From a64e62a3fb02f408a3d91e54faa80efb243d5f0b Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 10:22:32 +0200
Subject: [PATCH 01/69] chg: [inboxProcessor:generic] Updated to not rely on
 deprecated parameters anymore

---
 libraries/default/InboxProcessors/GenericInboxProcessor.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libraries/default/InboxProcessors/GenericInboxProcessor.php b/libraries/default/InboxProcessors/GenericInboxProcessor.php
index 1ca84ea..a212fd6 100644
--- a/libraries/default/InboxProcessors/GenericInboxProcessor.php
+++ b/libraries/default/InboxProcessors/GenericInboxProcessor.php
@@ -76,8 +76,9 @@ class GenericInboxProcessor
         $builder = new ViewBuilder();
         $builder->disableAutoLayout()
             ->setClassName('Monad')
-            ->setTemplate($processingTemplate);
-        $view = $builder->build($viewVariables);
+            ->setTemplate($processingTemplate)
+            ->setVars($viewVariables);
+        $view = $builder->build();
         $view->setRequest($serverRequest);
         return $view->render();
     }

From 745340adff1fa9e47f72e7165beea4b8b64f7903 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 10:23:11 +0200
Subject: [PATCH 02/69] fix: [component:CRUD] Only show metafields filters wjen
 the model has the behavior

---
 src/Controller/Component/CRUDComponent.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index fdb0d60..410b571 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -186,16 +186,16 @@ class CRUDComponent extends Component
             $metaTemplates = $this->getMetaTemplates()->toArray();
             $this->Controller->set('metaFieldsEnabled', true);
             $this->Controller->set('metaTemplates', $metaTemplates);
+            $typeHandlers = $this->Table->getBehavior('MetaFields')->getTypeHandlers();
+            $typeHandlersOperators = [];
+            foreach ($typeHandlers as $type => $handler) {
+                $typeHandlersOperators[$type] = $handler::OPERATORS;
+            }
+            $this->Controller->set('typeHandlersOperators', $typeHandlersOperators);
         } else {
             $this->Controller->set('metaFieldsEnabled', false);
         }
         $filters = !empty($this->Controller->filterFields) ? $this->Controller->filterFields : [];
-        $typeHandlers = $this->Table->getBehavior('MetaFields')->getTypeHandlers();
-        $typeHandlersOperators = [];
-        foreach ($typeHandlers as $type => $handler) {
-            $typeHandlersOperators[$type] = $handler::OPERATORS;
-        }
-        $this->Controller->set('typeHandlersOperators', $typeHandlersOperators);
         $this->Controller->set('filters', $filters);
         $this->Controller->viewBuilder()->setLayout('ajax');
         $this->Controller->render('/genericTemplates/filters');
@@ -1421,7 +1421,7 @@ class CRUDComponent extends Component
                 );
                 if ($this->Controller->ParamHandler->isRest()) {
                 } else if ($this->Controller->ParamHandler->isAjax()) {
-                    $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxFailResponse($this->ObjectAlias, 'toggle', $message, $validationErrors);
+                    $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxFailResponse($this->ObjectAlias, 'toggle', [], $message, $validationErrors);
                 } else {
                     $this->Controller->Flash->error($message);
                     if (empty($params['redirect'])) {

From 726dab255e205fd3c680397af4e27e824abaceb4 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 10:24:01 +0200
Subject: [PATCH 03/69] chg: [inbox:index] Changed quick filter to show `my
 notification` by default

---
 src/Controller/InboxController.php | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/Controller/InboxController.php b/src/Controller/InboxController.php
index 0d07fb9..4ed1845 100644
--- a/src/Controller/InboxController.php
+++ b/src/Controller/InboxController.php
@@ -39,9 +39,17 @@ class InboxController extends AppController
             'filters' => $this->filterFields,
             'quickFilters' => $this->quickFilterFields,
             'contextFilters' => [
-                'fields' => [
-                    'scope',
-                ]
+                'custom' => [
+                    [
+                        'default' => true,
+                        'label' => __('My Notifications'),
+                        'filterConditionFunction' => function ($query) {
+                            return $query->where([
+                                'user_id' => $this->ACL->getUser()['id'],
+                            ]);
+                        }
+                    ],
+                ],
             ],
             'contain' => $this->containFields
         ]);

From 8d7e2b0df2b899b798c099f19fa3118b97087d0c Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 10:26:03 +0200
Subject: [PATCH 04/69] chg: [inboxes:UI] Renamed `request` into `message`

---
 src/Controller/Component/Navigation/Inbox.php  |  4 ++--
 src/Controller/Component/Navigation/Outbox.php |  4 ++--
 src/Controller/InboxController.php             |  6 +++---
 templates/Inbox/index.php                      | 13 +++++++++----
 templates/Outbox/index.php                     |  2 +-
 5 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/src/Controller/Component/Navigation/Inbox.php b/src/Controller/Component/Navigation/Inbox.php
index 54da6c2..78eba2e 100644
--- a/src/Controller/Component/Navigation/Inbox.php
+++ b/src/Controller/Component/Navigation/Inbox.php
@@ -10,13 +10,13 @@ class InboxNavigation extends BaseNavigation
         $this->bcf->addRoute('Inbox', 'index', $this->bcf->defaultCRUD('Inbox', 'index'));
         $this->bcf->addRoute('Inbox', 'view', $this->bcf->defaultCRUD('Inbox', 'view'));
         $this->bcf->addRoute('Inbox', 'discard', [
-            'label' => __('Discard request'),
+            'label' => __('Discard message'),
             'icon' => 'trash',
             'url' => '/inbox/discard/{{id}}',
             'url_vars' => ['id' => 'id'],
         ]);
         $this->bcf->addRoute('Inbox', 'process', [
-            'label' => __('Process request'),
+            'label' => __('Process message'),
             'icon' => 'cogs',
             'url' => '/inbox/process/{{id}}',
             'url_vars' => ['id' => 'id'],
diff --git a/src/Controller/Component/Navigation/Outbox.php b/src/Controller/Component/Navigation/Outbox.php
index 8926ac4..39d4717 100644
--- a/src/Controller/Component/Navigation/Outbox.php
+++ b/src/Controller/Component/Navigation/Outbox.php
@@ -10,13 +10,13 @@ class OutboxNavigation extends BaseNavigation
         $this->bcf->addRoute('Outbox', 'index', $this->bcf->defaultCRUD('Outbox', 'index'));
         $this->bcf->addRoute('Outbox', 'view', $this->bcf->defaultCRUD('Outbox', 'view'));
         $this->bcf->addRoute('Outbox', 'discard', [
-            'label' => __('Discard request'),
+            'label' => __('Discard message'),
             'icon' => 'trash',
             'url' => '/outbox/discard/{{id}}',
             'url_vars' => ['id' => 'id'],
         ]);
         $this->bcf->addRoute('Outbox', 'process', [
-            'label' => __('Process request'),
+            'label' => __('Process message'),
             'icon' => 'cogs',
             'url' => '/outbox/process/{{id}}',
             'url_vars' => ['id' => 'id'],
diff --git a/src/Controller/InboxController.php b/src/Controller/InboxController.php
index 4ed1845..715d060 100644
--- a/src/Controller/InboxController.php
+++ b/src/Controller/InboxController.php
@@ -107,11 +107,11 @@ class InboxController extends AppController
                 }
             }
         }
-        $this->set('deletionTitle', __('Discard request'));
+        $this->set('deletionTitle', __('Discard message'));
         if (!empty($id)) {
-            $this->set('deletionText', __('Are you sure you want to discard request #{0}?', $id));
+            $this->set('deletionText', __('Are you sure you want to discard message #{0}?', $id));
         } else {
-            $this->set('deletionText', __('Are you sure you want to discard the selected requests?'));
+            $this->set('deletionText', __('Are you sure you want to discard the selected message?'));
         }
         $this->set('deletionConfirm', __('Discard'));
         $this->CRUD->delete($id);
diff --git a/templates/Inbox/index.php b/templates/Inbox/index.php
index 6576ec3..07d8c2e 100644
--- a/templates/Inbox/index.php
+++ b/templates/Inbox/index.php
@@ -12,9 +12,9 @@ echo $this->element('genericElements/IndexTable/index_table', [
                     'type' => 'multi_select_actions',
                     'children' => [
                         [
-                            'text' => __('Discard requests'),
+                            'text' => __('Discard message'),
                             'variant' => 'danger',
-                            'onclick' => 'discardRequests',
+                            'onclick' => 'discardMessages',
                         ]
                     ],
                     'data' => [
@@ -34,6 +34,10 @@ echo $this->element('genericElements/IndexTable/index_table', [
                     'data' => '',
                     'searchKey' => 'value',
                     'allowFilering' => true
+                ],
+                [
+                    'type' => 'table_action',
+                    'table_setting_id' => 'inbox_index',
                 ]
             ]
         ],
@@ -105,7 +109,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'open_modal' => '/inbox/delete/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
                 'icon' => 'trash',
-                'title' => __('Discard request')
+                'title' => __('Discard message')
             ],
         ]
     ]
@@ -113,7 +117,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
 ?>
 
 <script>
-    function discardRequests(idList, selectedData, $table) {
+    function discardMessages(idList, selectedData, $table) {
         const successCallback = function([data, modalObject]) {
             UI.reload('/inbox/index', UI.getContainerForTable($table), $table)
         }
@@ -157,6 +161,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 }
             )
         }
+
         function handleMessageTable($modal, header, data) {
             const $modalBody = $modal.find('.modal-body')
             const $messageTable = $modalBody.find('table.message-table')
diff --git a/templates/Outbox/index.php b/templates/Outbox/index.php
index d00cb3c..3ea0bfc 100644
--- a/templates/Outbox/index.php
+++ b/templates/Outbox/index.php
@@ -100,7 +100,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'open_modal' => '/outbox/delete/[onclick_params_data_path]',
                 'modal_params_data_path' => 'id',
                 'icon' => 'trash',
-                'title' => __('Discard request')
+                'title' => __('Discard message')
             ],
         ]
     ]

From 6d40968f24637d919a54a8f21806134999d518ed Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 10:27:58 +0200
Subject: [PATCH 05/69] chg: [appTable] Set string format of FrozenTime to ISO
 8601-like by default

---
 src/Model/Table/AppTable.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Model/Table/AppTable.php b/src/Model/Table/AppTable.php
index 70ea76f..531714c 100644
--- a/src/Model/Table/AppTable.php
+++ b/src/Model/Table/AppTable.php
@@ -16,6 +16,7 @@ class AppTable extends Table
 {
     public function initialize(array $config): void
     {
+        FrozenTime::setToStringFormat("yyyy-MM-dd HH:mm:ss");
     }
 
     public function getStatisticsUsageForModel(Object $table, array $scopes, array $options=[]): array

From a841888db943b636006ce309ff1b9b81fa200bd2 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 10:29:14 +0200
Subject: [PATCH 06/69] fix: [template:genericFilters] Do not fail if tag
 selector container doesn't exist

---
 templates/genericTemplates/filters.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/genericTemplates/filters.php b/templates/genericTemplates/filters.php
index 33fb379..b101e09 100644
--- a/templates/genericTemplates/filters.php
+++ b/templates/genericTemplates/filters.php
@@ -118,7 +118,7 @@ echo $this->Bootstrap->modal([
             }
         }
         $selectTag = modalObject.$modal.find('.tag-container select.select2-input')
-        activeFilters['filteringTags'] = $selectTag.select2('data').map(tag => tag.text)
+        activeFilters['filteringTags'] = $selectTag.length > 0 ? $selectTag.select2('data').map(tag => tag.text) : []
         const searchParam = jQuery.param(activeFilters);
         const url = `/${controller}/${action}?${searchParam}`
 

From 7ab3a5bfeec4b7e5d2718bc5307eb95ea63772ae Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 10:29:47 +0200
Subject: [PATCH 07/69] chg: [js:api-helper] Show feedback for failure in
 postForm

---
 webroot/js/api-helper.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webroot/js/api-helper.js b/webroot/js/api-helper.js
index 9062c23..24d34cc 100644
--- a/webroot/js/api-helper.js
+++ b/webroot/js/api-helper.js
@@ -381,7 +381,7 @@ class AJAXApi {
                         this.provideSuccessFeedback(data, {}, skipFeedback)
                         toReturn = data;
                     } else {
-                        this.provideFailureFeedback(data, {}, skipFeedback)
+                        this.provideFailureFeedback(data, {}, false)
                         feedbackShown = true
                         this.injectFormValidationFeedback(form, data.errors)
                         toReturn = Promise.reject(data.errors);

From e98290fcbac1313b2551ffc44a6f5b28489b13a2 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 10:30:11 +0200
Subject: [PATCH 08/69] chg: [helper:bootstrap] Added support of icon in
 confirm modal button

---
 src/View/Helper/BootstrapHelper.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/View/Helper/BootstrapHelper.php b/src/View/Helper/BootstrapHelper.php
index 12ccad9..e1b4c46 100644
--- a/src/View/Helper/BootstrapHelper.php
+++ b/src/View/Helper/BootstrapHelper.php
@@ -1069,6 +1069,7 @@ class BoostrapModal extends BootstrapGeneric
         'bodyHtml' => false,
         'footerHtml' => false,
         'confirmText' => 'Confirm',
+        'confirmIcon' => false,
         'cancelText' => 'Cancel',
         'modalClass' => [''],
         'headerClass' => [''],
@@ -1210,6 +1211,7 @@ class BoostrapModal extends BootstrapGeneric
         $buttonConfirm = (new BoostrapButton([
             'variant' => $variant,
             'text' => h($this->options['confirmText']),
+            'icon' => h($this->options['confirmIcon']),
             'class' => 'modal-confirm-button',
             'params' => [
                 // 'data-bs-dismiss' => $this->options['confirmFunction'] ? '' : 'modal',

From 0c4a73cc39fc82dd2da2249907c21c18aaac5859 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 14:31:10 +0200
Subject: [PATCH 09/69] chg: [js:bootstrap-helper] Allow closing success toast
 without title

---
 webroot/js/bootstrap-helper.js | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/webroot/js/bootstrap-helper.js b/webroot/js/bootstrap-helper.js
index 1d5a2ae..173fdca 100644
--- a/webroot/js/bootstrap-helper.js
+++ b/webroot/js/bootstrap-helper.js
@@ -350,18 +350,16 @@ class Toaster {
             $toast.attr('id', options.id)
         }
         $toast.addClass('toast-' + options.variant)
-        if (options.title !== false || options.titleHtml !== false || options.muted !== false || options.mutedHtml !== false) {
+        if (options.title !== false || options.titleHtml !== false || options.muted !== false || options.mutedHtml !== false || options.closeButton) {
             var $toastHeader = $('<div class="toast-header"/>')
             $toastHeader.addClass('toast-' + options.variant)
-            if (options.title !== false || options.titleHtml !== false) {
-                var $toastHeaderText
-                if (options.titleHtml !== false) {
-                    $toastHeaderText = $('<div class="me-auto"/>').html(options.titleHtml);
-                } else {
-                    $toastHeaderText = $('<strong class="me-auto"/>').text(options.title)
-                }
-                $toastHeader.append($toastHeaderText)
+            let $toastHeaderText = $('<span class="me-auto"/>')
+            if (options.titleHtml !== false) {
+                $toastHeaderText = $('<div class="me-auto"/>').html(options.titleHtml);
+            } else if (options.title !== false) {
+                $toastHeaderText = $('<strong class="me-auto"/>').text(options.title)
             }
+            $toastHeader.append($toastHeaderText)
             if (options.muted !== false || options.mutedHtml !== false) {
                 var $toastHeaderMuted
                 if (options.mutedHtml !== false) {

From 00c1ae616fea884db071c5f96bd42155277674e7 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 14:38:16 +0200
Subject: [PATCH 10/69] new: [inboxes] Added `severity` level and `message` and
 removed `description` column

---
 .../20221025000000_inbox_severity.php         | 45 +++++++++++++++++++
 .../InboxProcessors/GenericInboxProcessor.php |  9 +++-
 .../GenericOutboxProcessor.php                |  1 -
 src/Controller/InboxController.php            |  4 +-
 src/Controller/OutboxController.php           |  4 +-
 src/Model/Entity/AppModel.php                 |  7 +++
 src/Model/Entity/Inbox.php                    |  7 ++-
 src/Model/Entity/Outbox.php                   |  7 ++-
 src/Model/Table/InboxTable.php                | 32 ++++++++-----
 src/Model/Table/OutboxTable.php               |  5 +++
 src/Utility/UI/Notification.php               |  4 +-
 templates/Inbox/index.php                     | 23 ++++++----
 templates/Inbox/view.php                      |  4 +-
 templates/Outbox/index.php                    | 23 ++++++----
 templates/Outbox/view.php                     |  4 +-
 15 files changed, 137 insertions(+), 42 deletions(-)
 create mode 100644 config/Migrations/20221025000000_inbox_severity.php

diff --git a/config/Migrations/20221025000000_inbox_severity.php b/config/Migrations/20221025000000_inbox_severity.php
new file mode 100644
index 0000000..d452856
--- /dev/null
+++ b/config/Migrations/20221025000000_inbox_severity.php
@@ -0,0 +1,45 @@
+<?php
+declare(strict_types=1);
+
+use Migrations\AbstractMigration;
+
+final class InboxSeverity extends AbstractMigration
+{
+    /**
+     * Change Method.
+     *
+     * Write your reversible migrations using this method.
+     *
+     * More information on writing migrations is available here:
+     * https://book.cakephp.org/phinx/0/en/migrations.html#the-change-method
+     *
+     * Remember to call "create()" or "update()" and NOT "save()" when working
+     * with the Table class.
+     */
+    public function change(): void
+    {
+        $exists = $this->table('inbox')->hasColumn('severity');
+        if (!$exists) {
+            $this->table('inbox')
+                ->addColumn('severity', 'integer', [
+                    'null' => false,
+                    'default' => 0,
+                    'signed' => false,
+                    'length' => 10,
+                ])
+                ->renameColumn('comment', 'message')
+                ->removeColumn('description')
+                ->update();
+            $this->table('outbox')
+                ->addColumn('severity', 'integer', [
+                    'null' => false,
+                    'default' => 0,
+                    'signed' => false,
+                    'length' => 10,
+                ])
+                ->renameColumn('comment', 'message')
+                ->removeColumn('description')
+                ->update();
+        }
+    }
+}
diff --git a/libraries/default/InboxProcessors/GenericInboxProcessor.php b/libraries/default/InboxProcessors/GenericInboxProcessor.php
index a212fd6..fd2e09d 100644
--- a/libraries/default/InboxProcessors/GenericInboxProcessor.php
+++ b/libraries/default/InboxProcessors/GenericInboxProcessor.php
@@ -19,9 +19,12 @@ class GenericInboxProcessor
     protected $validator;
     protected $processingTemplate = '/genericTemplates/confirm';
     protected $processingTemplatesDirectory = ROOT . '/libraries/default/InboxProcessors/templates';
+    protected $defaultSeverity;
+    protected $severity;
 
     public function __construct($registerActions=false) {
         $this->Inbox = TableRegistry::getTableLocator()->get('Inbox');
+        $this->defaultSeverity = $this->Inbox::SEVERITY_INFO;
         if ($registerActions) {
             $this->registerActionInProcessor();
         }
@@ -54,6 +57,10 @@ class GenericInboxProcessor
     {
         return $this->description ?? '';
     }
+    public function getSeverity()
+    {
+        return $this->severity ?? $this->defaultSeverity;
+    }
 
     protected function getProcessingTemplatePath()
     {
@@ -192,7 +199,7 @@ class GenericInboxProcessor
     {
         $requestData['scope'] = $this->scope;
         $requestData['action'] = $this->action;
-        $requestData['description'] = $this->description;
+        $requestData['severity'] = $this->getSeverity();
         $request = $this->generateRequest($requestData);
         $savedRequest = $this->Inbox->createEntry($request);
         return $this->genActionResult(
diff --git a/libraries/default/OutboxProcessors/GenericOutboxProcessor.php b/libraries/default/OutboxProcessors/GenericOutboxProcessor.php
index c230465..98df5f3 100644
--- a/libraries/default/OutboxProcessors/GenericOutboxProcessor.php
+++ b/libraries/default/OutboxProcessors/GenericOutboxProcessor.php
@@ -193,7 +193,6 @@ class GenericOutboxProcessor
         $user_id = Router::getRequest()->getSession()->read('Auth.id');
         $requestData['scope'] = $this->scope;
         $requestData['action'] = $this->action;
-        $requestData['description'] = $this->description;
         $requestData['user_id'] = $user_id;
         $request = $this->generateRequest($requestData);
         $savedRequest = $this->Outbox->createEntry($request);
diff --git a/src/Controller/InboxController.php b/src/Controller/InboxController.php
index 715d060..39f906a 100644
--- a/src/Controller/InboxController.php
+++ b/src/Controller/InboxController.php
@@ -16,8 +16,8 @@ use Cake\Http\Exception\ForbiddenException;
 
 class InboxController extends AppController
 {
-    public $filterFields = ['scope', 'action', 'title', 'origin', 'comment'];
-    public $quickFilterFields = ['scope', 'action', ['title' => true], ['comment' => true]];
+    public $filterFields = ['scope', 'action', 'title', 'origin', 'message'];
+    public $quickFilterFields = ['scope', 'action', ['title' => true], ['message' => true]];
     public $containFields = ['Users'];
 
     public $paginate = [
diff --git a/src/Controller/OutboxController.php b/src/Controller/OutboxController.php
index 90db5ba..ad0033c 100644
--- a/src/Controller/OutboxController.php
+++ b/src/Controller/OutboxController.php
@@ -16,8 +16,8 @@ use Cake\Http\Exception\ForbiddenException;
 
 class OutboxController extends AppController
 {
-    public $filterFields = ['scope', 'action', 'title', 'comment'];
-    public $quickFilterFields = ['scope', 'action', ['title' => true], ['comment' => true]];
+    public $filterFields = ['scope', 'action', 'title', 'message'];
+    public $quickFilterFields = ['scope', 'action', ['title' => true], ['message' => true]];
     public $containFields = ['Users'];
 
     public function beforeFilter(EventInterface $event)
diff --git a/src/Model/Entity/AppModel.php b/src/Model/Entity/AppModel.php
index a94e78a..bc9815d 100644
--- a/src/Model/Entity/AppModel.php
+++ b/src/Model/Entity/AppModel.php
@@ -2,7 +2,9 @@
 
 namespace App\Model\Entity;
 
+use App\Model\Table\AppTable;
 use Cake\ORM\Entity;
+use Cake\ORM\TableRegistry;
 
 class AppModel extends Entity
 {
@@ -33,6 +35,11 @@ class AppModel extends Entity
         return $this->_accessibleOnNew ?? [];
     }
 
+    public function table(): AppTable
+    {
+        return TableRegistry::get($this->getSource());
+    }
+
     public function rearrangeForAPI(): void
     {
     }
diff --git a/src/Model/Entity/Inbox.php b/src/Model/Entity/Inbox.php
index 820e29d..21a9b68 100644
--- a/src/Model/Entity/Inbox.php
+++ b/src/Model/Entity/Inbox.php
@@ -7,7 +7,7 @@ use Cake\ORM\Entity;
 
 class Inbox extends AppModel
 {
-    protected $_virtual = ['local_tool_connector_name'];
+    protected $_virtual = ['local_tool_connector_name', 'severity_variant'];
 
     protected function _getLocalToolConnectorName()
     {
@@ -17,4 +17,9 @@ class Inbox extends AppModel
         }
         return $localConnectorName;
     }
+
+    protected function _getSeverityVariant(): string
+    {
+        return $this->table()->severityVariant[$this->severity];
+    }
 }
diff --git a/src/Model/Entity/Outbox.php b/src/Model/Entity/Outbox.php
index 51304e6..98cb40a 100644
--- a/src/Model/Entity/Outbox.php
+++ b/src/Model/Entity/Outbox.php
@@ -7,5 +7,10 @@ use Cake\ORM\Entity;
 
 class Outbox extends AppModel
 {
-    
+    protected $_virtual = ['severity_variant'];
+
+    protected function _getSeverityVariant(): string
+    {
+        return $this->table()->severityVariant[$this->severity];
+    }
 }
diff --git a/src/Model/Table/InboxTable.php b/src/Model/Table/InboxTable.php
index 0617cea..a7626e7 100644
--- a/src/Model/Table/InboxTable.php
+++ b/src/Model/Table/InboxTable.php
@@ -8,6 +8,7 @@ use Cake\ORM\Table;
 use Cake\ORM\RulesChecker;
 use Cake\Validation\Validator;
 use Cake\Http\Exception\NotFoundException;
+use Cake\ORM\ResultSet;
 
 use App\Utility\UI\Notification;
 
