT
zE}xh<h`egM(rjY{4M@Z^@zd5IN|lwB;I=*V$N_WAnd|`>0$l1O+6)ljfzq&R27On7
zI@(VU{A%rOZ5y9KP3)xRS=VK*`r4|uW!>qntE6o<>Dg8Cb8)ah-u|j0U?$_uQ1%gn
znl2H*5iS{%)g>V?%F6G!yN3%{XoVb|IfPamMC(6stXUtxA8{e>3&slVj8zJ^y(huF
zJY5wiv2ZypeauZp%nIA(L{53HZWKpccDTv*9X#X>oim+7#OV`!(XylBx28pC1-6LV
ze>{lpDX3Bri_9QF+;@tBHe9nm^}1o(M8qV-CEg<LWjyxU*XD}3JdJy>fW>6rR!OVv
z(XMge)!=0$%L-GyyARYh@B7SvwNG6Y)cCzRo&j|VkMwJ{KuOr0NsgU8I5hOhegqJc
zXvJL!xqwv>w6xORaR=TaVB|>SS^yI9VxfxbUc{BLU+%L&`~jR%bE+r&x%rePKb%NZ
zevn#v*nmD&ii4K(2tNELH2mV8M~uIMPLXns{Pf74&1w0Ah<H?@(v(<dzua%k88sdw
z&|G*zb~XW@LDRdbS}}#66Lt0z(TQBI)f5eN&I64)I(&WGw$j7}hD<mfac(??b09=r
zb}nY=z18i+UB~VA_oUxUcMRSYpt-I@>i$By)ou5@{(x+GGdi(Ty#u+qekd585{jC+
zUQ6uS&39N);WB;j99bSOzSdW2#Jjw@@}<rrbqUl0DFqrL?(fVsoC3v{Q)Yt-3m4Y|
zbVLTsREofR-xkn@OK%@f*5nDI0@x10PEDmR6+a7H*n0mcmL(iwTn8U`mw39QAo>`=
zcqu<T5fK2<(N~H(a1C|LoTcI0lo4b-Q<|=G3Jw8T2F0YL_*V`(q$L?Hl2G-<Pl_Hg
znjHHbN1gMov2pj8hE3maU)LY@WGqosRIcWeuq{FSEK2#PkOf2;{^)bx6?~spu_5-4
zR%XD?@g9M8FghH}qY-4-aX5GcL|7lETP{L!MuZIOuX{S6k62Y7?aXyQlRQaBDBUdr
zwyom`AXEKaUCj`8b(ktQ1|cRQEUW?Wx4?apMO6Un{5dG$d9nQWul_z5$u7VilthZ1
zj!8h!Ed=bFz>q1c2y92j%+H=ZD?Pwlxhx+!^ShF;Q8a8n%tzyYRS7vWgW|hLN=Ve2
zepsjK*whI)v{*$w&nn?f;veThMu#&kl{`+H9r|<niZ~C8%nHFM*I<#lFfp+8=iYHV
z>Nz#tJnwWPk63Qx(ZQBqLmM;~d9QcCM_TdV@%!Sea;cw4cF`&$>JCdi-h8i;E5_@2
zx#QNz$5b7DmU&|@sjVGTg=NgquUN|T_4N<bj-^5U(P>7bqHdKI)d-K5-Oc5LFZ0j0
z6$bj<6Om3=(x^3|skDNo5eiZM6tM3a+B+9QHl%tUd}t=SA<E^zE?N6>e@gcSR{%`h
z<%ILG!vQpXvEq8>C(ZDhj8LRu-RmYD6RF;<p|XM1FgsEE3lO2S!guqN6e2NqCA=z3
zPWhVlSANe#jRe3LstL)6w#!8z*w{FoS9s&gcqtXr?MWGOGx!Vkx*=(Z3l(krtK8u~
z@9*$NK-U}OJs@O*^1sJN_cY+AJBB@hE>Fot;lOeWtaLm^h%4Z&)Aq;#9zR|0{Y5!9
zw+m3Jp;v1c(E`2#j*1_&ECih`amXKG;^I0cz;w@>${I^;^F)%9sqDkE4fR>MpS?wv
z1}gu}Yng!}RaGkcp}EI(?Ck@afoV4FqY7wYtJ%l3%aB;}*&kX}PC3=_v-RNc;1YGn
zv_F>yJdWE0PvX3{t9`BgJZ^h}a_4Toz&E3+4`B=AI5OJi!@Wkx<E^C8$}D4~UHejy
zZm3WRmzMxaR=wMEx4&k8S1b1;%HcRe@~O9V6Y1USz5RJQA|~b~GD|m{%$Gl_-D$gj
zQY`Mz9A8?dl+Af_etjp!GO;U}a3cy1-_yMx5ET;(Y^1RFQtQ5Q?RSTRa<jEy5vJ84
zqVHcCT@FS0-IuTExz7XjYb&5TlKR!Bb$LB8f!5AnS^~U8U0r{5UAI9ILWtXgD<^bZ
z)R6As09ZlS<I`@VjxheqK?5=w)}g4wS~~N;2>se!mOFr&1#f}&JuI@YsD)`}%XwvJ
zbcJmMlskLK<a92(hJFmY63+{#_z%*8iz7Ureic82@%n!Q+jDOJ4Yq&XPkw|yd-<>2
zq%`4Q`G&{8<r|HRH!uG0$T#**Pn}C13Ztb3Z2X=pURpXhIsL8|y#Vs2%^~*0+Rg-T
ztcc3Zd5Y7>e<eSlg_E^bE61Nlnu9w@-cE_o)-U4@W6kv&0cSO@jV7Vp37+RQujw0h
zJmI@j|CY44xVWIAqSj52D?Lvab+RWfvY2fBzR_P#v&f#aA~#2E`?RR&O)#g#jZrOR
z^?>{bG4E~JTsh~s^^DVQ*i834^<7%kH9Gno(7<H-t=J=5fB#xM7eZ|k|CWJQ;1x!o
zU1bp6)QqONyRl-oB7LRyeFw^ovDX?pnh4WV@Epx<M#$5;!#v<5zZ)p-T-w3g|7-gB
zMc<WW>*W74uRejQConNFv7w>bDC^-}{tc(JM1Qx`&)d9Ah;jE%1s<f_|9v*M>lKs$
z8rEr*6x~F5{!>UvbI<C2>nC$5p&RdnVLpxjXvoCf<cGUCGfxCWMEL%nF%$o8&ffpX
zB-sCtF%$oc>ih2-Goj#M?1~LWPME^pnK9@y+|7_R{C`iHXyv<`{@Rv#tZIt^%lyB2
z@azBf&*p;rboM`-G%IlT1pay4BL8lt$bUOzP4K^G$XbMUe<<xgLlrG;DPL=`Ca}~Q
z?41!UrZ4$ClGctBW^*B4jPRDsKib$)wh3xA*sR)c+Q`Drm`&WKr!d&_3G3HtH2=s~
z6ea9^<9T_Wd}+;W;r-<n(97{-Pi^!2r6jobOSeWftZ(&eYoca?Eaup5G7oQz<I+5^
zH-z0MHt4)Q3?f++hJzS(7TS3erF_bq-LQxkk0aYy|G2SF8qv?&mC@HY58X|g{rc}G
z%}Uq~dVBQkj3a-Qw$tJl8b)CubC}7Eo_JZGJafd1=OMJ$FA8AOlIbdwXM{^$mz&8&
z?~%7A5=MZ@LRw|4Om5lB-^Wl6ZoXkZ>(TsY)NBA4HS6=QQM0r@-#h-epbHF0*slI-
z)NIB-qh=2ydWMc7)}D!nV+*peUg)JUk@2OrZ{h4SRK8r@Pk7d)s3|pFP5x!!l;aiY
zS1Ihh8jHJ8vyWO-%n%h)W2{eBV(v!G%A>cPsQ@b>_m;@${qv7XUzHv|DzGeA{_~;W
z>2}*^RC}y*5{J)sqh{w>xMx&TU2{sLz^K_EZ#<u5Flshp?DjccyM63bK@N)q!=f(3
zm(16#pI+>kq}kA4KFMy=DCF^lDHTG$(m~>g>xZbnzxiOTB&H@d8<e=MTyZy4XlGkZ
z#x5xFT6x!I8~e?%&~8xOx7EF`w6U~{X9o{3-0s^9+%I2QZI-`pd^cLiH*?-3_&TJ9
z!Kiqu$C`K(`^cRgM~cGn)2m~XZU09FgOoNnzu6oJMZaAyOW5t!!tf*cCvi2nlmwVm
z?nVn`_~_IRZE_i5##5krnF)c>Ld(`8IHNitnFj7JWHXAr$Wm-Y@iQlHc^-V}>56py
zFTA~FKwR6lE*OGCkPs3Ag+qb|r*H}G?iL6Hr*L<d;7;%m+}#R-1-IZ<xLa_Cx7g?G
zbGzR=w{PF>*UhgGs*=U3xyBry%<%;@MOsxT{-P?975gE}L2B9&Br@h3uyAC<RCK}9
zt}eG0sbVg%xe#qYS5RI^(P<#8b;Kqz9$CXfzavIVK2I3kfl5h>@ku7E?ES_BHVyC5
z+vif|W#Tjea+Sod=YQsMpRuj^XRK6Vid?<zg5!$g7Jn{-=l)EbvKLD$5}kyTg)-1>
z**3C0Q5Xc8_cGb+#LgD(Pb}QH)I;kW&?C%2Zo>$5qwAjgye0*oP0nK>i&aUStlMko
zEjje!AeAB1_GY}KT!axzow<Zst~X|aow<#NoGm4n@QX;tfHHIN<wZs>|2w-XaaN+d
zE)l0f?IC+0T};Rwh!(mGZr8m#GP4oKn_6S*tqi)5a1YvAa}``=`$P7}vN#Yia7pA~
zM+fDG;8uIshA@hUu8xk9#R9I8+B6Vh+q>)Lw>q6#%RHj=4?ec3H-$A9y)GMZ36vMC
zm3-(Z^_L_W*)NL+m_HBCM6}9pO0*IXt-S#GS+NjXqg;OyWn=%ui=JuuiFdxbvE^s<
zbh0yJsYXQ$;VS7bH^-0(ZbeL)68o*)W1kuLkJe_?1?<_2Vmsk|YjrKuA>w<7#&E@^
zMX$wcX#~G~77LrCGJLHi^Jxz|es0w~&ERtt7euBmKPV+?@z>zYnc)`)H!l0u9_C_0
zv8JLgOt#AEQQ!BM8olADP5k8k%|7>6LHjFDjTy}KuWgR~f6Y^4|G$@~CJO<9v7txh
z%UnLm*QCLe71*Det;ZIAqikny7g`Y@sD*FFwk?T&a84@bv?ZO1&ESk;g?xd<nq0cx
zjKomL$LiAVGK8YHd;GkV_m*vIwR@D=-`yKudc`0hYCpYW^R{>VO=~otRn7Uhllcu3
z)Vp>e6p!<WF)nYLA|-CUJFNL`NAK}15wd*l;mJdNO7gl#RZ4uvbr;*KNM-&<FIQGR
zy}bJ6@%>U$iiCak<nSr%$UX}PZ=L*U0sXk!75#rD$}ahTR?K__lRn9vf<M6#<ShM>
znAc6cvglXUr0<m)n=N4!zRDU%JNO(055kq@wz(ab2<LjK`VplH2S|}M_hGuVY#?=!
z({fZB2^3#`JI1buu2l||V}B_tC*raGo3;4aw~<P(Hq;%Nr2^uPHKmQbTqOM})*ABM
z)QYRY-+}bSCs(SZVi4Ty10Ynb_jZ&fkDU~!N|zfH7KI8Xm3`IN=<6DR&Dg8FU=q;M
zzV4NVlMmAw4BDVI7e_c^rox4A35{@)9_5ugw{n=j3p}Ka!0ksGI!HAvWiQcFJPaZH
z-t;SRRCW>4CdZzMz=w!SImZgbDH}{+t-s%OC*ZIqR_S;-7(0bpVSH|>4^0^(rJpBy
zeb@6#A@3<xmi{Wz)3TU)YoN#RRpy5HFVrUQcKN6?g*7f4qcsG%eeT17gvWPkMgFfc
z4WI%>i+1a`NBy|c2{IW!JOq#NDKE2R556srcQRi`WO&%@>5r$c*yeD{yhFd$*~);5
zmZGEWWw*d-^dd%UFx5GJ79FH=*$<MTV?iJ?%UlTF(T=<8RzL~+F!R-?5gq7&=8jWL
zym$u&uRZ!%m(oSQxN+L2(xiVM>SzWpp|ls$vopJwNq_!SCbsC?O>~L9-ZcqlAy!d5
z%KJv^_UDi8WR5t*=K`h@3VSF&HeL`Q7GAKfhj)49IYG%Km4t6}jas`9cTm-H87zgF
zoI$?<vHDwqk2QLBARRUrSn!h;x@<`hyhwG4Nh)Hyq%!_@1@2%L9QC8k->!2Tx)~W&
zjv~hNhJukfW&8of_MUGprAA2_N{#T@iX?Jbwi~$Z_6$n84@{=KR76}&XPqV!FZt2<
z28=l;f?DWs_Bo_13uQ+K5m!o@%_D-lk&MAc%HH8xJT<J-?}OMgoo=VL89J@r*3n}2
zQty5lXVePlCMfh57vV(+|5E{@t7;YrJHIAEPSS|s+f8(>4FzeJjC?UYt^xvRPpxfM
zH7%WixHa#FbfTtzS0Vltx5mNx9|hv?_V_>YXW9P>J^MFNY5e?X_6~N&23BY;X$R^<
zkqaCzT5o9_Fe}0&LUR#bAW5X=np&H^`Kv%^;Wjg*O6#>zzMDO%nf3HFtXP{Jxx1H$
zvkSv+we$|gRg%&0uOZZAitni0e$4b<^m2Lmus}Mqbqdkmtq<v3bHY(uH&8$NMeJ04
zVUaZFwZsqI=0E?=p}z#tq*hw>!HLmsczoC5Ar2=cLlb-}FQA7**#bL$x1mzz9Q{GE
zTN(P`@aX04-sY*`-Y8~08(|pHXhZ6RAYqvI=XCAjq*)vl@__cfY~>R<9%JsM^s~Xr
zFuiYG@vhVpWzj0!U}*-hT#ot&e7mcMd0CCP2~+m#)UcQ1Z~<=`-wYA^<gC|`lC+sC
zpr#<viK=l-e2Pez6bdDsbs2t1Q1Vj~2wr@ZYE1%0r<4}#k{A^;LVDICb@3R{UvVaK
zA=Sb?v@ElUqm5DWgW3@8bBT|CFGtFBbAi#<kM9_G>Ip>G_*Kz<t7PSlUGyiuk(}@k
z>I(rAKWhr|`TB8FV}_0edxB1NOr+6J#23-EiE=!bC9U@RBxN3T;dzxw4LNmEk@v@8
zEq~cJrP_Immup|fD!>w<A30a;MHX=pgsp2b7%^(rN80Hx*Te|4q#VtBsH!>OldHq*
z<6}#GX-$2g{;BmDWVst)k=z%#Keww4eal#SmBlK!VrO_DH_xr2I9_5cVLS1J#m8fH
z8B18#ikL)`y{q+A3D<m?V~{7Lj<e+?&NlX<ik3#Hs3hpMK~ZNU56PJWKGrC<FMH^#
zs#xw_iMjrO_sJADo#r9YsJn!?-*VLWNs)_gS$&EpmA9zo)}**!v4HC{-s%R`K%_<j
z<^&0*G9-<~ZweN^tMKIfHo^bVkTF=3EM`8QAQw>=)Y%ui@y<w?vs@Eji7zz6Ra}eg
zDDwBGnH`oX?+qhy<9jn6k9R~-HNU<CW0}TT4X1vCHOH$qqcf&@bz)>1s;a@O!^`BX
z8hZO*rRdAVY7=e5grY)BhD_AN^#=zrXb|5xS-WqM@e0(&VWg@(I3A$m7nk*Xu`)uP
zYK?JRJG-chcmXNDHk8Ky@a!SI{5%$@IqK8RPLi^|wj*t-O~dZ{HccJ0Q?<=x^$XoN
zDFFkmb>-kr>9*ORFMJEc%<Tr|H;eu)s=?stW)I)putcJkW^zok_4AU-3|)m_cj;}F
z(BY)VLahQNoQ}KGx^dBH%NtL{2iRW92^QZE!IHXLp`N0nx5q^6aOufJg60o`d|#OZ
zk*j2%(rjzRSJy7qxeoJ6xHHadf98Oym-QykCEU)}$6OWU^tce0bcDX5tfF_Qhdwjo
zqw+y<O8Zp1VDc5-lbM9J?&|@r>B}AF?^j%}L?A-;M8mCW-AJh1N-S8El1W0^!SiI_
zDUi&1*O4MoZpyy3;`E3S;lqJe#qq@*9FIZ<KIMT*4TZVQP^knJhy?i>99b#XCCWIB
zUnokYM*Y^6Ru2BH*6HLG$g$sWDl~$Uf*flrYbZ3FJNzoOsqBKEg=OsK%CtL>LYTTX
zu*a45oM29E1~WwyOL(8MCdtydw#T!kBcuu}zWL5t7;VX%>~f)^T`+6YpS>Qwj>_qa
zvyqASbn0tvdhM43UwfcOfiQ}NZw4c)0VTPI$TKG52ytec#$wT}C~SO9L{XO_ku+pR
zM@%&`p`nCY^@&@_oFmV@1r$GIkRUm4wB@%CY20Byz}=yfE&aP1`!}t?%)-g>A4Qh)
zpP=;rP-LGV>3^AOt2O`>S?rcmIu{Nm2Z7%As3^~!z)sjpgjmbM(aJbIOinmJtgTlV
z?l}SFw@($LMH3^mPSUtD-uB+EC%6(}BdY$!$IMzG4Uae9Zm;?uS7z#$rk98qqGGSV
z@!-R|!WNP~jcCtYEPdJFZ<a4lOuHi6T$?nLBa3nE6DqmcD}OkjU*|$1KcAKtknN&8
z?S8Kmb{c3#o~)ei-P&poDLdp_HA7XaMNYtBOO>B`DaU1c(zdX$M`AteeVGs0q!y=k
zJWc+?>-GlY-I|s?Y3+)_8)U!Qsi{=8?_Y~Wjn4(Vj;gYsLT%Bz#efEE`qR4{_f6a?
zpix`VhxdzS|0LP|6X|)P!V6Tx<&p>!44rF~G(Myr3t@}7Zx(^37vwlN(~6q#Gan@n
z9)^Kb+w7-Q+x~RPi0n6zX!1?9ihvH5kP^C67h2NKD5BAe=BW6Nnem2NL^#=VqO%&p
z{k=Xcvg;q<Pgi5Ou*ld&_QGC>*vP*7u1JSNc?##M8Ou)jRxQmm02eJ~m%Lf(6`W4T
zV?Y`d>04s<w>*Z+p<442lIXW~v5NZQ(eKf~>%$gt?{Ch_2ilV<70;J|3A{1~cxmvM
zKPm^>W9vTqz{?rKliog;C=!~#7Sck;k82^b7R8j?su+2wzFpQ!i$5Jj|JD34uD~~k
zUU+0HJJWR)TrH!sDV=g<@Fr#3Y?D_pBTlyC7O8>4&tBKf5OV>6Rm6Jl)3fm9W_0sa
z4wF)H6#QFC`(G4gi#;__EZAvHks`Ie3VN0S1ggy#fwX2brW=t)eMI<;y&q-KS<tK{
z1n7w>YbX}Q*cM$y3m6bk)k$r4d_J)yGSTEmn#N4#k!9s>x}AO8Biv)Qna9=<Ps{Ka
zWtFP)Eg<~HNot}r4dDLY91q(FH=pu;^!k1eqAWrto^CuMsN=G29x4(Sj>n3%Dy(a|
z{LWOQgBd)ReHbLte2Js&7S|8IlEY)chZ#<kycivEKV+e58nqzu)q;=j_WhaKiqqS=
z4^P<ev5lObU7l}0BtTWW(&ge<FUC`PeFBEF0}K{5x@?MSDGNRQunl=;bG$ULjPvLU
z(s9Az@xltJ#fn^rW9kp9v{LrSTy`{>nMmxh=&ZvVGUJ(yX71F`rFQp-ozWZZ3Pqc|
z!0$*P-a&OnbdLII*Y?Wo=OV>BFLNh)L0HH0;85Z#-`^hhRTDR`M~sfDeanCM*#Av1
zak2bImNmx{#q@;8{+mg*Y|QNc7fH4pPekE=KgpKk2?+krNwy{qxIL|hd?c{bgOXdA
zbEf?zzcYk{qz>AiOj^~OY!ufn0{`n5$6HHF%b#$Tam+&Ngrb-@qzK8Bs4>i3A@qVM
zFA<)<M0_q82g~1Ltkrs@#rnHOEM%+Rd}vogS5;T_F<)uKJIU=f!aI>>ex=yUlfURb
zs_ike?e)~XN#imShIx`_=jp85<kD|K8r9MV_sN0#dx-br5(IIwNWEESIO6eGAEH_?
zPTH{V%~L0xRGtY<_q;fQ+!x!~47p+Kf=#JE%*QDSu@g*S+~j`~UlTenPVB?z^G=}E
z-hy%`^mFQ7T+%vH2G|MR7a1?PoMzfQx)cx2Pwq~XzS8+6Jn^8KXX$@QfTUWcl{|4f
z;GI<bJIlak2TVxjvF7cU-f{OOMeBS|#Y3C#L_Jq?ND9I&mrxWG4Mr(b<SX!KtcQ6B
ze-QMeF1-07q^CAa=Q4gkXVcQ){J3ccur+u(<#LlscIY@vTZo|+z>Jy6-~GmqsvjCK
zGjv%wsS6Buyjyp6qezs`%O6iK=8x3q)wvqn?t@U~wILFQtt-7a#*c~M`G)t+1Qh8D
z8yxF_s2BSED$0I0m;0pm&I#N&Dm~$*)QqAFk2mTGO)jjF62^ErY10w=D&O@M`?=sA
z1|B`B3iRMz!VVsfylE#2)OogLhjb6aGA^nfUFc9yHR|OKXcOq5%9{sm?$nxPnusZ<
zLno8w6J`qHLrCXENypIwOExXIT&k=PbLj&`F;9^l@Cj@~C-MH|!%69Anq31<Gq+TX
zgBu=qcRTyQ{l?LeidFP|-otkthCZ*xk^4+%+Npxl()(Q%kAZ_`1t(oU^`#%bm6Z#b
zj1MAc&q18K<XaP`3M-E$a+OM~ecJ7_ud9Z2AB!Doo6h|P?)V^y9}f7}#$F>|PCs_I
zyRRKR>Y^P2v!RICOcfj)9QqfHc>a<l0QGvK|7%M1!?n}S<L$3U1l7ViH(8A=VUefo
z;@G}BMD)jt%g2X3@B6jk#b#g3CtvDEsrRAN<-(SCnQixcqi|1uBN6%znA2tW{Y&~U
zU(BZgjUT00MnS-t9!v-7r*D;FV>W1gF%kdqlZn5^<ueoP{uP1z7UTS{vH4$v-2R#>
zDJBg4YkdCqY}j9k$zuwCjnVHiE%+-r*^uqO_x9+71Yj~s5ionFF{5hM5|~vFj0U1j
z9+?1j2UM;JOC@++0x__@m=b+t9}Z=<todkF$|3`FTO3@o{My0ND6WATz}VZ6mlR%)
z_m{w&s{`AR2w)CI8UdHxIxz7OZP~v4?3eaYJmlU${HVMQNOrBkuf};*etVOJ(|5>s
z8%>a+sX6B_`Y9ojNWfRT;BYakh+*EzhpbM6{ukfGkxNPv5MJ%K$Kg^gSzWtFQFjp1
zlo7w)!$kT>0S5wG?6?)V?m5M_e5uxqe0%%_nEWVUuxi9x?6G0~V*qi|YQ|_;-ajgn
zbEilAEyf<g$1p0ui3bdXt%+M#=tfEgL-c^aCOD4|1W;cz5>@N{L%vr20udIEb<^Bm
zr(3Qtyunv8x!EJHp<}h;@}@5uq9v7g!CoZdL6{`Q+xGY2Nv=B!*XRwFlc`J;9X@yZ
zc^>bsyiX>~ri1%wR3TUQLx+p?`rKCh*DYX~i@U(=Ud3|)_U;(n=F6L7p`Z?K-)O_9
zRAdpmulTH+fTau@1VmWkRWbwV#K48(4r+%)0B(URH+8`?q|_C}$S;*0r7-H}B9N@c
zQesK>3;G6Yf1nUvULD7gW6Jm*voIdOs<D#pD~+`cGS2s}?dyAD9tCc$#t9sEu^z0F
zFRnrqKNlfPA0E%*X+c-?%idGQmueu&b2)O$xfA~Q?5J@yJfkbdJAtA>g{_n}CKU-B
zz<sS}>BEod0UeNpu$kTo^+YxGq;t*RkB=;26ovhoR$uaRe)K9zOXqcLssoW&kB$hh
zt9<#gx!-vDjRT^ar=!qK%g+B;b##r6rwX9}Tm9-T_}C+xtdTGDnU{^;BYlD0`Jv-W
z>0Az3X!D%Y_SaN3=-$eA@lLU?Wvb;XZLm^}YM6T)2IzWuMVLy!;A@^-rsgH|J@5gu
zTh8$sc8Xc;pM9qQ#?6uNPnRvB$iHlkyIJ<VcrNc7Fd|o2=_Q=Is9S#fL;6_X>)z_e
zZf!JY#JAcsR*3IZ0LFtcb(wsty$P^P=%y9Qc1C~9?=<jo^rEUm;jq~WdF?OKE){va
zRw)gAT~sm3{Hv$qVryU>n1*1F1GfW)wih5@|G6*x88f%V5Nx{^Kd~clCc8-nhZ73C
zbvydUmQULAj{D?=`Ef}#Y&Thf<HmM`QORvgHIk=le>e)XhV(pdbz58{p?g39X~2on
zsC_TvYP;dr3cC6}A1|UN0((osg6}HK;OVmFqDj&7RhVN6U;Y@E-RfClxkey3GQM3q
zncu$7>1XkhGraB4MS*EOoboYC9yR9Byhn&d(R5jqQl2LwEdKfZiN&Q3ngi@Rcw@R&
zjx^vZ9mwa5A?yH>6wzpo?tg$4^s}vXUe&#EqV&)ex$d7F?T@Pl&Le+J57m19=JZd@
zcN<jH{;p|YUO5}i%Il)kgyQKey`rV7duLh|HLJ`ChCdhMjICc6Yj3wJ*OJP0h6ek0
z7fO*M*Oog*-xZ`7oK!H>KaDCCSf(Fjz9T#-HjIDCTU&=Gu*YsbSN`bZ?@jE7dN{dd
zK{yuaxhIaiASZ`eHlJlUxm-yWXM?dX*C;g!v-tf&J_+67c_<n_?eqML{Y9!mGRKBE
z)eifyucEK{Y)>YP2h=aFO7MnrI@CK!-QW`mRKYTLWsB|xMg~W`?0pBsXJP|&L^gkZ
z4SmxS!-y4Qmap9vBBR%DBp9<CtAm!i!Mn*P;4=wE%W&SF*Dn=MccPFV#^uTQ<BFUG
zzaZjY4$gEuiG5{jYhnZU;Twxpkk0#_ZjCk74*6UVvF}}87+YnB%TdTto<Ln1uOorx
zu$5F8?B{n|&-GtJb~bx;2Qz`1)6<}goIIpwJ4;2n!4%?A@ATxg8cdlp0-YJ~NcG8n
z_NH-s8@lHiZvU2?(?G^F#>_)Ti%m@E>!RS<TaUZ0?d2%tn}4}&eC=5D>MYI=TZySe
zZ4Yo$sX%RkK~o>ywi%(mQi9rC(#AP+&+9$&v!xTcYA1lnNL2@O-}CpS7X6ykwVQ{v
zD<t+qrsyccEhTCj4JQfCaqDamO36wycPaKG`R!G5moVS1dpeA2i6EBEnKpO!K2*yz
z;#Y6FyppJ2qmff96i%|1SeH&(HO8YMeIr7Yg$K>%fBEy{N=RLC59%1G;1q~2!9e~_
zf9`ratUGCO5<&1mO#Ai4M<)Z-W{1ZvDyXl1Zvw{wPxf)Kp3kp_)J+%ex){ENUmXKp
zE;`F>8FtIdnVfz`D%G!I@j|~w_m*iGXbb}5D)!tzxWR)+oOX*g-)RVjfGxMTG42Z_
zpJjC&=H(V3Z#Xfps=vaiSgcm(N1Pf+{+Q118p{)jbo|UW`*2em?S!H2=Eu(i_p_=y
z?n%@D>^A=#0%BtRkDbZPpMf#7=xh0HXJY9{5w&=|+l^W&4W-%&W)l_@Y!r;9hfv)*
zKMnFi?NR#Qu*nw3<}7pe+B_-gxXsccr0Fpy^v|Fv46=CLV|(2$qyt?m9)}BlZd1SZ
zhaA~0+>>8JT28w+m0;gNbx1D1i_Zc7{fz}<1FpB`oM#oCn{e&zGH~R-Y!Oc@Z7M(H
z_GbQQawXQ|`+GQhf(}8}aVjX;bh$1`wx`HRI!}?6+n+z#8mjp)_w1i;pSS-ga^^^J
zW*>p?ZLu$=Gd>5_rb}cfoQr8(al4``pm0*Vs)|Fl#buvA>&xeJ*#IKe1IX%lxRWaG
zhc5kfjwV-)Wso1(G~C-~q9x}nQy|&H^>@2T&+CuI22S==sIWiYp?8UCXe9T31qR+d
zO@=Xqp9hRmtqwa%50~yg_1)kPY!46(=O$cVTJODKqtqSB<TU#vwYbW*LF{Zczb2Qp
zQ%d0Zn(gPyPiEMmnWoRo8GQ~4<|{&z#zMn+)@WuTV30#u($h(hp;{V2P=U)!^x9);
zHwwC=94(zcoy+>XeCmc{K$*???6ew@)u>fz&eTyDnXnFGAHy-NH;2kL*>(bVNEhFl
zs3bv0!2Qsp3vo5ycplSq-aN?{R|Dd4)1CBZl%_jxDEUX-YByT3tQnCCGzN%ipAA!8
z?n`q;mr6p9HLJf_qv2MJd-nClv*kilf{if#0nB&{Zuweh`u24f95Q4{E^*NV-LZ8;
zy$!d)GfFRUN!=75ldPQZO}H^I)smd!qp<J~m>iJu-p33KdGPb}=scXh&Y45cHIGe+
zb^;R2v;>*t%j8;RW4>cxaxHGCU~s3O%R$zUmB&Cw8)G2uv6sxxst*bF(eW7FUiEsM
z2PIoV&Vt4PBrbD#rZasF0t6Ewfj;Y2MSt5aMC=z@ko3*)Fe*7W;g59JYE83A4Ej4a
zxCfk=FGx}=?{BaQRG@FlNH`2@2pKD2SL>&+GBuaovlKZsmy?N|8~%BAH~1G<D<(!6
zL9*W{3hYGmA=@Id&zEa>@ngj%L3+bW)EY9PkcB2kZKqR)iR(oDdnJXp&=nOgR5CA-
z*C61`=G29}9xxo`a>*O7&lbp`eSW3G=JwfLrN(0McZuqJn5sFa=Y>@Gd=sK7p}CoS
zdX4P2dZ*o}Ko$FgD2A^vm$PkKnjTzE`SxLOG=*3MF#W>1M|qV|pJsz4LrDS(XH=Fq
zNI3{LKkQK^Ow>K+IChIIet*5aCa(&uq@ev(8z+Li9t~`!3H>P(yBv&-t3}{XQ__uJ
zS$a<h52*di-PT4|D1H|#HAC76`_v&WVW|kuHdWmtOnGY=pVJ~XO9-bgzoyS?-Hq@V
zDEFeVxg|zdd;0C3LU;g^zfP4=sKv_bK4yz4`dak`sxUFgzJLvOGl(2)R;~$@Zp=um
zl>PNaZtW4PMe@=$GuAI=SVcp8DUiJT{#SL<je}siuds@(x48Loy2X=4asi`Q>s@`y
z36Xp2MhBX}>VPDbK8whPg}<?;NxIGnoCZZBH=r{ZGJd}>$S*TBEQTI3A?v!IO}K^A
zYXL1)y*$4%B)D6|UV9R>v$Hd4K2@soT@5G;bNS1hb0;%CIQBemY%UgDn}b`{!}70l
zB*e}|NnK-l<*KPYCqaL#E*7p?O-5AJOLzZKI+rIP7C-GZhj5)YO9*3*AU~;lx;Ikj
zBJ(MV2QI;AZ<O`V#r|ILh;(fM*pGI=uxfdRKp^(RBr>e&8Eyp3<<Fm|cI`@NfWu&A
z@6+>K_J}a`MAsal;LSg~6*g~I>xj6$7g*hg(t&jl`b=A=pE(R_di;BXPW_R?GM77t
zVQ=TtBGMy=jHW!;fwS%<uOo4*{u$B>W1twXoL>5SY1MhWTL@wPY>U8N2lo9siyy9B
zK~Z2CL%^~%e(yF@)L!75RIY)@=Tq(3)^~9HCkgiK9{E9mc1t<sS_~s8!O5cxPF$@-
z%inpchIlGt+}A(xHr9B+md6lIT3xD|*lFnj-nd`ANTKm2xpHkfptO5lyrME3dyZ&n
zB!EveY~>;Z1GG}@uoy1n{4Ghxb`o@vrkW!mL%9=g#){1}t(w!ii=pmt7UVTS`AkBd
z644J?neOPmr@hVmKItfYmB<sQLE|RFQ(pQGml>Xjk%i@M6iX+?`e+NSJ$?!LAA9M9
z#<npkTnDD|hO|3X%y`xnsTg%zpX;^PbwH<c@dwkmQ^u7SpH~NN=6VdEyf$l&)U8>%
z6XN4=xGG3JhY9<C03d;WP{gQLSwEv&=iwFY%Q>9_kTg$+kGcJNvh5s1Xd3}Xwgo^k
z=93oG-kmEu?)m`M*u9?w3r(8SW)@v#1<oINUW)>=o^wik6oy1v6?xqDIrl?6%FKJq
zh0`}7GemU8(fj@Cz5VLuOO148&i61ptp%59_T7o#u|l=#4<G!Yud3~MxbUYb>VFn>
zNO8Eeam7mCBC6E8_Mz6h!S@A<)q6;xEBccw<uA;Hi#+X17|;9`OH{QHa8itb(o~j7
zD=XOu<~L#~qfw{1eN^^(dl#<e_L>xUL^0gGHl{Q56&-<xQ~`KM%MlRAK>-DVnGFfd
zUFt1(yaCuJ{X$S7G}QB;wk!ZA$A2mSOOR#5{@?-VI2z~0IT8)!1n9vJfYeHUzB4YT
zrN93Lzehoj^!IXE!cQnWIu>~86Dt4TjlO+hrb|qmquEaoUP2PdZEc)iAAuVe_zs1p
zPY|MVAovfI53jfhVSAwd`-Ng>ziPiZZ~yb_g&m>%)5V31*|bvs<0|(Io-B-pY<IA~
zjFtbpFZ*xKK@ie%t+pc={Fl@6T?#+ub0Re0fMh_t(f>0R;y)!ZLL!L&$!FkP{8v1O
z*zro^ERHSfMzeC#l7P(|uHy`D<9v;I@CnHAt+)-LiLGpwzoZ^dGOJ`|w_#=Of^<Y%
ztj)>bwZFLh{@ml%RPy3gH%H_$=kRK(AaWeF0t6w=osl)aYl*sfFIg$reWm}1pP&5!
z=@8A~rzC1HR~)W33kz$UHH_Ph1#`Cp6iipX)DYPGoaoOq!EVH}6Y6o^t3g#|m#<0Z
zuEco6tm}i5HT1hqtKLsn@Q!Z4;~g2Z`7}RcLeSL8hXso-&f-2<Fcg%XH+u!A(=ry$
zZ*uvko6ala*5a16vnWKQPzF<SXAA*K6eljn`H0cy_h?fxA9C4J1LD$iqU>qR-H4p6
zo71E`D`a%-OpC=j|IiUV1a7VMgsq!uJg<?I=@iyb0hi;GjR)Z#v_iHT>&KPPe^^Jy
z+@M)7YC}V1;?$|`n`$Y%`VSYMcGm>OBU?JU@_3nOO<>-*+r2UB-;kq-#gAw#>w}8@
zGovzjF&x(QC<?$~vDfO56t&xCe)YxF0!?*mB<`^Fgn*~pW4+i~J+vex>^T4V64sDF
zxJ}*qK>>n`k9;V=Q5wloBsF6D60H23Nbw}hcKLy#(|&We;C_FDwDolRIL?aa@+~Dt
zSGzawyU~}P48S!KtY+qYn*xn$9_)7HVDY&SZg0n`2VLclgj1W8MM00#?72d)a`W3l
zX6=6}RFYxJyI!+UjE*r}1OF$SeDz@7&}~?b6dqn9Ri`<+LvA14&+);Wp_F;dywmDW
zT|9$t1~UA`!vrlu=DmS4ZggrdkPO%S<qN@Ie~cVUi>m+NA<THYEfJ^wY*R+bl8eOq
zM{idUCol78%!ic<?@rUhmR_bnQ9RpHOy`xpQ$g``T#Lh8WO9=rQGxzJG=~XETPg|)
zd+~i3`4q?{XVwzaVM3Z^0wkt<CM#hJWT%j97sMILX4!2<v#P@rIVvsC+zeybs^j3m
z6P*KvC@34D$X=Kr7HcM&k{Cs1E2yECXSN%#UP=Ie++Mt$?KU8s00rfE5X?orKHnuG
zA>vp6wf8uZ>Oey?iYgdJ<29VZ&%G&=BmB`&Nw6!Zp^MUs?iY0d_{9c<C+ey=%*%dj
ztf9y3kG)Wb6(fYE?baphl@G46$3V&o^BSWbK%PWW)w3}-Ubk}|@fi(MauafU(fYWp
zZTB?@QVE6zx^;5K8&_D|9pnFyb)U9qU7b8KYN-d8g}SA6w+gL(t$Hz)ly-d{dgXCn
zGh@krm${!>Kt-rTcF3enKY!1bT;=|lT~bo=Ie+-dVcKb!fc?cT#+pWgLw<!61@D*j
zMhixw;*RM}iO8_#DEA}y4(w4j((ae~_M40*uUd|$a4W-sH5a?yO!Kf?$Y~?8BUY_d
z+A4(^KsMT^z>*DPiu^eI`1ogZmWMH39yYswA(UTk*%n6&OC`T_IYJe17SuUrH`(2e
z$k*Il!>WEf?x%vbr%5iXj`zo(;pur+zKQ+(Xh8Cyok+6EgaTYzLG6(WT({Unb|+R<
z+t%Z6b1N?<xpe)cMC0SW;xEW@$n+1n4XYNzXSrZvlav^BS&N(x-24}-aj;Lrl-68c
zHzk)H%X0ltD*18VMw5~1Hlg^KltzokOqjd-$qRw^pHL=1zp_=jTWKROnv>qWFJ2<|
zjyHRlAErph%v8P)z&!2~ULcNch+F+y&ZRsF8e!L`7<mIKc4C8h&si#;l*qgJbHz1m
zEXTZhAd>f;nYqn}EQty@+^J;6WgC5j8W841@W1d#o)US)b{5snq~h~7o2y#F_0+gE
zp@uQa^*Nz*l89a*<2!UOkqKPIv)Z2pon)S`FawWoUGpoD6UjMJ$DhZ;Kf2LL3P~r+
z%tQ;F`6C{?AwKh)8trZ;gRaxcJeR~kQy5cj2#;w%t)zTBCkQpbE(q|vi8|_@j;*cF
zbW8g(R{?T7fhMKQt?6g}akCBM4DfaHm)qkwIzM095`~mB+N#fDM9rpoEU8+~0KIGR
z_lL{_ZzO*9uwe9tY{vJ8?Qt~+t#`M)UB60=j8~5%wCnFD>7EBO;ReRI+-Jd<F!jH=
z169=MdiR2-u>W^Q#kO)JmbK}znQhoAxf3G!Zm!0f_VC2leEPPG=8A4f%d33``}ejz
z!%+S^I6kAGg>x2)wUzHZ89KZE!M6{*yU=<R;ZLu!bN{-BR>+>#I{`ge1WB7FR~TT6
zDi5u+oCYi8aQ@ZY<TZ=oiDA6geJiva`#|HeDYF`RAMBwaak5@$A3n$cusr$iDpCB$
z#yt3*R_ICVg{bMmh^_U*xYV^za@51bTu-Qc7rwrI-uO-Y8dhdg7)Eo{KR(v&KF&;T
za-*01L-Tz+P6wyk9(O)7$KxjO=`Y^B0+y$#_qL_)c~D8PXPPmwC%<BA2OK7!%YL!I
zU6RIXSUJ~e4`(^Q_$MvAfiy|9z8!l!&)-PE#}%;N;C9eN0-XA6j($XTl!OCrU?fo0
z--tmpEbI1X35vhN1Z=oDHddVTKiuwObzpBBk#=Kd+HWS_qnhoE484*6z%WpC(gaze
zHwM;uqwV-sO6I&ris5dA@Z0DAyf}r2udP`CX)zmcC_apL<utiCv;!g&5xr);`Dnth
zDPxF$kDv1J8Vk_|n5KP=9Djug)IZ$yIDIb%#o*`Z&vKJH(j>zeyzbW3;RrK`w-Kl-
z6(Dc>fsOOIMscye5LFlIQ<0XGkU`6WNyw~9WGX)Wd=U>nua*a1xwt&^OA`CB2&w(%
zT(UbOurWR*{(g5lLJye<fk6dW>F7pL6%2i6uJj>^7!K4@EW*P&7!suq_k{z#k=!&>
z2(%`V+};eMid5a{bf}?lV<6PfeOFfO?Fe~p5A1D)c%yjl)IZ1ekq@RH598$%a8^U9
zQZ(UuQ}&#p6&fd4gsxELZ$mtnMD&K0z+@Jo;z@$-f+Qo(3?&4arueS+lr%xOp2O=b
z8msR@CBfku5F7jwpi9DqQ~P#L!V~pIx3u-#r+aaW1l6{~y!!t0Rt)(-$|JsgSAUvh
z%jTbBWzqK>S0rbm&(6ihqEA@Hrv=~`v$R3>Tnv1pWADme&@i%uQJaVzuCOVtzQRvQ
zX?@`HY+oq559XAuK>@Z}mPi4Q-MvSj+kG{0(M3<}?T}dYufY1l6&mI}{$rL!A*IKc
z!7F=uyCs}Xc;}sZLI1QzD{O{4ZF-E6=P>DWUjDMRNyB~d^eNE%#2fasORG~fvf;CQ
z`O5y%SKixVqf{FY)R}>yg!0r5ZM1iakGWsm>YDwOzarf3g^Jnm{@9lExac_R@$y#N
z@!k*4^o@Muy3uGYINUOvCVAH$p2T?h;Mx^s2;bU1A}GFh?&n59nyX#%eS|7?>h%qL
zl!bF7uQx_3BKODKfS*sRMXmUJ?i@7Mj6OdGM}mVBcU2gX6YNIe!#g;5^Dtqotl=QE
zd-^9ibFGZOe_b3J@@Ozj*_}vVeZ86xKve0Dp2e2qbkOW^uJxuZ@GWTp`1vrfo|M-h
z@k^cy12--EWuKK-Aq(z(-ZJlh{k1%SH9QSj0NTT0=^wsyK&RNhOfrOwyBo3EX<z+r
z^-DkS2(@`H*U;=%(Ad>0MXZ5$nf}#)wm31F#2SWo8%j1N5qQ5_Sx-4dj>?EWa$Lrn
z=k#0Sv{<1!3rGH2?hA>qUUdH#gsAZT|3WPMPuui=BULJqH`*K<7XCi!c+#S>I+YCj
z1_x95?Ku`I*QlNoy-`{K>Ro(!>%E*gukGvNiR~-J%NgBfc%lz{srA>`LicwAt=!W9
zN6NH&d5l5et&r#O11+H#Y&q8g2puEoZ3<WUQG~3R^4{PA^A#vdWIwxk;n7*CbH94A
zX8oo5l8&qdibDhM2{5V}^`JvE{1n<?5tU(QyBH*E$)WucVdNFeNR&tq6&jP8N>I(}
zv~%*h`U~*yGO<}6+^kW_r4DTh1`qHRPX!2RS>AjOck5DsGJCI(AA9^N;j-Uk(5Um+
zh%88+@9XpO#-<?v+9=UUkOBeIP}RNDEZT8WIRdvSabJCGForp-DV-qc_lBR5`+ZPv
zhrs>o-@pr9N+sYzy@uS5H0cusk%#zTd%(~Mi23UiU;p5+_W{;4$8KwPf#?87^EwVK
z-x`Pp;T#pRk1B>e`+_Vcp{xqwY!nWTy1LiQ1)f(XTvdpXk<lkS99<`Xv`{U-J{?_&
za`%E8K<r$sakVgYsa<b%IX3*mC`_kPrdMhH2hu54RKL`g8CLD@MeKL5Te~;VZK~fp
z3%$J<h{*+kTS?AdeejVjQ7tEvxvt(CnN&sr$=&ZQhE-$$v^!dDme#w{@I`13jS`^r
zBq*a`(bIo)KZ4!&%6?m09qvWstm39`0l3#_4P!dBorTh#2YBR-iPNneyQ5s1@t}ye
z5#s7adV2sdl9!)9Z@(Wt6+uL@dYPo;A_A$|JB!gZTQc?<+oD6YGF)|R6r@7@d7ewz
za?G;fXFd%H2(mgVZ*7N0@SBpE?6poKGy_5fWpnlB;P@A^X6qm>n?Lfr=#pW|?T(;j
zmX`SK<n*%g*Nh!j6Myt<-e_X3j3Eg(IPP)iy*a_Dl1*5i%k(-1rn@t4Of-dHNMNIg
ziZt3*CxXC_WIe}O$7FFJwufi+q@VP?Z#`GfDY*hm-ua^H<Bb6ds4WEx<*LOr3gvW3
zL0oY=AasRX@w}$>o@#~+4$rKXfQflMLcZ{nY_%YUf9Td9?(gq#2Tr~->lw~fo7iEH
zgDMRu&<J9UuftS>qX<>m8FsN3!tI=Q9Tosq$^=-BWOm~~3idkv321mYl@E`9S!$sb
zP--lT<$Dr%atxz&u(<$nC;NBrV87A`tTp|GBD1$aL7HfE^u5l(Lv7by**%E*<?RKD
zV6+Wm4wCob0+cS_2CCz+qja~)p#AcTi`VKpjl3kK8wDU}ZsQxFqDUZc-i}S<pg(dV
z5Qn+#RJ~>;N|&CmJ94?Zk|fik=|kSd5VrjdqEj#LGvj!m!OQ9$h<Rf*f4M&?PB73G
z^^Md-RPkp!Q??tUdSPlYtU$2`3KLxP+tochn5@sVtlygvZ8Dz+blyd741&x1Jn#H6
zlFnAanV)Pwjehde60xZIS7JEdbxGz+EXv6xBCouOcbj&KI8(f<mf?CEbCKTM-_7&c
zd6wO64S3wwc8Y!`b9=rY#=Ns-+7DTvlMiNQ-yFh4D}@Q3wOxB*I~lA2DRJx1({X(?
z&1PyE3EPnlW2bj>!8cfULQd&tL2^O9g|YlKY6sjN*XQ-60{bYhu-qNaW{v@2s!vzK
zUQ$Dq%G8&^zw(!{a1f?`1vM@RThtuG<8+h3krZH`rVD5|J|Wte56&Fh5#kqW7T1Nm
zRC?B9&_S8MB2mt--v-cjbuq8Awf6y+!Qh|1E$F1+2mQu5WwnWs$<e`8VL)p&pK_OH
zVC+_gWTl0%2jDxp!v#Qfp0T1;lFhqh+o_!);iA*O>&lS8tBq1T3zCQgtPnOs4#Bbs
zItZ0;r(qNoZ4!jDL7MeirJUcQZDc)OB~;mrt*Tmdd`j({DhtNLA-3#%x74_n3yu!V
zs@Xt+QN+id%?tjVVSoPYVU2}X*Xf-=1GyVKmQvJm=$r%f;F=8t5RUd&%Z9uyMOFQ+
zC<Bem3=y92<!;1H#FDtSOv!J6zn(<5Aw(YQNYKT_FZ9Z$R;c<^(RKE-0PxB}_lv*^
z<^51OKo?TrqGQmkRenxD+^qDvxc1f8EUk6uPM2Ds0!`11c+z2}AaE2J%bRkBdeM$K
zwPr?CdZBC#2=S=@_!XNm6!&YD&K+7r{?9kxXFtqOT1?K@QAiE%=078Nh<#qrd4Nd~
zNxxDA9t}v+rGjS184PFeFsj2ET$P7EJ^~xar%N~9cTUsRjW1-sxS&8POQl*fgYMp&
ze0KWP|FWhZxafLmj~I;HVmP6Mm%=p-8;PfQxN%{51@V3c6k>oh@_8X3)G64`AL|F3
zu2Y$&qJVmMMj@bEv7JupXz`vS;fN1r=C{7DnSIULWT-0k<-HTugR4ZDct+*cHpYzF
zwoJ1aRDxOMJSYTT0%bPg17?emC8Jggu6g_6wpmQIdYNALhq>Dsy$U9k0|p=+v(<8)
z#~VH>ZV{;cvqT$2s|d{sB2E#{LLz5Fbtj&YTVk`<(<~Q(36X{0{R#9~=nhX>FHy;l
zCLxz_I-1>D`$h=^fC;tSsc1J-;TjS3rksgtJ>=1s&;8PDzWZ5Vw>uPWZ*yu3V1RAv
z<l7#Kv;>7+CXUuTe}kU=umiRT5OhiB9KY^akK(C&817(n5t#Dr1)=uWUse09AKira
zv}&vv)qZB^qkY9np`SO;Y#bap6N7A<Bm*=uDQmAaP*5utO&j_I6O!D7#hgeHjq6Ry
z`Dd(veQ>{ZDJP<8ep5KVnY5<MzHqWuP`v@;AUGY@wQv_>a-kqbROaBYDo3tN?95oZ
zN$qELr+8R3EM%raQ5-_bZKrmCuBz&*;WP$X*&|=KTu7<5yD0n~Cp!ru7nlGf{>o;c
zIM$z%{~@2)Dw>Q>^f*T<LYy7y$4?isjkbQ%EcUE`f(QK#&8m=Ug<QiVD2G}Eg1c$E
z3zd_TRa$j^+QoS??AXbKnz9De%ijCJS;=$F7w+}EdM`J{&Bmrcn0AKL@23X2W4gk#
z`fM|O2-SkZ6)X0Sc^|G<zwi^@{l17WIo6;lZT2f?g`R?<RqnU&CvJzGAZ<We{J2r)
zIPZk|%NgF=!L3FOG6-}r)=BLsZ#8E<1JA^o<w&w+1J2^{s}H!HVh|?eeF5J?+SxC0
z67N)T2-_g5H@uZMJNk~vTb;C6J4k;GJ|F*H;APosU)VNAi#UGz^>p)VI<>;=L7U+e
zRQd?<%5w!ZIdIVpP+kDvf|Q()v6*nQ!!=s77(`HO;9NO>B%T6`gs-Z3AdI_FYZ4@3
z(0Fwf8rQ7}*^bH=r0$=+Z*mhR(rf4Gp8`d$Jac>qO7pz>6LX;n+?rn(t3L+FzSLkM
z0dG{OD9i3whh)7u0q(CdeKgtR1G2i#`L6>&+j5aIAO<Ar<z+G}^0dhCaZgC@G62QG
z#_up{+uW|Umo}a&l2+)LyZYjUEEM3rbL9O2G<XKR3RnfzM1apJm0?4JjC?VJTtEd%
z*8G}QU40;R(p<FL3;YgoKIubuv9HJh88|PG7S`_pUlYkEipEbW5rXdL>%-@Dm%Apu
z*ewT$?<tI}h1ClCnA-1uQR_pQZBJB=rFh&+8?w{e;INfLCn5{pHh&Hgp+cNE#+|r!
z>RC`same1qa0y?WB5|tWL3&S$QmZLJ)k$hq`|3IJBgYH%Rj209q{6%@9G?^OC9-F?
z>-L@<)*Db9q#olsqA`m^I`RGh`pw@eJwjswrX40rIhycZG!G|z%J~PtHo)uiHNai;
zcLB~EJKgTqE>eWR&sjhm8{kE#t<QDY#V8Oz@KB^A@H<Fmbd#tl0I$&i5(i6$A4@@)
zUamk@&Wqqa7c`k_?zokQ`~BniKaP90=AI&lQZ;@N`B%B%g<(8di3YXap29VnT{eg-
z&2D$s(bHXzgFQ1PHpF``#^yiA5zu}Bh(0WxB(l<t8VT5ddV^J@Hg48Ry-PA1h+#h7
z8aHuW1e0jVP^mPxq3KatV7&1N6mytd=AKDF%l`tsTyFBdan1C)HxB!9a1)X1%D+CH
zy((X=X7!TT5i_?Rh)q?MMli^-{?5gS_ktv4F&tK96%2^9?V0s38b)QzlSxn!ml!LF
zJYxp>67Xc{1)CyusYh<-`Z%?k-v2sU69a@x<-DQj>S#ij>RpQj`rJ5!PmEGrV#54;
zi<hU2xBWHIz5<wUAja0hDRx4=w7cJalM8<ao}V$|JExzdeIFIrpXy*k^DrJzeu%s#
zuX9T0Xin|1@2xXErmEFRQoQ{VYjwYaqn`u4qJ$H}j}+$B)Ys?s08)Hu$F~~NrO0Y>
zJOOe_I<FuX$lEFjR^198)_=Qe)@s^*hBSv_n56gu44FmKZ1~Ac^U)#Dsdc-5(&E#q
zaaqjbm?4h04KDyEWCHyL@y;b74cxU_Pg`p__m-3J`uho9=_I<3dlP0Ckhh2cztI3x
zK)r$peKr#}k16z8>LPJdAE1dRgAO@~XPRHQ&Cs%s>Nsj)Svc27T1;A?44mxX>F2!8
znglro!x8-H92unrRAhyB4IDCkz~20W)yT4!GWnzFTV7nZwLM5%(uLpR*ym6HcBPeC
z<(g=tuliwk6bRugk1-jTipXbh>*}67Tl7OibL1cHXg9ss6A=7juu%*ijTYh|$W9oT
zkWB7Iqk<Yt%cw*LwaB5(u<schHwh=v+iPKkQxcq=MoUdvtQ@?+=hh+eR;-TBf8n3U
zybfmsKM3aSna5}TQqrV`tIAeV_adeR*anopMiTRUkk_oBR&m$S#q>v;J&aBr{pmt&
zhl{fkH{xE*NK~iSOsrPxkMc7hG%ni-TWftCP(>eEED`7nfzPZ?TvRxLEW2pBD7ar=
z_jsLyZg<_h`7;Zd99b$+lLNXwp5own5Z{)&zH}l(u&ual5aNW_k+d!rItUGa(}}NS
z|0Wl_AGYp7_!_D_)w%lP`-R}G=+I}mJ%h=~1^Myc<Y4PJ)tHw+q`1d)XGdi72L%Qn
zSoD!6Suv;QQ881LKQTXmG+e^n6)8$JYLQ%(HZfmPWWihl1&c=|A<;NKaWEH8g>xkB
z_<$Bn1xU+B1xUO^0T>X;T#24u1`sVV3J}1-d&2!s!S7$TUO`KTJs8E`!e7w+|DUGd
z{{`pgEi)GW!(L4NH{bAYAU~i0{>z;VY)O;N&i|E)$~>9-4;ORg|4dk{xS;*N(p}pw
zMW3A2|GJ(3g-aSp8(5ng;sMOxe|-i0<F~`s|6B0<&)&ZMe_~w(EdjF#)!(04UX=ge
z3Mu|BhLX%%9{yaF9p`~~bTkJ+DNKO#5R83bu@uRI2h^{XRnc6~0*Q8=0odu1c$N>a
z<39e{8X4c{Z#>0of@T4P#<JyiEG=CA=qG?u&VPMZo8h??zYJ@m!NEo=1Orx?m`n6a
zfO-H#{5sQlFQB1|vtIb~I~V}JcDE_jTWEwYl;Y|2nshvO$_{6aUm>2V=|kxCE2Zur
zXI`g(tCI^wTFdfXSe>Z^Dd5QDHroCJWb)!^zSYx)X1{*`o<MXPo^vtV@4&VeTj2=e
zsGPOjJ&w%=i$&rGGqr(K*hk@*2?cgBN`-%SAI=>_U`>F^34JF)HUo*}@&4rjumT*N
z+xs_GMUy3T&D==jtgPd023fE_;jjv=Qhdys#Nk(VKe`QV-4oruKU)C$ckNC>P8SKj
zja;yYn{qb*I~f%R&Kpo)9q*REr<6(OuXbo8l>|cf4%bov8itSmHpl5+44@m@3xWL<
zC4~)9vm+yJSS$Erz*;Xuac75i-2p%&y<3=U)Q-AG#=N2H&yCLdFw`qVuNC}Zae@LB
zb-EP*jDvgg#&ihNR)5x(^^X8M;pO4H_cPgqlZ0Y2DmJ&aYrw&-La_&h`5?+mOIJ5<
zM*y4&1*OXw;Cu<O90v@Ye;i*HVFC7A>T}k0sR-`#mq9=myRrk&6UBPPdK(0_L3i9|
z0N-F|yJDXe*C(74>MPjwgGFT?NSS;bTdUS{!3OYSxvuntq~LwEgq|sgQX;(W0E>i6
z3JNqOk{-FN6D)JR1?f$mC-^T?+y(&JL1F}O;Xaf&FD0i}X54_4ln$Zia;}!;TCd)N
z0SCE?c?;L+n}!RBj=a=O!xo+kg(Cr*7_rlDkmHht-y#J0MXauoXrpeC`2F48&31&O
zavoV8&}@k}nZ*qpiasKR9UwC#;P|dSZe@4Q;bg<mAA<o7hagMoT#H%(Fd*5Lx0%1V
zNA6Ruk=ymf32i$Isw2uyB<O=TrO(3szI?Vb-6nl0|Dc&iD7PXzOT=LOmZ<S<V~%cq
z)RVD;Pds?J|1i@F)@rZb_{n6y?4x+n6+TTHk-+YU=FsW5brdwB7bLrqmeVDdF#ljI
zTc?4kgA-c+qDhq{9vPp7y&o{s@zz&fJ;Bu1Ly{0u9>A)7I@XhU0k8`|JECgw!Q_X|
z_uoGufQ5KMC!aXr8<%^Tjt;;ytFS34D}y*xa~1%atWmHO^uy0@=h|}t;T~b|vV^c5
z0<<BW@}@Yu7+mC2_)2i7GXNS;LeJ)ot=<ER^q=>lO31UjHxS8R1BB&F5S1O|YVLfM
zH8&*gdZ52QHc79a8QbS8EkDmr!~?u{^b<nO%+!Ach0DeyDoFmC-HAt!mT>ZLb^MB}
zxEu_ejF1kcUNc?fOh7r;YvCynnmqj8N1t(9{A<*E^d||jdbzItVIX3F@-0M~SZq5&
z`Z#H08Nd@=A8<(nbiSxPIlv^r)^}{{^-7U2tl~*?XK;qy-jr1##>XW3I0}Hmg4X4{
z??$GAGH-8@{UBs@jb`4D+^lO^pc()22~X9UrU&6`jmby_h{Y@{jqfV|x6tkn7$>mJ
zu~FI19?bUvc)k|foGRWr?PIf&c~Azls=6N69{1XQi!m$44=LOwL=9{IxgB2J7;WV(
z4RRBadBA9s%W<qu)>MQGb%&+%*Zgg&tOrd~m%>^AsY9k`6aYg{q+`&zFGiJxn_71j
zz?Y;*_)*E@3cugkmxPFjny72`ez{01MASdK?mskq$igtf>j%K|x7ZA9D(LZjR;JOk
zBxHMQYgz=-bvRf09+<#b_`5Mz%g7VTe3g`~v_7KW5VD97^R4FHM`%4@y=PM5_*M$A
zlQV%@*dzC<pVx0mBlBHC-J!NLdYDpN04#Z_g+NYUdk7qUadLM1Jbyt{_PVz2ZS1Ol
z94wk;CeM=!NbhW~{h=lTYEc;;{g&3`u~Af4_D2blwR-Ql5TF#PmK_HR3Fo0e)Z9}r
z>(wme15P&3Hy2P>XqPK0&))COA60};6)ehgjha0KnKE!%N|Tgmfvuy$)Q)~j{`45B
z186dke)TMU0xQtN^l*F6&@>0>x7s<@eUXs!I$jO5{63dd9gImbHU_F-X8|E!bG+Ng
zcuO$x*$M9y@J&_KmBH&ad9OlYKsI%GC@lIVwTAg@;DQoPwj<B%<TOZ${0Yb73AZ#J
zED3gsf548(nnHajVm|T2J`YL)5a3`+{j=sJjJuaWIaC9>G>7>}YTOT8=tPFj`QSS1
zfkVfhh(Bt3fCB^sEQ(3Lx_~)$B<AyWc-PX;!teVEpYLI?eWX(@SM6t>7k3XoYtAVp
zc+-l>g>n9M#+j=)@>jq0rMv)R0;_&+hO#?wvc&i4Zq%C6YbNrIIE|BN@258X5BA<V
zs>-+B8YQHpq(vH)4#`D#2+}Dn9RiE)P(VN$1f-Gf?nb)1Te?dcf$!$`)*ffSdwlzx
z{f+Ohv*ZsQfIK|Uy{?$oobx(a&l}&>;X#Qz(jcBr5oeRu90$cX!Cs?<Y@GI|*t~qm
zM3O6j3Q3w^f5ex~1E%Shw0EVj*AySKlLpB6qILL0tp9*`=Xxg5&i5PAp{4rQIT3~~
zw4~BK{iS!LCZ-Cn-W8dp>i#Qq$!xON_i9rLn)}V_F%dXXz!^{LaY!^{rY{|1gH{A2
z2*4eFT}AxFf51o-_UGZ2-bIYoI!B(H;lpR&a`&qq#k!TvK`px{gYVCUdt6v}4N*zu
z4ba2|Q{bBPhZ`g$tc9JT7QY1J&yyJ9DCrOgL9bpT)h9HH2Y>IwinrKyI?&bcQqH`*
zN`4wcaZu{MfAv*~SpGx=`hnm`Co=)<G@p@5-VGivnK)9wNi~;CBNpK8#smT%2xbLx
zHD!yI%%*o<a^SSR;jo@knk2g3+?p1K4gi`z<EGqS-RboXI-$Nw|GN(V&^hd1l1*uP
z;OzhS`Yk6YyKg{aM^A~?=e$%9?Or^j?JA--!h5W{U^f&b*D(r>Itj*Tfl2}!o2#Bt
zJ6Ry1a63N;aC&n1NF4O~%6js0=(jjdi94HKCCCW~Da>?k@PkriSaVvt92P-~VDKiJ
z%H04215x8oe?a!{dp@UhDMzs8ChwC1wj|tcYLgSAV%UWFNG)jpJ1Z5TJy@PiWlo-c
z`_<;lC{T?k006-ly{W4A{S)CU7yFux`g?4FN|D|J>=B1Km1A-~gdBIn?FnX``cQ1&
z&hq1-_g#w6OxNjVn)6-8Pzd38+6Ey0-|@@|Y`&UP;vzvr6D|7FMc}+g@C+kWJqcL>
zSvo{&sC5n8mVvwC7a<O$+$Kp*X|rqH@(Q=Ax!NSANcUXt@gaF`@C;hb*c_SB9E}_e
z8T8Nb;Q9pYkcs<9r1yZP?J1$gs&mqrKfmcu6VNNu%$eP}f(FU$hyM5`z+BE8`3nKV
zlb>!*3aZ`cf<p0`(H|v+<zpDyIlc@OR{)7e%GL;q96s!JscIFQ1I5_^;c^y$cN|tr
znq!aei(1mDcTKRH%xL0nl*~WN14@E>)S<c92-5{fI*h0?q;@YFi*yS}6UsomlrDhS
zfB+dF<Rwas@mFJp^_YR)H7;?v?bl{@`G}{@t${(p`jvl=tZs3@m!(!_I<g&ivh!P)
zhL&@GxzNZX-vN`~@}gef$`os@c+=6OMhsy7TK14B2IpC9UBDRK6PgJBJaZb9xu6Gl
z9i@5xf)jMxKo|CyzYQ`}8!%pbC5V-Md6Y1|{R#@pM-?2Sax=CzkWEm@Co?VAQ@{e!
z2cSRxtA+UA)!u*aK>oj$?*DZIqs!<|T%9nb8MGoiojNC@JO~-H6hAJ6Gt`9URaMa_
zWn`9LRu8fdc^rL#I_tRQE;w>d&NrTnS&}&}SZG?a$g(6-#mk}&>K#@Hxa`=QA&kFx
zS3#4i=e8po+akeQ@FZnoVgi7#OVH75%T78_uLDhpEkN6YH>zAXzDy83CU92E4tLpv
z7+SqNIo~cY=mRM!(rwD5Vla*)N3F@<xDTP~zH|+o*!3&GzR#9P98I^nwTsCIh0l1w
z@bn`v=1d}JTMiyV)gFXS^=1(uPkTt@_op$%{BF(4X?6gmZI=x5x@HCI7qRfht3^%y
zih$M%01m$#rV?9oJN84wU0!&Ov?;&k6USev3w-;C$f%5O7S&iT7L(E5b#D+wfhRv-
zdE`g)aurDGw83aZUwL>pC+_=#m$jrPYR#5f3f(jSx_=H|yf?1-<%F8AcD`TxO-(sB
zqglMDp=UvWsv(e(4~n;p3mFXAJzF8U<hZ^ga9VKR*S$aIGx&23TVNhLi)+BiSZ&#G
zc!K|=y>h}JA(wB_a?n0sH9BjI>`OjUwQh|t32mgvo6Y!stLmg<%HyRq<|bHUj-5)5
zhdpf}IU($Llem~CNznUi8&dgLy>d!;8rxJu|DUSi)Pm{*spg+&*_Y7h_t&@b+&RbT
zx{2aV{Pksr>4a(<vp%@3$<<@;X$?2lU%_?sdQ{L3V8?$Dwc{TyC#yI7*x2qfutS@=
zr~IY~%dU^-!f&{www175Pv8gV;j}l*?xc5<R+(L>CTIt^Kq+EwZvF)&3M&Lmt|w0$
zgjLU(=d0YA3(-PM0F)ir2}XSv2ZAGO70h#vH`^y`)I1Qke5p)2T{jlqFEL3}czGEk
zj$f<zrg2ld2``v0G-K?xXtaSyCR~G!SVM|VUk}x%1Xl?vW<7@nj}Gs=x}FEB9v}k5
ztjbPF<}f9d(FKvehfUOrB<R4;?<1ENC=K7Q1IZjIw;S5da<L(S(W_j6I@BG^>l%Pn
zHxhU@eJ1ex_=vUvIcHhJ<p*~l@0_Rr-PDPg*;jCYNco*SzyJ%FR~M&jBT3YH^43Wt
z-z*B=X?ORz10yi=9w?Y@g$6Cf$GMQC(djUm0p2^$$(U;rghF`iOG&U$^oi2uklqz&
zT~S59yL>ZP`c?!nNi2Z&7F{X?(`g#yyEmm(9#O?1-JA1!Od~=rlkmhP<fPOj2g4E9
zV#N{-?s5_ovl@KnZKo2Sd7+lEjPk98oL}*4B^L#qoKC#3BC#U$8kl410-6vT=Afea
z2$%NK3=9%HeGM!qe}cih%ix7qG(zkIwS2h)^Q98hXx&-rbEuDb7SO7!6DRx$N=f=a
z>diWzx=qB{^YyTSVFdH7zNLJ4zkuVx*CO#~<6ZLt^QulMXl8RIJ%@fR!Yu8dAiVi6
z(H=LrGEkTB^a#_$?qr8=)mZ9Q5yZMd_>2I|MR-{XiY5{Uu6-_IiwU6NrJm2NL|xG`
zF){h+^9vn7`YJtO*2U|{Gjxu-k1LZ?t)DBNLj@EE3a7byKO{Djs?r^&93-98q@<j4
zBh5{&@a;wO{HW7mm{=bobNS9<Mu_BE=O_o2$@p5UXDy3?1Sr}!Nkn?eeB^ok&^eP4
z-9nYsEk@27$6ixT2?U=}7wAeN@*VY!A}N%W4)uwU`c?C*Jv!<1GFD#10em2E7_VT8
zT++4tlqa&2HadFbb^k;#$cVKdsi(mG_{{|sS?!}vy}VB!RxdC5W*|Tj-+1Ij|D<c2
z7z@b}_WJYOWYLm>X5rp~dX$_7$!mm$VCMR~jFow3q>6Aon=|vHF^AIqhUCS5^x03E
z#odSd-D%HWsvw8Rg($qP-$mc}>Pob^WPktJz-qpeOOXAwWRte5<!udm7=}}=D!$4~
zJ7OZ_UbxI&1Jo$>xy&oo-KUirn+YufA5_JW&m@lV`>7j9&{L&0YdAGYn+Et*Z7Z@=
zqceW%`=8>seP~u+=d;a1=#BB*(6+aJ7~`_n%+@`wq(R~R`DZV3;f#f`Ol2?<$z?Iy
zxNelWK}wNIPJpI~*!8@NS+X!N`$ceX4qlqwc(-EFcaw%Fye+OdTl?swW0BuRSqaGp
zTvdInN7~j)-=dczK8TjaR0I#)ezQ_1oByzkN72+u91~4~cHk1UP(`P!*p}TZO^xa2
zcf)`TPhvG<A6_Lsq#+MQBEONI#}`g8SL?#za1&(}DrpLO(>^{gp~avU;F^$i1)p`t
zO1(OFg1hi#dcx{E0_iF%%>%o0_Ka26r)rfpZpB`eo)7si<XsGu!P;)gwxPkH8f(vE
zQg&?d4?oV0oF}r(${BU*|BPmI+re6BR<3APAAI7e1}Q4J;e5t><wug+J)h3u7h1AE
z^QA!cI9hBu)`%D8@%xVa9LtK=p(~O!^}Ow3$@5l`EyL=n#F@UW1`O4I_&c0hjYXRS
zIk!Y2F5Z2(ueYqc`s#AyV1S*PqhWUdS0{q7)l~jLHHl&h<@`y;;e1BAPWayRt713N
z#N|xfo@yl+>cnp;o3zroCq~*wsuM)g-$m+v3@~INZ7KaRe%0Xg9=7QIQmfLoX>YDd
zOxtyRn<Z!MdN;Ir`Rr)y4#)A*S~`dlkC++P2X=msl9QZTNXhA76lc&An!fVl`Fav_
z%l*`$LTO52qnr^%{<2#RpOOUs`Fv?4fYZqhczH~ytwUNoIupBHdCmc!$YqtT_=o&6
ztZ398H171j4!X9vm%nBv|1HCK*g)e}?BKU0p=5vMQiI}VZsYU*@aU%=7aFGY;ixv+
z6SXi6BOkP^e~AcxTf$Uim}9}s3N}ouC>vjug8m4Ss1VtbkUyKvak=VgH;WkyN;NL7
znzY+bL2pAr#F`XPnoKcl`LMrwNIyu@Q%8oWp--TYMSlLwbG%WT7NPyKQGnnU=}a~C
ztU}EnQA6cSQCj|fri5oZX!16%(Tuy3`*2iG)+UfAQBrWEAG)5R%2DLL=`QW>XVy>^
zY+3lex3yqzO~<a@^m)QRb@wooJ+YeS9D7}Y?*$c+h43h*{Q$rHX=c=?wHRA6Ber#x
zafb@<s|sk?YwX~&ec{IKe~LPW&Ml3yi&hZ_1^-J3!9$Np6}RP`k$wJJlj-~DUxGV7
z73_`>1IXj8NIkX9UFJyESh*<c<c<znn*%h-z2u~FsS>N);MLQsf+1Pa8PAMY5X*6j
z)U#aV6kk+WD1AIfEcT0#K*r*GPRrq$WYhON;xYn9A+85c^4W>a#<>Q`hRjaB=11Y|
zFXEzVelYfXzVeoV3$Heb+S;uu-n!w9nC;&0Y#s1A#{@ff9hQH@h08?Vop%dONH43l
z88skw%@Hw9>f``A|Mi5T`Dhkvn)v*mjsiDV$`jv45bZ41HU%r2(^w_7l<=N|a=wx`
zA!735^!JDr+DD+%;pr~urV==zjPnFcx|Y*rsBlvNE$B&G()0B7)vC6ZoFCx`yW#i>
zw9ntu*9T@zu&zhuU2J>QQ=)ES#)&Qu7cq<Hg(e+G;@>_1icLNNxxW5w(xH!$szeEo
zQ<-M+Z=+^6c)~)^_-K|Ki@A;h;H9IW1Q;a%Hd@8jQ2UK&xy4|;mNq<2gS$K!%NZHT