@@ -15,6 +16,17 @@ Type::map('json', 'Cake\Database\Type\JsonType');
 
 class InboxTable extends AppTable
 {
+    public const SEVERITY_PRIMARY   = 0,
+        SEVERITY_INFO               = 1,
+        SEVERITY_WARNING            = 2,
+        SEVERITY_DANGER             = 3;
+
+    public $severityVariant = [
+        self::SEVERITY_PRIMARY  => 'primary',
+        self::SEVERITY_INFO     => 'info',
+        self::SEVERITY_WARNING  => 'warning',
+        self::SEVERITY_DANGER   => 'danger',
+    ];
 
     public function initialize(array $config): void
     {
@@ -97,8 +109,8 @@ class InboxTable extends AppTable
         $allNotifications = [];
         $inboxNotifications = $this->getNotificationsForUser($user);
         foreach ($inboxNotifications as $notification) {
-            $title = __('New message');
-            $details = $notification->title;
+            $title = $notification->title;
+            $details = $notification->message;
             $router = [
                 'controller' => 'inbox',
                 'action' => 'process',
@@ -109,7 +121,7 @@ class InboxTable extends AppTable
                 'icon' => 'envelope',
                 'details' => $details,
                 'datetime' => $notification->created,
-                'variant' => 'warning',
+                'variant' => $notification->severity_variant,
                 '_useModal' => true,
                 '_sidebarId' => 'inbox',
             ]))->get();
@@ -117,18 +129,14 @@ class InboxTable extends AppTable
         return $allNotifications;
     }
 
-    public function getNotificationsForUser(\App\Model\Entity\User $user): array
+    public function getNotificationsForUser(\App\Model\Entity\User $user): ResultSet
     {
         $query = $this->find();
-        $conditions = [];
-        if ($user['role']['perm_admin']) {
-            // Admin will not see notifications if it doesn't belong to them. They can see process the message from the inbox
-            $conditions['Inbox.user_id IS'] = null;
-        } else {
-            $conditions['Inbox.user_id'] = $user->id;
-        }
+        $conditions = [
+            'Inbox.user_id' => $user->id
+        ];
         $query->where($conditions);
-        $notifications = $query->all()->toArray();
+        $notifications = $query->all();
         return $notifications;
     }
 }
diff --git a/src/Model/Table/OutboxTable.php b/src/Model/Table/OutboxTable.php
index a78e0c6..eaf7358 100644
--- a/src/Model/Table/OutboxTable.php
+++ b/src/Model/Table/OutboxTable.php
@@ -8,11 +8,13 @@ use Cake\ORM\Table;
 use Cake\ORM\RulesChecker;
 use Cake\Validation\Validator;
 use Cake\Http\Exception\NotFoundException;
+use Cake\ORM\TableRegistry;
 
 Type::map('json', 'Cake\Database\Type\JsonType');
 
 class OutboxTable extends AppTable
 {
+    public $severityVariant;
 
     public function initialize(array $config): void
     {
@@ -22,6 +24,9 @@ class OutboxTable extends AppTable
         $this->belongsTo('Users');
         $this->addBehavior('AuditLog');
         $this->setDisplayField('title');
+
+        $this->Inbox = TableRegistry::getTableLocator()->get('Inbox');
+        $this->severityVariant = $this->Inbox->severityVariant;
     }
 
     protected function _initializeSchema(TableSchemaInterface $schema): TableSchemaInterface
diff --git a/src/Utility/UI/Notification.php b/src/Utility/UI/Notification.php
index a6bf05b..b7e3f17 100644
--- a/src/Utility/UI/Notification.php
+++ b/src/Utility/UI/Notification.php
@@ -25,7 +25,7 @@ class Notification
         foreach ($options as $key => $value) {
             $this->{$key} = $value;
         }
-        $this->validate();
+        $this->_validate();
     }
 
     public function get(): array
@@ -36,7 +36,7 @@ class Notification
         return null;
     }
 
-    private function validate()
+    protected function _validate()
     {
         $validator = new Validator();
 
diff --git a/templates/Inbox/index.php b/templates/Inbox/index.php
index 07d8c2e..bee8244 100644
--- a/templates/Inbox/index.php
+++ b/templates/Inbox/index.php
@@ -53,6 +53,18 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'data_path' => 'created',
                 'element' => 'datetime'
             ],
+            [
+                'name' => 'severity',
+                'sort' => 'severity',
+                'data_path' => 'severity',
+                'element' => 'function',
+                'function' => function ($entry, $context) {
+                    return $context->Bootstrap->badge([
+                        'text' => $entry->severity_variant,
+                        'variant' => $entry->severity_variant,
+                    ]);
+                }
+            ],
             [
                 'name' => 'scope',
                 'sort' => 'scope',
@@ -80,14 +92,9 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'element' => 'user'
             ],
             [
-                'name' => 'description',
-                'sort' => 'description',
-                'data_path' => 'description',
-            ],
-            [
-                'name' => 'comment',
-                'sort' => 'comment',
-                'data_path' => 'comment',
+                'name' => 'message',
+                'sort' => 'message',
+                'data_path' => 'message',
             ],
         ],
         'title' => __('Inbox'),
diff --git a/templates/Inbox/view.php b/templates/Inbox/view.php
index 36e0dfc..6ac08b0 100644
--- a/templates/Inbox/view.php
+++ b/templates/Inbox/view.php
@@ -33,8 +33,8 @@ echo $this->element(
                 'path' => 'user_id',
             ],
             [
-                'key' => 'description',
-                'path' => 'description',
+                'key' => 'message',
+                'path' => 'message',
             ],
             [
                 'key' => 'comment',
diff --git a/templates/Outbox/index.php b/templates/Outbox/index.php
index 3ea0bfc..028e2b1 100644
--- a/templates/Outbox/index.php
+++ b/templates/Outbox/index.php
@@ -49,6 +49,18 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'data_path' => 'created',
                 'element' => 'datetime'
             ],
+            [
+                'name' => 'severity',
+                'sort' => 'severity',
+                'data_path' => 'severity',
+                'element' => 'function',
+                'function' => function ($entry, $context) {
+                    return $context->Bootstrap->badge([
+                        'text' => $entry->severity_variant,
+                        'variant' => $entry->severity_variant,
+                    ]);
+                }
+            ],
             [
                 'name' => 'scope',
                 'sort' => 'scope',
@@ -71,14 +83,9 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'element' => 'user'
             ],
             [
-                'name' => 'description',
-                'sort' => 'description',
-                'data_path' => 'description',
-            ],
-            [
-                'name' => 'comment',
-                'sort' => 'comment',
-                'data_path' => 'comment',
+                'name' => 'message',
+                'sort' => 'message',
+                'data_path' => 'message',
             ],
         ],
         'title' => __('Outbox'),
diff --git a/templates/Outbox/view.php b/templates/Outbox/view.php
index 5e6b234..d647f77 100644
--- a/templates/Outbox/view.php
+++ b/templates/Outbox/view.php
@@ -29,8 +29,8 @@ echo $this->element(
                 'path' => 'user_id',
             ],
             [
-                'key' => 'description',
-                'path' => 'description',
+                'key' => 'message',
+                'path' => 'message',
             ],
             [
                 'key' => 'comment',

From eb6dec8b647087c91080f2498c43a4a3fd174bbd Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 14:50:11 +0200
Subject: [PATCH 11/69] fix: [component:CRUD] Default custom contextual filters
 do not override search parameters anymore

---
 src/Controller/Component/CRUDComponent.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 410b571..602f637 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -1296,7 +1296,7 @@ class CRUDComponent extends Component
     {
         if (empty($params['filteringLabel']) && !empty($options['contextFilters']['custom'])) {
             foreach ($options['contextFilters']['custom'] as $contextFilter) {
-                if (!empty($contextFilter['default'])) {
+                if (!empty($contextFilter['default']) && empty($params)) {
                     $params['filteringLabel'] = $contextFilter['label'];
                     $this->Controller->set('fakeFilteringLabel', $contextFilter['label']);
                     break;

From 3d5508055a5a193529ac6f49c7fe5c16a29bc8fa Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 25 Oct 2022 14:50:39 +0200
Subject: [PATCH 12/69] chg: [inbox:index] Allow filtering index by user.id and
 user.name

---
 src/Controller/InboxController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/InboxController.php b/src/Controller/InboxController.php
index 39f906a..2003213 100644
--- a/src/Controller/InboxController.php
+++ b/src/Controller/InboxController.php
@@ -16,7 +16,7 @@ use Cake\Http\Exception\ForbiddenException;
 
 class InboxController extends AppController
 {
-    public $filterFields = ['scope', 'action', 'title', 'origin', 'message'];
+    public $filterFields = ['scope', 'action', 'title', 'origin', 'message', 'Users.id', 'Users.username'];
     public $quickFilterFields = ['scope', 'action', ['title' => true], ['message' => true]];
     public $containFields = ['Users'];
 

From c8ff7bb4b248dcfa6ea1ad77d5ad1c3b68df601d Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Wed, 26 Oct 2022 17:10:04 +0200
Subject: [PATCH 13/69] new: [adminNotificationBehavior] Added first version of
 new behavior and associated inboxProcessor

This behavior allows to specify on which fields modification site-admins should be notified by receiving a message in their inbox
---
 .../NotificationInboxProcessor.php            |  97 +++++++
 .../templates/Notification/DataChange.php     |  79 +++++
 src/Controller/AppController.php              |   1 +
 src/Controller/Component/CRUDComponent.php    |   1 +
 src/Model/Behavior/NotifyAdminsBehavior.php   | 270 ++++++++++++++++++
 5 files changed, 448 insertions(+)
 create mode 100644 libraries/default/InboxProcessors/NotificationInboxProcessor.php
 create mode 100644 libraries/default/InboxProcessors/templates/Notification/DataChange.php
 create mode 100644 src/Model/Behavior/NotifyAdminsBehavior.php

diff --git a/libraries/default/InboxProcessors/NotificationInboxProcessor.php b/libraries/default/InboxProcessors/NotificationInboxProcessor.php
new file mode 100644
index 0000000..081b424
--- /dev/null
+++ b/libraries/default/InboxProcessors/NotificationInboxProcessor.php
@@ -0,0 +1,97 @@
+<?php
+use Cake\ORM\TableRegistry;
+
+require_once(ROOT . DS . 'libraries' . DS . 'default' . DS . 'InboxProcessors' . DS . 'GenericInboxProcessor.php'); 
+
+class NotificationInboxProcessor extends GenericInboxProcessor
+{
+    protected $scope = 'Notification';
+    protected $action = 'not-specified'; //overriden when extending
+    protected $description = ''; // overriden when extending
+    protected $registeredActions = [
+        'DataChange'
+    ];
+
+    public function __construct($loadFromAction=false) {
+        parent::__construct($loadFromAction);
+    }
+
+    public function create($requestData)
+    {
+        return parent::create($requestData);
+    }
+}
+
+class DataChangeProcessor extends NotificationInboxProcessor implements GenericInboxProcessorActionI {
+    public $action = 'DataChange';
+    protected $description;
+
+    public function __construct() {
+        parent::__construct();
+        $this->description = __('Notify when data has been changed');
+        $this->severity = $this->Inbox::SEVERITY_PRIMARY;
+    }
+
+    protected function addValidatorRules($validator)
+    {
+        return $validator
+            ->requirePresence('original', 'changed')
+            ->isArray('original', __('The `original` data must be provided'))
+            ->isArray('changed', __('The `changed` data must be provided'));
+    }
+    
+    public function create($requestData) {
+        $this->validateRequestData($requestData);
+        return parent::create($requestData);
+    }
+
+    public function getViewVariables($request)
+    {
+        $request = $this->__decodeMoreFields($request);
+        return [
+            'data' => [
+                'original' => $request->data['original'],
+                'changed' => $request->data['changed'],
+                'summaryTemplate' => $request->data['summaryTemplate'],
+                'summaryMessage' => $request->data['summaryMessage'],
+                'entityType' => $request->data['entityType'],
+                'entityDisplayField' => $request->data['entityDisplayField'],
+                'entityViewURL' => $request->data['entityViewURL'],
+            ],
+        ];
+    }
+
+    public function process($id, $requestData, $inboxRequest)
+    {
+        $this->discard($id, $requestData);
+        return $this->genActionResult(
+            [],
+            true,
+            __('Notification acknowledged'),
+            []
+        );
+    }
+
+    public function discard($id, $requestData)
+    {
+        return parent::discard($id, $requestData);
+    }
+
+    private function __decodeMoreFields($request)
+    {
+        $decodedRequest = $request;
+        $decodedRequest->data['original'] = $this->__decodeMoreChangedFields($request->data['original']);
+        $decodedRequest->data['changed'] = $this->__decodeMoreChangedFields($request->data['changed']);
+        return $decodedRequest;
+    }
+
+    private function __decodeMoreChangedFields(array $fieldData): array
+    {
+        array_walk($fieldData, function(&$fieldValue, $fieldName) {
+            if ($fieldName === 'meta_fields') {
+                $fieldValue = json_decode($fieldValue, true);
+            }
+        });
+        return $fieldData;
+    }
+}
\ No newline at end of file
diff --git a/libraries/default/InboxProcessors/templates/Notification/DataChange.php b/libraries/default/InboxProcessors/templates/Notification/DataChange.php
new file mode 100644
index 0000000..8cf79b8
--- /dev/null
+++ b/libraries/default/InboxProcessors/templates/Notification/DataChange.php
@@ -0,0 +1,79 @@
+<?php
+if (!empty($data['summary'])) {
+    $changedSummary = h($data['summary']);
+} else if (!empty($data['summaryTemplate']) && !empty($data['summaryMessage'])) {
+    $changedSummary = __(
+        sprintf('%s. %s.', h($data['summaryTemplate']), h($data['summaryMessage'])),
+        h($data['entityType']),
+        sprintf(
+            '<a href="%s" target="_blank">%s</a>',
+            h($data['entityViewURL']),
+            h($data['entityDisplayField'])
+        )
+    );
+} else {
+    $changedSummary = '';
+}
+
+$form = $this->element('genericElements/Form/genericForm', [
+    'entity' => null,
+    'ajax' => false,
+    'raw' => true,
+    'data' => [
+        'model' => 'Inbox',
+        'fields' => [],
+        'submit' => [
+            'action' => $this->request->getParam('action')
+        ]
+    ]
+]);
+
+echo $this->Bootstrap->modal([
+    'title' => __('Acknowledge notification'),
+    'size' => 'xl',
+    'type' => 'confirm',
+    'bodyHtml' => sprintf(
+        '<div class="d-none">%s</div>
+        <div class="container">
+            <div class="row">
+                <p>%s</p>
+                <div class="col">%s</div>
+                <div class="col">%s</div>
+            </div>
+        </div>',
+        $form,
+        $changedSummary,
+        $this->Bootstrap->card([
+            'headerText' => __('Original values'),
+            'bodyHTML' => $this->element('genericElements/SingleViews/Fields/jsonField', ['field' => ['raw' => $data['original']]])
+        ]),
+        $this->Bootstrap->card([
+            'headerText' => __('Changed values'),
+            'bodyHTML' => $this->element('genericElements/SingleViews/Fields/jsonField', ['field' => ['raw' => $data['changed']]])
+        ])
+    ),
+    'confirmText' => __('Acknowledge & Discard'),
+    'confirmIcon' => 'check',
+    // 'confirmFunction' => 'submitAck'
+]);
+?>
+</div>
+
+<script>
+    function submitAck(modalObject, tmpApi) {
+        const $form = modalObject.$modal.find('form')
+        return tmpApi.postForm($form[0]).then((result) => {
+            const url = '/inbox/index'
+            const $container = $('div[id^="table-container-"]')
+            const randomValue = $container.attr('id').split('-')[2]
+            return result
+        })
+    }
+</script>
+
+<style>
+    div.individual-container>div,
+    div.user-container>div {
+        font-size: 1.5rem;
+    }
+</style>
\ No newline at end of file
diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
index 9e8aef8..238dc46 100644
--- a/src/Controller/AppController.php
+++ b/src/Controller/AppController.php
@@ -122,6 +122,7 @@ class AppController extends Controller
                 $this->set('loggedUser', $this->ACL->getUser());
                 $this->set('roleAccess', $this->ACL->getRoleAccess(false, false));
             }
+            Configure::write('loggedUser', $user);
         } else if ($this->ParamHandler->isRest()) {
             throw new MethodNotAllowedException(__('Invalid user credentials.'));
         }
diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 602f637..7d7e612 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -457,6 +457,7 @@ class CRUDComponent extends Component
         }
 
         $entity->setDirty('meta_fields', true);
+        $entity->_metafields_to_delete = $metaFieldsToDelete;
         return ['entity' => $entity, 'metafields_to_delete' => $metaFieldsToDelete];
     }
 
diff --git a/src/Model/Behavior/NotifyAdminsBehavior.php b/src/Model/Behavior/NotifyAdminsBehavior.php
new file mode 100644
index 0000000..62db8fb
--- /dev/null
+++ b/src/Model/Behavior/NotifyAdminsBehavior.php
@@ -0,0 +1,270 @@
+<?php
+namespace App\Model\Behavior;
+
+use ArrayObject;
+use App\Model\Entity\AppModel;
+use App\Model\Entity\MetaField;
+use Cake\Core\Configure;
+use App\Model\Table\UsersTable;
+use Cake\ORM\Behavior;
+use Cake\Datasource\EntityInterface;
+use Cake\Event\EventInterface;
+use Cake\ORM\TableRegistry;
+use Cake\ORM\Query;
+use Cake\Utility\Inflector;
+use Cake\Utility\Hash;
+use Cake\Routing\Router;
+
+class NotifyAdminsBehavior extends Behavior
+{
+    /** @var array */
+    protected $_defaultConfig = [
+        'implementedMethods' => [
+            'notifySiteAdmins' => 'notifySiteAdmins',
+            'notifySiteAdminsForEntity' => 'notifySiteAdminsForEntity',
+        ]
+    ];
+
+    /** @var AuditLog|null */
+    private $Inbox;
+    /** @var User|null */
+    private $Users;
+    /** @var InboxProcessors|null */
+    private $InboxProcessors;
+
+    public function initialize(array $config): void
+    {
+        $this->Inbox = TableRegistry::getTableLocator()->get('Inbox');
+        if($this->table() instanceof UsersTable) {
+            $this->Users = $this->table();
+        } else {
+            $this->Users = TableRegistry::getTableLocator()->get('Users');
+        }
+    }
+
+    public function afterSave(EventInterface $event, EntityInterface $entity, ArrayObject $options): void
+    {
+        if (!$this->isNotificationAllowed($event, $entity, $options)) {
+            return;
+        }
+        $this->notifySiteAdminsForEntityChange($entity);
+    }
+
+    public function afterDelete(EventInterface $event, EntityInterface $entity, ArrayObject $options): void
+    {
+        if (!$this->isNotificationAllowed($event, $entity, $options)) {
+            return;
+        }
+        $this->notifySiteAdminsForEntityDeletion($entity);
+    }
+
+    public function isNotificationAllowed(EventInterface $event, EntityInterface $entity, ArrayObject $options): bool
+    {
+        $loggedUser = Configure::read('loggedUser');
+        if (empty($loggedUser) || !empty($loggedUser['role']['perm_admin']) || !empty($loggedUser['role']['perm_sync'])) {
+            return false;
+        }
+        return true;
+    }
+
+    public function notifySiteAdminsForEntityChange(EntityInterface $entity): void
+    {
+        $watchedFields = !empty($this->getConfig()['fields']) ? $this->getConfig()['fields'] : $entity->getVisible();
+        $originalFields = [];
+        $changedFields = $entity->extract($watchedFields);
+        $titleTemplate = 'New {0} `{1}` created';
+        $title = __(
+            $titleTemplate,
+            Inflector::singularize($entity->getSource()),
+            $entity->get($this->table()->getDisplayField())
+        );
+        $message = __('New {0}', Inflector::singularize($entity->getSource()));
+        if (!$entity->isNew()) {
+            $originalFields = $this->_getOriginalChangedFields($entity, $watchedFields);
+            if ($entity->table()->hasBehavior('MetaFields') && !empty($entity->meta_fields)) {
+                $originalFields['meta_fields'] = array_merge(
+                    $originalFields['meta_fields'],
+                    $this->_getDeletedMetafields($entity)
+                );
+            }
+            $changedFields = $entity->extract(array_keys($originalFields));
+            if ($entity->table()->hasBehavior('MetaFields') && !empty($entity->meta_fields)) {
+                $originalFields['meta_fields'] = array_map(function($metaField) {
+                    $originalValues = $metaField->getOriginalValues($metaField->getVisible());
+                    $metaField->set($originalValues);
+                    return $metaField;
+                }, $originalFields['meta_fields']);
+                $originalFields['meta_fields'] = $this->_massageMetaField($entity, $originalFields['meta_fields']);
+                $changedFields['meta_fields'] = $this->_massageMetaField($entity, $changedFields['meta_fields']);
+            }
+            $titleTemplate = '{0} {1} modified';
+            $title = __(
+                $titleTemplate,
+                Inflector::singularize($entity->getSource()),
+                $entity->get($this->table()->getDisplayField())
+            );
+            $message = __n(
+                '{0} field was updated',
+                '{0} fields were updated',
+                count($changedFields),
+                count($changedFields)
+            );
+        }
+        $data = [
+            'original' => $this->_serializeFields($originalFields),
+            'changed' => $this->_serializeFields($changedFields),
+            'summaryTemplate' => $titleTemplate,
+            'summaryMessage' => $message,
+            'entityType' => Inflector::singularize($entity->getSource()),
+            'entityDisplayField' => $entity->get($this->table()->getDisplayField()),
+            'entityViewURL' => Router::url([
+                'controller' => Inflector::underscore($entity->getSource()),
+                'action' => 'view',
+                $entity->id
+            ]),
+        ];
+        $this->notifySiteAdmins($entity->getSource(), $title, $message, $data);
+    }
+
+    public function notifySiteAdminsForEntityDeletion(EntityInterface $entity): void
+    {
+        $watchedFields = !empty($this->getConfig()['fields']) ? $this->getConfig()['fields'] : $entity->getVisible();
+        $originalFields = $entity->extract($watchedFields);
+        $changedFields = [];
+        $titleTemplate = 'Deleted {0} `{1}`';
+        $title = __(
+            $titleTemplate,
+            Inflector::singularize($entity->getSource()),
+            $entity->get($this->table()->getDisplayField())
+        );
+        $message = __('{0} deleted', Inflector::singularize($entity->getSource()));
+        $data = [
+            'original' => $this->_serializeFields($originalFields),
+            'changed' => $this->_serializeFields($changedFields),
+            'summaryTemplate' => $titleTemplate,
+            'summaryMessage' => $message,
+            'entityType' => Inflector::singularize($entity->getSource()),
+            'entityDisplayField' => $entity->get($this->table()->getDisplayField()),
+            'entityViewURL' => Router::url([
+                'controller' => Inflector::underscore($entity->getSource()),
+                'action' => 'view',
+                $entity->id
+            ]),
+        ];
+        $this->notifySiteAdmins($entity->getSource(), $title, $message, $data);
+    }
+
+    /**
+     * Create a message in each site-admin users
+     *
+     * @param string $title A quick summary of what that notification is about
+     * @param string $origin The origin of the notification. For example, could be the model source
+     * @param string $message Even more free text
+     * @param array $data data used to generate the view when processing.
+     *      Must contain: `original` array of the data before the change
+     *      Must contain: `changed` array of the data after the change
+     *      Optional: `summary` A text summarizing the change
+     *      Optional: `summaryTemplate`, `summaryMessage`, `entityType`, `entityDisplayField`, `entityViewURL` text used to build a summary of the change
+     * @return void
+     */
+    public function notifySiteAdmins(
+        string $origin,
+        string $title,
+        string $message = '',
+        array $data
+    ): void {
+        $this->InboxProcessors = $this->InboxProcessors ?: TableRegistry::getTableLocator()->get('InboxProcessors');
+        $processor = $this->InboxProcessors->getProcessor('Notification', 'DataChange');
+        $siteAdmins = $this->_getSiteAdmins();
+        foreach ($siteAdmins as $siteAdmin) {
+            $notificationData = [
+                'origin' => $origin,
+                'title' => $title,
+                'user_id' => $siteAdmin->id,
+                'message' => $message,
+                'data' => $data,
+            ];
+            $processor->create($notificationData);
+        }
+    }
+
+    protected function _getSiteAdmins(): array
+    {
+        return $this->Users->find()
+            ->matching('Roles', function(Query $q) {
+                return $q
+                    ->where(['Roles.perm_admin' => true]);
+            })
+            ->all()->toList();
+    }
+
+    protected function _getOriginalChangedFields($entity, array $fields): array
+    {
+        $originalChangedFields = $entity->extractOriginalChanged($fields);
+        $originalChangedFields = array_map(function ($fieldValue) {
+            if (is_array($fieldValue)) {
+                return array_filter(array_map(function($fieldValue) {
+                    if (is_subclass_of($fieldValue, 'App\Model\Entity\AppModel')) {
+                        if (!empty($fieldValue->extractOriginalChanged($fieldValue->getVisible()))) {
+                            return $fieldValue;
+                        } else {
+                            return null;
+                        }
+                    }
+                    return $fieldValue;
+                }, $fieldValue), fn ($v) => !is_null($v));
+            } else if (is_subclass_of($fieldValue, 'App\Model\Entity\AppModel')) {
+                return $fieldValue->extractOriginalChanged($fieldValue);
+            }
+            return $fieldValue;
+        }, $originalChangedFields);
+        return $originalChangedFields;
+    }
+
+    protected function _massageMetaField(AppModel $entity, array $metaFields): array
+    {
+        $massaged = [];
+        foreach ($metaFields as $metaField) {
+            foreach ($entity->MetaTemplates as $template) {
+                $templateDisplayName = sprintf('%s (v%s)', $template->name, $template->version);
+                foreach ($template['meta_template_fields'] as $field) {
+                    if ($metaField->meta_template_id == $template->id && $metaField->meta_template_field_id == $field->id) {
+                        if (!empty($massaged[$templateDisplayName][$field['field']])) {
+                            if (!is_array($massaged[$templateDisplayName][$field['field']])) {
+                                $massaged[$templateDisplayName][$field['field']] = [$massaged[$templateDisplayName][$field['field']]];
+                            }
+                            $massaged[$templateDisplayName][$field['field']][] = $metaField['value'];
+                        } else {
+                            $massaged[$templateDisplayName][$field['field']] = $metaField['value'];
+                        }
+                        break 2;
+                    }
+                }
+            }
+        }
+        return $massaged;
+    }
+
+    protected function _getDeletedMetafields(AppModel $entity): array
+    {
+        return $entity->_metafields_to_delete ?? [];
+    }
+
+    protected function _serializeFields($fields): array
+    {
+        return array_map(function ($fieldValue) {
+            if (is_bool($fieldValue)) {
+                return empty($fieldValue) ? 0 : 1;
+            } else if (is_array($fieldValue)) {
+                return json_encode($fieldValue);
+            } else if (is_object($fieldValue)) {
+                switch (get_class($fieldValue)) {
+                    case 'Cake\I18n\FrozenTime':
+                        return $fieldValue->i18nFormat('yyyy-mm-dd HH:mm:ss');
+                }
+            } else {
+                return strval($fieldValue);
+            }
+        }, $fields);
+    }
+}

From ee5adaf971fa2fb3d0244e238fe895169792b647 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 27 Oct 2022 10:12:06 +0200
Subject: [PATCH 14/69] chg: [behavior:adminNotification] Added support of
 watched fields and improved metafield integration

---
 src/Model/Behavior/NotifyAdminsBehavior.php | 87 ++++++++++++++++-----
 1 file changed, 68 insertions(+), 19 deletions(-)

diff --git a/src/Model/Behavior/NotifyAdminsBehavior.php b/src/Model/Behavior/NotifyAdminsBehavior.php
index 62db8fb..6016684 100644
--- a/src/Model/Behavior/NotifyAdminsBehavior.php
+++ b/src/Model/Behavior/NotifyAdminsBehavior.php
@@ -72,6 +72,7 @@ class NotifyAdminsBehavior extends Behavior
         $watchedFields = !empty($this->getConfig()['fields']) ? $this->getConfig()['fields'] : $entity->getVisible();
         $originalFields = [];
         $changedFields = $entity->extract($watchedFields);
+
         $titleTemplate = 'New {0} `{1}` created';
         $title = __(
             $titleTemplate,
@@ -79,24 +80,19 @@ class NotifyAdminsBehavior extends Behavior
             $entity->get($this->table()->getDisplayField())
         );
         $message = __('New {0}', Inflector::singularize($entity->getSource()));
+
         if (!$entity->isNew()) {
-            $originalFields = $this->_getOriginalChangedFields($entity, $watchedFields);
-            if ($entity->table()->hasBehavior('MetaFields') && !empty($entity->meta_fields)) {
-                $originalFields['meta_fields'] = array_merge(
-                    $originalFields['meta_fields'],
-                    $this->_getDeletedMetafields($entity)
-                );
-            }
-            $changedFields = $entity->extract(array_keys($originalFields));
-            if ($entity->table()->hasBehavior('MetaFields') && !empty($entity->meta_fields)) {
-                $originalFields['meta_fields'] = array_map(function($metaField) {
-                    $originalValues = $metaField->getOriginalValues($metaField->getVisible());
-                    $metaField->set($originalValues);
-                    return $metaField;
-                }, $originalFields['meta_fields']);
-                $originalFields['meta_fields'] = $this->_massageMetaField($entity, $originalFields['meta_fields']);
-                $changedFields['meta_fields'] = $this->_massageMetaField($entity, $changedFields['meta_fields']);
+            $originalFields = $this->_getOriginalFields($entity, $watchedFields);
+            $changedFields = $this->_getChangedFields($entity, $originalFields);
+
+            if (
+                $entity->table()->hasBehavior('Timestamp') &&
+                count($changedFields) == 1 && !empty($changedFields['modified'])
+            ) {
+                return; // A not watched field has changed
             }
+
+            $changeAmount = $this->_computeChangeAmount($entity, $originalFields, $changedFields);
             $titleTemplate = '{0} {1} modified';
             $title = __(
                 $titleTemplate,
@@ -106,10 +102,18 @@ class NotifyAdminsBehavior extends Behavior
             $message = __n(
                 '{0} field was updated',
                 '{0} fields were updated',
-                count($changedFields),
-                count($changedFields)
+                $changeAmount,
+                $changeAmount
             );
         }
+        if ($entity->table()->hasBehavior('MetaFields')) {
+            $originalFields['meta_fields'] = $this->_massageMetaField($entity, $originalFields['meta_fields'] ?? []);
+            $changedFields['meta_fields'] = $this->_massageMetaField($entity, $changedFields['meta_fields'] ?? []);
+            if (empty($originalFields['meta_fields']) && empty($changedFields['meta_fields'])) {
+                unset($originalFields['meta_fields']);
+                unset($changedFields['meta_fields']);
+            }
+        }
         $data = [
             'original' => $this->_serializeFields($originalFields),
             'changed' => $this->_serializeFields($changedFields),
@@ -198,7 +202,7 @@ class NotifyAdminsBehavior extends Behavior
             ->all()->toList();
     }
 
-    protected function _getOriginalChangedFields($entity, array $fields): array
+    protected function _getOriginalFields(AppModel $entity, array $fields): array
     {
         $originalChangedFields = $entity->extractOriginalChanged($fields);
         $originalChangedFields = array_map(function ($fieldValue) {
@@ -218,9 +222,40 @@ class NotifyAdminsBehavior extends Behavior
             }
             return $fieldValue;
         }, $originalChangedFields);
+        if ($entity->table()->hasBehavior('MetaFields')) {
+            // Include deleted meta-fields
+            $originalChangedFields['meta_fields'] = array_merge(
+                $originalChangedFields['meta_fields'] ?? [],
+                $this->_getDeletedMetafields($entity)
+            );
+            // Restore original values of meta-fields as the entity has been saved with the changes
+            if (!empty($entity->meta_fields)) {
+                $originalChangedFields['meta_fields'] = array_map(function ($metaField) {
+                    $originalValues = $metaField->getOriginalValues($metaField->getVisible());
+                    $originalMetafield = $metaField->table()->newEntity($metaField->toArray());
+                    $originalMetafield->set($originalValues);
+                    return $originalMetafield;
+                }, $originalChangedFields['meta_fields']);
+            }
+        }
         return $originalChangedFields;
     }
 
+    protected function _getChangedFields(AppModel $entity, array $originalFields): array
+    {
+        $changedFields =  array_filter(
+            $entity->extract(array_keys($originalFields)),
+            fn ($v) => !is_null($v)
+        );
+        if ($entity->table()->hasBehavior('MetaFields')) {
+            $changedMetafields = $entity->extractOriginalChanged($entity->getVisible())['meta_fields'] ?? [];
+            $changedFields['meta_fields'] = array_filter($changedMetafields, function($metaField) {
+                return !empty($metaField->getDirty());
+            });
+        }
+        return $changedFields;
+    }
+
     protected function _massageMetaField(AppModel $entity, array $metaFields): array
     {
         $massaged = [];
@@ -250,6 +285,20 @@ class NotifyAdminsBehavior extends Behavior
         return $entity->_metafields_to_delete ?? [];
     }
 
+    protected function _computeChangeAmount(AppModel $entity, array $originalFields, array $changedFields): int
+    {
+        $amount = count($changedFields);
+        if ($entity->table()->hasBehavior('MetaFields')) {
+            $amount -= 1; // `meta_fields` key was counted without checking at the content
+        }
+        if (!empty($originalFields['meta_fields']) && !empty($changedFields['meta_fields'])) {
+            $amount += count(array_intersect_key($originalFields['meta_fields'] ?? [], $changedFields['meta_fields'] ?? [])); // Add changed fields
+            $amount += count(array_diff_key($changedFields['meta_fields'] ?? [], $originalFields['meta_fields'] ?? [])); // Add new fields
+            $amount += count(array_diff_key($originalFields['meta_fields'] ?? [], $changedFields['meta_fields'] ?? [])); // Add deleted fields
+        }
+        return $amount;
+    }
+
     protected function _serializeFields($fields): array
     {
         return array_map(function ($fieldValue) {

From 8345fabb50c919fd2f03adea70d9b5c752c9e023 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 27 Oct 2022 10:12:45 +0200
Subject: [PATCH 15/69] fix: [behavior:tag] Get identifier if tag data is an
 array

---
 plugins/Tags/src/Model/Behavior/TagBehavior.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/plugins/Tags/src/Model/Behavior/TagBehavior.php b/plugins/Tags/src/Model/Behavior/TagBehavior.php
index 5772d82..5d69ed2 100644
--- a/plugins/Tags/src/Model/Behavior/TagBehavior.php
+++ b/plugins/Tags/src/Model/Behavior/TagBehavior.php
@@ -189,6 +189,8 @@ class TagBehavior extends Behavior
     {
         if (is_object($tag)) {
             return $tag->name;
+        } else if (is_array($tag)) {
+            return $tag['name'];
         } else {
             return trim($tag);
         }

From 1919e6703f040040fd74f360ad491f67a7455194 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 27 Oct 2022 10:13:09 +0200
Subject: [PATCH 16/69] fix: [inboxProcessor:dataChange] Template clean-up

---
 .../templates/Notification/DataChange.php     | 20 -------------------
 1 file changed, 20 deletions(-)

diff --git a/libraries/default/InboxProcessors/templates/Notification/DataChange.php b/libraries/default/InboxProcessors/templates/Notification/DataChange.php
index 8cf79b8..952fae1 100644
--- a/libraries/default/InboxProcessors/templates/Notification/DataChange.php
+++ b/libraries/default/InboxProcessors/templates/Notification/DataChange.php
@@ -54,26 +54,6 @@ echo $this->Bootstrap->modal([
     ),
     'confirmText' => __('Acknowledge & Discard'),
     'confirmIcon' => 'check',
-    // 'confirmFunction' => 'submitAck'
 ]);
 ?>
 </div>
-
-<script>
-    function submitAck(modalObject, tmpApi) {
-        const $form = modalObject.$modal.find('form')
-        return tmpApi.postForm($form[0]).then((result) => {
-            const url = '/inbox/index'
-            const $container = $('div[id^="table-container-"]')
-            const randomValue = $container.attr('id').split('-')[2]
-            return result
-        })
-    }
-</script>
-
-<style>
-    div.individual-container>div,
-    div.user-container>div {
-        font-size: 1.5rem;
-    }
-</style>
\ No newline at end of file

From d0119b2dba781943ed63c1c448efe09611efe3e1 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 27 Oct 2022 10:14:09 +0200
Subject: [PATCH 17/69] new: [user] Added `notifyAdmin` behavior

---
 src/Model/Table/UsersTable.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index 789c9aa..b8a4782 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -24,6 +24,9 @@ class UsersTable extends AppTable
         $this->addBehavior('Timestamp');
         $this->addBehavior('UUID');
         $this->addBehavior('AuditLog');
+        $this->addBehavior('NotifyAdmins', [
+            'fields' => ['role_id', 'individual_id', 'organisation_id', 'disabled', 'modified'],
+        ]);
         $this->initAuthBehaviors();
         $this->belongsTo(
             'Individuals',
@@ -221,7 +224,7 @@ class UsersTable extends AppTable
     {
         if (!empty(Configure::read('keycloak'))) {
             $success = $this->handleUserUpdate($user);
-            return $success;
+            // return $success;
         }
         return true;
     }

From 225913f9c65505bfd0751fd2d61f49b4e32b5be3 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 27 Oct 2022 10:14:57 +0200
Subject: [PATCH 18/69] new: [organisation] Added `notifyAdmin` behavior.

Might be removed later on if needed
---
 src/Model/Table/OrganisationsTable.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Model/Table/OrganisationsTable.php b/src/Model/Table/OrganisationsTable.php
index 723b46a..f56f36b 100644
--- a/src/Model/Table/OrganisationsTable.php
+++ b/src/Model/Table/OrganisationsTable.php
@@ -16,6 +16,9 @@ class OrganisationsTable extends AppTable
         $this->addBehavior('Timestamp');
         $this->addBehavior('Tags.Tag');
         $this->addBehavior('AuditLog');
+        $this->addBehavior('NotifyAdmins', [
+            'fields' => ['uuid', 'name', 'url', 'nationality', 'sector', 'type', 'contacts', 'modified', 'meta_fields'],
+        ]);
         $this->hasMany(
             'Alignments',
             [

From dde7bbe75fb1f8658666fbb23c8e2f6089a07186 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 27 Oct 2022 11:07:21 +0200
Subject: [PATCH 19/69] chg: [behavior:notifyAdmin] Small refactor to better
 handle deletions

---
 src/Model/Behavior/NotifyAdminsBehavior.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/Model/Behavior/NotifyAdminsBehavior.php b/src/Model/Behavior/NotifyAdminsBehavior.php
index 6016684..8497d3b 100644
--- a/src/Model/Behavior/NotifyAdminsBehavior.php
+++ b/src/Model/Behavior/NotifyAdminsBehavior.php
@@ -19,10 +19,15 @@ class NotifyAdminsBehavior extends Behavior
 {
     /** @var array */
     protected $_defaultConfig = [
+        'implementedEvents' => [
+            'Model.afterSave' => 'afterSave',
+            'Model.afterDelete' => 'afterDelete',
+            'Model.beforeDelete' => 'beforeDelete',
+        ],
         'implementedMethods' => [
             'notifySiteAdmins' => 'notifySiteAdmins',
             'notifySiteAdminsForEntity' => 'notifySiteAdminsForEntity',
-        ]
+        ],
     ];
 
     /** @var AuditLog|null */
@@ -50,6 +55,13 @@ class NotifyAdminsBehavior extends Behavior
         $this->notifySiteAdminsForEntityChange($entity);
     }
 
+    public function beforeDelete(EventInterface $event, EntityInterface $entity, ArrayObject $options): void
+    {
+        if ($entity->table()->hasBehavior('MetaFields') && !isset($entity->meta_fields)) {
+            $entity = $entity->table()->loadInto($entity, ['MetaFields']);
+        }
+    }
+
     public function afterDelete(EventInterface $event, EntityInterface $entity, ArrayObject $options): void
     {
         if (!$this->isNotificationAllowed($event, $entity, $options)) {
@@ -114,6 +126,7 @@ class NotifyAdminsBehavior extends Behavior
                 unset($changedFields['meta_fields']);
             }
         }
+        $originalFields = $entity->isNew() ? [] : $entity->isNew();
         $data = [
             'original' => $this->_serializeFields($originalFields),
             'changed' => $this->_serializeFields($changedFields),

From e1499fb705d84db94bd63a420668d0af7ca028f2 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 27 Oct 2022 11:22:55 +0200
Subject: [PATCH 20/69] chg: [inbox:index] Added quick filter on scope

---
 src/Controller/InboxController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/InboxController.php b/src/Controller/InboxController.php
index 2003213..4a161bd 100644
--- a/src/Controller/InboxController.php
+++ b/src/Controller/InboxController.php
@@ -17,7 +17,7 @@ use Cake\Http\Exception\ForbiddenException;
 class InboxController extends AppController
 {
     public $filterFields = ['scope', 'action', 'title', 'origin', 'message', 'Users.id', 'Users.username'];
-    public $quickFilterFields = ['scope', 'action', ['title' => true], ['message' => true]];
+    public $quickFilterFields = ['scope', 'action', ['title' => true], ['message' => true], 'origin'];
     public $containFields = ['Users'];
 
     public $paginate = [

From aeda393bbab5b6fb0ab21493ea5eb9ce39b094b4 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 27 Oct 2022 15:56:39 +0200
Subject: [PATCH 21/69] chg: [component:CRUD] Improved filtering to support
 form type based on database column type

---
 src/Controller/Component/CRUDComponent.php | 32 ++++++++++++++
 templates/genericTemplates/filters.php     | 51 +++++++++++++++++-----
 2 files changed, 73 insertions(+), 10 deletions(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 7d7e612..a11937e 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -48,6 +48,8 @@ class CRUDComponent extends Component
         $optionFilters = empty($options['filters']) ? [] : $options['filters'];
         foreach ($optionFilters as $i => $filter) {
             $optionFilters[] = "{$filter} !=";
+            $optionFilters[] = "{$filter} >=";
+            $optionFilters[] = "{$filter} <=";
         }
         $params = $this->Controller->ParamHandler->harvestParams($optionFilters);
         $params = $this->fakeContextFilter($options, $params);
@@ -196,6 +198,16 @@ class CRUDComponent extends Component
             $this->Controller->set('metaFieldsEnabled', false);
         }
         $filters = !empty($this->Controller->filterFields) ? $this->Controller->filterFields : [];
+        $typeMap = $this->Table->getSchema()->typeMap();
+        $associatedtypeMap = !empty($this->Controller->filterFields) ? $this->_getAssociatedTypeMap() : [];
+        $typeMap = array_merge(
+            $this->Table->getSchema()->typeMap(),
+            $associatedtypeMap
+        );
+        $typeMap = array_filter($typeMap, function ($field) use ($filters) {
+            return in_array($field, $filters);
+        }, ARRAY_FILTER_USE_KEY);
+        $this->Controller->set('typeMap', $typeMap);
         $this->Controller->set('filters', $filters);
         $this->Controller->viewBuilder()->setLayout('ajax');
         $this->Controller->render('/genericTemplates/filters');
@@ -1522,4 +1534,24 @@ class CRUDComponent extends Component
         $view = $builder->build($data);
         return $view->render();
     }
+
+    protected function _getAssociatedTypeMap(): array
+    {
+        $typeMap = [];
+        foreach ($this->Controller->filterFields as $filter) {
+            $exploded = explode('.', $filter);
+            if (count($exploded) > 1) {
+                $model = $exploded[0];
+                $subField = $exploded[1];
+                if ($model == $this->Table->getAlias()) {
+                    $typeMap[$filter] = $this->Table->getSchema()->typeMap()[$subField] ?? 'text';
+                } else {
+                    $association = $this->Table->associations()->get($model);
+                    $associatedTable = $association->getTarget();
+                    $typeMap[$filter] = $associatedTable->getSchema()->typeMap()[$subField] ?? 'text';
+                }
+            }
+        }
+        return $typeMap;
+    }
 }
diff --git a/templates/genericTemplates/filters.php b/templates/genericTemplates/filters.php
index b101e09..d900104 100644
--- a/templates/genericTemplates/filters.php
+++ b/templates/genericTemplates/filters.php
@@ -7,6 +7,7 @@ $tableItems = array_map(function ($fieldName) {
         'fieldname' => $fieldName,
     ];
 }, $filters);
+$formTypeMap = $this->Form->getConfig('typeMap');
 
 $filteringForm = $this->Bootstrap->table(
     [
@@ -23,11 +24,19 @@ $filteringForm = $this->Bootstrap->table(
                 }
             ],
             [
-                'key' => 'operator', 'label' => __('Operator'), 'formatter' => function ($field, $row) {
+                'key' => 'operator', 'label' => __('Operator'), 'formatter' => function ($field, $row) use ($typeMap) {
+                    $fieldName = $row['fieldname'];
+                    $type = $typeMap[$fieldName] ?? 'text';
                     $options = [
                         sprintf('<option value="%s">%s</option>', '=', '='),
                         sprintf('<option value="%s">%s</option>', '!=', '!='),
                     ];
+                    if ($type === 'datetime') {
+                        $options = [
+                            sprintf('<option value="%s">%s</option>', '>=', '>='),
+                            sprintf('<option value="%s">%s</option>', '<=', '<='),
+                        ];
+                    }
                     return sprintf('<select class="fieldOperator form-select form-select-sm">%s</select>', implode('', $options));
                 }
             ],
@@ -38,8 +47,21 @@ $filteringForm = $this->Bootstrap->table(
                     __('Value'),
                     sprintf('<sup class="fa fa-info" title="%s"><sup>', __('Supports strict matches and LIKE matches with the `%` character.&#10;Example: `%.com`'))
                 ),
-                'formatter' => function ($field, $row) {
-                    return sprintf('<input type="text" class="fieldValue form-control form-control-sm">');
+                'formatter' => function ($field, $row) use ($typeMap, $formTypeMap) {
+                    $fieldName = $row['fieldname'];
+                    $formType = $formTypeMap[$typeMap[$fieldName]] ?? 'text';
+                    $this->Form->setTemplates([
+                        'formGroup' => '<div class="col-sm-10">{{input}}</div>',
+                    ]);
+                    return $this->element('genericElements/Form/fieldScaffold', [
+                        'fieldData' => [
+                            'field' => $fieldName,
+                            'type' => $formType,
+                            'label' => '',
+                            'class' => 'fieldValue form-control-sm'
+                        ],
+                        'params' => []
+                    ]);
                 }
             ],
         ],
@@ -102,8 +124,8 @@ echo $this->Bootstrap->modal([
         $rows.each(function() {
             const rowData = getDataFromRow($(this))
             let fullFilter = rowData['name']
-            if (rowData['operator'] == '!=') {
-                fullFilter += ' !='
+            if (rowData['operator'] != '=') {
+                fullFilter += ` ${rowData['operator']}`
             }
             if (rowData['value'].length > 0) {
                 activeFilters[fullFilter] = rowData['value']
@@ -111,7 +133,6 @@ echo $this->Bootstrap->modal([
         })
         if (modalObject.$modal.find('table.indexMetaFieldsFilteringTable').length > 0) {
             let metaFieldFilters = modalObject.$modal.find('table.indexMetaFieldsFilteringTable')[0].getFiltersFunction()
-            // activeFilters['filteringMetaFields'] = metaFieldFilters !== undefined ? metaFieldFilters : [];
             metaFieldFilters = metaFieldFilters !== undefined ? metaFieldFilters : []
             for (let [metaFieldPath, metaFieldValue] of Object.entries(metaFieldFilters)) {
                 activeFilters[metaFieldPath] = metaFieldValue
@@ -138,8 +159,8 @@ echo $this->Bootstrap->modal([
         for (let [field, value] of Object.entries(activeFilters)) {
             const fieldParts = field.split(' ')
             let operator = '='
-            if (fieldParts.length == 2 && fieldParts[1] == '!=') {
-                operator = '!='
+            if (fieldParts.length == 2) {
+                operator = fieldParts[1]
                 field = fieldParts[0]
             } else if (fieldParts.length > 2) {
                 console.error('Field contains multiple spaces. ' + field)
@@ -167,14 +188,24 @@ echo $this->Bootstrap->modal([
             return $(this).data('fieldname') == field
         }).closest('tr')
         $row.find('.fieldOperator').val(operator)
-        $row.find('.fieldValue').val(value)
+        const $formElement = $row.find('.fieldValue');
+        if ($formElement.attr('type') === 'datetime-local') {
+            $formElement.val(moment(value).format('yyyy-MM-DDThh:mm:ss'))
+        } else {
+            $formElement.val(value)
+        }
     }
 
     function getDataFromRow($row) {
         const rowData = {};
         rowData['name'] = $row.find('td > span.fieldName').data('fieldname')
         rowData['operator'] = $row.find('select.fieldOperator').val()
-        rowData['value'] = $row.find('input.fieldValue').val()
+        const $formElement = $row.find('.fieldValue');
+        if ($formElement.attr('type') === 'datetime-local') {
+            rowData['value'] = moment($formElement.val()).toISOString()
+        } else {
+            rowData['value'] = $formElement.val()
+        }
         return rowData
     }
 