zKI(oi)>8D?t*5Z15ij6HnhauI)N);ioesOrh;KI9{x$)tHMzf(!^l^bQ*dzLZHSx-
zimb{8UHj!jqMa_WUt`jHu3`8df)k3bwAml3eCnMg$Y4LDIVtC5r6!5~=O|Lz7}<X1
zY{b_&I_NIM<h|HVYig7g+{n5l4zx0Z*<g)hLt4diH>NLlW5Q<}-PlPocPTW*#Xcjw
zgfIDSCxSI7pWi13%`pzKOfP>@?ZzTIPLz4wU&dTozITU1vxH9^{bH`5uW6b@_W8yH
zWm81P0ry&nd&UnOK59~v8N3YNX&zzQT{PGY#}KygQJLoo5`A6q$=M~fqeT4-55@6Q
zxnkZ)uIptYjyv=u{oF?)JB1_2Js_C_(QHvYCim(5cG41~qCfyK8<Y0Agpr6-qrz~8
zf!^Nss)7gdpjT`Z*%Vz9>~zXZCfQ3~KIP=Zq}gu!rLd5z+@0*VKczq-5UH3$FLCf4
zcvG;b7c?*wuYFJmVb_s|$1wSB0QuRI$Z}jfd4Ij%8p8H&nZT%Y?lKq1OMaM$7RVm3
ze|o+>Uh<IAH0wKBW4#!Qg<o}f1x9w=#c__R6e=ji$qsA&i=$`nJda`gVUS)zth*wC
z5dT91C@sfsL=P;=-rKAJbS{FDtWt#(=-$bSpnyN)c76KV;xyKZ_X7b(J|EBWNi={*
zyvQKJC=zOFi<b#2qr)kJ;laGVo2A?6?3#e*)_N{+m(X$dC-kJwQ@Vn<?(NPiLerGp
zYw<=+H+V!0DAG=BObkE2xXkgS-;?tf&jlJa4s=SLfyi>C)ZCuEQs>TL>`{<fnzovG
z`>rfy8GYg=oAWoIvV|W2>Es6PnJ8!@Fo{@R%&&=372FdG+A2}MQJ4TVqUtRV7zn3O
zqGCpxixa)fxdU^)YMqVxp|wWLuP+D!3&w42gYlWgv5@r|bi?*C<K%PQ)@=QiZquy3
z?7q`fN;&iY6y&CvRP~cnvgHKscYBhPvlC&Y0c-!=2k8OytR6G>x1>MnQG1(R&W*Ed
zotG7L#h_*}QlHNe=RAuuV3v-<-!^HkG6OQ3U<KEXCc*6&zbJYv)M@%(ud?3|KU7oH
z+^ZKpaIvK`=X@}z#8ll)LJ#{DleD|N2Y(1U<>RDJ=Re)GQ$O%}4QI=Y#>d_9uoAl&
z76vbIZG2g}3JzYPX^n_wH8e^yv^%Zcf5Fv2D8M@m6G6ic%AzmDW5?5IGqk>vYteCY
zi#wry)Ctx#8nbu}QJC#^GJkL@c&M__q;lO1l`h8ln@Gfa<$DY6V%G`f6}N<8vy6&{
z7VqrziX&`D<Q16{9p-jvOL+D|cdW}-Spzs@XL+-;`nGlVWfQ5%JP@SGfx*Wz^kzC&
zSr3mCNSJ5sdCC^+LqgD0DMFreNbFJIqGCwP!&xX=X7I!)m)@sSRu;P^Vglkq8b(5J
zb>4Jt-u`9*gi0=j2apXHN9z>JEJ}G)4S{Ym9Ws=}zg7L9*Ya4Zj!@GWN95HiChIvD
zKiNUwmWkVeHj_QM%_1Fe=0ng(S5GamUBAEM`^KjFIQ~}<Y2&aR<Nm?MQ|cx9s`><R
zvLf~T5H%na36m`UKDU5v0g(!f$FNXVC+^vIJjPcCSFlKJw+?k^Qc-ZIUuxAeeFA;O
zC55dqs5c@;$`3A2a4j=dl{QWMj4mnm_R#Tq5GM*miTep(6&y91^Lj3CR*&m)B__<b
zswi$g=hC#17W9y7m<(T|?c?#mLm-oP-8S*JlPl$yA;!DSs&<W}n)xzi=gxu_Pz_m$
z%xJ3PmV|Q2z83#R=!j*Rb%q>|ztK!f{TP%OmA+a@IiwE363Z*{uv5{uQ@-_{*rQ*y
z*JJ8vH4AmSemSZE&820I*KY6=8~hDQoq5U6l5Y*@`0d`Eo%yrg$7Ps+$83z)U)ktp
z=t|m@=Gia(6?J$~mGzgwrJJbx_o!=A*BnT8{4L4x6;rWbRj8o(U2ulCQZke36=4n?
z;9@<^SHn?N14{7<UaGElvR8|(WQutf$$)qiUn8{F3p`P>P8TYiQ?-9Ey+tdYhiL#v
z8a_a1s|>)jsf>QIc6T0_8*LcO@b0JI(KK9NLK!sqIE}D5hX9=Z9<UYs#t;60a3N-T
z@86j(<MM5RX^r+khwAe>;t}2`k=cakbF>@Rz;Cc$E`;*k5}0rHuYZRN+~XQ3HF!;Z
zg&QDHy+yZPXv}j;m?gO*>JcAn`4yDYy5jO@gFc@K&>0jeW^8mqv&b|U|E6%i1B{Mo
zWuEZg0<VfgNXX#0lc69(sX=K(>(`>=gY5d=HKm=^$g?}oXDw_PtEmSKukRlU;~B>;
zKB+Lc5*a99-Xiop9`+c;!=H}VT(TKr=`XOVyw%X{6G@ahoTlQMWsZkmF<(*bQf46S
zQm*8D&0TUH9hRrv#PZTv=d0IoC9#z4l;e4|#>D66ErSFkTfaRN#a~+t6puAz?S^v1
zx+QQ63X(acFz-q>!EStVrsmP!!P7JSsilBBL6_xyBvj6dC&^kgG#?2Zd=PL2a}t7q
z>%-vlKC=nz-~d(JI+<W)X=A4VC0#NP126^qmEkQ2=(*!L@&_1N%6V>#DjL87pyO~b
zu|^EOhwIBHM8koh_YJ&X$Xn%pmao)0#8n=QXoO{)e&3@&+Yj@?izL(C4F&ax!6iVt
z2L|j~ydJ%I-mo|gx;*{E=X?*Ba(eyU6W}?z4PGy6_N>o7V&7e-rx6rdU@++L0X4_o
zQbucyD4`lkacB+ZpwlmdYWEXL-jTX@Vr$I(*ouU<Z{05nWpCxGb~*Sw)^pvy7h06@
z3ItL}e)w)nz*(&G&f(U<(UE#dv#@`62n@hlUjmAv^TzJvua}bU2`y=4&lztro~KZL
zbPlO5MA32wfQ8k(GkHHnr!{cdQ10;q2x6Ge+W4CG7PR#ni6TomFVMLUYE`e=29AP3
z?6VUr!!EE3eklWxV7j%r9Pe8|VWo!oq}BgP7LKU-^3Ug?!-s_z0tJbjG!-XRlDOt9
zi-jIjh6x%C4k|jB?v$qdg*=Vv?3LfORERvUBhjhW-bub(9U(E+;&AGFHS^WgB=^S8
zfTueiYg6@P%J9-Mk)vQHI`YRXay0@{314;RQl%&E$H)nrD!slaKNOP=n!{#vkd2q}
z`!F4wx380~)4fkVDC1Uf4laBw!9F-+klbJs&Va<ycOgs2F8RoT9#hk-n6=7r&(T;j
z&!Aew?v}lBPhWCV2M~P<IRxl%Fhpbg1(O=F9QiFTLb~CK0#p%|O^mz?thQt~8m#h{
zghD>_Wsuy7ONY-|Ze6E)feA?f%pP`upI$uki^!%=;)E^<nFC@mk<8Ggp%yEJ*qIg9
zEB|PAIVe{QMovhYLywHYjXrtoD%mV0j-{Ddk62+gF9QwjbPCOHotU`I0TR2@pVXO&
znn?o<&j|3F<(PyznIsiTE_UZj0NWYbq^w(y%D02wkkPMxF3tOmER>7*^J1!iy%QL#
zXHw6;Ybvw-O=c$yq!$3zdOJVO_+xOsR-+%dpv{r!5RY(g(5Zf0t}6&>yxbEc2hJWj
z4kLL|XXpM=C7VW&z3ARv`-<uIbcI?S%wQg|rx{!=-ZzK_8E@{0SQn>z^Y(%_aNa-r
z2JFD9ET)A$5ln|t?3><shSx6cM9(WS!gi5ZAa#+HSk46U>6Nr`R<g*@>C&@?7v|cD
z3%=0=KPIQg2OjAGG_$IJLk8ejO1<9o*FPOSgCODKdZ}<#%iDLGM=H76z;H&S95~Ba
zO@EUMat;5sGy+;S8dSb^lD#95=op9WH^Fn5M@>sJyW4?IbO@(AXgRY8uFaQt34nqm
zy{0oBlg2)K8YWrrMO~xi&2$p<qa0FJgTO-B+mVwP(pPUihR$H#iy9Axd9<2Vms{v=
z!qm<&zu5~Z$9-F87sM)7%=uiOD<5jhV40LZpn4^lDSqJW2=YBus~-=xcd<r1R{cbJ
zGwnvSM;yKBXnM{H_vdYzyRFlv64%Xpq{2A?$_;ltRAOZ*Q{Lh0Xj5~Y6ogUm$-KV4
zU^o>wWM9@Yqxw_raf@JsWe%uzy!o5{NQ`%khH}qmTJ*n%1<zXJYe|t;Z8wq_7dzG(
z_I+!2BA4jeLC+ccmB51ATQ*0LL`6F%rM5C>ytAQQ(a3RCA}3@AN}{Nv1>xX4<>_$W
zJ<d-{Lb4dj%}fTqZm<@MfS^9|LCg^e>F1}XYR%S}84v~de%gif14^J)!G2+#OQaZ@
z!TMdwS$7w`V)oB?#PUdNbpHZ|QU>h%CMQq6&huy|Iv*{*$yYaS@F7kE`BC>QDj0o!
zl?dD==3fxFm32rrc-XoR=&ssYkK(_nqrRuCL4ExvjP)swg@k<xa*DY08{12(Hyu!`
z${&g-zNptv&@()uCpX&jGdn8y=`@=ST>-c`Fd&ng3??v+JNLa{EcO{gQxWjBbQy>E
zOGBAPkZL^;&^_4MP{-?p1CROoPq1QMhgpCA+IOtCd^a`WbMO7sHLK44^00?x4Gczf
z|7M6s&e=9CzCPcg$ol9|@#y04Uy+Rd>q*6bpg5hr=HTEk8jA)f2(4C`v_e%va=jNZ
ze)G_IYV%j>zib(BMFB}@^u9=S$4(f`Ur7G+D;(%4;1M=B9TmOM-ukZpa&;(4_T4-8
z)AiowJ0v%c3vob61}s{!Er|`i)Tzxsc%yvwb%U`umkST)QWs?3{b;<S$6rsKYX2S<
z4re3wwrBA6ge!^Fk|3?<6WqWX)N8mw`0MIBpQ%E7a#|)^0)b0S?0m~HXBZB(JQxkj
z-_a{E0*2@I#JOQ&fVaSNr->6mGpty=lc@~a>d<=c15LMY8<zR#7DhuF8{X@Qhdqbf
zkANpuw_Zcng3ZHp@n4Lzw?7rmyZpZPEyu?Xnw(>9w@-`DkUU^E{7r-e99`(ZO#$|m
z7i3(yODVCjoF@BMpye0IRVjS&N8_kD|AWHAk>lS`D*sP;Dos;=!Bq0j=!hx6zeuab
z`<l+-Pwp-7*PCA3BAby}8$2*bLef?u#vFb4sJ`*wv}N>=Cp|0MCwRnlXIeRH;k|N&
zO8VC?pZSJsCluhPfO26sz-9RWJk<V9b>XgJb0Uy4HZcK&E!{BCoj*pGnNP=$qdCBD
zTyo3t0LC|oHP;GGIdZ8xFG9dgdz=DRGix`_0Ia?z5lB>I<2f@P>0v9eMe~B!jWv6r
zo)@&zE0F<$o4+$5g`BsexQXV~gp#GVZI%#OcISm1+gRkkY)zD&t2DtTA6qM^n!z8q
zJkoX3*h`7(jpDT*fbpH7dgad>^hmptd=CAYCg&qBaHeJsz;gohadz{iT|i*^2Z_SW
z7QG8_kbw5*Q|LfpVf_(DJj=%+pc(^GFct8S&$_a%`hkdV#ceH-h%o{^#bC?pzUwMU
zgLrMAVu&UuS}w|VGcSk#o|g0P7pA=xJY_Yro<q^n>oE!{0<&QY9SMo9Qmk2iirr^l
zb0dKe49ID)07>P-vPnW##}{zAC$3RN55k5*gH(Md^IiaK1{c`j?brPU44#lhHiHJ_
zoARZlJ9OU0@SJg$<i*zC>`GqRzL2*y0M2}N7Y&~USK*3$m!9)@L_^#R5C43zyGT4j
z(yuvmm(?b#1ezMa$uG6NZ|ejAsLpv8@C@@J<ZL^aAe48F`z7GS^BcmT)?l9IdS<&3
z9g<V&9RDPWi0^O5;Mw+GXd(pKt3kN`>~L8=be8ZVkfwAJHQ55K5$MrpIM!%u??A;3
zn8+UY#><RaHNehtd#Y%@7?NT?Kww3r6Y*G_MZc!Y3#%i`;?|1>15*|>&nDQ3os1Fq
zrkjh807eCFtKS8X4m?Jw2DQM=tLay>NnqX$eI(g|8Qnsad&%Nx=V-O)7MK=R9W6Kl
z9YM^;iQQ>$A)sxOSG?K?H00k$?9X@ED|4?Ntl!hGaueNIjWax~e#dP`y=a|~*hK2I
zC40H2Uqd|`mc3qo#^9WW@;BevAd2f<^u)nx3)%OH7s*R`3WUYF8QG=x4VU}hD#}T#
zt=p+02=NLKfmW;=jKLvp@WcXkm2L+&pj)xyH|BItN}~|Mi)&-d&YNAnwWwXhe(1To
zY_0^sUBH?{mVH@9naL|o|EP`{WYlAeFUA)d1+%sV+vwCty=i3mpZ><8-3F1n-ohps
zOgsT$hU3wD*JOCf6R=@e1v;AWDU1IWX|L_J4i_U0yMT$PcC+)-GOT7M%H@0Xbdmp~
z4!i%eu>L>H3jguj|Ad*xx-Li+2&Wu1S+Rw(ExYSSTs|fq3S1#510VFfYdyI>=Y7{Z
zOe+M;g@RA!zFB8f!543DpZ8bqNp#M=Yx?zq4h-mDeZm!Oiae2??WL^V|10?FiUR^_
zST@ZjRJC#PaXxFwIS7%|R(&Edro7=&td(SSJ8}#uDvhH`kYyXdgJ>OQn%<ggLVsEp
z(4dC3*9oxG^_pm!v&gd2%WLS@MZ7e`*C|cFPmsllZm2&fH`1`<FT4prkd$E?%%<J6
zOJp>UzfK)Pp+M%|a8V1KWgoN*Dt&Ktp{d0<XXdY`=&xA0M*B9aJdwdAX!X}q)CnKr
z%V=xsc$Ybggo9)K7~`e7g$}{XRuj#ww=7ATW+{$Tw`ta*=k2L#<CGOqpV$VxLn{~F
z(*L@X1Ggs#&uf(EO~OgIWob)$n5I6zvL0QI_ASI|vHU0Ny<5lADw`(|e=V7QyaFp{
zGZ-`f&)%Bj75nmRNvXBJv(Zfx4@*~yEApz%ZKrB)`>cYH2~7{3Tc7qfoTX2)PcFRX
z)Uu%=^^cPzsWExKUz0McKjMB^w&^ZS?FR(6==}M7s5ywll_miTS=7P>kRQ)vPzR8y
zmDY+vgDPw9_);D0SHr~;%^R<`+Nb)%Eh~mKWyc3CR>>L-iQL=Vz}O%sTjZNx97L~Q
z&T3lW&Y`FN^{CTE*?~~`V5P*@@9NBnAcmYEf!{F_W!3~E8%M&mC?oF>xaT#e5l-mD
zscXZK?We=y*X>O8G-F-Z#t_|_J*{Y!cXU3p?c9_${j&P2d_g$^Df{&c+SQ%tfM+7{
zLYN+&t%D2-Bu!<*EElk<<lT7kCh>x^R-^I|h;4Y!dCM(RaL!4zrdEs>k$l=1Ws^LL
z{7fe>+{z3DWZ)4^rZ|<#ssrouE(iM*Vf+9sr(PDsGJ$D<VtED4v(;waZ7$wHzLg)m
zT7vU`+EeSgH@-^RJqfY!`1z_kLhM3^Cx_4P&0+KE?-Z@Wvrnb~6X2F%=hd;){9XWA
z$WHu7?9CtLPMjbn>p@dcJ&JFfYb+vXrtUgHL{!4v^)-95i~a`jF%3mfwlM?oqVYMy
z{^l!rH^T(hi(ganW-#o-#<v>Tcb56G3wH#w5Vs7799K%NQ(P|ToVdzB-y{*Kyeo3r
z@|lDmf_%+hc4Eat#Xv^*7OA?wx*fJ&d`{Wh9l=PZ<f+lRj8}4LLEc7eU*f#^jGFEi
ztgGk9xNfXgV)oV^OS_kE<e*93KazMZh3qXtJ1aX3>`gb4*gyTAE%gb>!4-qLAnV6=
zS|_Y}@ofx-#(In0yh)+77xx$;`p9rzy>avK``1DTWKez6ab35LQXR_mMLJ%Umsb7S
z(l!wPubd?AZ|k<^8cQ<uF#U3hcjrPfEIz{Bns!`3|0(9H`H|Hy8HH?xzFl?CrnDh~
z&NXsF6TmK(8f4SMMf$E|m%^+G)0BoI63@)DpL<%kc4;X{+Lyw7GfP@vo^stLN`x(@
z*3C6cppzS-oz#3}(wqxY>TeFBOrH?XB-tw34C?%)z*3>m#y9g65x7MhKMQx!a}-GI
z&;D3S4QTLGcKj8IGig}lpr2T%iBY+`w~7N)(QYidpN>fNQI3Fz7rdqk(jOpz{EVYR
z70ii~rEk*2)cWhH-r$eMAGu7iSD1@l)Z-a{>8I;HzuD6lT__AVmw>`t`B(JSPiNu3
zma@mzQ^e56Hy-M>WHXqcq^t36=TKRb=UGDdgW_1&p7mIsEBPI}Z-Qum{C~-p{r^(d
z_<tJ8?SmcW|KnEVKPH{WWBlLqr1#na6hXF4W<pLc>6X-hnCAi8192_vEIZk99nOp8
z@oE|}_5<0r4zDMEZ4{U9H(C9zQh3bcf!@HS<-TSV_B#?{9c)Wzv)5Yed?3Anq0)~c
z3Z2nfsZCD-X^h9ye!~21i{WW4-J1#7<c1!r4q1AJ&o#ad;+tykJ?I{t0iUhv`G+MF
z+em%L6@9WOvB1tdf*(;#vuIf%zwzi5DDvlB>$wmXR}B_sBSI#<=9Y5ZU%lG{wharY
zJk;5Ta_oTZATq`M>lK4fZob84N&ouBPMC8<ol&mTK7_~Ea`pXFFzhaReY&kc4C>!5
z4we9Zg2+L9?Vr~I$AtKFlT^_4MfI=nPkW&}T8zEJs2ed;0d2Pz(hWrB)m^-3e`tdK
z`6FO0?|$gFK*JZ^Asf1}vw!woZvgdc%4%-z;d|t3Eog|Kx#MY?PDp3v80(+7sy7mE
z!n<fHp~Wdjb;j-q`ttpiWDTabClQnEj34aUdKnvxlHHl)jlB5{R0Wu!GdQ0AxJe!y
zXM*9xsdj?rv%k0YAkaish{M8JUBNU|x;c^6{^uBW2?StCGHILITbT1!DydyAzsG{7
z7=rJp%|bZvUsn<_{8BGmCOytcp$)O0B$D9$$6X=NL%$pSW(#~%TJ8m;+>hreUV1$j
zz$f}0TPXcjMjEVP@9h5$IPjS9bwW*ul9cx|w!mg8$yalx(J*H!U=l0wD06{Li$Q@k
zXISTt$*~RbA8<4pE*`Ge%{A53rViE{(&*da3m|gKHQXc<`Cpt^@R6fHML|G1M`}8g
z0iBWgZC8xOA|G6#>uTw)U%lqM0;&Qrh=5s5s&V}jt_j=zS6O5$CJBuE?{><sF5g~~
zz*SY#r5<q>IddmwMBcwJ7j__jYt3Ile@BW_9$wOHnM`WhiN&}2^WE)!h1$50{XG_O
z&L76Pp+xB?P{EpE9zzb<=_F0_uhQid67p>OEMW~)sYBx$Mw$hFY{M>n?7x#L)SkeQ
zwrP!*C#|KKe4TEdmu?xHRY{~Bm}kQJ=bcOK=yGle>tjtcyu91l@#!p>V${Uqv|Bw>
z#4%lAH490V3{yXsn5)<t-(>!I(V>A#&S=7*O_jrG75+K>eTyrvH8I4B$qBfA);er}
zx1#c<KL!!RSmV8ziQ3e@cz<xk(x+=Rv@=|`b+K)Pg46FdYvtl?(@2HcS@;_-clBdI
z^|4G+xx0t{7FYZm*TU&LwK$i~dE3pv0?y9)n7-w?wll%ua{5IArnE1ff>Eo)nnf_B
zv-?dKnzFwKAF6*w-HhG;)-TA1urgfWE8@R~VH?;YT}M=9_UUJQhInAe5Cn%(RVZKD
zDe@}BIZ0EWMeD#&{=F@6ctLZgf#wfl=Y!>u-B7D(E89zwQEjsn=b@+OpIdX?;0@Z@
z)py#>iL4amWFLch#A+DG=3+e#3*~l;63iv?p2s$>SBR=mv7@DulzN-%-JvF=vQhA+
zVP<2k7CW-5cWw*0=1jCY-hOu8a|j=>I;00&rAC&l%jOn$(W@XZvUVG^hxb0!`&9jt
z-PImv5@CA{dghy^m#-KU9Ym@(9BcI@ixiNH!)wn6DA4#ij75E{4kooZ#u)mdB5~}l
zsxO@m^W>ehFqX<Th=h^R#1(VH<1EzLcD5tF%9IN8)%pv|Lm3>e8ed6Dexb=h4BU^r
zM^`lng@|s&wKeUo9_MNQEfk(eK|_+_!k0dgb30zNeakVAc)Hp`_v!~k<p9?COl2Vw
zC#Q_XZA?a+({@UPx}=Tr!3N#xbTJxc7k%rRh{;V<6)PxluQbHI+*wPKevM$4<}0Oo
z*H#JS{>9Fl6YdI{#6z3k)Hykab!D41se3!2d-7I`&gPb9B9aQCjM+&ixaYV&e!;&(
zSCSo^X&Z%4-n?GK7zK`Z$V&!N!{xj>jhp2Xz!}A!pg8C8Nf>}9A=;%3e51KiKsfnT
zHg4)KA9s;#Sl0&#8qOVus^?wh99TeOpOXP;gIEL4tYr+sUl+oi_I%=4ujDpeipzDJ
zzGcjNCyRH9$zX+D-1_}F>ryg~NdH-_Z8*o!cRFUNzNNX%b$5bm+En)T%wOZIYkl1H
z3=z$(8LRQKjfH3JPy<xI{mdH<Yk^B~F<VSeq8?*?5Vyb%`Y1}uW-taR2P~;v9E&^#
z#)}Jgps@k`i_2z@9TPs|)k1`0tEDK_*Fw+`Uh~N?Jr8#w!h~K)=z!V{jX&w&#|~p;
zL!JB0s<1;3#k-Sexb4uMCyBsTW1Z9Gxx9wWQvGow<{IrX$)gT3LjAekdDn0T)q=by
z&7MB>utug1=I!9hFRo_KEmG}^yOIoY>O!@T&2AZbhX56MDU$slV0_VKHOi`Yw%>UL
zR6DlQ$0*7t<l3cF2EPk(A)1m}*8KftQS=O#dR%ZnG9Xk5;fob_k!H#!lIsI6Vm`K&
zyg$mE@3$_e5eU$nlhAr$?QCk*ov7aVajKoE4`^?bnR(>7583r9Vcg(FkcWNz6vW`d
z3d;s~O;t^j!p4UPIM!_OAg03v2i~o2_n!^FpuQUMYjkU8(L1XIqX_W~NWJ5cVow`T
zV~TZxl^U1r$7R5*uEG7t3uGuhetrrTbB*_YXdW{0L~iugL*U4cyo%Jy0IsGRp-bCa
zaYd1K%#*9{G2M6f5k`rY?^v;G1YNF>yT`{;bV6EqJeOA06``#uZ7ZvN;4CJV%xa2l
zKvG!eLv06iF^SUO@6w0IWEIwOvHsjVA<|eIjGzSY&lqb(%jJ2e?#GKyVTW!rfR7Te
zE;K=omSRfVuM$8~Wl|zfn8Oeg>c|k|nWP^s-KQbW+urzEv2N+mm4Ck-?e<;Go_^>w
z(KDjI3MN4%n5L6H?i#F1Rp?05E~o;2p5Q*#8~-k)=R&rFx~^529-*g>mM7Y13eXX}
z(BJ=f2cy(J|FQIg{>A^Own#IiM$*Q7zWYqL25b6$i$JH>`A{G&8~$&VN1i<af;RT^
z-RuE$M<UztrzHZ?QtBcL(h%>Wg1>)BM`q&k0}tIwek(a-rDjwL0&NJrTAJrPmzUa>
zu1z!&h_L*}6))F;fH`As?;n<kZR5Hk39(#=wjJNpm3lkz^{VShBJD)m=a{H{6Z!{>
z8vb5Lnf~J&ACzq;|0B5jzpgO@L%r^9va+)gc^-cZGHtw&iI64Q^EV%sn?3)zp~?MX
z|MSdq0gtO6!oKMl8AnS^MBC4>0JxF49uXA<_nF0JMJO=zflR$+`^Uf8&Gy&Aw8u4U
ztPn0v)_?9~{A(fF|M~4~e=XO3`frx!GK)ejp?1nP`i92LV#ZG9hQ^Y1`mRsG-wmNg
z#^hS$k9*y~`s4q&WB2E081QQUaji`D3r-dG@gM*H>%YDOt&ng_7}$Sz1pcx4n2qH>
z9Dx74`Iz&+v-vnwO%_TFL2DW=8R7nf7ZpW=@|@vAgA`be&M+c6`fZ*ac^`l9wRcPS
z3v-DIvvC9c!gIAhBkr$WpYAs^d4pA3QbGM3E`zHEDr9B%r}L-d^q1XjLjrnUdS<t@
zdF~o=iJ$q7HWMqh7K`p`jx+@r$@HvPPCgF@>|xuTew~oINT1a4b}U(@>K?^GaK5|x
zEiGeLHy#7m*-tVqJtKF1+JC-yx>?^C(4x>dHIgKKLXrP&?wQ<dz<P>q?6hE`(dA<5
zQ1wfaw2A6&zvT==lx8E3>3v!=2u&iazH_cqr9upAGY2BZVfWGZLatZkoxf1UUz))C
z6-;B>x^1r8=i-3foFqOGze-<~e1OLYW)6ZGwa4hPKh}0d9Kugtv;Bc}VO%CA;zYTM
zGo2C-TiE<cYdOwAewm9uP;#U-wD*}Oqa20!Ky2w%+t}AaU)Mi$<Qb^q5jr1F2wlN$
z&KHPZBM!1H3k8hDgc9iNa6Y?M^Z<L)pORKV4r0g2(p|z;f!_ykPOYT;-@PGL7`35Y
zXPcD0Ag6+>^}9pi)^g<J5Uq*0m|+e!&L|Q}AC_|SLKlvsvFr(*WRi7QE9w2Y{R-u$
zCxXt=NL8vL(tdDRzpipAtI%iVS=gRt*r<F=H9_P8fsAj?Mua^^4o<iG;1R?^o%-r_
z5Ds+Gq|j2*EoFzdvRjV(piJd<bqg^uN6eJ;{JLBv(acinzYO6Pp8c$|HZ{1g^r7XO
z=h|+iy3+Sanz<QZ^@%8RWHtTMQ8jC3R)qFMbvojC<;&<Aei4buvH*{miA%pe^xi0<
zF~i841kOxq%eVBg{$@N8)siChWkCvB$k-U<w&tIHaBxCsbNu}%4Z|OobMk2Y+9uxH
zpP>Sa!g3If&d#E%UJ7rD%JjrfjKU-9Sgu}v6CyjS#Es`-eWjS}LhQNBUMZjv#xIH~
z3MU_Rkap1+uC%RT-HGMUHy@E(qn18Dn`tLm>*rgw86Zym*Y@0+7f(r2WIMP{%}1Tn
zF3~OxX5?)}Oq3oT0!NHu^%JmAGO7)Zi4XWA45inNYQz$<JA^O_w1y33l1zmgU|T!A
zF?}1ZhR0XJ)JL!R$t}QUPM<epL8IBUOVqW8xZgDGTR0tB%;d)NZbC@AwngUdq|zlt
z=&9*c4jvbCZetbrOv0BgsEJ&@=T}&jobQHPXLR}zx1DlCt5clXz1~-*)F9mSX+!qa
zf_z*m>(^HZRn~AT^_Ziih)6!}3c_U8=xu|+k}C9u!n||iUA4$n^*NoEct@m)4pOp%
zN=08{Y*c@WRFvrB#2ebkTTzQ@m-W|u4Sg4Cg>*IOWR6@u`yKgnj_TKO|G=qAH!=)3
zYi#Z>FuhglFHzhHIy_#{PT3j@_&0sn^j&3IeS=k20?ALI%1kG{CF<e(Bw`LtC(T&V
zkJAcF5&Jn)q0b#v7}7`6&5~~(!PvoN_NBl8qD7r<;a-BCeS=Mb7-QJ}!;R~?0WpQY
z_RFsnTW{@<n^O%`I=D7<S(5z|6Wn$Wu9xo6zwugX{JTi^&;7$Job3O~b^m$)Fz0`3
z|FCLr7!d@w@lyTRQs_*pM-tl%IWC?{*u$QoHGn*)12sg^=W2CXK2r9AGQ<>4UqXpv
zS*=r@a`^D}tmLI+%Bu#I2`y{_pX*OY%K~y_x^*qoPUq(bzs349%no@-FyLLa+rJxy
zf1JB9=jZT@7iiM7SpAZ8`CUr+EOJ2V)Sy%6-mb(uEX<c$$@%*1Rz}87U{*%@mxn<D
zN_Sq;Lv3U7l6JOpPtL5?Xsk;4^amzQQ7)>I(L2{<-3K?>!yIpI{xBy$171?f6r}ES
z0qVx@>rzEX>#slAXuczn4OVPxKrnV}x%1IpMfg#B^!5T@%riMk-$q8ETt1o}G~L>b
z8!!@ay{3yVk8;Sq!^*xi4qIv+b?jR=WXe@+^r0FV79egWd&%?La6s{jXHrcp7zaf+
z^KuF%EaeNm9nOS3e}7PVp`GD-U*=iDS5JFK(yj)^P?$uq_=?0EKKbo^h!Jq`Qiw2r
zBKE8`cs1=RP65{Hg#?${2VF|+9H!En500mwk(U6cV}i9qrcrcBkiPFNN|<WGh)6_Z
zC8b7IFSc!JSPx5ng*mN@wYou`XR-xk$`4sUeCLkiiLuDHP0rniw-w9$fpS?(UfPMz
zVizl{E=~NgXR3MWu9$ImH%~n01-bQ_!_M95UL#JI4c$gN$YVyI1YN1nR6%{@G5w^t
z%Wd0o{usa-Fe|3g*hof@(Z0l9W~r!Na@_Hfefo6q>SN;@?YAn<!6AD`dr{&S{?hO9
z<KQ{nVBUu!M7*CX4Ug#Z@Ifu^VUN%mVL8aSW#zBA7sQtJaeG?+tW^@oya%8|to8z_
zrvuKWk@2KMNhZ=;W);VqDG)Imx_+5~l)WrYqhhtW&&IUX&(1n%4S$R<yi~A{@srfn
z3^A|ZBcB=Ye^M2upgAPutx%Orq4z<zpOA4O;#D3+6Mj6it*~1=o;m8|vtXjJp}?-h
zT$rja<iB7jw-Ax{4W)3DEdxymP3hpIrRi>ScVpA`ai$Sg#(r0>CZ{ZwJBk?#c3^Nv
z@p!;x+22*|gD`rPVl->368YA+d+oR@TmL-DoR{q^H}F)hylP_Z(h1M)d;f;Q{JBo#
zhZ;qLeoLj=mr0I>MH~8MBo*}K<t-BEU#bUGJKo%wPpX3*5Yzpoa<)PjnZ=wp>EiDT
zBkO+$2Bv1f*)L7GlPA8*eD5u_HuM^?Tzt`ll+*Ui=Yk%ENte@C*<}u0jxX5C`grIL
ziOdP5>EDHcf9@k@`_~q7$YX{1_lj4>*xJ;=j2!aUR^WeAt^UU{bWlw;oS5TT(`Csq
z_ZU|(U4!Mjj99otaywMQukfo+{E!bm^}O~@RkyC0XDdx49<`WcE7|+4dhO~%ed&5V
zk3itDvTBD{60Z}o`?A^l#_Iay%dI_ysduWEUfTs-UIP=PONcb!7JuK?uS&k%;=0zu
zrEH^v%)rZD;}vzP56@6aRegWS;YQ**&CRn89f3a%7`QI{JKS#r_rA7qxAIM#Z}rb_
zoEy6axF|KMnG4sseBF)W^i#TsT40{u*tneDC%v~b3A5wMG$F-Vl9Xg<HsbquAzaBD
zJxI~2nO{Yv3Q&!Vh+48{t@8B8UF7cqB?b`RsFr|T<mu}b6DY0^MnccZkr;aEXM|c;
zgDHj2qB~vi<zq}%rZVgsA(c5zOlpBf-2(!O2QgqB_Pg>UXD0qJwnbl;S9lgO(q~m%
zoiqm3KC=X?az=~s-CBr*o(iyr)0!R<i;!>WrM#J+ENXhYc9kU%qw@xw2?II9W$G}M
zJSI3J!``Ii8L{Vo;Wtf)*pe&{c+&0@D)AOWAfP@}XT~3f>6f?ff*UA!46UOi4)+Wu
z&9ox6?N@d6L?ftJ3GKGdIWmO9VP-uM9ig^95ASI{a8}dBdlaJ7bx!ebedent#F8s|
z!SH4pUSo+_J{9Fyb+oi-zegnP<{6go<g~<)kfm!UPow?Z?A-T^EzWA}IG7@Z(DaGD
zkI3n!R(}><J<+v()|Q;;4Hqjac{1U%xQ|tS#l@hwenNypo4+SD)bWvrZ6b(V39+;=
z#}304;rIg?<WrBXzxu&OB8SNQ6izCIMOjNmsnlXSK6Nhb2l&B0G&B5GB4P0|Y&&{2
z!}}Jz;AE#;?+j8$1pIh{m|mj!uZ>h?=xs{=tS}5Ch&CbxRBl}KaRSAupBZ>rxflIC
z9mrC3HmsPb3<#aEpRd!r*ClNng5c$5Ow*_4v2W@Yp`|zL&=M6%4gX=sir$;TK@`ts
z4eD_UaQvX0*N(suse_@0H9=jy7r?5kXeB^*a1RTYXZaTQ;B8ML*p0Ybiqc#y3Jp}T
zc)Pg}kwU-nEC+oDfoKf3n1YKG-kg(RXNcZlj#vg1ZMp29(zdkXqLoE6kF5=nY4YlZ
zbj^|tlHup8B&xd2dwKbrj1B^i7dreFqUzsaDG}VpkMaKWu)(tZ_4TEwQZ7#Tt?{IZ
z*=jQ}=Pe%^R)PelQfPg+>b9zNKLyXE)!PYo=BXk`@dOr~UFp>7v%QXeA;jDEkEtVA
zv;NO7-83&)wiSQ9_aE&<XZ^+#eG`nG*2`x+7U;K(gjcg++vvQm@HJ^aM>avlKoX<m
zwx>a6!9uvfu(k7h=L+tF7CL!YVZe(<`v;iya&@?W6Jh>}9FM_-<qa#>KMM^A`+p8G
zk8PIH|0cvVy_bT5LZf+4{g}9QK&uw63#Qx%_JHxzXVRdQv21ay8Z)N5TTkuI$N;6J
z%raODu~Sc|p2QEuyM|lI&v59t(cy*3)W#v>5|07qa-8UV8bkHw;p`TpFVb<>wWgkd
zmyFjH_I5^pT)Cy{*6{L|>@V5}pX=jFLueI3PR~a>MgF_|rIbPuz*Xe;yt*cRW(G)r
ztsi1}{oEt=o_*I#@mk;)I9SqI;U0M+Oz8091u0#2SU`9`$>N&+FZWZ_UO2Us&tJ!3
zHIAPfktxn72nhRl^57IR+y)xA>~lZqc!J;R`|gv<p@>NLOGJ;3ai8?hl07gs4AJpr
z9*gjkjDpI+unt0M#6lSyL~d9{O+o|Tp2M58rhi%?TB-b4p@c()Td9qsP~urZl9$`L
z&_*dNa91a8TF5zyLSpV78>%ppdv$CptmsgOs;(lF@L4b8I4}z4O`d~kxtn%s<f+%}
z$@PTl#yBlALqR+pdM>RW{g|@$p@#@Q33<RO3tKNeX}*v^MP>VM0l{t$`n?o*>Vtz}
z5h}5Pn$v4O7=sbNTKw_CkUtT1q*2-w@q8y-t+c-b2#ZgSv7HYZ(?hiq;_NAk#AvnW
zPUo-Q#P`Wvr+3kGMNmHJ;v{)vrbkIYawE0R!}9T1S?T27i*}X)j>9<&fBQqA;>)P0
z4`X5PE#k(ROb*~(X>;>&1xYmSbv^KHd3tEV$u>S)3u|zfWEUraMK3$0I%i<bn&i9)
zx-#<6=}!%kR=L-2ZL6)MPjwpwYqCm*u$pBDTcaLqWd}1hX`MPQp3E3Xq(o`i;b!r5
z)4MJibVz+<@p>t-I`}+3Vw3cIBr4v*@JE1=OR7UL#W#Z&a!uNC3$!wJ2K|8(sH|<Y
zmq9+AP5z&9MC<oZ-{1aNV@#g4Fm(|%wO8Ik$y@I<#Nv~NKNn}YCLUC1&{kqMQ5>Dp
zoWRXcDz~sm&UY`^-4ck$u&R-#Crsx`4YiLbnSj=r97fk<ptz$Q437}RTiJ<x9nmI!
zZ(V#hF9wZL;=*w@)v++9@6oU2ml&W^=@`$##h3ivlo*D{JpNN+b95&=gF5q}Amd|y
zkm`fQ4=vb;d6COz8N1idJ8mbv=#LU9eoZ;a9k_(}&RLX4m2G|eUX_{moMP(2=n!d}
z$}Sm=E8O|~W9Y2L&(|zf%G(*$U7q(7of5lQE`3CUoC8Fcm0It-v6Z!9$+d5uD^D3v
z@}6yR60hewHdpY&#p||j87j0WKXZwLBbCm^MD8Ytn)ytC$<-}<|2;?RR30gNBFD^%
z)1G@R`fGNP4VOJJJi_4a5JMgO$6$x?@%7>A7m^bO-!vVv_20ike(|#XfnZQUdCYv6
zK-n%(xlO<$6rJ4~Q_qOK^9e#imR{N!qwiJUuL57RQ%iI`fs(Z9bb-$YEhhWritddD
zL37$}b^|u)jWk`TKZ05ELzh|E6|tvd`a-tM=d}r|xutVz*GnlZ20Kzrn{1B9Sew+k
zG&kqzkNdfMFMn)04K4+3si}!G8Q%6=jxeNq%V~&DjgHa##Ai^sx~E`eOVnFnJME{T
z6&2}J_w=5%U4IX_DG(##TCIY-wR;6OSM_Pxs})1dcRry6Iu%a1QFO|ZcI&f?CFHMj
z>)2@+y?HwomPewi!6T8Ru8!fPF5;Il&N=rnDm!h*JvKyzirAQNW7IX?FKh8d-pAg2
zVqdq1M)%wH3g_Lcnm%0YSNl)DOd2(v#=f>5>&Lc;O;D!wNOQ@#hwtYPw)uA<`5%B5
z3me<NU@i#cUm;n=)yA0ly}W^iv7rOAvZH~+<G-b>^i7SK)y<7SJ;((iXMSsJZffR0
z&hmznoLR)&!Ct}GP84co1GP4`b|B{>|Iaw4lBCE#!n>HL%HQxz=D!!1tn3^d<jl&l
z`t~2mA&*_C68XPM%ZHhV6_{tz5>gT{u&}T&Z^0j!hj|!L7<f3i#}Dv&0zMFs5fGj{
zL3oOUgoupx6b%jaDJm*D2KF;_3@i*()Mxn5uyAnk@bJ(u37+HQKF7wz!+rcuVBx{{
zJV8J~KtRDoM@7f|fBkxBg~39Gv4ByBhoyvp!-9p!f_><KA%lT|MF3a(c)@>v!NP%S
zL_|VHd5Q|Ypz0Y694tIM+!Of6s|H`~2|f?=1PcM1f<+h+M^PV%(iWHXb7UIwOOdjl
zcuJ$kuh<Oid{Ca^6Fet;@tTU7hL(;UAUs^$JfdRa5|VGFq?J`v)zsf>Xc`(Bo0yuJ
zTi81|Iyt+zy7~Hj@ec_68Wi;{IwtmeTzo=$MrKxaPHtX)c|~PabxmzueOr4+XIFPm
zZ{OJX#N^cU%<SB+)wT7F&8`2%-dhI8u`O$&Ee6X1i<vBDW@d|-nVFd-%VNo5W@d|-
znaN^iS<Gtj$orgq&c1W^%-ooFf4q3{I-)vOQFmpotg6iXzFh0@*U{zG_08?wJ@Dc2
zw_G3quz!g4FUkHVxscxF0tE*L1Bd!87YL~9`vQgp4nfEO`AI+?O5Yxth|wP!MKC6(
zx*LX=N#O$3z+oB|?KATh$>nd+{*dgyCRo7#m1O@C?B8-N1K_|w-a8Kr3BU(<QOpe^
z2OIFU*jN^meo5{?m)y22V=6szWvWO_DGcSVwznJ6+_%ClE-fG9Cj$eErMkZF-ndYa
z4fXI1Cu+Im4a`33z;%bpGAz;@w&j*Th(n1a2JLdO6ZjRA9&Pjn2<Y-1<_0>y0rbnF
zUr1RVTsY@rz6?0n9NZXh$s(J-GG9!@RsCWLub@+^54)S!W9XnjVN7?~jN($McUw5I
zo;<0(sD14}mVE(jPpoBzeW1GAeQCtMGnA(4eZ`%%uJ^^X_>NuhWN%xmuKA7fv$Mj7
zT6(=w=%;dtLxlPI2e3B)geKo*Tm$|c&9d*|aaeI#jnPT8+)Ik@W-;%3FZ6kn_3|Mz
zpHkF~8|+bU&D}I<teuj^1PtyIny5rn!-{un9mJ%*&_EG&rk_LE@8Bc60TyLu-vD9-
zzM>zdUZgpwU}<-XbHf69!pO4`CaZwdP|tCb!Mb-?O>cl1L*1mn3ZKe1K(|U8(l#Hq
z8$uU7(6#rmu#*|9?MfOi$(UwTv~bmL3`qvkZMbTD`T~91#dkN|t@RB6uB!WNQy(?J
zxcXB364|*s&x_`}*lzv?$X2aci1iuPP(BNOVt!_xy`|!c<b7QctPk_lY)YjtuuCr^
z1}H@fQq3Q;S_E_w@NJg)UO6`K{Zj=mzEvZ>K#IYhHvlGZ@Gh#RbBdd|$}*8^>sT#v
zKCMvJ9?_n9w{lm35d_DysWfVL)NorD>J2cowe<#gf_YctP1Rwy2YyLaS2U~_3@`~Q
z?1sV!=(;_$BP}|&wjtC4q9pY-)~f@6vvA&W|2UhR%^5~sJ`USbaP=$Id2WTmIe;v_
z_(-sX{e|jsMg84Ma=q;4STxhxdGCd0s7)L$)Wr&@b5Z!5U0cx%AQ@#97oDmWtu6ZN
zd5G?&F^DI@V<2t(YGUFZ7B-<GI{;o{K;xHOZi&rESE>40{E?=gBtPO#!oMwJ$Uyd#
z+XukIi)dN@3}yAyd;hC6FK=9y7wmWSR{KWMJ#%mD+`qtK@x8(ryaBKtG{R<vCQcsn
zUhyn1uU`Wn+5WMeZ)?93pYM<_&v!GC?y@T3Fn5S{vh+W0&Gzk<?%<6|eU0Kf`+yEy
z7`c%*LN}e`ySVm^?!2KldjkMT!k^9m<4IKsN3TI!FN*z~<ybo5h3l4B=?_=s<pk#Y
zae(UOFc@|~oc|OSb->BX@0-c}b)kdlCHIV5H`i^R>qGb{9+hXSx8T6W$=-~pvyl^c
zM1bEnjLq+2n7K{5KoZ+-I&3#6`OAZlHu<eJq25HcySoOJn4`o~TjrB!;#Nxfk99Wk
zv5*ow?93{%j%p`9!3z^v7jgxYC$5+HxD^%AuhPA`A`9_8bD6Md+xRDYm+1TriX?OM
z;dWC5m^9Ru`viD<-(e-~YcJSub7Qo`a|T5*3o6Dy-*1IKmX4VBt9B}}T|w_s!|duH
zdjkOWtJ2C&_<$tAfhLzwr>u`NB~NU@H<oF^KHd8(um~j|3Eu#Isj~VNlZ*TiD0M23
zThjW?;@r_fGP!<yaK6^IOLqr%p1_?l^NW=lH&eBkTOKq$URjbAI(Xl9<k+Uyv)=VK
zv`#NybH1gO-p;zB-ta6q%fORH@eQ+CXSFHj1~vd9u5VjD4x^JX`{rhJ-$rB>Xq)~M
zpWBEnyj!odr9_Q%#R-3X#f{;shTt2Zk4NcwblR^X_so#Q&@VTPG8C3P|1<e8I|_gS
z7KRMqAaSZ&(|I9-zjSo4S=B96ZmCjXxowNaX@O2ZM1ObJZEyPle!M<q=)`Ey;-T{n
z;l;21qoc|!FY&YV%=(~MgHg*2H=jG+k}VES{ynt2T6eeFB(0q|Ed55Yo<VKgp*iYL
z4f5RghaY*aAMCyl!86N6XTL7IY&Nh_sAl2jeac14#Xty~v7%D?lMw;D`dN8?{ERG2
z-_5v898GOWwF|QFb0_w#Z<786M^i5~_z9Az>H?}@5g%8^eT+n3jV#u{0KS~B5nje`
z0HUb+H-HY)8{n{^>VR?Ol_%#7VDFn?iS9`8Iojjpy*rIPvzE*HA19*GLvk<HI^ryG
z=lV{~Y;fmRvz4?*n7VgUU$}rD-fypWdsn@nJzG(c=G8?7CW7L!Si4#kqT~0&5kT+o
z215kjm+e*oKO;QHPljaOLDjthrq6Xt5*TgnC@D0yLBcf1i>b+T!vKFS1D9FPVVoN;
zZj*0-+~v;nH1oVCX1+Grrp`Vdsz(`P_yRRh=x(TXW8WT<9E68}U+)+20UxN`znDUm
zmHY;{5PLv<C4ClI9@)4gt2=y;<7w7A6-yJM!i#>{oSW)fo1M{*gHr|t=X90T)2u~O
z5#)wZ!2SOBx23;xE&l=_{1=?azxa@U<3j%F8?yZYLHu`N<*Cx*sPZU-lNs*qyl5hO
zL?4LI<uQK}ImyRk2qTJw3z{u_(W;{lThA?yuR(|)A_^%c2&oYv@fX*pAsUJ;{@&%F
z=$~V}Of=hkKk;kTem&UXV7x8Glzhzhy36&<c7o^L?R~f%{9IAi<sK~T+Rw`kXPyfq
zqQeyolHZ#f=fEi&=g1F;qZ7dD<cA2fYT|*v2C5AkA*a*I@WS|3WO3Tp0~LUd30Zj*
zkogdi4L94%LzmrN#t=`CQyaRe&siS<W6YR=@0ps5nV*-4gt%p>?MC~-sBRc095(!*
zl{r%gh>MUB%_=Kbl@*q6@B`xsXk{=K?Fp!QO`>p_Zah51QIUFrCj3x5V#J~NOwpv*
zfo2bGmim<8EL#yieqB)~>2Qlj*jho-`B0zRe&Em<RbZ40b}A)*wTAtw&BL-tam6|?
zu!w<eXlNDjF|hvfX$1kZ{d8evh5ftXZKYUv!Q=RLzy~qzA{j-J@+phlgz>>~XanOg
zfub8YrN>9A#?^ZJ-HFOb&9LloO_`T33+^}7Oo~M!D1oI&3!45_-OS1I;0(ktt`xHI
z>^fsAj`GHW?P+mnc*CUnPAA=Ptjba+DDIkkd2P~zi91UMCW2U07a|PRY-?=^>~*9E
zQz#N}XtxEETAy?)snJ~ZH6MQpt>DAExU~Cnl3_6{z2=l%L+zjF)ul<CWTAiL(v;4E
zZ%m0Rowe^em#^NK+K%(Y7P)e%F*tD=n3&f8RiJ}<DpGQr=#qXa{{ymowm!!y%2}S3
z5v;WSBSw^Jo}P5^9BY8m8%cmv(}_)8oZ^<41Pbl(JZmF4YH4p(3dr%TG^<9f<W@B)
z&c$K1#B(~FWI@s>69V;V7mNOyvD~jEZd4%s3Dx-5mC}{6euW{nAjhQc8j#5b^5zvR
zc*`!-^TJ{WS67Tmkc0_6y2`%wSo$p%oxS7G(y05}9=31bI7R;MbjY92=;AGV;H&UF
z62k-cf`S(OP<3BC9!l+wsHnb<cDY4#upv;kS%+?F<?@c;FVbrTTR^mWZvhLr7h6*3
z8<ph)^{g3B$^f%$z9}%4oyD=diyZ0CsA>p4da1IfKf)}hX4@&HF4ZxccVJX>X?z0&
z!HZh%ReHxIDX8ihSj|O}(y;|~^oRxRAzp206)|Iy4{II2QStCa5N+^iXYx<IIcP@i
zJGT|@zao0$R+<Xxg@dx)w3%z4RjPQj2syKtUqoUQH49m;#d><yCB1fepYehD?UApK
z_MdfkX1az3iSJl5p!~MG$Z94`PyE=zvd=%IY;8$gim+r_EX3;%ef2K!ZxB#{HW`2S
zaQYMMV4$b}OWgY>63Wd@_kVn3aWMZY?&V<m?+AO@85#Zzd)ev#_hGLXK<xj0VXrno
z=l>6T{|M**zY+EV-b3H_<<fU~@-D3ACDjK>7nrgWcCDV#pBST0tf!?-|Ji1c3lY*~
z(0EXR9F%XF@2>Fz|75aYV4bMVbIoO+i6k?yXzT0%mkm)IX)u$m87wfe&!Cgbhxk3-
zQ}Uq!mL7>*v^T_TroqKvgstkVZr-eY&a?3eq1xTR01j#Z1Ggh3`+SIhn#|R=iz>2=
zuO3jJcmOyl{d<bH_yH;m1fUXKxZ_s2G2wBh?SoJ5Ufu!cr@9xlET4KaqOC0qcV4on
zP#=q)P~5J!Rr@;q8+ZwUS>~u6Rql?&i(?Hv%aUo-bV*Eo><WWE^pHvvU6XuRuU&6|
zA3|>RH|L?gpKi8WFsSVF+<bn~+sZ08Wyn6)9LghXY(<ayZ4_JNpaAHh^yNt#MEZFa
zkH~YgfBZvb<bbN7cjt=opwBWI>DhCpji{FI&iC6*og=)DZry6e+2ZZhJkrDC!m<0I
z<t5!KEQ2LW<7x0t9ILNKBIAIp6Kf2}W65*rPV=Y5hnkMSmw-0(E#DCQdh{SCT{QE{
zqZY?OM|+6;!FvU*e#}?~qW8$`x!ffa28;s-Ka1)opYb_n_r=p)7|^+DZM7gFvalX>
zP3udy0=p3@1!m|bpyrdrA%xi-lV(=OP>#}jPRb5~v$~CM2N$ZJKGaFuQf8iL@Nx7*
z(}5x|4{Ohd!^`QS>f~jUs}luSdOg$-eeW_KqqnLf9Z@b%@igX3z$gJwf!vFZ#K-cY
zxxns9>Y%(dzNq^VxEqGjE9=aFPt8Df$z@o?|9%{@4(b!C&+>w9y-ep051qorZB=m5
zjIgSUgtgr)CQU|$Jt2YDk+OqoU}yFqUy^Q}?kVPW)w1fKf?HspqC1*gVzl)1mV@;P
z5!qSQefp-21LNQn0BY9vLfld!YezPUR$24p(#@UNWe_`c4>o!j`?i9^D&nDXa<23r
zK|=Wk5-?ioA}Ywc{FrUZJXJY@hG%?l^lKFPPorAoDLIgBIwbQ<<f-%eNR!8pY?9SM
zMa`|vb}{`}5s3yKAi5#=4OxTj=y&134d-oJgkRSB`70V?h28e7!VAOL9LOzM%^AB8
zM<{UDUB_<#Yu^=J#h3j0!6|0+EGeL~A?qPc8U<+qQ6^csi_S01Uq7EWT=!DvDVI~e
zs7_HpkJF$Uy-$@Q&Fh>xBUYCpBb<0<s1L0CXnx#5yU?bHo9?mRTyo5?R7O&B#8$Hk
zjrv24^o~oQYk~*DSe_rkr{1@l@)cp#jcl`_WQPkV#g<9iqD~VC@6!)$6x!a{`la_L
zD$8ZoiSZNaaaLV$C=E-7#r%#G(AJXlxI(~R^e1Z;@V@c&PP|u~UH&_a708o7!LP&?
z)-+3fLtET}gmMXRw2R80VJslZO7MOF0Nz}BmXLU5K`D9p<R@T~<b_Y5Z-u4mg?Xy<
zR~maqcZV(FFcwVezIhY>ZP`!eK8RCQw-pwzADO=V)@$3p^a}fI^HT3?ZLN40x1cLH
zmFdm2H5ai`ajHo{n)ipUaA%nAJ+jiy8t>*_>YZhm6?ME3gxqf?gH@Pp8tSa_QzOFM
zn$kU7#V6N}d~92<PAxH3RE#Nf`E$cM-}5pEM?TaG)XdswJ>H5cohjC*Ruzg~apG&J
zVh;dN832nBO!gsXQkZiqF1}cGmg1akp{A!Mml7TI44a7j>KlMoq6_trYKsr}S&B2d
zcbrug(QW%$?6SPnxHW2GnJW#0>D~a4U_!Ol3y`s+2jRVZLiXuPH9gtNB@5x^|89|m
zWSg^M@6^ey;bc9({+@Qr8J=r_BR@D=9v`jFjdr}|TzG}P^s-@ayi`C9<k6o>bH|SW
zR@nk2-$TU?pyb8l+4>tm7yXs{ClO)5F<glmh6BRV4uEZX6v5&NHZ0Rbm6D*Qx^dQ;
zu)Z#U%hF6v423>hSOg42Sqy+6pg1ieA*vhNCS3sJ;_sZlZ3Qy7llGux?qBWoh@n_8
zs)xP-c*-to?|%NFTvZ)!WMT80&R`ehe<=6sUzBT;S@oVZ)Bx_49&I4roCh_iGHM=b
zXqR(F<-jt49vw;5>A$Ej1N>(l4~j9a-?J6I7t$NpUJgJ*%N<>ycwHyl(h>R0uf)dh
z63j`^FrZ?TVu=v~gX^CiqeRSNHELN`rtyiVHP?AAc&jfa2T~V;oS&TQ=bge6>zgC7
z9nNrJ8=dupz*doz+Ss<*RR=g<vvLkSydEp7i=`Ug6F9>y5?VI^pZrV!cr2g-uJ7VJ
z*jX0cavqB`RG+t`Y-8;AK_x8``8+5H3uJyEWB{y}sF!yI7+BNY*-kC!EU0``-6nbF
zvawm%kCu(NZS;GO_Z6HC7<&9D-T>9AC-Mb8<1Mhq9?RXO&qAHS)^kUZ(~CK~D_yd-
z=X|QfHGWh_9wQ3P<%ZThVSkCzpX1)MJ>_1MKc6`+J9-BVU_MVhix_^aZvK!Ebp}Cc
zXt-GCiD6oakNZ*kC5>;h&~S6I`-Q7phw#FAqLVcorg7HR%4P=XGeK<37!GcMW8`tV
zAFo!FugojKGxx=LKOL;Dn{B^_bVq&eI_*-04LUJ#9tBPr*pM+n;M79D#~a}J6Mk3H
zV|m=+EBhsUjNXA=Z6Z1C7X$%9Is4n;dlvJ;@*(r}!{?LB;E*=OCkZdJpU!4=13$SH
zw=0C4IBhZuIt)PbC9<}Zl(EyY75btqZ?o>GU&89LmTLL6P1O)BIuWb3R$P7ZoLt1+
zS?_k=@4Ne~vX~`))J30(&gzBU&ZP>Iri;D!$8VjS?uy5$d7(BbobghC>Kq<HkW5Ay
zsx@+ljt~^<viD@pzh9^CuT`+WO)~u9DF0U(`5erDCK))G{x>-W_TQW*h5x1;Lq&?V
z6^inEj$usOI$XP)KqL~2WB^JRZUCqk29v5M7aFDvYoTc#D53z41-mGynNY||z>KlI
zP!?JkiSVcwCjKHm2US*F&A>kgDO5_@;V0>OHimQF&egj1@IGkE!GuJr3u9~N!({V)
zy5|Ii0kz|_bMfAfjR(s#gRL)<7%PR9;n(PcgS?m?<)^*X!=p=mi)Je!NxWxGjtu_k
z%5xQ|{A?h+$THf`S1HFFbDv2GPX@u8u3Vk!mU?=9Sr}>r;K-BpQ%yf*=bbJGTXr#r
zPd$@to{hF-9_V!cf*gSC#I)=Gy!<$FIcSV%#N;-|-da$!CK5)h%-?fy6nBzHyV?^?
zuxSTU^$@W(6STtaEFG_DA!FXFezN0)D@?A-90N#S3Y6#7y@3cm9w><v%UyL){$zLe
z()>t})@|AOMUZ2~o`<j#<GT#_L;>9gDp^_4UhNJk)N<zjye$&#XJ-ob(KjXBiH05T
z9G3RGm7$8E>*8Z0?c4ZYn@dW5(%Dc4d0S|iKHCFG&XbEk0s8M!ZhqzwZqobxvsRG`
zoy9%c*sc(3Ha$Gkyp0#Z1^m!$MPE!enyGNUlq^lz_pycrZO|EKkxUiBx?W^G+J*UN
z1v-Je*}$L+X3Hno?8p)_=Wk*-+5==Re}2m8^?Qtf&*;j|qK(JDS(i_;5d`BD8KvB;
z+K)!}ek|RN)98YN<&sQ-mvaUAP;Ugt1mI5O7*|^;8&N}^Q-#5R*`%uGw<fD2t;dkI
zNxRePxd-v|_Pq3ih-IrI=@6x=Ij8E>z5)-I!qqePJ-nx-vSl%C48_<%4k}pNJ$f$=
zxL)w-^|exDF4xFUn<<+%&9e&L<nF=)4=g1m?lZT1n_v*A=KBoz+LR&jZn@pazLSo0
zN2@}b78$VnC;BOR5icJb=evsG(Zq~ID?^*=d#xu0j&zGr1|cu@=1cwp#gpGkU<0$s
zR4mQ`f4&V{Gw4Ycq$1i3ru>F%rfenx?!^w-Hf^8pgLJX*r6?)(Li1Hy{K<Grh#`LC
zv267hD6d+H0~3UFVp-v{UXWcc_%)*QTzsbjW;#09M`ZE$rWTqFMoBIS1N7U;$Gk(e
znM(eyr_tW_ULuhz1c|CA=0GK0gHP(!Rn+NSJBmV<N$9kyE**S>Bhr+%reCjKJ^_i*
zR%U%Cr9R^0;bibI^`gxbz@DUE>A-m59*3Lxy!53@btFUVZS7AZ`2KWZAFDnsPbi2w
zC1-ULeBe!)w07@`|9T$NwZJ9g<<<zkerVCv`uT!P9t`j3)GINd$Z3;{WQ6Uo$v7Ci
zLtgB`1;#55zD*I-7wa_HZg9Z*6R?)^0-b<;;G$P^yO+WyfqcPl1=t4us%6E_W!fmd
zndZEC`pJ!}YGCKls}{TiLU|%Xd=I|i%O);ELha5}HyVtWrPQ8*@I3L-!OAw}!F7=B
z)ehFY<F{Z%ibJL1$}i@wmpNJ~X<19)3AWJ)rZcj;TaCBrI8DTIa>#BBm6Of#+ys84
zb)gVvS6eVAQ~tFc7BmN#a`$8==4f;k)DH0e+8TC!Z;6gL(N2;P0=gQD8Q?9<TgjJ)
z&1U&cjr?RkG|{6{j<0UqMN@Ujd!dhS-lr{bueCRXSLGUqGD~h=yXNw5UmjV?T%tLI
zTz$g!{29cuo=NyaR+D3a7e)s|neD!D!DB@Fa9Wkt;MRvOJt9brWGc<ifuWo$1|hr0
zEWFGAbNs<8i`!59S4jU?qs`{$_3@R(wiHsh&)aAMlOGG)a`5$WPv>k&3vk*$*%~<4
zleM?pY6V<qNpEhS#1tm(Cl=;l78KULPi&5XbHNuE@P;4;^3we`nVvtM=6{gRm^l8O
z>0$q~y5~L9^H16V`)?lF-;vJ#c>n_e6C*qOznKVb>3b?`w#0L&d<(kjQmndZHi1%&
zuF2YJsrK7Ott+CidY`zk$xa3qVX%^ljSV&yg-$S;cD{a&kN!eKts+p$4;>mNo%qFC
z8Dzn{VCK&F=@$HH3RXmUE{xY|4qcA#eXa?~h6A1GxD%V#Kodqs-vhRT^bH=<GcDP1
zb(1OhNq_w9hcNk5l0K++hQasD=P!{H_}&~LK)Rs<^s@euV6w(n$j$Jr;jq2>{&3rl
zCr*BVY?Fq8sJ@xAG6b{_?kN+==Rz0S;Hg)b<w41WWy+we#=IA(x|LCvbvNXFB*?1m
zJ-L3hio3^Xq&hy)G!4-pZJ&L7MF3$043BdCng$)WBd!o#$dhug^3&tnE$cELzb8O8
zAQ&j*`{`2y!t42)PSAN*_yueJ=BHgf#13dIxL(5x`r_|?404-E7n(raXRHpW$zIEg
zk8WVBe!cgE@RL1k!>(KKZ!Q=9n+RLedTdaUy)ovmL3I;FDh@b5p&s3ebvx<Enu{E7
zgk+-NZbUey5AoeSedC|%enn&|Iev+MVyTV3a??<C<3`^Dk^V|qT2uMP;Xr~e!1ppc
zMAjTqdZE`jL8jtxB}yCo5U{-UP$ldxZn-K#o6Xry&xgO|XTDrFU@y_{S|X$&%Z7^?
zakawyScmxVu`p-Vm#9DiugNn^NTaH@MF0ZmAS~|?(^AJMEeZWCt@b#~i6Z&ZCGu4#
zakg?=V11siO3_0lgC4JllZKjE5xTQi5VOEMBeOyl!y;o|nW89cmpdv`EsMY{9R|#h
zGk?Z=#XIa%&Wf`Y7-WGRtK<4A%CGs75~mep)e_!}Nb>aE8&0%%g=5N!qN7qm&{RT$
zkSp3t3=g~YwOjy*hYe*mE##crbM;F?$P_Uan!K+-opovU{0h7DabC=*TaoG$L!X3~
zRfJUM0)+c_)h+I#a7$5Dbi2DFHE^ihDE)&SOz#im5eI_}&?M}3sRyn<xHL7grrB#2
z(c6UkOK-Q9!F37QgSiy3;h3S}qHO9RIQcMbz6SVWtzA7K3ii?+W@k4p3*KvCuMq|C
z%~d#M$+aYWjXuL6t2&PlaD01^C$fX+gTF*Nqnm_e-K0<VqcM7PUrCr3cN-)?u)1EU
z+VstfyAiSy&$(Y+yDeaXeL0z~Z1~RCay=Q2jg2lr#_>E~AZcrD1B|k^va#{;aCTH2
zOVjEUT}N2#sM>Dxyr99_^%=v$umU$`>~zq80bhOV5MK8cIa3aI&D09xetcfw6np!a
z#rIivaWv>Gt3hY|c%jd#`a=_+pd}MB*KVUL=}^g<Yx?TV#FIC^5D_y1J_Jq-$Oh2e
zE<XvMvyGd#&f882{3*22(WQ&4LMy*IEr}n4W?Q5_M%QgI`nif5hyU3>IB-g$fd@zM
zwdzm;v{Anc^r1Bv<^~e~?gs*Az*w)(t~LS`V&~=-0nUextu4eWKCYC`B=|uCV&+z>
zX-AXw>NS?e0ZLkF^#}ip6C=jB{LmDm#LTRe0tudkjDqpx974`|E!Gr~N$d~hXfmd;
zJHz0dQKIJ?;X@OV(PVL<?a3)M%?6CYGFW>xG`R`~v5ZEnabNi2^QC(n`9vl$>toHE
z4$oT3wHT<Wv}jTo0fRY-JLa6)j3edzWY!BBA3RSm%gsWk&GXFE&SEijOrt8~R}8Q!
zctVR+95A*;JeRu5ngbSDR4;o}k_+Tb&?H$RH435K3{sj|W<@=gDCq~sSKw>hTU+*-
z*Kkyrs~zE~pwS)O+z#tRKbEPXS&;0a8w)S#n5x9olj7x>T4Q@3Hk~S24<dfjN5Ydl
zL1Pm%jU?GOSVExvkwRHpW0?Tany%l!SF?43<avmcPC%L~RJ{c<eZ7Wl_vt>x)BXeI
zHw--DkeVNGXi*1UeV*`(n>|>WEP8U?G2614L9UPlaJBR>5<{C3_J%3l4B>~|x#~D^
z*?G1q+b^6#ZgR<j8H^V6B`$byYW!Ng<>o2&IFnzK>``*<-u$uDlZ9lrsM-)_Qer5n
z6ov&nKP8N~Ew*Y<l(RI;8ml;%yNTC4@z{*{d~q4>;wBlh8CsVbnHH&FbQ$ehrdBHX
z63r7-$m1kAFdI^MnVC!&7%)cmXuE|By|L>#;3+D3NRbOi{)Gn}6S;lCxSiET0i_B}
z19WavA{x2Y<-7G&_z-R0T3@cN^twpf5h1C%qz2prkx8+{s9;&a1^B+cLwmA<s-1xd
z>aLeod3Rz<0D4ncJqMc+vTOJd^Flf?*Yt>i!EJAiVgS-DnsJo|D$5J{y?F>(JMDpX
zd`3%kID@e1bno5OW^_qJ#YkDTrihy=&$r`~c``Plg-F7zZ^t~RP<vsS-CBY?;m#`G
ztL4dvsZfqL_!9!T;kWTFITzEB5^C`W?tj!z*hY3`v_E*>quk)#AU)wVztYI)1ep7f
zSG-S%&9RV-sB7Bxfsfmh2|9Ds8@@Al{}$)`6bgtR6PLdBcdzb0nc)oVYz)8m|9*|b
zvj0h0{1c=RwY6~)Hg+_0Ft>BEb)fsbDx+_0OeZAp`$HvbXKbVBZf#&|^&Zk$>6<zd
zFuyn64-yo#b<?C_c!!i}-fMi{$&2ia1RRX4+H?|5`c~$K0yd^r#su`RbOMfsziEuD
z98A9}um7<^!^pq_ODCjn_fO{I`+2Z*icZGXDg^BBr~LkTQFAL}MuI;a4Taw&+W)%#
zzkp1CG9H=e|71hHU!jxnKlqS;bv3lV3t09MAO@Yk!bZ0Six~cr1|=C4gkMQ4d;t+9
zE14>m8Y6t`$ZNIEf$AUh+_=D*zCGXtQtL1*gD_@!*+E;bPJ!a<-}$qIaoJvL&#lms
zG6<afsKQL-m6Eq4T_4h9I(xp@-G&w;)tLf$q`&SJWBZQR5Z|Ha|GnABdK6cR`M_eP
zR-Iqz=qFc=_qy!YXNdKCa4qGv)zZa7J?R0^RC=&kg$6BMTAIMkSN9{)h`1MK@!@Z=
zN7Z@diKT7E*K*CCxl-i1&*lTC-^449@GLSE`k;W?%3&pPw_ae>`?g1aX952+5%srX
z|HVR8a&R{O1Ev$ycQpQE&);>qxr3vVkeR;2@2-^6|7V*K_8;t3M@=SH76P_+Ebo1E
z-S<-ZKYH%p#zgRkvAyR4lx&r4%>O95XaA$#`#*H(Ux*HW`jY>vO38oulI+Z^|7<f7
zure{S{BwngfQ5<iuN{9HtE{B8(okvN$ZtorTGE3X02R<G1QMheq&d|S0Pz9b)m0F*
z8|<^&6e8$*I|*lg*_3X==3t9=wQ=Pvy<(iT)Awe2W#J%M$_bXfI5?{6!`I;OVC>JZ
za(03IO8RoiaAU(*08kzi0$yr7Jiq$(1gNf029^l@ps$`EHW|Jx>VdFy-M!)Zy`nxV
zXG6Mt1Ngm7pPjR47q^#@2}{6tO@eu}xn;T(2k@+(cmoCq&N>aIbniPiq}B-ZEHQo#
z-<N2JLhggPjgvrwf;73|;|qEP0Q3>bH+@wp1+4V|>%P)@r@yW?6uDd6IXPaehadT9
zmH=<lTh(wUR_D7<zSLj&E8ds@BSIB=^LKKZfGR%%z{x)3T|X#~52FqUNS7s^AJ0#$
zZ7@He+7gK0s$BBm4w_$hkr<#0a{t?H5-9?J{6+PO?E=*Aj8>0ohz|rGaQJ|5!B_bT
z1`60zOd$Xq-XTDP_}#tv(F34gpo9VZ(Y}6A;DCUv!|C3mP&^Sm*&DO1N8xBJR@s}w
zt!LqAqMG+D1`oo~l=JUfwr`m4^TLmid0NPMrt`w@-Wz7z?~Sqd#^OWEqCh6;zBfvZ
zcdi&=6`2Q$!$aEZ4u1vr+A4uubmv>%;Or~g$|9El05Jri50;8S39B}#T5}a+hA8Qm
z3c3ZaPX0!tr=BpwfW0Uit*P$t-DnXDw@Ha{cBi%<+xX;B-mH0Gpt+lft+?-oDC_kW
zvw@#@)bO_ZNc%<W)2yKZVI14ua%mj$KCA}6aJAxsV+_Pqye$m)^PG&S!DKZ$648Mg
zo6vX&WPoLm)hYFkwpb&N<VUh!*B5&A)_}!>EpwCj4@e3AbJC^5-Oz7KkftCV!b?r`
z{wjT+5(yt7c8u${q1uwOzl3Skhh=*~+7Z3EPPt6iE~+g|h9Kmnm!|DA5^75^#0VRm
zr|Rgayp}5XN|s%2Hx=1`HJDOcYL8djPIH3op|h$h#UsNAuCDW53`9T}oO#q3HbN{F
zDlKK8tMQ6y_M3(}K5;tLv{}+^W70euqIQ@$**gAM+MN5uQNH_))6pSnPUUMH`suUK
z=_dnRLUHgVnD>cZhOI0jf&M?+OidesF~XD6KguF7M(tHY`6fyE2dM#`tYHMX)n_ui
zr(q3g<sv^-YVDij4_jwb{cWvBDfW$j9CEI?cUuu_eVdQy#mLy1XdL3v*miAwm=uH%
zyE?=8<P&`aE=A_t$dz4)cWpCmxF(>%yiKoq)F^&PHUfEx)@&~R!F;k?4X3a{EMSIH
z7)=7_TR*2etq(#oQ3*p%k=!C1J_N;+<}n?#D;kHRVd{x?UOvfXgfaN65&6UJA|$3U
zJ{Nl@`D0y&rAp<8gDBsnH3qEjPP7^KibViIf3u^N-EVF7C8{8jh?mg`pk4R*qxR{N
znEm&Co#-<fOcGAHr|8qTmdlb`$h@jEnCn(MCw@2HK0Cp-3#51L+oB?V$vsn)o}(As