From 0db625ce45ec58a81525d8220f53696988a8df50 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 27 Oct 2022 15:57:35 +0200
Subject: [PATCH 22/69] chg: [inbox:index] Added filtering on `created` time

---
 src/Controller/InboxController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/InboxController.php b/src/Controller/InboxController.php
index 4a161bd..388dbfa 100644
--- a/src/Controller/InboxController.php
+++ b/src/Controller/InboxController.php
@@ -16,7 +16,7 @@ use Cake\Http\Exception\ForbiddenException;
 
 class InboxController extends AppController
 {
-    public $filterFields = ['scope', 'action', 'title', 'origin', 'message', 'Users.id', 'Users.username'];
+    public $filterFields = ['scope', 'action', 'Inbox.created', 'title', 'origin', 'message', 'Users.id', 'Users.username',];
     public $quickFilterFields = ['scope', 'action', ['title' => true], ['message' => true], 'origin'];
     public $containFields = ['Users'];
 

From 4c401e6e2945bd75e9d73486ae5fb778925882f3 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 28 Oct 2022 09:10:26 +0200
Subject: [PATCH 23/69] chg: [ui:layout] Added spacing between toast

---
 templates/layout/default.php | 2 +-
 webroot/css/layout.css       | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/templates/layout/default.php b/templates/layout/default.php
index 1509aea..e810136 100644
--- a/templates/layout/default.php
+++ b/templates/layout/default.php
@@ -88,7 +88,7 @@ $sidebarOpen = $loggedUser->user_settings_by_name_with_fallback['ui.sidebar.expa
         </main>
     </div>
     <div id="mainModal" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="mediumModalLabel" aria-hidden="true"></div>
-    <div id="mainToastContainer" style="position: absolute; top: 15px; right: 15px; z-index: 1080"></div>
+    <div id="mainToastContainer" class="main-toast-container"></div>
     <div id="mainModalContainer"></div>
 </body>
 
diff --git a/webroot/css/layout.css b/webroot/css/layout.css
index 9762b1b..95c1655 100644
--- a/webroot/css/layout.css
+++ b/webroot/css/layout.css
@@ -207,6 +207,15 @@ main.content {
     min-width: 25px;
 }
 
+.main-toast-container {
+    position: absolute;
+    top: 15px;
+    right: 15px;
+    z-index: 1080;
+    display: flex;
+    flex-direction: column;
+    row-gap: 0.5em;
+}
 
 /* sidebar */
 .sidebar-wrapper {

From 351b90d8436a297aeaec84e7271937389ced34f0 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 28 Oct 2022 09:11:21 +0200
Subject: [PATCH 24/69] fix: [helper:boostrap] Make sure all properties are
 passed to the button component

---
 src/View/Helper/BootstrapHelper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/View/Helper/BootstrapHelper.php b/src/View/Helper/BootstrapHelper.php
index e1b4c46..b600061 100644
--- a/src/View/Helper/BootstrapHelper.php
+++ b/src/View/Helper/BootstrapHelper.php
@@ -1947,7 +1947,7 @@ class BoostrapDropdownMenu extends BootstrapGeneric
                 'aria-expanded' => 'false',
             ]
         ];
-        $options = array_merge($this->options['toggle-button'], $defaultOptions);
+        $options = array_merge_recursive($this->options['toggle-button'], $defaultOptions);
         return $this->btHelper->button($options);
     }
 

From 67eb9de05a72e1784b2ed11da18f9e158accac1c Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 28 Oct 2022 09:12:30 +0200
Subject: [PATCH 25/69] new: [ui:index_table] Fire pending debounced functions
 on dropdown hidden

---
 .../group_table_action/compactDisplay.php     |  1 +
 .../group_table_action/hiddenColumns.php      | 23 +++---------
 webroot/js/table-settings.js                  | 35 +++++++++++++++++++
 3 files changed, 40 insertions(+), 19 deletions(-)

diff --git a/templates/element/genericElements/ListTopBar/group_table_action/compactDisplay.php b/templates/element/genericElements/ListTopBar/group_table_action/compactDisplay.php
index 312ad37..28eaa4d 100644
--- a/templates/element/genericElements/ListTopBar/group_table_action/compactDisplay.php
+++ b/templates/element/genericElements/ListTopBar/group_table_action/compactDisplay.php
@@ -41,6 +41,7 @@ $compactDisplayInputSeed = 'seed-' . mt_rand();
             const $container = $dropdownMenu.closest('div[id^="table-container-"]')
             const $table = $container.find(`table[data-table-random-value="${tableRandomValue}"]`)
             toggleCompactState($checkbox[0].checked, $table)
+            registerDebouncedFunction($container, debouncedCompactSaver)
         })
     })()
 </script>
\ No newline at end of file
diff --git a/templates/element/genericElements/ListTopBar/group_table_action/hiddenColumns.php b/templates/element/genericElements/ListTopBar/group_table_action/hiddenColumns.php
index 3a95b82..8e14c6d 100644
--- a/templates/element/genericElements/ListTopBar/group_table_action/hiddenColumns.php
+++ b/templates/element/genericElements/ListTopBar/group_table_action/hiddenColumns.php
@@ -40,7 +40,8 @@ echo $availableColumnsHtml;
         const debouncedHiddenColumnSaverWithReload = debounce(mergeAndSaveSettingsWithReload, 2000)
 
         function attachListeners() {
-            let debouncedFunctionWithReload = false, debouncedFunction = false // used to flush debounce function if dropdown menu gets closed
+            let debouncedFunctionWithReload = false,
+                debouncedFunction = false // used to flush debounce function if dropdown menu gets closed
             $('form.visible-column-form, form.visible-meta-column-form').find('input').change(function() {
                 const $dropdownMenu = $(this).closest(`[data-table-random-value]`)
                 const tableRandomValue = $dropdownMenu.attr('data-table-random-value')
@@ -108,24 +109,6 @@ echo $availableColumnsHtml;
             return tableSetting
         }
 
-        function mergeAndSaveSettingsWithReload(table_setting_id, tableSettings, $table) {
-            mergeAndSaveSettings(table_setting_id, tableSettings, false).then((apiResult) => {
-                const theToast = UI.toast({
-                    variant: 'success',
-                    title: apiResult.message,
-                    bodyHtml: $('<div/>').append(
-                        $('<span/>').text('<?= __('The table needs to be reloaded for the new fields to be included.') ?>'),
-                        $('<button/>').addClass(['btn', 'btn-primary', 'btn-sm', 'ms-3']).text('<?= __('Reload table') ?>').click(function() {
-                            const reloadUrl = $table.data('reload-url');
-                            UI.reload(reloadUrl, $table.closest('div[id^="table-container-"]'), $(this)).then(() => {
-                                theToast.removeToast()
-                            })
-                        }),
-                    ),
-                })
-            })
-        }
-
         $(document).ready(function() {
             addSupportOfNestedDropdown();
             const $form = $('form.visible-column-form, form.visible-meta-column-form')
@@ -138,6 +121,8 @@ echo $availableColumnsHtml;
                 toggleColumn(this.getAttribute('data-columnname'), this.checked, $table)
             })
             attachListeners()
+            registerDebouncedFunction($container, debouncedHiddenColumnSaver)
+            registerDebouncedFunction($container, debouncedHiddenColumnSaverWithReload)
         })
     })()
 </script>
\ No newline at end of file
diff --git a/webroot/js/table-settings.js b/webroot/js/table-settings.js
index 2d1e3ea..906a3c4 100644
--- a/webroot/js/table-settings.js
+++ b/webroot/js/table-settings.js
@@ -10,6 +10,41 @@ function mergeAndSaveSettings(table_setting_id, newTableSettings, automaticFeedb
     })
 }
 
+function mergeAndSaveSettingsWithReload(table_setting_id, tableSettings, $table) {
+    mergeAndSaveSettings(table_setting_id, tableSettings, false).then((apiResult) => {
+        const theToast = UI.toast({
+            variant: 'success',
+            title: apiResult.message,
+            bodyHtml: $('<div/>').append(
+                $('<span/>').text('The table needs to be reloaded for the new fields to be included.'),
+                $('<button/>').addClass(['btn', 'btn-primary', 'btn-sm', 'ms-3']).text('Reload table').click(function () {
+                    const reloadUrl = $table.data('reload-url');
+                    UI.reload(reloadUrl, $table.closest('div[id^="table-container-"]'), $(this)).then(() => {
+                        theToast.removeToast()
+                    })
+                }),
+            ),
+        })
+    })
+}
+
+function registerDebouncedFunction($container, fn) {
+    $dropdownButton = $container.find('button.table_setting_dropdown_button')
+    if ($dropdownButton.data('debouncedFunctions') === undefined) {
+        $dropdownButton.data('debouncedFunctions', [])
+    }
+    $dropdownButton.data('debouncedFunctions').push(fn)
+}
+
+function firePendingDebouncedFunctions(dropdownBtn) {
+    $dropdownButton = $(dropdownBtn)
+    if ($dropdownButton.data('debouncedFunctions') !== undefined) {
+        $dropdownButton.data('debouncedFunctions').forEach(function (fn) {
+            fn.flush()
+        })
+    }
+}
+
 function mergeNewTableSettingsIntoOld(table_setting_id, oldTableSettings, newTableSettings) {
     // Merge recursively
     tableSettings = Object.assign({}, oldTableSettings, newTableSettings)

From 03bd4aba302b02f13cd4d643af82fdeb8c7fa9db Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 28 Oct 2022 09:13:15 +0200
Subject: [PATCH 26/69] new: [genericElement:group_table_action] Added support
 of `show # element` in the table

---
 src/Controller/Component/CRUDComponent.php    | 11 +++++
 .../ListTopBar/group_table_action.php         | 24 ++++++++++-
 .../group_table_action/numberOfElement.php    | 42 +++++++++++++++++++
 3 files changed, 76 insertions(+), 1 deletion(-)
 create mode 100644 templates/element/genericElements/ListTopBar/group_table_action/numberOfElement.php

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index a11937e..9967082 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -9,6 +9,7 @@ use Cake\Utility\Inflector;
 use Cake\Utility\Text;
 use Cake\View\ViewBuilder;
 use Cake\ORM\TableRegistry;
+use Cake\ORM\Query;
 use Cake\Routing\Router;
 use Cake\Http\Exception\MethodNotAllowedException;
 use Cake\Http\Exception\NotFoundException;
@@ -105,6 +106,7 @@ class CRUDComponent extends Component
             if ($this->metaFieldsSupported()) {
                 $query = $this->includeRequestedMetaFields($query);
             }
+            $query = $this->setRequestedEntryAmount($query);
             $data = $this->Controller->paginate($query, $this->Controller->paginate ?? []);
             if (isset($options['afterFind'])) {
                 $function = $options['afterFind'];
@@ -707,6 +709,15 @@ class CRUDComponent extends Component
         ]);
     }
 
+    protected function setRequestedEntryAmount()
+    {
+        $user = $this->Controller->ACL->getUser();
+        $tableSettings = IndexSetting::getTableSetting($user, $this->Table);
+        if (!empty($tableSettings['number_of_element'])) {
+            $this->Controller->paginate['limit'] = intval($tableSettings['number_of_element']);
+        }
+    }
+
     public function view(int $id, array $params = []): void
     {
         if (empty($id)) {
diff --git a/templates/element/genericElements/ListTopBar/group_table_action.php b/templates/element/genericElements/ListTopBar/group_table_action.php
index fdb799c..fe538b2 100644
--- a/templates/element/genericElements/ListTopBar/group_table_action.php
+++ b/templates/element/genericElements/ListTopBar/group_table_action.php
@@ -8,6 +8,7 @@ if (empty($data['table_setting_id']) && empty($model)) {
 $data['table_setting_id'] = !empty($data['table_setting_id']) ? $data['table_setting_id'] : IndexSetting::getIDFromTable($model);
 $tableSettings = IndexSetting::getTableSetting($loggedUser, $data['table_setting_id']);
 $compactDisplay = !empty($tableSettings['compact_display']);
+$numberOfElement = $tableSettings['number_of_element'] ?? 20;
 
 $availableColumnsHtml = $this->element('/genericElements/ListTopBar/group_table_action/hiddenColumns', [
     'table_data' => $table_data,
@@ -51,7 +52,13 @@ $compactDisplayHtml = $this->element('/genericElements/ListTopBar/group_table_ac
     'table_data' => $table_data,
     'tableSettings' => $tableSettings,
     'table_setting_id' => $data['table_setting_id'],
-    'compactDisplay' => $compactDisplay
+    'compactDisplay' => $compactDisplay,
+]);
+$numberOfElementHtml = $this->element('/genericElements/ListTopBar/group_table_action/numberOfElement', [
+    'table_data' => $table_data,
+    'tableSettings' => $tableSettings,
+    'table_setting_id' => $data['table_setting_id'],
+    'numberOfElement' => $numberOfElement,
 ]);
 ?>
 <?php if (!isset($data['requirement']) || $data['requirement']) : ?>
@@ -63,6 +70,7 @@ $compactDisplayHtml = $this->element('/genericElements/ListTopBar/group_table_ac
         'toggle-button' => [
             'icon' => 'sliders-h',
             'variant' => 'primary',
+            'class' => ['table_setting_dropdown_button'],
         ],
         'submenu_alignment' => 'end',
         'submenu_direction' => 'start',
@@ -79,8 +87,22 @@ $compactDisplayHtml = $this->element('/genericElements/ListTopBar/group_table_ac
             ],
             [
                 'html' => $compactDisplayHtml,
+            ],
+            [
+                'html' => $numberOfElementHtml,
             ]
         ]
     ]);
     ?>
 <?php endif; ?>
+
+<script>
+    $(document).ready(function() {
+        const dropdownBtn = document.querySelector('button.table_setting_dropdown_button')
+        dropdownBtn.addEventListener('hidden.bs.dropdown', function() {
+            const $dropdownBtn = $(this)
+            const debouncedFunctions = $dropdownBtn.data('debouncedFunctions')
+            firePendingDebouncedFunctions(dropdownBtn)
+        })
+    })
+</script>
\ No newline at end of file
diff --git a/templates/element/genericElements/ListTopBar/group_table_action/numberOfElement.php b/templates/element/genericElements/ListTopBar/group_table_action/numberOfElement.php
new file mode 100644
index 0000000..6b69c50
--- /dev/null
+++ b/templates/element/genericElements/ListTopBar/group_table_action/numberOfElement.php
@@ -0,0 +1,42 @@
+<?php
+$numberOfElementSelectSeed = 'seed-' . mt_rand();
+?>
+
+<label class="dropdown-item d-flex align-items-center cursor-pointer" href="#" for="<?= $numberOfElementSelectSeed ?>">
+    <span class="fw-bold">#</span>
+    <span class="ms-2"><?= __('Show') ?></span>
+    <select id="<?= $numberOfElementSelectSeed ?>" class="select-number-of-element form-select ms-auto" style="width: 5em;">
+        <option value="20" <?= $numberOfElement == 20 ? 'selected' : '' ?>><?= __('20') ?></option>
+        <option value="50" <?= $numberOfElement == 50 ? 'selected' : '' ?>><?= __('50') ?></option>
+        <option value="100" <?= $numberOfElement == 100 ? 'selected' : '' ?>><?= __('100') ?></option>
+        <option value="200" <?= $numberOfElement == 200 ? 'selected' : '' ?>><?= __('200') ?></option>
+    </select>
+</label>
+
+<script>
+    (function() {
+        const debouncedNumberElementSaver = debounce(mergeAndSaveSettingsWithReload, 2000)
+
+        $('#<?= $numberOfElementSelectSeed ?>').change(function() {
+            const $dropdownMenu = $(this).closest('.dropdown')
+            const tableRandomValue = $dropdownMenu.attr('data-table-random-value')
+            const $container = $dropdownMenu.closest('div[id^="table-container-"]')
+            const $table = $container.find(`table[data-table-random-value="${tableRandomValue}"]`)
+            const table_setting_id = $dropdownMenu.data('table_setting_id');
+            let newTableSettings = {}
+            newTableSettings[table_setting_id] = {
+                'number_of_element': $(this).val()
+            }
+            debouncedNumberElementSaver(table_setting_id, newTableSettings, $table)
+        })
+
+        $(document).ready(function() {
+            const $select = $('#<?= $numberOfElementSelectSeed ?>')
+            const $dropdownMenu = $select.closest('.dropdown')
+            const tableRandomValue = $dropdownMenu.attr('data-table-random-value')
+            const $container = $dropdownMenu.closest('div[id^="table-container-"]')
+            const $table = $container.find(`table[data-table-random-value="${tableRandomValue}"]`)
+            registerDebouncedFunction($container, debouncedNumberElementSaver)
+        })
+    })()
+</script>
\ No newline at end of file

From 866fbc2d51762903b603ab77326433ea3ec6789c Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 28 Oct 2022 11:09:42 +0200
Subject: [PATCH 27/69] chg: [layout:notification-menu] Improved spacing and
 size

---
 templates/element/layouts/header/header-notification-item.php | 2 +-
 webroot/css/layout.css                                        | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/templates/element/layouts/header/header-notification-item.php b/templates/element/layouts/header/header-notification-item.php
index 59a3df8..4457e68 100644
--- a/templates/element/layouts/header/header-notification-item.php
+++ b/templates/element/layouts/header/header-notification-item.php
@@ -21,7 +21,7 @@ $variant = empty($notification['variant']) ? 'primary' : $notification['variant'
             </span>
         <?php endif; ?>
         <span class="notification-text-container">
-            <div class="d-flex justify-content-between align-items-center">
+            <div class="d-flex justify-content-between align-items-center gap-2">
                 <span class="notification-title text-truncate"><?= $this->ValueGetter->get($notification['text']) ?></span>
                 <?php if (!empty($notification['datetime'])) : ?>
                     <small id="<?= $seed ?>" class="notification-date text-muted fw-light"><?= h($notification['datetime']->format('Y-m-d\TH:i:s')) ?></small>
diff --git a/webroot/css/layout.css b/webroot/css/layout.css
index 95c1655..1afecec 100644
--- a/webroot/css/layout.css
+++ b/webroot/css/layout.css
@@ -546,9 +546,10 @@ ul.sidebar-elements > li.category > span.category-divider > hr {
 }
 .navbar .right-navbar .notification-menu a.notification-item .notification-text-container {
     max-width: calc(100% - 40px - 0.25rem);
+    flex-grow: 1;
 }
 .navbar .right-navbar .notification-menu a.notification-item .notification-title {
-    max-width: calc(100% - 90px);
+    max-width: 300px;
 }
 .navbar .right-navbar .notification-menu a.notification-item .notification-date {
     max-width: 90px;

From 7d6696e0792d3c6f8c9ef2651bd629caed6f7978 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 14 Nov 2022 09:04:35 +0100
Subject: [PATCH 28/69] new: [metaFields] Adding support of sane_default +
 improving form & crud - WiP

---
 .../20221028000000_MetaFieldSaneDefault.php   | 34 +++++++
 src/Model/Entity/MetaTemplateField.php        | 27 ++++++
 src/Model/Table/MetaTemplateFieldsTable.php   |  2 +
 templates/MetaTemplateFields/index.php        |  8 ++
 .../Form/Fields/dropdownField.php             | 97 ++++++++++++++++---
 .../genericElements/Form/metaTemplateForm.php | 13 ++-
 .../genericElements/Form/multiFieldButton.php | 29 +++---
 .../Form/multiFieldScaffold.php               | 19 +++-
 8 files changed, 199 insertions(+), 30 deletions(-)
 create mode 100644 config/Migrations/20221028000000_MetaFieldSaneDefault.php

diff --git a/config/Migrations/20221028000000_MetaFieldSaneDefault.php b/config/Migrations/20221028000000_MetaFieldSaneDefault.php
new file mode 100644
index 0000000..b59149c
--- /dev/null
+++ b/config/Migrations/20221028000000_MetaFieldSaneDefault.php
@@ -0,0 +1,34 @@
+<?php
+declare(strict_types=1);
+
+use Migrations\AbstractMigration;
+use Phinx\Db\Adapter\MysqlAdapter;
+
+
+class MetaFieldSaneDefault extends AbstractMigration
+{
+
+    public $autoId = false; // turn off automatic `id` column create. We want it to be `int(10) unsigned`
+
+
+    public function change()
+    {
+        $exists = $this->table('meta_template_fields')->hasColumn('sane_default');
+        if (!$exists) {
+            $this->table('meta_template_fields')
+                ->addColumn('sane_default', 'text', [
+                    'default' => null,
+                    'null' => true,
+                    'limit' => MysqlAdapter::TEXT_LONG,
+                    'comment' => 'List of sane default values to be proposed',
+                ])
+                ->addColumn('values_list', 'text', [
+                    'default' => null,
+                    'null' => true,
+                    'limit' => MysqlAdapter::TEXT_LONG,
+                    'comment' => 'List of values that have to be used',
+                ])
+                ->update();
+        }
+    }
+}
diff --git a/src/Model/Entity/MetaTemplateField.php b/src/Model/Entity/MetaTemplateField.php
index 7baf30a..570fef9 100644
--- a/src/Model/Entity/MetaTemplateField.php
+++ b/src/Model/Entity/MetaTemplateField.php
@@ -7,5 +7,32 @@ use Cake\ORM\Entity;
 
 class MetaTemplateField extends AppModel
 {
+    protected $_virtual = ['form_type', 'form_options', ];
+
+    protected function _getFormType()
+    {
+        $formType = 'text';
+        if (!empty($this->sane_default) || !empty($this->values_list)) {
+            $formType = 'dropdown';
+        }
+        return $formType;
+    }
+
+    protected function _getFormOptions()
+    {
+        $formOptions = [];
+        if ($this->formType === 'dropdown') {
+            $selectOptions = !empty($this->sane_default) ? $this->sane_default : $this->values_list;
+            $selectOptions = array_combine($selectOptions, $selectOptions);
+            if (!empty($this->sane_default)) {
+                // $selectOptions['_custom'] = __('-- custom value --');
+                $selectOptions[] = ['value' => '_custom', 'text' => __('-- custom value --'), 'class' => 'custom-value'];
+            }
+            $selectOptions[''] = __('-- no value --');
+            $formOptions['options'] = $selectOptions;
+            // $formOptions['empty'] = [['value' => '', 'text' => __('-- select an options --'), 'hidden disabled selected value']];
+        }
+        return $formOptions;
+    }
 
 }
diff --git a/src/Model/Table/MetaTemplateFieldsTable.php b/src/Model/Table/MetaTemplateFieldsTable.php
index 626a96c..857361c 100644
--- a/src/Model/Table/MetaTemplateFieldsTable.php
+++ b/src/Model/Table/MetaTemplateFieldsTable.php
@@ -27,6 +27,8 @@ class MetaTemplateFieldsTable extends AppTable
         $this->hasMany('MetaFields');
 