zk&18L8ZvHfKn8bbf&S9LDYCO+gyhI1h?*k3{)svWQKGh^7p}YEsiR&Y3vT9`?0La(
zag$EH&xv|gfpxvSOaZ;gf-cr%UlTDjN7~aUKjIpS0Sj$g`sHuiTR>Vk8f)&cvBt18
zJ?C*4^WD>aV7uQ$V)B(f5V+1Gna4L^c0>3oN~Cy#kAfWWoqe&RsXrM}bZOo}N_A>y
zWNe`M{0z@MHysDx-J=fc5fom>=r%&5qxf}G0?ru*HG`r+m)4vcizve22NtxLHIKfO
zO*MNuh?)yMIg*-hn$^h06FL5_%c=4lUTfs6hHoJO=7Z_%3U`Y3{^KpjmqUq=e$~a`
zesQ}wXFmS}&JNHg>UuNLO6%|fzo77-AV*t0;4;#zHWLVWH$X=oL+zabG|k>{5|euu
z&9y6&W)<x5vs+>KR)aehi_iIkDLDeniwwLHlKD}A;X*A=sNR)g1cL9PT;;uJJ?9Ma
z$k^KTgS!;|Gnr)1nL~4(KGE8uj(UAq9(+cHOs{ah3fwj7%mw<=BHEAcMK;t`x>g2-
zwJ)V(`-rXIHsmZFm}fnLJr!f4>t2wb!d#6nCCq0e*v~PMC<?jHi4cUmGWw#CKd^wv
z#TK_@^jEHPNk|YrqoIEjH(;7wpLO)Bs}F8I%$OQuABZTa+a{Y?6ohLYm8$w`f*TA)
zwoQJpKjQ$D;QN%Ny~W|}W5dTDt|+9WkZ(6`V4pLSpQDB-cCX^8^Oi89?kU@fc4X}E
zcJSTyyw9BPmTdE93x(pfag59&c^7R8huS?T6a)VX3y28u7pzy0I}OS%YZXweqx7k}
zuUSe%)hUN?K0&&^^`ZI`S0jKB(M$R~sE(+<v=5DKn2}SR>Dr1@h=uA+RrI3f)xD82
zj+yu3^68$1K18pQxEKTd@ZEKI#`Vk&T-X<Ed|2e;)(rWz4Cu?5QI4POZ$xnN&y3o<
zPG1#eN4bCYuY%}%m<99DCKjaEstseUj~copgkZDJzI^ePdgG1-7>(V=q+N34Dy#H2
zk>&~Z!>`If&lZbq0qFNph{dX{IOJk5OL-amOo9`X#Hhy32RpgO16I?AMym?2rJU`v
zNKuai(%IOoddCAh1dkmAvQ0D%aw$ccmuyX*zsIQg<~8A4Uc;#R0!Quxo+~i(?8dN%
z2}1{<5x&I5W`qydQWvP37<hS{#g|`QlzS{_WuAav{ltzhK2*X(O(gFrShx;$A`;>!
zUHQ}|x(Hq?e;yyEgmc8ys`iCx54$@tx-pj()h&NZjrh>uV9{XGu>~{U=W-n>cR;C#
zSlt5mu54YJtq{JkGPESql&(MXWq$UdWH_&G*y%y49krxD0x5>W6zv-G(19y>1uKj2
z17C*!iODUATpEA8o9~<f-UuymJp*=3kFfLUHdn&%L<m`G!*th2j`&~SgJwdJ_Nexm
z$GAw0yA#{LF(2|8JTE0vYVZ@msQgS4q?1Ok?U%L5{xJM;PfEU>E?1Vcdvi`2Ew+FH
zLyG6#j;xf1v84CGz-jCb)2j^od3{#~mqS^?lt_f65y%>hi1+axvA;5j#|N2sRhx9f
zk;M3^S}{kW7ycBstonQaS@%xN$x7|*Wzx77q`PXX!$<dADyc}MZMc2aKFgaAlk4kw
z)&acQ@xI9>**2VH;(n<}eyS5q88H$8s$L~cfbZ*4u}lp1w0h~mgEP1%!MQL)qndB{
zX{jf=9Mj420!b4g`bn?B+7wzmx2NH%PpP3?S(qekXO#4pl7OhbglTVcM4zZpBOwh{
z+~F^9M8cBNk9~f`YsdVd?Or2DWy~7I3PqnI`j92{qg5Q35{rBN(Y4#VeR4el$O@$a
zlr$kMw~`#>qRrk>dq3txTEi!=Y^sE`etpT=-jxB}B1BJjjhW3djxz)e)u#|fdHJj@
z7Mssw0DN#<6>RdYY=UzX66uOsCisjv*LL7#b#m(CmO&#VeAvo$`;e7$6q(cmRx})N
z<zNgeP4A787fEpXS)egl(t(6h=LPe5qVIih+zx5fQ<MNLsWA)OAJD*-<<FEMQ){`W
z39eBg^n5fl872Ar(&}dHCVaGXZ2Qwm_(ta?ngiDRy1kaEd!~KJ-t%uKI=J*99^xD=
zVOQ{bna}j2!4I?IiHR$D^Na;(W!`}{AMiPu9lw)0@@P8UWlfGLqMLUo&kXfL`7Uz4
zU17sajT*OV@Vma^fF*K8t(vvA7GH>fs~WJ3M*U11<8jv@V0-evbm0IUcR@QiuH1%<
zy<~hoi%{Ok$*^!2TUEpV;2@Tg=`Lm+7=vrZMR-1nToCkSCKdN}#Xhi0cfjOoHdMU>
z({778ZNE$bI>q59`l$bUb1uw!<JSuHnmLP|jPqY+U!yi9H{=`I&1H$Bwv3N=I@pO=
zFOg%xZO^J<D|mcmqebeoji80;WftWVAZfPMahFonqr1^{h>{c`dHA2MF5{(i1vWH;
z87NY!mtyFd<#BhOS4lgwe2Ru0SXh1?4C-o+R(EQD^@JF-Sj!#i8B;HHdyv+4KK&sZ
zZO&FD-DMoeq@(=wK^kvRPyv|k$jkAOB^bL_SPLhUi2;4xRdR-*w60D<A1#?Y%V^^o
zZ$}g&XAfOWw8<aRb{Oo=DxPayT;|UA^Y<YGa$Z1LeVAolGbw3En*_bwa&l0%Z-9Ag
zHfa^E?<&UE5`05EI=Wv^X0#pB69a4+2A>&2$v;867dZ@HS@_C5L%|}#tf{s95C|#k
zTP+@)Nw8}~s}9T6Tf~+vfa$doppe!BMiF`UDPj<38r~TjrrZF!?rtltO)CpWN7TO7
z*fLe17S3}G+@DSR76)81N~A#4(~Z_-M^1n25I*|V!k#RHhu_jmp=H|#J>iqa_a>-N
z+0lMOgzvE0Gpr<kE3+yuvlwkb9Tqu**)F41)sEwp#^2EbdALV^zWW@fR{txF^m>K6
zATsb#dmMU3u6I{YKQBm)ovLzX-9ub$+|FW2Cuv3Xu216YDK+Fr&$`SA75LNvS4sRU
zeyGI(B?OC|Z^j3!FBd5$>&l;4GccUFQ&a?UQ~LQ=`|^!ACF{JG7GgprOAMmsXiEJP
zE=^ET&pG@9wAnQx=Vl9ARD-k}M_q6FG<IYNv2;ThQmi-erJ*^*iqyZjwmmAJT{jJd
zRCQV|yTV=<%(vGuQjhIq3bpr<Grjd5olDF&eC=U9Kx^5!SX#Ttz}Ibip1LaWa?le^
zV^|(0ka=0Hvtt8-RAH5$Yrk1D^cMBTyDV_)zOjj+uh08HMOm|Z!mKdH-4DKy+kpI(
z;>U4Jk8D63A08aarLn1G)M^<zPHnd)OiL%Sh1eem>xzIoAx9vRm60&gnyj$c`#GAJ
z_@l&ZJN5GinNR*PNQi>MHnQm?L$2p5&?z)8nta|)J?GGDlQ8l<>zk~M?H@Q0bC#QK
zvkW;XBgCn@nN^;2Mi5@T7vOBaXHU7yXk&#Kh$+(V*LP5Tk_lOrT7^|-`h*2g<Ip-F
zHrV+oZ-MT~L|QcI;kl4Yf}o5<fOsCu4Mbb`{&6hLgQD5a9=sIaDS`xgk1?N>=*sgB
zc7{&w%E&#vzNoq;|2)SK(<{KGu096mBcv4r<{N=?MCX!R@-_Xb2WHL*RsEQFnAGlb
zj}D}3DmRYEA=u%`r=#FHzYA6i3>$4JkkSR$F!kzT+1^s*GhrH!C@B8oLv*q`S6jYN
z9-}-ws#K}QL~<jx0D{WMx5LmZDd<>*rbj|wAMu#L%10b!OwR<y5uSkWLj<|RUM+}G
zgSShy!jTyYc$LZS?M*%nA?~rt&e0NW!<D~on?c+r&P9I4rgl_bQI=m}p;DG}zgqCg
zd}B!L(+jE&A&>2g^%0()2>cl7)G~Gl27}DV-de@g52+BHDrT0i23Pk{GZLOPn-n)N
z>erH5bYlEQNHLuoZcl;s=b8QzVP9dQ9(hwI-tQuv4xZ{(Un%@VVo_wTJq6rbNt@IB
zGe(6g05{tH5|desrd@JDL&`)d4F#lg9PT6GiQx~<q#Y|Fc1go^G!9Qup~2K18I4E4
zMNeRQPhz!U#dqXKC^^s>>vSueelzZzbd}8Nsx!1e(gz*(;&Z6j0Qs17HW11*>MYZ~
z<C?~-KJ8}6LIsO~w2n>rAB8J6lwbS0=(Ye%N|$-!v#s+lujAQN$iGnQ1b)>=u<ybb
z2`JEz=!PgBpneySji{8uHk`K?LCYulfvYLp*J#|FQleDN$W(bVinY%+qKM(|xe#fi
z4xPsmTkl!Ml9_hA>C+g*>6<0OmX(YtEi!QjQ`A3fw;9X~jp%`An-@v7P@&Sj5V|MN
z#pBu0K(*Ag_p@HnON(xSL<gXHk6)XwhDK=mD}t)FAMh<e6AZMtA%X@4VHzX)qV)DV
zxR!4KCwi__T>pl>ZBM8LO$ssnrAX5aZ&t}+$51Z^M#OIDR8vm{vQnxY%acO+(6NjV
zwlkO+mAKNF@4Ps;{C#AhoT7DhM30^lt%`#+gvtPhse&jSFfw>K847*F6^uubrPC86
zAYk#KZ3Fp}>2znc`%aQY2(!*Am?j+BECJu(RfvWp=0kzZI5Okx^edd@@M=)$c5HuZ
zd1T|IO`Q%Bk};YT52l!U;(%rs?7_wN97*I9p?n<kSPUCs0p7Biqwi#5n6OC7#pzer
zBD3}Q5qLD`nQ)U)`O1;iafPJI+;8qw=k_@*DrUI4uhX#+vKIn`9)-;Pj4zmD0$|QU
z(tD>T7~$H+Bs-oCn~RS1{x3K(y!q8*cORR}<4KMPa!xm)NpZQin9jgt(=ZVTsG4zA
zkm-rn8PXUjosG!l1C!osL%e^MDA6K$`Jr^799!Sy62m<oEQrlqV$J7{S|Uy2=~I~K
zWO92@7k2P`M8Qnxid!b{c%J3UaAt2z>{fZ9bkc<Sfuercz`u%l>@{{Yfw8`aRCB=l
zB9tb<DP%JAD9Kv&l}gl424ULu1evPzr8>+m4Gozm)PH;FzJOzuw1;-qg6W(y$bh#-
zLE#bNr^pVOq-&heyiWzEZi2$cnnfs0AbU?QE`Jr<X_eCz3ZzsnUGfZm8#wsV$nyqL
zzA!;B7B!opEhX5JKOy>R+0}=MLt5*QjRn*E%e)Mp&lscw3www5I2ahZy5(6VKA-Zm
z=gW`c-;5`SQ_(Y%DC_R_afc*Ha_?0}A|irH88uYT<K>x<_8{Yz5`G?POj+hG^dVNx
zX_k9(HAwd_mQ&lLwv2RAaCCBx1i*!T@1k(SwH2w#6b{uxeS$(l0c~P&QBHe{bEO*=
zPJW@XvBui!wK+QyI9CmVpn=$+#-Xl*mWVpSyMp%+xWSqz{#31t=tGsDZ+U~h_W-q_
z`IDMF9xWXm<r8W`s#BYP&L_>udVS_ooLb6<Yr!mg+;Pm|C)hIK<jFnT5wLZVh3iLJ
z+6&-Y<#S<9hsvz#?ksrUz^HA}>sZ8>kq5{(GBla_(r_j&6c%GJEN0`%5w$03y~6Rj
zDSpitY;(oKV39jok1IjZxN{w+b>pb8<P<p3mF4@b;krq3Fnp9mxH`ybcNMu1x82-=
zLH&Tj+|O-j;YNBXG5CSctnIL1)t=wvQQ`C@XLH0{*k-_*sE=Lk>c9Cho`bd%M@lOd
zzAU*LM5p1sKUvM0Qy4&S>p22UATu+cRBN~EgB&!9k@UF2zQo65rKj%k%wCdJ_n>aM
zk6-mSfIOpXFM8dOPGVj4&qR8RENGX&nb01RpLcCRTI=(jj0d)=g+4}a_Zhe$z-xS`
zl>2tCEH0Htgu)R+5iGHEHzwV+3~OboTIXS#0B!$4>y9ztxzo=|bx2MOrf1T8Qg}7S
zC;4&dn;XLRO=G#8%=ybJ7(+Z!mg{xLxUEw~d7Df3V_k%Kw~X_cOxoIaQGN6$k0L7p
zbXsJOT9fb?968nPbkZv>t6dFxl5g8=35Fnek-{jt-bn%-REBY^W9DJ&S*7mjU&}>j
zbzTno&8DBr5R}zszfh>%r|=?ESyjb!FjvPAQ4b>>+||mNq#Rq<b=@mS72>0PeAL#8
z9N&M`?hY1Li93K1&zVSVv-IZbJ4hD<<4-W9uxp#waY$f4rJKO<|E!}<W_pbqI~$BV
zMjIAOR`oebTYDg>0SB|6ge81O4UG=61mlzX>9Em6_+nL+c;xaa?dHRBq(=cf5-LIi
ztE(*l-z8$5^`4JUH7CUZPr~$AWU-R<!YO~q!ihwAd@m9-J-l3CM!CBx!Az4gwlwQ_
z>6|FA$qYsb&bA?zN~lQ(#-z(mr)`tnNQ|KP&@*8QX|YACvmtCySLsJl3Gp53p-R$#
zR*<qUDl&7r!*{~&d($zC=sb5$jBRuX+ycv<Egjbo6_E=G%-}?*>yx1+;LThT9Eqcw
z4~G_hcY=#KoXBnVh{BC6t;6Mqi<F;a<%(P6k7tGG{qnNmi__M2d@#2jEQLko)PlLC
z4$l<>pRw$j)-U?uqQBXX8~2D;Va@=0peSUq<;5B$;m3ziW<t;iuzCit#b6T?7;Bx6
z+x9)MXbtYpBdUdMVM;cV*d1giK8fQh4P3agSn!w~UP^N{Ft~rB!xm`v5rP0CXc3M}
zq%B2<<NwxSN9Ekh_jSRCu#FaC$*d;^T2NB=MGoa=R9B+Vuz~yVPJHcS)sB}*@*p!%
z!~#`7Q)0K?5_hBJEi<<{9urx+KIm8EZM=2uljtw^0{0ZF49A>b=_HM)8e3#H4xF*>
z8V+Ceg)8t1g7^k7_|7Gz)dSd}sz+2+bkxvST|wATFlvzOd&bJOHRdM2k+LFYnc7+>
zOVmA*!)}{=q=;x4$H+=;XEuCW&t?rWKRF4%Xt3nrAjHTIsT^cgc5YSijCe7z0Nw(#
zC-M6WWUs985Dl5WI$>)0XTv}d&(5M-=K8Nxt3R{;1fHC#f92{}{5C14>uSqjwukEn
z3Q7}D&=_>s=Qt2^<L|uCWs8;v66Y#BQV2pqz_bU+Vlb#jBP2h&Upam|v$9CC=K<I@
z&2{!AyqysD+Mjl-F!UwAR$vivMA753G40D92?k2doGkw^V@5_Hh*Mz3Pf~4}$sG3x
z4{$x>IHwh^0UuR-5f^m-4np`omKiwB1g82~U-l^GEkhXNF9UGvz2G%xz37!n=Ydw$
zN)^tI3?KC_j2>grL&izUr<w@JUMb9{774!n113XVqG$N$3oP|qboeArb&5_i?fhJ$
zv4bIr!{{PWE%1k)KxPIVFSCK_L@Z8N`uFnjk4!ym?ksLQelrn<#ZFA6!Hvk8K|F&{
zD0xY{G2L<2%f>3=at9-fa^+Moc{#!dp-rqDAtx)pJYIg~r9&HAD4&-(VAXwF&N<NG
zOI6dkQn)|aUY65ouL>;&t^djjNf{nIiq858>oZqYt+lOzw@IN~vaTrK9<|EEcXsT|
zH|9vpSoTldZ+1w*8g2J+jLyXNBF<dO1oVs)7A;m-0-npPi*o6hVeLI8CjtEKe%;c?
z2?Nyzi<&0jdl_U~8zWU7Al*=hD5~gK=R%0K?qf93CV7dyT@p-UF&|Q(jFy$TqUuO_
zO$D5vvNYSO`QMTj-fS=4M8T-Ypclu%_TgL{pXp}jEUEqu>HD)FkM*xuFURjXxWCeS
zf1`Z=hUfl`^@{xi>lJk{HkP)vu@$tnGWrwkeaC5kpY;#4mzAELfQIq?i;ao(9jRsb
zUxB^s^zUflpJ4C%@qfj7|Je7Rv0ei9-#FlZfO<Lp^XQ38%pCtGs5f@pCXgP^@0?pC
zYAq)~&PM}=(78?==Ps|B2OupK%q)m<=-;So<(gIpb{KA$7R|0dmyX3my;YW`^dbBZ
zDi3#TcANqcy$PQ5d-YVH#u=4IS#_<zq2-FRj-HhiAF2pq$3wfjec2+;t&@K+ftNkj
zs$QkRwS2wL+Ism*0MZyyZZ>t$xAlAXqZ3CqL2>03(Wg^=^~R1}x-IW|0s{?675TVt
zOD?clrj>{&@=9U3m7{=&*GBa7=G~dH$%zN0Uy6C;F$D+7>`~uc``p9Q>Ce9_Zbxim
z4jS&J??CPHTw^|Tall-~?A%m{nH;GzEDVuN6s0o_GVP{5?5c~NMAXN=Fgblc$=YiC
z{A7yC_(Y~O`U>Om<xaK);i(9C9{YlPH2lgixBlX2bT>IIUE_;4?Y|+57L9j4Fex6?
z!f`MtfgZ9Sf{X+Ayw1R-UY>h^-PKlJ{5N*T@q0AO|JlO+jWE9tcEmvUFL?Ryt?cgs
zX7+y}%)f2!|G@(Le{=4CMza67mHq>g{fBk_M|=IxtjKp{{Qtm;<e+C}{wrd=$L?u|
zy_eBxt4hardqLcgV5X{`-WOxd;qw)ITdkUADJnzF$3H%)KG8^0Pf{=z7j!Q-4}FLt
zA7(1=;}mf_2o~q6u{8NdI58>B%7q+mkM`D-hJ2&K)74ci#{75(p5?{+C*BHNGVtWq
z<~N%?+xvST-z*gwvZ7u&Xw1!S)bv>7vT#^9z=a{e0A?b;fBv;b6R88x^)l;bU~qJK
ze)a&(e@*1~+8;U$wi77Ey96bNA+U-9Gn#YHmTm`#UyWpC75)Ch@zoE{9^x{MNby%I
zRMWh2$Qx5X*^U55;yv>t)dSe}p5oOSjKu5!NPH?Hy5W@)5JC6F2l^7yFF=VX^GopN
zJKTK1yhj$hCA_g?XiM-426$zkf%Z964#|$%#;KY<y7|Tp^z|^07Q}S2)a-_aap~OO
z&I<m*4)Vh;#z6J_+WSM+v#zNA5KqTDEi&8=#Rt+;`5ROlVvu=0b*D~n7D0lJ&LYId
zw-eK3Z@dX2J~DJaL*_Va9UUN6x<9_oPX7l*JGy}@Tp;EWfUieBv^Tg9;0te?J%<p}
zup?U7^gk$j#~@9jHEp-6yKLLGZQHhOTV1wo+qP{R{g$h`Y}cth^UZu`$KDfj&X0_Y
z$c)U4jC>+i#=6$^+=gAzO!nRw4`|oGZon;0y`l%ehxW2Fz<mB>5SOqCBiymHCS8Y0
zqIf}X*Sx?8X##0F8!LPt*te*@p&Hv@n*iT6(8Nh*T@tyQm+t^+cSx&O&O#2f^jF(Y
z*h`X_&RcRqxItjrbp6XM1>a3G<r6>e8zOmO%V*0rz|3AoKl>NNYTGq}AJW0#*ubI4
zhTzq}mAeOT3C42OQj6uzJ2zfOD2q}V3{-D=uN!aCcDWB~rwe4?a<f<JE*m2^Gy9*5
z-S)y-H!nH2)Y0wr`JU<JmS&g9>Q?I==ev;<7?_#Yjtv*9Rpnjc>J})JV$;O>wlaLa
z*}PQ?7H+XTRb}zM>g(l#bs{NSiOZTwlx>vwnGVg?0|@d0YRc!i@7}td7!nC64EU5*
z*93G#V902aF?wXD6A~RM#NiTKKefuBB$Ri~l7<?MSN-7th1m&u%CrpbV1X=F=!!vM
z+cB8bl$g~gs@zQRRb2iI3F`sxu;oNqdTLOOFCgHk_(fHTh>gbEsslf4v)@uQV4+2p
zXiU#igd*JfjxU=wE<QUpaEsN?jHyrbNl|n{3(QD|$zgC}!Wx^M)<b79^r`=lLrV~N
z#L59omZonnt-nKa&gCtOWQ&h-^wji^42o6HoT*?fo89ck<*rmxh38c>i5cF!`kafT
z&}xgvC`Ht4UU}r@0i4K;Cyk4fXZ@OHjkpr`#=kUP&IL`S5oHuzTk7aD?Ty;|{|X_Q
zq3LoMs&K=-peW%B+TK)_dx3f-C;Z;#4X%6)L%^VTUL{>;)3`Vy!MHN32bv5R?uXpG
zXo41->ClHpAYuA52_THp(EE|P2vBSLaX3ZeI3Y?-);Ol22q(U_xkI3*I<Nc`M9il8
z9#&;MV&8F@7acDxc{8fonbe#%JT1$Yh{8~jBd@I7WK}0#)~pS598zH{15NSC{?ukH
z0%kRZ>d+WuT87hl09)qA6c5RaZ<ybS(=LGiNKqpTtlhA|@MIl`#B%V1m3m`5qny1s
zNRhIc&LuVEFb4J|Eux|%$(0-)yh1Z#ar!a&WCoPei9lX!!T-v{T(gaSlUj3@S%B%8
ztK8lLOm-d9Z3PWeEy$lG=*?F9UgIKSG8X4is;4eD21m8*C?FXoG<SNUuGUTb3}@|d
zvj{Z7NZu*K^2x=NIG4o?6il8$8A}+??C^u!Trl87fZuXAz)eKYrq5&`fQb@k>yf4)
zR^31Wb5Pz=*sV<|x$v1qwAnd}vjeUAlsv+fv!mLzm&a{+*>Mb2Wwgv7Pvk<^7{Cw=
z{cFZdjE!hsQ*|yM%|}uFRtiDE!NZ4{O%qquq#3>H$g(!1wm$_0Y7*Ghn2xY1En?I_
zM_0Qz5+G&%<Z_-P(vrp^-YukIsjUd}Q*@{B2adriX=8FWh_jHC`(p&@)`GQ=nVAl4
zM><ifJdvUtITg%H3%v!m+-2jAkdH=Q>OE}h>hj+F3NKas;IBqnM|bnoD-)z1G+f-r
z?mmPXqPff5ZU~Q_RFU@uedQQMig-dok+Na|VQA@{*9Iv3!8S}$efMi>AW<gj1#sY5
zM~)1NV{;g%gP*V*8Q7!E<kbQh1Y(o)n4PA-Q>Kz@T`;sgY6NS-8fOqCJ%K1{|9DyB
z{$>g;3R5>zu!@VHO_;LInaoHW%L}4H0|4SHYs6e%W{~$<8<V%^6}Y<XwJ8bLtlu>q
zA_+Lj^=`!)fcUnp<zuS*`3m4Is9Gd8B7UDhCVNwC)gX&sB<+Zv+HiElEIhCm6lLXk
zf_h!4fM@$}^K#ir)Srp1RGlJTB;mm&SDmuCpksf=%&pzvEd4;CKc3)EXXV>fH?69e
zS_FCb@DM?T!n@XzF7$=UwWDT?d5xqVtr+X4M64y8p){-_yi$vIQaPXyJ*_3QiR$S)
zxuV}AN7_tE<Qh$K$|z0W5GWy{k1*KPb=?kDV{C^uVAq{Hq8CyU$s9Cj={tfX;~hJi
zJ|cZxpX1M1We;mFcPL!xDwx`FZ1nhc&zMush<#W0>7qq)-j3d9{Mv7ilx7p<#)iLM
z-E=*UsMKJ2KIgqVn~R4lUjA03yqvavp_G;(?-uz6UY%6_L0JVNr>Ul<q@AgpYJ{k)
z==xNVj~I)PtnIZI(SR7WXg(6?U2#^#M+0UggHPn=$InFIpp6US|M~L<a)=}j^mo`#
z1avHobP?Ky9g~a*ep%YWE1eV{$5TU=b}BVcCe(uPpE6B^la&3I3KhGO8JLrkONz`=
zl@Dr_g50l{S1sFj#Ru=%PduGhlVHa}Z+L{!@1x(D7c_bv*Aqs`E-uMiJ;!P~6!~!}
zm3fT|-S+Xlk$yN;@-Rv@td02{nnb9ms+R8F*;?7Xo_%@>rmVI1uhFLcQz*BlOz7YF
zCz!Q*dY~q{d})kU<0qPXno{s<UT9Wi%5}@e>*v_pt*On)ho%HnOV;L$mbg|f3zklI
zstcl;8LQ%z(ZZJN;`hTvRmhpXOfTd6aB{P=sl;Y}n@+cX#X4I;Lsacvv3~0L>ffuI
z)y4aL%wG07mNnSwB`BYFx?$CNDDUiN`ATK9S~R^GM#u~JmBZ3$ANWr60{!i~vTXS)
zRT*KAZMlNB{(?eft=sDo98TBg{d_y+nV>HB^KZBt55j8V;@|NT&xPI`>K5oamcG|O
z3>($VLeoH`cF*aJloFIfnP{46S;g6AW;<(3Z3WWm;VNg7;zKHH?x)4|-Useg`PTfW
z%d70`&?jbIH}5@&<JXjfzOk6>*h|aAFhKr(CH2?i;f&dpg|5lfcd(kXw7b>B>BUx8
zV?}+>KI`iQobGu#*d0Y+vi(wXWx^j;rX-9>)pbfBEENi6!$L|bD4G;Uy30Gk3;*6a
z?-@~KEDj5zQ5#|-A_y#qwXjvuKGBxFK@%bvR>F<2aZy?(4rI+NMVH0BVpg_R1*dKu
z>YrG14T@O#HdIuk>aa|z{LHBc(z`odA?BKJvexgGLW4}LAA8fSv+*bItAq}>W4O0W
zQjbBaigglYz2Z%He(Zd_;yK(8_vuJYZghJ+JVh5HdSu--oIK{uAi;TTry@MLqknZ?
zIOlFRl5%V9Q4q<A(ICgi1;6)UN30ur0L2GXQK>+a?TVGXl5$ont%}Sx<a%v~goKyf
z1hCBR^QG%Cn%<(G8#FpU>CI3T*f!gijJD)gM%c)zR`vWf<*CD);bBxM-wC^U2UWxD
zn?y*o%3~1K-XBzF%?fp$i6V{{&r5MBnXQi2zfSDI(%2SsbTy^#IlHs@9!uHuIGifX
zj((>E30eA`{_#4t^SjaU3-bcZANSmJx591vxvLB>203{@X@%qUFl@GBnV%c66G4vj
z;KFu-u4q(Ls#Vp2ch$6^JO3%uQ8T2dFM6LrR8%Cq(Pvtx$I6sRs8IBkm_;jkhwu@d
z#dr{|J*LuWeuj$CE+ZkclE_QJ??_Wgbh_Hv;@6&@Oy9hY6iW@Z@t8DqiL5%zRINkk
z*Uo0PaAdLI-aHwvX+_X|8LZWPa~1H~-Z0YYy-|Mz7>!<LWX&`cSrtG2xuLyvBg6GP
z^<aF+#^VxSt~}hkQS!S<^&HgCp>_HSd}`2CPCwS;yp^_CZ&jzUpH<Fz26)lgV6fP}
z@PM~}#lIUJciQQFfOOd-^fH|K!9ut7I-;GOUfkKX`ACFmKQ*rBZAR@jQM9T2lApi}
zw)I7U-d~iG!M_m6%3~l+AHKR8JYZyt$u0GW;j7Y|1PeWj{e{GC0QYnE_zTE=q&a>q
zVRkd+9Vw|xCYWPxunqFgJw&d&4%7s;vJN%k&tJ-_Uqsx61D<VQL{t5s<RlN2SzyCO
zI>C1mQSK^jKU5uSX+BnKbKcq^(FCCE<N=0dds-Ivn6JAL$1j^IY5rvZm9#*^=%N8`
z>m_S>1DFZvvO3fXX1IzvSnCYCiaK20g)Ak5Usa1a3IJ~P@{eH1W2Y;NFQs58{X{@1
zr8c<NEu?ZA_~n?^y$bZS2j6LwtnlKz*8l+naj6Ldx*WE+C>f!JgHD~Owe{K@zU%Nl
zQlddUQI7Obq9Z3}?DDajHr)z2Y(cm!hYr=_P{4!Fe7(J_DmElp;eH?>{8WOYodyMZ
zR1i?4PNqxez~igMo?aks^bztJQaSb4q>w@Zby0!?IVT~}E#l_JY9Brk5N=M1BTLAD
zi6nLwdL~kv1v|P>fDIKsC>8Oszdx^^h7bra))WP}a|XokFl0xS2+rd_q*Ulh>T9rs
zECAB$+Jt0F2g}{7bY%1CqO935BTFrZzjF-f2`^KX49T-1WQXE7T=~0H#e{33+J_8p
zFqk=zYKGfJ69LM^n3?cO%qA*Y(qae9GM<!KvZ8^v2M0jb>&icyN9x4h3Qxf~b0ABH
zvH>4^`reW;KApU1kSnIxR+OTph~v-Dk@d7F(jkKk&ZMCS^(V&6(JO?Gim-;mb=LFx
z5h}n?1f&P**<PF&azP9Wo1L#UkcR&4mL+?MOeg7*qXPi=hcJWLATk9A9J!Hww*~K!
zeF<phq?jd|NN;XjsX|NbBq0K6>`D|kS-E*$gY?D7{_%ceY>#jWj%d{q#fNxjPKU_F
zcE7JrPYoLxcrK;bl<eG5DLnC@Wnbd*<nnP|Yrm)#+l=pp%nVD5WRGNZytvS^${?1*
z!{b}>y#g-3O`=E_%3qb88+dcF>>s^e^N<SYe^W*O#RV4v7uIInV-yq!6Z#3upCBO;
zN4Y1Z32%A54h~ZXlnSmxjw1F+d=@$P+a9s`M90*1A3o5NTav41PLoJ5&=PrDx)U`Y
zcL}Z_n0E<F=+d#15Sl>}IaZ^B185OFG%Cp^POzGOA}B2g+@-B&Yy|Db&Pd)ed@;<y
zrf=C^Xqv78OGJvW(mBJyyhw@ql`9@qtb4XHG|bUpr5o9C02+#+a_JFV5}JX6Zm}p?
zoXL)Xl*Rj3?8i4{dkCybj7$(P&6E|Mal{6MX)bcr?MR>sgq_kHr3lXEUiL+s8HI_k
z4SHYdJ4ckF*W%nHWvJDd4pK+3D_YPz8WAtq1@$vlnuS>`Vnmi_7_qzT9ls)|=xAI>
zMZKgc6c%wdTXv7G^9;X_%!Q8aO}e~j?h;lePF3Xmy+?Ljlx7XPmw3mPcUwnRB{{Z|
z-WGdXuZb$dkYng1JRdstWkqpVX-)HC`Fpcmad2d+ovjpqN(vv-NR9eeebiHk38GP)
zg19l8F9b7j%8j-KJQFtkfwk(9bDB}TN=<w^Ni<tOiPOHZJ@1XDYUSRQo9xxroI$Ps
zuu;N`aePmPrV+<zJ|x9)N+nZLrXt4?L$2ZOWTyBts?lRog?XrI*++DGRKsSWVwF9T
zJSbOt)Tt3gY};ZbcFT7{#_3flIZ?xBzd|=4Thf9hg`$Oz(E2BmJyef6Cj;kextUX&
z_bTu*k5cW(`MciV`8LF=fXOE@M~W1RsCv2WkNRRAwr=Y$T318x**soXUE-yeo3do2
z+D3l2=?AkTP*+pkOc7hm!mv^eZVJ^&&y+#n+qZckJfF~+4@~wTg6%&U(|5L5L<ac8
zf~0xCz=;0Y#>k>$tmY)N-W_qPF|)8kr;RyHf}n?*@jWOvG~&G|v$8-}Hf^sCID^Ig
z$%*Ft5M;dBl)9nrG?ra~ZUd;rEd<HDtwcM~v$PMV0v%YnwkTHu*tzidp5734Mo&({
z`<z0w+5}hH1bZls*RexyVhJzT&!Jm(bgST{bh({V4}SEo{ikrxA#h<gzYP7QN~CtA
zeoKW*k<p#rMx%W%jRj-)IvXGbe5~9N^;-Mb0nZqj9%IdT&6>?n9XB6C@ZI9-(WV^@
zwTHA1X`5bdw?jFl9z&<E#`KPSd{oNzKUZ8+l4YIpIbB2Jv5Q2N1}SAdh4&$C-H?Uf
zNB|^`6W{mA&VrG2SOHeC)hM*wt}hIi=L1{mqY+a%Y7%^>fvQ!28K(CDdrvKl_1_j4
zH?)5o_s&L9MqQxMK92+(fKn6h+gWc4{X`&f>v{Lw4|c?2xC>;s<2?R6|MEVXyAj$t
zO?P6_p3ov1GJ+*oY1S>Xu0Wq>yCLFq4&2e<F<So1{aYcGK0>h5jRm~3!!js=bTSMT
zX(cZ&9_^X6CpY$P^x28~lk{OD2uK^PE44doGE?n@;SuU%#`p7l07R{AHD;xSti`P5
zjwc5*ztbvF{~WO+OXteDd-p*g)wU^;JJ>I0F~<pa=dj$tQyVvPyRl)DQ*lR`)sS=q
zK`GH8h-mGE6x{(6Eh=lC-ICk<AbJi|yClneT*J}Z)qM<b!c(b-ey#$&vkl2nr3^RU
zX{Dc9z*W^ZR<qrsA=tCW=X_7zRC}g^8R{*mpWLekLGY)59~5Y@V%^dFsZ`MdtTSxz
z_cilQKf?w8UXOANq?EUPkvL>*8L|=~EM?pv#12kUC~$?Cyq6y2Ni-u42T4V?;xxnI
zRx}XG+b0(M`!4#wn;-r!2aSb^p5q_q|HDD!`2XsliT)>-khU;1aWrtYu(MS%akMb~
zFEsH_A{q-b)3=C5&xFsw_}zb>gZ+PI6C4cxmrZ<&Xy4}9|4T$;|33MzaN^r+`^Vhw
zKhO658xf6_`G2DmanqK=-y+%*Z}8;iut*~F6PRG$mLoyr=Ufw<zH<U(bOb|Wmyb)A
zO+M6N<`jqNOr6xz8V1f<WottyznD!@=x~khPaOS)5M&Y+%@D2N)~sM6YR@+t2zocu
zCK;hMt#g`wJLjjo^B-<O-R>Z|nc<hbv_4gD%k6Y&{lF6vn~ESt-p3McW(>cCR(q7{
zs|Q<RQ~3Jdj{H;9(L9hXP^e|auLq?0F=w<kv}<XA3O^ra))}I1m7dF}3li=!TH~b-
z1}Pkp+r_<Oy{iycU%axP{k038!nE^0liH=dXS4y-t-U4X3md)*itV0wiF>vThLEK&
z?=`y`soL&6Kru&ttN*T0{(q`!|6^tRTb#i0-!y^kyEs@_Sn*lDsRHwN$uO~V{KuY=
zh5kQ|{p0vQwtqta{!z65OaT7HW#jl)myP3pb=er0zKigm5P&9>yYh1Lj@b$a)A#`k
z5+b55AdVTFGhN>urNV`DoH**>aO&Dxfs~1CoZocD*;Fu0o03KZL2$l8AxTTis#<f?
zv0FDP00G6WI(CzCNVBe5St~NSY4vA|_SRPO6UUu6|Gm}K$E(ki=@`db{iEjB>*|Kp
z)wmepN@1LKL--E|;DJwbkDX^h!Li98@ZjGr5FE42*ErU_B4GxqVoglk1qr5t!cY_3
z3+vmf`LDEC{hz*qQAJWWU|Mq9jIr=ckK<jm*lChPr02OqpJp8c;Saz5q=1i841W&U
zvi$L5^a4J1I;!(s>*ak7sY{=3HPDNB9-OGh3bm@o8@?Pb!<4Hc*5eTiqZvCYWFYA<
zIT;13|6&o8PPCWqgL@kvE{T7D!Iu<OQf=V~egAsLAf~(74Gq@1+3pv!W!&P2E}zBs
zfIWuMwv~66Xwz^<+=Pp3eBP4gg`c`MGT?0qvA=M1z>K*h?tGcZzNS6>{c!;Q0>Kec
z?G_B;Zxt+LoN;Zn<m$8m32ku2;ce?rpiV1|GH~Dv2rYB?wV^x?1L}>%UG{=<qk`=d
zycLwYIrbqu%qrA^ar2eHE!vWpctAVo(15rpmvD>#NAi*ZW0005Dg%dA!|a^5bys#_
z>)2YC4xQL04$LHpn-~I<n!hqS_e*eN+}1+9Bl70=mBFbTyU-Z&eqQ~U@^4-G9bEWF
zs8lS?F#_%0-_L&{uSwV`tr4h(blGKHF~O@yt;Xbv4U7=hEh_N2qHzRs+cNxE>A#@6
z_bdShj@T|OgL-v*F!2{hxJb8Y{Y1^;G$&4AF&9U(*&B=I1hst_2Op}xP*B5R>``W{
z;WNi{4tTXaAQ*+hAf4trBw59|n&3Rp`BWBQ(fL2JU<_ISk`0@41lD3rrSUQ-XXD;Y
z3?iHYE#R>PwuT$xdkgdgA_oqM3W)vq@R`=@->e?&iM>XHwztkuGucL3ttIV%r^rT5
zH<#P}QhU?UA)(1Ime~VN+4KT|iYmru>!6-;bFby_Hcx)9Vs*Jgb#*__je}JKF4SR5
zW%f92nMaZ2)2Vic2(074CdCE?s#PN?SOxu#mJ{Dq;>qZNF~0mQoIH<dh#dI>rJ-mV
zG+r5xo7<729vhc~o6#!EC8OCf!$mVyd}hR8VSRT2Na<6LHw?q9!G|y|#;JMF+Zaf^
zoM@E4B|;E`A?f#+T46#Wm>EQ4Fysjqr`Mi^#dEDe)7Mmc>+s>2K5V+QDF<oFk*ScM
zfUDn4O+dcHlQe#CaCC9I=>AX$MM@$O3yYb8%)=NLnHV)$6%^_e;*oSMIU6ckbgmAQ
z+;bOwXUUu;gL0BwZ&BL-Cl+XnZM(x}3s$T3$BE4*4-Vbu=d)D5&SSrT(8FJ`7+5^t
zyD)=pGma0452BA>KECO0U{HnlRsEV>7<V(0nmGGWCD{0?ZA^aTZyJf~=ENGoDT82Q
zmhixa?C%XOzg_yN#fpQ~fg@E&8}PNv5boz0C(rO<^Jn(zTH;yrrx#3Vv`N-LKvyE>
zA~05NNcN6qb*_AkuaM-{a(A?QZE^3{>3sGNV`0N9V;^_qKQTtie{V&-Qwwr)6a^{c
z7kmmX<Z>yuRWf(h<>5j`^65nk(Q8s?C2I&K#I`$?=oQ=<)M-L~_h)O}TIk(R(Q?K9
zy1w@smCFs$!}IWYKA8us#-5kd&hO3{-N(rXn-ojeF?C|i*%Bxk&hHV%7lePjh<s>t
z-i8Kw<p~pu3Kcffo6RHJ_LP`9YgaW^qd47xOfz>-5)%;os&llT>!EsHxOvi5zAORJ
zYPDYP@tI7izOKl>tR>>=nhctS7!FWL>y0|<@;#Uy92ASK+rkv(7CitUF6`SM9Ae%&
zNtUFTm|#gCB{Y<qG%HO=PIH(j4I4J-u;ZiJ(DBM|*rB{pg;sT%N;4cwXB!h%Cq}*4
zCf1j2vHW5}5a>0c(e~%#bh%%Gm@G#MCV{edMztkLB>D2O8vlvpS3`~#(R_^(ZHA13
zhM|!$O@q{?wG7%x?>58jjI3+%k>a)=LdWa-FwG^Zdv~d`*uLxb5nbA#{p7np7D<H%
zkH&4<s<*G>?IQ9yw2g(grl!Ea>}IP!TrvssqGZ<z*yPI?G5RDw(&ur^mAMVuW+1Sl
z8|N|a3FWq8K1a!?5TlorF|J=vvg7a`<{~otCIAIT*^S)qZ9I{s)5E3ooozqi?sB03
zjR*wNu@FjNV8hF1m2Q_onnK$SBd1R0W{8fQF>Bbx>o5HL^p9Ghj=3yQphWGQben05
z@<Wd}yRK^ZQsN+yw!tc!?x)(QWIXjpQhMvW?CvjtH&=YdYj5+*A>D4iA2(Ni&WUZW
z{mZ|Nh|`rO=XDv5k|w_=Il%h6c)UU#-gTQY$+(&F{kG(HYAE#6tjBTfh%d*3QF(e{
z8{{p1dyYE(<Rg<qZs;aMmRoG_@nta0l&(Sz5a}BdGC@qu^?5tRqveB#<#_^m)w>VF
z|2lnu0~^+Awe=V>Y;!HXxk2OY{Btu&i-ZckAEezc;P>$E19!0=-Nj5mr!}<Pc8u#t
zogf)STB!cBAiSGcfgW7mkRF_agxrF5oE7Rk*@)F7y+Nv>LAu#AkvvS}Kw~_w75b98
zkP6M|@?78`mPtdY;5hBRXFQ?!OY$oAqL$om$ryEvQcR;opV<YRV39L_)|eS0Y*^b`
zmwbky7CAMeQ5B-H0S0CL=VxX%P1vfU3OaU4;C;A(L0knL6jQL&&@$e~XQ2Q9!!y|+
zK0m1j<#NuFb>wiPpUloW-AAV%rF3kG+V_y-J~D-`gpS``(Ar=)-ncl#KAS?i)Oaf)
zh@q7fNbZ1^n<%$G!jmcIZ7^+l7SJh?n=6ZLO!b0+c!i{kTxO7CfOVv&s6?Co`=vmI
zA8LJ=T51xQDn2aCXg~Npsr#>D3rJFztR0rT?DD4nzC$;Sp;zNh%G`vF=VlmNp4Wpb
z>dGhH$ptneh@Fil7u_3cSE0p)H{&R_z;r-bbT`4BkEa&C<BVmu4Za3P<~{45XVvd}
zya{yE#4lu_-M7R`&v;1LnZ@5`HF|P|Qcuw=ZhGvO9Mi6Dz7$!VrT$$q*P~uqPmVJK
zHl1K;G@VY_d^^~XC(H?>_^gw075nMBzP?T4m8PuyNbW$=A`7uG{V;*~wSe0N|4fuE
zsr@*L%z+$V$aArs?~koK_$g0JvHu{p=h%p;V5Q=6u~uLIQ7lP~t4QP+?epku6C-0H
z?plTboWSp{6E5s*;Nk*5y85uTZz)He=Ui4VJB+J<2%{a<Z&*{TonSVEB4Vr7vAmP+
z`l7^cz?QifiIAnY!dzO$q^5H}YW=w>kus_dOCZdFa0ixL$Je5&$~9uikhz(p&W?Nx
zUErLGs5GZ)HiaiaE|9r}Aav}2!5PK8eh@_YM&#p&%rOdL>Gcx_R)lk2@`nJ^xNvF#
z(<L16l0EWpI)4FFGm(TOaSU*(ljMY1K||ho?C3K8SnOk5Kfj!MIPp6~NGZ`$H1@1M
z=F89ZN>^gf_`BP5YzW`XsPg_C|AA#-p%eA8ZnAuP=t9&rddc6HIru^gSdz}=JP^Q0
zu%{tu-qMAL%a20}IqgP?gOE=dqij1SlXV70td+}Y*lP5!<T!$59dAa`O!j506JfF^
zOAbQaI+oAxAk@$}JoVt1%FhFNl%pz{*jE;Mg}{i`!uxGlN(mgu@<jdccSJpN){lUs
zULBoMd$=a*y&sAa@Cr!iA#JP^1&A_c{;Xu9o$n{godt~{^z`E&h40ElX=n@_RU=7I
z9W-RG1(Kn7FzYPxg=T}Fyd`{9ph7qVDdwM-z$Lh>^5uN!2RT+t^&f|^1T{Ifeo<JE
zlsEEbL4zmfmyxc+>x3!!pFb$W8&M><Z|YN;qM$5;UOJhOqZA5ir3@vkgu~)5c{!LV
zm*<Pq20q{WO*DvR#*FJFY!N{2WaqI@RE+xDv~xBh52sum1!>K+TC)~I<}DVUq&ovT
z!!0iQ+3Cqv%JY%wO?-a3MW4rtIz+x~cA~K6zr<#Y0+&qY#&y0sER_k1-US>jVBjWs
z5enegznpX^)_AzrkBuzbwlsR2sOP;qvQ^@@>3vHje)`qDNH~Mt=n6^?`-@~N<VxyI
z@C6Io{rohJ<1p1Uyz84Af3%M7+l*V)Z10+AT~<5K4joI;-VRwk(l=YnT*Bo<Az~Yc
zTLo=x;<9O|4u&sNJTuQVca9u9x*aROmy)-#wCk`R*_K;rDqh)IBw0D=NL9+&I<j^8
zlr61Jq@Go5(b6fcoZl|d4AeBPY#%&U*Nwy2>On28`%7j!W-jhKt<qRHdLFcp<g}>P
zLb)szZlJnJ1%g$#W$2s$Q&w2nXaOA9Xm8i;<Ke(;8fN#a+*r7HB5j}zs5;K$+rw}a
z3SifplV~1k9a&k%n{9Jfj~zHN)2WS0>x-My9h!=YcTSyJTgIAcorg6x4;Je3sa#}a
z-5O<T+*rA=bat8$NJ}~sO9E-kotxXZXGk;8ZJd_dHGX+GduhAy(uQvlA<1Cd>R3gt
zx=bTt^S2j4K#vikvHgZ+ztO`H8`-uKa7)M4s~k-YXqdWiSvM{ny)c2t<gNx!9Y#{4
z$4kY}rFN&`)I}v?b@g@4L)NP1QonL!%@?E#bjYDLO||mj4<}W({hO&p72B0$`LH<B
zs7m!SZ6F$9t8D|_&X9M1W{)gZ6|j&Qi8IdH{oZi<dp)`|Ue!17FLG6YgQ}#xUs+Y!
zeaN17={^Ix>Vp&A<&~&W8zo8b!@_R#<Q_#@A)E3of7FOzTM-+oq&`FZ2M;?Yluj+)
zFvCX~=3k&jMpQrPaIu>r$ZDmIw{vnVqhky)#E3sGR8^fbr%=SGq*msFmj@GpC+xZt
z=M66fPt9jLa~tw5;8shXUQJY*)o7B6p=>wgr$h{hgxSy8_yWdV+hAkT-m7sM&*{<C
zu1RqcG!w+vEjj!a!Os$DYxYYrgyeRkDT&VeVx&1qHSAXu&#Ly*oZg@c3({xx&7dsQ
zBs}B@{2F|grw0j)E$O}(&BE6hBI&M6Sb`iFtCi-fv&SQ6H;y#YLQIk(*R802Dh-cF
zhrAZP6r*@zm6W5(fx1(qcVg92H63*`u)Gxv33Ka4&?Ixc!9|#S0y@4p6PpUM!*0+%
zs?QtfW}`8j$l8l>`84CIjF!h@;nVft<lG66j^zouNhS<$x#7T(<u3s#EJyEa6GPs<
zE9nx;yEg_aUkK^m1}%%cq0Xo#yjRBzuuiJ0dub8zAH>vCjjT0vQ_aOr@{8NU$H?2Y
zvbH1xOw?l!&es|wCNhzADKe}vQitF~-ag8+PSXJqnn<2OLfll$dOtZAC9)x644q@%
z6e#<ch%2n*EcF*KU1<`Ld#swEX=le09C0~XSjTo9VyOJB-aGs>VL|Ds2DPOEW{F=;
z`&3(VMwt}R7g5)E&7P6k(3-f-P#3f6;>mecnid8fO6Gyv!60(1F4!~wG)iFM+4YxP
z75^ao3(#bi_4I&szTwH8ONY3tmyS(%H7aaS6xtl*XfhEFZ64&#8CNfTvcp!}<Q;+2
znwYiJbu+Hf*o4ctjGH+-InmqtOYDTXVNO|yWYj==p+I*`^j=O)>?Q<On~tz8L^5a?
z$CnO+<;O(2k|*r{chQ*fu1%{pVH_N!?E+s6dm*0opmVXb_O?(oSuMmFn$b!j<M$mE
z5EmWdt8G|pg3M(yvr#$=zEk#;&*R^COS$C>;~EQV^W-hRc=w9;sQ8Dq&=)QpK3*AW
z#1oICTrJ;iqBrsq+LjcDh13DOqfWY^C&z{YhI5GSGYcY2#Ssg7qN8+;RPNq1l;~RA
zrM=_73Ai8}im0{Xpjg@Dqg|&9qlOqPOS6q)liNkn_3uM`^QBXmXxPaHzPN=@1a0gI
z^N%C9js#JxJeS+vIwyoGJSA%Q!TV6L3z^vArHoANb|X225xU=o62i%$F38L4EmT(I
zAw}<KjsESpQY$ynW>fbf^HG+?@tf{+-$vn8s4?*h!20B86ooO*F-O7G3At~R($p+f
zWrAirh9At`u$wem?LDL4s7n;&Y+39q+H@z>vOVkOV6iBZH-YLQ^bw=cbL-_gdu`4*
z6Ib`&1g?l}{0=3zxU?R_rV;Yllji61C8Cn-NQ9Y-wYSkP(cxG3+KmUEgt^(_7-Xf$
zu*gjd5}Gw5SIzokqRDICQ-G5#cH#~1aesR8TIJ}xCoURUuEE`*HyiCB>*AVZioH$-
zEF5q8B?|k1^JLeoXQV<8h)aDlZ9~?keLgE)>b?E;H2X%7T`KLU>JnfK@x0NM$e>kW
zS{JJ3_NIGqg@GDV5ih2+I!5&H2sLpmqyAXnBl2E@?9A242f8<!X?TN%A`6C7k?c6k
z!j$vx_XvMgKTq;(E5t!}yg2T&GS^~{hiR{SH$04B9zO@a4CsWhVG0)=I@~8uBgv(;
z*vDn`JA3go{Z2<%j%z+sFuiC(?VKqN3B2iLHd&wiup5Y-`gj6_#g2}Izb1Mnwl9vc
zFqht%Lp;rndzc@hTE1W##ow$aCEObe7suQU?~TN*I!VdSggpi15I0B1%mg<OS>(sR
z9q&oAI9Sl#o(OulSqe{zu{|}*9;+^vA9kl8$zYtXIN)g**9uh9@|0#}b<XRWa|Hq9
zyz)i*%K82>vP+5eip1LLP_9&SPtKT`VC+WH(jFevKbEMQ|9NZG5bGf(8ccA|E;u%`
zf?PNEO?)G#c(SkzEupgTat8kE!OL<A-c7;Et5K`ksqJ0^^8A!7Twxo_+s<Scd#Yt|
z^s$(tV8vwjQxnDZpaH<(c&bp%Yh|YT$|ZM%b16uscB|FkS}M2eo7f6h?P|3f&1lyv
z;48O!8E~^yEzHHYv@~6mI$JX9e6gvYCS~lq8|l=UVaD?sQQy(@R-C(wn%4XbvevZ*
z!SaY@n3VgJk*vETd%}ivq!&v&IZ}&vSIy3Pq_s>ojDI>wc7wNn6LYp(E|_KDn%nf(
z(}?)xgL)dmi2v=cs=M^k;`(S44YAQxepKKL^nn1+-iF>pn#|qq%~P}G%#-GO^$~jD
z`;pmk>os{ybdN&7V=m5&PkI&im7nIHS)>pd!JER?+JvmcU_(a!AGw*&Ux$TjxTCqj
zMew<*J1y5{K<!w$FJ0MBCwQ17X2o%0tcG-{%6m+qOMe!p9!#9dsS{%5knFJ9qlPvK
z@xXWu{}2Tjfq+N?3Zv~)2K*G*m45kcgZZt4<K<kY@)lhKfNt)~Q5H^p*}EmUT^u`{
zEkUvz!@ieD=kk@Me0qcOmW6y3U6VojRsBX1x&HhSg+GJ<Nfdaj>ym}^H3xo$11EU}
z(|3dao-@$dn@QX)1#nCJ(~7*K0cEH3Jk87gxB`5-hT(4Y^WF1@uLvL&d52q*x?2KZ
z&VY^Kuh*qO{Sh#L#pPJU76CZM0z3rMM`Z(o?b8PGSEm*TAZybBDv*4I*NZl)r=^Ji
zzL7yHWL;eU)D|^KItBOm0XfzIC}dx0z%B*1pIeS|+<+5uPVqH#@UOBfegy7pC?UCv
z#1L}sX20b7C0=*S#5O;@;wC?obGNWJN`M5U9CY6w+0uLV;O^%QFVIgI7amc7Uf{Jk
z{3i+CBl18j`Fk8EZvdXWd(glW6u<xyjwg+dNBI}r(clwqo#bvN5S%)o^GQu&cN_dk
zt>2A&OAN4y+~aZue5xhT_LPZwx&v`71NGjB;i}XI7QH0|xa3}QN!8g90nl=7g+E?l
z`~T*8l=y{w*|*hUgtt{M(e;rcdHSeg-zn4;J-|l374f0<)K8OKhcv!+8dO`@sz(=q
z!!Z~8>qB5IrpTr?$VRm-eLxkGO`**pQl%q)0F}x+dcYJ?uX#mM?_ofV+*%Wk&D*2U
z`ByNVT~M^iwHz|*!Qcb3Cq-4^T;f==CuE+PJbnz3At4$f*pNHH5RPHgKq|Q~MHxbE
z5iCD3w@`#T0r#&CimK}0EXaZ^b1tBqPXb^d!GdvudEL^G^5$fy<=xQl$f`<hF$2w1
zPDNIC1}gA9&p*9^xb(;ak~#b_y1T$r6x1aR#)}{p5-_h7t`)E4+f0d?6wGM?P$8!U
zlb59PE%2ywfYdsriYt!;J8R?}QwIpu%A3Lji5@Wn=lr`veEv`ddt#U6!nri7me;_a
zfx^IwwW$B4j<c+m=Q77%bK<-uF#}=;3;wm{q@7H~aof*8ZauK0(!Rc+(r&+;_s1T1
zcvh(mkwDu6v?lMm9iuL8;3u)W06eePi|}b<qycZRhl<DoH>4BVV3r0_F-N2UYmcc?
znLs}#Wa|F?A(Fw0aM_5e3&mRFsMMp6ya^VW3W~sT-tY8gjj9A2>^1Z)pqmCMs^Up<
z?TCa_)dA^2K?~Ag3}o7T`tBc;qpOn1w9nE&%JSrN<Z%-e(utKt7FYr`0p*eT&@`zE
zX@Ulfj$G*j#8DGP5cKf_z>vkrlJY_lzoO`B5=K@99pXhOYXS(NqJ-KVMC8N%LQ$yC
zJ6X}F&jk!aqDFTHyla=|{eWb?yuF)J^rbzp+Bzg~^DrF~y2M3tY9vTKT=8ZI4Zz@G
zP#VL9(?F$Hpf9i_0x1XoksZjS-v=}(2oLWs4>I&~AP;`4L8$HgYX<H`?AJ4wUrF2-
zC|>oSq<;so{@cQ0VP*es+WDQ4_HQJaf2U!I|0nJgHnB8Nbx|^~b^3>l^<T8}pF}Jc
z7PfEN$;OP&#=!dBdXtgue=@N+7{5)L|1z;?7@5BB@_%XPKQ8<qaOc0sSPb<4YGX07
zG5v46Gk(%`2p?MH$s1(y+YcP?DkfiW-iU8F5t4ZW0?tA%2NE75^wXnXR6YCYY`qIL
zQYUpchyEY9Gnn7&8+VS+=>ELWpZh<!GpG~$AGmYV1d^V$q*X;^O{+?#pU&AuwIz^i
zK)35>?KHm{UMlOz#rYOml>X1dqMGsm-kdw)tw!|U`BvLy>MI5sVw1Uld>r_tq9V5<
znjlHZh}{i9@llRhs%us={1v_|ho=`FzHuixO+nHfV+55h;nn02*1@k^)?<an$u60$
z*$kOIp_yDnJSIL;UXvXXUb7E|8=sz3qr_HQ#ZHSHKBGLxN8Xqpp)q!HwJV^$U&G(v
zv#ke6A|dGW-_*?aH~2Tz@qZPne`(VBKNZQp1)mJxIQu_x=AE=yzaRAfXZu$I`k#gT
zPYCostKy%yIKwxC|8FPk|1|Vup#NVzC<Zphe{S8m?d9dIq|$P&dmJxzC!4{{9Gn%`
z!mYTmAfM;Y%&i#-LJ=$YD~0vGdTxlcOSl-E5;cAXde21olsu-7yht8IxQO#PB)@0G
zp^XR!&*_StQk!muU2xGZ+ecPV!1?mZcUNy$Vs?DTs=E7e!>YFXQS+@RJ_W@^SV|K@
z%9~~KS3Ur#0Yq?&La<M}k&&>j7|+<SJr&+m$*0WVg${1lF&@4q9^OQ4uz}@aa#yD#
z7v2VwAe|@L<@d&|$b&}EfloO12rFS8i)(BGydCGtB37!H>gW_5ZoenQiX1J}3h?Kx
z!#y*BQImSD4z4<mrM?-xI-G%yIV^Rp)m&AxVRttC^qxFD_PT7x8w3UN3sine$6O#2
zECC;0i&-fF^fi&LI#{r}nR<*Gxyl)Fv}!3Ex{Rq*!*YrtUecL37WWWETS&(u6Jsb0
z9>YQ+3ndp>>id`LP3g1J0j)1jeFDq9$MUcY{<tv;!AAiv7`GAB*REuKLQlt-gQLH*
zcJPMq<;XFUTEA@EZo=-|LZR`bTpf?(<9M-+F<AST*r_cER@|)Z`PYO>^c>5<Zrw4_
zfdz9?{-0r8yTp34@yt~-5Wf(%@!4_QqIV9Cs97-wlPZ%Q0zR{&1k)oSSDyAzZhxaK
z5E)~t1+~QOx-@EmGG`hB7h-pqMb-t`974B0l+xPoub*F}9h0H*w_tIzt_#Apqv_1r
zxC>t}7=s_dCx%yvNL5HCyK*^&GApB-lu~P2>Bkr)S7_=l7#4k8Kk)LiwALv2@~6N4
zO4Z|j2r@pkm<xSe4X@;%n>mE&^4nzHY`3|`_ZE16cC|ZAnC^00nV!lpN!n7=X7Jja
zA?pDSut;UH<mr94*52paIo1msLf|H+#NFUrI4;IX3k7NyiOW?aL1ycr<ERNBmqip<
zh3HYhwnQ%Z$IGbm$9C9#lvU$9+c+tKgUEdy(k~MbAsxXA1e@WfhidzN*t;x+COxdm
zzY<I81t3NZ5Hm`g56}q9$+<y^>Cb0DQro3pK0?jcntPzqIHflg3`R@_)08O}Gzls+
zxtkbiDX>g{XJ-^yTw1tD6gG&PC4fd^Qj3Ik3T4xKGtT{F>M|E36H?}^*TS|?$Ya%H
zEiEwb7(Bd<oyb5~?krV8P8Zb>MOiG6oKQ4J6d}tDo~gQQ0gFW+U$BgAS<%62D<+%(
zt+T<>T3T`STRI4jv6qXDY1?Pwis_=wILy&SehAZ+IwpOk=w2WZet|C3GJi|?W51>6
z<H16VFNBOSVi&F+#kg2N-#S2|8)LZSqNP=@MQ&SZ3x$1Zr*noHb=e|Y-9n=rbVh1|
zGPWoF1(k_2zX$fAVB|t1eLX2em!pN*Jf)$HV8R#?Jn}>Ex_0gY^U6LQk=cYVgtQD*
z8P;;`5OKNgB`lVDShC4QHdq;LOmS3TZ}R53P`WwnG{&gvkg$X$MuNH4b$=^mrqVpp
z5rfHcTcqq}`nUOC#ikmq;cy46!q;9d?Mv213G%TUB~75>424Z%;TLIT#1_o89~Yw5
z3#LUVAG^i1wb*L{CF9h{ZSm1#rDHnEG+))$O+>$dP;~a<p$&XRme_Ehdi=SKM6%mC
z)(GXJkye<qWlfn!aUw`NOG!=DkSoh9bU|zg*&<2hA`{Lq+f|rL!)mDV%c?y)hy%tZ
zc}n-lZyujqV-T=IyNsc4<j}%x7Uw1yBR425{}#?ziqX_`dgc!RB3|Fw2YuZ{vh|p`
zmgd5A!B}AVnv-8pito0HolsSxQbFS33AtzsPcT_8Aw!2iVdyI+<RMU^0w0L-5r704
zP`8xG08ABA@&Fs*V5KtiHYG9$lt1_mmdHe$g5(vMw2R>nm1(yH95PhlPD)`a2TavN
zfZNU@D`nI`bAd~Atuo=_lp%$a68L<<w=7jbfdbl#f_W&EOU~BaZE|5B6O_F*;Rkt|
z$%#D9)MLv}m1dv`K^6qGf_)T)^m)VB?-8<)ZNalZ(-Fo~6q}~0e5?3wL-@!xoj_pR
zOgP+ppy!4Z>;Ysiz_suSC919HG{E-n{mans7Q2A)UXH@%QH~lzxMCq+`=mqYT55Wd
z;OTpLVZ&Ur%!Tt{2}d^X8nd0kumaJDW9E?>wy}S@D$nw6dQ4kH;m;5k<cTnO1aej2
zdP2vHNEDP}H|z(51<87BkU7t31bpO@h(Z4)Yy;vng){O**8?JGLw1P$NF^t5C5bv!
z$U-$T1eGJHJs-;4jZzcms6r&+If0-q|N2tQF#?*CzWMO#BgJb3^9$uSY(x<%#b;s&
zwq(824sV5F0-Ao)`*0i?6gp-!FCtl1TPhL3YIAb8SFFv7k3B;o)-25TK=L-Sedczu
zLVQRY=5ZZ1mI?<s6hJUxmwW(~a2uiwvbF!Tmc!*_0lsG69wZvA1i^!hSmq6tL&-M~
z*@()G6$H?;9^cX18iyya`*4c(H$tjb?`gma1eZF=W=_e=>)&Q{6*|$-CQceUrpr3H
zq~d0e=Nzs2^~TKhCJlV3K*RboKl+W=0$LLVjKgdFSxVNFEt{vuN;sh@@{E)esZkXV
zTkVBSlwXuhDqK}UE5w#76)iNnnj<KCR|whj5|BNmhpcAHH5EOIgA9x08H5G&$r&)h
z)#{4K*`MZ|Nq5DyJ+vbjvDDwt>L>M|;m|*?XM*e1ym-U9Ux=v#%l$&mv2w9K5T1O_
zyVsuTd)6xB9PaMuTn3`}2C>_?UeAk~nZ1q120rOHxZIc+_Q_RWB4|j19pO!}G>gMs
ziYSqTaD*q`I|SmUU@(hV(XCB<0~MxIUY1*M!JN7B27xYM&0YA%fR<s&o%m~h*~aRz
zGaHTyq)PzdBx_^RvvYPCXR_Iyw;_+PBr#x2>-HPtq`+L}Ly{1GIc`SK1meOCJ!-c(
zpVnTNqCsCg*{$XK`*mHfBqS(&0Eh5Xnj47kPCmBma=Yq-Wv9v*+J+i6z_-qp^=aU5
z7*`6!8y`TY(IKOvdUpRZUAMwynzCy2BnxDt8_o#d)|7#xcr0g^E92!M@=-J=;c73w
z5Fa^uEh<gWy*%R*d1yg+U`5|wMcyM#?r{)u@76UV<4nlu&qS|WRyb<KbRiy}Xq$MC
zqR9XX#+b_i%7?Z$<@W=<H|2K&RaR9kNYT_J=0TCnpcDr;yN%dj=m;@|bt0omx~zWz
zmr_+!m_A3Rq*}&dV_#`_l%VSf`G}y6ne;k~S){|$^ZDwv*=aIb#56VE)%wId?kKAF
zYOgi?q(F&|G}Ig6eYrQDCBy6bD6#%!u#}p4kPzw(6@);PBw4u=H{AegMVZRxS?3eu
zS0{r{dKkvxTf86)`Jg`s_7D}a{8xrlCLOPuse4M!dfQ_z9_+$nE(0u|yKE+~fqSgD
zZ^Ft(koA63<|qJroOTERM-T1b_?(~qVl;v($ct0un6{p5)|fHG5Zg$(RiJxMPi@Dz
z^+S>;u)}{eck83H_sh-vA;WY!a=q?m=}J^q+C`?f-nCv(!P#A5n(m{vW>a1}`F-k<
zM+ee&ZzQEXQaaAJiYY~hRSbiXHTcrH&2Qf5?j1W(i>tIiQ}cM{6KYDF7m8_;P_KiQ
zL&J!^jAO=h`Hr$@s+OTlV6wu8@|O|namTV~Dsv3O19QwQRg7|$LY8zQn;f<>sAP_v
z<FVJMN40LH7A7pyg5FDLC+ktI?>>y3!K-ufht|<H%&vE1e(n2_U^nq7?v$O=oZEM>
z)IGJT{qMS<>f8OZVw{N(qK&52gN93v{;vMo-h;Jpr!M{`wXA(&Ln4wM>O?^yWa8nP
zh13@nQP%dU*$vL~IonWGuAp;yn@~osgAG6y4}(+qaF#l!zVX&xf{Tt-^se8>GTZfw
zn;v%WQ~hYGweNHI^i<rMSv_4J2q`I>EAQj+PV4OZ+ZEq={7CTQXisnh4B<l$VS!W&
zd6Hx#>_-_x@zj;HZfY0Hi#B6wmNheEL|lQ&eBp`8wXlJ*@}ec%&m>FLd~r#^(IjIh
z-3ui<y89z#&zi^5hQawjty^{v*7@|kAAJp{zt0{*j;p(8y*)n#uWDyYaF$z{ZEQ?J
zKJ!Z*(p`_C{s2Rz^}S3Hy^6H<5RdPM#EzdpsW&XJfgJ}Q+wV5%{>e`bb>eouOVjG3
z#ntoxzxi{}-!~WxR0fN?;gL2i#AmZ01c2C+JWU|WCvnIpN}Q6+xNM>QTzWDp<6bw%
z)G;TM9DDEqMi(M?2qnUvReAA1ow8b%uLudZ6jvK0Vd<(4F|u@5hRIy6lZBB^#x$)Y
zP=hgFg*jfb7llz^u~rET;y(dl5x@RrxmFwkFY>bVM|sdALQp^MClm!dQIJE}iGolk
zrY1#=Gz<swyij}7Vhss9BjS?2vQRIk=d!&Z3{FyBMgb%RYOp+QxwLlp2Wd?v313Kl
zSOpckqB?o)EOLbeeY;GJcWUyf2Sv)r_Nb5Vc)w4NQz`Q-h<WL(Q?W5|`GbriWr*e?
zHm4xAD#-Ep0*uLpt64hVw5@UC#Jl8*>D0g$F0HYE9jfzp!x_{jQvrgbU5$p#Qr}&w
z8Vb9CE4^+SML0HFaL>2;lOIm_nF40+-(gncLii@&le}MeJa*YG7m^lsKKeSt3lFij
zZKvI>u-&PTK?Xv1IPqH~vDV#QBlg$l&kx;NSy0DQxmQ$DIGo<9PU|gVS36nSjDJfO
z&LxPL7VO$6@Gq@^qAYla(nRGHC2HuFD;VKX9EvQaRD5AZ*DK$%idkTSn6U?4-US$$
z@Oc@iqK9ZiXgz|y?Cs7ELh*)mKUkXjWbg)xO8v0jj)UzCcYhyMM)on)eo?Hr&_g!z
zhP2zS+8NS$LracDd=Na^oa5EA86Yoz2?f>Z?Q=FJTJ8#0jvK2|Oiu`uxAiuf7AG&~
zBQZS|3A#}VD*=A`JeCUDQ4;&(l*3DQHxy{@an-JB%d_jR4#$USQC~9KE}}~;s}EG8
z;atKX<#bWK-a8RhPOe^@oC$(;eXeBu>is)u@Yo7GDvWp88On#!`4-}pAfF1CH^(O5
zn@2p|gQ!|gj9sdD2RZ|3oP!r;3~1BuIK|u)Q4=HYF{Op(myptD715bRnY$+V9yCuf
zu9_RjZ+_|M=yY9AG3`D%BGGn}4vU_zo>(bK^s$XssglJn6)B5ltczN=rLISD3L(}%
z774gv3NQZo$IA%VVSc}i1-xXZXt;;txnnY-&ab3Uh81|yVXDex8g!4yubc~=2%o+>
zXs(xW7O-5y$K4jkss7Qomb$x`eOoPhF6DKP3OX<oU1**uYtkT3=U3^VLwEeq_s&1i
z^c+9<9VzWnqvWw$COgn+1?9v-n~v*`6~0&*lc=wwai#A)g(3#>#N9Hh+lnpeq0vqr
zQz>ozE>7Vk!OS@CONHz>ol7Sto%x})@Tp!T?NbQs2+&iC+(W}j6ZU38ye$Ib15jCW
zLyWHHHnu&W7mM9PR31MZ9zM7>HgMOQO#Su=#X-54T;~^9u5U>ucj`yR#KC<$Z$F&y
zzJDuYK1{b-!2q7vvX<T;lEFmNoXS#TbI?W^f((YnA>-zZqVJ@ghdCP0{u-c2=pINT
zm$Ici=WYf2aD{Z3#BUh$%jt*WTS&RJf7`J$BPFkXzYozT4HmTzvgqUd+{(N9ynXY1
zgF4k;yEi{xe2{A8@wf_6>7C<EeUDY!`P%${D0|27%DQcBw}OgUv6G5zR&3k0ZO$YW
z+qP|0Y}>YN>*QT~t#9vr*1OL>-;X}7F-PyM_wl2RIp;N=r{9h6JW6DHWAo!<f4A`R
zaur>>)4^->9P0w&B+F}m{^;E!$hOc=9tKAvn0}ZlJZH8aeMLH*BtcwiE(L>RVnmd_
zej(eQPQVN%12Q0GDibnC($<*Yo8-=z-{qh)G-sc;pV={aHIYv6)CWNwUPb@t675Pe
zNuOs+JLUE1g;o0(V6eTZf_$xhx1&KH;XU^xBsoiklPeKR%ci6vTr2$jI8FsMW9hnE
zqe}kMe-+fE%ZoL{)pIyKRF6qLbC-@z4#+nc?>!MYLH8pD2_Dk!cETm)=?#WncNG%0
zMn!j_N^cv^dZy@=yVG!!;D#$Os&!bc{u5az7X9%W6jw`9G?EnY+m=1g!)l#Lf!7He
z_eDPYg<r?Ff<e0Jvt5EDa9<G+pdNwl0M|2LJz-{eBhDwXogSZRL14_?D-b4G3{hI5
zow$+H%kD)%@<EwkF{Y6vAAPgw%An|BZi0v-Sc+5KGGAM1zJx;7G-ka{HAtd}{Qi3q
zQixn29h6bGThiM_)neQ@Ala63*bN=dnlh({LgwutCy^;So~Jg))nD6E0?7`i%GfW<
z87|i92xjf4&a)e=8=M@EA*2t~Zuzd@4HDsX&%$$Aa9o4@I&h{9s0{%|?Cq&Xj^>e4
zH5M4qekJVzS8ZxArEL0%JI38`j#F;e`7XSU1m0tc7&NvaIl{Q4G-L>{(*X@NYkoCZ
zgU0E)xX+kNy`8@wE;9jCEQr!PH^_{6mvo&Ueo45mUh11wOSFrXm#@}gWT(HE_#c2@
z9Hs}?57V-88B)Ui)CkiqSUBp169Py%-B~w8LFsvJ3;d$tOlAmD;m+$NXL8Q4@15&r
za|m(NX9>X3oH#T^gK*Vlsm1&$Z_+=YvxZ2qcam#%+vZ-QdYQ%<@CAG(0gDlEH3n39
zJDEz(c4JF}n^qoszVj9rtJ8@vEY<V|XbZ5<-+8V_B@DK&E>=+)<2HXeovam+ev+*`
zwjV8i4oG!zm5;Dam&=>!MjOkf_KwX`j}_LHhHQH`2OwU~>-mtYg?1QDP6R)bxDR<E
zNj`1E4M-iONj%b#cs?&vdZ6D%#<!BA*Ow?JpZ>BTEfLP(R?0fijXM(q3x|(YYj5U)
zWsz?-pVf884A0S1w#U@W|D7f2w;qol3pQ^?m-PdE)<?oGaFVQr61Gv!5yL7=+HUE|
zD|Cg;r>akJ=T8bt%o4#n+ur@dH|-yUQt8t*Y<V+mc@kz<YUyagfs(-wmlA&b6g*-Q
zf+tEm+a#5KrWgoY@NAr-*P(-~*JiO)a3B$Oe?r%y{f<-6OMt)z;`FdxrQU$=kMwG+
z9{U?3U24`kB&sRc1#)imlkcft$0i;GoRYjOA3F}d{HC|h_el;U8$5<jamo)kCwUZh
zm+x?1b7VKslO@D{vuiBhCs$|apeGkFsT*T4)H@r+MltKRxM#e(ReZAbAAw!k)8?D`
zM$OjGvibNEc-YY2{Bj)W+_$^455VDfRGkt!)qxyP=(K>K7Jk1n!o>>b{$ULZja@)h
zrr=6Q$i%apO_$K!4FOU&VoBp6S$C4s?{e7epXmEoSY&-Ho^m)kN(-QlQsH^GwBlCv
zZAQ55I9mH0Z3hp#a5EZtNq}YK+5y1cW1K2iXlT^ydKOae7WTW00WS7vIka+GWNpR2
zs{3>wr_gl@-9)XSIc71&h;es!-QF>EThi+Wn$cZ}7j!`7!EI2fe*2^-pptM7QlYLg
zoS<&yE3gAi)&zbOI+M4tJccx$Q0a0SjO@DzfZa0Sao-*7sC#>flJPCM^lBL-r;mIm
zeeogs)BlKr5Wo>)gf8@>Y`PS~54b$aTrUr`w1Mu+i`IZ|N}vXvj_TfU)qyH)o+ALg
zT3Hwafk{;Fj}^=&vHfGSANk@BW=Beo1i5BjfL*ZbtGVFzr(`tfI6P!B1NEM1ck%b!
z1T^LOdCI+$u`Lmm#d|cg$_k)Dl1eI8SL()i{%Y5h7I^)#md=F;7x>p#NJpoR?W#)E
z;kMroUE2V56;2y`;o2ou<)B*n^4}_Y#S<m*<;(f~<ML$%L1zcW7$al0-7xFMrmO-D
z8201Q27!ObatR-1koYJ>a6|QI$mqhR+ryk{$lwn?pomc!gX}cC=UpC=s^|mo=nY;`
z%fKTp^kF6o3c4p$E6|N?KNDCkGnY(Vi$ve<!S5bJI&l%b34mX{-gza(0~WGPsLiP@
z^y8F948vEHD5i?b%Qt#TVX~QP#81Vs=2mq(U_-6w7Ql}GurK@6bqis=^@EXG*-nAA
zT2-%uJ@%6qDU29mky%dNxnOzf`#oA+rNU+wIbvBM<m7{}Q|w@86`eK8IZLsqBA5h$
zW-V_$)=T6+H^Aan^M%1?r#_@e2Vi=~I6KAOm=?Upuiz);%4JF*&lA)>?)Ru;&B<RF
zSZ-B!e_!cdWjV@Sx5;1P$D$L)LcoFrDFxhh?VrRYjGV6QG#I-?sK{KWcD3fu>{T$O
zC_o+ck-oL2;S_=^*Y?|?Rtb69u5PktR!(rPAbA{a=^3>g$0bFX{E`t#>1fY;c-YVN
zZ8>|j(MNlPbvI*76ZZm(s+loL_r@-++RSB09uqTXwxDx(Ku+k_6{9bK1to;od1}VF
zs1fLcYj94s2r6+#Hwbe4m3-c{w4IB?UDw;{?Ai~f<-BAS<a-AVHnmFT<u|wW2!d((
zISdAJOkf@a_sg=bci^e}%=4FIkx3o8CCRF9UGMi_cPraoztZbJqmBmeSG>XuUqJ1C
zGw>yDu}24zhu!{kK8nP{Afy|F6NZvZ9}7{?aKd5yvjS0ht);}nl$vEpfVY*rm#yn_
zSqp=c7}ae|ki86}Cm09B<*-xOHg?7(AywnHo^}0_VtK7X+h1BF)Yyk=exdT#+q?gG
zJ`4Y<`baVBcHCg{IDvHQ`?1-NI&#P+d;`D9D0Z|EtZl=91tTt%qH`P#=P;4H?T^uz
z>YGg9x&gygFK-$MV8o{DrBR2KzdX#7mZ9rqXUyg~%g(fAA)d%Nx9MUzB!7V^;B_p+
z;5W8S?dD|{FGh-Qm_zq%uV1_X>QgB@C4C53MUrK2Owu70wV}=jA&zt9prhgm80dv}
ztkCA7w6ULdJ@z!4j%2wv77`<TjK9;4IVk_L&{tQb#|>SkXz#C3#s)alhhyCD*Uf(4
zgW=@P4^n1|dq1~XUY$s9e!EIx{4-9v151yG#gFNQ#DtpAzrA%=ip;NweTvMKs3<`}
zVt9;doY)O~W(aNjWVJ_)N|Tw(Uiy~)yn+_1l%Uk4b4UalSMTb$^P|t8li=Gm@;HNV
zxFVg>>(7V#{*E{pUugKo3pehE`w6QWBs!x(LI-`BK4<<XUT{mdYaD==<)+pv7%5)B
zrAFdFVc=J-UyR)gg6qe4DAogO!Yyl^PA^abng$8Fvbo<Yj11IyV_C-aX~FX&Vu$!N
z%ry({*>fNPxL2-S$3TAI9|yh;xNHZ$o36Tb;0x~fN4_D*W!GI5!GN?}c-cD+c&djk
z%dcN4+hLGHvt7_`7I;w{S2CbO-!NP@ERzT;o7*n*(4I(W8aeF7vutX@cqcPWCfIY{
z698+1L=OkqEG|6Vdc9FAc&Si`C+5&SZzOoI$Ozjmd9Tw$4Dq5J$l@f{4$V(m0Joa$
zeiuh(n8dTdfzt#z(qO^`TP86y|Mn}~u-K;m`RIbRl)>O-i`Qc>IGVq*weAB?Bgcx}
zKIoSyacnhO2H!!Q3CGj;(pB}+80|U%$fP6&9wuq^Y^X$TSQ)PAl_FUfJ~+t7kdKYM
zA7=X;7H%&Zt7<|dR{sVL1;>PKw>3e%*OQ_de8B&UI!<$J+ac!{n(-mO2u=L~zcdZH
z{Wd?%-Bi!L!&4iv`~*E+Ql~k_R2HtN4L+zshsV}wt*f<-;Xb1_eN`5Wr2Ap3Kqg~V
z#dn-tu0JRD1~!>+m*WFepRAz*#8?Ln>+SXy&jYbbJ>wN61rEA99|I(^z5-(_slWn_
z<bxNjZ|0VquPXycPBwRdH}P}&7U{^oj-dNJD!I5EZlpmZlq&HV1i+*|iW~AJ_9QQ9
ztX{%KeCw^A*TGeT1jWQf^L-9^+C}2z0Om{Q-mjzPS@})D0)7!H=hhyI%wNmpN&pzx
zv-0r+U7P`m&fXpprDul(ZsOU>GbILb;?V{uS!y4A(IQUm>!artJT@4%v|1uS5u!Id
zgR^D_<)%?AU|{+iLGu0g{7C>{#v@8Ayua&BYV|oyKP=@&_H0SQJJjjYNINK?`sMoF
zK!tUXJ5(#&3(La;AXZM8xMHt@EWYm&g&pP*7if9STs#+@FTE2i?3ZiLQK6txY|tl?
zP^mMB;V5sH5lK7sd_YZBve0nC;ke#{i{lOF=bWK<7(7utI{$2FSatDRy26k*rLP2r
zbGv*-h73vpN;l-|!Rj^%tB<BLWE?E&{x1G9A_%j%ytXvS>g?3L{HV{k<#Kg@v&8W+
zxBo3KZ2ykyw}C2JnJ(@i{gE9YLOiz{78Sf3Gh7TVQ4~BF#K~N^7ipZXKVvv~f$MSS
z!vH*!tK-uZEe?i;?cQ02it<6|%%<k-QM%jA_NO=X&7<b_q<tz;4{^vF<msP89&`*Q
zyt?5bnA?>xk^w)Qwm+X;^fe#`XPTB{tCu~$qJL+(Y_g-=4t#j-ufI*&M#;z3baeY*
z)P%}ai(z(!qkm)6|7p^PdA)wuWywbTaWS@6JEOS-1zY}nvq-wsX`l6|<=J+r1bCM=
zlNs;k9++-h4R6m+b!F@=_5qh**p}2>s$xjt&6D-P@#sn!x`tz$6vs9Vxnu<zRi5(u
z0kfrVv$?o9wC3^Fp!$nZ7|p}59I?Z<XK7US3IFwNKLx&~3|WH8OJ^fqaxerD@l|4N
zalU%aB}I-5NHqWorBs)_acmNUm)xCF-%AIClzFPacO7%7&^H1z*fd)i<d)f|5)ck1
zi!_XhkNKzAR~r`J>oICdrs(dtSOV4))nt`#SiMRlQIdR6D}OE)yOn%UUA%9a2C3Lr
zOC0ozYlk!|5D+@EvBHcn!;67}U4VP_(tM(0EwE^<#1m}0OAA)XL5(`u$mfXxOLNLu
zSbM3ou=EIu1n?POd+XZgu}(aLJJ+9z+^<xWO3<5W>LY*G>A~vo{$TjPa;A4z`r~%3
zB0*74aNOfOGF+23T;C_NzMY!Y5v7b^pX!~#WUp5ny)44A{V1$XgD>3%nfSQX{w?k^
z;EKa+mz#K5l|~jh`dbek{}RYkJLD=&p`)IC-IxJsBTwL?9TlrCo`>OEd#INoe5a4%
zPCK|8`E}Z^&gCT%Jo?uC$7aa6U^;)S3D826t~YG3O)p?!yF!Rv5Wo(Bl=mnZUfbd8
zXlfvzLj2Sm=k{gjZ?qNo<9uNNpxPYyjQMQM<-bm4&}bH2&gCp&D8p3BDkddfj?EN(
zk*t$JnjN?+d7*j7gY6$E8Q@6`E}6bdJoa!%bPH+joe^bb#pI!iQ7%DTJf>D%8rSWU
zs1e9!&)E!s)B>T`h22vYm#0lqixp2CHG(s{NE+oF=v>{e1@>BwvsV+lz|XK(6N>F7
zOqv&j53py4Ow~=)T!>~mc<%E?F=D(NF~S)(*{wYmqezR2{Z=%v0&s5B1Y__&j~j)V
zc7SUhi=|(KXda6p&@9kA5Tj^PrlAzYe5}?~jt$c+(o~Mwep9ellbU&&wPz1;OZqJP
zn)|xcz+O$lTJF6`b0J1!-fsEMF#P4{t}w7rbQZ^{f!_-M2ZH(U9A;`M*a$>D*Kr5}
zS{KJkTLZeK>T>C1R7=S38o)7yx(<!eOy}w?oO(1jWRQZj{utxT%ZzD>3u1jeZM+Vy
z)>^%xM!t#U+o>%FD=nyc@wTwt%=6!!sP$^nlejp3JwjbzjuciSApE5EU1{0(O<eWY
zeV=E5pmu_l+7{J<22M*2xH)rM=2yd)U&KZP9&hM*6YO2Szn5ZmLRM8+`~it?M>i9!
zztNIgK(4u}Ncey{AuY<oi*ozZiSpE6%~v#^2HP?d6T(1;Y&kx$aKD>MPsu<*DzBOX
z0oDApM+$a4ShGd=PfLW)(znQhX7)cn)GEtI`I}EQPI@Aw#$ox<MX3Bw)l*N5Q2F!e
z5fDW>+Gu8G6p>ULEn%fsZV*_sLhI^F$!EwOa8(;=HDZD1<)c=RQxk*Ke^ZvY=JhaB
zJ2{On$z-!s*PE#+fVwe(sRJ_?Q_ZO=NF`H%IN|#PkLQId*MkZ;k?r+hnP?LT)({B=
z`i&|t1duy9XlYrgrU$EI?=V>U<IqBb*&qeU<5}`un-fOlfemTkSw`y4W+N0=^wa0%
z{${333{&vOjO+`5o~s8%L{mo%#!uScJ{u4vVj>_lnJ-mZ269t2x0SDrahQ<V{%OJQ
zbfZ`wteHrg7Q(nmHL(K4(XfMmFrG|42A2Z}m1E;08Tzrq!p`AQzxKVfh8!8vBq%M>
z2wVfx-WY9?XjTmA%f9jZ5hp)#PJc#T0$3GZw<Hi$EV!J2I=&P!=l7GqcLw0jTTvR0
zeod<NU`4(@+TI6XYj(bT_-PZL8`xN5Nq<lni^6vafSYP6<)|G0s)?Q%n0+xHE@REQ
zd>`B%)fNjv*Cn0RBCm2bHc)=@?`TYaCPLbp0AAtk_gQQJW~+~W52P!uI1}dO+G*pf
zS*BDlVsRuPGU3Rd^bs$tp5K4e-r{jV^ULyXQH3ROD(2-Ye_q<>CySJfm`ccjBd%yL
z7JPjr;hGpk-7j?nPUxlA2Hv1r@$F#u+2@syYsk$~EB;nrq2X?%dw3IA*V&{vkULhM
z;Wm-`qYAIErdS@dZzsl)#{a4j$t;IfCi|miQ&=5N)@xyAA=ip|lsYN50g`7q3cm?<
z=yoPN3x7sjKGdq#&}(tlB>7=A+zUcA@jx{@HgslQhcJMb88!PQ>A;g+pD?}=Y<u*o
zPFUM)RE|f!N@BmEKD2Udpl>N=gE@ZU3`I+HL7sNCkT-{b3cTdZ?mQxw@#lz+NWl*Y
zpq7~={V=0?Jh4b&b0i>+Jf|BNk>Ywg>iLnpAH*<nLuB%T6?~fOPPHUxxjM;iT9L7h
zVCwm7NTbDV+dyq;CG`!+sFJ42`RXK(L=mnS_dHF+#s!(`Df#W{BUW=!M@^Y0BtIW9
z^MB0mh@_ef=l))D{+_{Xh9bs-{p@=Htk}udtQG8@6HGN~-$H>|vK}x53WM(;%W)ki
zRbjKGUJ|1s-bm#z@!66=rV?y!yH#o`HdKpklulmte9)(^L9aVMV4{!fo|!Ty;cxg#
zp2$q9*~_O%x%e_XJtw2h1vQMBR*jo;<6lBkcZ`mSz=P$HEVh@Nc851O^u)1<jCN3h
z4k7?V9yEOOsCX4)xZ_X$bl!Iv(g%%%z>V99DC3#j1KiVpNVDbnn%xQycL#Lrm%p6E
z`v-J05!MBuz`6FU(@&Uz7RohIdV4y-7<gMZsgkkj{?X;8efw-8ke&sQKV$L)?vM$!
zn&5dv{WW=)dCIjp`r_Vh5atnfK2g<q;sW^osrF$sygAZ2M7aM&!~CTBjQSz}fi`pb
zHVb<=G6|&daSdzv+*$W7-3vYekN$GiZsdZT<@P<&MaI5EGx6B-x?p?aBTv?u$T9yO
z!Xv+Pb<w*oUFD2Z)7AB1du!V%$OVVnR@KZKmmmBWoG^TCpx@L7wqO=WuR}HiHU+2S
z2f`|*RTRUtsY^ZS$N@GPXO|-<mRI62pz%<R<S?bjBw4G|_ri<oHF?>i>B7kV0qikz
zX|*$H_1Uzg?o1BCItXc1&*NJ6uy<8HJ<w{x>a@{neW5dA@;&9!MDlbJzrMkVa<&7d
zrRl-a$e2g<UiXUcp<@SdSm~j+8#p~7`ezDbz!x-)lszr%HlswB7H_X1iL%|Y88}Eg
z;txfe4LR<)W?OMzGejq~+krjqeD8kE{;29yZQN4I8N-8gA`ef|rpm9N>+xYcowKw!
z`nD%Yj4?9QuL^F@!fo)#z0Etf{gM{+OE=~FBy{muw=nxKTW?6V9Iyd_6ulfECUkq~
z##p}tD*_z?0e-azdWW!<(Os55JCyggA?jTwvJS7~apfK+sUs*xQAP9=m<%$X?#9)S
zl`KPJZ-l}qIe>6)Hd~FLQ#k%GrLtE2ROedK!K~>2EkjkW-_7=CR=Dt`H^$a5K%|YA
zB06{w2`-En!2%ajL}Ck)5OcU1QTZpO=n_&SFI#vR@$V}-s&0F9E!dvkWW=9{u|sc2
z>D7M3LlAg~C1JMcs{t`GsuvR-{%?5VZ<Bq0>p%S$qKTf4nT_GUxR(F_LYnyh4bt@G
zT>h79`F~(EF@AZX*;(2DN7pjlmrwaWUCV#DSpU<t{1x~2rse-|p8mhgsQ*rBVq*MX
zUCVK!Uo|8UzFf-zN#{R-(^P&E<Z~8Ky~xf2zWIuU&Y|x`3w?BCHd|9V0dWj4?)I8u
zS3Rb+pBFvN!=C$+IGtD>9&xN`N}PxuZV0awSK1U+$GUi!4Uj!F2faGwj&5WImWJ-I
zcDiJ&X>n1tZi`0Az3p(=w{w*RMcsE-!8h5x<w7ru5zA?nMM`%}C@^xfqJ<J$G+w?r
z^Q@b2@6&F*bH_5&F36e%MOGTj##)@E<Wh*4E1f$#2{yhqC5^|}b2el}+~%wVk%%QO
zWJcJ=Fc$R`=uKQ{v4LA00MlbQkX!yZU^lN!K?~lbr|q_1fTE(e*w#F;lvU7gEGBIJ
z)i=p?3fiU{=v`wJ*ttyC+qspB`9Z!ocSXCb(95&$J>9Ky0_t4?{~7<O)ysnx=uO^y
zMcZtH`H{lb#gpW)opsv`_F>eG{W9qU^EMjGewT$KdGr~J@lite#`r*gMf;=)^2vYF
zwP~9L`^NZ;`_ic&*txxd`Gm#JdZ)v=on_B6yVV&F1Rd9xH{h~u;;-c4FcDRyiJqd7
zxwJ8JnSmJ;Q@8gFcE+<>^S4?3f60^jpOW}*UDZtgS)GFQiyOtt!0->I6eA<!f3T&#
z_)>pC$o^{oU`_p#H^uNZj)nd|_)`DmP(l55?XNNaHTGXI|8<Ukt?^eM+t)fQEG&OD
zsJ~cMf1UrM|Lgp(`TmOg>)K!A{u=++=YOpC)&JKzf3<(y2lIc#|DDtO-(XktbpJ-X
zqNn?J+!a0D|IWLjV`F3cZ@eov4^O1UgwJNiydonpfJUNK1of)!Ti;J~h2P*j{#sa9
zAbx$lja0*`Ay$wQy!enyX|dHL{vr^=iTS*<B;OP1;HHv2Z?ad{t!AXeQ(4XnrJ$wa
z5-$Q<#!23dyhHZ69?dObB<ivzFK=IML^4wxCb=HhF5T7~s`iGaP<haG(Osk4Kr*8p
z4|Acuxq|o*xi<;-xotQ|#B@M)ogc$mVLrV;V{ro^ynJIiWWBe!Y{%CM2ca_r?qhv?
z=ISVY^j3w@?FOhW1%-P@a#wag*jXOl!wO!c$f7msz2eoZFW}v|bJuOg0Y%3|p6>un
za^)EMUM*GjHnJUIT)qCPtJGTsM`)r%h7pO3hL-brgE#dy9m2cmc;rIi_4P@{<;CrW
zZ-)^rHA~z5o}ivLf4mEGEgZ*AKu?bG!Kzits@NI$szewKyt;f_D4_~7Tn(#xLb%d$
z9bWnV8OD$0kr9-%O@$ql)s4>iebbll3gOH*W9a!6%QXa|s^@W=iADQ&UNyY*`a&gQ
zECia|Dgq}w={DUP&cT&VTq`tOj|1DQyJ;ZA(@?7+sM{{vsR5n%+Z9?aadRKg;x;_n
zZ4=@w?KVSOq$3J4L5mvNGprj99Kl2D^)oPclswHNeYky)ZuBb#&u@n}>d0fkhsot=
zo3CBHFIed*+8J9xTh#cE*$JD0IIL8`fMU#)7x>`M9c<1n_bA?PEM*(tX3>@v@Opu_
zT@diz$=gO&r<{GDEvJU=Or=1)(H^xT(>#%}!1a(eaBpaG*9K_?pjX7W+^_-As{weo
zJPTtX(p}=|2GmbmFaw92oj~EX@Dn$nj_>e#?fddkx>};B9{~qbb27QD2(MLi?zFkA
zG!mnWRSvBj%1uoTjpgdixy{FA5wN2f_f8GWqxmNVE;P?0JEcMi(3i<N+REzkoG#LQ
zfJ`pd!NkmTT^5Yp-8+s7;ff!wk-RlzaTo3>lW0ikxE}56v$FD33q_Cf3CN498SAx2
zh(?}}-yZ_O25LPFYc%4aul7^E2n@vWXYE4rp<?2Uv3*oDzQm4Dtz?~QCTN4hEy`#!
zuP0~Lavc*#DB-A3s)V>$?Cfm6b8=1l-ItpiZ0b9(=woZxyeirks%Xgr>AkRH?L>zi
z&U5G)T*&o6S(^aY=-?}^9MtOSm)FD86_qa>7SfTe`G4eCR!&vX<`@!cTa*{*67+re
zgW7jguM4Jw2FIsnwG6M8y)t2GQXaRK<T?P3cLeM?qBQl3!vVjzMMXy6?Q7aAwP|wI
z(^iZR%v$J)W0anaTiIU7v)La`@z%$#$*`R|o)xn5$L2@!#}fo-%aFXdI8N%rCZ;ds
zCZFbPqqLY-MFwF4r)9ZXu+%k+^*vAe+m)A}t2J0$9%K5g`yEX*;?n0@Hi#XbrE4br
zu;0oW52<Poh{lHM-x{oWo3b6IdfD0MU_AzjkGcan*G@tkgpO*s;pNq0G!9zKCJT-;
z<Kb2qIoBB(+g2lMtjt{^M)(1FliE?Zo2M~B9(1i2xxO`NM!P!Y><`m@pf#mq<Ay?l
z^GDFZwWZ%O{PT?AyV`ODgvZPE-XzYP)<cnyiHJg#oD~J`=T=W!6FMurj*EE(MOcyh
zf9N$xB%VY^bBgz!433Q2`WIn=pcWf+$B&*7urF&fB56UDaZg?73&iW$+gHG>Ya7LD
zDo-vXsPe36q51JTEo*3@b<;aJS^AoC9r}FVs?6&tX-GEuexFC9Q)PMD_+q<$A4+2p
zN!3i>W8FG>S!fo7OVMU-G`wxxT)Q$qXKiDyb*P^IEyPLIi68JzZGJ{$Aqh*8T|T}T
zN;5IiDmN7lGacgJZVbt7B-Mdx!^n|tXSTCIg{ajBH9G?#K!bex?i7k`wVAIdG+WZB
zr=FI|A}3?z$2^#U)G8jzeukP5V&|X8(V*7?J&NpXO3!0~g&y|8kU`RZRQq~v?U6+$
zK}}<h<ph6Qy90CJK&)J5V?J(=+5%}`?a{)QLH;YOye@;1*5o|JxR-i8Vs?F}cwu9X
zTRdSECBSD0%P5<iidww7R-G5E9>=1}bbxpq_3kK{Xu5x`DVd^%^+ovnypmWF^K|%q
z0mrdY(DbKNnT2?0P5pfM@^Iz?eaM-a&S8t`K;2sAeB~i~&%E>EpTV2zNhdkbX!N8!
z&5?ZA7?$Ef7E9BVw)<RAx-s|f1G-k1Y(N9E(zg(<gU#rZ*lEQ+Qba&OT>RxCsfno3
zMG@D57*SdVyjmp3O0mi_Vqi3xb&-f8?zrr<JIe|pTj{=iNT=wL<_2eW44j2=<@6zX
z@zMGakB)1}Ee08<=|HyV9y@}}cRh|`m%X~Xjq<cFrnzf}7g*=cv;AL{Au-<w8ER<z
z>6VjzA~f(VtiChbr?&^*l#zFG45%n{fGNc1|G?%Bud#`N9QV1e#MX?}A2?l*yLG}O
zXGKkryA2{fsu@?nE7?%S@s%`<4vi?moH8`&Cw6YODr7)1Vd#g9Hk&|Z)L?)&#GO>c
zdK#0=Y;tUVCMu>8|0d$DrgAu7F0wq3>n|v;l(1EttRp@5n~OE7)qqbwGml?%HvWf4
zWmf@F5eLN$g%YKUFzx#t|J`i6O&oQnM-p;E)@1A3lk43|jE?6eoiFap%gnG}AO2?m
z=gmccjZ$C-3#!-s`6A%+2&k_Gy+%CPiRMmJDbdl3&pEg2Hst$pPa8jZ8j(rdA4~ZH
zQWCBZwAy>}=-B1+Mpb#xDaU5w9HA{xAOzR%Jpqn_5!pGVP}JFIn9+e?ecZRBO3iK#
z6m=na`rA0r;=}3k^`x{S^dgeo%`>&rB)+GwlSlV!^rvB)@B8p*Jf1Ii!wr3WbC-x-
z7b)qp;JF^y8kw&j$M@5CBvD#Jcp;ouvR0?HHw>4(T$}B0eFP$1kJGUSrL_Sa@4k5N
zsW{v@C^B}<u91g1@-x2T(Mm~*>E@m%GtIx<VDG3?X3k;fDfE>QBd<7#a=GT=YV8c<
z5L0EDJJ)=_sf+EDP4kore_YZig3r5(Z}@TS5}>RU^vr?cDoi2Rh#tBT@R1(P%)nwN
zt?VDL$(G2stWoSiUrRa&rR1f$k++8jYCtjoewb|BjygPHZ%Ery$ScIoW8&oCQdS>c
z{l4eP9cAql|G~C7nfv*Iq#qne6VBtzwz7SQNvb0o(RMv1acLyQ-K*vGW+U(@2|%s$
z#;&pEEyqkIB}US`RF4oI^vnK1MguqbG7p#N773c0-4(ujF2<g~jtN*Nt@8XaK8A`r
zhRXf6M&bFi7iap3oVgWXA!))X8jEhyMVpNoF&wOn35ho7)C_B9r_Ri*(TklLi0h=7
zz@9uzWNbWkU}k{Bp-%*AHD;5F{XDDTIoe7@+d|U8`GRe7LM$WfHTT$)#ke3jqDjyI
zZII0!fIbtfMd4pxuNc8WP8@QTN~AB!P?VpadVhUQl1HB*Bh}zfW!TVfvQ5Qwv3hBd
zZBxQhTe0mEK%{X(RYr|Cx=2M)9o>~hMKoF4#oteu=w0urJN<@?mu^XrZfI8Hr~#)M
zsi6o?Rl83OJ$YBp%Eaub_8S$BDp#oXN~w6KJRm;La)`kaF;as@ty2BTd=vm}(ija1
z-E2tEN;OEO$sX!ZLQYPiUB#OAMART`APEx8I+M*dLh%FJ2o7AHiGIXX+<NVg+wDP4
z4uPhw5EiS8Txw-QZti$m35-*z-+PY5FIH!(@M-j^^!$JXbJ&{O?+)SqEx*W_D`NK$
zwqKsx%I~2`H(M`rS1Qw7E|A5Zj*P6_@l-_dIlA#W(E)DnXyb3s<&#O0UWkejo^mXQ
zDK1Zo#|*Lye1rqMQS{nGMgtfP>KQSM*J8t|e`uP7^X5-$ZjRkDl!qCJFHMNK4%7pD
zMmwUvHh>`_sTNj!aM26XitvQBT=Y2Vh~nb^>b$-`nk|iKqG@}4-lJ6_jME`VSak-j
zG!N|_ThM1P<O@?YloYKw`r#k{<jPlpWVw7ol}BGTYBeTq&V;#3fV*hm`IE?{`B+!I
zu~4t(@hrE0YFf!u*$62xM%D*{Swt;1KS0p??eHjNnl!gc=+o;4W|=oNnDs^Mu4hv0
z==>7TgUVf$+5VvB$fh&);cmfY<M0siqF{0m*K6+rK_jjCs1H()*!@y^*jTpTZ0F8>
z%(pMU&oE)3D{bDmvfqm3R0`7x$_d{u^h(t7ovknlfxP;#l=+WwS%|={YA7>H#H*a0
z*_PqM*0YWJ51HkF)b06#+h>LAORitfV4aSRM=Gta5oZ=`b245;V|*~j_`fwMP^iC=
zNR%oUNiY{2?3p)Y|H$dbp*0TCti=xv%+D`Jb%|ZhHn+o)x3R}h^a^M}+`?cjWp->;
zS4}bQ8!y9eOwe<i9V^l7>OzveZN<Cu%yX^3W*yY&yn)!3ZhPi?q1Q8f^`qU3`!vvL
zevP?!I03(CzUf^QyI+dZhI$glx_DhVF4AWaT!aGXeP5viZy|Ev&WcYq9g$|ilxj1x
z)+5lmBaQ@nNh~)@ffWl;j+>5;tvIxEnJ}}n7}GVg>!q@oDYa$omGU_d9E(+3MHlKs
zm@djGqQn`yOmHSlQK*S;^}`ToGPb`ese9CBces?3Lm@4l%pZT<eTI`WeKW3b(V5KE
zN^{|?Eo9u^xA}x__HL_k*tT68apBPs)n=P(Ft$0J&2qok^q_m`8ESu=##Uo=(t0Yb
zMlVk$T=r~X;R{m3u9_`6Wvu&QD>A^ApO2~F$U!$9!Ins<Bo1oKf~r0<Pd>~9EC#1t
zQA4XLN?#|dND^c43u*GajmVnoQ__B>1Q~Yo!}96MfV|beKkl(5k=x@~L-P>Lq~)RS
zoCc;9K0=(^TF25xPRgtAQ__^bsw)1#Y);>v(@>Qvx*YWYbs)@BU0t~hi-8|Q6FVy=
z#`xgALKWHdjxiH?$xV;LsMMOBGTM-tKaHIRxq7yTKM4KTYjMIXaOY#4x5veJkBGyA
z^|JS$$JO3mr$qq2duW#Qdd+di`mOT$Ci4vM#oNI$^)Iw$bxy3L#$N{wYwd4a3JQrz
z6H2hRs7di-R$&#r5ej&Ay`}nNS?1(}*|WquF;pN7V;GtYHu9%)71n;zRf{S3&%&u}
zBR`g$g{K0K=Zg(RjAGko<U%Or45HZE<?~3yaBycQUKyRgUyyrH?>4-`o*qz3-;g|3
zR$A^n@LXLF!b@(n_FXW1Ihmg|LoI4S7Yzv%`J3vqIccc9GQ|)MgOBZcaw!bt$~2}h
zBb2QqFzE|o*c|KUL#N6Q*q`AlK<Ld&qLvFY0lSJ~dWpo!DC8Z^W8z0CnnR;sFJvV2
z$FbE#j(%j+_%5QmIiK{k9Y$H5$(F2UZ9ZSA<q|e8#$KGPHTJ%E4ksi@f8rmP*;OoH
z8;n2WS+341?x}6N)h?FnOjDiTc^}%)bo{*HQafFAE+2Pye7p|IkC+A@J!CQGH>Oe9
zx-DCvu{yEzw*5YkkLqv=Urxg;>M&c6J((t@9!K08J-5@C60&Sb2LhlxK5!+Rw4*>l
zC09DpVHcoGJWx?Av}0#ou%Sx%gUsl5I6g099TlnbGTj|=DE$!!kX-Ks9L8BVzgYwB
z_I2K7E&A^7N_tUcwsMYWA4GWiZzt1KZ4L-opfl4g3fg|p&AA0&riCn;L%Vqr^T~si
z#n_QVEI>8a#R@NfH(=(ZRvu7;I9Q6CR~1E7=C~R<l+~OpdDb*I%kHE@?ClxPyC=%I
zUGpx)$c#X%PPfccD#TY-xcD`-kg~Rjv4}UWSmNimpsT)!Nku;mKJc71SUR$sf32;q
z6yGi)+Mj9`urJS@m6^?alF$;HP(qAh2T4)zCpqGpq)Z!}{O(TOuGi;NS??;`ZV=dr
zuw@wzcCy{=6{`2#_}=Iy&GWVVg#jZ{udhM(xfK>3Ph-PK{f2x=zcZw>(SEPz?y^Wh
zB+ud+*%fp#9MxtY+=MfnCZf`RB_&JEtLZH?OY(C%=LN`8xx%+!6Q%yA7WEtIKn&P?
zYDwOSf^3A>*?}})B|@P4zBXYt#E6w(3-Yl#0p~r*JxS|Am&Fym8NR?1`=r(Wz_a2;
ze<#@(N+VRK?0#uS!Ha6U`a4V=^>@^5M50FMv>X_gExQBU4`e`8Vf(V7?DHhdJQS2v
z^+=VRDcszaiYYF`mURFs-KsNXJ=CO-2#R_HBS0jFxf(=U*_4_n?#t@v8^c6ip9vbQ
zk+X{*_ZpP)iJV~HseI)6$B&h)9+Bb6DA*r@!}6W0Q#%LJ5E?V!pbLMGk_jH#{~3y!
zx8`dJ6hjDb6m{5J|5>OCUm1TFWOZl<r7FsLI0hweWmB%lMh@+qUEP?6P<||3KN_i=
z-EA5z)trcG-p8_*u0md->fTEvugqYPJ1~LOAmFr@pF5g1IjVBpotm1sFxDrJVGZ3m
zvbIA=kf7ia_YF;<O2Jmex!p+Qs950b1>?TB-jd3ek1&B)gqa^cE^14scz4f1eLt=f
zKQvPHB>@rMWRhxM+kPcRZGvS(Vw3yI?R=|`5D5ivv%I?)9h=b4+A*Tp_BN3rMBW63
zU|>RV3eF4k!$^1V!h<vUvi`UmZ<TIr_$*E)Yk$i2`So;*;{EQh7?s68gLXZ(+@8VE
zFm5j3+SxooQ*r%?=*`Bax(m6h8Em;MtBbEnWqk_m`r2oeS$%XH1d;|;Q)klZdW(+e
z!DTwSrE5!Bx^_Y<yw)!8VXLES8;4$43HcfX+#U)=KXVu&I|}|5ljE~EyV;2Y!iLb3
z!-ZaB<tvJpu|Dfv$`lB^J`*O50s@kgv!x7HMRbO9^9pW<8#OtLbObLbE0Se0v@2wi
zGYGsv=K%J?3*!bRanc0yT>t>u?Cf?6%jb{cV92)AIge*N;|J)Zl?2%qKzg-9kY2-s
z*^rVthJ_>G)XA?hMBUif(gh6y6N;J)V#&+<y+IAaBzUwv#KacmLKf_m1CRl2fbo}j
z{TVa0Q(J4b+L+)TU+hXxR#4o0Hu~~&RRBPYETA~b>&++(h!(bjhNfoDZLd+&MB)Er
zLrgD*Kn|NNVefS8VEEobj}YoF(d+v$vo%#%t2AL;?Dx&G=S$y)qf+61OWg*6Z{!kn
zBY+@Sf)kJ|g>U|8U82qT6f6t0PlsoNn3$)C@cL@k7Hq^7d_(YXN7v4W?l1rLL;aP<
zyo|S0if_707>#f~c(=Vc2V?MF_tLWcXT5<1LJye`{UhNf^l0_D&@kVe;Jy%9_v`4O
zw_BBK+y}Gd7yeht_vm0(3!p(g%OP$(WB2+DY)NzS3UQkA1b)TkzZw+G(5`brfVlrg
zm8o}jU6&YTR?zZGHaA18p*m)c2a#nJKTh2%4MSx+yd9>>J25}$xUjL02|VUPfzu1k
zQV$U>j|hj=3d?%1DP;7#t{@|4b>u*^`>7ts*o%1yj?%f`voU;})ra~d%qrM_Vs+3I
z{<bJ8qEL;sIQ*=e6S>n7R}SM;ZigW_3x8xlc80z`w9{jmaqIx6k6kdosE%ap45s?e
zxG(`jlw0zr0X<&V21ML_E%vbq#4!{$?`NO!x!l4MOQZg)v8Bj!x+dx}R!6XrL{)6b
z&)vXiIEJ&?4N5)4oTqmflmgCj;JdA00E-Na2;L|pd|0tgh^>E4#zU-3P3TwICTYmI
zI?L?SjVf1r>V>d_Rr7E+3uoaO(L2VrZM7C~40XKS?<SlQ1uqFH`lyd}Esl?pitcKO
z{cVQ^E8-ua-X1A7KS#>>0*8XKRMQPGQ2J^#ROj@|$P#;FJ`dR8Z*62T(0Xt=RA5HG
zX`pyfUGi6>!>1SpM*_sv9>%pPwT%kmDUwG&vIgZe2@blK%k)jbM!)G>Dlfckjj69P
zSj<a{<l<1uFqZuwAoflVJ?zt9nrg7Om`|T9Js4N+tEKljhv-Ez?w~SavF!O!ViREG
zlIfizb?t-^*<x9&70M=@=M_b9j4l{y4HS)rVX1}LWbyR=j%`SPgSL(Js+XL6MfFDd
zpcyb(=juS$y;9R*{s8(A9}Jeo^1vw!S`wj|N@PL`Df#2QbTZ_L{kh(#^4#E1b2Ten
zsIf9c3n|@9e_n90?<1rRsq_y#&rsw0gICe`9e2!zOW_K@VcyK+{$#&QrSfJ*X^{U=
z$)x2RB^J`<2POYlSCf#v)7$k+{5gk9#cp1p_vKR))X`IKg9XkagyUNW5C;HUp;2eu
ztzZ{w`xn5Abn_aQ$B40AK=M+uy;rJTAo4x_ZSS18QRUOuv#OwL;a&VFVOz!3tj&Xy
zX<`;{V{JDCMS2!`p4PU|Vg8V0;=09}oyY-vZ?~4}w$}tMeLFHMX41A*I&QaUPeF5e
zcuQ=;(SCl|fV3(dc_$K&vQ})+5mK5>kGq>XQMx{TYY!<&y3Ogg8JbM6+k_4FcpX>3
zW1MRfHnB{(MKu?IX!2nprc8tlnZuiiyW0$t)ZGl0o~!YczVg)e>T17N1rEBfx3RYs
z?vjVoN%j6HhnVG9Ry|RHBcG8?3S4Zl+W>qL*Ykd>ue-$0{8-nx<Ms*Q#^Yl4sqtEM
zafr8kSf6ki_h8riDtd*&-wCBvFj*qehwrtXyoD?>D$=~J<FFzOR%qFKR6D9sX_>Or
zBV$PrW7|L--hpYqp|={|giJx^9GY{3fY!Hwzkxy2-n%1uImPw_#~kV9?1Ky!4an!z
zGHSf2#MD5Gywp_DTir^x(TIAe>~)bB(hq|2BT~G=;mb^ZG6$gG?YUf+5?cRk(lYlb
zi+DNH)EEXPy<eYZxmy=JRiq?s*r*vIZ#bBA(zYhp8R=mtaxS1=EYZ+Y>t-&ut$12Q
zSyc9H<iGEOirq+8*^#uF_>m#Q<Xx0vVXwS`nUPxo#78^$S{|oqC(YKZM=Dk!dMt`x
z2<H$`;@7MAlh=|(p`m27ev~L#(x_0WFx#y2IMi$;zeIS$KLj3F?YkjcLh%qAJ6&T-
zdvURuCgc19k%jugs9{w4rgWD4DTi9SNMNMXsg{91=gvmE4c?p~^DxReP4lnOb)whk
zXfpb6e|8Hh6!W!hQMTHGU~M8{Ub#QT!7(vEg@2Ui*ZWmVy9e|N)i@IkK!})9hTHHm
zJcu-J)9s@IA;H@m_ZcHP1`-m5Q`l`tD+<n|$+0I7&^y#XhH~_>LE`jf2iU>D<v?A9
zO2Ug>`hNoJnFBZet<d>@m}BhB%>Sw0f60vh2g0Q2W@|(%Y-8>Ccg!)Nzf<q2#T@l4
z%?$n};(x)+{t?g5Z{w;#&BDU;&q_;-%<NzAF?y!|F5`byVS=LNb1*QncEo4@{}S^5
z3jLpy{D0?<(f>PtjFJ9-t+x~_W#dN&6L|TI!fqWD>fh*?fFQpJAJWUs)QHE6G%JKj
z0Cm^ZsblGqRu6Ji^S<I{H}r6y^I$!qy{n6vY<SofK?k>J%A2{p(>B#yKOxx^yisW5
zHzaSv7=?7#a2Z&OysS|gp^(16J^^R)2W?rR9wDQ1s5QzfZs!2A2kmZ)v_w!z3|cGo
zb}sO+F(|wRwL!{=bv$hDhSW6+WGG#KTzO1a52nI*=><AizC=8+NP)O()w@B{ZnT*(
z%Suu{BVW8CQE4aLRjO_84b`px8QX2Vjh`miA)rmKT^OLtjc=nSlZta_HbHnD=qjUG
z9s{3V#4chyl9fE2raX4USN92gpZboLulI??sZ#g3BMRN@#a;<^d110YqiG;{S_oap
zwHufbwCRlx1Jru-3|97(QulY6M*n{aD*InD>u;5HhOgB5C$H>Z%KBeQ_CFNtf2!yI
zRo(up@2~c6>Ny=9)L-NNp`?GQ-v3h6|3>Nl$Aj|UnP&gUwEu1+q5m7E8U6pxG^1x^
zVft@MH@k%^)_lU_m;k&+BU3FAPrM)@Wuw7c^sb0D+jU<JN)hA}3KAu)M$MjRcO$Zx
z7=#995fuV9zdRH*b%CKqql7}&?p3fJxql<Ci<o$}>_{z@S<YxJZ=4l~(U;eGt*mA@
zpZvY!{b4hb=`WQ#{p(QWAtFBD;vXCWgOvHTCCOKHaYks~KN`v3r@_WV9^jhR3A8=y
zZ~OXUpaI_LWx31F?@veYBGLqRcJaCE<$Z&opDGmWX3d5Sk@-RDz)m3j-G~Z8LGYx^
z{Y)q5y?MKP&&jFqyNcfDucc07{1vod6k75g?h&E{Ki^Y*nVYIx|FP6CFE=tebPi7Y
zE5b8Y#8`IpFp}6R5Xm3%H)J?b{Q~q1*IW8$ouM2!{McJT+9aS(^^@1Xi)XRIF;WW4
zE$f7850=jMKBtK@5oDsV`r7-Xo$C&TlB)fehG_Unc=Fq!C+Av*dERx*^>k&1f_~o6
zKkE*3)$JwiiRH#78OsYm#>-#&CbUUR#2kLcD#joFW`^-hYm>|*jC%jh5&4EdGE_x?
zxBG_9kG#mc;V)G@iP(3J55DEF1Z!=NPG#xHJu(5d%}|@D|CS+qenC_;oG~RR9R|sb
z2M!qL66xr@+?S3;lRGSH1_@3hs)|FB{XR~_hfB<(3;gv)-Z$k3{aUBU1qrKmS15c@
z=8s2dMMSe3q%Z14sG2T320{C*q{;T9ErbID9t_?7Y*7)|J@p&Qg<WLY6NhuhS8Zn;
zAJ*uXZ=G+k``BVa3VH~`i*kOO{J+?P<#DCCVp_5+N%Gb#^26SI-*~G}>B^oq5uhJ2
z=!>)iKGWX_F-%$>W5ytF_Xf@MTH1SP^wBo5>6xB2&EZ$>iJn2!KbePAl&w`SFE7+r
zm!~%t-0zhvl)cTAM#Xg;W<v+|#d~WD?p0{i+Dx~9w>&FtjD+5}5%&u@a0OVaWJ=X0
z*VQpFhJ&?BBfG+hHkb3;)QzAG$I@<@J%FlHjO-t@*(wOR)eSC|jR2|j3zI$6*VDz5
zW{<Sjs)tMIg0-k9Mc01*5GR%@kyQ9CR7ra82o+VHX?ZiWTiwx)wGASL+gT3i+bTn+
zLaviWbzZaH(^Z$V+BcqWV&t4z3*+cfH6DPP43!lYV#gRA5~M>SaLOcQ0lQ5E0{P=M
zE-}ESKa@MWBc2Ar*HF>k+B|&h{7N~ZQnH*$!Xl_l7gK5-P-^mXA3`bPENO5gDr$|z
znn1&SRFY4IuDV8JA7toP4{KETTCTW}c}bBNb^FIUr>2`I^&=B=nUUhjN#wDcvQF|3
z#hRg=7!hugKiHEZc-rBRrs!HR`v&}c2^u;4B28)9(s(QGhJA-IUWDz0zSqOs)VRw#
z7#NHx!usQ;)-wwcKL<#&)-Dyjnx2&;Y|s;*8VX)Hl*`!9v09WWhe(4!g1c?}2HS^@
z6AR5&K4$3n>ay*odaPNQdq3;~EW0B));2OOMh(Mm$>iFM012lBgo8!GXIhSiuI7fR
z?TdaLTI<VPxllr7zcY>NpFVsz+P>#mU^#^k<{EqNIC=<|$F?n<n$$CxH&CF*DAk}x
z_-is^&{>m>1_wCR@`$nGvD^LDAEuyv$VR6qTAp1i^KuEimGub^v?iAT?^&@{GUMlk
zG{v>RExY+Cl8uIgYNkJ-*q)hee#<27kyJX5eSBt2g_&lqkrTVY9U*bgQr8xnCgPqp
zLm{h{`EWrhI=**YqrUts3R^<_K_Y&p>MN(b#yNv?rlQq8fq$UYxpwYY7K+Dp_UIV&
z#&kBtUr>}m#r8&}yx?4QaaV4wv)L}HK*Yt{4=FUB6nyRYYgV7`o032b-^D?C8y+Ne
zaI_bME9U8S$w?TDtH#t8j08wijrIi?X-cjz^PGG$`&|C?^oJ0?5T-PxdSU*tDcXLy
zsa?za#hsGe#CCPLR5&)6`CMWN0hI!qZr79MbdT&@q8roEzO~HI?xVkvlG$mYMc#p)
z@<MpGW#zN^xllXC06!xlE1Zl|F};#bibJ8@d_p<Tx>d8G>-=0br~Xy>1$IskS1RxC
z)GB#MSUsbdJ;Mecl6r89D$DM8V@NKBLNcb5UWsCa$<nRhqPo^hIRmcdZa1!sQE}zo
zlZFVCebp7rLC)$bFG*jojMLVvE^3vHrp8w?@U_ql;m;*a>{9?giJ+cpq&|79v*Aik
zEJwA0?%f0_GJoK5aTh}QCM%r(HjDxrzSpiMriqx0;uwiML=YjryI@K#DuRjVZXibF
z*FWD>$zcQ(KYc|>P1HkdkWh}$WKz2%CSbQdP_->=fl9bQ+@Njxyd6me7{Y+q1zVlP
zfRfe)7askeLj##?a)j-4nm0X1mTStX`}nZ&w6DE{?SNFvKHti2+Tty>K<gVS0U<{c
z=3XRoMMka&<W1gdShKdsoqP1$t#5{S!kbMcyo9;}O;`%@G*4fs_<h0?avszK#L-I%
z+2%M`%#r~ILYce10>fjrm_ye*zP;~)%;|TT@#WR7HHw7uV^t$|5*OIR)EUV9hnH%-
zS;&uoMv?MgS(I&)aMF9IoWA+~$~*X@@jv}~eXC&Hn$;FqItfO9riQ$Ca4yAx7v1PG
z!MopdrGckit#o8CF)_`>k0%!kmr~Q%O#*q0GgKCGENY*T&n*}D{e&ms79dk<!9x3!
zW={C)$^ElZ{IrJsS_<U=eoW*;4|tQvR>~?44+^DczEAu{Oi?W+O)myJC54mL=xPF3
z#5ibkyHS+d7~C+dIA1zxc6(7x)Vb9=>O0k)1ok64!HGXEX+1~xsiC{|PuTelsk9MM
zZIBaj)I&E978{B@^FxM)+0w88!P@9l^D;x1Rcz*YXdyT#CwCWOTOE$17Z`?#_RrzI
zBxjg4CEx+U6Wh%O&NUnKT3@U)U10Wm{S%eI%a8SqwYknK145mSYvGp6h7zY9_xiGk
zF@pP0s+GE0$?s2KM6Km@>hH#7grjCmw{8`Hn5I5MUXKM?YFdU;MFAYsnp}1ZG%CkD
z_W!53FOR3Hi~4U;nWd7sTN#RS=Sd<nl_7)-MY^Wwa#1LeqC{mbMUkN-$q*G1B}0Zh
zWS)s6WKP1n&y`;Hcz(aPr@!h$&Ruuyv%h=owbx!}t-a4~`A6Y;g=w+;u3H9aHF`+H
z=^ob2CyO^AjBmIf?Iy&_&J81<aRxVej!wKkd6LK0V5GWqpy&L`UZJlcXU<)-avfEy
zj610%^nJ(pjBv)3%GoA|K>fno$#nvkU$+;(E6+5VBIJEAPwV%aau60Qy^!t}-6PL`
z?PES)fcL=Im7=Ow?AFFQSjGOSL$92Z6g}*p4|Ymx5nNgP`$e8jyUwu(Qq`ice*VIZ
z<L%F$9Pb>`8474E#e2xga?56nP><!w<X_ckG14Y(YNQJLNtU}uHTCQ)-WvBRVg0@o
z2dj@G&z%})<Qx@J*1M)xf9%Grx{s|Zu*#UW|Nh)vGo@F^-oVS9NzZh7>Bjcl71lNP
zUf_@LaNu#=?kJqK;m(&Lh*x6KFGX2<mzgrXbrCf%$c|2E3`$B_#a~BI9TYs`5HHr|
zHXR!**O0|ABxty4c80Sy%5AiP({e7$#>o@q`oVWk<$w|M_@peY{qen|Q1|##i7ibp
zPmk{5^yr%Ke)|zW-s)59?Q`N(hta6GXQhXR$;F}b1`_E`2ND8yDuyFSv~;DY`p=c`
z`PihfK}Iv59{6Sq>Xe6;pjGN`sGyDNbq&&=yggzuskSq4Sg2zb*><*{nEfF{ykDSs
z|La=glOJD>I7^I=y+IloSjm|b(^7=(_XIpQIAB{G{SPWDPAMhJ>h?RgR=eJQTbEH(
zo%5T!LM1&CX;rNakL@b9o83H~Ih`DS7CD^xz4wJ*SA?{6^6TPPHy<Q?|Cstpt*PP4
z^V5#48hs|&(aS$u%k+;azkA=#k)3dcpcU0#_3=|WdAIVe3)0WVkBpb=4td%Pd`JpN
zBt~t{aUE&fm()$38tpk$*1%Kxeqd~K<39&8M@rx3Q!+QVjCz$avu4?wHU!PI49$&(
zBt{9`ayi|PaaJIW@mqDT(%L_BD9L!@QQWXff2Bf(ys(X4PvaN9n~^zH6`Q*I)7~@j
z8J@7qB}n;aH56w^e&V*_jZw6e8c>jT?7o6KVu%553i)wYNDaAob}XW@y9NZITBtc6
z2!TvYJ-I3M(QBP=KBg3T-fU^O@j?>M&0?v%dC+|JIn#*}`Ix9~Zep^i+Z*X7>oSpu
zI|^syliF;vj^D;c<}`n<8@_h4cjT#vP#w>;h#GlGb^8}a7KX<8!5p7&*><!GR2F#}
z##G0*V!cE@``j6olMQnp9jJe7s+iZoqB|Gn9!sr`%+_7rA(!{zM2r5k!slHkRj(>*
zs;t&lyX;Ed(aD@~UEuTv@{KGbCrbgR03TsVbWEmYh;py(_^9-n)cY<PlJA5!8OT1$
za}kcZ9~ffI?A%=&`oz7!_HKoyeQC-%j1PN=+-#u$Qe-y9yUW_f%}Vv`^n2r~{_^bJ
z8MgkYby+j_TJOX@nadGuE^<@xJo{yb{_OkS){;pdonZk(i$NXtap~TjXJY&U3%0)7
z8TEMV%GQ#thq-6PMZblwnil!0u8ovGze<JqK=7OFvI=2wm5bGVw2z`cr1nq`e4}`z
z$R-$!7mXhaJ5t5j&)KKdr~F7|>d}au){v4>vs!IoYx(VeHYF+EkW_Tqe?_oQLT|N;
zjaPiB_jBAKJLy~xj<xZLm6b0;q;Ie~MT#q=dJw4%&!)e>N^q&;*BK&v?H;f7Y;!7_
zROtxs^_&@TnnJG5I?3^}I?K`YC^c(f_-Ib_>_E_Ag^KNs7IOR_<!@fUblF7og18bF
zb94H6E}j<u>f1TSjn}7Jf7I+(^OOv3zS_&R%_g5)@{07z`(0R!{HNjD%Q0@+X+2rX
z+DFu{AFcGSeRv=cdw#G~x5<&O<@)^_8bppPA+4R?-srx6x4yMT!29qs;?tfMztPUt
z)99BR_pWi8ovli*#FwrRrm%YFZ@<N~J5W<j3?uw8Aez79$+`*Nn7Xx6+al2gJGKd0
zeKWWCZjH)4pK22EIR05zZO4}fujPxia@R~1yxEV8>h%%ry<1nYUx8~fUgm{Wung<q
zE#DmPv;O72XA;VfVFWJEI4l>G@JeTj=Gn`CZR4v5@4Pgt7oy=lIP856oj%**6t~Pd
z-<mUx>bAodo>6IgP-n(!{qBDYcc~hQ%scHtp7`wNcj{pq)AYAcma&-a?NfEFV%}T5
zB?`>fO<aC2>An9Vc55Ve2kAAZ{|(-F^MrR*+?{@vwuxuUsKbb!1HygU4~10x`LymB
zO0bS-koTPPFBIXDDRNqM{mbiS$H5KamLr0fvQ@7iy`k$PcJm-1YwmE%&R{2{sP-V6
zac2Y8zR!L>C8fK!VA<YBxc4}J&aYYi>C)4?1^0YwdIznjKc@Dl<gz5Z^4nyFd~}ID
z@N7pzSkuXGV`ZDg4-dR?ch*i)HQa60U)J-;Bv@I-hww-xxI9<`GvFD2D$N#mXg9j6
z`OEQGts522_<eO1b)I)zqrI_L60xfT1Rg~dX(hA@)(f{i-8M_;)r{JoE8P6$`H{vk
z`;MnIJmVW`E41ETmmU3dp{V+4`s$W(e3`h+DMxn-hV`-^)+~C|TNAf-^&V=_nAqc@
zyA&=BF`+$!#?)}c4tZ^FO=f*HZAtl{RUFJD=GpD}+1xo2`A*z2Qu&jj-(IZpl+5Q~
z{w``LDUXf4D|y~@g}nFIBJLk2uXL<qE;eT#G!rDf=3#CWu?BA;bd0kiN#;}eURR2c
zB=Tpt1%um@bjO6aaq3UJs*HJO$O%;`37_)B^P{-iSx%*GjO#lXdyLtR`%~zHRsOT6
z!jbjN!eQ-e4&24f80iNG)k`er5)=CPkXz7_R&8l>o7>jH``p{O=90KKyz;t6<Zj{<
zrz@xI^BfA#bYfG=Z%aMTJW4B%9+;98%;2ioIbpP^`sS!@VxZKVK3i^~f2zdSZ_BgR
zjk%7{MnwzS+1C%X1iG&zW?vPI`1GDq_Fby^X&zfaVs>A4)K@Qy!MA$5nx7(Pu!LG`
zM}fC`gge3}-D2@Ap%!J1(oE@S&NhFh)?K&lG;gn$%q*vL+1)EQH=?97-@Duwu#S*a
zgf!&L?g$j{ZQ*iKOc7{oj(!$%#e+gLG1Phydc>pw*-+zPYIjt!aD^nR^YpEiIG-n-
z2FT*X_)njiIx}nf)G<}BT2=}2QX3~@Rdt9%tzkMbUA_ZCiKlh9J(-*k=(yIEa{0_=
zzTCkft0t9>r*|@IChOt@D(|n(Ov{a$Wt&S5sq@HADl(ZvJI2rTf17&fFzj=;LAM{(
zq=`sg?xZ!n?L5~^TFr;!g+6&aQd9P=kGFM;$lY$<Dx!A#E5~8~N#Tpe&$fwdZgOY$
zWEI%Yh0MD7MfID$9jA_rec>kF%|6Tp_?rE$8$;~7H{N7*{Kk1w`1Hl;(7aoDN4Iaf
zbuneFmVZMhW>}!}Qs*W2OS2pr*fojqo`;@%Hs5k2ZJp`4jd|f~?VLH-H2OWu$Bevg
zrmo??u~&h=EMx_DmD%z(V``1rx}=XpyrC+sc!vLxcwLAEza4@gLyR-uR^n^PUg5RY
z+15cUqHqs>M$1fe@&tRuR+k*j3+d|1Jw<I-c&|IdIbzDscAR6-!sh0-)%o%HGKm}a
z;S3R@7uorD2CwK)VXqB3)^UWrHpHnw3tzvt$FB%iuV(2-J>jr=@`~$`3)qsauhrQJ
zL044{UPvz{SnLJ&P982yD6Un*&^)$pU$e5rt9jGaforOnz9AzyFLj>3uss)+gW+$H
z<_b1Y>Poei2@FuWB!Sg8*{8qjboAx$y=f*#@HGa{#nMDW6T)_{RP=lMX|IFZJtS@e
zTj58Rso<*pFEH^h#WrYZE4h69QTmW|m2-~wwaRusk#4WZfHmGR`FnpDksCczC1^4k
z_+T~P&dUL8C8l9fVKid|AOF76^D)smr*5S_&6E3Q)3M^0+A@55JFPJREYzlT*G0U8
zWTlPo(cFcwZ2v^C4X~9MFa?)rZ<Vg$RckkS&@ke99AzXm#G?AWVC3;$1rA^CpkzhT
zGfLK3^!0$)<tFdmYdecyY37qq&7JOwQ6gb74rywqizp1M<%ub1`mR)eF_N#15$<DU
zWBZ~~$No0Zh4s6wfe2qh`kK|(^b(%#O&^O@2d7}~6mBW0Nm3gtRE*gYDbB@a=f|cL
zynUPC<u%{m8(OET9rfm0X^$vcp}4VpcW0I1+AxzWS~-(~o}_)TlCzoB_WTEz6k^Q0
zrMF(*FSu7M(iOp<8!i<u$FDl>UE)y4<}n?ssDAuv>3K7*x&YrR69c?)QVOi%_d{97
z3S&t;0&7JMmYUteL>_n>?wXr@YTzN8^^rcs`+E0|4{f?Cdb&vAmSm@1Y5Obwu^(LH
zjT}8jFD_RcI?-Lr+gNm|w1i*&xy;6!qmsQRbffvUr5?YBS;zMv;BA(>vBwFu^*nLO
zuHwTlg;@^;7Q3!_vU%@=>q_bYU&I_$HmW=dNTGSeZD_L9QSRy56%wYlv2b{K_l?vi
zszI`E?<^N1?(<a>Eiv16bZ0Vu42On4&s)=L?<Km26q!#1QdzH6gi3~Jeqj$<W%Fis
z8BI#{8E2v|S3(9R@zu1yTb`@lop2BKSoH(Cda?SW!;fD)y0~NZip}i1%Jt?>+GoTY
z)_yp{)kJ#E<9P6&IUoI?AgMQJZ@voR>Sv13lgMV>A<cJ4peyc_dRl`o?}x^BW%XCE
z6WcsDkM?e$Y!1=r+PaH;#lbNBD<SQI8~%J~DAm@UIdZCU#&K$G-|@x)@Q&WXuNimE
zEUwmTS@-X2vLoN7a-FH+$<|&kO}&}F+_DnUl@LUTb3B<}ACl)Fe7K9<`W#<@)&`qu
zBb__6^46Iz5oV(t9fFtw-Kt=-{s2^7d5wZ44=ZZ=zK87PSap@AOW&6N_)?p8l4~I3
zj*EY|LAGJI@BO-KV}lAk4Xl}Js{8YJ;xVt^a$Uo;+<#<{FQYKdiB8_W!R&Az6M1#L
zjLn{conkA>Vz-pPR!<lR4fAe%_`nzKn}{gi$#4Dm5^n$F*ZiqHY24MdxA=mX!zFh|
zv`7^TA8TCACnarvcppBxJoL!$vLxj?%`@?Ll@B+%%Znv<BI~p6Hi#vb^HcblhC?Qt
zr0?A;&c5KbD@wVKS93Pv<BGDE2d^T1w>dw~kh-u_vS8=nvE$6bJ8~Zg&FH0lx*Z|u
zVU(a}D}83J?yO!4Z+d&#qsv<Tn9I_St7zw}rRz?W6*unCaz6I)@au<42mCkRwIok*
zGvf@Tl5dV4F3fS=*k>JJCRZ}1jxyFy!`l@O>qnYveE(7QxMYJ{lu3_KD--)FGjyLf
z#i(g5%bj%7CxXVCG7W<H4ZXi9*LRYhZ@%06wI}-4&cacbO?xaZY-*DDQk^NduSA3v
zzIB%6OQqsj=1fteJl<*LdLA1O&JCFF3du)(yXu1p@2lGs8=N+*if7l<c!gbW7UA{D
zO}pat*P=_ZvOmysN3HrzTGJ<^KDt+UO&+L>_!Kc+k>jEAWAZemZm8At^Y?*1?mDU_
z(j_-{Ecvmg@s<0NSr1z~TUWe%mo2ltC)$oxmXfnEXR4$Nr5bTV?%ia{k2wDv=DDpk
z*+)Dm;r%yKHe|aWl^q)yzTwvRU~S~N!-98ZW{clVrF+!Ney6E~SITg36tY#yn10cj
zO?7^*HC0r=-9~yA)>(ApMKMXK$oz+)ufO0*+5y=F!TvowyT$(Ld7r9VR3W^+NM1k9
zC~z#bwdmRF>rw6jiY5CdEFv0YN2~6{HuD}Gx@X%PvO33jxTi$^><WpyDP@vU<Ih!c
zW7%UTud?(U)K*Csk_B%`is`uYt(r5+<MMP>kaS&8=CQi<?H9dc$Ms^pi}HUcqU4ro
z$xC$yx{qBjo!V!d+n+rd`fRXpdbcZQ+sf0^J<kWHdp;4LQ@?#S>Dg_1ns!u9@5_s>
z6NOTv@^$&2^7pLa6y8A1ORoRmzN{?kJk2<v!RqA)7s=D38kPo?8c*7jUZ&7?I}Qo~
zTcp`;%D>Wz?Hg~Te}2lbIpMAX^w%P@vm=jaifrY4Lbi_VQx8p<0_(z#hSbHUbYwe!
zy0L6zVnQ$5{YgvC%fhEs2Az#hW~J-g+s+zjK7G1hX^7>+S%c6u*tS<$BL~lMA}5@^
z{~@O|-*>Lq@kUki&QRmEyuSLj{H&}B+S87xHlxPUDdTO)%_PGxmZL!@!jNqrI-Roh
zJMYPj$E-8c_fLO!(0(ZRRWl`#aN5yp-F`9CE`*Q^e`@OXjrA|e*n5OWh11OlXUda%
z9!y0~*^kB@Zu5GEwUpf#9ro(UN+sS)iWVn!zbn<h-Y>peKk0iWyTlh=f9XD5o1-b8
zClcdM%=iwXy_#l-LZrR?Rw?>PyR$#EHq3so<y!8u;`LfX%j;ydSh=7BBBw)bHi-mh
zY{^hZ1ggE?68*r2+gDR0xI{!fU8IydE<o0C*;jS$04|&D=&*Q?^RmoQ*ECiJV1nY5
z0^HVkqzM=5$bTu|<F2m8mh_1Yc`n2B5N`czT6AImJP~Y>U6g?T-R<*A|C)eTpxPZ@
zNWU}ep~sQX(8*um)GsVJXbEh2$1-N$e>?Y%#r{8X@AO<JEd9B37d;kD`oGTp3f6#j
z(fdrw(s$AC7O@ez7#gf}tZH-E#IiTSI&sH#D)KbHyu;VH&(!NBUta3wN)d|7BNL)%
zia82@AZ;L$9mSDlw)aSTBRM7`BPt^N3dp_ZsCC-y0lD|E6PIK*l^B}{+(*63z91y!
zfDFE2w#9i+Vo0`Bx^}#L8u=+-1G7<i%dQN^yZ7J95%-ATo<6iQ8BB27s5-l9D1A+0
zqP|@r8;?pG?^<wNTyb?q;MA1KT8D|YTSru+lBetxLLY9|sE(4_dZKe+wOhG|Pb6B`
z^L36&E5@pL_Z`uhl~|jJN9sYG&EhlLhHv3SQ)Rbo_DkP2;x~S#8;iBoD>d1gKF2nB
z(BJb1PvI>7PEx(6Z|jEXN}Nx6oEN%d&+Hpy`L2t+drS$GYc{7j&dsfnbB(;$E8t!m
zx#?dO?LTg5|Nko1zh~e7_p~r5`;H}%>6vqAulUdX;tZMg#dLaB9`ODAOV7STd(t5u
zhz4ClzyFqjU%J;E9BPL`z*KP2UUL;RP<%)lI!F}^g7otWj0W`2OB}d_Rx5z-@!&lZ
z^H&4}`6rDC9htYZhJ}?hGBWhlF5n*Xt5A@JTE}cD7S4dKZV%c6exO@}Yk&h<l>%L3
zNC@yVe~rT-z|Z_O0myEFABf>66^vi-GtWWaoey2JfZLD|3pXJn=sW4b@&TkajcTDw
zaW+P3E2$v$D6Y<c(cFrnIR8g|{*Qtw3*e=kJWf4k%fhl~u?&6rk2c^(YMaxbMLDE-
zG3Zd7s4g@MiW6wW{HA>k%5fWWXpIj9m`KJ-5m6{2iHJj?@kBgm5<v=wClJUOG8&5|
z5loS)G^&dOkcuu+j|SfP;Q-y<!VRgY3*Oyv%Ep4CqpE;ZM>vBc>||w;ieLc}sND%c
zuYD2J1^WqZ^tVB!Yvv-TK!F)oRsBt3g_fx3ECvgof&M12bmd<J7W)@V7Q8NlQL@;-
zShCn9l3ipt|F-dkT`+MAW()Th+b!G@!}S+S76+Fs{x6m+9xhq@-#jP4Ck1d6?_WD9
z;OXAPB0CG#?*6r432@00{$j}z;F2Z6S6u%^(=Czir7ltf;-dAef7_%0PPJy7Zqb-U
zqE)2202dZb01uxuCvbtGHw}5f9QrUn`7!vx^zR{;7`T`7Wl=~y8)rL;jEb^~3JQe>
zuc8BIwxS4R@QVY#;Eh@s6bgk!1IHUIn0GdwufXuI5rFm62S%Vw7o6#Na5_j$;Fbe4
za7#8%`IGuF3-!~*f&9Pf*QQZU{gTE{FmS&G4bIQ{HTwUPFt7_?<{S9CXz0>d5Y5tV
zU1W>?6B^tvG<1vcyJ+a*SU>}}HE0Y(`IC;qFQB3OusXksX1-g0_7vP{Lt`MypP(W9
zLi3+wGtc}J4gD!~k+nc$78&CI)KkP?Xz1qhcV$Bt$3joR4K14foc$-VAuXVxyP3b;
zQ*?1Gpn>~UXbeR86Ex&sX#SII=9%Yv3QLbHEbb{f<xkLn!`-o{1w?db@weqe7s*fg
zVBs?jnojvsM8AwM-6Q;6MDt=<K(xdpFMihiPudL0=$BchyM4cnXnqp;*=tMeGW`kj
zPi6GWHq(8(-$u09He;9AW;*3h5&g2ybO-LY5iPdQ^hfN)(G2wBhwlH}YrkwX-Ansz
zM2l_ok_YQ~Z{ts8^vh1uU9sOr1fRC(vAmxcemQdB?Ym2Ydo0Lb(LG?V=;1xcn}Gtd
z`)!Up86)T#ilDa`yhRjn=pg7*q7GtyUPH`x35W{QzneFq2;BUqd4qwNAEk)-p@Ep!
zN5s4mAm$~Hm~So%sCK>+(F6wbwP>QDH%HMN>_ntm0dLC+1S;nvmn=vv2g*r#3uhbZ
z$$9S#L7!Moy4cwv=>MU>?X_H-?QBj$(M`Jh$QVtgH)5gdXcTj2D($B~h=cq<B@p)n
zJ|Gb|f{;H*1U@1W8fG96d)&o>@{4!DZv=b`yg1-f5(qzkp?g98<$_NM=on>SM4$np
z2vrMOpk(e$*{&pwL19458V%y*7%T=Wi9(B`P~tll$;OpNv19?kXDpcoK>PU*LBQid
zzgQyZGz^La0<;MFcZieoH0T2q-i7`xqT$J4v@NEAvIJ<FUrYnn1SlKCNCP-Qr!&y-
zC?eFa3^Xi}2oh9`Gz^hM1{%h|hbEArU<CsW$N~xtG0;H1ivYhLD7yqR5Fhkx#!wd2
zO9U#-K*QouQ1G6SMkIjr8Y2xy#6a;020qYUNaGo41QHpJnSdq`U}b@viDWoFz(<11
zg@D16VReAAWav?jp<V)p0OdLuX<*+WTn`9X0yGjC_=seni%V(H_=WL-mu554Feow_
zN^-#YAQQkqBY~l_v@8}%)xi1iz`8Ng&_pQewwMO$1w)jPh9aSfOLT(-@}n>rfU<;t
z<Ab6ki|YWxXsNCN8oZCd%Z``m21EnN5{CN$8W9I;FTg^A<AeC%x{F2wivVjc1~?+n
zdzKethWOyJ0tN--Zy5PNSu|uu8Os7ROYVoo!Q}$VV&Q#+Mq_a#7(O)647fdjXz;O*
z#$oVq-GFFt8-~VVQP4!Q7&E|vhaLnL(;z+qyd5}*$jArE5>c>m1mIzp-VeZo_ZxWY
zH58#>tQQ#JC0GbJusxoE4_HnVTo2GV0+iBc;6vkxBoYiW8V|+-T+TQ!fZ_GxK}Z9J
z87d36*=RiIB6vISV77wMfF;Jm?H?NOK@X@5G607MkYM8+jR%7eJ{IsK9F&oTl_mZQ
zjSRP)Xab&$gVzCQP~ec^egp!5xP%5JG2wh9xD7*tEH!-YfoKGH9}zK2#s}adLOEsz
zEJO?$Zm-ZpGEfdUAFxeuxqz8sN!v)k9KiGnO+w+8^e-7GDx8lDtOQ(sAejrF2hn6S
z2@S_b#(?I*Fp~ihE@wbnB0n-24E`l$NpSsx;%;!g2NnziA0L3WR8PT_43`UJ{or#g
zm_yNUeFiiPSnt5lZ;&^()b4`V!%{vlF)S&Ihqo8pkFaDu2c8t%{sBHRTu(8;F@(>T
zfCd}{c)b{qt6xIH!^aFL3!IfDd?d)jU#z=;kGw?oKwaQI7qAf+xV;B79Ng~&G$Pzi
z0vd2U|F>Renz@Y~g$9Ldb#2@!kiU!6p;DpXE*Ks3MG_}1so)ckIsKCo!Wbc=tbisd
z6G%jqq6$e7BTpd7tH={jN(u@@yu5-k5rkU)Zx-lLNQr8pXic#=;pAeEKq@Mcaq>ze
yFdZo?E1?zS(JJ!F1bG#L5)Rx~9;XDwnVrA^a?W(u9D~Mz37ADxR9Q=f<$nNEB|$R)