         $this->setDisplayField('field');
+        $this->getSchema()->setColumnType('sane_default', 'json');
+        $this->getSchema()->setColumnType('values_list', 'json');
         $this->loadTypeHandlers();
     }
 
diff --git a/templates/MetaTemplateFields/index.php b/templates/MetaTemplateFields/index.php
index 4071d13..5f41b21 100644
--- a/templates/MetaTemplateFields/index.php
+++ b/templates/MetaTemplateFields/index.php
@@ -30,6 +30,14 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'data_path' => 'multiple',
                 'field' => 'textarea'
             ],
+            [
+                'name' => __('Sane defaults'),
+                'data_path' => 'sane_default'
+            ],
+            [
+                'name' => __('Values List'),
+                'data_path' => 'values_list'
+            ],
             [
                 'name' => __('Validation regex'),
                 'sort' => 'regex',
diff --git a/templates/element/genericElements/Form/Fields/dropdownField.php b/templates/element/genericElements/Form/Fields/dropdownField.php
index 26e8e88..b8d81b2 100644
--- a/templates/element/genericElements/Form/Fields/dropdownField.php
+++ b/templates/element/genericElements/Form/Fields/dropdownField.php
@@ -1,14 +1,87 @@
 <?php
-    $controlParams = [
-        'options' => $fieldData['options'],
-        'empty' => $fieldData['empty'] ?? false,
-        'value' => $fieldData['value'] ?? null,
-        'multiple' => $fieldData['multiple'] ?? false,
-        'disabled' => $fieldData['disabled'] ?? false,
-        'class' => ($fieldData['class'] ?? '') . ' formDropdown form-select',
-        'default' => ($fieldData['default'] ?? null)
-    ];
-    if (!empty($fieldData['label'])) {
-        $controlParams['label'] = $fieldData['label'];
+$seed = 's-' . mt_rand();
+$controlParams = [
+    'type' => 'select',
+    'options' => $fieldData['options'],
+    'empty' => $fieldData['empty'] ?? false,
+    'value' => $fieldData['value'] ?? null,
+    'multiple' => $fieldData['multiple'] ?? false,
+    'disabled' => $fieldData['disabled'] ?? false,
+    'class' => ($fieldData['class'] ?? '') . ' formDropdown form-select',
+    'default' => $fieldData['default'] ?? '',
+];
+if (!empty($fieldData['field'])) { // used for multi meta-field form
+    $controlParams['field'] = $fieldData['field'];
+}
+if (!empty($fieldData['label'])) {
+    $controlParams['label'] = $fieldData['label'];
+}
+if ($controlParams['options'] instanceof \Cake\ORM\Query) {
+    $controlParams['options'] = $controlParams['options']->all()->toList();
+}
+if (in_array('_custom', array_keys($controlParams['options']))) {
+    $customInputValue = $this->Form->getSourceValue($fieldData['field']);
+    if (!in_array($customInputValue, $controlParams['options'])) {
+        $controlParams['options'] = array_map(function ($option) {
+            if (is_array($option) && $option['value'] == '_custom') {
+                $option[] = 'selected';
+            }
+            return $option;
+        }, $controlParams['options']);
+    } else {
+        $customInputValue = '';
     }
-    echo $this->FormFieldMassage->prepareFormElement($this->Form, $controlParams, $fieldData);
+    $customControlParams = [
+        'value' => $fieldData['value'] ?? null,
+        'class' => 'd-none',
+    ];
+    $controlParams['class'] .= ' dropdown-custom-value' . "-$seed";
+    $adaptedField = $fieldData['field'] . '_custom';
+    $controlParams['templates']['formGroup'] = sprintf(
+        '<label class="col-sm-2 col-form-label form-label" {{attrs}}>{{label}}</label><div class="col-sm-10 multi-metafield-input-container"><div class="d-flex form-dropdown-with-freetext input-group">{{input}}{{error}}%s</div></div>',
+        sprintf('<input type="text" class="form-control custom-value" field="%s" value="%s">', h($adaptedField), h($customInputValue))
+    );
+}
+echo $this->FormFieldMassage->prepareFormElement($this->Form, $controlParams, $fieldData);
+?>
+
+<script>
+    (function() {
+        $(document).ready(function() {
+            const $select = $('select.dropdown-custom-value-<?= $seed ?>')
+            toggleFreetextSelectField($select[0]);
+            $select.attr('onclick', 'toggleFreetextSelectField(this)')
+            $select.parent().find('input.custom-value').attr('oninput', 'updateAssociatedSelect(this)')
+            // updateAssociatedSelect($select.parent().find('input.custom-value')[0])
+
+            // Multiple saves in dropdown doesn't work
+            // But multiple saves for custom works but save the first element as `_custom`
+        })
+
+    })()
+
+    function toggleFreetextSelectField(selectEl) {
+        const $select = $(selectEl)
+        const show = $select.val() == '_custom'
+        const $container = $(selectEl).parent()
+        let $freetextInput = $container.find('input.custom-value')
+        if (show) {
+            $freetextInput.removeClass('d-none')
+        } else {
+            $freetextInput.addClass('d-none')
+        }
+    }
+
+    function updateAssociatedSelect(input) {
+        const $input = $(input)
+        const $select = $input.parent().find('select')
+        const $customOption = $select.find('option.custom-value')
+        $customOption.val($input.val())
+    }
+</script>
+
+<style>
+    form div.form-dropdown-with-freetext input.custom-value {
+        flex-grow: 3;
+    }
+</style>
\ No newline at end of file
diff --git a/templates/element/genericElements/Form/metaTemplateForm.php b/templates/element/genericElements/Form/metaTemplateForm.php
index 0a4d934..56e0ac4 100644
--- a/templates/element/genericElements/Form/metaTemplateForm.php
+++ b/templates/element/genericElements/Form/metaTemplateForm.php
@@ -31,7 +31,11 @@ foreach ($metaTemplate->meta_template_fields as $metaTemplateField) {
             $metaField = reset($metaTemplateField->metaFields);
             $fieldData = [
                 'label' => $metaTemplateField->label,
+                'type' => $metaTemplateField->formType,
             ];
+            if ($metaTemplateField->formType === 'dropdown') {
+                $fieldData = array_merge_recursive($fieldData, $metaTemplateField->formOptions);
+            }
             if (isset($metaField->id)) {
                 $fieldData['field'] = sprintf('MetaTemplates.%s.meta_template_fields.%s.metaFields.%s.value', $metaField->meta_template_id, $metaField->meta_template_field_id, $metaField->id);
             } else {
@@ -63,7 +67,11 @@ foreach ($metaTemplate->meta_template_fields as $metaTemplateField) {
             $fieldData = [
                 'field' => sprintf('MetaTemplates.%s.meta_template_fields.%s.metaFields.new.0', $metaTemplateField->meta_template_id, $metaTemplateField->id),
                 'label' => $metaTemplateField->label,
+                'type' => $metaTemplateField->formType,
             ];
+            if ($metaTemplateField->formType === 'dropdown') {
+                $fieldData = array_merge_recursive($fieldData, $metaTemplateField->formOptions);
+            }
             $fieldsHtml .= $this->element(
                 'genericElements/Form/fieldScaffold',
                 [
@@ -74,4 +82,7 @@ foreach ($metaTemplate->meta_template_fields as $metaTemplateField) {
         }
     }
 }
-echo $fieldsHtml;
\ No newline at end of file
+$fieldContainer = $this->Bootstrap->genNode('div', [
+    'class' => [],
+], $fieldsHtml);
+echo $fieldContainer;
\ No newline at end of file
diff --git a/templates/element/genericElements/Form/multiFieldButton.php b/templates/element/genericElements/Form/multiFieldButton.php
index c7c778b..9cfd348 100644
--- a/templates/element/genericElements/Form/multiFieldButton.php
+++ b/templates/element/genericElements/Form/multiFieldButton.php
@@ -45,6 +45,8 @@ $seed = 'mfb-' . mt_rand();
             $clonedContainer
                 .removeClass('has-error')
                 .find('.error-message ').remove()
+            $clonedContainer
+                .find('label.form-label').text('')
             const $clonedInput = $clonedContainer.find('input, select')
             if ($clonedInput.length > 0) {
                 const injectedTemplateId = $clicked.closest('.multi-metafields-container').find('.new-metafield').length
@@ -54,18 +56,21 @@ $seed = 'mfb-' . mt_rand();
             }
         }
 
-        function adjustClonedInputAttr($input, injectedTemplateId) {
-            let explodedPath = $input.attr('field').split('.').splice(0, 5)
-            explodedPath.push('new', injectedTemplateId)
-            dottedPathStr = explodedPath.join('.')
-            brackettedPathStr = explodedPath.map((elem, i) => {
-                return i == 0 ? elem : `[${elem}]`
-            }).join('')
-            $input.attr('id', dottedPathStr)
-                .attr('field', dottedPathStr)
-                .attr('name', brackettedPathStr)
-                .val('')
-                .removeClass('is-invalid')
+        function adjustClonedInputAttr($inputs, injectedTemplateId) {
+            $inputs.each(function() {
+                const $input = $(this)
+                let explodedPath = $input.attr('field').split('.').splice(0, 5)
+                explodedPath.push('new', injectedTemplateId)
+                dottedPathStr = explodedPath.join('.')
+                brackettedPathStr = explodedPath.map((elem, i) => {
+                    return i == 0 ? elem : `[${elem}]`
+                }).join('')
+                $input.attr('id', dottedPathStr)
+                    .attr('field', dottedPathStr)
+                    .attr('name', brackettedPathStr)
+                    .val('')
+                    .removeClass('is-invalid')
+            })
         }
     })()
 </script>
\ No newline at end of file
diff --git a/templates/element/genericElements/Form/multiFieldScaffold.php b/templates/element/genericElements/Form/multiFieldScaffold.php
index 3a73125..89b405c 100644
--- a/templates/element/genericElements/Form/multiFieldScaffold.php
+++ b/templates/element/genericElements/Form/multiFieldScaffold.php
@@ -22,6 +22,7 @@ if (!empty($metaFieldsEntities)) {
                 $metaFieldsEntity->meta_template_field_id,
                 $metaFieldsEntity->id
             ),
+            'type' => $metaTemplateField->formType,
         ];
         if($metaFieldsEntity->isNew()) {
             $fieldData['field'] = sprintf(
@@ -35,6 +36,9 @@ if (!empty($metaFieldsEntities)) {
         if ($labelPrintedOnce) { // Only the first input can have a label
             $fieldData['label'] = false;
         }
+        if ($metaTemplateField->formType === 'dropdown') {
+            $fieldData = array_merge_recursive($fieldData, $metaTemplateField->formOptions);
+        }
         $labelPrintedOnce = true;
         $fieldsHtml .= $this->element(
             'genericElements/Form/fieldScaffold',
@@ -49,14 +53,19 @@ if (!empty($metaTemplateField) && !empty($multiple)) { // Add multiple field but
     $metaTemplateField->label = Inflector::humanize($metaTemplateField->field);
     $emptyMetaFieldInput = '';
     if (empty($metaFieldsEntities)) { // Include editable field for meta-template not containing a meta-field
+        $fieldData = [
+            'label' => $metaTemplateField->label,
+            'field' => sprintf('MetaTemplates.%s.meta_template_fields.%s.metaFields.new.0', $metaTemplateField->meta_template_id, $metaTemplateField->id),
+            'class' => 'new-metafield',
+            'type' => $metaTemplateField->formType,
+        ];
+        if ($metaTemplateField->formType === 'dropdown') {
+            $fieldData = array_merge_recursive($fieldData, $metaTemplateField->formOptions);
+        }
         $emptyMetaFieldInput = $this->element(
             'genericElements/Form/fieldScaffold',
             [
-                'fieldData' => [
-                    'label' => $metaTemplateField->label,
-                    'field' => sprintf('MetaTemplates.%s.meta_template_fields.%s.metaFields.new.0', $metaTemplateField->meta_template_id, $metaTemplateField->id),
-                    'class' => 'new-metafield',
-                ],
+                'fieldData' => $fieldData,
                 'form' => $form,
             ]
         );

From 1d6187198f1c9e55b51d05c88147a79927243475 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 14 Nov 2022 15:34:30 +0100
Subject: [PATCH 29/69] fix: [metafields:dropdown] Patched saving multiple
 fields with custom value

---
 .../genericElements/Form/Fields/dropdownField.php     | 11 ++---------
 .../element/genericElements/Form/multiFieldButton.php | 10 +++++++---
 .../genericElements/Form/multiFieldScaffold.php       |  2 +-
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/templates/element/genericElements/Form/Fields/dropdownField.php b/templates/element/genericElements/Form/Fields/dropdownField.php
index b8d81b2..b71b15b 100644
--- a/templates/element/genericElements/Form/Fields/dropdownField.php
+++ b/templates/element/genericElements/Form/Fields/dropdownField.php
@@ -31,10 +31,6 @@ if (in_array('_custom', array_keys($controlParams['options']))) {
     } else {
         $customInputValue = '';
     }
-    $customControlParams = [
-        'value' => $fieldData['value'] ?? null,
-        'class' => 'd-none',
-    ];
     $controlParams['class'] .= ' dropdown-custom-value' . "-$seed";
     $adaptedField = $fieldData['field'] . '_custom';
     $controlParams['templates']['formGroup'] = sprintf(
@@ -52,17 +48,14 @@ echo $this->FormFieldMassage->prepareFormElement($this->Form, $controlParams, $f
             toggleFreetextSelectField($select[0]);
             $select.attr('onclick', 'toggleFreetextSelectField(this)')
             $select.parent().find('input.custom-value').attr('oninput', 'updateAssociatedSelect(this)')
-            // updateAssociatedSelect($select.parent().find('input.custom-value')[0])
-
-            // Multiple saves in dropdown doesn't work
-            // But multiple saves for custom works but save the first element as `_custom`
+            updateAssociatedSelect($select.parent().find('input.custom-value')[0])
         })
 
     })()
 
     function toggleFreetextSelectField(selectEl) {
         const $select = $(selectEl)
-        const show = $select.val() == '_custom'
+        const show = $select.find('option:selected').hasClass('custom-value')
         const $container = $(selectEl).parent()
         let $freetextInput = $container.find('input.custom-value')
         if (show) {
diff --git a/templates/element/genericElements/Form/multiFieldButton.php b/templates/element/genericElements/Form/multiFieldButton.php
index 9cfd348..ddc17ca 100644
--- a/templates/element/genericElements/Form/multiFieldButton.php
+++ b/templates/element/genericElements/Form/multiFieldButton.php
@@ -65,9 +65,13 @@ $seed = 'mfb-' . mt_rand();
                 brackettedPathStr = explodedPath.map((elem, i) => {
                     return i == 0 ? elem : `[${elem}]`
                 }).join('')
-                $input.attr('id', dottedPathStr)
-                    .attr('field', dottedPathStr)
-                    .attr('name', brackettedPathStr)
+                const attrs = ['id', 'field', 'name']
+                attrs.forEach((attr) => {
+                    if ($input.attr(attr) !== undefined) {
+                        $input.attr(attr, attr === 'name' ? brackettedPathStr : dottedPathStr)
+                    }
+                })
+                $input
                     .val('')
                     .removeClass('is-invalid')
             })
diff --git a/templates/element/genericElements/Form/multiFieldScaffold.php b/templates/element/genericElements/Form/multiFieldScaffold.php
index 89b405c..3099813 100644
--- a/templates/element/genericElements/Form/multiFieldScaffold.php
+++ b/templates/element/genericElements/Form/multiFieldScaffold.php
@@ -34,7 +34,7 @@ if (!empty($metaFieldsEntities)) {
             $fieldData['class'] = 'new-metafield';
         }
         if ($labelPrintedOnce) { // Only the first input can have a label
-            $fieldData['label'] = false;
+            $fieldData['label'] = ['text' => ''];
         }
         if ($metaTemplateField->formType === 'dropdown') {
             $fieldData = array_merge_recursive($fieldData, $metaTemplateField->formOptions);

From b6fdf37d54b8cd40be7d3a9b4fa2ded6566547e1 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 14 Nov 2022 15:34:30 +0100
Subject: [PATCH 30/69] fix: [metafields:dropdown] Patched saving multiple
 fields with custom value

---
 src/Model/Entity/MetaTemplateField.php                |  2 --
 .../genericElements/Form/Fields/dropdownField.php     | 11 ++---------
 .../element/genericElements/Form/multiFieldButton.php | 10 +++++++---
 .../genericElements/Form/multiFieldScaffold.php       |  2 +-
 4 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/src/Model/Entity/MetaTemplateField.php b/src/Model/Entity/MetaTemplateField.php
index 570fef9..110f843 100644
--- a/src/Model/Entity/MetaTemplateField.php
+++ b/src/Model/Entity/MetaTemplateField.php
@@ -25,12 +25,10 @@ class MetaTemplateField extends AppModel
             $selectOptions = !empty($this->sane_default) ? $this->sane_default : $this->values_list;
             $selectOptions = array_combine($selectOptions, $selectOptions);
             if (!empty($this->sane_default)) {
-                // $selectOptions['_custom'] = __('-- custom value --');
                 $selectOptions[] = ['value' => '_custom', 'text' => __('-- custom value --'), 'class' => 'custom-value'];
             }
             $selectOptions[''] = __('-- no value --');
             $formOptions['options'] = $selectOptions;
-            // $formOptions['empty'] = [['value' => '', 'text' => __('-- select an options --'), 'hidden disabled selected value']];
         }
         return $formOptions;
     }
diff --git a/templates/element/genericElements/Form/Fields/dropdownField.php b/templates/element/genericElements/Form/Fields/dropdownField.php
index b8d81b2..b71b15b 100644
--- a/templates/element/genericElements/Form/Fields/dropdownField.php
+++ b/templates/element/genericElements/Form/Fields/dropdownField.php
@@ -31,10 +31,6 @@ if (in_array('_custom', array_keys($controlParams['options']))) {
     } else {
         $customInputValue = '';
     }
-    $customControlParams = [
-        'value' => $fieldData['value'] ?? null,
-        'class' => 'd-none',
-    ];
     $controlParams['class'] .= ' dropdown-custom-value' . "-$seed";
     $adaptedField = $fieldData['field'] . '_custom';
     $controlParams['templates']['formGroup'] = sprintf(
@@ -52,17 +48,14 @@ echo $this->FormFieldMassage->prepareFormElement($this->Form, $controlParams, $f
             toggleFreetextSelectField($select[0]);
             $select.attr('onclick', 'toggleFreetextSelectField(this)')
             $select.parent().find('input.custom-value').attr('oninput', 'updateAssociatedSelect(this)')
-            // updateAssociatedSelect($select.parent().find('input.custom-value')[0])
-
-            // Multiple saves in dropdown doesn't work
-            // But multiple saves for custom works but save the first element as `_custom`
+            updateAssociatedSelect($select.parent().find('input.custom-value')[0])
         })
 
     })()
 
     function toggleFreetextSelectField(selectEl) {
         const $select = $(selectEl)
-        const show = $select.val() == '_custom'
+        const show = $select.find('option:selected').hasClass('custom-value')
         const $container = $(selectEl).parent()
         let $freetextInput = $container.find('input.custom-value')
         if (show) {
diff --git a/templates/element/genericElements/Form/multiFieldButton.php b/templates/element/genericElements/Form/multiFieldButton.php
index 9cfd348..ddc17ca 100644
--- a/templates/element/genericElements/Form/multiFieldButton.php
+++ b/templates/element/genericElements/Form/multiFieldButton.php
@@ -65,9 +65,13 @@ $seed = 'mfb-' . mt_rand();
                 brackettedPathStr = explodedPath.map((elem, i) => {
                     return i == 0 ? elem : `[${elem}]`
                 }).join('')
-                $input.attr('id', dottedPathStr)
-                    .attr('field', dottedPathStr)
-                    .attr('name', brackettedPathStr)
+                const attrs = ['id', 'field', 'name']
+                attrs.forEach((attr) => {
+                    if ($input.attr(attr) !== undefined) {
+                        $input.attr(attr, attr === 'name' ? brackettedPathStr : dottedPathStr)
+                    }
+                })
+                $input
                     .val('')
                     .removeClass('is-invalid')
             })
diff --git a/templates/element/genericElements/Form/multiFieldScaffold.php b/templates/element/genericElements/Form/multiFieldScaffold.php
index 89b405c..3099813 100644
--- a/templates/element/genericElements/Form/multiFieldScaffold.php
+++ b/templates/element/genericElements/Form/multiFieldScaffold.php
@@ -34,7 +34,7 @@ if (!empty($metaFieldsEntities)) {
             $fieldData['class'] = 'new-metafield';
         }
         if ($labelPrintedOnce) { // Only the first input can have a label
-            $fieldData['label'] = false;
+            $fieldData['label'] = ['text' => ''];
         }
         if ($metaTemplateField->formType === 'dropdown') {
             $fieldData = array_merge_recursive($fieldData, $metaTemplateField->formOptions);

From 84069cfe4074e2ef268a2da3320a80015ab1fb00 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 14 Nov 2022 15:45:28 +0100
Subject: [PATCH 31/69] chg: [metaTemplateField] More generic way to specify
 form type

---
 src/Model/Entity/MetaTemplateField.php                 |  2 ++
 .../element/genericElements/Form/metaTemplateForm.php  | 10 ++--------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/Model/Entity/MetaTemplateField.php b/src/Model/Entity/MetaTemplateField.php
index 110f843..1a355d8 100644
--- a/src/Model/Entity/MetaTemplateField.php
+++ b/src/Model/Entity/MetaTemplateField.php
@@ -14,6 +14,8 @@ class MetaTemplateField extends AppModel
         $formType = 'text';
         if (!empty($this->sane_default) || !empty($this->values_list)) {
             $formType = 'dropdown';
+        } else if ($this->type === 'boolean') {
+            $formType = 'checkbox';
         }
         return $formType;
     }
diff --git a/templates/element/genericElements/Form/metaTemplateForm.php b/templates/element/genericElements/Form/metaTemplateForm.php
index c09982d..f52cbb2 100644
--- a/templates/element/genericElements/Form/metaTemplateForm.php
+++ b/templates/element/genericElements/Form/metaTemplateForm.php
@@ -33,7 +33,7 @@ foreach ($metaTemplate->meta_template_fields as $metaTemplateField) {
                 'label' => $metaTemplateField->label,
                 'type' => $metaTemplateField->formType,
             ];
-            if ($metaTemplateField->formType === 'dropdown') {
+            if (!empty($metaTemplateField->formOptions)) {
                 $fieldData = array_merge_recursive($fieldData, $metaTemplateField->formOptions);
             }
             if (isset($metaField->id)) {
@@ -41,9 +41,6 @@ foreach ($metaTemplate->meta_template_fields as $metaTemplateField) {
             } else {
                 $fieldData['field'] = sprintf('MetaTemplates.%s.meta_template_fields.%s.metaFields.%s.value', $metaField->meta_template_id, $metaField->meta_template_field_id, array_key_first($metaTemplateField->metaFields));
             }
-            if ($metaTemplateField->type === 'boolean') {
-                $fieldData['type'] = 'checkbox';
-            }
             $this->Form->setTemplates($backupTemplates);
             $fieldsHtml .= $this->element(
                 'genericElements/Form/fieldScaffold',
@@ -72,12 +69,9 @@ foreach ($metaTemplate->meta_template_fields as $metaTemplateField) {
                 'label' => $metaTemplateField->label,
                 'type' => $metaTemplateField->formType,
             ];
-            if ($metaTemplateField->formType === 'dropdown') {
+            if (!empty($metaTemplateField->formOptions)) {
                 $fieldData = array_merge_recursive($fieldData, $metaTemplateField->formOptions);
             }
-            // if ($metaTemplateField->type === 'boolean') {
-            //     $fieldData['type'] = 'checkbox';
-            // }
             $fieldsHtml .= $this->element(
                 'genericElements/Form/fieldScaffold',
                 [

From 0b26bd629fc8e4df7050f47bb89366f9c9311c23 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 14 Nov 2022 15:55:07 +0100
Subject: [PATCH 32/69] fix: [crud:index] requestedEntryAmount doesn't reset
 the query anymore

---
 src/Controller/Component/CRUDComponent.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index c4838df..f932e5a 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -115,7 +115,7 @@ class CRUDComponent extends Component
             if ($this->metaFieldsSupported()) {
                 $query = $this->includeRequestedMetaFields($query);
             }
-            $query = $this->setRequestedEntryAmount($query);
+            $this->setRequestedEntryAmount();
             $data = $this->Controller->paginate($query, $this->Controller->paginate ?? []);
             if (isset($options['afterFind'])) {
                 $function = $options['afterFind'];

From 62c228c44e33185c872f0fa63fade19224048d6e Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 14 Nov 2022 16:11:18 +0100
Subject: [PATCH 33/69] chg: [auditLogs:index] Added possibility to view and
 filter logs base on `created` field

---
 src/Controller/AuditLogsController.php | 3 +--
 templates/AuditLogs/index.php          | 6 ++++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/Controller/AuditLogsController.php b/src/Controller/AuditLogsController.php
index fd1be94..e3e4e0c 100644
--- a/src/Controller/AuditLogsController.php
+++ b/src/Controller/AuditLogsController.php
@@ -8,11 +8,10 @@ use Cake\ORM\TableRegistry;
 use \Cake\Database\Expression\QueryExpression;
 use Cake\Http\Exception\UnauthorizedException;
 use Cake\Core\Configure;
-use PhpParser\Node\Stmt\Echo_;
 
 class AuditLogsController extends AppController
 {
-    public $filterFields = ['model_id', 'model', 'request_action', 'user_id', 'model_title'];
+    public $filterFields = ['model_id', 'model', 'request_action', 'user_id', 'model_title', 'AuditLogs.created'];
     public $quickFilterFields = ['model', 'request_action', 'model_title'];
     public $containFields = ['Users'];
 
diff --git a/templates/AuditLogs/index.php b/templates/AuditLogs/index.php
index e46892c..52526f6 100644
--- a/templates/AuditLogs/index.php
+++ b/templates/AuditLogs/index.php
@@ -28,6 +28,12 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'sort' => 'request_ip',
                 'data_path' => 'request_ip',
             ],
+            [
+                'name' => 'created',
+                'sort' => 'created',
+                'data_path' => 'created',
+                'element' => 'datetime'
+            ],
             [
                 'name' => __('Username'),
                 'sort' => 'user.username',