literal 0
HcmV?d00001


From 229fd98b8ed97532109050b9b9dc61c2ce9224bc Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 11 Jan 2022 10:21:03 +0100
Subject: [PATCH 102/150] fix: [migrations] correct string length to avoid
 strict mode issues with keys exceeding 767 bytes

---
 .../config/Migrations/20210831121348_TagSystem.php   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/plugins/Tags/config/Migrations/20210831121348_TagSystem.php b/plugins/Tags/config/Migrations/20210831121348_TagSystem.php
index bb2e412..98492a3 100644
--- a/plugins/Tags/config/Migrations/20210831121348_TagSystem.php
+++ b/plugins/Tags/config/Migrations/20210831121348_TagSystem.php
@@ -10,22 +10,22 @@ class TagSystem extends AbstractMigration
         $tags = $this->table('tags_tags');
         $tags->addColumn('namespace', 'string', [
                 'default' => null,
-                'limit' => 255,
+                'limit' => 191,
                 'null' => true,
             ])
             ->addColumn('predicate', 'string', [
                 'default' => null,
-                'limit' => 255,
+                'limit' => 191,
                 'null' => true,
             ])
             ->addColumn('value', 'string', [
                 'default' => null,
-                'limit' => 255,
+                'limit' => 191,
                 'null' => true,
             ])
             ->addColumn('name', 'string', [
                 'default' => null,
-                'limit' => 255,
+                'limit' => 191,
                 'null' => false,
             ])
             ->addColumn('colour', 'string', [
@@ -66,7 +66,7 @@ class TagSystem extends AbstractMigration
             ])
             ->addColumn('fk_model', 'string', [
                 'default' => null,
-                'limit' => 255,
+                'limit' => 191,
                 'null' => false,
                 'comment' => 'The model name of the entity being tagged'
             ])
@@ -86,4 +86,4 @@ class TagSystem extends AbstractMigration
         $tagged->addIndex(['tag_id', 'fk_id', 'fk_model'], ['unique' => true])
             ->update();
     }
-}
\ No newline at end of file
+}

From f774f68ede3c84b566cbb64699898125c54c03a5 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Tue, 11 Jan 2022 12:33:34 +0100
Subject: [PATCH 103/150] add: add api tests for tags and orgs, extend openapi
 spec, fix routes for tags plugin

---
 config/routes.php                             |  15 +-
 tests/Fixture/TagsTaggedsFixture.php          |  40 ++++
 tests/Fixture/TagsTagsFixture.php             |  87 ++++++++
 .../DeleteOrganisationApiTest.php             |  59 ++++++
 .../IndexOrganisationsApiTest.php             |  45 ++++
 .../Organisations/TagOrganisationApiTest.php  |  86 ++++++++
 .../UntagOrganisationApiTest.php              |  86 ++++++++
 tests/TestCase/Api/Tags/IndexTagsApiTest.php  |  47 +++++
 tests/TestCase/Api/Users/EditUserApiTest.php  |   1 -
 webroot/docs/openapi.yaml                     | 194 +++++++++++++++++-
 10 files changed, 657 insertions(+), 3 deletions(-)
 create mode 100644 tests/Fixture/TagsTaggedsFixture.php
 create mode 100644 tests/Fixture/TagsTagsFixture.php
 create mode 100644 tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
 create mode 100644 tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
 create mode 100644 tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
 create mode 100644 tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
 create mode 100644 tests/TestCase/Api/Tags/IndexTagsApiTest.php

diff --git a/config/routes.php b/config/routes.php
index e467725..d51121a 100644
--- a/config/routes.php
+++ b/config/routes.php
@@ -101,5 +101,18 @@ $routes->scope('/api', function (RouteBuilder $routes) {
 
         // Generic API route
         $routes->connect('/{controller}/{action}/*');
+
+        // Tags plugin routes
+        $routes->plugin(
+            'tags',
+            ['path' => '/tags'],
+            function ($routes) {
+                $routes->setRouteClass(DashedRoute::class);
+                $routes->connect(
+                    '/{action}/*',
+                    ['controller' => 'Tags']
+                );
+            }
+        );
     });
-});
\ No newline at end of file
+});
diff --git a/tests/Fixture/TagsTaggedsFixture.php b/tests/Fixture/TagsTaggedsFixture.php
new file mode 100644
index 0000000..e2bf70f
--- /dev/null
+++ b/tests/Fixture/TagsTaggedsFixture.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+
+class TagsTaggedsFixture extends TestFixture
+{
+    public $connection = 'test';
+    public $table = 'tags_tagged';
+
+    public const TAG_RED_ID = 1;
+    public const TAG_GREEN_ID = 2;
+    public const TAG_BLUE_ID = 3;
+
+    public function init(): void
+    {
+        $faker = \Faker\Factory::create();
+
+        $this->records = [
+            [
+                'tag_id' => TagsTagsFixture::TAG_ORG_A_ID,
+                'fk_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'fk_model' => 'Organisations',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'tag_id' => TagsTagsFixture::TAG_ORG_B_ID,
+                'fk_id' => OrganisationsFixture::ORGANISATION_B_ID,
+                'fk_model' => 'Organisations',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/Fixture/TagsTagsFixture.php b/tests/Fixture/TagsTagsFixture.php
new file mode 100644
index 0000000..002bc9e
--- /dev/null
+++ b/tests/Fixture/TagsTagsFixture.php
@@ -0,0 +1,87 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+
+class TagsTagsFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public const TAG_RED_ID = 1;
+    public const TAG_GREEN_ID = 2;
+    public const TAG_BLUE_ID = 3;
+    public const TAG_ORG_A_ID = 4;
+    public const TAG_ORG_B_ID = 5;
+
+    public function init(): void
+    {
+        $faker = \Faker\Factory::create();
+
+        $this->records = [
+            [
+                'id' => self::TAG_RED_ID,
+                'name' => 'red',
+                'namespace' => null,
+                'predicate' => null,
+                'value' => null,
+                'colour' => 'FF0000',
+                'counter' => 0,
+                'text_colour' => 'red',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::TAG_GREEN_ID,
+                'name' => 'green',
+                'namespace' => null,
+                'predicate' => null,
+                'value' => null,
+                'colour' => '00FF00',
+                'counter' => 0,
+                'text_colour' => 'green',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::TAG_BLUE_ID,
+                'name' => 'blue',
+                'namespace' => null,
+                'predicate' => null,
+                'value' => null,
+                'colour' => '0000FF',
+                'counter' => 0,
+                'text_colour' => 'blue',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::TAG_ORG_A_ID,
+                'name' => 'org-a',
+                'namespace' => null,
+                'predicate' => null,
+                'value' => null,
+                'colour' => '000000',
+                'counter' => 0,
+                'text_colour' => 'black',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::TAG_ORG_B_ID,
+                'name' => 'org-b',
+                'namespace' => null,
+                'predicate' => null,
+                'value' => null,
+                'colour' => '000000',
+                'counter' => 0,
+                'text_colour' => 'black',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ]
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
new file mode 100644
index 0000000..9840faf
--- /dev/null
+++ b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
@@ -0,0 +1,59 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class DeleteOrganisationApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/organisations/delete';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testDeleteOrganisation(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_B_ID);
+        $this->delete($url);
+
+        $this->assertResponseOk();
+        $this->assertDbRecordNotExists('Organisations', ['id' => OrganisationsFixture::ORGANISATION_B_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+
+    public function testDeleteOrganisationNotAllowedToRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_B_ID);
+        $this->delete($url);
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordExists('Organisations', ['id' => OrganisationsFixture::ORGANISATION_B_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+}
diff --git a/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php b/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
new file mode 100644
index 0000000..ba7c255
--- /dev/null
+++ b/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class IndexOrganisationApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/organisations/index';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testIndexOrganisations(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', OrganisationsFixture::ORGANISATION_A_ID));
+        $this->assertResponseContains(sprintf('"id": %d', OrganisationsFixture::ORGANISATION_B_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+    }
+}
diff --git a/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
new file mode 100644
index 0000000..e23fcbc
--- /dev/null
+++ b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
@@ -0,0 +1,86 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\TagsTagsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class TagOrganisationApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/organisations/tag';
+
+    protected $fixtures = [
+        'app.TagsTags',
+        'app.Organisations',
+        'app.TagsTaggeds',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testTagOrganisation(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_A_ID);
+        $this->post(
+            $url,
+            [
+                'tag_list' => "[\"red\"]"
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertDbRecordExists(
+            'TagsTagged',
+            [
+                'tag_id' => TagsTagsFixture::TAG_RED_ID,
+                'fk_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'fk_model' => 'Organisations'
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'post');
+    }
+
+    public function testTagOrganisationNotAllowedToRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_A_ID);
+        $this->post(
+            $url,
+            [
+                'tag_list' => "[\"green\"]"
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists(
+            'TagsTagged',
+            [
+                'tag_id' => TagsTagsFixture::TAG_GREEN_ID,
+                'fk_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'fk_model' => 'Organisations'
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
new file mode 100644
index 0000000..0c23ca4
--- /dev/null
+++ b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
@@ -0,0 +1,86 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\TagsTagsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class UntagOrganisationApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/organisations/untag';
+
+    protected $fixtures = [
+        'app.TagsTags',
+        'app.Organisations',
+        'app.TagsTaggeds',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testUntagOrganisation(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_A_ID);
+        $this->post(
+            $url,
+            [
+                'tag_list' => "[\"org-a\"]"
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertDbRecordNotExists(
+            'TagsTagged',
+            [
+                'tag_id' => TagsTagsFixture::TAG_ORG_A_ID,
+                'fk_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'fk_model' => 'Organisations'
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'post');
+    }
+
+    public function testUntagOrganisationNotAllowedToRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_A_ID);
+        $this->post(
+            $url,
+            [
+                'tag_list' => "[\"org-a\"]"
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordExists(
+            'TagsTagged',
+            [
+                'tag_id' => TagsTagsFixture::TAG_ORG_A_ID,
+                'fk_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'fk_model' => 'Organisations'
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/Tags/IndexTagsApiTest.php b/tests/TestCase/Api/Tags/IndexTagsApiTest.php
new file mode 100644
index 0000000..137151f
--- /dev/null
+++ b/tests/TestCase/Api/Tags/IndexTagsApiTest.php
@@ -0,0 +1,47 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class IndexTagsApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/tags/index';
+
+    protected $fixtures = [
+        'app.TagsTags',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testIndexTags(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+
+        $this->assertResponseOk();
+        $this->assertResponseContains('"name": "red"');
+        $this->assertResponseContains('"name": "green"');
+        $this->assertResponseContains('"name": "blue"');
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+    }
+}
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
index 5ac568a..6154c00 100644
--- a/tests/TestCase/Api/Users/EditUserApiTest.php
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -8,7 +8,6 @@ use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
-use App\Test\Fixture\OrganisationsFixture;
 use App\Test\Fixture\RolesFixture;
 use App\Test\Helper\ApiTestTrait;
 
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index a2a161e..f76a861 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -13,6 +13,8 @@ tags:
     description: "Users enrolled in this Cerebrate instance."
   - name: Organisations
     description: "Organisations can be equivalent to legal entities or specific individual teams within such entities. Their purpose is to relate individuals to their affiliations and for release control of information using the Trust Circles."
+  - name: Tags
+    description: "Tags can be attached to entity to quickly classify them, allowing further filtering and searches."
 
 paths:
   /api/v1/users/index:
@@ -177,6 +179,96 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/organisations/index:
+    get:
+      summary: "Get organisations"
+      operationId: getOrganisations
+      tags:
+        - Organisations
+      responses:
+        "200":
+          $ref: "#/components/responses/OrganisationListResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/organisations/delete/{organisationId}:
+    delete:
+      summary: "Delete organisation by ID"
+      operationId: deleteOrganisationById
+      tags:
+        - Organisations
+      parameters:
+        - $ref: "#/components/parameters/organisationId"
+      responses:
+        "200":
+          $ref: "#/components/responses/OrganisationResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/organisations/tag/{organisationId}:
+    post:
+      summary: "Tag organisation by ID"
+      operationId: tagOrganisationById
+      tags:
+        - Organisations
+      parameters:
+        - $ref: "#/components/parameters/organisationId"
+      requestBody:
+        $ref: "#/components/requestBodies/TagOrganisationRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/OrganisationResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/organisations/untag/{organisationId}:
+    post:
+      summary: "Remove organisation tag by ID"
+      operationId: untagOrganisationById
+      tags:
+        - Organisations
+      parameters:
+        - $ref: "#/components/parameters/organisationId"
+      requestBody:
+        $ref: "#/components/requestBodies/UntagOrganisationRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/OrganisationResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/tags/index:
+    get:
+      summary: "Get tags list"
+      operationId: getTags
+      tags:
+        - Tags
+      responses:
+        "200":
+          $ref: "#/components/responses/TagListResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
 components:
   schemas:
     # General
@@ -281,9 +373,60 @@ components:
         aligments:
           $ref: "#/components/schemas/AligmentList"
 
+    OrganisationList:
+      type: array
+      items:
+        $ref: "#/components/schemas/Organisation"
+
     # Tags
+    TagName:
+      type: string
+      example: "white"
+
+    TagNamespace:
+      type: string
+      nullable: true
+      example: "tlp"
+
+    TagPredicate:
+      type: string
+      nullable: true
+
+    TagValue:
+      type: string
+      nullable: true
+
+    TagColour:
+      type: string
+      example: "FFFFFF"
+
+    TagTextColour:
+      type: string
+      example: "white"
+
     Tag:
       type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        name:
+          $ref: "#/components/schemas/TagName"
+        namespace:
+          $ref: "#/components/schemas/TagNamespace"
+        predicate:
+          $ref: "#/components/schemas/TagPredicate"
+        value:
+          $ref: "#/components/schemas/TagValue"
+        colour:
+          $ref: "#/components/schemas/TagColour"
+        text_colour:
+          $ref: "#/components/schemas/TagTextColour"
+        counter:
+          type: integer
+        created:
+          $ref: "#/components/schemas/DateTime"
+        modified:
+          $ref: "#/components/schemas/DateTime"
 
     TagList:
       type: array
@@ -417,6 +560,7 @@ components:
             Authorization: YOUR_API_KEY
 
   requestBodies:
+    # Users
     AddUserRequest:
       required: true
       content:
@@ -457,6 +601,7 @@ components:
               password:
                 type: string
 
+    # Organisations
     AddOrganisationRequest:
       required: true
       content:
@@ -501,8 +646,32 @@ components:
               contacts:
                 $ref: "#/components/schemas/OrganisationContacts"
 
+    TagOrganisationRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              tag_list:
+                type: string
+                description: "Stringified JSON array of the tag names to add."
+                example: '["red"]'
+
+    UntagOrganisationRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              tag_list:
+                type: string
+                description: "Stringified JSON array of the tag names to remove."
+                example: '["red"]'
+
   responses:
-    # User
+    # Users
     UserResponse:
       description: "User response"
       content:
@@ -517,6 +686,7 @@ components:
           schema:
             $ref: "#/components/schemas/UserList"
 
+    # Organisations
     OrganisationResponse:
       description: "Organisation response"
       content:
@@ -524,6 +694,28 @@ components:
           schema:
             $ref: "#/components/schemas/Organisation"
 
+    OrganisationListResponse:
+      description: "Organisations list response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/OrganisationList"
+
+    # Tags
+    TagResponse:
+      description: "Tag response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/Tag"
+
+    TagListResponse:
+      description: "Tags list response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/TagList"
+
     # Errors
     ApiErrorResponse:
       description: "Unexpected API error"

From 5906f6d2c768cf77d7fac45488a66fbc7dec554f Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Tue, 11 Jan 2022 17:17:04 +0100
Subject: [PATCH 104/150] add: add individuals api tests and extend openapi
 spec

---
 tests/Fixture/IndividualsFixture.php          |  18 +-
 tests/Fixture/OrganisationsFixture.php        |   3 -
 .../Api/Individuals/AddIndividualApiTest.php  |  71 ++++++
 .../Individuals/DeleteIndividualApiTest.php   |  59 +++++
 .../Api/Individuals/EditIndividualApiTest.php |  73 ++++++
 .../Individuals/IndexIndividualsApiTest.php   |  44 ++++
 .../Organisations/AddOrganisationApiTest.php  |   2 +-
 .../DeleteOrganisationApiTest.php             |   2 +-
 .../Organisations/EditOrganisationApiTest.php |   2 +-
 .../Organisations/TagOrganisationApiTest.php  |   2 +-
 .../UntagOrganisationApiTest.php              |   2 +-
 .../Organisations/ViewOrganisationApiTest.php |  48 ++++
 tests/TestCase/Api/Users/AddUserApiTest.php   |   2 +-
 .../TestCase/Api/Users/DeleteUserApiTest.php  |   2 +-
 tests/TestCase/Api/Users/EditUserApiTest.php  |   2 +-
 webroot/docs/openapi.yaml                     | 225 +++++++++++++++++-
 16 files changed, 537 insertions(+), 20 deletions(-)
 create mode 100644 tests/TestCase/Api/Individuals/AddIndividualApiTest.php
 create mode 100644 tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
 create mode 100644 tests/TestCase/Api/Individuals/EditIndividualApiTest.php
 create mode 100644 tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
 create mode 100644 tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php

diff --git a/tests/Fixture/IndividualsFixture.php b/tests/Fixture/IndividualsFixture.php
index 9c96f8b..13aecdf 100644
--- a/tests/Fixture/IndividualsFixture.php
+++ b/tests/Fixture/IndividualsFixture.php
@@ -10,17 +10,11 @@ class IndividualsFixture extends TestFixture
 {
     public $connection = 'test';
 
-    // Admin individual
     public const INDIVIDUAL_ADMIN_ID = 1;
-
-    // Sync individual
     public const INDIVIDUAL_SYNC_ID = 2;
-
-    // Org Admin individual
     public const INDIVIDUAL_ORG_ADMIN_ID = 3;
-
-    // Regular User individual
     public const INDIVIDUAL_REGULAR_USER_ID = 4;
+    public const INDIVIDUAL_A_ID = 5;
 
     public function init(): void
     {
@@ -66,6 +60,16 @@ class IndividualsFixture extends TestFixture
                 'position' => 'user',
                 'created' => $faker->dateTime()->getTimestamp(),
                 'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::INDIVIDUAL_A_ID,
+                'uuid' => $faker->uuid(),
+                'email' => $faker->email(),
+                'first_name' => $faker->firstName,
+                'last_name' => $faker->lastName,
+                'position' => 'user',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
             ]
         ];
         parent::init();
diff --git a/tests/Fixture/OrganisationsFixture.php b/tests/Fixture/OrganisationsFixture.php
index d8b81f9..7b7439e 100644
--- a/tests/Fixture/OrganisationsFixture.php
+++ b/tests/Fixture/OrganisationsFixture.php
@@ -11,10 +11,7 @@ class OrganisationsFixture extends TestFixture
 {
     public $connection = 'test';
 
-    // Organisation A
     public const ORGANISATION_A_ID = 1;
-
-    // Organisation B
     public const ORGANISATION_B_ID = 2;
 
     public function init(): void
diff --git a/tests/TestCase/Api/Individuals/AddIndividualApiTest.php b/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
new file mode 100644
index 0000000..64855e8
--- /dev/null
+++ b/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
@@ -0,0 +1,71 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class AddIndividualApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/individuals/add';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testAddIndividual(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->post(
+            self::ENDPOINT,
+            [
+                'email' => 'john@example.com',
+                'first_name' => 'John',
+                'last_name' => 'Doe',
+                'position' => 'Security Analyst'
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertResponseContains('"email": "john@example.com"');
+        $this->assertDbRecordExists('Individuals', ['email' => 'john@example.com']);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+
+    public function testAddUserNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $this->post(
+            self::ENDPOINT,
+            [
+                'email' => 'john@example.com',
+                'first_name' => 'John',
+                'last_name' => 'Doe',
+                'position' => 'Security Analyst'
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists('Individuals', ['email' => 'john@example.com']);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
new file mode 100644
index 0000000..c493c4b
--- /dev/null
+++ b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
@@ -0,0 +1,59 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\IndividualsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class DeleteIndividualApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/individuals/delete';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testDeleteIndividual(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, IndividualsFixture::INDIVIDUAL_A_ID);
+        $this->delete($url);
+
+        $this->assertResponseOk();
+        $this->assertDbRecordNotExists('Individuals', ['id' => IndividualsFixture::INDIVIDUAL_A_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+
+    public function testDeleteIndividualNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, IndividualsFixture::INDIVIDUAL_ADMIN_ID);
+        $this->delete($url);
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordExists('Individuals', ['id' => IndividualsFixture::INDIVIDUAL_ADMIN_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+}
diff --git a/tests/TestCase/Api/Individuals/EditIndividualApiTest.php b/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
new file mode 100644
index 0000000..fcef7fd
--- /dev/null
+++ b/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
@@ -0,0 +1,73 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\IndividualsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class EditIndividualApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/individuals/edit';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testEditIndividualAsAdmin(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, IndividualsFixture::INDIVIDUAL_REGULAR_USER_ID);
+        $this->put(
+            $url,
+            [
+                'email' => 'foo@bar.com',
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertDbRecordExists('Individuals', [
+            'id' => IndividualsFixture::INDIVIDUAL_REGULAR_USER_ID,
+            'email' => 'foo@bar.com'
+        ]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+
+    public function testEditAnyIndividualNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, IndividualsFixture::INDIVIDUAL_ADMIN_ID);
+        $this->put(
+            $url,
+            [
+                'email' => 'foo@bar.com',
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists('Individuals', [
+            'id' => IndividualsFixture::INDIVIDUAL_ADMIN_ID,
+            'email' => 'foo@bar.com'
+        ]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+}
diff --git a/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php b/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
new file mode 100644
index 0000000..55f6be1
--- /dev/null
+++ b/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\IndividualsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class IndexIndividualsApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/individuals/index';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testIndexIndividuals(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', IndividualsFixture::INDIVIDUAL_ADMIN_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+    }
+}
diff --git a/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
index 4f43a09..a3f2585 100644
--- a/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
@@ -57,7 +57,7 @@ class AddOrganisationApiTest extends TestCase
         $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 
-    public function testAddOrganisationNotAllowedToRegularUser(): void
+    public function testAddOrganisationNotAllowedAsRegularUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
 
diff --git a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
index 9840faf..e16f57b 100644
--- a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
@@ -44,7 +44,7 @@ class DeleteOrganisationApiTest extends TestCase
         $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 
-    public function testDeleteOrganisationNotAllowedToRegularUser(): void
+    public function testDeleteOrganisationNotAllowedAsRegularUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
         $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_B_ID);
diff --git a/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
index 61b2cab..d9cc7c6 100644
--- a/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
@@ -55,7 +55,7 @@ class EditOrganisationApiTest extends TestCase
         $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 
-    public function testEditOrganisationNotAllowedToRegularUser(): void
+    public function testEditOrganisationNotAllowedAsRegularUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
 
diff --git a/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
index e23fcbc..ed74c74 100644
--- a/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
@@ -59,7 +59,7 @@ class TagOrganisationApiTest extends TestCase
         $this->assertResponseMatchesOpenApiSpec($url, 'post');
     }
 
-    public function testTagOrganisationNotAllowedToRegularUser(): void
+    public function testTagOrganisationNotAllowedAsRegularUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
 
diff --git a/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
index 0c23ca4..c8878d6 100644
--- a/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
@@ -59,7 +59,7 @@ class UntagOrganisationApiTest extends TestCase
         $this->assertResponseMatchesOpenApiSpec($url, 'post');
     }
 
-    public function testUntagOrganisationNotAllowedToRegularUser(): void
+    public function testUntagOrganisationNotAllowedAsRegularUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
 
diff --git a/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php b/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
new file mode 100644
index 0000000..630fd92
--- /dev/null
+++ b/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class ViewOrganisationApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/organisations/view';
+
+    protected $fixtures = [
+        'app.TagsTags',
+        'app.Organisations',
+        'app.TagsTaggeds',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testViewOrganisationById(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, OrganisationsFixture::ORGANISATION_A_ID);
+        $this->get($url);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains('"name": "Organisation A"');
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url);
+    }
+}
diff --git a/tests/TestCase/Api/Users/AddUserApiTest.php b/tests/TestCase/Api/Users/AddUserApiTest.php
index 2d23f2a..e60cf3a 100644
--- a/tests/TestCase/Api/Users/AddUserApiTest.php
+++ b/tests/TestCase/Api/Users/AddUserApiTest.php
@@ -55,7 +55,7 @@ class AddUserApiTest extends TestCase
         $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 
-    public function testAddUserNotAllowedToRegularUser(): void
+    public function testAddUserNotAllowedAsRegularUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
         $this->post(
diff --git a/tests/TestCase/Api/Users/DeleteUserApiTest.php b/tests/TestCase/Api/Users/DeleteUserApiTest.php
index 47a0580..69bd87c 100644
--- a/tests/TestCase/Api/Users/DeleteUserApiTest.php
+++ b/tests/TestCase/Api/Users/DeleteUserApiTest.php
@@ -46,7 +46,7 @@ class DeleteUserApiTest extends TestCase
         $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 
-    public function testDeleteUserNotAllowedToRegularUser(): void
+    public function testDeleteUserNotAllowedAsRegularUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
         $url = sprintf('%s/%d', self::ENDPOINT, UsersFixture::USER_ORG_ADMIN_ID);
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
index 6154c00..a8afa11 100644
--- a/tests/TestCase/Api/Users/EditUserApiTest.php
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -53,7 +53,7 @@ class EditUserApiTest extends TestCase
         $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 
-    public function testEditRoleNotAllowedToRegularUser(): void
+    public function testEditRoleNotAllowedAsRegularUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
         $this->put(
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index f76a861..d74ad68 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -9,6 +9,8 @@ servers:
   - url: https://cerebrate.local
 
 tags:
+  - name: Individuals
+    description: "Individuals are natural persons. They are meant to describe the basic information about an individual that may or may not be a user of this community. Users in genral require an individual object to identify the person behind them - however, no user account is required to store information about an individual. Individuals can have affiliations to organisations and broods as well as cryptographic keys, using which their messages can be verified and which can be used to securely contact them."
   - name: Users
     description: "Users enrolled in this Cerebrate instance."
   - name: Organisations
@@ -17,12 +19,88 @@ tags:
     description: "Tags can be attached to entity to quickly classify them, allowing further filtering and searches."
 
 paths:
+  /api/v1/individuals/index:
+    get:
+      summary: "Get individuals list"
+      operationId: getIndividuals
+      tags:
+        - Individuals
+      parameters:
+        - $ref: "#/components/parameters/quickFilter"
+      responses:
+        "200":
+          $ref: "#/components/responses/IndividualListResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/individuals/add:
+    post:
+      summary: "Add individual"
+      operationId: addIndividual
+      tags:
+        - Users
+      requestBody:
+        $ref: "#/components/requestBodies/AddIndividualRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/IndividualResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/individuals/edit/{individualId}:
+    put:
+      summary: "Edit individual"
+      operationId: editIndividual
+      tags:
+        - Individuals
+      parameters:
+        - $ref: "#/components/parameters/individualId"
+      requestBody:
+        $ref: "#/components/requestBodies/EditIndividualRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/IndividualResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/individuals/delete/{individualId}:
+    delete:
+      summary: "Delete individual by ID"
+      operationId: deleteIndividualById
+      tags:
+        - Individuals
+      parameters:
+        - $ref: "#/components/parameters/individualId"
+      responses:
+        "200":
+          $ref: "#/components/responses/IndividualResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
   /api/v1/users/index:
     get:
       summary: "Get users list"
       operationId: getUsers
       tags:
         - Users
+      parameters:
+        - $ref: "#/components/parameters/quickFilter"
       responses:
         "200":
           $ref: "#/components/responses/UserListResponse"
@@ -185,6 +263,8 @@ paths:
       operationId: getOrganisations
       tags:
         - Organisations
+      parameters:
+        - $ref: "#/components/parameters/quickFilter"
       responses:
         "200":
           $ref: "#/components/responses/OrganisationListResponse"
@@ -195,6 +275,24 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/organisations/view/{organisationId}:
+    get:
+      summary: "View organisation by ID"
+      operationId: getOrganisationById
+      tags:
+        - Organisations
+      parameters:
+        - $ref: "#/components/parameters/organisationId"
+      responses:
+        "200":
+          $ref: "#/components/responses/OrganisationResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
   /api/v1/organisations/delete/{organisationId}:
     delete:
       summary: "Delete organisation by ID"
@@ -259,6 +357,8 @@ paths:
       operationId: getTags
       tags:
         - Tags
+      parameters:
+        - $ref: "#/components/parameters/quickFilter"
       responses:
         "200":
           $ref: "#/components/responses/TagListResponse"
@@ -288,11 +388,64 @@ components:
       format: datetime
       example: "2022-01-05T11:19:26+00:00"
 
+    Email:
+      type: string
+      format: email
+      example: "user@example.com"
+
+    # Individuals
+    IndividualFirstName:
+      type: string
+      example: "John"
+
+    IndividualLastName:
+      type: string
+      example: "Doe"
+
+    IndividualFullName:
+      type: string
+      example: "John Doe"
+
+    IndividualPosition:
+      type: string
+      example: "Security Analyst"
+
+    Individual:
+      type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        uuid:
+          $ref: "#/components/schemas/UUID"
+        email:
+          $ref: "#/components/schemas/Email"
+        first_name:
+          $ref: "#/components/schemas/IndividualFirstName"
+        last_name:
+          $ref: "#/components/schemas/IndividualLastName"
+        full_name:
+          $ref: "#/components/schemas/IndividualFullName"
+        position:
+          $ref: "#/components/schemas/IndividualPosition"
+        tags:
+          $ref: "#/components/schemas/TagList"
+        aligments:
+          $ref: "#/components/schemas/AligmentList"
+        created:
+          $ref: "#/components/schemas/DateTime"
+        modified:
+          $ref: "#/components/schemas/DateTime"
+
     # Users
     Username:
       type: string
       example: "admin"
 
+    IndividualList:
+      type: array
+      items:
+        $ref: "#/components/schemas/Individual"
+
     User:
       type: object
       properties:
@@ -320,8 +473,6 @@ components:
       items:
         $ref: "#/components/schemas/User"
 
-    # Individuals
-
     # Organisations
     OrganisationName:
       type: string
@@ -533,6 +684,14 @@ components:
           example: 404
 
   parameters:
+    individualId:
+      name: userId
+      in: path
+      description: "Numeric ID of the User"
+      required: true
+      schema:
+        $ref: "#/components/schemas/ID"
+
     userId:
       name: userId
       in: path
@@ -549,6 +708,14 @@ components:
       schema:
         $ref: "#/components/schemas/ID"
 
+    quickFilter:
+      name: quickFilter
+      in: query
+      description: "Quick filter used to match multiple attributes such as name, description, emails, etc."
+      schema:
+        type: string
+        example: "user@example.com"
+
   securitySchemes:
     ApiKeyAuth:
       type: apiKey
@@ -560,6 +727,43 @@ components:
             Authorization: YOUR_API_KEY
 
   requestBodies:
+    # Individuals
+    AddIndividualRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              email:
+                $ref: "#/components/schemas/IndividualLastName"
+              first_name:
+                $ref: "#/components/schemas/IndividualFirstName"
+              last_name:
+                type: boolean
+              position:
+                $ref: "#/components/schemas/IndividualPosition"
+
+    EditIndividualRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              email:
+                $ref: "#/components/schemas/IndividualLastName"
+              first_name:
+                $ref: "#/components/schemas/IndividualFirstName"
+              last_name:
+                type: boolean
+              position:
+                $ref: "#/components/schemas/IndividualPosition"
+
     # Users
     AddUserRequest:
       required: true
@@ -588,6 +792,8 @@ components:
           schema:
             type: object
             properties:
+              id:
+                $ref: "#/components/schemas/ID"
               individual_id:
                 $ref: "#/components/schemas/ID"
               organisation_id:
@@ -671,6 +877,21 @@ components:
                 example: '["red"]'
 
   responses:
+    # Individuals
+    IndividualResponse:
+      description: "Individual response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/Individual"
+
+    IndividualListResponse:
+      description: "Individuals list response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/IndividualList"
+
     # Users
     UserResponse:
       description: "User response"

From 204c60f739e32364cdd2cdcbcb2e5ddfd3569358 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 12 Jan 2022 10:31:06 +0100
Subject: [PATCH 105/150] fix: [ACL] fixed ACL check on user edit for the admin
 permission

- invalid name used for the lookup (perm_side_admin instead of perm_admin) leading to incorrect downgrading of the permissions
---
 src/Controller/AppController.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
index 4d41bac..0bb2373 100644
--- a/src/Controller/AppController.php
+++ b/src/Controller/AppController.php
@@ -54,7 +54,6 @@ class AppController extends Controller
     public function initialize(): void
     {
         parent::initialize();
-
         $this->loadComponent('RequestHandler');
         $this->loadComponent('Flash');
         $this->loadComponent('RestResponse');

From 87723c2100fe36232fa52a9b9f296a76c99e9524 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 12 Jan 2022 10:32:47 +0100
Subject: [PATCH 106/150] fix: [ACL] added correct file for previous fix (user
 edit admin permission check)

---
 src/Controller/UsersController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 6331d7b..36a69cf 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -97,7 +97,7 @@ class UsersController extends AppController
     public function edit($id = false)
     {
         $currentUser = $this->ACL->getUser();
-        if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_site_admin']))) {
+        if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
             $id = $currentUser['id'];
         }
 

From c8fd8f4a62674cd64d16019558bc37e9b34e76c9 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Thu, 13 Jan 2022 16:34:43 +0100
Subject: [PATCH 107/150] add: add basic api coverage of inbox processor
 endpoint, extend openapi spec

---
 tests/Fixture/InboxFixture.php                |  61 ++++++
 .../Api/Inbox/CreateInboxEntryApiTest.php     |  82 +++++++
 .../TestCase/Api/Inbox/IndexInboxApiTest.php  |  46 ++++
 webroot/docs/openapi.yaml                     | 203 +++++++++++++++++-
 4 files changed, 391 insertions(+), 1 deletion(-)
 create mode 100644 tests/Fixture/InboxFixture.php
 create mode 100644 tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
 create mode 100644 tests/TestCase/Api/Inbox/IndexInboxApiTest.php

diff --git a/tests/Fixture/InboxFixture.php b/tests/Fixture/InboxFixture.php
new file mode 100644
index 0000000..40303b2
--- /dev/null
+++ b/tests/Fixture/InboxFixture.php
@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+
+class InboxFixture extends TestFixture
+{
+    public $connection = 'test';
+    public $table = 'inbox';
+
+    public const INBOX_USER_REGISTRATION_ID = 1;
+    public const INBOX_INCOMING_CONNECTION_REQUEST_ID = 2;
+
+    public function init(): void
+    {
+        $faker = \Faker\Factory::create();
+
+        $this->records = [
+            [
+                'id' => self::INBOX_USER_REGISTRATION_ID,
+                'uuid' => $faker->uuid(),
+                'scope' => 'User',
+                'action' => 'Registration',
+                'title' => 'User account creation requested for foo@bar.com',
+                'origin' => '::1',
+                'comment' => null,
+                'description' => 'Handle user account for this cerebrate instance',
+                'user_id' => UsersFixture::USER_ADMIN_ID,
+                'data' => [
+                    'email' => 'foo@bar.com',
+                    'password' => '$2y$10$dr5C0MWgBx1723yyws0HPudTqHz4k8wJ1PQ1ApVkNuH64LuZAr\/ve',
+                ],
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::INBOX_INCOMING_CONNECTION_REQUEST_ID,
+                'uuid' => $faker->uuid(),
+                'scope' => 'LocalTool',
+                'action' => 'IncomingConnectionRequest',
+                'title' => 'Request for MISP Inter-connection',
+                'origin' => 'http://127.0.0.1',
+                'comment' => null,
+                'description' => 'Handle Phase I of inter-connection when another cerebrate instance performs the request.',
+                'user_id' => UsersFixture::USER_ORG_ADMIN_ID,
+                'data' => [
+                    'connectorName' => 'MispConnector',
+                    'cerebrateURL' => 'http://127.0.0.1',
+                    'local_tool_id' => 1,
+                    'remote_tool_id' => 1,
+                ],
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php b/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
new file mode 100644
index 0000000..30a44c2
--- /dev/null
+++ b/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class CreateInboxEntryApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/inbox/createEntry';
+
+    protected $fixtures = [
+        'app.Inbox',
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testAddUserRegistrationInbox(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        // to avoid $this->request->clientIp() to return null
+        $_SERVER['REMOTE_ADDR'] = '::1';
+
+        $url = sprintf("%s/%s/%s", self::ENDPOINT, 'User', 'Registration');
+        $this->post(
+            $url,
+            [
+                'email' => 'john@example.com',
+                'password' => 'Password12345!'
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertResponseContains('"email": "john@example.com"');
+        $this->assertDbRecordExists(
+            'Inbox',
+            [
+                'id' => 3, // hacky, but `data` is json string cannot verify the value because of the hashed password
+                'scope' => 'User',
+                'action' => 'Registration',
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'post');
+    }
+
+    public function testAddUserRegistrationInboxNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $url = sprintf("%s/%s/%s", self::ENDPOINT, 'User', 'Registration');
+        $this->post(
+            $url,
+            [
+                'email' => 'john@example.com',
+                'password' => 'Password12345!'
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists('Inbox', ['id' => 3]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/Inbox/IndexInboxApiTest.php b/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
new file mode 100644
index 0000000..00c2cfd
--- /dev/null
+++ b/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\InboxFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class IndexInboxApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/inbox/index';
+
+    protected $fixtures = [
+        'app.Inbox',
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testIndexInbox(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', InboxFixture::INBOX_USER_REGISTRATION_ID));
+        $this->assertResponseContains(sprintf('"id": %d', InboxFixture::INBOX_INCOMING_CONNECTION_REQUEST_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+    }
+}
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index d74ad68..59a0ecf 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -17,6 +17,8 @@ tags:
     description: "Organisations can be equivalent to legal entities or specific individual teams within such entities. Their purpose is to relate individuals to their affiliations and for release control of information using the Trust Circles."
   - name: Tags
     description: "Tags can be attached to entity to quickly classify them, allowing further filtering and searches."
+  - name: Inbox
+    description: "Inbox messages represent A list of requests to be manually processed."
 
 paths:
   /api/v1/individuals/index:
@@ -369,6 +371,42 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/inbox/index:
+    get:
+      summary: "Get inbox list"
+      operationId: getinbox
+      tags:
+        - Inbox
+      parameters:
+        - $ref: "#/components/parameters/quickFilter"
+      responses:
+        "200":
+          $ref: "#/components/responses/InboxListResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/inbox/createEntry/User/Registration:
+    post:
+      summary: "Create user registration inbox entry"
+      operationId: createInboxEntry
+      tags:
+        - Inbox
+      requestBody:
+        $ref: "#/components/requestBodies/CreateUserRegistrationInboxEntryRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/CreateUserRegistrationInboxEntryResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
 components:
   schemas:
     # General
@@ -615,6 +653,109 @@ components:
         perm_org_admin:
           type: boolean
 
+    # Inbox
+    InboxScope:
+      type: string
+      enum:
+        - "User"
+        - "LocalTool"
+
+    InboxAction:
+      type: string
+      enum:
+        - "Registration"
+        - "IncomingConnectionRequest"
+        - "AcceptedRequest"
+        - "DeclinedRequest"
+
+    InboxTitle:
+      type: string
+
+    InboxOrigin:
+      type: string
+
+    InboxComment:
+      type: string
+      nullable: true
+
+    InboxDescription:
+      type: string
+      nullable: true
+
+    Inbox:
+      type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        uuid:
+          $ref: "#/components/schemas/UUID"
+        scope:
+          $ref: "#/components/schemas/InboxScope"
+        action:
+          $ref: "#/components/schemas/InboxAction"
+        title:
+          $ref: "#/components/schemas/InboxTitle"
+        origin:
+          $ref: "#/components/schemas/InboxOrigin"
+        comment:
+          $ref: "#/components/schemas/InboxComment"
+        description:
+          $ref: "#/components/schemas/InboxDescription"
+        user_id:
+          $ref: "#/components/schemas/ID"
+        created:
+          $ref: "#/components/schemas/DateTime"
+        modified:
+          $ref: "#/components/schemas/DateTime"
+
+    UserRegistrationInbox:
+      type: object
+      allOf:
+        - $ref: "#/components/schemas/Inbox"
+        - type: object
+          properties:
+            data:
+              type: object
+              properties:
+                email:
+                  type: string
+                  format: email
+                password:
+                  type: string
+            user:
+              $ref: "#/components/schemas/User"
+            local_tool_connector_name:
+              type: string
+              nullable: true
+
+    IncomingConnectionRequestInbox:
+      type: object
+      allOf:
+        - $ref: "#/components/schemas/Inbox"
+        - type: object
+          properties:
+            data:
+              type: object
+              properties:
+                connectorName:
+                  type: string
+                  enum:
+                    - "MispConnector"
+                cerebrateURL:
+                  type: string
+                  example: "http://192.168.0.1"
+                local_tool_id:
+                  type: integer
+                remote_tool_id:
+                  type: integer
+
+    InboxList:
+      type: array
+      items:
+        anyOf:
+          - $ref: "#/components/schemas/UserRegistrationInbox"
+          - $ref: "#/components/schemas/IncomingConnectionRequestInbox"
+
     # Errors
     ApiError:
       type: object
@@ -685,7 +826,7 @@ components:
 
   parameters:
     individualId:
-      name: userId
+      name: individualId
       in: path
       description: "Numeric ID of the User"
       required: true
@@ -876,6 +1017,20 @@ components:
                 description: "Stringified JSON array of the tag names to remove."
                 example: '["red"]'
 
+    # Inbox
+    CreateUserRegistrationInboxEntryRequest:
+      description: "Create user registration inbox entry request"
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              email:
+                type: string
+                format: email
+              password:
+                type: string
+
   responses:
     # Individuals
     IndividualResponse:
@@ -937,6 +1092,52 @@ components:
           schema:
             $ref: "#/components/schemas/TagList"
 
+    # Inbox
+    UserRegistrationInboxResponse:
+      description: "User registration inbox response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/UserRegistrationInbox"
+
+    IncomingConnectionRequestInboxResponse:
+      description: "Incoming connection request inbox response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/IncomingConnectionRequestInbox"
+
+    InboxListResponse:
+      description: "Inbox list response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/InboxList"
+
+    CreateUserRegistrationInboxEntryResponse:
+      description: "Inbox response"
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              data:
+                allOf:
+                  - $ref: "#/components/schemas/UserRegistrationInbox"
+                  - properties:
+                      local_tool_connector_name:
+                        type: string
+                        nullable: true
+              success:
+                type: boolean
+              message:
+                type: string
+                example: "User account creation requested. Please wait for an admin to approve your account."
+              errors:
+                type: array
+                items:
+                  type: object
+
     # Errors
     ApiErrorResponse:
       description: "Unexpected API error"

From 2d05f9228dcfc4021c610dcd493c408e9b0bfe6b Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Thu, 13 Jan 2022 16:57:05 +0100
Subject: [PATCH 108/150] add: some extra scopes and actions

---
 webroot/docs/openapi.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index 59a0ecf..8cd48f1 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -659,6 +659,9 @@ components:
       enum:
         - "User"
         - "LocalTool"
+        - "Brood"
+        - "Proposal"
+        - "Synchronisation"
 
     InboxAction:
       type: string
@@ -667,6 +670,10 @@ components:
         - "IncomingConnectionRequest"
         - "AcceptedRequest"
         - "DeclinedRequest"
+        - "Synchronisation"
+        - "OneWaySynchronization"
+        - "ProposalEdit"
+        - "DataExchange"
 
     InboxTitle:
       type: string

From fa7316db3f0b5f1dc68be3ae934673ca3c54cd7e Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 14 Jan 2022 14:43:21 +0100
Subject: [PATCH 109/150] add: add sharing groups api tests, extend openapi
 spec

---
 tests/Fixture/SharingGroupsFixture.php        |  50 +++++
 .../Api/Individuals/ViewIndividualApiTest.php |  45 ++++
 .../DeleteSharingGroupApiTest.php             |  60 ++++++
 .../SharingGroups/EditSharingGroupApiTest.php |  83 ++++++++
 .../IndexSharingGroupsApiTest.php             |  46 +++++
 .../SharingGroups/ViewSharingGroupApiTest.php |  46 +++++
 webroot/docs/openapi.yaml                     | 194 +++++++++++++++++-
 7 files changed, 523 insertions(+), 1 deletion(-)
 create mode 100644 tests/Fixture/SharingGroupsFixture.php
 create mode 100644 tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
 create mode 100644 tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
 create mode 100644 tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
 create mode 100644 tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
 create mode 100644 tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php

diff --git a/tests/Fixture/SharingGroupsFixture.php b/tests/Fixture/SharingGroupsFixture.php
new file mode 100644
index 0000000..e12e021
--- /dev/null
+++ b/tests/Fixture/SharingGroupsFixture.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+
+class SharingGroupsFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public const SHARING_GROUP_A_ID = 1;
+    public const SHARING_GROUP_B_ID = 2;
+
+    public function init(): void
+    {
+        $faker = \Faker\Factory::create();
+
+        $this->records = [
+            [
+                'id' => self::SHARING_GROUP_A_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'Sharing Group A',
+                'releasability' => 'Sharing Group A',
+                'description' => 'Sharing Group A description',
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'user_id' => UsersFixture::USER_ADMIN_ID,
+                'active' => true,
+                'local' => true,
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::SHARING_GROUP_B_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'Sharing Group B',
+                'releasability' => 'Sharing Group B',
+                'description' => 'Sharing Group B description',
+                'organisation_id' => OrganisationsFixture::ORGANISATION_B_ID,
+                'user_id' => UsersFixture::USER_ADMIN_ID,
+                'active' => true,
+                'local' => true,
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php b/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
new file mode 100644
index 0000000..4a0d4a4
--- /dev/null
+++ b/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\IndividualsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class ViewIndividualApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/individuals/view';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testViewIndividualById(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, IndividualsFixture::INDIVIDUAL_ADMIN_ID);
+        $this->get($url);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', IndividualsFixture::INDIVIDUAL_ADMIN_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url);
+    }
+}
diff --git a/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
new file mode 100644
index 0000000..8b49f3b
--- /dev/null
+++ b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\SharingGroupsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class DeleteSharingGroupApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/sharingGroups/delete';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.SharingGroups'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testDeleteSharingGroup(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, SharingGroupsFixture::SHARING_GROUP_A_ID);
+        $this->delete($url);
+
+        $this->assertResponseOk();
+        $this->assertDbRecordNotExists('SharingGroups', ['id' => SharingGroupsFixture::SHARING_GROUP_A_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+
+    public function testDeleteSharingGroupNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, SharingGroupsFixture::SHARING_GROUP_A_ID);
+        $this->delete($url);
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordExists('SharingGroups', ['id' => SharingGroupsFixture::SHARING_GROUP_A_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+}
diff --git a/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
new file mode 100644
index 0000000..0cf6f05
--- /dev/null
+++ b/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
@@ -0,0 +1,83 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\SharingGroupsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class EditSharingGroupApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/sharingGroups/edit';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.SharingGroups'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testEditSharingGroup(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, SharingGroupsFixture::SHARING_GROUP_A_ID);
+        $this->put(
+            $url,
+            [
+                'name' => 'Test Sharing Group 4321',
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertDbRecordExists(
+            'SharingGroups',
+            [
+                'id' => SharingGroupsFixture::SHARING_GROUP_A_ID,
+                'name' => 'Test Sharing Group 4321',
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+
+    public function testEditSharingGroupNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, SharingGroupsFixture::SHARING_GROUP_B_ID);
+        $this->put(
+            $url,
+            [
+                'name' => 'Test Sharing Group 1234'
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists(
+            'SharingGroups',
+            [
+                'id' => SharingGroupsFixture::SHARING_GROUP_B_ID,
+                'name' => 'Test Sharing Group 1234'
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+}
diff --git a/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php b/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
new file mode 100644
index 0000000..85779aa
--- /dev/null
+++ b/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\SharingGroupsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class IndexSharingGroupsApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/sharingGroups/index';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.SharingGroups'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testIndexSharingGroups(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', SharingGroupsFixture::SHARING_GROUP_A_ID));
+        $this->assertResponseContains(sprintf('"id": %d', SharingGroupsFixture::SHARING_GROUP_B_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+    }
+}
diff --git a/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
new file mode 100644
index 0000000..5f5e6d1
--- /dev/null
+++ b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\SharingGroupsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class ViewSharingGroupApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/sharingGroups/view';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.SharingGroups'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testVieSharingGroupById(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, SharingGroupsFixture::SHARING_GROUP_A_ID);
+        $this->get($url);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains('"name": "Sharing Group A"');
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url);
+    }
+}
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index 8cd48f1..c8a8c70 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -19,6 +19,8 @@ tags:
     description: "Tags can be attached to entity to quickly classify them, allowing further filtering and searches."
   - name: Inbox
     description: "Inbox messages represent A list of requests to be manually processed."
+  - name: SharingGroups
+    description: "Sharing groups are distribution lists usable by tools that can exchange information with a list of trusted partners. Create recurring or ad hoc sharing groups and share them with the members of the sharing group."
 
 paths:
   /api/v1/individuals/index:
@@ -39,6 +41,24 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/individuals/view/{individualId}:
+    get:
+      summary: "Get individual by ID"
+      operationId: getIndividualById
+      tags:
+        - Individuals
+      parameters:
+        - $ref: "#/components/parameters/individualId"
+      responses:
+        "200":
+          $ref: "#/components/responses/IndividualResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
   /api/v1/individuals/add:
     post:
       summary: "Add individual"
@@ -131,7 +151,7 @@ paths:
 
   /api/v1/users/view/{userId}:
     get:
-      summary: "Get information of a user by id"
+      summary: "Get information of a user by ID"
       operationId: viewUserById
       tags:
         - Users
@@ -407,6 +427,80 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/sharingGroups/index:
+    get:
+      summary: "Get a sharing groups list"
+      operationId: getSharingGroups
+      tags:
+        - SharingGroups
+      parameters:
+        - $ref: "#/components/parameters/quickFilter"
+      responses:
+        "200":
+          $ref: "#/components/responses/SharingGroupListResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/sharingGroups/view/{sharingGroupId}:
+    get:
+      summary: "Get sharing group by ID"
+      operationId: getSharingGroupById
+      tags:
+        - SharingGroups
+      parameters:
+        - $ref: "#/components/parameters/sharingGroupId"
+      responses:
+        "200":
+          $ref: "#/components/responses/SharingGroupResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/sharingGroups/delete/{sharingGroupId}:
+    delete:
+      summary: "Delete sharing group by ID"
+      operationId: deleteSharingGroupById
+      tags:
+        - SharingGroups
+      parameters:
+        - $ref: "#/components/parameters/sharingGroupId"
+      responses:
+        "200":
+          $ref: "#/components/responses/SharingGroupResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/sharingGroups/edit/{sharingGroupId}:
+    put:
+      summary: "Edit sharing group"
+      operationId: editSharingGroup
+      tags:
+        - SharingGroups
+      parameters:
+        - $ref: "#/components/parameters/sharingGroupId"
+      requestBody:
+        $ref: "#/components/requestBodies/EditSharingGroupRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/SharingGroupResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
 components:
   schemas:
     # General
@@ -763,6 +857,55 @@ components:
           - $ref: "#/components/schemas/UserRegistrationInbox"
           - $ref: "#/components/schemas/IncomingConnectionRequestInbox"
 
+    # SharingGroups
+    SharingGroupName:
+      type: string
+
+    SharingGroupReleasability:
+      type: string
+
+    SharingGroupDescription:
+      type: string
+
+    SharingGroup:
+      type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        uuid:
+          $ref: "#/components/schemas/UUID"
+        name:
+          $ref: "#/components/schemas/SharingGroupName"
+        releasability:
+          $ref: "#/components/schemas/SharingGroupReleasability"
+        description:
+          $ref: "#/components/schemas/SharingGroupDescription"
+        organisation_id:
+          $ref: "#/components/schemas/ID"
+        user_id:
+          $ref: "#/components/schemas/ID"
+        active:
+          type: boolean
+        local:
+          type: boolean
+        sharing_group_orgs:
+          type: array
+          items:
+            $ref: "#/components/schemas/Organisation"
+        user:
+          $ref: "#/components/schemas/User"
+        organisation:
+          $ref: "#/components/schemas/Organisation"
+        created:
+          $ref: "#/components/schemas/DateTime"
+        modified:
+          $ref: "#/components/schemas/DateTime"
+
+    SharingGroupList:
+      type: array
+      items:
+        $ref: "#/components/schemas/SharingGroup"
+
     # Errors
     ApiError:
       type: object
@@ -856,6 +999,14 @@ components:
       schema:
         $ref: "#/components/schemas/ID"
 
+    sharingGroupId:
+      name: sharingGroupId
+      in: path
+      description: "Numeric ID of the Sharing Group"
+      required: true
+      schema:
+        $ref: "#/components/schemas/ID"
+
     quickFilter:
       name: quickFilter
       in: query
@@ -1038,6 +1189,31 @@ components:
               password:
                 type: string
 
+    # SharingGroups
+    EditSharingGroupRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              name:
+                $ref: "#/components/schemas/SharingGroupName"
+              releasability:
+                $ref: "#/components/schemas/SharingGroupReleasability"
+              description:
+                $ref: "#/components/schemas/SharingGroupDescription"
+              organisation_id:
+                $ref: "#/components/schemas/ID"
+              user_id:
+                $ref: "#/components/schemas/ID"
+              active:
+                type: boolean
+              local:
+                type: boolean
+
   responses:
     # Individuals
     IndividualResponse:
@@ -1144,6 +1320,22 @@ components:
                 type: array
                 items:
                   type: object
+                  # TODO: describe
+
+    # SharingGroups
+    SharingGroupResponse:
+      description: "Sharing group response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/SharingGroup"
+
+    SharingGroupListResponse:
+      description: "Sharing groups list response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/SharingGroupList"
 
     # Errors
     ApiErrorResponse:

From 25ded7e3bfa4e970fd8bc07177ff92f32dedcd9b Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Fri, 14 Jan 2022 17:43:53 +0100
Subject: [PATCH 110/150] add: more sharing groups api tests, add broods api
 tests, extend openapi spec

---
 tests/Fixture/BroodsFixture.php               |  55 ++++
 tests/Fixture/OrganisationsFixture.php        |   1 -
 tests/Fixture/SharingGroupsFixture.php        |   4 +-
 tests/TestCase/Api/Broods/AddBroodApiTest.php |  91 ++++++
 .../Api/Broods/DeleteBroodsApiTest.php        |  60 ++++
 .../TestCase/Api/Broods/EditBroodApiTest.php  |  83 ++++++
 .../Api/Broods/IndexBroodsApiTest.php         |  45 +++
 .../TestCase/Api/Broods/ViewBroodApiTest.php  |  46 +++
 .../SharingGroups/AddSharingGroupApiTest.php  |  90 ++++++
 .../SharingGroups/ViewSharingGroupApiTest.php |   4 +-
 tests/bootstrap.php                           |   3 +-
 webroot/docs/openapi.yaml                     | 280 +++++++++++++++++-
 12 files changed, 750 insertions(+), 12 deletions(-)
 create mode 100644 tests/Fixture/BroodsFixture.php
 create mode 100644 tests/TestCase/Api/Broods/AddBroodApiTest.php
 create mode 100644 tests/TestCase/Api/Broods/DeleteBroodsApiTest.php
 create mode 100644 tests/TestCase/Api/Broods/EditBroodApiTest.php
 create mode 100644 tests/TestCase/Api/Broods/IndexBroodsApiTest.php
 create mode 100644 tests/TestCase/Api/Broods/ViewBroodApiTest.php
 create mode 100644 tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php

diff --git a/tests/Fixture/BroodsFixture.php b/tests/Fixture/BroodsFixture.php
new file mode 100644
index 0000000..adc035c
--- /dev/null
+++ b/tests/Fixture/BroodsFixture.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+
+class BroodsFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public const BROOD_A_ID = 1;
+    public const BROOD_A_API_KEY = '6dcd4ce23d88e2ee9568ba546c007c63d9131c1b';
+
+    public const BROOD_B_ID = 2;
+    public const BROOD_B_API_KEY = 'ae4f281df5a5d0ff3cad6371f76d5c29b6d953ec';
+
+    public function init(): void
+    {
+        $faker = \Faker\Factory::create();
+
+        $this->records = [
+            [
+                'id' => self::BROOD_A_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'Brood A',
+                'url' => $faker->url,
+                'description' => $faker->text,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'trusted' => true,
+                'pull' => true,
+                'skip_proxy' => true,
+                'authkey' => self::BROOD_A_API_KEY,
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::BROOD_B_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'Brood A',
+                'url' => $faker->url,
+                'description' => $faker->text,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_B_ID,
+                'trusted' => true,
+                'pull' => true,
+                'skip_proxy' => true,
+                'authkey' => self::BROOD_B_API_KEY,
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ]
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/Fixture/OrganisationsFixture.php b/tests/Fixture/OrganisationsFixture.php
index 7b7439e..8531d0c 100644
--- a/tests/Fixture/OrganisationsFixture.php
+++ b/tests/Fixture/OrganisationsFixture.php
@@ -5,7 +5,6 @@ declare(strict_types=1);
 namespace App\Test\Fixture;
 
 use Cake\TestSuite\Fixture\TestFixture;
-use Authentication\PasswordHasher\DefaultPasswordHasher;
 
 class OrganisationsFixture extends TestFixture
 {
diff --git a/tests/Fixture/SharingGroupsFixture.php b/tests/Fixture/SharingGroupsFixture.php
index e12e021..79665b6 100644
--- a/tests/Fixture/SharingGroupsFixture.php
+++ b/tests/Fixture/SharingGroupsFixture.php
@@ -22,7 +22,7 @@ class SharingGroupsFixture extends TestFixture
                 'id' => self::SHARING_GROUP_A_ID,
                 'uuid' => $faker->uuid(),
                 'name' => 'Sharing Group A',
-                'releasability' => 'Sharing Group A',
+                'releasability' => 'Sharing Group A releasability',
                 'description' => 'Sharing Group A description',
                 'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
                 'user_id' => UsersFixture::USER_ADMIN_ID,
@@ -35,7 +35,7 @@ class SharingGroupsFixture extends TestFixture
                 'id' => self::SHARING_GROUP_B_ID,
                 'uuid' => $faker->uuid(),
                 'name' => 'Sharing Group B',
-                'releasability' => 'Sharing Group B',
+                'releasability' => 'Sharing Group B releasability',
                 'description' => 'Sharing Group B description',
                 'organisation_id' => OrganisationsFixture::ORGANISATION_B_ID,
                 'user_id' => UsersFixture::USER_ADMIN_ID,
diff --git a/tests/TestCase/Api/Broods/AddBroodApiTest.php b/tests/TestCase/Api/Broods/AddBroodApiTest.php
new file mode 100644
index 0000000..099f3bd
--- /dev/null
+++ b/tests/TestCase/Api/Broods/AddBroodApiTest.php
@@ -0,0 +1,91 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class AddBroodApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/broods/add';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.Broods'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testAddBrood(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'uuid' => $uuid,
+                'name' => 'Brood A',
+                'url' => $faker->url,
+                'description' => $faker->text,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'trusted' => true,
+                'pull' => true,
+                'skip_proxy' => true,
+                'authkey' => $faker->sha1,
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
+        $this->assertDbRecordExists('Broods', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+
+    public function testAddBroodNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'uuid' => $uuid,
+                'name' => 'Brood A',
+                'url' => $faker->url,
+                'description' => $faker->text,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'trusted' => true,
+                'pull' => true,
+                'skip_proxy' => true,
+                'authkey' => $faker->sha1,
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists('Broods', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/Broods/DeleteBroodsApiTest.php b/tests/TestCase/Api/Broods/DeleteBroodsApiTest.php
new file mode 100644
index 0000000..1b8d2ce
--- /dev/null
+++ b/tests/TestCase/Api/Broods/DeleteBroodsApiTest.php
@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\BroodsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class DeleteBroodsApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/broods/delete';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.Broods'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testDeleteBrood(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, BroodsFixture::BROOD_A_ID);
+        $this->delete($url);
+
+        $this->assertResponseOk();
+        $this->assertDbRecordNotExists('Broods', ['id' => BroodsFixture::BROOD_A_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+
+    public function testDeleteBroodNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, BroodsFixture::BROOD_A_ID);
+        $this->delete($url);
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordExists('Broods', ['id' => BroodsFixture::BROOD_A_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+}
diff --git a/tests/TestCase/Api/Broods/EditBroodApiTest.php b/tests/TestCase/Api/Broods/EditBroodApiTest.php
new file mode 100644
index 0000000..bd15a39
--- /dev/null
+++ b/tests/TestCase/Api/Broods/EditBroodApiTest.php
@@ -0,0 +1,83 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\BroodsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class EditBroodApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/broods/edit';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.Broods'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testEditBrood(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, BroodsFixture::BROOD_A_ID);
+        $this->put(
+            $url,
+            [
+                'name' => 'Test Brood 4321',
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertDbRecordExists(
+            'Broods',
+            [
+                'id' => BroodsFixture::BROOD_A_ID,
+                'name' => 'Test Brood 4321',
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+
+    public function testEditBroodNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, BroodsFixture::BROOD_B_ID);
+        $this->put(
+            $url,
+            [
+                'name' => 'Test Brood 1234'
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists(
+            'Broods',
+            [
+                'id' => BroodsFixture::BROOD_B_ID,
+                'name' => 'Test Brood 1234'
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+}
diff --git a/tests/TestCase/Api/Broods/IndexBroodsApiTest.php b/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
new file mode 100644
index 0000000..97d0df8
--- /dev/null
+++ b/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\BroodsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class IndexBroodsApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/users/index';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.Broods'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testIndexBroods(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', BroodsFixture::BROOD_A_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+    }
+}
diff --git a/tests/TestCase/Api/Broods/ViewBroodApiTest.php b/tests/TestCase/Api/Broods/ViewBroodApiTest.php
new file mode 100644
index 0000000..b3f520d
--- /dev/null
+++ b/tests/TestCase/Api/Broods/ViewBroodApiTest.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\BroodsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class ViewBroodApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/broods/view';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.Broods'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testViewBroodGroupById(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, BroodsFixture::BROOD_A_ID);
+        $this->get($url);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', BroodsFixture::BROOD_A_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url);
+    }
+}
diff --git a/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
new file mode 100644
index 0000000..45a79aa
--- /dev/null
+++ b/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
@@ -0,0 +1,90 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\OrganisationsFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class AddSharingGroupApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/sharingGroups/add';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.SharingGroups'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
+    }
+
+    public function testAddSharingGroup(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'uuid' => $uuid,
+                'name' => 'Test Sharing Group',
+                'releasability' => 'Test Sharing Group releasability',
+                'description' => 'Test Sharing Group description',
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'user_id' => UsersFixture::USER_ADMIN_ID,
+                'active' => true,
+                'local' => true
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
+        $this->assertDbRecordExists('SharingGroups', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+
+    public function testAddSharingGroupNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'uuid' => $uuid,
+                'name' => 'Test Sharing Group',
+                'releasability' => 'Sharing Group A',
+                'description' => 'Sharing Group A description',
+                'organisation_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'user_id' => UsersFixture::USER_ADMIN_ID,
+                'active' => true,
+                'local' => true
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists('SharingGroups', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
index 5f5e6d1..0e86fc7 100644
--- a/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
@@ -32,14 +32,14 @@ class ViewSharingGroupApiTest extends TestCase
         $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
     }
 
-    public function testVieSharingGroupById(): void
+    public function testViewSharingGroupById(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
         $url = sprintf('%s/%d', self::ENDPOINT, SharingGroupsFixture::SHARING_GROUP_A_ID);
         $this->get($url);
 
         $this->assertResponseOk();
-        $this->assertResponseContains('"name": "Sharing Group A"');
+        $this->assertResponseContains(sprintf('"id": %d', SharingGroupsFixture::SHARING_GROUP_A_ID));
         // TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url);
     }
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 6df9c27..c9a8b8c 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -56,6 +56,7 @@ session_id('cli');
 
 // hacky way to skip migrations
 if (!in_array('skip-migrations', $_SERVER['argv'])) {
+    echo "[ * ] Running DB migrations, it may take some time ...\n";
     $migrator = new Migrator();
     $migrator->runMany([
         ['connection' => 'test'],
@@ -63,5 +64,5 @@ if (!in_array('skip-migrations', $_SERVER['argv'])) {
         ['plugin' => 'ADmad/SocialAuth', 'connection' => 'test']
     ]);
 } else {
-    echo "[ * ] Skipping migrations ...\n";
+    echo "[ * ] Skipping DB migrations ...\n";
 }
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index c8a8c70..81ac9aa 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -21,6 +21,8 @@ tags:
     description: "Inbox messages represent A list of requests to be manually processed."
   - name: SharingGroups
     description: "Sharing groups are distribution lists usable by tools that can exchange information with a list of trusted partners. Create recurring or ad hoc sharing groups and share them with the members of the sharing group."
+  - name: Broods
+    description: "Cerebrate can connect to other Cerebrate instances to exchange trust information and to instrument interconnectivity between connected local tools. Each such Cerebrate instance with its connected tools is considered to be a brood."
 
 paths:
   /api/v1/individuals/index:
@@ -66,7 +68,7 @@ paths:
       tags:
         - Users
       requestBody:
-        $ref: "#/components/requestBodies/AddIndividualRequest"
+        $ref: "#/components/requestBodies/CreateIndividualRequest"
       responses:
         "200":
           $ref: "#/components/responses/IndividualResponse"
@@ -174,7 +176,7 @@ paths:
       tags:
         - Users
       requestBody:
-        $ref: "#/components/requestBodies/AddUserRequest"
+        $ref: "#/components/requestBodies/CreateUserRequest"
       responses:
         "200":
           $ref: "#/components/responses/UserResponse"
@@ -248,7 +250,7 @@ paths:
       tags:
         - Organisations
       requestBody:
-        $ref: "#/components/requestBodies/AddOrganisationRequest"
+        $ref: "#/components/requestBodies/CreateOrganisationRequest"
       responses:
         "200":
           $ref: "#/components/responses/OrganisationResponse"
@@ -445,6 +447,24 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/sharingGroups/add:
+    post:
+      summary: "Add sharing group"
+      operationId: addSharingGroup
+      tags:
+        - SharingGroups
+      requestBody:
+        $ref: "#/components/requestBodies/CreateSharingGroupRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/IndividualResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
   /api/v1/sharingGroups/view/{sharingGroupId}:
     get:
       summary: "Get sharing group by ID"
@@ -501,6 +521,98 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/broods/index:
+    get:
+      summary: "Get broods list"
+      operationId: getBroods
+      tags:
+        - Broods
+      parameters:
+        - $ref: "#/components/parameters/quickFilter"
+      responses:
+        "200":
+          $ref: "#/components/responses/BroodListResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/broods/view/{broodId}:
+    get:
+      summary: "Get brood by ID"
+      operationId: getBroodById
+      tags:
+        - Broods
+      parameters:
+        - $ref: "#/components/parameters/broodId"
+      responses:
+        "200":
+          $ref: "#/components/responses/BroodResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/broods/add:
+    post:
+      summary: "Add brood"
+      operationId: addBrood
+      tags:
+        - Broods
+      requestBody:
+        $ref: "#/components/requestBodies/CreateBroodRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/BroodResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/broods/edit/{sharingGroupId}:
+    put:
+      summary: "Edit brood"
+      operationId: editBrood
+      tags:
+        - Broods
+      parameters:
+        - $ref: "#/components/parameters/broodId"
+      requestBody:
+        $ref: "#/components/requestBodies/EditBroodRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/BroodResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/broods/delete/{broodId}:
+    delete:
+      summary: "Delete brood by ID"
+      operationId: deleteBroodById
+      tags:
+        - Broods
+      parameters:
+        - $ref: "#/components/parameters/broodId"
+      responses:
+        "200":
+          $ref: "#/components/responses/BroodResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
 components:
   schemas:
     # General
@@ -525,6 +637,9 @@ components:
       format: email
       example: "user@example.com"
 
+    AuthKey:
+      type: string
+
     # Individuals
     IndividualFirstName:
       type: string
@@ -906,6 +1021,59 @@ components:
       items:
         $ref: "#/components/schemas/SharingGroup"
 
+    # Broods
+    BroodName:
+      type: string
+
+    BroodDescription:
+      type: string
+
+    BroodUrl:
+      type: string
+
+    BroodIsTrusted:
+      type: boolean
+      description: "Trusted upstream source"
+
+    BroodIsPull:
+      type: boolean
+      description: "Enable pulling of trust information"
+
+    Brood:
+      type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        uuid:
+          $ref: "#/components/schemas/UUID"
+        name:
+          $ref: "#/components/schemas/BroodName"
+        url:
+          $ref: "#/components/schemas/BroodUrl"
+        description:
+          $ref: "#/components/schemas/BroodDescription"
+        organisation_id:
+          $ref: "#/components/schemas/ID"
+        trusted:
+          $ref: "#/components/schemas/BroodIsTrusted"
+        pull:
+          $ref: "#/components/schemas/BroodIsPull"
+        skip_proxy:
+          type: boolean
+        authkey:
+          $ref: "#/components/schemas/AuthKey"
+        created:
+          $ref: "#/components/schemas/DateTime"
+        modified:
+          $ref: "#/components/schemas/DateTime"
+        organisation:
+          $ref: "#/components/schemas/Organisation"
+
+    BroodList:
+      type: array
+      items:
+        $ref: "#/components/schemas/Brood"
+
     # Errors
     ApiError:
       type: object
@@ -1007,6 +1175,14 @@ components:
       schema:
         $ref: "#/components/schemas/ID"
 
+    broodId:
+      name: broodId
+      in: path
+      description: "Numeric ID of the Brood"
+      required: true
+      schema:
+        $ref: "#/components/schemas/ID"
+
     quickFilter:
       name: quickFilter
       in: query
@@ -1027,7 +1203,7 @@ components:
 
   requestBodies:
     # Individuals
-    AddIndividualRequest:
+    CreateIndividualRequest:
       required: true
       content:
         application/json:
@@ -1064,7 +1240,7 @@ components:
                 $ref: "#/components/schemas/IndividualPosition"
 
     # Users
-    AddUserRequest:
+    CreateUserRequest:
       required: true
       content:
         application/json:
@@ -1107,7 +1283,7 @@ components:
                 type: string
 
     # Organisations
-    AddOrganisationRequest:
+    CreateOrganisationRequest:
       required: true
       content:
         application/json:
@@ -1190,6 +1366,30 @@ components:
                 type: string
 
     # SharingGroups
+    CreateSharingGroupRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              name:
+                $ref: "#/components/schemas/SharingGroupName"
+              releasability:
+                $ref: "#/components/schemas/SharingGroupReleasability"
+              description:
+                $ref: "#/components/schemas/SharingGroupDescription"
+              organisation_id:
+                $ref: "#/components/schemas/ID"
+              user_id:
+                $ref: "#/components/schemas/ID"
+              active:
+                type: boolean
+              local:
+                type: boolean
+
     EditSharingGroupRequest:
       required: true
       content:
@@ -1214,6 +1414,59 @@ components:
               local:
                 type: boolean
 
+    # Broods
+    CreateBroodRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              name:
+                $ref: "#/components/schemas/BroodName"
+              url:
+                $ref: "#/components/schemas/BroodUrl"
+              description:
+                $ref: "#/components/schemas/BroodDescription"
+              organisation_id:
+                $ref: "#/components/schemas/ID"
+              trusted:
+                $ref: "#/components/schemas/BroodIsTrusted"
+              pull:
+                $ref: "#/components/schemas/BroodIsPull"
+              skip_proxy:
+                type: boolean
+              authkey:
+                $ref: "#/components/schemas/AuthKey"
+
+    EditBroodRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              name:
+                $ref: "#/components/schemas/BroodName"
+              url:
+                $ref: "#/components/schemas/BroodUrl"
+              description:
+                $ref: "#/components/schemas/BroodDescription"
+              organisation_id:
+                $ref: "#/components/schemas/ID"
+              trusted:
+                $ref: "#/components/schemas/BroodIsTrusted"
+              pull:
+                $ref: "#/components/schemas/BroodIsPull"
+              skip_proxy:
+                type: boolean
+              authkey:
+                $ref: "#/components/schemas/AuthKey"
+
   responses:
     # Individuals
     IndividualResponse:
@@ -1337,6 +1590,21 @@ components:
           schema:
             $ref: "#/components/schemas/SharingGroupList"
 
+    # Broods
+    BroodResponse:
+      description: "Brood response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/Brood"
+
+    BroodListResponse:
+      description: "Brood list response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/BroodList"
+
     # Errors
     ApiErrorResponse:
       description: "Unexpected API error"

From caf48c9060ba27e13533e8d702a989bb72285a8e Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jan 2022 09:19:53 +0100
Subject: [PATCH 111/150] fix: [ACL] proper error messages on user edit

- don't just silently redirect to the own user editing if the user isn't authorised to modify another user
---
 src/Controller/UsersController.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 36a69cf..3e389de 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -97,8 +97,16 @@ class UsersController extends AppController
     public function edit($id = false)
     {
         $currentUser = $this->ACL->getUser();
-        if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
+        if (empty($id)) {
             $id = $currentUser['id'];
+        } else {
+            if ((empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
+                if ($id !== $currentUser['id']) {
+                    throw new MethodNotAllowedException(__('You are not authorised to edit that user.'));
+                } else {
+                    $id = $currentUser['id'];
+                }
+            }
         }
 
         $params = [

From 95cb4536e1cb371d566b16afc2d06f0dc8723932 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jan 2022 09:22:06 +0100
Subject: [PATCH 112/150] fix: [tagging] error when trying to add a tag that
 doesn't exist yet

- add default colour to circumvent the error
---
 plugins/Tags/src/Model/Behavior/TagBehavior.php | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/plugins/Tags/src/Model/Behavior/TagBehavior.php b/plugins/Tags/src/Model/Behavior/TagBehavior.php
index b27ded9..5772d82 100644
--- a/plugins/Tags/src/Model/Behavior/TagBehavior.php
+++ b/plugins/Tags/src/Model/Behavior/TagBehavior.php
@@ -46,10 +46,10 @@ class TagBehavior extends Behavior
         $config = $this->getConfig();
         $tagsAssoc = $config['tagsAssoc'];
         $taggedAssoc = $config['taggedAssoc'];
-        
+
         $table = $this->_table;
         $tableAlias = $this->_table->getAlias();
-        
+
         $assocConditions = ['Tagged.fk_model' => $tableAlias];
 
         if (!$table->hasAssociation('Tagged')) {
@@ -114,7 +114,6 @@ class TagBehavior extends Behavior
         $property = $this->getConfig('tagsAssoc.propertyName');
         $options['accessibleFields'][$property] = true;
         $options['associated']['Tags']['accessibleFields']['id'] = true;
-
         if (isset($data['tags'])) {
             if (!empty($data['tags'])) {
                 $data[$property] = $this->normalizeTags($data['tags']);
@@ -131,7 +130,6 @@ class TagBehavior extends Behavior
             if (!$tag->isNew()) {
                 continue;
             }
-
             $existingTag = $this->getExistingTag($tag->name);
             if (!$existingTag) {
                 continue;
@@ -176,15 +174,14 @@ class TagBehavior extends Behavior
                 $result[] = array_merge($common, ['id' => $existingTag->id]);
                 continue;
             }
-
             $result[] = array_merge(
                 $common,
                 [
                     'name' => $tagIdentifier,
+                    'colour' => '#924da6'
                 ]
             );
         }
-
         return $result;
     }
 
@@ -312,7 +309,7 @@ class TagBehavior extends Behavior
         $key = 'Tags.' . $finderField;
         $taggedAlias = 'Tagged';
         $foreignKey = $this->getConfig('tagsAssoc.foreignKey');
-        
+
         if (!empty($filterValue['AND'])) {
             $subQuery = $this->buildQuerySnippet($filterValue['AND'], $finderField, $OperatorAND);
             $modelAlias = $this->_table->getAlias();
@@ -352,4 +349,4 @@ class TagBehavior extends Behavior
 
         return $query;
     }
-}
\ No newline at end of file
+}

From 12d7607aae9978c0380ee7dd4b5a96d31dd928bd Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jan 2022 09:45:45 +0100
Subject: [PATCH 113/150] new: [encryption key] view added

- was missing, despite links to it
---
 src/Controller/EncryptionKeysController.php   | 12 +++++++
 templates/EncryptionKeys/view.php             | 32 +++++++++++++++++++
 .../SingleViews/Fields/ownerField.php         |  6 ++++
 3 files changed, 50 insertions(+)
 create mode 100644 templates/EncryptionKeys/view.php
 create mode 100644 templates/element/genericElements/SingleViews/Fields/ownerField.php

diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php
index bafe8ce..57dfc4c 100644
--- a/src/Controller/EncryptionKeysController.php
+++ b/src/Controller/EncryptionKeysController.php
@@ -130,4 +130,16 @@ class EncryptionKeysController extends AppController
         $this->set('metaGroup', 'ContactDB');
         $this->render('add');
     }
+
+    public function view($id = false)
+    {
+        $this->CRUD->view($id, [
+            'contain' => ['Individuals', 'Organisations']
+        ]);
+        $responsePayload = $this->CRUD->getResponsePayload();
+        if (!empty($responsePayload)) {
+            return $responsePayload;
+        }
+        $this->set('metaGroup', 'ContactDB');
+    }
 }
diff --git a/templates/EncryptionKeys/view.php b/templates/EncryptionKeys/view.php
new file mode 100644
index 0000000..e92da92
--- /dev/null
+++ b/templates/EncryptionKeys/view.php
@@ -0,0 +1,32 @@
+<?php
+echo $this->element(
+    '/genericElements/SingleViews/single_view',
+    [
+        'data' => $entity,
+        'fields' => [
+            [
+                'key' => __('ID'),
+                'path' => 'id'
+            ],
+            [
+                'key' => __('Type'),
+                'path' => 'type'
+            ],
+            [
+                'key' => __('Owner'),
+                'path' => 'owner_id',
+                'owner_model_path' => 'owner_model',
+                'type' => 'owner'
+            ],
+            [
+                'key' => __('Revoked'),
+                'path' => 'revoked'
+            ],
+
+            [
+                'key' => __('Key'),
+                'path' => 'encryption_key'
+            ]
+        ]
+    ]
+);
diff --git a/templates/element/genericElements/SingleViews/Fields/ownerField.php b/templates/element/genericElements/SingleViews/Fields/ownerField.php
new file mode 100644
index 0000000..4f213a7
--- /dev/null
+++ b/templates/element/genericElements/SingleViews/Fields/ownerField.php
@@ -0,0 +1,6 @@
+<?php
+echo $this->element('/genericElements/IndexTable/Fields/owner', [
+    'field' => $field,
+    'row' => $data
+]);
+?>

From aeaa833f64d65c1f66d1ec34f84c265635e50833 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 17 Jan 2022 11:29:50 +0100
Subject: [PATCH 114/150] new: [CodeMirror] Shows a placeholder whenever the
 textarea is empty

---
 templates/layout/default.php                  |  1 +
 .../css/CodeMirror/codemirror-additional.css  |  4 +
 .../CodeMirror/addon/display/placeholder.js   | 78 +++++++++++++++++++
 3 files changed, 83 insertions(+)
 create mode 100644 webroot/js/CodeMirror/addon/display/placeholder.js

diff --git a/templates/layout/default.php b/templates/layout/default.php
index 849592e..59d2efe 100644
--- a/templates/layout/default.php
+++ b/templates/layout/default.php
@@ -52,6 +52,7 @@ $sidebarOpen = $loggedUser->user_settings_by_name_with_fallback['ui.sidebar.expa
     <?= $this->Html->script('CodeMirror/addon/lint/json-lint') ?>
     <?= $this->Html->script('CodeMirror/addon/edit/matchbrackets') ?>
     <?= $this->Html->script('CodeMirror/addon/edit/closebrackets') ?>
+    <?= $this->Html->script('CodeMirror/addon/display/placeholder') ?>
     <?= $this->Html->css('CodeMirror/codemirror') ?>
     <?= $this->Html->css('CodeMirror/codemirror-additional') ?>
     <?= $this->Html->css('CodeMirror/addon/hint/show-hint') ?>
diff --git a/webroot/css/CodeMirror/codemirror-additional.css b/webroot/css/CodeMirror/codemirror-additional.css
index 0c62e18..4399c1a 100644
--- a/webroot/css/CodeMirror/codemirror-additional.css
+++ b/webroot/css/CodeMirror/codemirror-additional.css
@@ -26,4 +26,8 @@
 
 .CodeMirror-hints {
     z-index: 1060 !important; /* Make sure hint is above modal */
+}
+
+.CodeMirror pre.CodeMirror-placeholder {
+    color: #999; 
 }
\ No newline at end of file
diff --git a/webroot/js/CodeMirror/addon/display/placeholder.js b/webroot/js/CodeMirror/addon/display/placeholder.js
new file mode 100644
index 0000000..d8e2dbd
--- /dev/null
+++ b/webroot/js/CodeMirror/addon/display/placeholder.js
@@ -0,0 +1,78 @@
+// CodeMirror, copyright (c) by Marijn Haverbeke and others
+// Distributed under an MIT license: https://codemirror.net/LICENSE
+
+(function (mod) {
+    if (typeof exports == "object" && typeof module == "object") // CommonJS
+        mod(require("../../lib/codemirror"));
+    else if (typeof define == "function" && define.amd) // AMD
+        define(["../../lib/codemirror"], mod);
+    else // Plain browser env
+        mod(CodeMirror);
+})(function (CodeMirror) {
+    CodeMirror.defineOption("placeholder", "", function (cm, val, old) {
+        var prev = old && old != CodeMirror.Init;
+        if (val && !prev) {
+            cm.on("blur", onBlur);
+            cm.on("change", onChange);
+            cm.on("swapDoc", onChange);
+            CodeMirror.on(cm.getInputField(), "compositionupdate", cm.state.placeholderCompose = function () { onComposition(cm) })
+            onChange(cm);
+        } else if (!val && prev) {
+            cm.off("blur", onBlur);
+            cm.off("change", onChange);
+            cm.off("swapDoc", onChange);
+            CodeMirror.off(cm.getInputField(), "compositionupdate", cm.state.placeholderCompose)
+            clearPlaceholder(cm);
+            var wrapper = cm.getWrapperElement();
+            wrapper.className = wrapper.className.replace(" CodeMirror-empty", "");
+        }
+
+        if (val && !cm.hasFocus()) onBlur(cm);
+    });
+
+    function clearPlaceholder(cm) {
+        if (cm.state.placeholder) {
+            cm.state.placeholder.parentNode.removeChild(cm.state.placeholder);
+            cm.state.placeholder = null;
+        }
+    }
+    function setPlaceholder(cm) {
+        clearPlaceholder(cm);
+        var elt = cm.state.placeholder = document.createElement("pre");
+        elt.style.cssText = "height: 0; overflow: visible";
+        elt.style.direction = cm.getOption("direction");
+        elt.className = "CodeMirror-placeholder CodeMirror-line-like";
+        var placeHolder = cm.getOption("placeholder")
+        if (typeof placeHolder == "string") placeHolder = document.createTextNode(placeHolder)
+        elt.appendChild(placeHolder)
+        cm.display.lineSpace.insertBefore(elt, cm.display.lineSpace.firstChild);
+    }
+
+    function onComposition(cm) {
+        setTimeout(function () {
+            var empty = false
+            if (cm.lineCount() == 1) {
+                var input = cm.getInputField()
+                empty = input.nodeName == "TEXTAREA" ? !cm.getLine(0).length
+                    : !/[^\u200b]/.test(input.querySelector(".CodeMirror-line").textContent)
+            }
+            if (empty) setPlaceholder(cm)
+            else clearPlaceholder(cm)
+        }, 20)
+    }
+
+    function onBlur(cm) {
+        if (isEmpty(cm)) setPlaceholder(cm);
+    }
+    function onChange(cm) {
+        var wrapper = cm.getWrapperElement(), empty = isEmpty(cm);
+        wrapper.className = wrapper.className.replace(" CodeMirror-empty", "") + (empty ? " CodeMirror-empty" : "");
+
+        if (empty) setPlaceholder(cm);
+        else clearPlaceholder(cm);
+    }
+
+    function isEmpty(cm) {
+        return (cm.lineCount() === 1) && (cm.getLine(0) === "");
+    }
+});

From f18307b3cb476e5c727d8f211a27b29e06be1f2d Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 17 Jan 2022 11:30:26 +0100
Subject: [PATCH 115/150] chg: [localTools:local_tool_connectors]  Added
 support of CodeMirror placeholder

---
 .../local_tool_connectors/MispConnector.php      |  5 +++++
 .../SkeletonConnectorExample.php                 | 16 ++++++++++++++++
 src/Model/Table/LocalToolsTable.php              |  3 ++-
 templates/LocalTools/add.php                     |  3 ++-
 4 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/Lib/default/local_tool_connectors/MispConnector.php b/src/Lib/default/local_tool_connectors/MispConnector.php
index 473573a..a021839 100644
--- a/src/Lib/default/local_tool_connectors/MispConnector.php
+++ b/src/Lib/default/local_tool_connectors/MispConnector.php
@@ -122,6 +122,11 @@ class MispConnector extends CommonConnectorTools
             'type' => 'boolean'
         ],
     ];
+    public $settingsPlaceholder = [
+        'url' => 'https://your.misp.intance',
+        'authkey' => '',
+        'skip_ssl' => '0',
+    ];
 
     public function addSettingValidatorRules($validator)
     {
diff --git a/src/Lib/default/local_tool_connectors/SkeletonConnectorExample.php b/src/Lib/default/local_tool_connectors/SkeletonConnectorExample.php
index ce9b62d..362c514 100644
--- a/src/Lib/default/local_tool_connectors/SkeletonConnectorExample.php
+++ b/src/Lib/default/local_tool_connectors/SkeletonConnectorExample.php
@@ -46,6 +46,22 @@ class SkeletonConnector extends CommonConnectorTools
             'redirect' => 'serverSettingsAction'
         ]
     ];
+    public $settings = [
+        'url' => [
+            'type' => 'text'
+        ],
+        'authkey' => [
+            'type' => 'text'
+        ],
+        'skip_ssl' => [
+            'type' => 'boolean'
+        ],
+    ];
+    public $settingsPlaceholder = [
+        'url' => 'https://your.url',
+        'authkey' => '',
+        'skip_ssl' => '0',
+    ];
 
     public function health(Object $connection): array
     {
diff --git a/src/Model/Table/LocalToolsTable.php b/src/Model/Table/LocalToolsTable.php
index ac29bf9..64d6168 100644
--- a/src/Model/Table/LocalToolsTable.php
+++ b/src/Model/Table/LocalToolsTable.php
@@ -143,7 +143,8 @@ class LocalToolsTable extends AppTable
                 'connector' => $connector_type,
                 'connector_version' => $connector_class->version,
                 'connector_description' => $connector_class->description,
-                'connector_settings' => $connector_class->settings ?? []
+                'connector_settings' => $connector_class->settings ?? [],
+                'connector_settings_placeholder' => $connector_class->settingsPlaceholder ?? [],
             ];
             if ($includeConnections) {
                 $connector['connections'] = $this->healthCheck($connector_type, $connector_class);
diff --git a/templates/LocalTools/add.php b/templates/LocalTools/add.php
index 184f0e6..5197f21 100644
--- a/templates/LocalTools/add.php
+++ b/templates/LocalTools/add.php
@@ -22,7 +22,8 @@
                     'codemirror' => [
                         'height' => '10rem',
                         'hints' => $connectors[0]['connector_settings']
-                    ]
+                    ],
+                    'placeholder' => json_encode($connectors[0]['connector_settings_placeholder'], JSON_FORCE_OBJECT | JSON_PRETTY_PRINT)
                 ],
                 [
                     'field' => 'description',

From 1b4c681a88f46f77da462ae89ad7d0e3d0347112 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jan 2022 12:47:48 +0100
Subject: [PATCH 116/150] new: [Outbox] entity added

- to inherit the appModel functions
---
 src/Controller/LocalToolsController.php |  2 --
 src/Model/Entity/Outbox.php             | 11 +++++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 src/Model/Entity/Outbox.php

diff --git a/src/Controller/LocalToolsController.php b/src/Controller/LocalToolsController.php
index a0d31b9..4040c9b 100644
--- a/src/Controller/LocalToolsController.php
+++ b/src/Controller/LocalToolsController.php
@@ -355,10 +355,8 @@ class LocalToolsController extends AppController
             $params['target_tool_id'] = $postParams['target_tool_id'];
             $result = $this->LocalTools->encodeLocalConnection($params);
             // Send message to remote inbox
-            debug($result);
         } else {
             $target_tools = $this->LocalTools->findConnectable($local_tool);
-            debug($target_tools);
             if (empty($target_tools)) {
                 throw new NotFoundException(__('No tools found to connect.'));
             }
diff --git a/src/Model/Entity/Outbox.php b/src/Model/Entity/Outbox.php
new file mode 100644
index 0000000..51304e6
--- /dev/null
+++ b/src/Model/Entity/Outbox.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace App\Model\Entity;
+
+use App\Model\Entity\AppModel;
+use Cake\ORM\Entity;
+
+class Outbox extends AppModel
+{
+    
+}

From b4534c373bf6dbd2b65f6cd95ae2d4626c0d2fd3 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jan 2022 12:53:14 +0100
Subject: [PATCH 117/150] fix: [organisation] add/edit doesn't save URL

---
 templates/Organisations/add.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/Organisations/add.php b/templates/Organisations/add.php
index 987809e..ab3a17e 100644
--- a/templates/Organisations/add.php
+++ b/templates/Organisations/add.php
@@ -17,7 +17,7 @@
                     'type' => 'uuid'
                 ),
                 array(
-                    'field' => 'URL'
+                    'field' => 'url'
                 ),
                 array(
                     'field' => 'nationality'

From 453c838dfe0a74592da5cd7490a3f117182e380d Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jan 2022 13:15:26 +0100
Subject: [PATCH 118/150] fix: [placeholder removed] WiP functionality for
 local_tool->local_tool connections within the same brood temporarily removed

- was never fully implemented
---
 src/Controller/Component/ACLComponent.php | 2 +-
 src/Controller/LocalToolsController.php   | 2 ++
 src/Model/Table/LocalToolsTable.php       | 3 ++-
 templates/LocalTools/connector_index.php  | 2 ++
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index afa70ff..670a037 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -109,7 +109,7 @@ class ACLComponent extends Component
             'batchAction' => ['perm_admin'],
             'broodTools' => ['perm_admin'],
             'connectionRequest' => ['perm_admin'],
-            'connectLocal' => ['perm_admin'],
+            // 'connectLocal' => ['perm_admin'],
             'delete' => ['perm_admin'],
             'edit' => ['perm_admin'],
             'exposedTools' => ['OR' => ['perm_admin', 'perm_sync']],
diff --git a/src/Controller/LocalToolsController.php b/src/Controller/LocalToolsController.php
index 4040c9b..12d9d62 100644
--- a/src/Controller/LocalToolsController.php
+++ b/src/Controller/LocalToolsController.php
@@ -340,6 +340,7 @@ class LocalToolsController extends AppController
         }
     }
 
+/*
     public function connectLocal($local_tool_id)
     {
         $params = [
@@ -367,4 +368,5 @@ class LocalToolsController extends AppController
             ]);
         }
     }
+*/
 }
diff --git a/src/Model/Table/LocalToolsTable.php b/src/Model/Table/LocalToolsTable.php
index ac29bf9..20336e2 100644
--- a/src/Model/Table/LocalToolsTable.php
+++ b/src/Model/Table/LocalToolsTable.php
@@ -288,6 +288,7 @@ class LocalToolsTable extends AppTable
         return $jsonReply;
     }
 
+/*
     public function findConnectable($local_tool): array
     {
         $connectors = $this->getInterconnectors($local_tool['connector']);
@@ -297,8 +298,8 @@ class LocalToolsTable extends AppTable
                 $validTargets[$connector['connects'][1]] = 1;
             }
         }
-
     }
+*/
 
     public function fetchConnection($id): object
     {
diff --git a/templates/LocalTools/connector_index.php b/templates/LocalTools/connector_index.php
index e6ef205..f199d30 100644
--- a/templates/LocalTools/connector_index.php
+++ b/templates/LocalTools/connector_index.php
@@ -89,12 +89,14 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'url_params_data_paths' => ['id'],
                 'icon' => 'eye'
             ],
+            /*
             [
                 'open_modal' => '/localTools/connectLocal/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
                 'reload_url' => sprintf('/localTools/connectorIndex/%s', h($connectorName)),
                 'icon' => 'plug'
             ],
+            */
             [
                 'open_modal' => '/localTools/edit/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',

From 0328bfed4686d47c8b356d4c3ea5dab31ce73887 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jan 2022 13:20:34 +0100
Subject: [PATCH 119/150] fix: [inividuals] add shouldn't have the tagging
 options

- can't tag that which does not exist yet
---
 templates/Individuals/add.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/Individuals/add.php b/templates/Individuals/add.php
index 935c2de..19bcf36 100644
--- a/templates/Individuals/add.php
+++ b/templates/Individuals/add.php
@@ -23,7 +23,8 @@
                 ),
                 array(
                     'field' => 'tag_list',
-                    'type' => 'tags'
+                    'type' => 'tags',
+                    'requirements' => $this->request->getParam('action') === 'edit'
                 ),
             ),
             'metaTemplates' => empty($metaTemplates) ? [] : $metaTemplates,

From e8f57dc40f21a78d0a4c79cf31579cb9afb2d024 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jan 2022 13:20:34 +0100
Subject: [PATCH 120/150] fix: [inividuals] add shouldn't have the tagging
 options

- can't tag that which does not exist yet
---
 templates/Individuals/add.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/Individuals/add.php b/templates/Individuals/add.php
index 935c2de..19bcf36 100644
--- a/templates/Individuals/add.php
+++ b/templates/Individuals/add.php
@@ -23,7 +23,8 @@
                 ),
                 array(
                     'field' => 'tag_list',
-                    'type' => 'tags'
+                    'type' => 'tags',
+                    'requirements' => $this->request->getParam('action') === 'edit'
                 ),
             ),
             'metaTemplates' => empty($metaTemplates) ? [] : $metaTemplates,

From 1c81257b7596f55d91839f5b485dc8076538d143 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 17 Jan 2022 15:22:52 +0100
Subject: [PATCH 121/150] fix: [helpers:bootstrap] Table's cell generator gets
 the correct row index

---
 src/View/Helper/BootstrapHelper.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/View/Helper/BootstrapHelper.php b/src/View/Helper/BootstrapHelper.php
index 6d9275f..ee24495 100644
--- a/src/View/Helper/BootstrapHelper.php
+++ b/src/View/Helper/BootstrapHelper.php
@@ -637,13 +637,13 @@ class BoostrapTable extends BootstrapGeneric {
             ],
         ]);
         foreach ($this->items as $i => $row) {
-            $body .= $this->genRow($row);
+            $body .= $this->genRow($row, $i);
         }
         $body .= $this->closeNode('tbody');
         return $body;
     }
 
-    private function genRow($row)
+    private function genRow($row, $rowIndex)
     {
         $html = $this->openNode('tr',[
             'class' => [
@@ -658,21 +658,21 @@ class BoostrapTable extends BootstrapGeneric {
                     $key = $field;
                 }
                 $cellValue = Hash::get($row, $key);
-                $html .= $this->genCell($cellValue, $field, $row, $i);
+                $html .= $this->genCell($cellValue, $field, $row, $rowIndex);
             }
         } else { // indexed array
-            foreach ($row as $cellValue) {
-                $html .= $this->genCell($cellValue, $field, $row, $i);
+            foreach ($row as $i => $cellValue) {
+                $html .= $this->genCell($cellValue, 'index', $row, $rowIndex);
             }
         }
         $html .= $this->closeNode('tr');
         return $html;
     }
 
-    private function genCell($value, $field=[], $row=[], $i=0)
+    private function genCell($value, $field=[], $row=[], $rowIndex=0)
     {
         if (isset($field['formatter'])) {
-            $cellContent = $field['formatter']($value, $row, $i);
+            $cellContent = $field['formatter']($value, $row, $rowIndex);
         } else if (isset($field['element'])) {
             $cellContent = $this->btHelper->getView()->element($field['element'], [
                 'data' => [$value],

From ef2827e87a43cf7360abd161633d54710fc73dec Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 17 Jan 2022 15:24:30 +0100
Subject: [PATCH 122/150] fix: [userSettings] Various permissions issues

---
 src/Controller/UserSettingsController.php | 64 ++++++++++++++++++++---
 src/Model/Table/UserSettingsTable.php     |  2 +-
 2 files changed, 57 insertions(+), 9 deletions(-)

diff --git a/src/Controller/UserSettingsController.php b/src/Controller/UserSettingsController.php
index 3d73707..d28f6ca 100644
--- a/src/Controller/UserSettingsController.php
+++ b/src/Controller/UserSettingsController.php
@@ -9,6 +9,8 @@ use \Cake\Database\Expression\QueryExpression;
 use Cake\Http\Exception\NotFoundException;
 use Cake\Http\Exception\MethodNotAllowedException;
 use Cake\Http\Exception\ForbiddenException;
+use Cake\Http\Exception\UnauthorizedException;
+
 
 class UserSettingsController extends AppController
 {
@@ -19,8 +21,12 @@ class UserSettingsController extends AppController
     public function index()
     {
         $conditions = [];
+        $currentUser = $this->ACL->getUser();
+        if (empty($currentUser['role']['perm_admin'])) {
+            $conditions['user_id'] = $currentUser->id;
+        }
         $this->CRUD->index([
-            'conditions' => [],
+            'conditions' => $conditions,
             'contain' => $this->containFields,
             'filters' => $this->filterFields,
             'quickFilters' => $this->quickFilterFields,
@@ -39,6 +45,9 @@ class UserSettingsController extends AppController
 
     public function view($id)
     {
+        if (!$this->isLoggedUserAllowedToEdit($id)) {
+            throw new NotFoundException(__('Invalid {0}.', 'user setting'));
+        }
         $this->CRUD->view($id, [
             'contain' => ['Users']
         ]);
@@ -50,10 +59,13 @@ class UserSettingsController extends AppController
 
     public function add($user_id = false)
     {
+        $currentUser = $this->ACL->getUser();
         $this->CRUD->add([
             'redirect' => ['action' => 'index', $user_id],
-            'beforeSave' => function($data) use ($user_id) {
-                $data['user_id'] = $user_id;
+            'beforeSave' => function ($data) use ($currentUser) {
+                if (empty($currentUser['role']['perm_admin'])) {
+                    $data['user_id'] = $currentUser->id;
+                }
                 return $data;
             }
         ]);
@@ -61,10 +73,13 @@ class UserSettingsController extends AppController
         if (!empty($responsePayload)) {
             return $responsePayload;
         }
+        $allUsers = $this->UserSettings->Users->find('list', ['keyField' => 'id', 'valueField' => 'username'])->order(['username' => 'ASC']);
+        if (empty($currentUser['role']['perm_admin'])) {
+            $allUsers->where(['id' => $currentUser->id]);
+            $user_id = $currentUser->id;
+        }
         $dropdownData = [
-            'user' => $this->UserSettings->Users->find('list', [
-                'sort' => ['username' => 'asc']
-            ]),
+            'user' => $allUsers->all()->toArray(),
         ];
         $this->set(compact('dropdownData'));
         $this->set('user_id', $user_id);
@@ -75,6 +90,11 @@ class UserSettingsController extends AppController
         $entity = $this->UserSettings->find()->where([
             'id' => $id
         ])->first();
+
+        if (!$this->isLoggedUserAllowedToEdit($entity)) {
+            throw new NotFoundException(__('Invalid {0}.', 'user setting'));
+        }
+
         $entity = $this->CRUD->edit($id, [
             'redirect' => ['action' => 'index', $entity->user_id]
         ]);
@@ -94,6 +114,9 @@ class UserSettingsController extends AppController
 
     public function delete($id)
     {
+        if (!$this->isLoggedUserAllowedToEdit($id)) {
+            throw new NotFoundException(__('Invalid {0}.', 'user setting'));
+        }
         $this->CRUD->delete($id);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
@@ -160,7 +183,7 @@ class UserSettingsController extends AppController
         }
     }
 
-    public function getBookmarks($forSidebar=false)
+    public function getBookmarks($forSidebar = false)
     {
         $bookmarks = $this->UserSettings->getSettingByName($this->ACL->getUser(), $this->UserSettings->BOOKMARK_SETTING_NAME);
         $bookmarks = json_decode($bookmarks['value'], true);
@@ -200,4 +223,29 @@ class UserSettingsController extends AppController
         $this->set('user_id', $this->ACL->getUser()->id);
     }
 
-}
\ No newline at end of file
+    /**
+     * isLoggedUserAllowedToEdit 
+     *
+     * @param int|\App\Model\Entity\UserSetting $setting
+     * @return boolean
+     */
+    private function isLoggedUserAllowedToEdit($setting): bool
+    {
+        $currentUser = $this->ACL->getUser();
+        $isAllowed = false;
+        if (!empty($currentUser['role']['perm_admin'])) {
+            $isAllowed = true;
+        } else {
+            if (is_numeric($setting)) {
+                $setting = $this->UserSettings->find()->where([
+                    'id' => $setting
+                ])->first();
+                if (empty($setting)) {
+                    return false;
+                }
+            }
+            $isAllowed = $setting->user_id == $currentUser->id;
+        }
+        return $isAllowed;
+    }
+}
diff --git a/src/Model/Table/UserSettingsTable.php b/src/Model/Table/UserSettingsTable.php
index 4c7e708..bdfe535 100644
--- a/src/Model/Table/UserSettingsTable.php
+++ b/src/Model/Table/UserSettingsTable.php
@@ -11,7 +11,7 @@ use App\Settings\SettingsProvider\UserSettingsProvider;
 
 class UserSettingsTable extends AppTable
 {
-    protected $BOOKMARK_SETTING_NAME = 'ui.bookmarks';
+    public $BOOKMARK_SETTING_NAME = 'ui.bookmarks';
 
     public function initialize(array $config): void
     {

From 98e8272810c91d0d81e59951df563e84a999f7ee Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 17 Jan 2022 15:29:58 +0100
Subject: [PATCH 123/150] fix: [ACL] Allow anyone to view encryption keys

---
 src/Controller/Component/ACLComponent.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Controller/Component/ACLComponent.php b/src/Controller/Component/ACLComponent.php
index afa70ff..dbb618c 100644
--- a/src/Controller/Component/ACLComponent.php
+++ b/src/Controller/Component/ACLComponent.php
@@ -68,6 +68,7 @@ class ACLComponent extends Component
             'view' => ['perm_admin']
         ],
         'EncryptionKeys' => [
+            'view' => ['*'],
             'add' => ['*'],
             'edit' => ['*'],
             'delete' => ['*'],

From 46870a4bcc53ed662ea669a2b364d051e03a20da Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 17 Jan 2022 15:45:51 +0100
Subject: [PATCH 124/150] fix: [organisation:add] Removed useless description
 field

---
 templates/Organisations/add.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/templates/Organisations/add.php b/templates/Organisations/add.php
index ab3a17e..6278ff8 100644
--- a/templates/Organisations/add.php
+++ b/templates/Organisations/add.php
@@ -7,10 +7,6 @@
                 array(
                     'field' => 'name'
                 ),
-                array(
-                    'field' => 'description',
-                    'type' => 'textarea'
-                ),
                 array(
                     'field' => 'uuid',
                     'label' => 'UUID',

From 49a3dd1623e41d802a661b49f30d87e1e5af91e7 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 17 Jan 2022 15:55:55 +0100
Subject: [PATCH 125/150] chg: [instance] Added support of API response for 2
 endpoints

---
 src/Controller/InstanceController.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/Controller/InstanceController.php b/src/Controller/InstanceController.php
index 8479e5c..f136251 100644
--- a/src/Controller/InstanceController.php
+++ b/src/Controller/InstanceController.php
@@ -70,6 +70,12 @@ class InstanceController extends AppController
         usort($status, function($a, $b) {
             return strcmp($b['id'], $a['id']);
         });
+        if ($this->ParamHandler->isRest()) {
+            return $this->RestResponse->viewData([
+                'status' => $status,
+                'updateAvailables' => $migrationStatus['updateAvailables'],
+            ], 'json');
+        }
         $this->set('status', $status);
         $this->set('updateAvailables', $migrationStatus['updateAvailables']);
     }
@@ -140,6 +146,14 @@ class InstanceController extends AppController
     {
         $this->Settings = $this->getTableLocator()->get('Settings');
         $all = $this->Settings->getSettings(true);
+        if ($this->ParamHandler->isRest()) {
+            return $this->RestResponse->viewData([
+                'settingsProvider' => $all['settingsProvider'],
+                'settings' => $all['settings'],
+                'settingsFlattened' => $all['settingsFlattened'],
+                'notices' => $all['notices'],
+            ], 'json');
+        }
         $this->set('settingsProvider', $all['settingsProvider']);
         $this->set('settings', $all['settings']);
         $this->set('settingsFlattened', $all['settingsFlattened']);

From 299cb126dc664794f8fab314aaddf91ca56e383a Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Mon, 17 Jan 2022 16:02:15 +0100
Subject: [PATCH 126/150] add: wiremock tests and boilerplate, update test
 readme, extend openapi spec

---
 .gitignore                                    |  1 +
 composer.json                                 | 11 ++-
 phpunit.xml.dist                              | 17 +++--
 tests/Fixture/BroodsFixture.php               | 17 +++++
 tests/Helper/ApiTestTrait.php                 |  8 ++-
 tests/Helper/WireMockTestTrait.php            | 49 +++++++++++++
 tests/Helper/wiremock/start.sh                | 38 ++++++++++
 tests/Helper/wiremock/stop.sh                 | 23 ++++++
 tests/README.md                               | 70 +++++++++++++++---
 tests/TestCase/Api/Broods/AddBroodApiTest.php |  6 --
 .../Api/Broods/DeleteBroodsApiTest.php        |  6 --
 .../TestCase/Api/Broods/EditBroodApiTest.php  |  6 --
 .../Api/Broods/IndexBroodsApiTest.php         |  6 --
 .../Api/Broods/TestBroodConnectionApiTest.php | 72 +++++++++++++++++++
 .../TestCase/Api/Broods/ViewBroodApiTest.php  |  6 --
 .../Api/Inbox/CreateInboxEntryApiTest.php     |  6 --
 .../TestCase/Api/Inbox/IndexInboxApiTest.php  |  6 --
 .../Api/Individuals/AddIndividualApiTest.php  |  6 --
 .../Individuals/DeleteIndividualApiTest.php   |  6 --
 .../Api/Individuals/EditIndividualApiTest.php |  6 --
 .../Individuals/IndexIndividualsApiTest.php   |  6 --
 .../Api/Individuals/ViewIndividualApiTest.php |  6 --
 .../Organisations/AddOrganisationApiTest.php  |  6 --
 .../DeleteOrganisationApiTest.php             |  6 --
 .../Organisations/EditOrganisationApiTest.php |  6 --
 .../IndexOrganisationsApiTest.php             |  6 --
 .../Organisations/TagOrganisationApiTest.php  |  6 --
 .../UntagOrganisationApiTest.php              |  6 --
 .../Organisations/ViewOrganisationApiTest.php |  6 --
 .../SharingGroups/AddSharingGroupApiTest.php  |  6 --
 .../DeleteSharingGroupApiTest.php             |  6 --
 .../SharingGroups/EditSharingGroupApiTest.php |  6 --
 .../IndexSharingGroupsApiTest.php             |  6 --
 .../SharingGroups/ViewSharingGroupApiTest.php |  6 --
 tests/TestCase/Api/Tags/IndexTagsApiTest.php  |  6 --
 tests/TestCase/Api/Users/AddUserApiTest.php   |  6 --
 .../TestCase/Api/Users/DeleteUserApiTest.php  |  6 --
 tests/TestCase/Api/Users/EditUserApiTest.php  |  6 --
 .../TestCase/Api/Users/IndexUsersApiTest.php  |  6 --
 tests/TestCase/Api/Users/ViewUserApiTest.php  |  6 --
 tests/bootstrap.php                           |  4 +-
 webroot/docs/openapi.yaml                     | 54 ++++++++++++++
 42 files changed, 340 insertions(+), 204 deletions(-)
 create mode 100644 tests/Helper/WireMockTestTrait.php
 create mode 100644 tests/Helper/wiremock/start.sh
 create mode 100644 tests/Helper/wiremock/stop.sh
 create mode 100644 tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php

diff --git a/.gitignore b/.gitignore
index ba05ac6..ce8fde9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ webroot/theme/node_modules
 docker/run/
 .phpunit.result.cache
 config.json
+phpunit.xml
diff --git a/composer.json b/composer.json
index 4e1af85..f51bc6f 100644
--- a/composer.json
+++ b/composer.json
@@ -23,7 +23,8 @@
         "josegonzalez/dotenv": "^3.2",
         "league/openapi-psr7-validator": "^0.16.4",
         "phpunit/phpunit": "^8.5",
-        "psy/psysh": "@stable"
+        "psy/psysh": "@stable",
+        "wiremock-php/wiremock-php": "^2.32"
     },
     "suggest": {
         "markstory/asset_compress": "An asset compression plugin which provides file concatenation and a flexible filter system for preprocessing and minification.",
@@ -53,11 +54,15 @@
         "cs-check": "phpcs --colors -p --standard=vendor/cakephp/cakephp-codesniffer/CakePHP src/ tests/",
         "cs-fix": "phpcbf --colors --standard=vendor/cakephp/cakephp-codesniffer/CakePHP src/ tests/",
         "stan": "phpstan analyse src/",
-        "test": "phpunit --colors=always"
+        "test": [
+            "sh ./tests/Helper/wiremock/start.sh",
+            "phpunit",
+            "sh ./tests/Helper/wiremock/stop.sh"
+        ]
     },
     "prefer-stable": true,
     "config": {
         "sort-packages": true
     },
     "minimum-stability": "dev"
-}
+}
\ No newline at end of file
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
index 7be6529..403e1e5 100644
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -1,13 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit
-    colors="true"
-    processIsolation="false"
-    stopOnFailure="false"
-    bootstrap="tests/bootstrap.php"
-    >
+<phpunit colors="true" processIsolation="false" stopOnFailure="false" bootstrap="tests/bootstrap.php">
     <php>
-        <ini name="memory_limit" value="-1"/>
-        <ini name="apc.enable_cli" value="1"/>
+        <ini name="memory_limit" value="-1" />
+        <ini name="apc.enable_cli" value="1" />
+        <env name="WIREMOCK_HOST" value="localhost" />
+        <env name="WIREMOCK_PORT" value="8080" />
+        <env name="OPENAPI_SPEC" value="webroot/docs/openapi.yaml" />
+        <env name="SKIP_DB_MIGRATIONS" value="0" />
     </php>
 
     <!-- Add any additional test suites you want to run here -->
@@ -37,4 +36,4 @@
             </exclude>
         </whitelist>
     </filter>
-</phpunit>
+</phpunit>
\ No newline at end of file
diff --git a/tests/Fixture/BroodsFixture.php b/tests/Fixture/BroodsFixture.php
index adc035c..c329e6a 100644
--- a/tests/Fixture/BroodsFixture.php
+++ b/tests/Fixture/BroodsFixture.php
@@ -16,6 +16,9 @@ class BroodsFixture extends TestFixture
     public const BROOD_B_ID = 2;
     public const BROOD_B_API_KEY = 'ae4f281df5a5d0ff3cad6371f76d5c29b6d953ec';
 
+    public const BROOD_WIREMOCK_ID = 3;
+    public const BROOD_WIREMOCK_API_KEY = 'bfc63c07f74fa18b52d3cced97072cad00e51346';
+
     public function init(): void
     {
         $faker = \Faker\Factory::create();
@@ -48,6 +51,20 @@ class BroodsFixture extends TestFixture
                 'authkey' => self::BROOD_B_API_KEY,
                 'created' => $faker->dateTime()->getTimestamp(),
                 'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::BROOD_WIREMOCK_ID,
+                'uuid' => $faker->uuid(),
+                'name' => 'wiremock',
+                'url' => 'http://localhost:8080',
+                'description' => $faker->text,
+                'organisation_id' => OrganisationsFixture::ORGANISATION_B_ID,
+                'trusted' => true,
+                'pull' => true,
+                'skip_proxy' => true,
+                'authkey' => self::BROOD_WIREMOCK_API_KEY,
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
             ]
         ];
         parent::init();
diff --git a/tests/Helper/ApiTestTrait.php b/tests/Helper/ApiTestTrait.php
index 21b0c8b..8e20a36 100644
--- a/tests/Helper/ApiTestTrait.php
+++ b/tests/Helper/ApiTestTrait.php
@@ -24,6 +24,12 @@ trait ApiTestTrait
     /** @var ResponseValidator */
     private $responseValidator;
 
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeOpenApiValidator($_ENV['OPENAPI_SPEC'] ?? APP . '../webroot/docs/openapi.yaml');
+    }
+
     public function setAuthToken(string $authToken): void
     {
         $this->_authToken = $authToken;
@@ -51,7 +57,7 @@ trait ApiTestTrait
      * @param string $specFile
      * @return void
      */
-    public function initializeValidator(string $specFile): void
+    public function initializeOpenApiValidator(string $specFile): void
     {
         $this->validator = (new ValidatorBuilder)->fromYamlFile($specFile);
         $this->requestValidator = $this->validator->getRequestValidator();
diff --git a/tests/Helper/WireMockTestTrait.php b/tests/Helper/WireMockTestTrait.php
new file mode 100644
index 0000000..9b42f7e
--- /dev/null
+++ b/tests/Helper/WireMockTestTrait.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Helper;
+
+use \WireMock\Client\WireMock;
+use Exception;
+
+trait WireMockTestTrait
+{
+    /** @var WireMock */
+    private $wiremock;
+
+    /** @var array<mixed> */
+    private $config = [
+        'hostname' => 'localhost',
+        'port' => 8080
+    ];
+
+    public function initializeWireMock(): void
+    {
+        $this->wiremock = WireMock::create(
+            $_ENV['WIREMOCK_HOST'] ?? $this->config['hostname'],
+            $_ENV['WIREMOCK_PORT'] ?? $this->config['port']
+        );
+
+        if (!$this->wiremock->isAlive()) {
+            throw new Exception('Failed to connect to WireMock server.');
+        }
+
+        $this->clearWireMockStubs();
+    }
+
+    public function clearWireMockStubs(): void
+    {
+        $this->wiremock->resetToDefault();
+    }
+
+    public function getWireMock(): WireMock
+    {
+        return $this->wiremock;
+    }
+
+    public function getWireMockBaseUrl(): string
+    {
+        return sprintf('http://%s:%s', $this->config['hostname'], $this->config['port']);
+    }
+}
diff --git a/tests/Helper/wiremock/start.sh b/tests/Helper/wiremock/start.sh
new file mode 100644
index 0000000..60b8197
--- /dev/null
+++ b/tests/Helper/wiremock/start.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Adapted from @rowanhill wiremock start.sh script 
+# https://github.com/rowanhill/wiremock-php/blob/master/wiremock/start.sh
+
+cd ./tmp/
+
+instance=1
+port=8080
+if [ $# -gt 0 ]; then
+    instance=$1
+    port=$2
+fi
+pidFile=wiremock.$instance.pid
+logFile=wiremock.$instance.log
+
+# Ensure WireMock isn't already running
+if [ -e $pidFile ]; then
+    echo WireMock is already started: see process `cat $pidFile` 1>&2
+    exit 0
+fi
+
+# Download the wiremock jar if we need it
+if ! [ -e wiremock-standalone.jar ]; then
+    echo WireMock standalone JAR missing. Downloading.
+    curl https://repo1.maven.org/maven2/com/github/tomakehurst/wiremock-jre8-standalone/2.32.0/wiremock-jre8-standalone-2.32.0.jar -o wiremock-standalone.jar
+    status=$?
+    if [ ${status} -ne 0 ]; then
+        echo curl could not download WireMock JAR 1>&2
+        exit ${status}
+    fi
+fi
+
+# Start WireMock in standalone mode (in a background process) and save its output to a log
+java -jar wiremock-standalone.jar --port $port --root-dir $instance --disable-banner &> $logFile 2>&1 &
+pgrep -f wiremock-standalone.jar > $pidFile
+
+echo WireMock $instance started on port $port
\ No newline at end of file
diff --git a/tests/Helper/wiremock/stop.sh b/tests/Helper/wiremock/stop.sh
new file mode 100644
index 0000000..f9e3f9e
--- /dev/null
+++ b/tests/Helper/wiremock/stop.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Adapted from @rowanhill wiremock stop.sh script 
+# https://github.com/rowanhill/wiremock-php/blob/master/wiremock/stop.sh
+
+cd ./tmp/
+
+instance=1
+if [ $# -gt 0 ]; then
+    instance=$1
+fi
+pidFile=wiremock.$instance.pid
+
+
+if [ -e $pidFile ]; then
+  kill -9 `cat $pidFile`
+  rm $pidFile
+else
+  echo WireMock is not started 2>&1
+  exit 1
+fi
+
+echo WireMock $instance stopped
\ No newline at end of file
diff --git a/tests/README.md b/tests/README.md
index 0486b3b..e080442 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -1,6 +1,5 @@
 # Testing
-## Configuration
-1. Add a `cerebrate_test` database to the db:
+1. Add a `cerebrate_test` database to the database:
 ```mysql
 CREATE DATABASE cerebrate_test;
 GRANT ALL PRIVILEGES ON cerebrate_test.* to cerebrate@localhost;
@@ -28,12 +27,24 @@ QUIT;
 ```
 
 ## Runing the tests
-
 ```
 $ composer install
-$ vendor/bin/phpunit 
+$ composer test
+> sh ./tests/Helper/wiremock/start.sh
+WireMock 1 started on port 8080
+> phpunit
+[ * ] Running DB migrations, it may take some time ...
+
+The WireMock server is started .....
+port:                         8080
+enable-browser-proxying:      false
+disable-banner:               true
+no-request-journal:           false
+verbose:                      false
+
 PHPUnit 8.5.22 by Sebastian Bergmann and contributors.
 
+
 .....                                     5 / 5 (100%)
 
 Time: 11.61 seconds, Memory: 26.00 MB
@@ -51,12 +62,35 @@ Available suites:
 * `controller`: runs only controller tests
 * _to be continued ..._
 
-By default the database is re-generated before running the test suite, to skip this step and speed up the test run use the `-d skip-migrations` option:
-```
-$ vendor/bin/phpunit -d skip-migrations
+By default the database is re-generated before running the test suite, to skip this step and speed up the test run set the following env variable in `phpunit.xml`:
+```xml
+<php>
+    ...
+    <env name="SKIP_DB_MIGRATIONS" value="1" />
+</php>
 ```
+## Extras
+### WireMock
+Some integration tests perform calls to external APIs, we use WireMock to mock the response of these API calls.
 