From a9e85a34d3a271c88bb2b093250b33e7565afd55 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:03:11 +0100
Subject: [PATCH 34/69] fix: [instance:settings] Revert setting back to its
 original in case of failure

---
 webroot/js/settings.js | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/webroot/js/settings.js b/webroot/js/settings.js
index 622f9a0..e91ef81 100644
--- a/webroot/js/settings.js
+++ b/webroot/js/settings.js
@@ -67,14 +67,21 @@ function saveAndUpdateSetting(statusNode, $input, settingName, settingValue) {
         settingValue = JSON.stringify(settingValue)
     }
     saveSetting(statusNode, settingName, settingValue).then((result) => {
-        window.settingsFlattened[settingName] = result.data
-        if ($input.attr('type') == 'checkbox') {
-            $input.prop('checked', result.data.value == true)
-        } else {
-            $input.val(result.data.value)
-        }
+        updateSettingValue($input, settingName, result.data)
+    }).catch((e) => {
+        updateSettingValue($input, settingName, window.settingsFlattened[settingName])
+    }).finally(() => {
         handleSettingValueChange($input)
-    }).catch((e) => { })
+    })
+}
+
+function updateSettingValue($input, settingName, settingValue) {
+    window.settingsFlattened[settingName] = settingValue
+    if ($input.attr('type') == 'checkbox') {
+        $input.prop('checked', settingValue.value == true)
+    } else {
+        $input.val(settingValue.value)
+    }
 }
 
 function handleSettingValueChange($input) {

From f5b946d5a9f21e6ef6e889ae93c1234836ad6dcb Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:11:06 +0100
Subject: [PATCH 35/69] new: [element:bootstrapUI] To create HTML from
 BootrstrapHelper by using element

---
 templates/element/bootstrapUI.php | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 templates/element/bootstrapUI.php

diff --git a/templates/element/bootstrapUI.php b/templates/element/bootstrapUI.php
new file mode 100644
index 0000000..b21d876
--- /dev/null
+++ b/templates/element/bootstrapUI.php
@@ -0,0 +1,7 @@
+<?php
+if (!empty($element)) {
+    echo $this->Bootstrap->{$element}([
+        'text' => $text,
+        'variant' => $variant,
+    ]);
+}
\ No newline at end of file

From be7293a5a41f1fc19477a4d11a5864ecc6102980 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:12:03 +0100
Subject: [PATCH 36/69] new: [listTopBar:contextFilters] Added support of
 element to generate filter content

---
 .../ListTopBar/group_context_filters.php             | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/templates/element/genericElements/ListTopBar/group_context_filters.php b/templates/element/genericElements/ListTopBar/group_context_filters.php
index e441515..71b97e6 100644
--- a/templates/element/genericElements/ListTopBar/group_context_filters.php
+++ b/templates/element/genericElements/ListTopBar/group_context_filters.php
@@ -21,7 +21,7 @@
         } else {
             $currentFilteringContext = $filteringContext['filterCondition'];
         }
-        $contextArray[] = [
+        $contextItem = [
             'active' => (
                 (
                     $currentQuery == $currentFilteringContext &&                // query conditions match
@@ -42,9 +42,17 @@
                 "#table-container-${tableRandomValue}",
                 "#table-container-${tableRandomValue} table.table",
             ],
-            'text' => $filteringContext['label'],
             'class' => 'btn-sm'
         ];
+        if (!empty($filteringContext['viewElement'])) {
+            $contextItem['html'] = $this->element(
+                $filteringContext['viewElement'],
+                $filteringContext['viewElementParams'] ?? []
+            );
+        } else {
+            $contextItem['text'] = $filteringContext['label'];
+        }
+        $contextArray[] = $contextItem;
     }
 
     $dataGroup = [

From 1626037239625d53b28d46e08004f0884fd7d91a Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:13:40 +0100
Subject: [PATCH 37/69] fix: [outboxProcessor:generic] Added support of
 severity

---
 .../OutboxProcessors/GenericOutboxProcessor.php   | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/libraries/default/OutboxProcessors/GenericOutboxProcessor.php b/libraries/default/OutboxProcessors/GenericOutboxProcessor.php
index 98df5f3..6cd9cfb 100644
--- a/libraries/default/OutboxProcessors/GenericOutboxProcessor.php
+++ b/libraries/default/OutboxProcessors/GenericOutboxProcessor.php
@@ -20,9 +20,14 @@ class GenericOutboxProcessor
     protected $validator;
     protected $processingTemplate = '/genericTemplates/confirm';
     protected $processingTemplatesDirectory = ROOT . '/libraries/default/OutboxProcessors/templates';
+    protected $defaultSeverity;
+    protected $severity;
+
 
     public function __construct($registerActions=false) {
         $this->Outbox = TableRegistry::getTableLocator()->get('Outbox');
+        $this->Inbox = TableRegistry::getTableLocator()->get('Inbox');
+        $this->defaultSeverity = $this->Inbox::SEVERITY_INFO;
         if ($registerActions) {
             $this->registerActionInProcessor();
         }
@@ -55,6 +60,10 @@ class GenericOutboxProcessor
     {
         return $this->description ?? '';
     }
+    public function getSeverity()
+    {
+        return $this->severity ?? $this->defaultSeverity;
+    }
 
     protected function getProcessingTemplatePath()
     {
@@ -77,8 +86,9 @@ class GenericOutboxProcessor
         $builder = new ViewBuilder();
         $builder->disableAutoLayout()
             ->setClassName('Monad')
-            ->setTemplate($processingTemplate);
-        $view = $builder->build($viewVariables);
+            ->setTemplate($processingTemplate)
+            ->setVars($viewVariables);
+        $view = $builder->build();
         $view->setRequest($serverRequest);
         return $view->render();
     }
@@ -193,6 +203,7 @@ class GenericOutboxProcessor
         $user_id = Router::getRequest()->getSession()->read('Auth.id');
         $requestData['scope'] = $this->scope;
         $requestData['action'] = $this->action;
+        $requestData['severity'] = $this->getSeverity();
         $requestData['user_id'] = $user_id;
         $request = $this->generateRequest($requestData);
         $savedRequest = $this->Outbox->createEntry($request);

From 407f827e24dcbd2479688740965446a07483e6e9 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:14:25 +0100
Subject: [PATCH 38/69] chg: [processors] Added adequate severity for some
 inbox/outbox processors

---
 libraries/default/InboxProcessors/LocalToolInboxProcessor.php  | 3 +++
 .../default/InboxProcessors/SynchronisationInboxProcessor.php  | 1 +
 libraries/default/InboxProcessors/UserInboxProcessor.php       | 1 +
 libraries/default/OutboxProcessors/BroodsOutboxProcessor.php   | 1 +
 4 files changed, 6 insertions(+)

diff --git a/libraries/default/InboxProcessors/LocalToolInboxProcessor.php b/libraries/default/InboxProcessors/LocalToolInboxProcessor.php
index 2dacab8..b2d84b0 100644
--- a/libraries/default/InboxProcessors/LocalToolInboxProcessor.php
+++ b/libraries/default/InboxProcessors/LocalToolInboxProcessor.php
@@ -179,6 +179,7 @@ class IncomingConnectionRequestProcessor extends LocalToolInboxProcessor impleme
 
     public function __construct() {
         parent::__construct();
+        $this->severity = $this->Inbox::SEVERITY_WARNING;
         $this->description = __('Handle Phase I of inter-connection when another cerebrate instance performs the request.');
     }
 
@@ -291,6 +292,7 @@ class AcceptedRequestProcessor extends LocalToolInboxProcessor implements Generi
 
     public function __construct() {
         parent::__construct();
+        $this->severity = $this->Inbox::SEVERITY_WARNING;
         $this->description = __('Handle Phase II of inter-connection when initial request has been accepted by the remote cerebrate.');
     }
 
@@ -367,6 +369,7 @@ class DeclinedRequestProcessor extends LocalToolInboxProcessor implements Generi
 
     public function __construct() {
         parent::__construct();
+        $this->severity = $this->Inbox::SEVERITY_WARNING;
         $this->description = __('Handle Phase II of MISP inter-connection when initial request has been declined by the remote cerebrate.');
     }
 
diff --git a/libraries/default/InboxProcessors/SynchronisationInboxProcessor.php b/libraries/default/InboxProcessors/SynchronisationInboxProcessor.php
index 2a243cd..d95154e 100644
--- a/libraries/default/InboxProcessors/SynchronisationInboxProcessor.php
+++ b/libraries/default/InboxProcessors/SynchronisationInboxProcessor.php
@@ -28,6 +28,7 @@ class DataExchangeProcessor extends SynchronisationInboxProcessor implements Gen
 
     public function __construct() {
         parent::__construct();
+        $this->severity = $this->Inbox::SEVERITY_WARNING;
         $this->description = __('Handle exchange of data between two cerebrate instances');
         $this->Users = TableRegistry::getTableLocator()->get('Users');
     }
diff --git a/libraries/default/InboxProcessors/UserInboxProcessor.php b/libraries/default/InboxProcessors/UserInboxProcessor.php
index abb9550..96656c1 100644
--- a/libraries/default/InboxProcessors/UserInboxProcessor.php
+++ b/libraries/default/InboxProcessors/UserInboxProcessor.php
@@ -31,6 +31,7 @@ class RegistrationProcessor extends UserInboxProcessor implements GenericInboxPr
 
     public function __construct() {
         parent::__construct();
+        $this->severity = $this->Inbox::SEVERITY_WARNING;
         $this->description = __('Handle user account for this cerebrate instance');
     }
 
diff --git a/libraries/default/OutboxProcessors/BroodsOutboxProcessor.php b/libraries/default/OutboxProcessors/BroodsOutboxProcessor.php
index 9bf79ae..8bde905 100644
--- a/libraries/default/OutboxProcessors/BroodsOutboxProcessor.php
+++ b/libraries/default/OutboxProcessors/BroodsOutboxProcessor.php
@@ -70,6 +70,7 @@ class ResendFailedMessageProcessor extends BroodsOutboxProcessor implements Gene
     public function __construct() {
         parent::__construct();
         $this->description = __('Handle re-sending messages that failed to be received from other cerebrate instances.');
+        $this->severity = $this->Inbox::SEVERITY_WARNING;
         $this->Broods = TableRegistry::getTableLocator()->get('Broods');
         $this->LocalTools = \Cake\ORM\TableRegistry::getTableLocator()->get('LocalTools');
     }

From d23cf2e2c6f280d27e5d832abca8cd88982d04da Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:21:26 +0100
Subject: [PATCH 39/69] new: [inbox:index] Added support of various context
 filtering

- My notification includes message without user_ids
- User registration
- Inter-connection requests
- Data changed
- severity:*
---
 src/Controller/InboxController.php | 87 +++++++++++++++++++++++++++++-
 1 file changed, 86 insertions(+), 1 deletion(-)

diff --git a/src/Controller/InboxController.php b/src/Controller/InboxController.php
index 388dbfa..700e5ef 100644
--- a/src/Controller/InboxController.php
+++ b/src/Controller/InboxController.php
@@ -43,9 +43,94 @@ class InboxController extends AppController
                     [
                         'default' => true,
                         'label' => __('My Notifications'),
+                        'filterConditionFunction' => function ($query) {
+                            return $query->where(function(QueryExpression $exp) {
+                                return $exp->or(['user_id' => $this->ACL->getUser()['id']])
+                                    ->isNull('user_id');
+                            });
+                        }
+                    ],
+                    [
+                        'label' => __('User Registration'),
                         'filterConditionFunction' => function ($query) {
                             return $query->where([
-                                'user_id' => $this->ACL->getUser()['id'],
+                                'scope' => 'User',
+                                'action' => 'Registration',
+                            ]);
+                        }
+                    ],
+                    [
+                        'label' => __('Inter-connection Requests'),
+                        'filterConditionFunction' => function ($query) {
+                            return $query->where([
+                                'scope' => 'LocalTool',
+                                'action IN' => ['IncomingConnectionRequest', 'AcceptedRequest', 'DeclinedRequest'],
+                            ]);
+                        }
+                    ],
+                    [
+                        'label' => __('Data changed'),
+                        'filterConditionFunction' => function ($query) {
+                            return $query->where([
+                                'user_id' => $this->ACL->getUser()['id'], // Each admin get a message about data changes
+                                'scope' => 'Notification',
+                                'action' => 'DataChange',
+                            ]);
+                        }
+                    ],
+                    [
+                        'label' => 'severity:primary',
+                        'viewElement' => 'bootstrapUI',
+                        'viewElementParams' => [
+                            'element' => 'badge',
+                            'text' => $this->Inbox->severityVariant[$this->Inbox::SEVERITY_PRIMARY],
+                            'variant' => $this->Inbox->severityVariant[$this->Inbox::SEVERITY_PRIMARY],
+                        ],
+                        'filterConditionFunction' => function ($query) {
+                            return $query->where([
+                                'severity' => $this->Inbox::SEVERITY_PRIMARY,
+                            ]);
+                        }
+                    ],
+                    [
+                        'label' => 'severity:info',
+                        'viewElement' => 'bootstrapUI',
+                        'viewElementParams' => [
+                            'element' => 'badge',
+                            'text' => $this->Inbox->severityVariant[$this->Inbox::SEVERITY_INFO],
+                            'variant' => $this->Inbox->severityVariant[$this->Inbox::SEVERITY_INFO],
+                        ],
+                        'filterConditionFunction' => function ($query) {
+                            return $query->where([
+                                'severity' => $this->Inbox::SEVERITY_INFO,
+                            ]);
+                        }
+                    ],
+                    [
+                        'label' => 'severity:warning',
+                        'viewElement' => 'bootstrapUI',
+                        'viewElementParams' => [
+                            'element' => 'badge',
+                            'text' => $this->Inbox->severityVariant[$this->Inbox::SEVERITY_WARNING],
+                            'variant' => $this->Inbox->severityVariant[$this->Inbox::SEVERITY_WARNING],
+                        ],
+                        'filterConditionFunction' => function ($query) {
+                            return $query->where([
+                                'severity' => $this->Inbox::SEVERITY_WARNING,
+                            ]);
+                        }
+                    ],
+                    [
+                        'label' => 'severity:danger',
+                        'viewElement' => 'bootstrapUI',
+                        'viewElementParams' => [
+                            'element' => 'badge',
+                            'text' => $this->Inbox->severityVariant[$this->Inbox::SEVERITY_DANGER],
+                            'variant' => $this->Inbox->severityVariant[$this->Inbox::SEVERITY_DANGER],
+                        ],
+                        'filterConditionFunction' => function ($query) {
+                            return $query->where([
+                                'severity' => $this->Inbox::SEVERITY_DANGER,
                             ]);
                         }
                     ],

From 6ed9978661fe35b9ee5fea4ec7fdaf0c36a10d5b Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:22:02 +0100
Subject: [PATCH 40/69] chg: [inbox:filtering] Possibility to filter on
 severity

---
 src/Controller/InboxController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/InboxController.php b/src/Controller/InboxController.php
index 700e5ef..2abfb47 100644
--- a/src/Controller/InboxController.php
+++ b/src/Controller/InboxController.php
@@ -16,7 +16,7 @@ use Cake\Http\Exception\ForbiddenException;
 
 class InboxController extends AppController
 {
-    public $filterFields = ['scope', 'action', 'Inbox.created', 'title', 'origin', 'message', 'Users.id', 'Users.username',];
+    public $filterFields = ['scope', 'action', 'Inbox.created', 'severity', 'title', 'origin', 'message', 'Users.id', 'Users.username',];
     public $quickFilterFields = ['scope', 'action', ['title' => true], ['message' => true], 'origin'];
     public $containFields = ['Users'];
 

From 14b41451acad543056407bd98bbbb7dbaac4e680 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:27:12 +0100
Subject: [PATCH 41/69] fix: [genericTemplates:filters] Make sure to always
 return a string when fetching data

---
 templates/genericTemplates/filters.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/genericTemplates/filters.php b/templates/genericTemplates/filters.php
index d900104..a193721 100644
--- a/templates/genericTemplates/filters.php
+++ b/templates/genericTemplates/filters.php
@@ -202,7 +202,7 @@ echo $this->Bootstrap->modal([
         rowData['operator'] = $row.find('select.fieldOperator').val()
         const $formElement = $row.find('.fieldValue');
         if ($formElement.attr('type') === 'datetime-local') {
-            rowData['value'] = moment($formElement.val()).toISOString()
+            rowData['value'] = $formElement.val().length > 0 ? moment($formElement.val()).toISOString() : $formElement.val()
         } else {
             rowData['value'] = $formElement.val()
         }

From 31750da7c969e9291f08af5de601298859b5bd7a Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:40:59 +0100
Subject: [PATCH 42/69] chg: [organisation:index] Removed ENISA-specific quick
 filters

But kept them as develop documentation...
---
 src/Controller/OrganisationsController.php | 72 +++++++++++-----------
 1 file changed, 37 insertions(+), 35 deletions(-)

diff --git a/src/Controller/OrganisationsController.php b/src/Controller/OrganisationsController.php
index 3106593..e5d9ad5 100644
--- a/src/Controller/OrganisationsController.php
+++ b/src/Controller/OrganisationsController.php
@@ -20,46 +20,48 @@ class OrganisationsController extends AppController
 
     public function index()
     {
+        $customContextFilters = [
+            // [
+            //     'label' => __('ENISA Accredited'),
+            //     'filterCondition' => [
+            //         'MetaFields.field' => 'enisa-tistatus',
+            //         'MetaFields.value' => 'Accredited',
+            //         'MetaFields.MetaTemplates.name' => 'ENISA CSIRT Network'
+            //     ]
+            // ],
+            // [
+            //     'label' => __('ENISA not-Accredited'),
+            //     'filterCondition' => [
+            //         'MetaFields.field' => 'enisa-tistatus',
+            //         'MetaFields.value !=' => 'Accredited',
+            //         'MetaFields.MetaTemplates.name' => 'ENISA CSIRT Network'
+            //     ]
+            // ],
+            // [
+            //     'label' => __('ENISA CSIRT Network (GOV)'),
+            //     'filterConditionFunction' => function ($query) {
+            //         return $this->CRUD->setParentConditionsForMetaFields($query, [
+            //             'ENISA CSIRT Network' => [
+            //                 [
+            //                     'field' => 'constituency',
+            //                     'value LIKE' => '%Government%',
+            //                 ],
+            //                 [
+            //                     'field' => 'csirt-network-status',
+            //                     'value' => 'Member',
+            //                 ],
+            //             ]
+            //         ]);
+            //     }
+            // ],
+        ];
+
         $this->CRUD->index([
             'filters' => $this->filterFields,
             'quickFilters' => $this->quickFilterFields,
             'quickFilterForMetaField' => ['enabled' => true, 'wildcard_search' => true],
             'contextFilters' => [
-                'custom' => [
-                    [
-                        'label' => __('ENISA Accredited'),
-                        'filterCondition' => [
-                            'MetaFields.field' => 'enisa-tistatus',
-                            'MetaFields.value' => 'Accredited',
-                            'MetaFields.MetaTemplates.name' => 'ENISA CSIRT Network'
-                        ]
-                    ],
-                    [
-                        'label' => __('ENISA not-Accredited'),
-                        'filterCondition' => [
-                            'MetaFields.field' => 'enisa-tistatus',
-                            'MetaFields.value !=' => 'Accredited',
-                            'MetaFields.MetaTemplates.name' => 'ENISA CSIRT Network'
-                        ]
-                    ],
-                    [
-                        'label' => __('ENISA CSIRT Network (GOV)'),
-                        'filterConditionFunction' => function($query) {
-                            return $this->CRUD->setParentConditionsForMetaFields($query, [
-                                'ENISA CSIRT Network' => [
-                                    [
-                                        'field' => 'constituency',
-                                        'value LIKE' => '%Government%',
-                                    ],
-                                    [
-                                        'field' => 'csirt-network-status',
-                                        'value' => 'Member',
-                                    ],
-                                ]
-                            ]);
-                        }
-                    ]
-                ],
+                'custom' => $customContextFilters,
             ],
             'contain' => $this->containFields,
             'statisticsFields' => $this->statisticsFields,

From ae8ecf39555b93b6805be463b9eb0380f40a5234 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 11:41:30 +0100
Subject: [PATCH 43/69] chg: [organisation:index] Added quickfilter showing all
 orgs having the same nationality as logged user.org

---
 src/Controller/OrganisationsController.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Controller/OrganisationsController.php b/src/Controller/OrganisationsController.php
index e5d9ad5..aa522c0 100644
--- a/src/Controller/OrganisationsController.php
+++ b/src/Controller/OrganisationsController.php
@@ -56,6 +56,16 @@ class OrganisationsController extends AppController
             // ],
         ];
 
+        $loggedUserOrganisationNationality = $this->ACL->getUser()['organisation']['nationality'];
+        if (!empty($loggedUserOrganisationNationality)) {
+            $customContextFilters[] = [
+                'label' => __('Country: {0}', $loggedUserOrganisationNationality),
+                'filterCondition' => [
+                    'nationality' => $loggedUserOrganisationNationality,
+                ]
+                ];
+        }
+
         $this->CRUD->index([
             'filters' => $this->filterFields,
             'quickFilters' => $this->quickFilterFields,

From a9ef415f9dec84fb55ae01d2c5f5d7741f7d7818 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 14:54:01 +0100
Subject: [PATCH 44/69] fix: [organisation:index] Indentation fix

---
 src/Controller/OrganisationsController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/OrganisationsController.php b/src/Controller/OrganisationsController.php
index aa522c0..93ddfb9 100644
--- a/src/Controller/OrganisationsController.php
+++ b/src/Controller/OrganisationsController.php
@@ -63,7 +63,7 @@ class OrganisationsController extends AppController
                 'filterCondition' => [
                     'nationality' => $loggedUserOrganisationNationality,
                 ]
-                ];
+            ];
         }
 
         $this->CRUD->index([

From 41e425cfa270a240fd27932702de47953e447f03 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 14:54:44 +0100
Subject: [PATCH 45/69] new: [metaTemplateField] Added `index_type` virtual
 property to use the correct index_table element

---
 src/Model/Entity/MetaTemplateField.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/Model/Entity/MetaTemplateField.php b/src/Model/Entity/MetaTemplateField.php
index 1a355d8..958c3de 100644
--- a/src/Model/Entity/MetaTemplateField.php
+++ b/src/Model/Entity/MetaTemplateField.php
@@ -7,7 +7,20 @@ use Cake\ORM\Entity;
 
 class MetaTemplateField extends AppModel
 {
-    protected $_virtual = ['form_type', 'form_options', ];
+    protected $_virtual = ['index_type', 'form_type', 'form_options', ];
+
+    protected function _getIndexType()
+    {
+        $indexType = 'text';
+        if ($this->type === 'boolean') {
+            $indexType = 'boolean';
+        } else if ($this->type === 'date') {
+            $indexType = 'datetime';
+        } else if ($this->type === 'ipv4' || $this->type === 'ipv6') {
+            $indexType = 'text';
+        }
+        return $indexType;
+    }
 
     protected function _getFormType()
     {

From d15f74698fb4133c13e0195882b654894616fed3 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 15 Nov 2022 14:55:26 +0100
Subject: [PATCH 46/69] chg: [genericElement:index_table] Use provided element
 for the metafields

---
 templates/element/genericElements/IndexTable/index_table.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/element/genericElements/IndexTable/index_table.php b/templates/element/genericElements/IndexTable/index_table.php
index dc7453c..956fcf8 100644
--- a/templates/element/genericElements/IndexTable/index_table.php
+++ b/templates/element/genericElements/IndexTable/index_table.php
@@ -25,10 +25,12 @@ if (!empty($requestedMetaFields)) { // Create mapping for new index table fields
     foreach ($requestedMetaFields as $requestedMetaField) {
         $template_id = $requestedMetaField['template_id'];
         $meta_template_field_id = $requestedMetaField['meta_template_field_id'];
+        $viewElementCandidate = $meta_templates[$template_id]['meta_template_fields'][$meta_template_field_id]['index_type'];
+        $viewElementCandidatePath = '/genericElements/IndexTable/Fields/' . $viewElementCandidate;
         $newMetaFields[] = [
             'name' => $meta_templates[$template_id]['meta_template_fields'][$meta_template_field_id]['field'],
             'data_path' => "MetaTemplates.{$template_id}.meta_template_fields.{$meta_template_field_id}.metaFields.{n}.value",
-            'element' => 'generic_field',
+            'element' => $this->elementExists($viewElementCandidatePath) ? $viewElementCandidate : 'generic_field',
             '_metafield' => true,
             '_automatic_field' => true,
         ];

From f24d6c2cc83ee2a12bd2b481a00a113d113b1f56 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 28 Nov 2022 08:44:30 +0100
Subject: [PATCH 47/69] chg: [command:summary] Added support of destination
 folder