-## Coverage
+To download and run WireMock run the following script in a separate terminal:
+    ```
+    sh ./tests/Helper/wiremock/start.sh
+    ```
+
+You can also run WireMock with docker, check the official docs: http://wiremock.org/docs/docker/
+
+> NOTE: When running the tests with `composer test` WireMock is automatically started and stoped after the tests finish.
+
+The default `hostname` and `port` for WireMock are set in `phpunit.xml` as environment variables:
+```xml
+<php>
+    ...
+    <env name="WIREMOCK_HOST" value="localhost" />
+    <env name="WIREMOCK_PORT" value="8080" />
+</php>
+```
+### Coverage
 HTML:
 ```
 $ vendor/bin/phpunit --coverage-html tmp/coverage
@@ -66,3 +100,23 @@ XML:
 ```
 $ vendor/bin/phpunit --verbose --coverage-clover=coverage.xml
 ```
+
+### OpenAPI validation
+API tests can assert the API response matches the OpenAPI specification, after the request add this line:      
+
+```php
+$this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+``` 
+
+The default OpenAPI spec path is set in `phpunit.xml` as a environment variablea:
+```xml
+<php>
+    ...
+    <env name="OPENAPI_SPEC" value="webroot/docs/openapi.yaml" />
+</php>
+```
+    
+## TODO
+- [ ] Validate API requests against the OpenAPI spec
+- [ ] Validate response content matches / implement _seeResponseContainsJson()_ or equivalent
+- [ ] Parse OpenAPI spec only once per test run, currently re-loading in every _TestCase::setUp()_
\ No newline at end of file
diff --git a/tests/TestCase/Api/Broods/AddBroodApiTest.php b/tests/TestCase/Api/Broods/AddBroodApiTest.php
index 099f3bd..14fb2c5 100644
--- a/tests/TestCase/Api/Broods/AddBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/AddBroodApiTest.php
@@ -26,12 +26,6 @@ class AddBroodApiTest extends TestCase
         'app.Broods'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testAddBrood(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Broods/DeleteBroodsApiTest.php b/tests/TestCase/Api/Broods/DeleteBroodsApiTest.php
index 1b8d2ce..94aa0a8 100644
--- a/tests/TestCase/Api/Broods/DeleteBroodsApiTest.php
+++ b/tests/TestCase/Api/Broods/DeleteBroodsApiTest.php
@@ -26,12 +26,6 @@ class DeleteBroodsApiTest extends TestCase
         'app.Broods'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testDeleteBrood(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Broods/EditBroodApiTest.php b/tests/TestCase/Api/Broods/EditBroodApiTest.php
index bd15a39..d8fa01f 100644
--- a/tests/TestCase/Api/Broods/EditBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/EditBroodApiTest.php
@@ -27,12 +27,6 @@ class EditBroodApiTest extends TestCase
         'app.Broods'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testEditBrood(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Broods/IndexBroodsApiTest.php b/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
index 97d0df8..856b151 100644
--- a/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
+++ b/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
@@ -26,12 +26,6 @@ class IndexBroodsApiTest extends TestCase
         'app.Broods'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testIndexBroods(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php b/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php
new file mode 100644
index 0000000..1084131
--- /dev/null
+++ b/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php
@@ -0,0 +1,72 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\BroodsFixture;
+use App\Test\Helper\ApiTestTrait;
+use App\Test\Helper\WireMockTestTrait;
+use \WireMock\Client\WireMock;
+
+class TestBroodConnectionApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+    use WireMockTestTrait;
+
+    protected const ENDPOINT = '/api/v1/broods/testConnection';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.Broods'
+    ];
+
+    public function testTestBroodConnection(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->initializeWireMock();
+        $this->mockCerebrateStatusResponse();
+
+        $url = sprintf('%s/%d', self::ENDPOINT, BroodsFixture::BROOD_WIREMOCK_ID);
+        $this->get($url);
+
+        $this->getWireMock()->verify(
+            WireMock::getRequestedFor(WireMock::urlEqualTo('/instance/status.json'))
+                ->withHeader('Content-Type', WireMock::equalTo('application/json'))
+                ->withHeader('Authorization', WireMock::equalTo(BroodsFixture::BROOD_WIREMOCK_API_KEY))
+        );
+
+        $this->assertResponseOk();
+        $this->assertResponseContains('"user": "wiremock"');
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url);
+    }
+
+    private function mockCerebrateStatusResponse(): \WireMock\Stubbing\StubMapping
+    {
+        return $this->getWireMock()->stubFor(
+            WireMock::get(WireMock::urlEqualTo('/instance/status.json'))
+                ->willReturn(WireMock::aResponse()
+                    ->withHeader('Content-Type', 'application/json')
+                    ->withBody((string)json_encode([
+                        "version" => "0.1",
+                        "application" => "Cerebrate",
+                        "user" => [
+                            "id" => 1,
+                            "username" => "wiremock",
+                            "role" => [
+                                "id" => 1
+                            ]
+                        ]
+                    ])))
+        );
+    }
+}
diff --git a/tests/TestCase/Api/Broods/ViewBroodApiTest.php b/tests/TestCase/Api/Broods/ViewBroodApiTest.php
index b3f520d..35bb957 100644
--- a/tests/TestCase/Api/Broods/ViewBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/ViewBroodApiTest.php
@@ -26,12 +26,6 @@ class ViewBroodApiTest extends TestCase
         'app.Broods'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testViewBroodGroupById(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php b/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
index 30a44c2..39879f3 100644
--- a/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
+++ b/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
@@ -25,12 +25,6 @@ class CreateInboxEntryApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testAddUserRegistrationInbox(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Inbox/IndexInboxApiTest.php b/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
index 00c2cfd..46f1b92 100644
--- a/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
+++ b/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
@@ -26,12 +26,6 @@ class IndexInboxApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testIndexInbox(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Individuals/AddIndividualApiTest.php b/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
index 64855e8..0320c30 100644
--- a/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
@@ -24,12 +24,6 @@ class AddIndividualApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testAddIndividual(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
index c493c4b..e50cf63 100644
--- a/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
@@ -25,12 +25,6 @@ class DeleteIndividualApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testDeleteIndividual(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Individuals/EditIndividualApiTest.php b/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
index fcef7fd..642482c 100644
--- a/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
@@ -25,12 +25,6 @@ class EditIndividualApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testEditIndividualAsAdmin(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php b/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
index 55f6be1..d8254d1 100644
--- a/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
+++ b/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
@@ -25,12 +25,6 @@ class IndexIndividualsApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testIndexIndividuals(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php b/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
index 4a0d4a4..5d47610 100644
--- a/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
@@ -25,12 +25,6 @@ class ViewIndividualApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testViewIndividualById(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
index a3f2585..d561292 100644
--- a/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
@@ -24,12 +24,6 @@ class AddOrganisationApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testAddOrganisation(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
index e16f57b..6a323fb 100644
--- a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
@@ -25,12 +25,6 @@ class DeleteOrganisationApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testDeleteOrganisation(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
index d9cc7c6..75c032c 100644
--- a/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
@@ -25,12 +25,6 @@ class EditOrganisationApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testEditOrganisation(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php b/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
index ba7c255..709883a 100644
--- a/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
+++ b/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
@@ -25,12 +25,6 @@ class IndexOrganisationApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testIndexOrganisations(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
index ed74c74..c79109a 100644
--- a/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
@@ -28,12 +28,6 @@ class TagOrganisationApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testTagOrganisation(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
index c8878d6..1aff58a 100644
--- a/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
@@ -28,12 +28,6 @@ class UntagOrganisationApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testUntagOrganisation(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php b/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
index 630fd92..7170e98 100644
--- a/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
@@ -28,12 +28,6 @@ class ViewOrganisationApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testViewOrganisationById(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
index 45a79aa..0b0c8ab 100644
--- a/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
@@ -27,12 +27,6 @@ class AddSharingGroupApiTest extends TestCase
         'app.SharingGroups'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testAddSharingGroup(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
index 8b49f3b..c93bb05 100644
--- a/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
@@ -26,12 +26,6 @@ class DeleteSharingGroupApiTest extends TestCase
         'app.SharingGroups'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testDeleteSharingGroup(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
index 0cf6f05..7de711c 100644
--- a/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
@@ -27,12 +27,6 @@ class EditSharingGroupApiTest extends TestCase
         'app.SharingGroups'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testEditSharingGroup(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php b/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
index 85779aa..82f7255 100644
--- a/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
@@ -26,12 +26,6 @@ class IndexSharingGroupsApiTest extends TestCase
         'app.SharingGroups'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testIndexSharingGroups(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
index 0e86fc7..3944122 100644
--- a/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
@@ -26,12 +26,6 @@ class ViewSharingGroupApiTest extends TestCase
         'app.SharingGroups'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testViewSharingGroupById(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Tags/IndexTagsApiTest.php b/tests/TestCase/Api/Tags/IndexTagsApiTest.php
index 137151f..330e93f 100644
--- a/tests/TestCase/Api/Tags/IndexTagsApiTest.php
+++ b/tests/TestCase/Api/Tags/IndexTagsApiTest.php
@@ -25,12 +25,6 @@ class IndexTagsApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testIndexTags(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Users/AddUserApiTest.php b/tests/TestCase/Api/Users/AddUserApiTest.php
index e60cf3a..396307e 100644
--- a/tests/TestCase/Api/Users/AddUserApiTest.php
+++ b/tests/TestCase/Api/Users/AddUserApiTest.php
@@ -27,12 +27,6 @@ class AddUserApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testAddUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Users/DeleteUserApiTest.php b/tests/TestCase/Api/Users/DeleteUserApiTest.php
index 69bd87c..50df2e5 100644
--- a/tests/TestCase/Api/Users/DeleteUserApiTest.php
+++ b/tests/TestCase/Api/Users/DeleteUserApiTest.php
@@ -27,12 +27,6 @@ class DeleteUserApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testDeleteUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
index a8afa11..8d2810d 100644
--- a/tests/TestCase/Api/Users/EditUserApiTest.php
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -26,12 +26,6 @@ class EditUserApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testEditUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Users/IndexUsersApiTest.php b/tests/TestCase/Api/Users/IndexUsersApiTest.php
index 403a046..7d96936 100644
--- a/tests/TestCase/Api/Users/IndexUsersApiTest.php
+++ b/tests/TestCase/Api/Users/IndexUsersApiTest.php
@@ -25,12 +25,6 @@ class IndexUsersApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testIndexUsers(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/TestCase/Api/Users/ViewUserApiTest.php b/tests/TestCase/Api/Users/ViewUserApiTest.php
index 99bdafe..d1d2c54 100644
--- a/tests/TestCase/Api/Users/ViewUserApiTest.php
+++ b/tests/TestCase/Api/Users/ViewUserApiTest.php
@@ -25,12 +25,6 @@ class ViewUserApiTest extends TestCase
         'app.AuthKeys'
     ];
 
-    public function setUp(): void
-    {
-        parent::setUp();
-        $this->initializeValidator(APP . '../webroot/docs/openapi.yaml');
-    }
-
     public function testViewMyUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index c9a8b8c..34939c3 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -18,7 +18,6 @@ declare(strict_types=1);
 
 use Cake\Core\Configure;
 use Cake\Datasource\ConnectionManager;
-use Cake\TestSuite\Fixture\SchemaLoader;
 use Migrations\TestSuite\Migrator;
 
 /**
@@ -54,8 +53,7 @@ ConnectionManager::alias('test_debug_kit', 'debug_kit');
 // has been written to.
 session_id('cli');
 
-// hacky way to skip migrations
-if (!in_array('skip-migrations', $_SERVER['argv'])) {
+if (!$_ENV['SKIP_DB_MIGRATIONS']) {
     echo "[ * ] Running DB migrations, it may take some time ...\n";
     $migrator = new Migrator();
     $migrator->runMany([
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index 81ac9aa..f9418b9 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -613,6 +613,24 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/broods/testConnection/{broodId}:
+    get:
+      summary: "Test brood connection by ID"
+      operationId: testBroodConnectionById
+      tags:
+        - Broods
+      parameters:
+        - $ref: "#/components/parameters/broodId"
+      responses:
+        "200":
+          $ref: "#/components/responses/TestBroodConnectionResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
 components:
   schemas:
     # General
@@ -714,6 +732,15 @@ components:
           $ref: "#/components/schemas/DateTime"
         organisation_id:
           $ref: "#/components/schemas/ID"
+        organisation:
+          $ref: "#/components/schemas/Organisation"
+        individual:
+          $ref: "#/components/schemas/Individual"
+        role:
+          $ref: "#/components/schemas/Role"
+        # user_settings: TODO
+        # user_settings_by_name: TODO
+        # user_settings_by_name_with_fallback: TODO
 
     UserList:
       type: array
@@ -1605,6 +1632,33 @@ components:
           schema:
             $ref: "#/components/schemas/BroodList"
 
+    TestBroodConnectionResponse:
+      description: "Brood list response"
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              code:
+                type: integer
+                description: "HTTP status code"
+                example: 200
+              response:
+                type: object
+                properties:
+                  version:
+                    type: string
+                    example: "0.1"
+                  application:
+                    type: string
+                    example: "Cerebrate"
+                  user:
+                    type: string
+                    example: "sync"
+              ping:
+                type: number
+                format: float
+
     # Errors
     ApiErrorResponse:
       description: "Unexpected API error"

From 6d13d4aba0082a4bec862a8595ef3d50fe3574e8 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 17 Jan 2022 17:16:03 +0100
Subject: [PATCH 127/150] fix: [authkeys] tighten requirements to add authkeys
 for other org admins

- site admin: can add to all
- org admin: can add to all in org, except site admin
- everyone else: can add to self only
---
 src/Controller/AuthKeysController.php      | 28 ++++++++++++++++++----
 src/Controller/Component/CRUDComponent.php |  3 +++
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/Controller/AuthKeysController.php b/src/Controller/AuthKeysController.php
index 9e8ac03..454b922 100644
--- a/src/Controller/AuthKeysController.php
+++ b/src/Controller/AuthKeysController.php
@@ -64,8 +64,30 @@ class AuthKeysController extends AppController
     public function add()
     {
         $this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
+        $validUsers = [];
+        $userConditions = [];
+        $currentUser = $this->ACL->getUser();
+        if (empty($currentUser['role']['perm_admin'])) {
+            if (empty($currentUser['role']['perm_org_admin'])) {
+                $userConditions['id'] = $currentUser['id'];
+            } else {
+                $role_ids = $this->Users->Roles->find()->where(['perm_admin' => 0])->all()->extract('id')->toList();
+                $userConditions['role_id IN'] = $role_ids;
+            }
+        }
+        $users = $this->Users->find('list');
+        if (!empty($userConditions)) {
+            $users->where($userConditions);
+        }
+        $users = $users->order(['username' => 'asc'])->all()->toList();
         $this->CRUD->add([
-            'displayOnSuccess' => 'authkey_display'
+            'displayOnSuccess' => 'authkey_display',
+            'beforeSave' => function($data) use ($users) {
+                if (!in_array($data['user_id'], array_keys($users))) {
+                    return false;
+                }
+                return $data;
+            }
         ]);
         $responsePayload = $this->CRUD->getResponsePayload([
             'displayOnSuccess' => 'authkey_display'
@@ -75,9 +97,7 @@ class AuthKeysController extends AppController
         }
         $this->loadModel('Users');
         $dropdownData = [
-            'user' => $this->Users->find('list', [
-                'sort' => ['username' => 'asc']
-            ])
+            'user' => $users
         ];
         $this->set(compact('dropdownData'));
     }
diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 4ebabff..4ebc674 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -175,6 +175,9 @@ class CRUDComponent extends Component
             $data = $this->Table->patchEntity($data, $input, $patchEntityParams);
             if (isset($params['beforeSave'])) {
                 $data = $params['beforeSave']($data);
+                if ($data === false) {
+                    throw new NotFoundException(__('Could not save {0} due to the input failing to meet expectations. Your input is bad and you should feel bad.', $this->ObjectAlias));
+                }
             }
             $savedData = $this->Table->save($data);
             if ($savedData !== false) {

From b80d778e1a42ef3bbb0e2fa1d05345c9772111d8 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 18 Jan 2022 00:17:47 +0100
Subject: [PATCH 128/150] fix: [encryption keys] tightened ACL across all CRUD
 functions

---
 src/Controller/EncryptionKeysController.php | 103 ++++++++++++--------
 1 file changed, 60 insertions(+), 43 deletions(-)

diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php
index 57dfc4c..e04ebc0 100644
--- a/src/Controller/EncryptionKeysController.php
+++ b/src/Controller/EncryptionKeysController.php
@@ -39,7 +39,15 @@ class EncryptionKeysController extends AppController
 
     public function delete($id)
     {
-        $this->CRUD->delete($id);
+        $orgConditions = [];
+        $individualConditions = [];
+        $dropdownData = [];
+        $currentUser = $this->ACL->getUser();
+        $params = [];
+        if (empty($currentUser['role']['perm_admin'])) {
+            $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
+        }
+        $this->CRUD->delete($id, $params);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
             return $responsePayload;
@@ -47,49 +55,38 @@ class EncryptionKeysController extends AppController
         $this->set('metaGroup', 'ContactDB');
     }
 
-    public function add()
+    private function buildBeforeSave(array $params, $currentUser, array &$orgConditions, array &$individualConditions, array &$dropdownData): array
     {
-        $orgConditions = [];
-        $individualConditions = [];
-        $currentUser = $this->ACL->getUser();
-        $params = ['redirect' => $this->referer()];
-        if (empty($currentUser['role']['perm_admin'])) {
-            $orgConditions = [
-                'id' => $currentUser['organisation_id']
+        $orgConditions = [
+            'id' => $currentUser['organisation_id']
+        ];
+        if (empty($currentUser['role']['perm_org_admin'])) {
+            $individualConditions = [
+                'id' => $currentUser['individual_id']
             ];
-            if (empty($currentUser['role']['perm_org_admin'])) {
-                $individualConditions = [
-                    'id' => $currentUser['individual_id']
-                ];
-            }
-            $params['beforeSave'] = function($entity) use($currentUser) {
-                if ($entity['owner_model'] === 'organisation') {
-                    $entity['owner_id'] = $currentUser['organisation_id'];
+        }
+        $params['beforeSave'] = function($entity) use($currentUser) {
+            if ($entity['owner_model'] === 'organisation') {
+                $entity['owner_id'] = $currentUser['organisation_id'];
+            } else {
+                if ($currentUser['role']['perm_org_admin']) {
+                    $this->loadModel('Alignments');
+                    $validIndividuals = $this->Alignments->find('list', [
+                        'keyField' => 'individual_id',
+                        'valueField' => 'id',
+                        'conditions' => ['organisation_id' => $currentUser['organisation_id']]
+                    ])->toArray();
+                    if (!isset($validIndividuals[$entity['owner_id']])) {
+                        throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
+                    }
                 } else {
-                    if ($currentUser['role']['perm_org_admin']) {
-                        $this->loadModel('Alignments');
-                        $validIndividuals = $this->Alignments->find('list', [
-                            'keyField' => 'individual_id',
-                            'valueField' => 'id',
-                            'conditions' => ['organisation_id' => $currentUser['organisation_id']]
-                        ])->toArray();
-                        if (!isset($validIndividuals[$entity['owner_id']])) {
-                            throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
-                        }
-                    } else {
-                        if ($entity['owner_id'] !== $currentUser['id']) {
-                            throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
-                        }
+                    if ($entity['owner_id'] !== $currentUser['id']) {
+                        throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
                     }
                 }
-                return $entity;
-            };
-        }
-        $this->CRUD->add($params);
-        $responsePayload = $this->CRUD->getResponsePayload();
-        if (!empty($responsePayload)) {
-            return $responsePayload;
-        }
+            }
+            return $entity;
+        };
         $this->loadModel('Organisations');
         $this->loadModel('Individuals');
         $dropdownData = [
@@ -102,13 +99,35 @@ class EncryptionKeysController extends AppController
                 'conditions' => $individualConditions
             ])
         ];
+        return $params;
+    }
+
+    public function add()
+    {
+        $orgConditions = [];
+        $individualConditions = [];
+        $dropdownData = [];
+        $currentUser = $this->ACL->getUser();
+        $params = [
+            'redirect' => $this->referer()
+        ];
+        if (empty($currentUser['role']['perm_admin'])) {
+            $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
+        }
+        $this->CRUD->add($params);
+        $responsePayload = $this->CRUD->getResponsePayload();
+        if (!empty($responsePayload)) {
+            return $responsePayload;
+        }
         $this->set(compact('dropdownData'));
         $this->set('metaGroup', 'ContactDB');
     }
 
     public function edit($id = false)
     {
-        $conditions = [];
+        $orgConditions = [];
+        $individualConditions = [];
+        $dropdownData = [];
         $currentUser = $this->ACL->getUser();
         $params = [
             'fields' => [
@@ -117,9 +136,7 @@ class EncryptionKeysController extends AppController
             'redirect' => $this->referer()
         ];
         if (empty($currentUser['role']['perm_admin'])) {
-            if (empty($currentUser['role']['perm_org_admin'])) {
-
-            }
+            $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
         }
         $this->CRUD->edit($id, $params);
         $responsePayload = $this->CRUD->getResponsePayload();

From ec994b05edfda10585433544ee278d2d9eee1055 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 18 Jan 2022 00:20:53 +0100
Subject: [PATCH 129/150] chg: [user] edit restricted to password only for self

---
 src/Controller/UsersController.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 3e389de..a5065db 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -119,12 +119,15 @@ class UsersController extends AppController
                 'password'
             ],
             'fields' => [
-                'id', 'individual_id', 'username', 'disabled', 'password', 'confirm_password'
+                'password', 'confirm_password'
             ]
         ];
         if (!empty($this->ACL->getUser()['role']['perm_admin'])) {
+            $params['fields'][] = 'individual_id';
+            $params['fields'][] = 'username';
             $params['fields'][] = 'role_id';
             $params['fields'][] = 'organisation_id';
+            $params['fields'][] = 'disabled';
         }
         $this->CRUD->edit($id, $params);
         $responsePayload = $this->CRUD->getResponsePayload();

From 5eeda6b6825c55d488645fa0aa7c71ac67450506 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 18 Jan 2022 11:51:54 +0100
Subject: [PATCH 130/150] new: [localtool:commonConnectorTools] Added new
 logger for each local tools

---
 .../CommonConnectorTools.php                  | 31 +++++++++++++++++++
 .../local_tool_connectors/MispConnector.php   | 13 ++++++--
 2 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/src/Lib/default/local_tool_connectors/CommonConnectorTools.php b/src/Lib/default/local_tool_connectors/CommonConnectorTools.php
index 179a238..213db17 100644
--- a/src/Lib/default/local_tool_connectors/CommonConnectorTools.php
+++ b/src/Lib/default/local_tool_connectors/CommonConnectorTools.php
@@ -2,6 +2,8 @@
 
 namespace CommonConnectorTools;
 use Cake\ORM\Locator\LocatorAwareTrait;
+use Cake\Log\Log;
+use Cake\Log\Engine\FileLog;
 
 class CommonConnectorTools
 {
@@ -20,6 +22,35 @@ class CommonConnectorTools
     const STATE_CANCELLED = 'Request cancelled';
     const STATE_DECLINED = 'Request declined by remote';
 
+    public function __construct()
+    {
+        Log::setConfig("LocalToolDebug", [
+            'className' => FileLog::class,
+            'path' => LOGS,
+            'file' => "{$this->connectorName}-debug",
+            'scopes' => [$this->connectorName],
+            'levels' => ['notice', 'info', 'debug'],
+        ]);
+        Log::setConfig("LocalToolError", [
+            'className' => FileLog::class,
+            'path' => LOGS,
+            'file' => "{$this->connectorName}-error",
+            'scopes' => [$this->connectorName],
+            'levels' => ['warning', 'error', 'critical', 'alert', 'emergency'],
+        ]);
+
+    }
+
+    protected function logDebug($message)
+    {
+        Log::debug($message, [$this->connectorName]);
+    }
+
+    protected function logError($message, $scope=[])
+    {
+        Log::error($message, [$this->connectorName]);
+    }
+
     public function addExposedFunction(string $functionName): void
     {
         $this->exposedFunctions[] = $functionName;
diff --git a/src/Lib/default/local_tool_connectors/MispConnector.php b/src/Lib/default/local_tool_connectors/MispConnector.php
index a021839..4b6c653 100644
--- a/src/Lib/default/local_tool_connectors/MispConnector.php
+++ b/src/Lib/default/local_tool_connectors/MispConnector.php
@@ -188,6 +188,7 @@ class MispConnector extends CommonConnectorTools
         $settings = json_decode($connection->settings, true);
         $http = $this->genHTTPClient($connection, $options);
         $url = sprintf('%s%s', $settings['url'], $relativeURL);
+        $this->logDebug(sprintf('%s %s %s', __('Posting data') . PHP_EOL, "POST {$url}" . PHP_EOL, json_encode($data)));
         return $http->post($url, $data, $options);
     }
 
@@ -239,14 +240,18 @@ class MispConnector extends CommonConnectorTools
             if (!empty($params['softError'])) {
                 return $response;
             }
-            throw new NotFoundException(__('Could not retrieve the requested resource.'));
+            $errorMsg = __('Could not post to the requested resource for `{0}`. Remote returned:', $url) . PHP_EOL . $response->getStringBody();
+            $this->logError($errorMsg);
+            throw new NotFoundException($errorMsg);
         }
     }
 
     private function postData(string $url, array $params): Response
     {
         if (empty($params['connection'])) {
-            throw new NotFoundException(__('No connection object received.'));
+            $errorMsg = __('No connection object received.');
+            $this->logError($errorMsg);
+            throw new NotFoundException($errorMsg);
         }
         $url = $this->urlAppendParams($url, $params);
         if (!is_string($params['body'])) {
@@ -256,7 +261,9 @@ class MispConnector extends CommonConnectorTools
         if ($response->isOk()) {
             return $response;
         } else {
-            throw new NotFoundException(__('Could not post to the requested resource. Remote returned:') . PHP_EOL . $response->getStringBody());
+            $errorMsg = __('Could not post to the requested resource for `{0}`. Remote returned:', $url) . PHP_EOL . $response->getStringBody();
+            $this->logError($errorMsg);
+            throw new NotFoundException($errorMsg);
         }
     }
 

From b1ad454db8eac8c639569af157ca933948f89a5c Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Tue, 18 Jan 2022 14:29:27 +0100
Subject: [PATCH 131/150] add: api tests for /encryptionkeys, extend openapi
 spec

---
 tests/Fixture/EncryptionKeysFixture.php       | 133 ++++++++++++++++++
 .../DeleteEncryptionKeyApiTest.php            |  54 +++++++
 .../IndexEncryptionKeysApiTest.php            |  40 ++++++
 webroot/docs/openapi.yaml                     | 128 ++++++++++++++++-
 4 files changed, 352 insertions(+), 3 deletions(-)
 create mode 100644 tests/Fixture/EncryptionKeysFixture.php
 create mode 100644 tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
 create mode 100644 tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php

diff --git a/tests/Fixture/EncryptionKeysFixture.php b/tests/Fixture/EncryptionKeysFixture.php
new file mode 100644
index 0000000..05b92f8
--- /dev/null
+++ b/tests/Fixture/EncryptionKeysFixture.php
@@ -0,0 +1,133 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\Http\Exception\NotImplementedException;
+use Cake\TestSuite\Fixture\TestFixture;
+
+class EncryptionKeysFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public const ENCRYPTION_KEY_ORG_A_ID = 1;
+    public const ENCRYPTION_KEY_ORG_B_ID = 2;
+
+    public const TYPE_PGP = 'pgp';
+    public const TYPE_SMIME = 'smime';
+
+    public const KEY_TYPE_EDCH = 'EDCH';
+    public const KEY_TYPE_RSA = 'RSA';
+    public const KEY_TYPE_SMIME = 'S/MIME';
+
+    public function init(): void
+    {
+        $faker = \Faker\Factory::create();
+
+        $this->records = [
+            [
+                'id' => self::ENCRYPTION_KEY_ORG_A_ID,
+                'uuid' => $faker->uuid(),
+                'type' => self::TYPE_PGP,
+                'encryption_key' => $this->getPublicKey(self::KEY_TYPE_EDCH),
+                'revoked' => false,
+                'expires' => null,
+                'owner_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'owner_model' => 'Organisation',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+            [
+                'id' => self::ENCRYPTION_KEY_ORG_B_ID,
+                'uuid' => $faker->uuid(),
+                'type' => self::TYPE_PGP,
+                'encryption_key' => $this->getPublicKey(self::KEY_TYPE_EDCH),
+                'revoked' => false,
+                'expires' => null,
+                'owner_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'owner_model' => 'Organisation',
+                'created' => $faker->dateTime()->getTimestamp(),
+                'modified' => $faker->dateTime()->getTimestamp()
+            ],
+        ];
+        parent::init();
+    }
+
+    public function getPublicKey(string $type): string
+    {
+        switch ($type) {
+            case self::KEY_TYPE_EDCH:
+                return <<<EOD
+                -----BEGIN PGP PUBLIC KEY BLOCK-----
+                Version: OpenPGP v1.0.0
+
+                xm8EYeaEmhMFK4EEACIDAwTS1DNpEsyLo6ynsxJhe1J1k75OYGjkiYgj+4157e06
+                m8uNX9TRI3XKAKUs2ecG6Iv6beXpvLHcBu/GqwYnpLigpABkhLbUob5spIg+OqNA
+                l0U75pLyshmQ8DOWupjq2ZTNG2Zvb2JhciA8Zm9vYmFyQGV4YW1wbGUuY29tPsKP
+                BBMTCgAXBQJh5oSaAhsvAwsJBwMVCggCHgECF4AACgkQfYJ4NsWgZlqadgF6Apv0
+                S3JrJgmUejRVaMBoAlGlME6OibfAo/faYyOhO/tb0Kw8MYfrF27D+N3/TR8BAX0e
+                KhJvhcoHZlcb6E+xUvAT9zYyCpX6g1s2rU9qeLJEbWeEiz7/e1diYgQ2TuuJTr/O
+                UgRh5oSaEwgqhkjOPQMBBwIDBHTGkUJ9McCAGMB9/jhzJJ9arYLIdMUwHbxf68K3
+                yQaiQf2F0BUciz37I2pFPBV17CJzsHdoIG4rhrU4PI+srzvCwCcEGBMKAA8FAmHm
+                hJoFCQ8JnAACGy4AagkQfYJ4NsWgZlpfIAQZEwoABgUCYeaEmgAKCRC+TAWGbVzh
+                xvHIAP9C6iogC55FEE8XuQ2g6dPyIyou940sLQIYKdFpG2CTnwEAvosKiPEC+bwC
+                b75QibMSCGlYPOIO5WW9OqJyT4I59bwH4QF+KRv6b3wOoFz8/ptDyIbFpNSoBrDT
+                9D35Gk9oVSZg9FDeQunGRt2qkvfDxBMecPWXAYDlNTFtdBUWeXeMLJlEr5YyC3SA
+                RIbej4EnbpXmhdODjKLv1p5tAOw/lgEfQKzBEwbOUgRh5oSaEwgqhkjOPQMBBwID
+                BO9vsx/0+act9x1hNk0LHxE/PELjL2Abn/JBjAIvGgTmiZc5Vkb2XrUYAoOhKI4G
+                ab9UTnlGznER74SWWLELUt7CwCcEGBMKAA8FAmHmhJoFCQ8JnAACGy4AagkQfYJ4
+                NsWgZlpfIAQZEwoABgUCYeaEmgAKCRC5+NJ8Prn4UPSRAQCH7Ek29Z9ivuvIaj6n
+                2AYdgHZHBEYAg5uwSBchPRXBHwD/QxRRAyKnwdmTLJzaB7M82bHLRU5WXbEgqucv
+                9HuQpkiv6wGA2NVSulEz7VxxKIcaU8xQRrStIBXqMvNo/13kdlq2YWQ6EZnG7EU7
+                ExIU8Y2OkuFWAX9gLoJCjxfMuH5u27nNkztxL4SgORfCxWRg6VaVAFXX21dlQwIf
+                XUzE5dzw+nOspVE=
+                =WnCK
+                -----END PGP PUBLIC KEY BLOCK-----
+                EOD;
+            default:
+                throw new NotImplementedException('Unknown key type');
+        }
+    }
+
+    private function getPrivateKey(string $type): string
+    {
+        switch ($type) {
+            case self::KEY_TYPE_EDCH:
+                return <<<EOD
+                -----BEGIN PGP PRIVATE KEY BLOCK-----
+                Version: OpenPGP v1.0.0
+        
+                xcASBGHmhJoTBSuBBAAiAwME0tQzaRLMi6Osp7MSYXtSdZO+TmBo5ImII/uNee3t
+                OpvLjV/U0SN1ygClLNnnBuiL+m3l6byx3AbvxqsGJ6S4oKQAZIS21KG+bKSIPjqj
+                QJdFO+aS8rIZkPAzlrqY6tmU/gkDCCcuNcl1iEuoYIjwDlg5yqzxdXu9Q7V+WvBf
+                OflkWwIGYLjrqcDWNZqz9v4alO8/uKPZoRyYmQx3yBxjgrNs4bjibFxc43oTlHtD
+                JA7m+Ba4cWyMVFJ96TPXAvI5fAJszRtmb29iYXIgPGZvb2JhckBleGFtcGxlLmNv
+                bT7CjwQTEwoAFwUCYeaEmgIbLwMLCQcDFQoIAh4BAheAAAoJEH2CeDbFoGZamnYB
+                egKb9EtyayYJlHo0VWjAaAJRpTBOjom3wKP32mMjoTv7W9CsPDGH6xduw/jd/00f
+                AQF9HioSb4XKB2ZXG+hPsVLwE/c2MgqV+oNbNq1PaniyRG1nhIs+/3tXYmIENk7r
+                iU6/x6UEYeaEmhMIKoZIzj0DAQcCAwR0xpFCfTHAgBjAff44cySfWq2CyHTFMB28
+                X+vCt8kGokH9hdAVHIs9+yNqRTwVdewic7B3aCBuK4a1ODyPrK87/gkDCCiGr5A8
+                Yq+pYCpNvctmdVC3wwN+LNpiXHtkYWD37TdpwrdR0h8H/PSZFdHgkyK3tqmxPApC
+                S3+s+cBzza5mTPqaq/7Cc6ck40juXNBIC8rCwCcEGBMKAA8FAmHmhJoFCQ8JnAAC
+                Gy4AagkQfYJ4NsWgZlpfIAQZEwoABgUCYeaEmgAKCRC+TAWGbVzhxvHIAP9C6iog
+                C55FEE8XuQ2g6dPyIyou940sLQIYKdFpG2CTnwEAvosKiPEC+bwCb75QibMSCGlY
+                POIO5WW9OqJyT4I59bwH4QF+KRv6b3wOoFz8/ptDyIbFpNSoBrDT9D35Gk9oVSZg
+                9FDeQunGRt2qkvfDxBMecPWXAYDlNTFtdBUWeXeMLJlEr5YyC3SARIbej4EnbpXm
+                hdODjKLv1p5tAOw/lgEfQKzBEwbHpQRh5oSaEwgqhkjOPQMBBwIDBO9vsx/0+act
+                9x1hNk0LHxE/PELjL2Abn/JBjAIvGgTmiZc5Vkb2XrUYAoOhKI4Gab9UTnlGznER
+                74SWWLELUt7+CQMI0o+tsXn5S31gHyPTI5yRG0I7dZg4OrU+tCu11AYzC4y3aO0M
+                E2tixY7BDHIgtiWkeDWo8j4f8zYhBL9x/M3mpinZ6vQEhOdED+8shBmPNMLAJwQY
+                EwoADwUCYeaEmgUJDwmcAAIbLgBqCRB9gng2xaBmWl8gBBkTCgAGBQJh5oSaAAoJ
+                ELn40nw+ufhQ9JEBAIfsSTb1n2K+68hqPqfYBh2AdkcERgCDm7BIFyE9FcEfAP9D
+                FFEDIqfB2ZMsnNoHszzZsctFTlZdsSCq5y/0e5CmSK/rAYDY1VK6UTPtXHEohxpT
+                zFBGtK0gFeoy82j/XeR2WrZhZDoRmcbsRTsTEhTxjY6S4VYBf2AugkKPF8y4fm7b
+                uc2TO3EvhKA5F8LFZGDpVpUAVdfbV2VDAh9dTMTl3PD6c6ylUQ==
+                =96JC
+                -----END PGP PRIVATE KEY BLOCK-----
+                EOD;
+            default:
+                throw new NotImplementedException('Unknown key type');
+        }
+    }
+}
diff --git a/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
new file mode 100644
index 0000000..934d3e7
--- /dev/null
+++ b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
@@ -0,0 +1,54 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\EncryptionKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class DeleteEncryptionKeyApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/encryptionKeys/delete';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.EncryptionKeys'
+    ];
+
+    public function testDeleteEncryptionKey(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID);
+        $this->delete($url);
+
+        $this->assertResponseOk();
+        $this->assertDbRecordNotExists('EncryptionKeys', ['id' => EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+
+    public function testDeleteEncryptionKeyNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, EncryptionKeysFixture::ENCRYPTION_KEY_ORG_B_ID);
+        $this->delete($url);
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordExists('EncryptionKeys', ['id' => EncryptionKeysFixture::ENCRYPTION_KEY_ORG_B_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
+    }
+}
diff --git a/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php b/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php
new file mode 100644
index 0000000..0b7cb98
--- /dev/null
+++ b/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\EncryptionKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class IndexEncryptionKeysApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/encryptionKeys/index';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.EncryptionKeys'
+
+    ];
+
+    public function testIndexEncryptionKeys(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+    }
+}
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index f9418b9..c4852eb 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -23,6 +23,8 @@ tags:
     description: "Sharing groups are distribution lists usable by tools that can exchange information with a list of trusted partners. Create recurring or ad hoc sharing groups and share them with the members of the sharing group."
   - name: Broods
     description: "Cerebrate can connect to other Cerebrate instances to exchange trust information and to instrument interconnectivity between connected local tools. Each such Cerebrate instance with its connected tools is considered to be a brood."
+  - name: EncryptionKeys
+    description: "Assign encryption keys to the user, used to securely communicate or validate messages coming from the user."
 
 paths:
   /api/v1/individuals/index:
@@ -575,7 +577,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/broods/edit/{sharingGroupId}:
+  /api/v1/broods/edit/{broodId}:
     put:
       summary: "Edit brood"
       operationId: editBrood
@@ -631,6 +633,43 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  # EncryptionKeys
+  /api/v1/encryptionKeys/index:
+    get:
+      summary: "Get encryption keys list"
+      operationId: getEncryptionKeys
+      tags:
+        - EncryptionKeys
+      parameters:
+        - $ref: "#/components/parameters/quickFilter"
+      responses:
+        "200":
+          $ref: "#/components/responses/EncryptionKeyListResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/encryptionKeys/delete/{encryptionKeyId}:
+    delete:
+      summary: "Delete encryption key by ID"
+      operationId: deleteEncryptionKeyById
+      tags:
+        - EncryptionKeys
+      parameters:
+        - $ref: "#/components/parameters/encryptionKeyId"
+      responses:
+        "200":
+          $ref: "#/components/responses/EncryptionKeyResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
 components:
   schemas:
     # General
@@ -658,6 +697,18 @@ components:
     AuthKey:
       type: string
 
+    ModelName:
+      type: string
+      enum:
+        - "Organisation"
+        - "User"
+        - "Individual"
+        - "EncryptionKey"
+        - "Role"
+        - "Tag"
+        - "SharingGroup"
+        - "Brood"
+
     # Individuals
     IndividualFirstName:
       type: string
@@ -1089,18 +1140,66 @@ components:
           type: boolean
         authkey:
           $ref: "#/components/schemas/AuthKey"
+        organisation:
+          $ref: "#/components/schemas/Organisation"
         created:
           $ref: "#/components/schemas/DateTime"
         modified:
           $ref: "#/components/schemas/DateTime"
-        organisation:
-          $ref: "#/components/schemas/Organisation"
 
     BroodList:
       type: array
       items:
         $ref: "#/components/schemas/Brood"
 
+    # EncryptionKeys
+    EncryptionKeyType:
+      type: string
+      enum:
+        - "pgp"
+        - "smime"
+
+    EncryptionKeyValue:
+      type: string
+      example: |
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
+        ...
+        -----END PGP PUBLIC KEY BLOCK-----
+
+    EncryptionKeyExpiration:
+      type: integer
+      description: "Timestamp or null of there is no expiration"
+      nullable: true
+
+    EncryptionKey:
+      type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        uuid:
+          $ref: "#/components/schemas/UUID"
+        type:
+          $ref: "#/components/schemas/EncryptionKeyType"
+        encryption_key:
+          $ref: "#/components/schemas/EncryptionKeyValue"
+        revoked:
+          type: boolean
+        expires:
+          $ref: "#/components/schemas/EncryptionKeyExpiration"
+        owner_id:
+          $ref: "#/components/schemas/ID"
+        owner_model:
+          $ref: "#/components/schemas/ModelName"
+        created:
+          $ref: "#/components/schemas/DateTime"
+        modified:
+          $ref: "#/components/schemas/DateTime"
+
+    EncryptionKeyList:
+      type: array
+      items:
+        $ref: "#/components/schemas/EncryptionKey"
+
     # Errors
     ApiError:
       type: object
@@ -1210,6 +1309,14 @@ components:
       schema:
         $ref: "#/components/schemas/ID"
 
+    encryptionKeyId:
+      name: encryptionKeyId
+      in: path
+      description: "Numeric ID of the EncryptionKey"
+      required: true
+      schema:
+        $ref: "#/components/schemas/ID"
+
     quickFilter:
       name: quickFilter
       in: query
@@ -1659,6 +1766,21 @@ components:
                 type: number
                 format: float
 
+    # EncryptionKeys
+    EncryptionKeyResponse:
+      description: "Encryption key response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/EncryptionKey"
+
+    EncryptionKeyListResponse:
+      description: "Encryption key list response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/EncryptionKeyList"
+
     # Errors
     ApiErrorResponse:
       description: "Unexpected API error"

From c35d67ebcae81a17d5c627b57bfba27c2dd87eb8 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 18 Jan 2022 14:59:41 +0100
Subject: [PATCH 132/150] fix: [encryption keys] functionality to filter
 orgs/individuals fixed

- actually execute the query rather than just build it
---
 src/Controller/EncryptionKeysController.php | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php
index e04ebc0..ff2c16c 100644
--- a/src/Controller/EncryptionKeysController.php
+++ b/src/Controller/EncryptionKeysController.php
@@ -90,14 +90,8 @@ class EncryptionKeysController extends AppController
         $this->loadModel('Organisations');
         $this->loadModel('Individuals');
         $dropdownData = [
-            'organisation' => $this->Organisations->find('list', [
-                'sort' => ['name' => 'asc'],
-                'conditions' => $orgConditions
-            ]),
-            'individual' => $this->Individuals->find('list', [
-                'sort' => ['email' => 'asc'],
-                'conditions' => $individualConditions
-            ])
+            'organisation' => $this->Organisations->find('list')->order(['name' => 'asc'])->where($orgConditions)->all()->toArray(),
+            'individual' => $this->Individuals->find('list')->order(['email' => 'asc'])->where($individualConditions)->all()->toArray()
         ];
         return $params;
     }

From 8cb24baf5f1a4f52f68c532a8e55068b948ac131 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 18 Jan 2022 15:35:55 +0100
Subject: [PATCH 133/150] fix: [ACL] tightening for delete functions

- implemented beforeSave() function in the CRUD::delete() functionality
- added correct handling for the organisation level encryption keys in the beforeSave constructor
---
 src/Controller/Component/CRUDComponent.php  | 32 +++++++++---
 src/Controller/EncryptionKeysController.php | 58 +++++++++++----------
 2 files changed, 54 insertions(+), 36 deletions(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 4ebc674..0adfcdf 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -442,6 +442,12 @@ class CRUDComponent extends Component
                 if (empty($data)) {
                     throw new NotFoundException(__('Invalid {0}.', $this->ObjectAlias));
                 }
+                if (isset($params['beforeSave'])) {
+                    $data = $params['beforeSave']($data);
+                    if ($data === false) {
+                        throw new NotFoundException(__('Could not save {0} due to the input failing to meet expectations. Your input is bad and you should feel bad.', $this->ObjectAlias));
+                    }
+                }
                 $this->Controller->set('id', $data['id']);
                 $this->Controller->set('data', $data);
                 $this->Controller->set('bulkEnabled', false);
@@ -453,6 +459,7 @@ class CRUDComponent extends Component
             $isBulk = count($ids) > 1;
             $bulkSuccesses = 0;
             foreach ($ids as $id) {
+                $skipExecution = false;
                 $data = $this->Table->find()->where([$this->Table->getAlias() . '.id' => $id]);
                 if (!empty($params['conditions'])) {
                     $data->where($params['conditions']);
@@ -460,15 +467,24 @@ class CRUDComponent extends Component
                 if (!empty($params['contain'])) {
                     $data->contain($params['contain']);
                 }
-                $data = $data->first();
-                if (!empty($data)) {
-                    $success = $this->Table->delete($data);
-                    $success = true;
-                } else {
-                    $success = false;
+                if (isset($params['beforeSave'])) {
+                    $data = $params['beforeSave']($data);
+                    if ($data === false) {
+                        $skipExecution = true;
+                        $success = false;
+                    }
                 }
-                if ($success) {
-                    $bulkSuccesses++;
+                if (!$skipExecution) {
+                    $data = $data->first();
+                    if (!empty($data)) {
+                        $success = $this->Table->delete($data);
+                        $success = true;
+                    } else {
+                        $success = false;
+                    }
+                    if ($success) {
+                        $bulkSuccesses++;
+                    }
                 }
             }
             $message = $this->getMessageBasedOnResult(
diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php
index ff2c16c..324decb 100644
--- a/src/Controller/EncryptionKeysController.php
+++ b/src/Controller/EncryptionKeysController.php
@@ -57,36 +57,40 @@ class EncryptionKeysController extends AppController
 
     private function buildBeforeSave(array $params, $currentUser, array &$orgConditions, array &$individualConditions, array &$dropdownData): array
     {
-        $orgConditions = [
-            'id' => $currentUser['organisation_id']
-        ];
-        if (empty($currentUser['role']['perm_org_admin'])) {
-            $individualConditions = [
-                'id' => $currentUser['individual_id']
+        if (empty($currentUser['role']['perm_admin'])) {
+            $orgConditions = [
+                'id' => $currentUser['organisation_id']
             ];
-        }
-        $params['beforeSave'] = function($entity) use($currentUser) {
-            if ($entity['owner_model'] === 'organisation') {
-                $entity['owner_id'] = $currentUser['organisation_id'];
-            } else {
-                if ($currentUser['role']['perm_org_admin']) {
-                    $this->loadModel('Alignments');
-                    $validIndividuals = $this->Alignments->find('list', [
-                        'keyField' => 'individual_id',
-                        'valueField' => 'id',
-                        'conditions' => ['organisation_id' => $currentUser['organisation_id']]
-                    ])->toArray();
-                    if (!isset($validIndividuals[$entity['owner_id']])) {
-                        throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
+            if (empty($currentUser['role']['perm_org_admin'])) {
+                $individualConditions = [
+                    'id' => $currentUser['individual_id']
+                ];
+            }
+            $params['beforeSave'] = function($entity) use($currentUser) {
+                if ($entity['owner_model'] === 'organisation') {
+                    if ($entity['owner_id'] !== $currentUser['organisation_id']) {
+                        throw new MethodNotAllowedException(__('Selected organisation cannot be linked by the current user.'));
                     }
                 } else {
-                    if ($entity['owner_id'] !== $currentUser['id']) {
-                        throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
+                    if ($currentUser['role']['perm_org_admin']) {
+                        $this->loadModel('Alignments');
+                        $validIndividuals = $this->Alignments->find('list', [
+                            'keyField' => 'individual_id',
+                            'valueField' => 'id',
+                            'conditions' => ['organisation_id' => $currentUser['organisation_id']]
+                        ])->toArray();
+                        if (!isset($validIndividuals[$entity['owner_id']])) {
+                            throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
+                        }
+                    } else {
+                        if ($entity['owner_id'] !== $currentUser['id']) {
+                            throw new MethodNotAllowedException(__('Selected individual cannot be linked by the current user.'));
+                        }
                     }
                 }
-            }
-            return $entity;
-        };
+                return $entity;
+            };
+        }
         $this->loadModel('Organisations');
         $this->loadModel('Individuals');
         $dropdownData = [
@@ -105,9 +109,7 @@ class EncryptionKeysController extends AppController
         $params = [
             'redirect' => $this->referer()
         ];
-        if (empty($currentUser['role']['perm_admin'])) {
-            $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
-        }
+        $params = $this->buildBeforeSave($params, $currentUser, $orgConditions, $individualConditions, $dropdownData);
         $this->CRUD->add($params);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {

From e6daa63064f532062b105612add26537b48d4d61 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Tue, 18 Jan 2022 16:11:00 +0100
Subject: [PATCH 134/150] add: more encription keys api endpoints covered

---
 tests/Fixture/EncryptionKeysFixture.php       |   6 +-
 .../AddEncryptionKeyApiTest.php               |  82 ++++++++++++++
 .../EditEncryptionKeyApiTest.php              |  76 +++++++++++++
 .../ViewEncryptionKeyApiTest.php              |  40 +++++++
 webroot/docs/openapi.yaml                     | 100 ++++++++++++++++++
 5 files changed, 301 insertions(+), 3 deletions(-)
 create mode 100644 tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
 create mode 100644 tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
 create mode 100644 tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php

diff --git a/tests/Fixture/EncryptionKeysFixture.php b/tests/Fixture/EncryptionKeysFixture.php
index 05b92f8..a9d6c27 100644
--- a/tests/Fixture/EncryptionKeysFixture.php
+++ b/tests/Fixture/EncryptionKeysFixture.php
@@ -45,7 +45,7 @@ class EncryptionKeysFixture extends TestFixture
                 'encryption_key' => $this->getPublicKey(self::KEY_TYPE_EDCH),
                 'revoked' => false,
                 'expires' => null,
-                'owner_id' => OrganisationsFixture::ORGANISATION_A_ID,
+                'owner_id' => OrganisationsFixture::ORGANISATION_B_ID,
                 'owner_model' => 'Organisation',
                 'created' => $faker->dateTime()->getTimestamp(),
                 'modified' => $faker->dateTime()->getTimestamp()
@@ -54,7 +54,7 @@ class EncryptionKeysFixture extends TestFixture
         parent::init();
     }
 
-    public function getPublicKey(string $type): string
+    public static function getPublicKey(string $type): string
     {
         switch ($type) {
             case self::KEY_TYPE_EDCH:
@@ -90,7 +90,7 @@ class EncryptionKeysFixture extends TestFixture
         }
     }
 
-    private function getPrivateKey(string $type): string
+    private static function getPrivateKey(string $type): string
     {
         switch ($type) {
             case self::KEY_TYPE_EDCH:
diff --git a/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
new file mode 100644
index 0000000..b876800
--- /dev/null
+++ b/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\EncryptionKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class AddEncryptionKeyApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/encryptionKeys/add';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.EncryptionKeys'
+    ];
+
+    public function testAddUserEncryptionKey(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'uuid' => $uuid,
+                'type' => EncryptionKeysFixture::TYPE_PGP,
+                'encryption_key' => EncryptionKeysFixture::getPublicKey(EncryptionKeysFixture::KEY_TYPE_EDCH),
+                'revoked' => false,
+                'expires' => null,
+                'owner_id' => UsersFixture::USER_ADMIN_ID,
+                'owner_model' => 'User'
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
+        $this->assertDbRecordExists('EncryptionKeys', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+
+    public function testAddAdminUserEncryptionKeyNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'uuid' => $uuid,
+                'type' => EncryptionKeysFixture::TYPE_PGP,
+                'encryption_key' => EncryptionKeysFixture::getPublicKey(EncryptionKeysFixture::KEY_TYPE_EDCH),
+                'revoked' => false,
+                'expires' => null,
+                'owner_id' => UsersFixture::USER_ADMIN_ID,
+                'owner_model' => 'User'
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists('EncryptionKeys', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
new file mode 100644
index 0000000..6525786
--- /dev/null
+++ b/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
@@ -0,0 +1,76 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\EncryptionKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class EditBroodApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/encryptionKeys/edit';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.EncryptionKeys'
+    ];
+
+    public function testRevokeEncryptionKey(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID);
+        $this->put(
+            $url,
+            [
+                'revoked' => true,
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertDbRecordExists(
+            'EncryptionKeys',
+            [
+                'id' => EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID,
+                'revoked' => true,
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+
+    public function testRevokeAdminEncryptionKeyNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $url = sprintf('%s/%d', self::ENDPOINT, EncryptionKeysFixture::ENCRYPTION_KEY_ORG_B_ID);
+        $this->put(
+            $url,
+            [
+                'revoked' => true
+            ]
+        );
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordNotExists(
+            'EncryptionKeys',
+            [
+                'id' => EncryptionKeysFixture::ENCRYPTION_KEY_ORG_B_ID,
+                'revoked' => true
+            ]
+        );
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'put');
+    }
+}
diff --git a/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php
new file mode 100644
index 0000000..8e46119
--- /dev/null
+++ b/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\EncryptionKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class ViewEncryptionKeyApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/encryptionKeys/view';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+        'app.EncryptionKeys'
+    ];
+
+    public function testViewEncryptionKeyById(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID);
+        $this->get($url);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url);
+    }
+}
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index c4852eb..d293ed5 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -652,6 +652,62 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  /api/v1/encryptionKeys/view/{encryptionKeyId}:
+    get:
+      summary: "Get encryption key by ID"
+      operationId: getEncryptionKeyId
+      tags:
+        - EncryptionKeys
+      parameters:
+        - $ref: "#/components/parameters/encryptionKeyId"
+      responses:
+        "200":
+          $ref: "#/components/responses/EncryptionKeyResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/encryptionKeys/add:
+    post:
+      summary: "Add encryption key"
+      operationId: addEncryptionKey
+      tags:
+        - EncryptionKeys
+      requestBody:
+        $ref: "#/components/requestBodies/CreateEncryptionKeyRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/EncryptionKeyResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/encryptionKeys/edit/{encryptionKeyId}:
+    put:
+      summary: "Edit encryption key"
+      operationId: editEncryptionKey
+      tags:
+        - EncryptionKeys
+      parameters:
+        - $ref: "#/components/parameters/encryptionKeyId"
+      requestBody:
+        $ref: "#/components/requestBodies/EditEncryptionKeyRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/EncryptionKeyResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
   /api/v1/encryptionKeys/delete/{encryptionKeyId}:
     delete:
       summary: "Delete encryption key by ID"
@@ -1601,6 +1657,50 @@ components:
               authkey:
                 $ref: "#/components/schemas/AuthKey"
 
+    CreateEncryptionKeyRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              type:
+                $ref: "#/components/schemas/EncryptionKeyType"
+              encryption_key:
+                $ref: "#/components/schemas/EncryptionKeyValue"
+              revoked:
+                type: boolean
+              expires:
+                $ref: "#/components/schemas/EncryptionKeyExpiration"
+              owner_id:
+                $ref: "#/components/schemas/ID"
+              owner_model:
+                $ref: "#/components/schemas/ModelName"
+
+    EditEncryptionKeyRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              type:
+                $ref: "#/components/schemas/EncryptionKeyType"
+              encryption_key:
+                $ref: "#/components/schemas/EncryptionKeyValue"
+              revoked:
+                type: boolean
+              expires:
+                $ref: "#/components/schemas/EncryptionKeyExpiration"
+              owner_id:
+                $ref: "#/components/schemas/ID"
+              owner_model:
+                $ref: "#/components/schemas/ModelName"
+
   responses:
     # Individuals
     IndividualResponse:

From 9551f0b5b82288f4a4513a007926113cd7185d50 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Tue, 18 Jan 2022 16:15:45 +0100
Subject: [PATCH 135/150] fix: copy&paste

---
 tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
index 6525786..56a25d3 100644
--- a/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
@@ -10,7 +10,7 @@ use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\EncryptionKeysFixture;
 use App\Test\Helper\ApiTestTrait;
 
-class EditBroodApiTest extends TestCase
+class EditEncryptionKeyApiTest extends TestCase
 {
     use IntegrationTestTrait;
     use ApiTestTrait;

From eae8e62e5ec600f3bec23327c43da046558d1fb3 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 18 Jan 2022 16:24:24 +0100
Subject: [PATCH 136/150] fix: [CRUD] delete post message fix

- correct order of execution for the beforesave command
---
 src/Controller/Component/CRUDComponent.php | 24 ++++++++--------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 0adfcdf..d1c78fc 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -467,24 +467,18 @@ class CRUDComponent extends Component
                 if (!empty($params['contain'])) {
                     $data->contain($params['contain']);
                 }
+                $data = $data->first();
                 if (isset($params['beforeSave'])) {
                     $data = $params['beforeSave']($data);
-                    if ($data === false) {
-                        $skipExecution = true;
-                        $success = false;
-                    }
                 }
-                if (!$skipExecution) {
-                    $data = $data->first();
-                    if (!empty($data)) {
-                        $success = $this->Table->delete($data);
-                        $success = true;
-                    } else {
-                        $success = false;
-                    }
-                    if ($success) {
-                        $bulkSuccesses++;
-                    }
+                if (!empty($data)) {
+                    $success = $this->Table->delete($data);
+                    $success = true;
+                } else {
+                    $success = false;
+                }
+                if ($success) {
+                    $bulkSuccesses++;
                 }
             }
             $message = $this->getMessageBasedOnResult(

From dbaa2ba7b320ce3f9511155ab7b9b960e26e67fc Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 18 Jan 2022 16:56:38 +0100
Subject: [PATCH 137/150] fix: [encryption keys] several fixes

- fix the user view to correctly point to the list of related encryption keys
- fix the lookup on the index to be based on owner_model + owner_id combo
- fix the filtering of the dropdown in the encryption key add form to only valid options
---
 src/Controller/EncryptionKeysController.php | 9 ++++++++-
 templates/Users/view.php                    | 4 ++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/Controller/EncryptionKeysController.php b/src/Controller/EncryptionKeysController.php
index 324decb..803f180 100644
--- a/src/Controller/EncryptionKeysController.php
+++ b/src/Controller/EncryptionKeysController.php
@@ -14,7 +14,7 @@ use Cake\Error\Debugger;
 
 class EncryptionKeysController extends AppController
 {
-    public $filterFields = ['owner_model', 'organisation_id', 'individual_id', 'encryption_key'];
+    public $filterFields = ['owner_model', 'owner_id', 'encryption_key'];
     public $quickFilterFields = ['encryption_key'];
     public $containFields = ['Individuals', 'Organisations'];
 
@@ -65,6 +65,13 @@ class EncryptionKeysController extends AppController
                 $individualConditions = [
                     'id' => $currentUser['individual_id']
                 ];
+            } else {
+                $this->loadModel('Alignments');
+                $individualConditions = ['id IN' => $this->Alignments->find('list', [
+                    'keyField' => 'id',
+                    'valueField' => 'individual_id',
+                    'conditions' => ['organisation_id' => $currentUser['organisation_id']]
+                ])->toArray()];
             }
             $params['beforeSave'] = function($entity) use($currentUser) {
                 if ($entity['owner_model'] === 'organisation') {
diff --git a/templates/Users/view.php b/templates/Users/view.php
index 26c3c25..fbddf52 100644
--- a/templates/Users/view.php
+++ b/templates/Users/view.php
@@ -56,8 +56,8 @@ echo $this->element(
                 'title' => __('Authentication keys')
             ],
             [
-                'url' => '/EncryptionKeys/index?Users.id={{0}}',
-                'url_params' => ['id'],
+                'url' => '/EncryptionKeys/index?owner_id={{0}}',
+                'url_params' => ['individual_id'],
                 'title' => __('Encryption keys')
             ],
             [

From 850eb0fb2d26008c3e01be490834b078b2ab5663 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Tue, 18 Jan 2022 17:39:41 +0100
Subject: [PATCH 138/150] add: cover authkeys api endpoints, extend openapi
 spec

---
 tests/Fixture/AuthKeysFixture.php             |  13 ++
 .../Api/AuthKeys/AddAuthKeyApiTest.php        |  78 +++++++++
 .../Api/AuthKeys/DeleteAuthKeyApiTest.php     |  51 ++++++
 .../Api/AuthKeys/IndexAuthKeysApiTest.php     |  48 ++++++
 ...oodsApiTest.php => DeleteBroodApiTest.php} |   4 +-
 .../DeleteEncryptionKeyApiTest.php            |   2 -
 .../Individuals/DeleteIndividualApiTest.php   |   2 -
 .../DeleteOrganisationApiTest.php             |   2 -
 .../DeleteSharingGroupApiTest.php             |   2 -
 .../TestCase/Api/Users/DeleteUserApiTest.php  |   2 -
 tests/TestCase/Api/Users/EditUserApiTest.php  |   2 +
 webroot/docs/openapi.yaml                     | 162 +++++++++++++++++-
 12 files changed, 348 insertions(+), 20 deletions(-)
 create mode 100644 tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
 create mode 100644 tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
 create mode 100644 tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
 rename tests/TestCase/Api/Broods/{DeleteBroodsApiTest.php => DeleteBroodApiTest.php} (83%)

diff --git a/tests/Fixture/AuthKeysFixture.php b/tests/Fixture/AuthKeysFixture.php
index 802ca5c..24034f3 100644
--- a/tests/Fixture/AuthKeysFixture.php
+++ b/tests/Fixture/AuthKeysFixture.php
@@ -11,9 +11,18 @@ class AuthKeysFixture extends TestFixture
 {
     public $connection = 'test';
 
+    public const ADMIN_API_ID = 1;
     public const ADMIN_API_KEY = 'd033e22ae348aeb5660fc2140aec35850c4da997';
+
+
+    public const SYNC_API_ID = 2;
     public const SYNC_API_KEY = '6b387ced110858dcbcda36edb044dc18f91a0894';
+
+
+    public const ORG_ADMIN_API_ID = 3;
     public const ORG_ADMIN_API_KEY = '1c4685d281d478dbcebd494158024bc3539004d0';
+
+    public const REGULAR_USER_API_ID = 4;
     public const REGULAR_USER_API_KEY = '12dea96fec20593566ab75692c9949596833adc9';
 
     public function init(): void
@@ -23,6 +32,7 @@ class AuthKeysFixture extends TestFixture
 
         $this->records = [
             [
+                'id' => self::ADMIN_API_ID,
                 'uuid' => $faker->uuid(),
                 'authkey' => $hasher->hash(self::ADMIN_API_KEY),
                 'authkey_start' => substr(self::ADMIN_API_KEY, 0, 4),
@@ -34,6 +44,7 @@ class AuthKeysFixture extends TestFixture
                 'modified' => $faker->dateTime()->getTimestamp()
             ],
             [
+                'id' => self::SYNC_API_ID,
                 'uuid' => $faker->uuid(),
                 'authkey' => $hasher->hash(self::SYNC_API_KEY),
                 'authkey_start' => substr(self::SYNC_API_KEY, 0, 4),
@@ -45,6 +56,7 @@ class AuthKeysFixture extends TestFixture
                 'modified' => $faker->dateTime()->getTimestamp()
             ],
             [
+                'id' => self::ORG_ADMIN_API_ID,
                 'uuid' => $faker->uuid(),
                 'authkey' => $hasher->hash(self::ORG_ADMIN_API_KEY),
                 'authkey_start' => substr(self::ORG_ADMIN_API_KEY, 0, 4),
@@ -56,6 +68,7 @@ class AuthKeysFixture extends TestFixture
                 'modified' => $faker->dateTime()->getTimestamp()
             ],
             [
+                'id' => self::REGULAR_USER_API_ID,
                 'uuid' => $faker->uuid(),
                 'authkey' => $hasher->hash(self::REGULAR_USER_API_KEY),
                 'authkey_start' => substr(self::REGULAR_USER_API_KEY, 0, 4),
diff --git a/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php b/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
new file mode 100644
index 0000000..810dad2
--- /dev/null
+++ b/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
@@ -0,0 +1,78 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class AddAuthKeyApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/authKeys/add';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function testAddAdminAuthKey(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'uuid' => $uuid,
+                'authkey' => $faker->sha1,
+                'expiration' => 0,
+                'user_id' => UsersFixture::USER_ADMIN_ID,
+                'comment' => $faker->text
+            ]
+        );
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
+        $this->assertDbRecordExists('AuthKeys', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+
+    public function testAddAdminAuthKeyNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+
+        $faker = \Faker\Factory::create();
+        $uuid = $faker->uuid;
+
+
+        $this->post(
+            self::ENDPOINT,
+            [
+                'uuid' => $uuid,
+                'authkey' => $faker->sha1,
+                'expiration' => 0,
+                'user_id' => UsersFixture::USER_ADMIN_ID,
+                'comment' => $faker->text
+            ]
+        );
+
+        $this->assertResponseCode(404);
+        $this->addWarning('Should return 405 Method Not Allowed instead of 404 Not Found');
+        $this->assertDbRecordNotExists('AuthKeys', ['uuid' => $uuid]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
+    }
+}
diff --git a/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php b/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
new file mode 100644
index 0000000..21a22f6
--- /dev/null
+++ b/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
@@ -0,0 +1,51 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\BroodsFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class DeleteAuthKeyApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/authKeys/delete';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys',
+    ];
+
+    public function testDeleteAdminAuthKey(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, AuthKeysFixture::ADMIN_API_ID);
+        $this->delete($url);
+
+        $this->assertResponseOk();
+        $this->assertDbRecordNotExists('AuthKeys', ['id' => AuthKeysFixture::ADMIN_API_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+    }
+
+    public function testDeleteOrgAdminAuthKeyNotAllowedAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $url = sprintf('%s/%d', self::ENDPOINT, AuthKeysFixture::ORG_ADMIN_API_ID);
+        $this->delete($url);
+
+        $this->assertResponseCode(405);
+        $this->assertDbRecordExists('AuthKeys', ['id' => AuthKeysFixture::ORG_ADMIN_API_ID]);
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
+    }
+}
diff --git a/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php b/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
new file mode 100644
index 0000000..9fbe3e6
--- /dev/null
+++ b/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Helper\ApiTestTrait;
+
+class IndexAuthKeysApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/authKeys/index';
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function testIndexAuthKeys(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"id": %d', AuthKeysFixture::ADMIN_API_ID));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+    }
+
+    public function testIndexDoesNotShowAdminAuthKeysAsRegularUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::ADMIN_API_KEY);
+        $this->get(self::ENDPOINT);
+
+        $this->assertResponseOk();
+        $this->assertResponseNotContains(sprintf('"id": %d', AuthKeysFixture::REGULAR_USER_API_KEY));
+        // TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
+    }
+}
diff --git a/tests/TestCase/Api/Broods/DeleteBroodsApiTest.php b/tests/TestCase/Api/Broods/DeleteBroodApiTest.php
similarity index 83%
rename from tests/TestCase/Api/Broods/DeleteBroodsApiTest.php
rename to tests/TestCase/Api/Broods/DeleteBroodApiTest.php
index 94aa0a8..1b90bd6 100644
--- a/tests/TestCase/Api/Broods/DeleteBroodsApiTest.php
+++ b/tests/TestCase/Api/Broods/DeleteBroodApiTest.php
@@ -10,7 +10,7 @@ use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\BroodsFixture;
 use App\Test\Helper\ApiTestTrait;
 
-class DeleteBroodsApiTest extends TestCase
+class DeleteBroodApiTest extends TestCase
 {
     use IntegrationTestTrait;
     use ApiTestTrait;
@@ -36,7 +36,6 @@ class DeleteBroodsApiTest extends TestCase
         $this->assertDbRecordNotExists('Broods', ['id' => BroodsFixture::BROOD_A_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 
     public function testDeleteBroodNotAllowedAsRegularUser(): void
@@ -49,6 +48,5 @@ class DeleteBroodsApiTest extends TestCase
         $this->assertDbRecordExists('Broods', ['id' => BroodsFixture::BROOD_A_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 }
diff --git a/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
index 934d3e7..02ecd25 100644
--- a/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
@@ -36,7 +36,6 @@ class DeleteEncryptionKeyApiTest extends TestCase
         $this->assertDbRecordNotExists('EncryptionKeys', ['id' => EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 
     public function testDeleteEncryptionKeyNotAllowedAsRegularUser(): void
@@ -49,6 +48,5 @@ class DeleteEncryptionKeyApiTest extends TestCase
         $this->assertDbRecordExists('EncryptionKeys', ['id' => EncryptionKeysFixture::ENCRYPTION_KEY_ORG_B_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 }
diff --git a/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
index e50cf63..32b4ba7 100644
--- a/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
@@ -35,7 +35,6 @@ class DeleteIndividualApiTest extends TestCase
         $this->assertDbRecordNotExists('Individuals', ['id' => IndividualsFixture::INDIVIDUAL_A_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 
     public function testDeleteIndividualNotAllowedAsRegularUser(): void
@@ -48,6 +47,5 @@ class DeleteIndividualApiTest extends TestCase
         $this->assertDbRecordExists('Individuals', ['id' => IndividualsFixture::INDIVIDUAL_ADMIN_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 }
diff --git a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
index 6a323fb..12b62d1 100644
--- a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
@@ -35,7 +35,6 @@ class DeleteOrganisationApiTest extends TestCase
         $this->assertDbRecordNotExists('Organisations', ['id' => OrganisationsFixture::ORGANISATION_B_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 
     public function testDeleteOrganisationNotAllowedAsRegularUser(): void
@@ -48,6 +47,5 @@ class DeleteOrganisationApiTest extends TestCase
         $this->assertDbRecordExists('Organisations', ['id' => OrganisationsFixture::ORGANISATION_B_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 }
diff --git a/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
index c93bb05..36379d4 100644
--- a/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
@@ -36,7 +36,6 @@ class DeleteSharingGroupApiTest extends TestCase
         $this->assertDbRecordNotExists('SharingGroups', ['id' => SharingGroupsFixture::SHARING_GROUP_A_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 
     public function testDeleteSharingGroupNotAllowedAsRegularUser(): void
@@ -49,6 +48,5 @@ class DeleteSharingGroupApiTest extends TestCase
         $this->assertDbRecordExists('SharingGroups', ['id' => SharingGroupsFixture::SHARING_GROUP_A_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 }
diff --git a/tests/TestCase/Api/Users/DeleteUserApiTest.php b/tests/TestCase/Api/Users/DeleteUserApiTest.php
index 50df2e5..48f9069 100644
--- a/tests/TestCase/Api/Users/DeleteUserApiTest.php
+++ b/tests/TestCase/Api/Users/DeleteUserApiTest.php
@@ -37,7 +37,6 @@ class DeleteUserApiTest extends TestCase
         $this->assertDbRecordNotExists('Users', ['id' => UsersFixture::USER_REGULAR_USER_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 
     public function testDeleteUserNotAllowedAsRegularUser(): void
@@ -50,6 +49,5 @@ class DeleteUserApiTest extends TestCase
         $this->assertDbRecordExists('Users', ['id' => UsersFixture::USER_ORG_ADMIN_ID]);
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec($url, 'delete');
-        $this->addWarning('TODO: CRUDComponent::delete() sets some view variables, does not take into account `isRest()`, fix it.');
     }
 }
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
index 8d2810d..39673ee 100644
--- a/tests/TestCase/Api/Users/EditUserApiTest.php
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -57,6 +57,7 @@ class EditUserApiTest extends TestCase
             ]
         );
 
+        $this->assertResponseOk();
         $this->assertDbRecordNotExists('Users', [
             'id' => UsersFixture::USER_REGULAR_USER_ID,
             'role_id' => RolesFixture::ROLE_ADMIN_ID
@@ -75,6 +76,7 @@ class EditUserApiTest extends TestCase
             ]
         );
 
+        $this->assertResponseOk();
         $this->assertDbRecordExists('Users', [
             'id' => UsersFixture::USER_REGULAR_USER_ID,
             'username' => 'test'
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index d293ed5..076af9f 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -25,6 +25,8 @@ tags:
     description: "Cerebrate can connect to other Cerebrate instances to exchange trust information and to instrument interconnectivity between connected local tools. Each such Cerebrate instance with its connected tools is considered to be a brood."
   - name: EncryptionKeys
     description: "Assign encryption keys to the user, used to securely communicate or validate messages coming from the user."
+  - name: AuthKeys
+    description: "Authkeys are used for API access. A user can have more than one authkey, so if you would like to use separate keys per tool that queries Cerebrate, add additional keys. Use the comment field to make identifying your keys easier."
 
 paths:
   /api/v1/individuals/index:
@@ -726,6 +728,61 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
+  # AuthKeys
+  /api/v1/authKeys/index:
+    get:
+      summary: "Get auth keys list"
+      operationId: getAuthKeys
+      tags:
+        - AuthKeys
+      parameters:
+        - $ref: "#/components/parameters/quickFilter"
+      responses:
+        "200":
+          $ref: "#/components/responses/AuthKeyListResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/authKeys/add:
+    post:
+      summary: "Add auth keys"
+      operationId: addAuthKey
+      tags:
+        - AuthKeys
+      requestBody:
+        $ref: "#/components/requestBodies/CreateAuthKeyRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/AuthKeyResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
+  /api/v1/authKeys/delete/{authKeyId}:
+    delete:
+      summary: "Delete auth key by ID"
+      operationId: deleteAuthKeyById
+      tags:
+        - AuthKeys
+      parameters:
+        - $ref: "#/components/parameters/authKeyId"
+      responses:
+        "200":
+          $ref: "#/components/responses/AuthKeyResponse"
+        "403":
+          $ref: "#/components/responses/UnauthorizedApiErrorResponse"
+        "405":
+          $ref: "#/components/responses/MethodNotAllowedApiErrorResponse"
+        default:
+          $ref: "#/components/responses/ApiErrorResponse"
+
 components:
   schemas:
     # General
@@ -750,9 +807,6 @@ components:
       format: email
       example: "user@example.com"
 
-    AuthKey:
-      type: string
-
     ModelName:
       type: string
       enum:
@@ -1195,7 +1249,7 @@ components:
         skip_proxy:
           type: boolean
         authkey:
-          $ref: "#/components/schemas/AuthKey"
+          $ref: "#/components/schemas/AuthKeyRaw"
         organisation:
           $ref: "#/components/schemas/Organisation"
         created:
@@ -1224,7 +1278,7 @@ components:
 
     EncryptionKeyExpiration:
       type: integer
-      description: "Timestamp or null of there is no expiration"
+      description: "UNIX timestamp or null of there is no expiration"
       nullable: true
 
     EncryptionKey:
@@ -1256,6 +1310,58 @@ components:
       items:
         $ref: "#/components/schemas/EncryptionKey"
 
+    # AuthKeys
+    AuthKeyRaw:
+      type: string
+
+    AuthKeyHashed:
+      type: string
+
+    AuthKeyExpiration:
+      type: integer
+      description: "0 or UNIX timestamp"
+      example: 0
+
+    AuthKeyCreatedAt:
+      type: integer
+      description: "UNIX timestamp"
+
+    AuthKeyComment:
+      type: string
+
+    AuthKey:
+      type: object
+      properties:
+        id:
+          $ref: "#/components/schemas/ID"
+        uuid:
+          $ref: "#/components/schemas/UUID"
+        authkey:
+          $ref: "#/components/schemas/AuthKeyHashed"
+        authkey_start:
+          type: string
+          example: abcd
+        authkey_end:
+          type: string
+          example: abcd
+        created:
+          $ref: "#/components/schemas/AuthKeyCreatedAt"
+        expiration:
+          $ref: "#/components/schemas/AuthKeyExpiration"
+          type: integer
+          description: "0 or UNIX timestamp"
+        user_id:
+          $ref: "#/components/schemas/ID"
+        comment:
+          $ref: "#/components/schemas/AuthKeyComment"
+        user:
+          $ref: "#/components/schemas/User"
+
+    AuthKeyList:
+      type: array
+      items:
+        $ref: "#/components/schemas/AuthKey"
+
     # Errors
     ApiError:
       type: object
@@ -1373,6 +1479,14 @@ components:
       schema:
         $ref: "#/components/schemas/ID"
 
+    authKeyId:
+      name: authKeyId
+      in: path
+      description: "Numeric ID of the AuthKey"
+      required: true
+      schema:
+        $ref: "#/components/schemas/ID"
+
     quickFilter:
       name: quickFilter
       in: query
@@ -1629,7 +1743,7 @@ components:
               skip_proxy:
                 type: boolean
               authkey:
-                $ref: "#/components/schemas/AuthKey"
+                $ref: "#/components/schemas/AuthKeyRaw"
 
     EditBroodRequest:
       required: true
@@ -1655,7 +1769,7 @@ components:
               skip_proxy:
                 type: boolean
               authkey:
-                $ref: "#/components/schemas/AuthKey"
+                $ref: "#/components/schemas/AuthKeyRaw"
 
     CreateEncryptionKeyRequest:
       required: true
@@ -1701,6 +1815,25 @@ components:
               owner_model:
                 $ref: "#/components/schemas/ModelName"
 
+    # AuthKeys
+    CreateAuthKeyRequest:
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              uuid:
+                $ref: "#/components/schemas/UUID"
+              authkey:
+                $ref: "#/components/schemas/AuthKeyRaw"
+              expiration:
+                $ref: "#/components/schemas/AuthKeyExpiration"
+              user_id:
+                $ref: "#/components/schemas/ID"
+              comment:
+                $ref: "#/components/schemas/AuthKeyComment"
+
   responses:
     # Individuals
     IndividualResponse:
@@ -1881,6 +2014,21 @@ components:
           schema:
             $ref: "#/components/schemas/EncryptionKeyList"
 
+    # AuthKeys
+    AuthKeyResponse:
+      description: "Auth key response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/AuthKey"
+
+    AuthKeyListResponse:
+      description: "Auth key list response"
+      content:
+        application/json:
+          schema:
+            $ref: "#/components/schemas/AuthKeyList"
+
     # Errors
     ApiErrorResponse:
       description: "Unexpected API error"

From f75d0829d1a98e2c686beb89d993df5ac824883f Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 18 Jan 2022 17:52:59 +0100
Subject: [PATCH 139/150] fix: [user edit] fixed for non admins

---
 src/Controller/UsersController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index a5065db..9ffb2fe 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -7,6 +7,7 @@ use Cake\Utility\Text;
 use Cake\ORM\TableRegistry;
 use \Cake\Database\Expression\QueryExpression;
 use Cake\Http\Exception\UnauthorizedException;
+use Cake\Http\Exception\MethodNotAllowedException;
 use Cake\Core\Configure;
 
 class UsersController extends AppController
@@ -100,11 +101,10 @@ class UsersController extends AppController
         if (empty($id)) {
             $id = $currentUser['id'];
         } else {
+            $id = intval($id);
             if ((empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
                 if ($id !== $currentUser['id']) {
                     throw new MethodNotAllowedException(__('You are not authorised to edit that user.'));
-                } else {
-                    $id = $currentUser['id'];
                 }
             }
         }

From 20cc6017d0472c33ffddfe496db9cf93f2e40fad Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Wed, 19 Jan 2022 09:04:10 +0100
Subject: [PATCH 140/150] fix: [localTool:CommonConnector] Ensure one logger
 per connector

---
 .../CommonConnectorTools.php                  | 33 ++++++++++---------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/src/Lib/default/local_tool_connectors/CommonConnectorTools.php b/src/Lib/default/local_tool_connectors/CommonConnectorTools.php
index 213db17..d01e9d9 100644
--- a/src/Lib/default/local_tool_connectors/CommonConnectorTools.php
+++ b/src/Lib/default/local_tool_connectors/CommonConnectorTools.php
@@ -24,21 +24,24 @@ class CommonConnectorTools
 
     public function __construct()
     {
-        Log::setConfig("LocalToolDebug", [
-            'className' => FileLog::class,
-            'path' => LOGS,
-            'file' => "{$this->connectorName}-debug",
-            'scopes' => [$this->connectorName],
-            'levels' => ['notice', 'info', 'debug'],
-        ]);
-        Log::setConfig("LocalToolError", [
-            'className' => FileLog::class,
-            'path' => LOGS,
-            'file' => "{$this->connectorName}-error",
-            'scopes' => [$this->connectorName],
-            'levels' => ['warning', 'error', 'critical', 'alert', 'emergency'],
-        ]);
-
+        if (empty(Log::getConfig("LocalToolDebug{$this->connectorName}"))) {
+            Log::setConfig("LocalToolDebug{$this->connectorName}", [
+                'className' => FileLog::class,
+                'path' => LOGS,
+                'file' => "{$this->connectorName}-debug",
+                'scopes' => [$this->connectorName],
+                'levels' => ['notice', 'info', 'debug'],
+            ]);
+        }
+        if (empty(Log::getConfig("LocalToolError{$this->connectorName}"))) {
+            Log::setConfig("LocalToolError{$this->connectorName}", [
+                'className' => FileLog::class,
+                'path' => LOGS,
+                'file' => "{$this->connectorName}-error",
+                'scopes' => [$this->connectorName],
+                'levels' => ['warning', 'error', 'critical', 'alert', 'emergency'],
+            ]);
+        }
     }
 
     protected function logDebug($message)

From 1d7fc00a650d08cc0a0f77dd4f8458edafd4736f Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Wed, 19 Jan 2022 09:33:57 +0100
Subject: [PATCH 141/150] chg: [layout:header-profile] Improved spacing

---
 templates/element/layouts/header/header-profile.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/templates/element/layouts/header/header-profile.php b/templates/element/layouts/header/header-profile.php
index 1f148d6..146aa3e 100644
--- a/templates/element/layouts/header/header-profile.php
+++ b/templates/element/layouts/header/header-profile.php
@@ -11,7 +11,10 @@ use Cake\Routing\Router;
             <div class="fw-light"><?= __('Logged in as') ?></div>
             <div>
                 <?= $this->SocialProvider->getIcon($this->request->getAttribute('identity')) ?>
-                [<?= h($loggedUser['organisation']['name']) ?>] <strong><?= h($this->request->getAttribute('identity')['username']) ?></strong>
+                <span class="ms-1 me-3">
+                    [<?= h($loggedUser['organisation']['name']) ?>]
+                    <strong><?= h($this->request->getAttribute('identity')['username']) ?></strong>
+                </span>
             </div>
         </h6>
         <div class="dropdown-divider"></div>

From 5eca1a916052c23f304eb6410a1d2cdfcc6a624d Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 19 Jan 2022 10:45:51 +0100
Subject: [PATCH 142/150] add: change password via api test, add helper methods
 to ApiTestTrait.

---
 tests/Helper/ApiTestTrait.php                 | 30 +++++++
 .../Api/Users/ChangePasswordApiTest.php       | 78 +++++++++++++++++++
 tests/TestCase/Api/Users/EditUserApiTest.php  | 20 +----
 3 files changed, 109 insertions(+), 19 deletions(-)
 create mode 100644 tests/TestCase/Api/Users/ChangePasswordApiTest.php

diff --git a/tests/Helper/ApiTestTrait.php b/tests/Helper/ApiTestTrait.php
index 8e20a36..56728f4 100644
--- a/tests/Helper/ApiTestTrait.php
+++ b/tests/Helper/ApiTestTrait.php
@@ -129,4 +129,34 @@ trait ApiTestTrait
         }
         $this->assertEmpty($record);
     }
+
+    /** 
+     * Parses the response body and returns the decoded JSON
+     * 
+     * @return void
+     * @throws \Exception
+     * 
+     * @see https://book.cakephp.org/4/en/orm-query-builder.html
+     */
+    public function getJsonResponseAsArray(): array
+    {
+        if ($this->_response->getHeaders()['Content-Type'][0] !== 'application/json') {
+            throw new \Exception('The response is not a JSON response');
+        }
+
+        return json_decode((string)$this->_response->getBody(), true);
+    }
+
+    /** 
+     * Gets a database records as an array
+     * 
+     * @param string $table The table name
+     * @param array $conditions The conditions to check
+     * @return array
+     * @throws \Cake\Datasource\Exception\RecordNotFoundException
+     */
+    public function getRecordFromDb(string $table, array $conditions): array
+    {
+        return $this->getTableLocator()->get($table)->find()->where($conditions)->first()->toArray();
+    }
 }
diff --git a/tests/TestCase/Api/Users/ChangePasswordApiTest.php b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
new file mode 100644
index 0000000..f1c1b82
--- /dev/null
+++ b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
@@ -0,0 +1,78 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api\Users;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+use App\Test\Helper\ApiTestTrait;
+use Cake\Auth\FormAuthenticate;
+use Cake\Http\ServerRequest;
+use Cake\Http\Response;
+use Cake\Controller\ComponentRegistry;
+
+class ChangePasswordApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+    use ApiTestTrait;
+
+    protected const ENDPOINT = '/api/v1/users/edit';
+
+    /** @var \Cake\Auth\FormAuthenticate */
+    protected $auth;
+
+    /** @var \Cake\Controller\ComponentRegistry */
+    protected $collection;
+
+    protected $fixtures = [
+        'app.Organisations',
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->initializeOpenApiValidator($_ENV['OPENAPI_SPEC'] ?? APP . '../webroot/docs/openapi.yaml');
+
+        $this->collection = new ComponentRegistry();
+        $this->auth = new FormAuthenticate($this->collection, [
+            'userModel' => 'Users',
+        ]);
+    }
+
+    public function testChangePasswordOwnUser(): void
+    {
+        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+        $newPassword = 'Test12345678!';
+
+        $this->put(
+            self::ENDPOINT,
+            [
+                'password' => $newPassword,
+            ]
+        );
+
+        $this->assertResponseOk();
+        //TODO: $this->assertRequestMatchesOpenApiSpec();
+        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
+
+        // Test new password with form login
+        $request = new ServerRequest([
+            'url' => 'users/login',
+            'post' => [
+                'username' => UsersFixture::USER_REGULAR_USER_USERNAME,
+                'password' => $newPassword
+            ],
+        ]);
+        $result = $this->auth->authenticate($request, new Response());
+
+        $this->assertEquals(UsersFixture::USER_REGULAR_USER_ID, $result['id']);
+        $this->assertEquals(UsersFixture::USER_REGULAR_USER_USERNAME, $result['username']);
+    }
+}
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
index 39673ee..d52aea9 100644
--- a/tests/TestCase/Api/Users/EditUserApiTest.php
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -10,6 +10,7 @@ use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
 use App\Test\Fixture\RolesFixture;
 use App\Test\Helper\ApiTestTrait;
+use Authentication\PasswordHasher\DefaultPasswordHasher;
 
 class EditUserApiTest extends TestCase
 {
@@ -65,23 +66,4 @@ class EditUserApiTest extends TestCase
         //TODO: $this->assertRequestMatchesOpenApiSpec();
         $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
     }
-
-    public function testEditSelfUser(): void
-    {
-        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
-        $this->put(
-            self::ENDPOINT,
-            [
-                'username' => 'test',
-            ]
-        );
-
-        $this->assertResponseOk();
-        $this->assertDbRecordExists('Users', [
-            'id' => UsersFixture::USER_REGULAR_USER_ID,
-            'username' => 'test'
-        ]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
-    }
 }

From 5a06a97c321437e6e99e7d94c1e58cc866ece319 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Wed, 19 Jan 2022 14:04:13 +0100
Subject: [PATCH 143/150] new: [doc] Added prerequisites document

---
 documentation/prerequisites.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 documentation/prerequisites.md

diff --git a/documentation/prerequisites.md b/documentation/prerequisites.md
new file mode 100644
index 0000000..98da39d
--- /dev/null
+++ b/documentation/prerequisites.md
@@ -0,0 +1,17 @@
+# Prerequisites based on usecases
+
+This document list the requirements that have to be met in order to perform the desired usecase.
+
+## Connect a local tool to cerebrate
+- **Networking**: The *cerebrate* application must be able to contact the local tool service. That means the address and the port of the local must be reachable by *cerebrate*.
+- **User permissions**: Depends on the actions performed by Cerebrate on the local tool.
+    - Example: For a standard MISP configuration, a simple user with the `user` role is enough for Cerebrate to pass the health check.
+
+## Conect two cerebrate instances together
+- **Networking**: The two *cerebrate* applications must be able to contact each others. That means the address and the port of both tools must be reachable by the other one.
+- **User permissions**: No specific role or set of permission is required. Any user role can be used.
+
+## Connect two local tools through cerebrate
+- **Networking**: The two *cerebrate* applications must be able to contact each others. That means the address and the port of both tools must be reachable by the other one. This also applies to both the local tools.
+- **User permissions**: Depends on the actions performed by Cerebrate on the local tool.
+    - Example: For a standard MISP configuration, in order to have two instance connected, the API key used by *cebrate* to orchestrate the inter-connection must belong to a user having the `site-admin` permission flag. This is essential as only the `site-admin` permission allows to create synchronisation links between MISP instances.
\ No newline at end of file

From c7ccff5e1e22e279a460b0ef463d432da7080ab8 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Wed, 19 Jan 2022 14:19:55 +0100
Subject: [PATCH 144/150] fix: [doc] Typo in text

---
 documentation/prerequisites.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/prerequisites.md b/documentation/prerequisites.md
index 98da39d..7b020ad 100644
--- a/documentation/prerequisites.md
+++ b/documentation/prerequisites.md
@@ -3,7 +3,7 @@
 This document list the requirements that have to be met in order to perform the desired usecase.
 
 ## Connect a local tool to cerebrate
-- **Networking**: The *cerebrate* application must be able to contact the local tool service. That means the address and the port of the local must be reachable by *cerebrate*.
+- **Networking**: The *cerebrate* application must be able to contact the local tool service. That means the address and the port of the local tool must be reachable by *cerebrate*.
 - **User permissions**: Depends on the actions performed by Cerebrate on the local tool.
     - Example: For a standard MISP configuration, a simple user with the `user` role is enough for Cerebrate to pass the health check.
 

From d488f010512f5c85a46bc617f42c301442255e7c Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Wed, 19 Jan 2022 14:39:03 +0100
Subject: [PATCH 145/150] fix: [authkey] add fixed

- incorrectly potentially filter out valid options when adding a key by a regular user
---
 src/Controller/AuthKeysController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/AuthKeysController.php b/src/Controller/AuthKeysController.php
index 454b922..9ed43c3 100644
--- a/src/Controller/AuthKeysController.php
+++ b/src/Controller/AuthKeysController.php
@@ -79,7 +79,7 @@ class AuthKeysController extends AppController
         if (!empty($userConditions)) {
             $users->where($userConditions);
         }
-        $users = $users->order(['username' => 'asc'])->all()->toList();
+        $users = $users->order(['username' => 'asc'])->all()->toArray();
         $this->CRUD->add([
             'displayOnSuccess' => 'authkey_display',
             'beforeSave' => function($data) use ($users) {

From 7ed87ff0f2c660ea18604f394bac9f6900b8490c Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 19 Jan 2022 15:15:49 +0100
Subject: [PATCH 146/150] chg: refactor ApiTestTrait to reduce code
 duplication, enforce openapi spec validations

---
 tests/Helper/ApiTestTrait.php                 | 164 ++++++++++++++++--
 tests/README.md                               |   6 +
 .../Api/AuthKeys/AddAuthKeyApiTest.php        |   6 -
 .../Api/AuthKeys/DeleteAuthKeyApiTest.php     |   8 +-
 .../Api/AuthKeys/IndexAuthKeysApiTest.php     |   6 -
 tests/TestCase/Api/Broods/AddBroodApiTest.php |   6 -
 .../Api/Broods/DeleteBroodApiTest.php         |   6 -
 .../TestCase/Api/Broods/EditBroodApiTest.php  |   6 -
 .../Api/Broods/IndexBroodsApiTest.php         |   4 -
 .../Api/Broods/TestBroodConnectionApiTest.php |   4 -
 .../TestCase/Api/Broods/ViewBroodApiTest.php  |   4 -
 .../AddEncryptionKeyApiTest.php               |   6 -
 .../DeleteEncryptionKeyApiTest.php            |   4 -
 .../EditEncryptionKeyApiTest.php              |   6 -
 .../IndexEncryptionKeysApiTest.php            |   4 -
 .../ViewEncryptionKeyApiTest.php              |   4 -
 .../Api/Inbox/CreateInboxEntryApiTest.php     |   6 -
 .../TestCase/Api/Inbox/IndexInboxApiTest.php  |   4 -
 .../Api/Individuals/AddIndividualApiTest.php  |  36 ++--
 .../Individuals/DeleteIndividualApiTest.php   |   6 -
 .../Api/Individuals/EditIndividualApiTest.php |   6 -
 .../Individuals/IndexIndividualsApiTest.php   |   4 -
 .../Api/Individuals/ViewIndividualApiTest.php |   4 -
 .../Organisations/AddOrganisationApiTest.php  |   6 -
 .../DeleteOrganisationApiTest.php             |   5 -
 .../Organisations/EditOrganisationApiTest.php |   6 -
 .../IndexOrganisationsApiTest.php             |   4 -
 .../Organisations/TagOrganisationApiTest.php  |   6 -
 .../UntagOrganisationApiTest.php              |   6 -
 .../Organisations/ViewOrganisationApiTest.php |   5 -
 .../SharingGroups/AddSharingGroupApiTest.php  |   6 -
 .../DeleteSharingGroupApiTest.php             |   6 -
 .../SharingGroups/EditSharingGroupApiTest.php |   7 -
 .../IndexSharingGroupsApiTest.php             |   4 -
 .../SharingGroups/ViewSharingGroupApiTest.php |   4 -
 tests/TestCase/Api/Tags/IndexTagsApiTest.php  |   5 -
 tests/TestCase/Api/Users/AddUserApiTest.php   |   6 -
 .../Api/Users/ChangePasswordApiTest.php       |   4 -
 .../TestCase/Api/Users/DeleteUserApiTest.php  |   8 -
 tests/TestCase/Api/Users/EditUserApiTest.php  |   7 -
 .../TestCase/Api/Users/IndexUsersApiTest.php  |   4 -
 tests/TestCase/Api/Users/ViewUserApiTest.php  |   6 -
 webroot/docs/openapi.yaml                     |   6 +-
 43 files changed, 172 insertions(+), 249 deletions(-)

diff --git a/tests/Helper/ApiTestTrait.php b/tests/Helper/ApiTestTrait.php
index 56728f4..2060063 100644
--- a/tests/Helper/ApiTestTrait.php
+++ b/tests/Helper/ApiTestTrait.php
@@ -4,25 +4,45 @@ declare(strict_types=1);
 
 namespace App\Test\Helper;
 
+use Cake\TestSuite\IntegrationTestTrait;
 use Cake\Http\Exception\NotImplementedException;
+use Cake\Http\ServerRequestFactory;
+use Cake\Http\ServerRequest;
 use \League\OpenAPIValidation\PSR7\ValidatorBuilder;
 use \League\OpenAPIValidation\PSR7\RequestValidator;
 use \League\OpenAPIValidation\PSR7\ResponseValidator;
 use \League\OpenAPIValidation\PSR7\OperationAddress;
+use PHPUnit\Exception as PHPUnitException;
 
+/**
+ * Trait ApiTestTrait
+ *
+ * @package App\Test\TestCase\Helper
+ */
 trait ApiTestTrait
 {
+    use IntegrationTestTrait {
+        IntegrationTestTrait::_buildRequest as _buildRequestOriginal;
+        IntegrationTestTrait::_sendRequest as _sendRequestOriginal;
+    }
+
     /** @var string */
     protected $_authToken = '';
 
     /** @var ValidatorBuilder */
-    private $validator;
+    private $_validator;
 
     /** @var RequestValidator */
-    private $requestValidator;
+    private $_requestValidator;
 
     /** @var ResponseValidator */
-    private $responseValidator;
+    private $_responseValidator;
+
+    /** @var ServerRequest */
+    protected $_psrRequest;
+
+    /* @var boolean */
+    protected $_skipOpenApiValidations = false;
 
     public function setUp(): void
     {
@@ -40,11 +60,22 @@ trait ApiTestTrait
         $this->configRequest([
             'headers' => [
                 'Accept' => 'application/json',
-                'Authorization' => $this->_authToken
+                'Authorization' => $this->_authToken,
+                'Content-Type' => 'application/json'
             ]
         ]);
     }
 
+    /**
+     * Skip OpenAPI validations.
+     *
+     * @return void
+     */
+    public function skipOpenApiValidations(): void
+    {
+        $this->_skipOpenApiValidations = true;
+    }
+
     public function assertResponseContainsArray(array $expected): void
     {
         $responseArray = json_decode((string)$this->_response->getBody(), true);
@@ -59,22 +90,19 @@ trait ApiTestTrait
      */
     public function initializeOpenApiValidator(string $specFile): void
     {
-        $this->validator = (new ValidatorBuilder)->fromYamlFile($specFile);
-        $this->requestValidator = $this->validator->getRequestValidator();
-        $this->responseValidator = $this->validator->getResponseValidator();
+        $this->_validator = (new ValidatorBuilder)->fromYamlFile($specFile);
+        $this->_requestValidator = $this->_validator->getRequestValidator();
+        $this->_responseValidator = $this->_validator->getResponseValidator();
     }
 
     /**
      * Validates the API request against the OpenAPI spec
      * 
-     * @param string $path The path to the API endpoint 
-     * @param string $method The HTTP method used to call the endpoint 
      * @return void
      */
-    public function assertRequestMatchesOpenApiSpec(string $endpoint, string $method = 'get'): void
+    public function assertRequestMatchesOpenApiSpec(): void
     {
-        // TODO: find a workaround to create a PSR-7 request object for validation
-        throw NotImplementedException("Unfortunately cakephp does not save the PSR-7 request object in the test context");
+        $this->_requestValidator->validate($this->_psrRequest);
     }
 
     /**
@@ -87,7 +115,7 @@ trait ApiTestTrait
     public function assertResponseMatchesOpenApiSpec(string $endpoint, string $method = 'get'): void
     {
         $address = new OperationAddress($endpoint, $method);
-        $this->responseValidator->validate($address, $this->_response);
+        $this->_responseValidator->validate($address, $this->_response);
     }
 
     /** 
@@ -111,7 +139,7 @@ trait ApiTestTrait
     }
 
     /** 
-     * Validates a record do notexists in the database
+     * Validates a record do not exists in the database
      * 
      * @param string $table The table name
      * @param array $conditions The conditions to check
@@ -133,10 +161,8 @@ trait ApiTestTrait
     /** 
      * Parses the response body and returns the decoded JSON
      * 
-     * @return void
+     * @return array
      * @throws \Exception
-     * 
-     * @see https://book.cakephp.org/4/en/orm-query-builder.html
      */
     public function getJsonResponseAsArray(): array
     {
@@ -159,4 +185,108 @@ trait ApiTestTrait
     {
         return $this->getTableLocator()->get($table)->find()->where($conditions)->first()->toArray();
     }
+
+    /**
+     * This method intercepts IntegrationTestTrait::_buildRequest()
+     * in the quest to get a PSR-7 request object and saves it for 
+     * later inspection, also validates it against the OpenAPI spec.
+     * @see \Cake\TestSuite\IntegrationTestTrait::_buildRequest()
+     * 
+     * @param string $url The URL
+     * @param string $method The HTTP method
+     * @param array|string $data The request data.
+     * @return array The request context
+     */
+    protected function _buildRequest(string $url, $method, $data = []): array
+    {
+        $spec = $this->_buildRequestOriginal($url, $method, $data);
+
+        $this->_psrRequest = $this->_createPsr7RequestFromSpec($spec);
+
+        // Validate request against OpenAPI spec
+        if (!$this->_skipOpenApiValidations) {
+            try {
+                $this->assertRequestMatchesOpenApiSpec();
+            } catch (\Exception $exception) {
+                $this->fail($exception->getMessage());
+            }
+        } else {
+            $this->addWarning(
+                sprintf(
+                    'OpenAPI spec validations skipped for request [%s]%s.',
+                    $this->_psrRequest->getMethod(),
+                    $this->_psrRequest->getPath()
+                )
+            );
+        }
+
+        return $spec;
+    }
+
+    /**
+     * This method intercepts IntegrationTestTrait::_buildRequest()
+     * and validates the response against the OpenAPI spec.
+     *
+     * @see \Cake\TestSuite\IntegrationTestTrait::_sendRequest()
+     *
+     * @param array|string $url The URL
+     * @param string $method The HTTP method
+     * @param array|string $data The request data.
+     * @return void
+     * @throws \PHPUnit\Exception|\Throwable
+     */
+    protected function _sendRequest($url, $method, $data = []): void
+    {
+        // Adding Content-Type: application/json $this->configRequest() prevents this from happening somehow
+        if (in_array($method, ['POST', 'PATCH', 'PUT']) && $this->_request['headers']['Content-Type'] === 'application/json') {
+            $data = json_encode($data);
+        }
+
+        $this->_sendRequestOriginal($url, $method, $data);
+
+        // Validate response against OpenAPI spec
+        if (!$this->_skipOpenApiValidations) {
+            $this->assertResponseMatchesOpenApiSpec(
+                $this->_psrRequest->getPath(),
+                strtolower($this->_psrRequest->getMethod())
+            );
+        } else {
+            $this->addWarning(
+                sprintf(
+                    'OpenAPI spec validations skipped for response of [%s]%s.',
+                    $this->_psrRequest->getMethod(),
+                    $this->_psrRequest->getPath()
+                )
+            );
+        }
+    }
+
+    /**
+     * Create a PSR-7 request from the request spec.
+     * @see \Cake\TestSuite\MiddlewareDispatcher::_createRequest()
+     * 
+     * @param array<string, mixed> $spec The request spec.
+     * @return \Cake\Http\ServerRequest
+     */
+    private function _createPsr7RequestFromSpec(array $spec): ServerRequest
+    {
+        if (isset($spec['input'])) {
+            $spec['post'] = [];
+            $spec['environment']['CAKEPHP_INPUT'] = $spec['input'];
+        }
+        $environment = array_merge(
+            array_merge($_SERVER, ['REQUEST_URI' => $spec['url']]),
+            $spec['environment']
+        );
+        if (strpos($environment['PHP_SELF'], 'phpunit') !== false) {
+            $environment['PHP_SELF'] = '/';
+        }
+        return ServerRequestFactory::fromGlobals(
+            $environment,
+            $spec['query'],
+            $spec['post'],
+            $spec['cookies'],
+            $spec['files']
+        );
+    }
 }
diff --git a/tests/README.md b/tests/README.md
index e080442..d5f4385 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -115,6 +115,12 @@ The default OpenAPI spec path is set in `phpunit.xml` as a environment variablea
     <env name="OPENAPI_SPEC" value="webroot/docs/openapi.yaml" />
 </php>
 ```
+
+### Debugging tests
+```
+$ export XDEBUG_CONFIG="idekey=IDEKEY"
+$ phpunit
+```
     
 ## TODO
 - [ ] Validate API requests against the OpenAPI spec
diff --git a/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php b/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
index 810dad2..32a79c4 100644
--- a/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
+++ b/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class AddAuthKeyApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/authKeys/add';
@@ -46,8 +44,6 @@ class AddAuthKeyApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
         $this->assertDbRecordExists('AuthKeys', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 
     public function testAddAdminAuthKeyNotAllowedAsRegularUser(): void
@@ -72,7 +68,5 @@ class AddAuthKeyApiTest extends TestCase
         $this->assertResponseCode(404);
         $this->addWarning('Should return 405 Method Not Allowed instead of 404 Not Found');
         $this->assertDbRecordNotExists('AuthKeys', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 }
diff --git a/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php b/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
index 21a22f6..539ab29 100644
--- a/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
+++ b/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
@@ -4,15 +4,12 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
-use App\Test\Fixture\BroodsFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class DeleteAuthKeyApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/authKeys/delete';
@@ -33,19 +30,16 @@ class DeleteAuthKeyApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertDbRecordNotExists('AuthKeys', ['id' => AuthKeysFixture::ADMIN_API_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 
     public function testDeleteOrgAdminAuthKeyNotAllowedAsRegularUser(): void
     {
         $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
         $url = sprintf('%s/%d', self::ENDPOINT, AuthKeysFixture::ORG_ADMIN_API_ID);
+
         $this->delete($url);
 
         $this->assertResponseCode(405);
         $this->assertDbRecordExists('AuthKeys', ['id' => AuthKeysFixture::ORG_ADMIN_API_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 }
diff --git a/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php b/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
index 9fbe3e6..43a3390 100644
--- a/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
+++ b/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
@@ -4,14 +4,12 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class IndexAuthKeysApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/authKeys/index';
@@ -31,8 +29,6 @@ class IndexAuthKeysApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', AuthKeysFixture::ADMIN_API_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 
     public function testIndexDoesNotShowAdminAuthKeysAsRegularUser(): void
@@ -42,7 +38,5 @@ class IndexAuthKeysApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseNotContains(sprintf('"id": %d', AuthKeysFixture::REGULAR_USER_API_KEY));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/Broods/AddBroodApiTest.php b/tests/TestCase/Api/Broods/AddBroodApiTest.php
index 14fb2c5..3da884c 100644
--- a/tests/TestCase/Api/Broods/AddBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/AddBroodApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\OrganisationsFixture;
 use App\Test\Fixture\AuthKeysFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class AddBroodApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/broods/add';
@@ -51,8 +49,6 @@ class AddBroodApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
         $this->assertDbRecordExists('Broods', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 
     public function testAddBroodNotAllowedAsRegularUser(): void
@@ -79,7 +75,5 @@ class AddBroodApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordNotExists('Broods', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 }
diff --git a/tests/TestCase/Api/Broods/DeleteBroodApiTest.php b/tests/TestCase/Api/Broods/DeleteBroodApiTest.php
index 1b90bd6..c54e47a 100644
--- a/tests/TestCase/Api/Broods/DeleteBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/DeleteBroodApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\BroodsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class DeleteBroodApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/broods/delete';
@@ -34,8 +32,6 @@ class DeleteBroodApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertDbRecordNotExists('Broods', ['id' => BroodsFixture::BROOD_A_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 
     public function testDeleteBroodNotAllowedAsRegularUser(): void
@@ -46,7 +42,5 @@ class DeleteBroodApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordExists('Broods', ['id' => BroodsFixture::BROOD_A_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 }
diff --git a/tests/TestCase/Api/Broods/EditBroodApiTest.php b/tests/TestCase/Api/Broods/EditBroodApiTest.php
index d8fa01f..9bf3077 100644
--- a/tests/TestCase/Api/Broods/EditBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/EditBroodApiTest.php
@@ -7,13 +7,11 @@ namespace App\Test\TestCase\Api\Users;
 use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
-use App\Test\Fixture\OrganisationsFixture;
 use App\Test\Fixture\BroodsFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class EditBroodApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/broods/edit';
@@ -47,8 +45,6 @@ class EditBroodApiTest extends TestCase
                 'name' => 'Test Brood 4321',
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 
     public function testEditBroodNotAllowedAsRegularUser(): void
@@ -71,7 +67,5 @@ class EditBroodApiTest extends TestCase
                 'name' => 'Test Brood 1234'
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 }
diff --git a/tests/TestCase/Api/Broods/IndexBroodsApiTest.php b/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
index 856b151..598898d 100644
--- a/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
+++ b/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\BroodsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class IndexBroodsApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/users/index';
@@ -33,7 +31,5 @@ class IndexBroodsApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', BroodsFixture::BROOD_A_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php b/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php
index 1084131..31c2d48 100644
--- a/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php
+++ b/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\BroodsFixture;
@@ -14,7 +13,6 @@ use \WireMock\Client\WireMock;
 
 class TestBroodConnectionApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
     use WireMockTestTrait;
 
@@ -46,8 +44,6 @@ class TestBroodConnectionApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains('"user": "wiremock"');
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url);
     }
 
     private function mockCerebrateStatusResponse(): \WireMock\Stubbing\StubMapping
diff --git a/tests/TestCase/Api/Broods/ViewBroodApiTest.php b/tests/TestCase/Api/Broods/ViewBroodApiTest.php
index 35bb957..c357d90 100644
--- a/tests/TestCase/Api/Broods/ViewBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/ViewBroodApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\BroodsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class ViewBroodApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/broods/view';
@@ -34,7 +32,5 @@ class ViewBroodApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', BroodsFixture::BROOD_A_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url);
     }
 }
diff --git a/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
index b876800..1adf5d9 100644
--- a/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\EncryptionKeysFixture;
@@ -13,7 +12,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class AddEncryptionKeyApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/encryptionKeys/add';
@@ -50,8 +48,6 @@ class AddEncryptionKeyApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
         $this->assertDbRecordExists('EncryptionKeys', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 
     public function testAddAdminUserEncryptionKeyNotAllowedAsRegularUser(): void
@@ -76,7 +72,5 @@ class AddEncryptionKeyApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordNotExists('EncryptionKeys', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 }
diff --git a/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
index 02ecd25..4bf0174 100644
--- a/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\EncryptionKeysFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class DeleteEncryptionKeyApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/encryptionKeys/delete';
@@ -46,7 +44,5 @@ class DeleteEncryptionKeyApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordExists('EncryptionKeys', ['id' => EncryptionKeysFixture::ENCRYPTION_KEY_ORG_B_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 }
diff --git a/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
index 56a25d3..300a969 100644
--- a/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\EncryptionKeysFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class EditEncryptionKeyApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/encryptionKeys/edit';
@@ -46,8 +44,6 @@ class EditEncryptionKeyApiTest extends TestCase
                 'revoked' => true,
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 
     public function testRevokeAdminEncryptionKeyNotAllowedAsRegularUser(): void
@@ -70,7 +66,5 @@ class EditEncryptionKeyApiTest extends TestCase
                 'revoked' => true
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 }
diff --git a/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php b/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php
index 0b7cb98..9aec4c5 100644
--- a/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\EncryptionKeysFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class IndexEncryptionKeysApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/encryptionKeys/index';
@@ -34,7 +32,5 @@ class IndexEncryptionKeysApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php
index 8e46119..39c6519 100644
--- a/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\EncryptionKeysFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class ViewEncryptionKeyApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/encryptionKeys/view';
@@ -34,7 +32,5 @@ class ViewEncryptionKeyApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url);
     }
 }
diff --git a/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php b/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
index 39879f3..9c34aa0 100644
--- a/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
+++ b/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
@@ -4,14 +4,12 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class CreateInboxEntryApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/inbox/createEntry';
@@ -51,8 +49,6 @@ class CreateInboxEntryApiTest extends TestCase
                 'action' => 'Registration',
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'post');
     }
 
     public function testAddUserRegistrationInboxNotAllowedAsRegularUser(): void
@@ -70,7 +66,5 @@ class CreateInboxEntryApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordNotExists('Inbox', ['id' => 3]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'post');
     }
 }
diff --git a/tests/TestCase/Api/Inbox/IndexInboxApiTest.php b/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
index 46f1b92..da99710 100644
--- a/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
+++ b/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\InboxFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class IndexInboxApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/inbox/index';
@@ -34,7 +32,5 @@ class IndexInboxApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', InboxFixture::INBOX_USER_REGISTRATION_ID));
         $this->assertResponseContains(sprintf('"id": %d', InboxFixture::INBOX_INCOMING_CONNECTION_REQUEST_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/Individuals/AddIndividualApiTest.php b/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
index 0320c30..cced4e4 100644
--- a/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
@@ -4,14 +4,12 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class AddIndividualApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/individuals/add';
@@ -40,26 +38,22 @@ class AddIndividualApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains('"email": "john@example.com"');
         $this->assertDbRecordExists('Individuals', ['email' => 'john@example.com']);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 
-    public function testAddUserNotAllowedAsRegularUser(): void
-    {
-        $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
-        $this->post(
-            self::ENDPOINT,
-            [
-                'email' => 'john@example.com',
-                'first_name' => 'John',
-                'last_name' => 'Doe',
-                'position' => 'Security Analyst'
-            ]
-        );
+    // public function testAddUserNotAllowedAsRegularUser(): void
+    // {
+    //     $this->setAuthToken(AuthKeysFixture::REGULAR_USER_API_KEY);
+    //     $this->post(
+    //         self::ENDPOINT,
+    //         [
+    //             'email' => 'john@example.com',
+    //             'first_name' => 'John',
+    //             'last_name' => 'Doe',
+    //             'position' => 'Security Analyst'
+    //         ]
+    //     );
 
-        $this->assertResponseCode(405);
-        $this->assertDbRecordNotExists('Individuals', ['email' => 'john@example.com']);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
-    }
+    //     $this->assertResponseCode(405);
+    //     $this->assertDbRecordNotExists('Individuals', ['email' => 'john@example.com']);
+    // }
 }
diff --git a/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
index 32b4ba7..0768b59 100644
--- a/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\IndividualsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class DeleteIndividualApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/individuals/delete';
@@ -33,8 +31,6 @@ class DeleteIndividualApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertDbRecordNotExists('Individuals', ['id' => IndividualsFixture::INDIVIDUAL_A_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 
     public function testDeleteIndividualNotAllowedAsRegularUser(): void
@@ -45,7 +41,5 @@ class DeleteIndividualApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordExists('Individuals', ['id' => IndividualsFixture::INDIVIDUAL_ADMIN_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 }
diff --git a/tests/TestCase/Api/Individuals/EditIndividualApiTest.php b/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
index 642482c..cdff2d9 100644
--- a/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\IndividualsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class EditIndividualApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/individuals/edit';
@@ -41,8 +39,6 @@ class EditIndividualApiTest extends TestCase
             'id' => IndividualsFixture::INDIVIDUAL_REGULAR_USER_ID,
             'email' => 'foo@bar.com'
         ]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 
     public function testEditAnyIndividualNotAllowedAsRegularUser(): void
@@ -61,7 +57,5 @@ class EditIndividualApiTest extends TestCase
             'id' => IndividualsFixture::INDIVIDUAL_ADMIN_ID,
             'email' => 'foo@bar.com'
         ]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 }
diff --git a/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php b/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
index d8254d1..29da85f 100644
--- a/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
+++ b/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\IndividualsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class IndexIndividualsApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/individuals/index';
@@ -32,7 +30,5 @@ class IndexIndividualsApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', IndividualsFixture::INDIVIDUAL_ADMIN_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php b/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
index 5d47610..8589f1f 100644
--- a/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\IndividualsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class ViewIndividualApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/individuals/view';
@@ -33,7 +31,5 @@ class ViewIndividualApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', IndividualsFixture::INDIVIDUAL_ADMIN_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url);
     }
 }
diff --git a/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
index d561292..bde14a0 100644
--- a/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
@@ -4,14 +4,12 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class AddOrganisationApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/organisations/add';
@@ -47,8 +45,6 @@ class AddOrganisationApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
         $this->assertDbRecordExists('Organisations', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 
     public function testAddOrganisationNotAllowedAsRegularUser(): void
@@ -73,7 +69,5 @@ class AddOrganisationApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordNotExists('Organisations', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 }
diff --git a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
index 12b62d1..9e3ae3c 100644
--- a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
@@ -12,7 +12,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class DeleteOrganisationApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/organisations/delete';
@@ -33,8 +32,6 @@ class DeleteOrganisationApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertDbRecordNotExists('Organisations', ['id' => OrganisationsFixture::ORGANISATION_B_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 
     public function testDeleteOrganisationNotAllowedAsRegularUser(): void
@@ -45,7 +42,5 @@ class DeleteOrganisationApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordExists('Organisations', ['id' => OrganisationsFixture::ORGANISATION_B_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 }
diff --git a/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
index 75c032c..4587808 100644
--- a/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\OrganisationsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class EditOrganisationApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/organisations/edit';
@@ -45,8 +43,6 @@ class EditOrganisationApiTest extends TestCase
                 'name' => 'Test Organisation 4321',
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 
     public function testEditOrganisationNotAllowedAsRegularUser(): void
@@ -69,7 +65,5 @@ class EditOrganisationApiTest extends TestCase
                 'name' => 'Test Organisation 1234'
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 }
diff --git a/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php b/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
index 709883a..23a68c9 100644
--- a/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
+++ b/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\OrganisationsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class IndexOrganisationApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/organisations/index';
@@ -33,7 +31,5 @@ class IndexOrganisationApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', OrganisationsFixture::ORGANISATION_A_ID));
         $this->assertResponseContains(sprintf('"id": %d', OrganisationsFixture::ORGANISATION_B_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
index c79109a..d22f31a 100644
--- a/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\OrganisationsFixture;
@@ -13,7 +12,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class TagOrganisationApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/organisations/tag';
@@ -49,8 +47,6 @@ class TagOrganisationApiTest extends TestCase
                 'fk_model' => 'Organisations'
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'post');
     }
 
     public function testTagOrganisationNotAllowedAsRegularUser(): void
@@ -74,7 +70,5 @@ class TagOrganisationApiTest extends TestCase
                 'fk_model' => 'Organisations'
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'post');
     }
 }
diff --git a/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
index 1aff58a..6cbb55d 100644
--- a/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\OrganisationsFixture;
@@ -13,7 +12,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class UntagOrganisationApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/organisations/untag';
@@ -49,8 +47,6 @@ class UntagOrganisationApiTest extends TestCase
                 'fk_model' => 'Organisations'
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'post');
     }
 
     public function testUntagOrganisationNotAllowedAsRegularUser(): void
@@ -74,7 +70,5 @@ class UntagOrganisationApiTest extends TestCase
                 'fk_model' => 'Organisations'
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'post');
     }
 }
diff --git a/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php b/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
index 7170e98..5e51698 100644
--- a/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
@@ -4,16 +4,13 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\OrganisationsFixture;
-use App\Test\Fixture\UsersFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class ViewOrganisationApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/organisations/view';
@@ -36,7 +33,5 @@ class ViewOrganisationApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains('"name": "Organisation A"');
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url);
     }
 }
diff --git a/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
index 0b0c8ab..2843687 100644
--- a/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\OrganisationsFixture;
 use App\Test\Fixture\UsersFixture;
@@ -13,7 +12,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class AddSharingGroupApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/sharingGroups/add';
@@ -51,8 +49,6 @@ class AddSharingGroupApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"uuid": "%s"', $uuid));
         $this->assertDbRecordExists('SharingGroups', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 
     public function testAddSharingGroupNotAllowedAsRegularUser(): void
@@ -78,7 +74,5 @@ class AddSharingGroupApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordNotExists('SharingGroups', ['uuid' => $uuid]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 }
diff --git a/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
index 36379d4..b9d4a0c 100644
--- a/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\SharingGroupsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class DeleteSharingGroupApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/sharingGroups/delete';
@@ -34,8 +32,6 @@ class DeleteSharingGroupApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertDbRecordNotExists('SharingGroups', ['id' => SharingGroupsFixture::SHARING_GROUP_A_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 
     public function testDeleteSharingGroupNotAllowedAsRegularUser(): void
@@ -46,7 +42,5 @@ class DeleteSharingGroupApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordExists('SharingGroups', ['id' => SharingGroupsFixture::SHARING_GROUP_A_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 }
diff --git a/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
index 7de711c..9f861e8 100644
--- a/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
@@ -4,16 +4,13 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
-use App\Test\Fixture\OrganisationsFixture;
 use App\Test\Fixture\SharingGroupsFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class EditSharingGroupApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/sharingGroups/edit';
@@ -47,8 +44,6 @@ class EditSharingGroupApiTest extends TestCase
                 'name' => 'Test Sharing Group 4321',
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 
     public function testEditSharingGroupNotAllowedAsRegularUser(): void
@@ -71,7 +66,5 @@ class EditSharingGroupApiTest extends TestCase
                 'name' => 'Test Sharing Group 1234'
             ]
         );
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 }
diff --git a/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php b/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
index 82f7255..2cbded2 100644
--- a/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\SharingGroupsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class IndexSharingGroupsApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/sharingGroups/index';
@@ -34,7 +32,5 @@ class IndexSharingGroupsApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', SharingGroupsFixture::SHARING_GROUP_A_ID));
         $this->assertResponseContains(sprintf('"id": %d', SharingGroupsFixture::SHARING_GROUP_B_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
index 3944122..0bbfbf5 100644
--- a/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\SharingGroupsFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class ViewSharingGroupApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/sharingGroups/view';
@@ -34,7 +32,5 @@ class ViewSharingGroupApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"id": %d', SharingGroupsFixture::SHARING_GROUP_A_ID));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url);
     }
 }
diff --git a/tests/TestCase/Api/Tags/IndexTagsApiTest.php b/tests/TestCase/Api/Tags/IndexTagsApiTest.php
index 330e93f..962750f 100644
--- a/tests/TestCase/Api/Tags/IndexTagsApiTest.php
+++ b/tests/TestCase/Api/Tags/IndexTagsApiTest.php
@@ -4,15 +4,12 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
-use App\Test\Fixture\UsersFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class IndexTagsApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/tags/index';
@@ -35,7 +32,5 @@ class IndexTagsApiTest extends TestCase
         $this->assertResponseContains('"name": "red"');
         $this->assertResponseContains('"name": "green"');
         $this->assertResponseContains('"name": "blue"');
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/Users/AddUserApiTest.php b/tests/TestCase/Api/Users/AddUserApiTest.php
index 396307e..6741b9b 100644
--- a/tests/TestCase/Api/Users/AddUserApiTest.php
+++ b/tests/TestCase/Api/Users/AddUserApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
@@ -14,7 +13,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class AddUserApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/users/add';
@@ -45,8 +43,6 @@ class AddUserApiTest extends TestCase
         $this->assertResponseOk();
         $this->assertResponseContains('"username": "test"');
         $this->assertDbRecordExists('Users', ['username' => 'test']);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 
     public function testAddUserNotAllowedAsRegularUser(): void
@@ -66,7 +62,5 @@ class AddUserApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordNotExists('Users', ['username' => 'test']);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'post');
     }
 }
diff --git a/tests/TestCase/Api/Users/ChangePasswordApiTest.php b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
index f1c1b82..fca8339 100644
--- a/tests/TestCase/Api/Users/ChangePasswordApiTest.php
+++ b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
@@ -16,7 +15,6 @@ use Cake\Controller\ComponentRegistry;
 
 class ChangePasswordApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/users/edit';
@@ -59,8 +57,6 @@ class ChangePasswordApiTest extends TestCase
         );
 
         $this->assertResponseOk();
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
 
         // Test new password with form login
         $request = new ServerRequest([
diff --git a/tests/TestCase/Api/Users/DeleteUserApiTest.php b/tests/TestCase/Api/Users/DeleteUserApiTest.php
index 48f9069..4e99963 100644
--- a/tests/TestCase/Api/Users/DeleteUserApiTest.php
+++ b/tests/TestCase/Api/Users/DeleteUserApiTest.php
@@ -4,17 +4,13 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
-use App\Test\Fixture\OrganisationsFixture;
-use App\Test\Fixture\RolesFixture;
 use App\Test\Helper\ApiTestTrait;
 
 class DeleteUserApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/users/delete';
@@ -35,8 +31,6 @@ class DeleteUserApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertDbRecordNotExists('Users', ['id' => UsersFixture::USER_REGULAR_USER_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 
     public function testDeleteUserNotAllowedAsRegularUser(): void
@@ -47,7 +41,5 @@ class DeleteUserApiTest extends TestCase
 
         $this->assertResponseCode(405);
         $this->assertDbRecordExists('Users', ['id' => UsersFixture::USER_ORG_ADMIN_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 }
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
index d52aea9..93a0df8 100644
--- a/tests/TestCase/Api/Users/EditUserApiTest.php
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -4,17 +4,14 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
 use App\Test\Fixture\RolesFixture;
 use App\Test\Helper\ApiTestTrait;
-use Authentication\PasswordHasher\DefaultPasswordHasher;
 
 class EditUserApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/users/edit';
@@ -44,8 +41,6 @@ class EditUserApiTest extends TestCase
             'id' => UsersFixture::USER_REGULAR_USER_ID,
             'role_id' => RolesFixture::ROLE_ORG_ADMIN_ID
         ]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'put');
     }
 
     public function testEditRoleNotAllowedAsRegularUser(): void
@@ -63,7 +58,5 @@ class EditUserApiTest extends TestCase
             'id' => UsersFixture::USER_REGULAR_USER_ID,
             'role_id' => RolesFixture::ROLE_ADMIN_ID
         ]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT, 'put');
     }
 }
diff --git a/tests/TestCase/Api/Users/IndexUsersApiTest.php b/tests/TestCase/Api/Users/IndexUsersApiTest.php
index 7d96936..7303224 100644
--- a/tests/TestCase/Api/Users/IndexUsersApiTest.php
+++ b/tests/TestCase/Api/Users/IndexUsersApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class IndexUsersApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/users/index';
@@ -32,7 +30,5 @@ class IndexUsersApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 }
diff --git a/tests/TestCase/Api/Users/ViewUserApiTest.php b/tests/TestCase/Api/Users/ViewUserApiTest.php
index d1d2c54..576f2f8 100644
--- a/tests/TestCase/Api/Users/ViewUserApiTest.php
+++ b/tests/TestCase/Api/Users/ViewUserApiTest.php
@@ -4,7 +4,6 @@ declare(strict_types=1);
 
 namespace App\Test\TestCase\Api\Users;
 
-use Cake\TestSuite\IntegrationTestTrait;
 use Cake\TestSuite\TestCase;
 use App\Test\Fixture\AuthKeysFixture;
 use App\Test\Fixture\UsersFixture;
@@ -12,7 +11,6 @@ use App\Test\Helper\ApiTestTrait;
 
 class ViewUserApiTest extends TestCase
 {
-    use IntegrationTestTrait;
     use ApiTestTrait;
 
     protected const ENDPOINT = '/api/v1/users/view';
@@ -32,8 +30,6 @@ class ViewUserApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_ADMIN_USERNAME));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec(self::ENDPOINT);
     }
 
     public function testViewUserById(): void
@@ -44,7 +40,5 @@ class ViewUserApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::USER_REGULAR_USER_USERNAME));
-        // TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url);
     }
 }
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index 076af9f..b584bfc 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -70,7 +70,7 @@ paths:
       summary: "Add individual"
       operationId: addIndividual
       tags:
-        - Users
+        - Individuals
       requestBody:
         $ref: "#/components/requestBodies/CreateIndividualRequest"
       responses:
@@ -1517,11 +1517,11 @@ components:
               uuid:
                 $ref: "#/components/schemas/UUID"
               email:
-                $ref: "#/components/schemas/IndividualLastName"
+                $ref: "#/components/schemas/Email"
               first_name:
                 $ref: "#/components/schemas/IndividualFirstName"
               last_name:
-                type: boolean
+                $ref: "#/components/schemas/IndividualLastName"
               position:
                 $ref: "#/components/schemas/IndividualPosition"
 

From 862ea58e490cedb64708288d19efc7df315514c6 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 19 Jan 2022 15:18:29 +0100
Subject: [PATCH 147/150] fix: assertions are already executed

---
 .../TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php  | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
index 4bf0174..b089c91 100644
--- a/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
@@ -32,8 +32,6 @@ class DeleteEncryptionKeyApiTest extends TestCase
 
         $this->assertResponseOk();
         $this->assertDbRecordNotExists('EncryptionKeys', ['id' => EncryptionKeysFixture::ENCRYPTION_KEY_ORG_A_ID]);
-        //TODO: $this->assertRequestMatchesOpenApiSpec();
-        $this->assertResponseMatchesOpenApiSpec($url, 'delete');
     }
 
     public function testDeleteEncryptionKeyNotAllowedAsRegularUser(): void

From b1f63f190c343efd3af3d66896c7c4df6644410c Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 19 Jan 2022 16:08:50 +0100
Subject: [PATCH 148/150] chg: move openapi validator initialization to
 tests/bootstrap.php so its only parsed once.

---
 tests/Helper/ApiTestTrait.php                 | 24 ++++++++++---------
 .../Api/Users/ChangePasswordApiTest.php       |  2 +-
 tests/bootstrap.php                           |  8 +++++++
 3 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/tests/Helper/ApiTestTrait.php b/tests/Helper/ApiTestTrait.php
index 2060063..a55268c 100644
--- a/tests/Helper/ApiTestTrait.php
+++ b/tests/Helper/ApiTestTrait.php
@@ -5,14 +5,14 @@ declare(strict_types=1);
 namespace App\Test\Helper;
 
 use Cake\TestSuite\IntegrationTestTrait;
-use Cake\Http\Exception\NotImplementedException;
+use Cake\Core\Configure;
 use Cake\Http\ServerRequestFactory;
 use Cake\Http\ServerRequest;
+use Cake\Http\Exception\NotImplementedException;
 use \League\OpenAPIValidation\PSR7\ValidatorBuilder;
 use \League\OpenAPIValidation\PSR7\RequestValidator;
 use \League\OpenAPIValidation\PSR7\ResponseValidator;
 use \League\OpenAPIValidation\PSR7\OperationAddress;
-use PHPUnit\Exception as PHPUnitException;
 
 /**
  * Trait ApiTestTrait
@@ -47,7 +47,7 @@ trait ApiTestTrait
     public function setUp(): void
     {
         parent::setUp();
-        $this->initializeOpenApiValidator($_ENV['OPENAPI_SPEC'] ?? APP . '../webroot/docs/openapi.yaml');
+        $this->initializeOpenApiValidator();
     }
 
     public function setAuthToken(string $authToken): void
@@ -83,16 +83,18 @@ trait ApiTestTrait
     }
 
     /**
-     * Parse the OpenAPI specification and create a validator
+     * Load OpenAPI specification validator
      * 
-     * @param string $specFile
      * @return void
      */
-    public function initializeOpenApiValidator(string $specFile): void
+    public function initializeOpenApiValidator(): void
     {
-        $this->_validator = (new ValidatorBuilder)->fromYamlFile($specFile);
-        $this->_requestValidator = $this->_validator->getRequestValidator();
-        $this->_responseValidator = $this->_validator->getResponseValidator();
+        if (!$this->_skipOpenApiValidations) {
+            $this->_validator =  Configure::read('App.OpenAPIValidator');
+            if ($this->_validator === null) {
+                throw new \Exception('OpenAPI validator is not configured');
+            }
+        }
     }
 
     /**
@@ -102,7 +104,7 @@ trait ApiTestTrait
      */
     public function assertRequestMatchesOpenApiSpec(): void
     {
-        $this->_requestValidator->validate($this->_psrRequest);
+        $this->_validator->getRequestValidator()->validate($this->_psrRequest);
     }
 
     /**
@@ -115,7 +117,7 @@ trait ApiTestTrait
     public function assertResponseMatchesOpenApiSpec(string $endpoint, string $method = 'get'): void
     {
         $address = new OperationAddress($endpoint, $method);
-        $this->_responseValidator->validate($address, $this->_response);
+        $this->_validator->getResponseValidator()->validate($address, $this->_response);
     }
 
     /** 
diff --git a/tests/TestCase/Api/Users/ChangePasswordApiTest.php b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
index fca8339..8dcd517 100644
--- a/tests/TestCase/Api/Users/ChangePasswordApiTest.php
+++ b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
@@ -36,7 +36,7 @@ class ChangePasswordApiTest extends TestCase
     public function setUp(): void
     {
         parent::setUp();
-        $this->initializeOpenApiValidator($_ENV['OPENAPI_SPEC'] ?? APP . '../webroot/docs/openapi.yaml');
+        $this->initializeOpenApiValidator();
 
         $this->collection = new ComponentRegistry();
         $this->auth = new FormAuthenticate($this->collection, [
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 34939c3..7523c28 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -19,6 +19,10 @@ declare(strict_types=1);
 use Cake\Core\Configure;
 use Cake\Datasource\ConnectionManager;
 use Migrations\TestSuite\Migrator;
+use \League\OpenAPIValidation\PSR7\ValidatorBuilder;
+use \League\OpenAPIValidation\PSR7\RequestValidator;
+use \League\OpenAPIValidation\PSR7\ResponseValidator;
+use \League\OpenAPIValidation\PSR7\OperationAddress;
 
 /**
  * Test runner bootstrap.
@@ -64,3 +68,7 @@ if (!$_ENV['SKIP_DB_MIGRATIONS']) {
 } else {
     echo "[ * ] Skipping DB migrations ...\n";
 }
+
+$specFile = $_ENV['OPENAPI_SPEC'] ?? APP . '../webroot/docs/openapi.yaml';
+// Initialize OpenAPI spec validator
+Configure::write('App.OpenAPIValidator', (new ValidatorBuilder)->fromYamlFile($specFile));

From 01b4bc9bac7d0804ef26e526e92fa8f9bcfc59ab Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 19 Jan 2022 16:13:37 +0100
Subject: [PATCH 149/150] chg: remove todo section

---
 tests/README.md | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/tests/README.md b/tests/README.md
index d5f4385..434f84a 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -121,8 +121,3 @@ The default OpenAPI spec path is set in `phpunit.xml` as a environment variablea
 $ export XDEBUG_CONFIG="idekey=IDEKEY"
 $ phpunit
 ```
-    
-## TODO
-- [ ] Validate API requests against the OpenAPI spec
-- [ ] Validate response content matches / implement _seeResponseContainsJson()_ or equivalent
-- [ ] Parse OpenAPI spec only once per test run, currently re-loading in every _TestCase::setUp()_
\ No newline at end of file

From 25b7d167f1d0d8a335e727a876764c0c160f2a9e Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 19 Jan 2022 16:22:44 +0100
Subject: [PATCH 150/150] chg: remove the /api/v1 prefix for api endpoints

---
 config/routes.php                             | 35 +++-----
 .../Api/AuthKeys/AddAuthKeyApiTest.php        |  2 +-
 .../Api/AuthKeys/DeleteAuthKeyApiTest.php     |  2 +-
 .../Api/AuthKeys/IndexAuthKeysApiTest.php     |  2 +-
 tests/TestCase/Api/Broods/AddBroodApiTest.php |  2 +-
 .../Api/Broods/DeleteBroodApiTest.php         |  2 +-
 .../TestCase/Api/Broods/EditBroodApiTest.php  |  2 +-
 .../Api/Broods/IndexBroodsApiTest.php         |  2 +-
 .../Api/Broods/TestBroodConnectionApiTest.php |  2 +-
 .../TestCase/Api/Broods/ViewBroodApiTest.php  |  2 +-
 .../AddEncryptionKeyApiTest.php               |  2 +-
 .../DeleteEncryptionKeyApiTest.php            |  2 +-
 .../EditEncryptionKeyApiTest.php              |  2 +-
 .../IndexEncryptionKeysApiTest.php            |  2 +-
 .../ViewEncryptionKeyApiTest.php              |  2 +-
 .../Api/Inbox/CreateInboxEntryApiTest.php     |  2 +-
 .../TestCase/Api/Inbox/IndexInboxApiTest.php  |  2 +-
 .../Api/Individuals/AddIndividualApiTest.php  |  2 +-
 .../Individuals/DeleteIndividualApiTest.php   |  2 +-
 .../Api/Individuals/EditIndividualApiTest.php |  2 +-
 .../Individuals/IndexIndividualsApiTest.php   |  2 +-
 .../Api/Individuals/ViewIndividualApiTest.php |  2 +-
 .../Organisations/AddOrganisationApiTest.php  |  2 +-
 .../DeleteOrganisationApiTest.php             |  2 +-
 .../Organisations/EditOrganisationApiTest.php |  2 +-
 .../IndexOrganisationsApiTest.php             |  2 +-
 .../Organisations/TagOrganisationApiTest.php  |  2 +-
 .../UntagOrganisationApiTest.php              |  2 +-
 .../Organisations/ViewOrganisationApiTest.php |  2 +-
 .../SharingGroups/AddSharingGroupApiTest.php  |  2 +-
 .../DeleteSharingGroupApiTest.php             |  2 +-
 .../SharingGroups/EditSharingGroupApiTest.php |  2 +-
 .../IndexSharingGroupsApiTest.php             |  2 +-
 .../SharingGroups/ViewSharingGroupApiTest.php |  2 +-
 tests/TestCase/Api/Tags/IndexTagsApiTest.php  |  2 +-
 tests/TestCase/Api/Users/AddUserApiTest.php   |  2 +-
 .../Api/Users/ChangePasswordApiTest.php       |  2 +-
 .../TestCase/Api/Users/DeleteUserApiTest.php  |  2 +-
 tests/TestCase/Api/Users/EditUserApiTest.php  |  2 +-
 .../TestCase/Api/Users/IndexUsersApiTest.php  |  2 +-
 tests/TestCase/Api/Users/ViewUserApiTest.php  |  2 +-
 webroot/docs/openapi.yaml                     | 90 +++++++++----------
 42 files changed, 96 insertions(+), 109 deletions(-)

diff --git a/config/routes.php b/config/routes.php
index d51121a..ac1ab26 100644
--- a/config/routes.php
+++ b/config/routes.php
@@ -92,27 +92,14 @@ $routes->prefix('Open', function (RouteBuilder $routes) {
     $routes->fallbacks(DashedRoute::class);
 });
 
-// API routes
-$routes->scope('/api', function (RouteBuilder $routes) {
-    // $routes->applyMiddleware('ratelimit', 'auth.api');
-    $routes->scope('/v1', function (RouteBuilder $routes) {
-        // $routes->applyMiddleware('v1compat');
-        $routes->setExtensions(['json']);
-
-        // Generic API route
-        $routes->connect('/{controller}/{action}/*');
-
-        // Tags plugin routes
-        $routes->plugin(
-            'tags',
-            ['path' => '/tags'],
-            function ($routes) {
-                $routes->setRouteClass(DashedRoute::class);
-                $routes->connect(
-                    '/{action}/*',
-                    ['controller' => 'Tags']
-                );
-            }
-        );
-    });
-});
+/*
+ * If you need a different set of middleware or none at all,
+ * open new scope and define routes there.
+ *
+ * ```
+ * $routes->scope('/api', function (RouteBuilder $builder) {
+ *     // No $builder->applyMiddleware() here.
+ *     // Connect API actions here.
+ * });
+ * ```
+ */
diff --git a/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php b/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
index 32a79c4..ca305e8 100644
--- a/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
+++ b/tests/TestCase/Api/AuthKeys/AddAuthKeyApiTest.php
@@ -13,7 +13,7 @@ class AddAuthKeyApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/authKeys/add';
+    protected const ENDPOINT = '/authKeys/add';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php b/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
index 539ab29..a621f37 100644
--- a/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
+++ b/tests/TestCase/Api/AuthKeys/DeleteAuthKeyApiTest.php
@@ -12,7 +12,7 @@ class DeleteAuthKeyApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/authKeys/delete';
+    protected const ENDPOINT = '/authKeys/delete';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php b/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
index 43a3390..0712480 100644
--- a/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
+++ b/tests/TestCase/Api/AuthKeys/IndexAuthKeysApiTest.php
@@ -12,7 +12,7 @@ class IndexAuthKeysApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/authKeys/index';
+    protected const ENDPOINT = '/authKeys/index';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Broods/AddBroodApiTest.php b/tests/TestCase/Api/Broods/AddBroodApiTest.php
index 3da884c..f064f61 100644
--- a/tests/TestCase/Api/Broods/AddBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/AddBroodApiTest.php
@@ -13,7 +13,7 @@ class AddBroodApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/broods/add';
+    protected const ENDPOINT = '/broods/add';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Broods/DeleteBroodApiTest.php b/tests/TestCase/Api/Broods/DeleteBroodApiTest.php
index c54e47a..420bf01 100644
--- a/tests/TestCase/Api/Broods/DeleteBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/DeleteBroodApiTest.php
@@ -13,7 +13,7 @@ class DeleteBroodApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/broods/delete';
+    protected const ENDPOINT = '/broods/delete';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Broods/EditBroodApiTest.php b/tests/TestCase/Api/Broods/EditBroodApiTest.php
index 9bf3077..ad5d70b 100644
--- a/tests/TestCase/Api/Broods/EditBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/EditBroodApiTest.php
@@ -14,7 +14,7 @@ class EditBroodApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/broods/edit';
+    protected const ENDPOINT = '/broods/edit';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Broods/IndexBroodsApiTest.php b/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
index 598898d..d70bc53 100644
--- a/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
+++ b/tests/TestCase/Api/Broods/IndexBroodsApiTest.php
@@ -13,7 +13,7 @@ class IndexBroodsApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/users/index';
+    protected const ENDPOINT = '/users/index';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php b/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php
index 31c2d48..ee1117f 100644
--- a/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php
+++ b/tests/TestCase/Api/Broods/TestBroodConnectionApiTest.php
@@ -16,7 +16,7 @@ class TestBroodConnectionApiTest extends TestCase
     use ApiTestTrait;
     use WireMockTestTrait;
 
-    protected const ENDPOINT = '/api/v1/broods/testConnection';
+    protected const ENDPOINT = '/broods/testConnection';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Broods/ViewBroodApiTest.php b/tests/TestCase/Api/Broods/ViewBroodApiTest.php
index c357d90..bd9e5a7 100644
--- a/tests/TestCase/Api/Broods/ViewBroodApiTest.php
+++ b/tests/TestCase/Api/Broods/ViewBroodApiTest.php
@@ -13,7 +13,7 @@ class ViewBroodApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/broods/view';
+    protected const ENDPOINT = '/broods/view';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
index 1adf5d9..00cc377 100644
--- a/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/AddEncryptionKeyApiTest.php
@@ -14,7 +14,7 @@ class AddEncryptionKeyApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/encryptionKeys/add';
+    protected const ENDPOINT = '/encryptionKeys/add';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
index b089c91..6ae8143 100644
--- a/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/DeleteEncryptionKeyApiTest.php
@@ -13,7 +13,7 @@ class DeleteEncryptionKeyApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/encryptionKeys/delete';
+    protected const ENDPOINT = '/encryptionKeys/delete';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
index 300a969..2636fc1 100644
--- a/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/EditEncryptionKeyApiTest.php
@@ -13,7 +13,7 @@ class EditEncryptionKeyApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/encryptionKeys/edit';
+    protected const ENDPOINT = '/encryptionKeys/edit';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php b/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php
index 9aec4c5..844336d 100644
--- a/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/IndexEncryptionKeysApiTest.php
@@ -13,7 +13,7 @@ class IndexEncryptionKeysApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/encryptionKeys/index';
+    protected const ENDPOINT = '/encryptionKeys/index';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php b/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php
index 39c6519..de324fb 100644
--- a/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php
+++ b/tests/TestCase/Api/EncryptionKeys/ViewEncryptionKeyApiTest.php
@@ -13,7 +13,7 @@ class ViewEncryptionKeyApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/encryptionKeys/view';
+    protected const ENDPOINT = '/encryptionKeys/view';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php b/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
index 9c34aa0..8434d62 100644
--- a/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
+++ b/tests/TestCase/Api/Inbox/CreateInboxEntryApiTest.php
@@ -12,7 +12,7 @@ class CreateInboxEntryApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/inbox/createEntry';
+    protected const ENDPOINT = '/inbox/createEntry';
 
     protected $fixtures = [
         'app.Inbox',
diff --git a/tests/TestCase/Api/Inbox/IndexInboxApiTest.php b/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
index da99710..ae9c039 100644
--- a/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
+++ b/tests/TestCase/Api/Inbox/IndexInboxApiTest.php
@@ -13,7 +13,7 @@ class IndexInboxApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/inbox/index';
+    protected const ENDPOINT = '/inbox/index';
 
     protected $fixtures = [
         'app.Inbox',
diff --git a/tests/TestCase/Api/Individuals/AddIndividualApiTest.php b/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
index cced4e4..fcff319 100644
--- a/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/AddIndividualApiTest.php
@@ -12,7 +12,7 @@ class AddIndividualApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/individuals/add';
+    protected const ENDPOINT = '/individuals/add';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
index 0768b59..e5657aa 100644
--- a/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/DeleteIndividualApiTest.php
@@ -13,7 +13,7 @@ class DeleteIndividualApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/individuals/delete';
+    protected const ENDPOINT = '/individuals/delete';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Individuals/EditIndividualApiTest.php b/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
index cdff2d9..c888bba 100644
--- a/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/EditIndividualApiTest.php
@@ -13,7 +13,7 @@ class EditIndividualApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/individuals/edit';
+    protected const ENDPOINT = '/individuals/edit';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php b/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
index 29da85f..e5c92ce 100644
--- a/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
+++ b/tests/TestCase/Api/Individuals/IndexIndividualsApiTest.php
@@ -13,7 +13,7 @@ class IndexIndividualsApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/individuals/index';
+    protected const ENDPOINT = '/individuals/index';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php b/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
index 8589f1f..d4b94d9 100644
--- a/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
+++ b/tests/TestCase/Api/Individuals/ViewIndividualApiTest.php
@@ -13,7 +13,7 @@ class ViewIndividualApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/individuals/view';
+    protected const ENDPOINT = '/individuals/view';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
index bde14a0..5a47554 100644
--- a/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/AddOrganisationApiTest.php
@@ -12,7 +12,7 @@ class AddOrganisationApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/organisations/add';
+    protected const ENDPOINT = '/organisations/add';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
index 9e3ae3c..efdaa5c 100644
--- a/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/DeleteOrganisationApiTest.php
@@ -14,7 +14,7 @@ class DeleteOrganisationApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/organisations/delete';
+    protected const ENDPOINT = '/organisations/delete';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
index 4587808..6d14f3c 100644
--- a/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/EditOrganisationApiTest.php
@@ -13,7 +13,7 @@ class EditOrganisationApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/organisations/edit';
+    protected const ENDPOINT = '/organisations/edit';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php b/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
index 23a68c9..a22e0f4 100644
--- a/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
+++ b/tests/TestCase/Api/Organisations/IndexOrganisationsApiTest.php
@@ -13,7 +13,7 @@ class IndexOrganisationApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/organisations/index';
+    protected const ENDPOINT = '/organisations/index';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
index d22f31a..f8bd194 100644
--- a/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/TagOrganisationApiTest.php
@@ -14,7 +14,7 @@ class TagOrganisationApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/organisations/tag';
+    protected const ENDPOINT = '/organisations/tag';
 
     protected $fixtures = [
         'app.TagsTags',
diff --git a/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
index 6cbb55d..59f1bea 100644
--- a/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/UntagOrganisationApiTest.php
@@ -14,7 +14,7 @@ class UntagOrganisationApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/organisations/untag';
+    protected const ENDPOINT = '/organisations/untag';
 
     protected $fixtures = [
         'app.TagsTags',
diff --git a/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php b/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
index 5e51698..a9a728b 100644
--- a/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
+++ b/tests/TestCase/Api/Organisations/ViewOrganisationApiTest.php
@@ -13,7 +13,7 @@ class ViewOrganisationApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/organisations/view';
+    protected const ENDPOINT = '/organisations/view';
 
     protected $fixtures = [
         'app.TagsTags',
diff --git a/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
index 2843687..cbfebbb 100644
--- a/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/AddSharingGroupApiTest.php
@@ -14,7 +14,7 @@ class AddSharingGroupApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/sharingGroups/add';
+    protected const ENDPOINT = '/sharingGroups/add';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
index b9d4a0c..e2d1dc5 100644
--- a/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/DeleteSharingGroupApiTest.php
@@ -13,7 +13,7 @@ class DeleteSharingGroupApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/sharingGroups/delete';
+    protected const ENDPOINT = '/sharingGroups/delete';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
index 9f861e8..07dff5b 100644
--- a/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/EditSharingGroupApiTest.php
@@ -13,7 +13,7 @@ class EditSharingGroupApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/sharingGroups/edit';
+    protected const ENDPOINT = '/sharingGroups/edit';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php b/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
index 2cbded2..5286af2 100644
--- a/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/IndexSharingGroupsApiTest.php
@@ -13,7 +13,7 @@ class IndexSharingGroupsApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/sharingGroups/index';
+    protected const ENDPOINT = '/sharingGroups/index';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
index 0bbfbf5..06ceb93 100644
--- a/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
+++ b/tests/TestCase/Api/SharingGroups/ViewSharingGroupApiTest.php
@@ -13,7 +13,7 @@ class ViewSharingGroupApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/sharingGroups/view';
+    protected const ENDPOINT = '/sharingGroups/view';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Tags/IndexTagsApiTest.php b/tests/TestCase/Api/Tags/IndexTagsApiTest.php
index 962750f..4b13b67 100644
--- a/tests/TestCase/Api/Tags/IndexTagsApiTest.php
+++ b/tests/TestCase/Api/Tags/IndexTagsApiTest.php
@@ -12,7 +12,7 @@ class IndexTagsApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/tags/index';
+    protected const ENDPOINT = '/tags/index';
 
     protected $fixtures = [
         'app.TagsTags',
diff --git a/tests/TestCase/Api/Users/AddUserApiTest.php b/tests/TestCase/Api/Users/AddUserApiTest.php
index 6741b9b..3437d29 100644
--- a/tests/TestCase/Api/Users/AddUserApiTest.php
+++ b/tests/TestCase/Api/Users/AddUserApiTest.php
@@ -15,7 +15,7 @@ class AddUserApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/users/add';
+    protected const ENDPOINT = '/users/add';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Users/ChangePasswordApiTest.php b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
index 8dcd517..201cb74 100644
--- a/tests/TestCase/Api/Users/ChangePasswordApiTest.php
+++ b/tests/TestCase/Api/Users/ChangePasswordApiTest.php
@@ -17,7 +17,7 @@ class ChangePasswordApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/users/edit';
+    protected const ENDPOINT = '/users/edit';
 
     /** @var \Cake\Auth\FormAuthenticate */
     protected $auth;
diff --git a/tests/TestCase/Api/Users/DeleteUserApiTest.php b/tests/TestCase/Api/Users/DeleteUserApiTest.php
index 4e99963..9288b9a 100644
--- a/tests/TestCase/Api/Users/DeleteUserApiTest.php
+++ b/tests/TestCase/Api/Users/DeleteUserApiTest.php
@@ -13,7 +13,7 @@ class DeleteUserApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/users/delete';
+    protected const ENDPOINT = '/users/delete';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Users/EditUserApiTest.php b/tests/TestCase/Api/Users/EditUserApiTest.php
index 93a0df8..dd685b9 100644
--- a/tests/TestCase/Api/Users/EditUserApiTest.php
+++ b/tests/TestCase/Api/Users/EditUserApiTest.php
@@ -14,7 +14,7 @@ class EditUserApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/users/edit';
+    protected const ENDPOINT = '/users/edit';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Users/IndexUsersApiTest.php b/tests/TestCase/Api/Users/IndexUsersApiTest.php
index 7303224..c30462b 100644
--- a/tests/TestCase/Api/Users/IndexUsersApiTest.php
+++ b/tests/TestCase/Api/Users/IndexUsersApiTest.php
@@ -13,7 +13,7 @@ class IndexUsersApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/users/index';
+    protected const ENDPOINT = '/users/index';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/tests/TestCase/Api/Users/ViewUserApiTest.php b/tests/TestCase/Api/Users/ViewUserApiTest.php
index 576f2f8..e3ab847 100644
--- a/tests/TestCase/Api/Users/ViewUserApiTest.php
+++ b/tests/TestCase/Api/Users/ViewUserApiTest.php
@@ -13,7 +13,7 @@ class ViewUserApiTest extends TestCase
 {
     use ApiTestTrait;
 
-    protected const ENDPOINT = '/api/v1/users/view';
+    protected const ENDPOINT = '/users/view';
 
     protected $fixtures = [
         'app.Organisations',
diff --git a/webroot/docs/openapi.yaml b/webroot/docs/openapi.yaml
index b584bfc..8077ce7 100644
--- a/webroot/docs/openapi.yaml
+++ b/webroot/docs/openapi.yaml
@@ -29,7 +29,7 @@ tags:
     description: "Authkeys are used for API access. A user can have more than one authkey, so if you would like to use separate keys per tool that queries Cerebrate, add additional keys. Use the comment field to make identifying your keys easier."
 
 paths:
-  /api/v1/individuals/index:
+  /individuals/index:
     get:
       summary: "Get individuals list"
       operationId: getIndividuals
@@ -47,7 +47,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/individuals/view/{individualId}:
+  /individuals/view/{individualId}:
     get:
       summary: "Get individual by ID"
       operationId: getIndividualById
@@ -65,7 +65,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/individuals/add:
+  /individuals/add:
     post:
       summary: "Add individual"
       operationId: addIndividual
@@ -83,7 +83,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/individuals/edit/{individualId}:
+  /individuals/edit/{individualId}:
     put:
       summary: "Edit individual"
       operationId: editIndividual
@@ -103,7 +103,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/individuals/delete/{individualId}:
+  /individuals/delete/{individualId}:
     delete:
       summary: "Delete individual by ID"
       operationId: deleteIndividualById
@@ -121,7 +121,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/users/index:
+  /users/index:
     get:
       summary: "Get users list"
       operationId: getUsers
@@ -139,7 +139,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/users/view:
+  /users/view:
     get:
       summary: "Get information about the current user"
       operationId: viewUserMe
@@ -155,7 +155,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/users/view/{userId}:
+  /users/view/{userId}:
     get:
       summary: "Get information of a user by ID"
       operationId: viewUserById
@@ -173,7 +173,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/users/add:
+  /users/add:
     post:
       summary: "Add user"
       operationId: addUser
@@ -191,7 +191,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/users/edit:
+  /users/edit:
     put:
       summary: "Edit current user"
       operationId: editUser
@@ -209,7 +209,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/users/edit/{userId}:
+  /users/edit/{userId}:
     put:
       summary: "Edit current user"
       operationId: editUserById
@@ -229,7 +229,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/users/delete/{userId}:
+  /users/delete/{userId}:
     delete:
       summary: "Delete user by ID"
       operationId: deleteUserById
@@ -247,7 +247,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/organisations/add:
+  /organisations/add:
     post:
       summary: "Add organisation"
       operationId: addOrganisation
@@ -265,7 +265,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/organisations/edit/{organisationId}:
+  /organisations/edit/{organisationId}:
     put:
       summary: "Edit organisation"
       operationId: editOrganisation
@@ -285,7 +285,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/organisations/index:
+  /organisations/index:
     get:
       summary: "Get organisations"
       operationId: getOrganisations
@@ -303,7 +303,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/organisations/view/{organisationId}:
+  /organisations/view/{organisationId}:
     get:
       summary: "View organisation by ID"
       operationId: getOrganisationById
@@ -321,7 +321,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/organisations/delete/{organisationId}:
+  /organisations/delete/{organisationId}:
     delete:
       summary: "Delete organisation by ID"
       operationId: deleteOrganisationById
@@ -339,7 +339,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/organisations/tag/{organisationId}:
+  /organisations/tag/{organisationId}:
     post:
       summary: "Tag organisation by ID"
       operationId: tagOrganisationById
@@ -359,7 +359,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/organisations/untag/{organisationId}:
+  /organisations/untag/{organisationId}:
     post:
       summary: "Remove organisation tag by ID"
       operationId: untagOrganisationById
@@ -379,7 +379,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/tags/index:
+  /tags/index:
     get:
       summary: "Get tags list"
       operationId: getTags
@@ -397,7 +397,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/inbox/index:
+  /inbox/index:
     get:
       summary: "Get inbox list"
       operationId: getinbox
@@ -415,7 +415,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/inbox/createEntry/User/Registration:
+  /inbox/createEntry/User/Registration:
     post:
       summary: "Create user registration inbox entry"
       operationId: createInboxEntry
@@ -433,7 +433,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/sharingGroups/index:
+  /sharingGroups/index:
     get:
       summary: "Get a sharing groups list"
       operationId: getSharingGroups
@@ -451,7 +451,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/sharingGroups/add:
+  /sharingGroups/add:
     post:
       summary: "Add sharing group"
       operationId: addSharingGroup
@@ -469,7 +469,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/sharingGroups/view/{sharingGroupId}:
+  /sharingGroups/view/{sharingGroupId}:
     get:
       summary: "Get sharing group by ID"
       operationId: getSharingGroupById
@@ -487,7 +487,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/sharingGroups/delete/{sharingGroupId}:
+  /sharingGroups/delete/{sharingGroupId}:
     delete:
       summary: "Delete sharing group by ID"
       operationId: deleteSharingGroupById
@@ -505,7 +505,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/sharingGroups/edit/{sharingGroupId}:
+  /sharingGroups/edit/{sharingGroupId}:
     put:
       summary: "Edit sharing group"
       operationId: editSharingGroup
@@ -525,7 +525,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/broods/index:
+  /broods/index:
     get:
       summary: "Get broods list"
       operationId: getBroods
@@ -543,7 +543,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/broods/view/{broodId}:
+  /broods/view/{broodId}:
     get:
       summary: "Get brood by ID"
       operationId: getBroodById
@@ -561,7 +561,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/broods/add:
+  /broods/add:
     post:
       summary: "Add brood"
       operationId: addBrood
@@ -579,7 +579,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/broods/edit/{broodId}:
+  /broods/edit/{broodId}:
     put:
       summary: "Edit brood"
       operationId: editBrood
@@ -599,7 +599,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/broods/delete/{broodId}:
+  /broods/delete/{broodId}:
     delete:
       summary: "Delete brood by ID"
       operationId: deleteBroodById
@@ -617,7 +617,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/broods/testConnection/{broodId}:
+  /broods/testConnection/{broodId}:
     get:
       summary: "Test brood connection by ID"
       operationId: testBroodConnectionById
@@ -636,7 +636,7 @@ paths:
           $ref: "#/components/responses/ApiErrorResponse"
 
   # EncryptionKeys
-  /api/v1/encryptionKeys/index:
+  /encryptionKeys/index:
     get:
       summary: "Get encryption keys list"
       operationId: getEncryptionKeys
@@ -654,7 +654,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/encryptionKeys/view/{encryptionKeyId}:
+  /encryptionKeys/view/{encryptionKeyId}:
     get:
       summary: "Get encryption key by ID"
       operationId: getEncryptionKeyId
@@ -672,7 +672,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/encryptionKeys/add:
+  /encryptionKeys/add:
     post:
       summary: "Add encryption key"
       operationId: addEncryptionKey
@@ -690,7 +690,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/encryptionKeys/edit/{encryptionKeyId}:
+  /encryptionKeys/edit/{encryptionKeyId}:
     put:
       summary: "Edit encryption key"
       operationId: editEncryptionKey
@@ -710,7 +710,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/encryptionKeys/delete/{encryptionKeyId}:
+  /encryptionKeys/delete/{encryptionKeyId}:
     delete:
       summary: "Delete encryption key by ID"
       operationId: deleteEncryptionKeyById
@@ -729,7 +729,7 @@ paths:
           $ref: "#/components/responses/ApiErrorResponse"
 
   # AuthKeys
-  /api/v1/authKeys/index:
+  /authKeys/index:
     get:
       summary: "Get auth keys list"
       operationId: getAuthKeys
@@ -747,7 +747,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/authKeys/add:
+  /authKeys/add:
     post:
       summary: "Add auth keys"
       operationId: addAuthKey
@@ -765,7 +765,7 @@ paths:
         default:
           $ref: "#/components/responses/ApiErrorResponse"
 
-  /api/v1/authKeys/delete/{authKeyId}:
+  /authKeys/delete/{authKeyId}:
     delete:
       summary: "Delete auth key by ID"
       operationId: deleteAuthKeyById
@@ -1374,7 +1374,7 @@ components:
           type: string
         url:
           type: string
-          example: "/api/v1/users"
+          example: "/users"
         code:
           type: integer
           example: 500
@@ -1391,7 +1391,7 @@ components:
           example: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
         url:
           type: string
-          example: "/api/v1/users"
+          example: "/users"
         code:
           type: integer
           example: 403
@@ -1408,7 +1408,7 @@ components:
           example: "You do not have permission to use this functionality."
         url:
           type: string
-          example: "/api/v1/users/index"
+          example: "/users/index"
         code:
           type: integer
           example: 405
@@ -1425,7 +1425,7 @@ components:
           example: "Invalid user"
         url:
           type: string
-          example: "/api/v1/users/users/view/1234"
+          example: "/users/users/view/1234"
         code:
           type: integer
           example: 404