---
 src/Command/SummaryCommand.php | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/Command/SummaryCommand.php b/src/Command/SummaryCommand.php
index 721d885..cf5debf 100644
--- a/src/Command/SummaryCommand.php
+++ b/src/Command/SummaryCommand.php
@@ -11,7 +11,7 @@ use Cake\Console\Command;
 use Cake\Console\Arguments;
 use Cake\Console\ConsoleIo;
 use Cake\Console\ConsoleOptionParser;
-use Cake\Filesystem\File;
+use Cake\Filesystem\Folder;
 use Cake\Utility\Hash;
 use Cake\Utility\Text;
 use Cake\Validation\Validator;
@@ -22,7 +22,7 @@ class SummaryCommand extends Command
 {
     protected function buildOptionParser(ConsoleOptionParser $parser): ConsoleOptionParser
     {
-        $parser->setDescription('Create a summary for data associated to the passed nationality that has been modified.');
+        $parser->setDescription('Create a summary for data associated to the passed nationality that has been modified. Summaries will be printed out in STDIN and written in individual `txt` files.');
         $parser->addArgument('nationality', [
             'short' => 'n',
             'help' => 'The organisation nationality.',
@@ -33,6 +33,11 @@ class SummaryCommand extends Command
             'help' => 'The amount of days to look back in the logs',
             'default' => 7
         ]);
+        $parser->addOption('output', [
+            'short' => 'o',
+            'help' => 'The destination folder where to write the files',
+            'default' => '/tmp'
+        ]);
         return $parser;
     }
 
@@ -49,15 +54,16 @@ class SummaryCommand extends Command
         }
         foreach ($nationalities as $nationality) {
             $this->io->out(sprintf('Nationality: %s', $nationality));
-            $this->_collectChangedForNationality($nationality, $days);
+            $this->_collectChangedForNationality($nationality, $days, $args->getOption('output'));
             $this->io->out($io->nl(2));
             $this->io->hr();
         }
     }
 
-    protected function _collectChangedForNationality($nationality, $days)
+    protected function _collectChangedForNationality($nationality, $days, $folderPath)
     {
-        $filename = sprintf('/tmp/%s.txt', $nationality);
+        $folderPath = rtrim($folderPath, '/');
+        $filename = sprintf('%s/%s.txt', $folderPath, $nationality);
         $file_input = fopen($filename, 'w');
         $organisationIDsForNationality = $this->_fetchOrganisationsForNationality($nationality);
         if (empty($organisationIDsForNationality)) {

From c61c16c83cb731f1acf03e951f5025b05c45613f Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 10:19:28 +0100
Subject: [PATCH 48/69] fix: [user:beforeSave] Make sure variable is
 initialized

---
 src/Model/Table/UsersTable.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index 4f8a53f..e96f709 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -69,6 +69,7 @@ class UsersTable extends AppTable
 
     public function beforeSave(EventInterface $event, EntityInterface $entity, ArrayObject $options)
     {
+        $success = true;
         if (!$entity->isNew()) {
             $success = $this->handleUserUpdateRouter($entity);
         }

From f3ee43ed464e1e8e3ac36316656e94cff4c6b96e Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 10:24:09 +0100
Subject: [PATCH 49/69] chg: [user:NotifyAdminBehavior] Track modification on
 meta_fields

---
 src/Model/Table/UsersTable.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index e96f709..1aae5c2 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -26,7 +26,7 @@ class UsersTable extends AppTable
         $this->addBehavior('MetaFields');
         $this->addBehavior('AuditLog');
         $this->addBehavior('NotifyAdmins', [
-            'fields' => ['role_id', 'individual_id', 'organisation_id', 'disabled', 'modified'],
+            'fields' => ['role_id', 'individual_id', 'organisation_id', 'disabled', 'modified', 'meta_fields'],
         ]);
         $this->initAuthBehaviors();
         $this->belongsTo(

From 4ab9761fb56ce2847fc885232620812f3ab6d505 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 10:25:13 +0100
Subject: [PATCH 50/69] fix: [behavior:notifyAdmins] Typo resetting a variable

---
 src/Model/Behavior/NotifyAdminsBehavior.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Model/Behavior/NotifyAdminsBehavior.php b/src/Model/Behavior/NotifyAdminsBehavior.php
index 8497d3b..3bf9993 100644
--- a/src/Model/Behavior/NotifyAdminsBehavior.php
+++ b/src/Model/Behavior/NotifyAdminsBehavior.php
@@ -126,7 +126,7 @@ class NotifyAdminsBehavior extends Behavior
                 unset($changedFields['meta_fields']);
             }
         }
-        $originalFields = $entity->isNew() ? [] : $entity->isNew();
+        $originalFields = $entity->isNew() ? [] : $originalFields;
         $data = [
             'original' => $this->_serializeFields($originalFields),
             'changed' => $this->_serializeFields($changedFields),

From 561f6d1c77cbc47bff175df54211cd28d7b9994a Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 10:54:55 +0100
Subject: [PATCH 51/69] fix: [user:add/edit] Correctly index orgs by their IDs

---
 src/Controller/UsersController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 8de4c92..62b1693 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -126,7 +126,7 @@ class UsersController extends AppController
             'organisation' => $this->Users->Organisations->find('list', [
                 'sort' => ['name' => 'asc'],
                 'conditions' => $org_conditions
-            ])
+            ])->toArray()
         ];
         $this->set(compact('dropdownData'));
         $this->set('defaultRole', $defaultRole['id'] ?? null);
@@ -247,7 +247,7 @@ class UsersController extends AppController
             'organisation' => $this->Users->Organisations->find('list', [
                 'sort' => ['name' => 'asc'],
                 'conditions' => $org_conditions
-            ])
+            ])->toArray()
         ];
         $this->set(compact('dropdownData'));
         $this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');

From 1b47b669ffa97dd5e5a2bc4e25b9b861fcaac61e Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 11:32:26 +0100
Subject: [PATCH 52/69] fix: [users:view] Fallback value if Keycloak was never
 configured

---
 src/Controller/UsersController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 62b1693..6e40d29 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -150,7 +150,7 @@ class UsersController extends AppController
         if (!empty($responsePayload)) {
             return $responsePayload;
         }
-        $this->set('keycloakConfig', Configure::read('keycloak'));
+        $this->set('keycloakConfig', Configure::read('keycloak', ['enabled' => false]));
         $this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
     }
 

From 6945e602b8ae6106fd5e10d7243a65573e4c9b16 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 11:35:22 +0100
Subject: [PATCH 53/69] chg: [users:edit] Added role associated data for the
 user to be edited

---
 src/Controller/UsersController.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 6e40d29..ef1737a 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -189,7 +189,8 @@ class UsersController extends AppController
             ],
             'fields' => [
                 'password', 'confirm_password'
-            ]
+            ],
+            'contain' => ['Roles', ],
         ];
         if ($this->request->is(['get'])) {
             $params['fields'] = array_merge($params['fields'], ['individual_id', 'role_id', 'disabled']);

From d1aa20c5fb19ab90603a3af920be262c194aa85f Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 11:37:35 +0100
Subject: [PATCH 54/69] security: [users:edit] Prevent edit of all users with
 lower privileges by any org_admins

---
 src/Controller/UsersController.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index ef1737a..78bd5ac 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -176,11 +176,6 @@ class UsersController extends AppController
             $id = $currentUser['id'];
         } else {
             $id = intval($id);
-            if ((empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
-                if ($id !== $currentUser['id']) {
-                    throw new MethodNotAllowedException(__('You are not authorised to edit that user.'));
-                }
-            }
         }
 
         $params = [
@@ -197,6 +192,16 @@ class UsersController extends AppController
             if (!empty($this->ACL->getUser()['role']['perm_admin'])) {
                 $params['fields'][] = 'organisation_id';
             }
+            if (!$currentUser['role']['perm_admin']) {
+                $params['afterFind'] = function ($user, &$params) use ($currentUser) {
+                    if (!empty($user)) { // We don't have a 404
+                        if (!$this->ACL->canEditUser($currentUser, $user)) {
+                            throw new MethodNotAllowedException(__('You cannot edit the given user.'));
+                        }
+                    }
+                    return $user;
+                };
+            }
         }
         if ($this->request->is(['post', 'put']) && !empty($this->ACL->getUser()['role']['perm_admin'])) {
             $params['fields'][] = 'individual_id';
@@ -211,7 +216,7 @@ class UsersController extends AppController
                     if (!in_array($data['role_id'], array_keys($validRoles))) {
                         throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
                     }
-                    if ($data['organisation_id'] !== $currentUser['organisation_id']) {
+                    if (!$this->ACL->canEditUser($currentUser, $data)) {
                         throw new MethodNotAllowedException(__('You cannot edit the given user.'));
                     }
                     return $data;

From 409c116ad7417c5ca78512fe08909afcf74ace4a Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 15:35:02 +0100
Subject: [PATCH 55/69] chg: [permissionlimitation:validation] Added rule for
 max_occurence

---
 src/Model/Table/PermissionLimitationsTable.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Model/Table/PermissionLimitationsTable.php b/src/Model/Table/PermissionLimitationsTable.php
index 1b5f193..06e8cb5 100644
--- a/src/Model/Table/PermissionLimitationsTable.php
+++ b/src/Model/Table/PermissionLimitationsTable.php
@@ -22,6 +22,7 @@ class PermissionLimitationsTable extends AppTable
         $validator
             ->notEmptyString('permission')
             ->notEmptyString('scope')
+            ->naturalNumber('max_occurrence', __('That field can only hold non-negative values.'))
             ->requirePresence(['permission', 'scope', 'max_occurrence'], 'create');
         return $validator;
     }

From 20730401d7d944eabd146d48b453b4a5b9b8a3ee Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 15:35:41 +0100
Subject: [PATCH 56/69] fix: [permissionlimitations:view] Typo for
 max_occurence path

---
 templates/PermissionLimitations/view.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/PermissionLimitations/view.php b/templates/PermissionLimitations/view.php
index 0ec3852..221aa3c 100644
--- a/templates/PermissionLimitations/view.php
+++ b/templates/PermissionLimitations/view.php
@@ -18,7 +18,7 @@ echo $this->element(
             ],
             [
                 'key' => __('Limit'),
-                'path' => 'limit'
+                'path' => 'max_occurrence'
             ],
             [
                 'key' => __('Comment'),

From 31ce0feed8d6f1130f8855624696ee795b205827 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 15:36:13 +0100
Subject: [PATCH 57/69] chg: [permissionslimitations:add] Forced comment type
 to be textarea

---
 templates/PermissionLimitations/add.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/PermissionLimitations/add.php b/templates/PermissionLimitations/add.php
index 0dffc70..ed82b00 100644
--- a/templates/PermissionLimitations/add.php
+++ b/templates/PermissionLimitations/add.php
@@ -26,7 +26,8 @@
                 ],
                 [
                     'field' => 'comment',
-                    'label' => 'Comment'
+                    'label' => 'Comment',
+                    'type' => 'textarea',
                 ]
             ],
             'submit' => [

From 9a2e94989f4e559240ae94d6d706e62ce386948f Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 15:38:04 +0100
Subject: [PATCH 58/69] fix: [permissionlimitation:getLimitations] Mirror the
 permission limit if only one scope (global or org) is defined

---
 src/Model/Table/PermissionLimitationsTable.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Model/Table/PermissionLimitationsTable.php b/src/Model/Table/PermissionLimitationsTable.php
index 06e8cb5..abb8543 100644
--- a/src/Model/Table/PermissionLimitationsTable.php
+++ b/src/Model/Table/PermissionLimitationsTable.php
@@ -45,6 +45,14 @@ class PermissionLimitationsTable extends AppTable
                 'limit' => $entry['max_occurrence']
             ];
         }
+        foreach ($limitations as $i => $permissions) { // Make sure global and organisations permission are mirror in the case where one of the two is not defined
+            if (!isset($permissions['global']['limit'])) {
+                $limitations[$i]['global']['limit'] = $permissions['organisation']['limit'];
+            }
+            if (!isset($permissions['organisation']['limit'])) {
+                $limitations[$i]['organisation']['limit'] = $permissions['global']['limit'];
+            }
+        }
         foreach ($limitations as $field => $data) {
             if (isset($data['global'])) {
                 $limitations[$field]['global']['current'] = $MetaFields->find('all', [

From b121399304430d877cc0ee65df334d41fa24c80e Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 15:39:28 +0100
Subject: [PATCH 59/69] fix: [user:checkPermissionRestriction] Refactor the
 function to support more edge-cases

---
 src/Model/Table/UsersTable.php | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index 1aae5c2..a32db0b 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -88,22 +88,33 @@ class UsersTable extends AppTable
         if (!isset($this->PermissionLimitations)) {
             $this->PermissionLimitations = TableRegistry::get('PermissionLimitations');
         }
-        $new = $entity->isNew();
         $permissions = $this->PermissionLimitations->getListOfLimitations($entity);
         foreach ($permissions as $permission_name => $permission) {
             foreach ($permission as $scope => $permission_data) {
-                if (!empty($entity['meta_fields'])) {
-                    $enabled = false;
+                $valueToCompareTo = $permission_data['current'];
+
+                $enabled = false;
+                if (!empty($entity->meta_fields)) {
                     foreach ($entity['meta_fields'] as $metaField) {
                         if ($metaField['field'] === $permission_name) {
                             $enabled = true;
+                            if ($metaField->isNew()) {
+                                $valueToCompareTo += !empty($metaField->value) ? 1 : 0;
+                            } else {
+                                $valueToCompareTo += !empty($metaField->value) ? 0 : -1;
+                            }
                         }
                     }
-                    if (!$enabled) {
-                        continue;
+                }
+
+                if (!$enabled && !empty($entity->_metafields_to_delete)) {
+                    foreach ($entity->_metafields_to_delete as $metaFieldToDelete) {
+                        if ($metaFieldToDelete['field'] === $permission_name) {
+                            $valueToCompareTo += !empty($metaFieldToDelete->value) ? -1 : 0;
+                        }
                     }
                 }
-                $valueToCompareTo = $permission_data['current'] + ($new ? 1 : 0);
+
                 if ($valueToCompareTo > $permission_data['limit']) {
                     return [
                         $permission_name => 

From 21c5601c295c1dba50fde637b9ffac99b3324092 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 8 Dec 2022 15:50:03 +0100
Subject: [PATCH 60/69] chg: [genericElement:fieldScaffold] Let cake's form
 helper decide the input type if not specified

---
 templates/element/genericElements/Form/fieldScaffold.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/templates/element/genericElements/Form/fieldScaffold.php b/templates/element/genericElements/Form/fieldScaffold.php
index 32b339b..18e6000 100644
--- a/templates/element/genericElements/Form/fieldScaffold.php
+++ b/templates/element/genericElements/Form/fieldScaffold.php
@@ -1,11 +1,10 @@
 <?php
     if (is_array($fieldData)) {
-        if (empty($fieldData['type'])) {
-            $fieldData['type'] = 'text';
-        }
         $fieldTemplate = 'genericField';
-        if (file_exists(ROOT . '/templates/element/genericElements/Form/Fields/' . $fieldData['type'] . 'Field.php')) {
-            $fieldTemplate = $fieldData['type'] . 'Field';
+        if (!empty($fieldData['type'])) {
+            if (file_exists(ROOT . '/templates/element/genericElements/Form/Fields/' . $fieldData['type'] . 'Field.php')) {
+                $fieldTemplate = $fieldData['type'] . 'Field';
+            }
         }
         if (empty($fieldData['label'])) {
             if (!isset($fieldData['label']) || $fieldData['label'] !== false) {

From af622dd19b214aeffbefbb7d3831c858e454925b Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 9 Dec 2022 11:53:20 +0100
Subject: [PATCH 61/69] new: [users:view] Added keycloak status showing the
 potential differences between Cerebrate and Keycloak

---
 src/Controller/UsersController.php            |  23 ++-
 src/Model/Behavior/AuthKeycloakBehavior.php   | 132 +++++++++++++-----
 src/Model/Table/UsersTable.php                |  12 --
 templates/Users/index.php                     |   9 ++
 templates/Users/view.php                      |  20 ++-
 .../IndexTable/Fields/keycloak_status.php     |  14 ++
 .../Fields/keycloakStatusField.php            |  21 +++
 7 files changed, 178 insertions(+), 53 deletions(-)
 create mode 100644 templates/element/genericElements/IndexTable/Fields/keycloak_status.php
 create mode 100644 templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 78bd5ac..989025c 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -21,11 +21,22 @@ class UsersController extends AppController
         if (empty($currentUser['role']['perm_admin'])) {
             $conditions['organisation_id'] = $currentUser['organisation_id'];
         }
+        $keycloakUsersParsed = null;
+        if (!empty(Configure::read('keycloak.enabled'))) {
+            $keycloakUsersParsed = $this->Users->getParsedKeycloakUser();
+        }
         $this->CRUD->index([
             'contain' => $this->containFields,
             'filters' => $this->filterFields,
             'quickFilters' => $this->quickFilterFields,
-            'conditions' => $conditions
+            'conditions' => $conditions,
+            'afterFind' => function($data) use ($keycloakUsersParsed) {
+                // if (!empty(Configure::read('keycloak.enabled'))) {
+                //     $keycloakUser = $keycloakUsersParsed[$data->username];
+                //     $data['keycloak_status'] = array_values($this->Users->checkKeycloakStatus([$data->toArray()], [$keycloakUser]))[0];
+                // }
+                return $data;
+            }
         ]);
         $responsePayload = $this->CRUD->getResponsePayload();
         if (!empty($responsePayload)) {
@@ -139,10 +150,18 @@ class UsersController extends AppController
         if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
             $id = $this->ACL->getUser()['id'];
         }
+        $keycloakUsersParsed = null;
+        if (!empty(Configure::read('keycloak.enabled'))) {
+            $keycloakUsersParsed = $this->Users->getParsedKeycloakUser();
+        }
         $this->CRUD->view($id, [
             'contain' => ['Individuals' => ['Alignments' => 'Organisations'], 'Roles', 'Organisations'],
-            'afterFind' => function($data) {
+            'afterFind' => function($data) use ($keycloakUsersParsed) {
                 $data = $this->fetchTable('PermissionLimitations')->attachLimitations($data);
+                if (!empty(Configure::read('keycloak.enabled'))) {
+                    $keycloakUser = $keycloakUsersParsed[$data->username];
+                    $data['keycloak_status'] = array_values($this->Users->checkKeycloakStatus([$data->toArray()], [$keycloakUser]))[0];
+                }
                 return $data;
             }
         ]);
diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index 0a485dd..71af07b 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -284,27 +284,34 @@ class AuthKeycloakBehavior extends Behavior
     {
         $this->updateMappers();
         $results = [];
-        $data['Users'] = $this->_table->find()->contain(['Individuals', 'Organisations', 'Roles'])->select(
-            [
-                'id',
-                'uuid',
-                'username',
-                'disabled',
-                'Individuals.email',
-                'Individuals.first_name',
-                'Individuals.last_name',
-                'Individuals.uuid',
-                'Roles.name',
-                'Roles.uuid',
-                'Organisations.name',
-                'Organisations.uuid'
-            ]
-        )->disableHydration()->toArray();
+        $data['Users'] = $this->getCerebrateUsers();
         $clientId = $this->getClientId();
         return $this->syncUsers($data['Users'], $clientId);
     }
 
     private function syncUsers(array $users, $clientId): array
+    {
+        $keycloakUsersParsed = $this->getParsedKeycloakUser();
+        $changes = [
+            'created' => [],
+            'modified' => [],
+        ];
+        foreach ($users as &$user) {
+            $changed = false;
+            if (empty($keycloakUsersParsed[$user['username']])) {
+                if ($this->createUser($user, $clientId)) {
+                    $changes['created'][] = $user['username'];
+                }
+            } else {
+                if ($this->checkAndUpdateUser($keycloakUsersParsed[$user['username']], $user)) {
+                    $changes['modified'][] = $user['username'];
+                }
+            }
+        }
+        return $changes;
+    }
+
+    public function getParsedKeycloakUser(): array
     {
         $response = $this->restApiRequest('%s/admin/realms/%s/users', [], 'get');
         $keycloakUsers = json_decode($response->getStringBody(), true);
@@ -325,23 +332,25 @@ class AuthKeycloakBehavior extends Behavior
                 ]
             ];
         }
-        $changes = [
-            'created' => [],
-            'modified' => [],
-        ];
-        foreach ($users as &$user) {
-            $changed = false;
-            if (empty($keycloakUsersParsed[$user['username']])) {
-                if ($this->createUser($user, $clientId)) {
-                    $changes['created'][] = $user['username'];
-                }
-            } else {
-                if ($this->checkAndUpdateUser($keycloakUsersParsed[$user['username']], $user)) {
-                    $changes['modified'][] = $user['username'];
-                }
-            }
-        }
-        return $changes;
+        return $keycloakUsersParsed;
+    }
+
+    private function getCerebrateUsers(): array
+    {
+        return $this->_table->find()->contain(['Individuals', 'Organisations', 'Roles'])->select([
+            'id',
+            'uuid',
+            'username',
+            'disabled',
+            'Individuals.email',
+            'Individuals.first_name',
+            'Individuals.last_name',
+            'Individuals.uuid',
+            'Roles.name',
+            'Roles.uuid',
+            'Organisations.name',
+            'Organisations.uuid'
+        ])->disableHydration()->toArray();
     }
 
     private function checkAndUpdateUser(array $keycloakUser, array $user): bool
@@ -387,6 +396,63 @@ class AuthKeycloakBehavior extends Behavior
         return false;
     }
 
+    public function checkKeycloakStatus(array $users, array $keycloakUsers): array
+    {
+        $users = Hash::combine($users, '{n}.username', '{n}');
+        $keycloakUsersParsed = Hash::combine($keycloakUsers, '{n}.username', '{n}');
+        $status = [];
+        foreach ($users as $username => $user) {
+            $differences = [];
+            $requireUpdate = $this->checkKeycloakUserRequiresUpdate($keycloakUsersParsed[$username], $user, $differences);
+            $status[$user['id']] = [
+                'require_update' => $requireUpdate,
+                'differences' => $differences,
+            ];
+        }
+        return $status;
+    }
+
+    private function checkKeycloakUserRequiresUpdate(array $keycloakUser, array $user, array &$differences = []): bool
+    {
+
+        $cEnabled = $keycloakUser['enabled'] == $user['disabled'];
+        $cFn = $keycloakUser['firstName'] !== $user['individual']['first_name'];
+        $Ln = $keycloakUser['lastName'] !== $user['individual']['last_name'];
+        $cEmail = $keycloakUser['email'] !== $user['individual']['email'];
+        $cRolename = (empty($keycloakUser['attributes']['role_name']) || $keycloakUser['attributes']['role_name'] !== $user['role']['name']);
+        $cRoleuuid = (empty($keycloakUser['attributes']['role_uuid']) || $keycloakUser['attributes']['role_uuid'] !== $user['role']['uuid']);
+        $cOrgname = (empty($keycloakUser['attributes']['org_name']) || $keycloakUser['attributes']['org_name'] !== $user['organisation']['name']);
+        $cOrguuid = (empty($keycloakUser['attributes']['org_uuid']) || $keycloakUser['attributes']['org_uuid'] !== $user['organisation']['uuid']);
+        if ($cEnabled || $cFn || $Ln || $cEmail || $cRolename || $cRoleuuid || $cOrgname || $cOrguuid) {
+            if ($cEnabled) {
+                $differences['enabled'] = ['kc' => $keycloakUser['enabled'], 'cerebrate' => $user['disabled']];
+            }
+            if ($cFn) {
+                $differences['first_name'] = ['kc' => $keycloakUser['firstName'], 'cerebrate' => $user['individual']['first_name']];
+            }
+            if ($Ln) {
+                $differences['last_name'] = ['kc' => $keycloakUser['lastName'], 'cerebrate' => $user['individual']['last_name']];
+            }
+            if ($cEmail) {
+                $differences['email'] = ['kc' => $keycloakUser['email'], 'cerebrate' => $user['individual']['email']];
+            }
+            if ($cRolename) {
+                $differences['role_name'] = ['kc' => $keycloakUser['attributes']['role_name'], 'cerebrate' => $user['role']['name']];
+            }
+            if ($cRoleuuid) {
+                $differences['role_uuid'] = ['kc' => $keycloakUser['attributes']['role_uuid'], 'cerebrate' => $user['role']['uuid']];
+            }
+            if ($cOrgname) {
+                $differences['org_name'] = ['kc' => $keycloakUser['attributes']['org_name'], 'cerebrate' => $user['organisation']['name']];
+            }
+            if ($cOrguuid) {
+                $differences['org_uuid'] = ['kc' => $keycloakUser['attributes']['org_uuid'], 'cerebrate' => $user['organisation']['uuid']];
+            }
+            return true;
+        }
+        return false;
+    }
+
     private function createUser(array $user, string $clientId)
     {
         $newUser = [
diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index a32db0b..8f74390 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -183,18 +183,6 @@ class UsersTable extends AppTable
         return $rules;
     }
 
-    public function test()
-    {
-        $this->Roles = TableRegistry::get('Roles');
-        $role = $this->Roles->newEntity([
-            'name' => 'admin',
-            'perm_admin' => 1,
-            'perm_org_admin' => 1,
-            'perm_sync' => 1
-        ]);
-        $this->Roles->save($role);
-    }
-
     public function checkForNewInstance(): bool
     {
         if (empty($this->find()->first())) {
diff --git a/templates/Users/index.php b/templates/Users/index.php
index 826ae5e..6c28dd2 100644
--- a/templates/Users/index.php
+++ b/templates/Users/index.php
@@ -1,4 +1,7 @@
 <?php
+
+use Cake\Core\Configure;
+
 echo $this->element('genericElements/IndexTable/index_table', [
     'data' => [
         'data' => $data,
@@ -92,6 +95,12 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'url' => '/user-settings/index?Users.id={{url_data}}',
                 'url_data_path' => 'id'
             ],
+            // [
+            //     'name' => __('Keycloak status'),
+            //     'element' => 'keycloak_status',
+            //     'data_path' => 'keycloak_status',
+            //     'requirements' => Configure::read('keycloak.enabled', false),
+            // ],
         ],
         'title' => __('User index'),
         'description' => __('The list of enrolled users in this Cerebrate instance. All of the users have or at one point had access to the system.'),
diff --git a/templates/Users/view.php b/templates/Users/view.php
index c6ca881..4e2bda7 100644
--- a/templates/Users/view.php
+++ b/templates/Users/view.php
@@ -51,14 +51,22 @@ $fields = [
         'scope' => 'individuals'
     ]
 ];
-if ($keycloakConfig['enabled'] && $loggedUser['id'] == $entity['id']) {
+if ($keycloakConfig['enabled']) {
     $fields[] = [
-        'type' => 'generic',
-        'key' => __('Modify keycloak profile'),
-        'path' => 'username',
-        'url' => $kcurl,
-        'requirements' => false
+        'key' => __('Keycloak status'),
+        'type' => 'keycloakStatus',
+        'path' => 'keycloak_status',
+        'requirements' => !empty($keycloakConfig['enabled']),
     ];
+    if ($loggedUser['id'] == $entity['id']) {
+        $fields[] = [
+            'type' => 'generic',
+            'key' => __('Modify keycloak profile'),
+            'path' => 'username',
+            'url' => $kcurl,
+            'requirements' => false
+        ];
+    }
 }
 echo $this->element(
     '/genericElements/SingleViews/single_view',
diff --git a/templates/element/genericElements/IndexTable/Fields/keycloak_status.php b/templates/element/genericElements/IndexTable/Fields/keycloak_status.php
new file mode 100644
index 0000000..bc2b95b
--- /dev/null
+++ b/templates/element/genericElements/IndexTable/Fields/keycloak_status.php
@@ -0,0 +1,14 @@
+<?php
+    $data = $this->Hash->get($row, $field['data_path']);
+    if (is_null($data)) {
+        echo '';
+    } else if (!empty($data['require_update'])) {
+        echo sprintf(
+            '<span data-bs-toggle="tooltip" data-bs-title="%s">%s</span>',
+            sprintf('Fields having differences: %s', (implode(', ', array_keys($data['differences'])))),
+           $this->Bootstrap->icon('times', ['class' => 'text-danger', ])
+        );
+    } else {
+        echo $this->Bootstrap->icon('check', ['class' => 'text-success',]);
+    }
+?>
diff --git a/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php b/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php
new file mode 100644
index 0000000..efac939
--- /dev/null
+++ b/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php
@@ -0,0 +1,21 @@
+<?php
+
+    use Cake\Utility\Hash;
+
+    $value = Hash::get($data, $field['path']);
+    $differencesRearranged = array_map(function($difference) {
+        return [
+            __('Local: {0}', h($difference['cerebrate'])),
+            __('Keycloak: {0}', h($difference['kc'])),
+        ];
+    }, $value['differences']);
+    if (!empty($value['require_update'])) {
+        echo sprintf(
+            '<div class="alert alert-warning"><div>%s</div>%s</div>',
+            $this->Bootstrap->icon('exclamation-triangle') . __(' This user is not synchronise with Keycloak. Differences:'),
+            $this->Html->nestedList($differencesRearranged, ['class' => ''])
+        );
+    } else {
+        echo $this->Bootstrap->icon('check', ['class' => 'text-success',]);
+    }
+?>

From a3fd138b4dc793b3978b57ed53aa768f00e6c320 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 9 Dec 2022 11:56:03 +0100
Subject: [PATCH 62/69] fix: [crud:edit] Always specify the table alias when
 fetching by id

---
 src/Controller/Component/CRUDComponent.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index f932e5a..8d2f08f 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -521,7 +521,7 @@ class CRUDComponent extends Component
                 $params['contain'] = [$params['contain'], 'MetaFields'];
             }
         }
-        $query = $this->Table->find()->where(['id' => $id]);
+        $query = $this->Table->find()->where(["{$this->TableAlias}.id" => $id]);
         if (!empty($params['contain'])) {
             $query->contain($params['contain']);
         }

From 7526f8364ff336182f6ee66ac045a51aeb2141d8 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 9 Dec 2022 12:19:29 +0100
Subject: [PATCH 63/69] chg: [users:index] Added comment

---
 src/Controller/UsersController.php | 3 ++-
 templates/Users/index.php          | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 989025c..771672d 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -23,7 +23,7 @@ class UsersController extends AppController
         }
         $keycloakUsersParsed = null;
         if (!empty(Configure::read('keycloak.enabled'))) {
-            $keycloakUsersParsed = $this->Users->getParsedKeycloakUser();
+            // $keycloakUsersParsed = $this->Users->getParsedKeycloakUser();
         }
         $this->CRUD->index([
             'contain' => $this->containFields,
@@ -31,6 +31,7 @@ class UsersController extends AppController
             'quickFilters' => $this->quickFilterFields,
             'conditions' => $conditions,
             'afterFind' => function($data) use ($keycloakUsersParsed) {
+                // TODO: We might want to uncomment this at some point Still need to evaluate the impact
                 // if (!empty(Configure::read('keycloak.enabled'))) {
                 //     $keycloakUser = $keycloakUsersParsed[$data->username];
                 //     $data['keycloak_status'] = array_values($this->Users->checkKeycloakStatus([$data->toArray()], [$keycloakUser]))[0];
diff --git a/templates/Users/index.php b/templates/Users/index.php
index 6c28dd2..74fa00d 100644
--- a/templates/Users/index.php
+++ b/templates/Users/index.php
@@ -95,7 +95,7 @@ echo $this->element('genericElements/IndexTable/index_table', [
                 'url' => '/user-settings/index?Users.id={{url_data}}',
                 'url_data_path' => 'id'
             ],
-            // [
+            // [ // We might want to uncomment this at some point
             //     'name' => __('Keycloak status'),
             //     'element' => 'keycloak_status',
             //     'data_path' => 'keycloak_status',

From ea6d33112f1753add5411009cab58bd4696e14c4 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 12 Dec 2022 08:16:16 +0100
Subject: [PATCH 64/69] fix: [genericElement:keycloakStatus] Typo fixed

---
 .../genericElements/SingleViews/Fields/keycloakStatusField.php  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php b/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php
index efac939..86a848a 100644
--- a/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php
+++ b/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php
@@ -12,7 +12,7 @@
     if (!empty($value['require_update'])) {
         echo sprintf(
             '<div class="alert alert-warning"><div>%s</div>%s</div>',
-            $this->Bootstrap->icon('exclamation-triangle') . __(' This user is not synchronise with Keycloak. Differences:'),
+            $this->Bootstrap->icon('exclamation-triangle') . __(' This user is not synchronised with Keycloak. Differences:'),
             $this->Html->nestedList($differencesRearranged, ['class' => ''])
         );
     } else {

From e366da61715b0cee49e769fa05644295d2cc344b Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 12 Dec 2022 08:45:02 +0100
Subject: [PATCH 65/69] fix: [behavior:keycloak] Trying to lower fever the best
 I can

---
 src/Model/Behavior/AuthKeycloakBehavior.php   | 50 +++++++++----------
 .../Fields/keycloakStatusField.php            |  2 +-
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index 71af07b..622c510 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -415,38 +415,38 @@ class AuthKeycloakBehavior extends Behavior
     private function checkKeycloakUserRequiresUpdate(array $keycloakUser, array $user, array &$differences = []): bool
     {
 
-        $cEnabled = $keycloakUser['enabled'] == $user['disabled'];
-        $cFn = $keycloakUser['firstName'] !== $user['individual']['first_name'];
-        $Ln = $keycloakUser['lastName'] !== $user['individual']['last_name'];
-        $cEmail = $keycloakUser['email'] !== $user['individual']['email'];
-        $cRolename = (empty($keycloakUser['attributes']['role_name']) || $keycloakUser['attributes']['role_name'] !== $user['role']['name']);
-        $cRoleuuid = (empty($keycloakUser['attributes']['role_uuid']) || $keycloakUser['attributes']['role_uuid'] !== $user['role']['uuid']);
-        $cOrgname = (empty($keycloakUser['attributes']['org_name']) || $keycloakUser['attributes']['org_name'] !== $user['organisation']['name']);
-        $cOrguuid = (empty($keycloakUser['attributes']['org_uuid']) || $keycloakUser['attributes']['org_uuid'] !== $user['organisation']['uuid']);
-        if ($cEnabled || $cFn || $Ln || $cEmail || $cRolename || $cRoleuuid || $cOrgname || $cOrguuid) {
-            if ($cEnabled) {
-                $differences['enabled'] = ['kc' => $keycloakUser['enabled'], 'cerebrate' => $user['disabled']];
+        $condEnabled = $keycloakUser['enabled'] == $user['disabled'];
+        $condFirstname = $keycloakUser['firstName'] !== $user['individual']['first_name'];
+        $condLastname = $keycloakUser['lastName'] !== $user['individual']['last_name'];
+        $condEmail = $keycloakUser['email'] !== $user['individual']['email'];
+        $condRolename = (empty($keycloakUser['attributes']['role_name']) || $keycloakUser['attributes']['role_name'] !== $user['role']['name']);
+        $condRoleuuid = (empty($keycloakUser['attributes']['role_uuid']) || $keycloakUser['attributes']['role_uuid'] !== $user['role']['uuid']);
+        $condOrgname = (empty($keycloakUser['attributes']['org_name']) || $keycloakUser['attributes']['org_name'] !== $user['organisation']['name']);
+        $condOrguuid = (empty($keycloakUser['attributes']['org_uuid']) || $keycloakUser['attributes']['org_uuid'] !== $user['organisation']['uuid']);
+        if ($condEnabled || $condFirstname || $condLastname || $condEmail || $condRolename || $condRoleuuid || $condOrgname || $condOrguuid) {
+            if ($condEnabled) {
+                $differences['enabled'] = ['keycloak' => $keycloakUser['enabled'], 'cerebrate' => $user['disabled']];
             }
-            if ($cFn) {
-                $differences['first_name'] = ['kc' => $keycloakUser['firstName'], 'cerebrate' => $user['individual']['first_name']];
+            if ($condFirstname) {
+                $differences['first_name'] = ['keycloak' => $keycloakUser['firstName'], 'cerebrate' => $user['individual']['first_name']];
             }
-            if ($Ln) {
-                $differences['last_name'] = ['kc' => $keycloakUser['lastName'], 'cerebrate' => $user['individual']['last_name']];
+            if ($condLastname) {
+                $differences['last_name'] = ['keycloak' => $keycloakUser['lastName'], 'cerebrate' => $user['individual']['last_name']];
             }
-            if ($cEmail) {
-                $differences['email'] = ['kc' => $keycloakUser['email'], 'cerebrate' => $user['individual']['email']];
+            if ($condEmail) {
+                $differences['email'] = ['keycloak' => $keycloakUser['email'], 'cerebrate' => $user['individual']['email']];
             }
-            if ($cRolename) {
-                $differences['role_name'] = ['kc' => $keycloakUser['attributes']['role_name'], 'cerebrate' => $user['role']['name']];
+            if ($condRolename) {
+                $differences['role_name'] = ['keycloak' => $keycloakUser['attributes']['role_name'], 'cerebrate' => $user['role']['name']];
             }
-            if ($cRoleuuid) {
-                $differences['role_uuid'] = ['kc' => $keycloakUser['attributes']['role_uuid'], 'cerebrate' => $user['role']['uuid']];
+            if ($condRoleuuid) {
+                $differences['role_uuid'] = ['keycloak' => $keycloakUser['attributes']['role_uuid'], 'cerebrate' => $user['role']['uuid']];
             }
-            if ($cOrgname) {
-                $differences['org_name'] = ['kc' => $keycloakUser['attributes']['org_name'], 'cerebrate' => $user['organisation']['name']];
+            if ($condOrgname) {
+                $differences['org_name'] = ['keycloak' => $keycloakUser['attributes']['org_name'], 'cerebrate' => $user['organisation']['name']];
             }
-            if ($cOrguuid) {
-                $differences['org_uuid'] = ['kc' => $keycloakUser['attributes']['org_uuid'], 'cerebrate' => $user['organisation']['uuid']];
+            if ($condOrguuid) {
+                $differences['org_uuid'] = ['keycloak' => $keycloakUser['attributes']['org_uuid'], 'cerebrate' => $user['organisation']['uuid']];
             }
             return true;
         }
diff --git a/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php b/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php
index 86a848a..f6da0d9 100644
--- a/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php
+++ b/templates/element/genericElements/SingleViews/Fields/keycloakStatusField.php
@@ -6,7 +6,7 @@
     $differencesRearranged = array_map(function($difference) {
         return [
             __('Local: {0}', h($difference['cerebrate'])),
-            __('Keycloak: {0}', h($difference['kc'])),
+            __('Keycloak: {0}', h($difference['keycloak'])),
         ];
     }, $value['differences']);
     if (!empty($value['require_update'])) {

From e13dc152e7dd9a8ed00304570b3506f4ef62f3c6 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 12 Dec 2022 16:02:41 +0100
Subject: [PATCH 66/69] fix: [users:registration] Fixed and improved user
 registration

---
 .../InboxProcessors/UserInboxProcessor.php    | 31 ++++++++++-
 .../templates/User/Registration.php           | 54 ++++++++++++-------
 src/Controller/UsersController.php            |  4 +-
 templates/Users/register.php                  | 28 +++++++++-
 .../Form/formLayouts/formDefault.php          |  6 +--
 .../Form/formLayouts/formRaw.php              |  4 +-
 6 files changed, 100 insertions(+), 27 deletions(-)

diff --git a/libraries/default/InboxProcessors/UserInboxProcessor.php b/libraries/default/InboxProcessors/UserInboxProcessor.php
index 96656c1..dd167df 100644
--- a/libraries/default/InboxProcessors/UserInboxProcessor.php
+++ b/libraries/default/InboxProcessors/UserInboxProcessor.php
@@ -73,8 +73,28 @@ class RegistrationProcessor extends UserInboxProcessor implements GenericInboxPr
             ]),
             'individual' => [-1 => __('-- New individual --')] + $this->Users->Individuals->find('list', [
                 'sort' => ['email' => 'asc']
-            ])->toArray()
+            ])->toArray(),
+            'organisation' => $this->Users->Organisations->find('list', [
+                'sort' => ['email' => 'asc']
+            ])->toArray(),
         ];
+
+        $defaultRole = $this->Users->Roles->find()->select(['id'])->where(['is_default' => true])->first()->toArray();
+
+        $conditions = [];
+        if (!empty($request['data']['org_uuid'])) {
+            $conditions['uuid'] = $request['data']['org_uuid'];
+        } else if (!empty($request['data']['org_name'])) {
+            $conditions['name'] = $request['data']['org_name'];
+        }
+        $desiredOrg = null;
+        if (!empty($conditions)) {
+            $desiredOrg = $this->Users->Organisations->find()
+                ->where($conditions)
+                ->first()
+                ->toArray();
+        }
+
         $individualEntity = $this->Users->Individuals->newEntity([
             'email' => !empty($request['data']['email']) ? $request['data']['email'] : '',
             'first_name' => !empty($request['data']['first_name']) ? $request['data']['first_name'] : '',
@@ -86,6 +106,7 @@ class RegistrationProcessor extends UserInboxProcessor implements GenericInboxPr
             'username' => !empty($request['data']['username']) ? $request['data']['username'] : '',
             'role_id' => !empty($request['data']['role_id']) ? $request['data']['role_id'] : '',
             'disabled' => !empty($request['data']['disabled']) ? $request['data']['disabled'] : '',
+            'org_id' => !empty($desiredOrg) ? $desiredOrg['id'] : '',
 
             'email' => !empty($request['data']['email']) ? $request['data']['email'] : '',
             'first_name' => !empty($request['data']['first_name']) ? $request['data']['first_name'] : '',
@@ -95,7 +116,12 @@ class RegistrationProcessor extends UserInboxProcessor implements GenericInboxPr
         return [
             'dropdownData' => $dropdownData,
             'userEntity' => $userEntity,
-            'individualEntity' => $individualEntity
+            'individualEntity' => $individualEntity,
+            'desiredOrganisation' => [
+                'org_name' => $request['data']['org_name'],
+                'org_uuid' => $request['data']['org_uuid'],
+            ],
+            'defaultRole' => $defaultRole,
         ];
     }
 
@@ -120,6 +146,7 @@ class RegistrationProcessor extends UserInboxProcessor implements GenericInboxPr
             'password' => '~PASSWORD_TO_BE_REPLACED~',
             'role_id' => $requestData['role_id'],
             'disabled' => $requestData['disabled'],
+            'organisation_id' => $requestData['org_id'],
         ]);
         $user->set('password', $hashedPassword, ['setter' => false]); // ignore default password hashing as it has already been hashed
         $user = $this->Users->save($user);
diff --git a/libraries/default/InboxProcessors/templates/User/Registration.php b/libraries/default/InboxProcessors/templates/User/Registration.php
index 5480862..d24ea5b 100644
--- a/libraries/default/InboxProcessors/templates/User/Registration.php
+++ b/libraries/default/InboxProcessors/templates/User/Registration.php
@@ -1,10 +1,23 @@
 <?php
+$infoAlert = $this->Bootstrap->alert([
+    'variant' => 'info',
+    'html' => sprintf('
+        <ul>
+            <li>%s: <strong>%s</strong></li>
+            <li>%s: <strong>%s</strong></li>
+        </ul>',
+        __('Requested Organisation name'), $desiredOrganisation['org_name'],
+        __('Requested Organisation UUID'), $desiredOrganisation['org_uuid']
+    ),
+    'dismissible' => false,
+]);
+
 $combinedForm = $this->element('genericElements/Form/genericForm', [
     'entity' => $userEntity,
     'ajax' => false,
     'raw' => true,
     'data' => [
-        'description' => __('Create user account'),
+        'descriptionHtml' => __('Create user account') . sprintf('<div class="mt-2">%s</div>', $infoAlert),
         'model' => 'User',
         'fields' => [
             [
@@ -17,19 +30,26 @@ $combinedForm = $this->element('genericElements/Form/genericForm', [
                 'field' => 'username',
                 'autocomplete' => 'off',
             ],
+            [
+                'field' => 'org_id',
+                'type' => 'dropdown',
+                'label' => __('Associated organisation'),
+                'options' => $dropdownData['organisation'],
+            ],
             [
                 'field' => 'role_id',
                 'type' => 'dropdown',
                 'label' => __('Role'),
-                'options' => $dropdownData['role']
+                'options' => $dropdownData['role'],
+                'default' => $defaultRole,
             ],
             [
                 'field' => 'disabled',
                 'type' => 'checkbox',
                 'label' => 'Disable'
             ],
-
-            sprintf('<div class="pb-2 fs-4">%s</div>', __('Create individual')),
+            '<div class="individual-container">',
+            sprintf('<div class="pb-2 fs-4">%s</div>', __('Create a new individual')),
             [
                 'field' => 'email',
                 'autocomplete' => 'off'
@@ -52,6 +72,7 @@ $combinedForm = $this->element('genericElements/Form/genericForm', [
                 'field' => 'position',
                 'autocomplete' => 'off'
             ],
+            '</div>',
         ],
         'submit' => [
             'action' => $this->request->getParam('action')
@@ -86,15 +107,19 @@ echo $this->Bootstrap->modal([
     }
 
     $(document).ready(function() {
-        $('div.user-container #individual_id-field').change(function() {
-            if ($(this).val() == -1) {
-                $('div.individual-container').show()
-            } else {
-                $('div.individual-container').hide()
-            }
+        $('form #individual_id-field').change(function() {
+            toggleIndividualContainer($(this).val() == -1)
         })
     })
 
+    function toggleIndividualContainer(show) {
+        if (show) {
+            $('div.individual-container').show()
+        } else {
+            $('div.individual-container').hide()
+        }
+    }
+
     function getFormData(form) {
         return Object.values(form).reduce((obj, field) => {
             if (field.type === 'checkbox') {
@@ -105,11 +130,4 @@ echo $this->Bootstrap->modal([
             return obj
         }, {})
     }
-</script>
-
-<style>
-    div.individual-container>div,
-    div.user-container>div {
-        font-size: 1.5rem;
-    }
-</style>
\ No newline at end of file
+</script>
\ No newline at end of file
diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index 771672d..f2636e6 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -68,7 +68,7 @@ class UsersController extends AppController
         } else {
             $validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
         }
-        $defaultRole = $this->Users->Roles->find()->select(['id'])->first()->toArray();
+        $defaultRole = $this->Users->Roles->find()->select(['id'])->where(['is_default' => true])->first()->toArray();
         $individuals = $this->Users->Individuals->find('list', $individuals_params)->toArray();
         $this->CRUD->add([
             'beforeMarshal' => function($data) {
@@ -442,6 +442,8 @@ class UsersController extends AppController
                     'first_name' => $data['first_name'],
                     'last_name' => $data['last_name'],
                     'password' => $data['password'],
+                    'org_name' => $data['org_name'],
+                    'org_uuid' => $data['org_uuid'],
                 ],
             ];
             $processorResult = $processor->create($data);
diff --git a/templates/Users/register.php b/templates/Users/register.php
index dd1cba4..0ecb39e 100644
--- a/templates/Users/register.php
+++ b/templates/Users/register.php
@@ -34,6 +34,20 @@ use Cake\Core\Configure;
         echo '</div>';
     echo '</div>';
 
+    echo '<div class="row g-1 mb-3">';
+        echo $this->Form->control('org_name', ['label' => __('Organisation Name'), 'class' => 'form-control']);
+        echo $this->Form->control('org_uuid', [
+            'label' => __('UUID'),
+            'class' => 'form-control form-control-sm mb-2',
+            'style' => 'font-size: 0.815rem;',
+            'div' => ['class' => 'test'],
+            'templates' => [
+                'inputContainer' => '<div class="input d-flex {{type}}{{required}}">{{content}}</div>',
+                'label' => '<label class="fw-light fs-7 me-1 align-self-center small-label-addon" {{attrs}}>{{text}}</label>',
+            ],
+        ]);
+    echo '</div>';
+
     echo $this->Form->control('password', ['type' => 'password', 'label' => __('Password'), 'class' => 'form-control mb-4']);
 
     echo $this->Form->control(__('Sign up'), ['type' => 'submit', 'class' => 'btn btn-primary']);
@@ -42,4 +56,16 @@ use Cake\Core\Configure;
     echo '</div>';
     echo $this->Form->end();
     ?>
-</div>
\ No newline at end of file
+</div>
+
+<style>
+    .text-input-addon-center {
+        display: flex;
+        flex: 0 0 0%;
+        align-items: center
+    }
+
+    .small-label-addon {
+        height: calc(1.5em + 0.5rem + 2px);
+    }
+</style>
\ No newline at end of file
diff --git a/templates/element/genericElements/Form/formLayouts/formDefault.php b/templates/element/genericElements/Form/formLayouts/formDefault.php
index 56a439a..1658889 100644
--- a/templates/element/genericElements/Form/formLayouts/formDefault.php
+++ b/templates/element/genericElements/Form/formLayouts/formDefault.php
@@ -4,12 +4,12 @@
     </h2>
     <?= $formCreate ?>
     <?= $ajaxFlashMessage ?>
-    <?php if (!empty($data['description'])) : ?>
+    <?php if (!empty($data['description']) || !empty($data['descriptionHtml'])) : ?>
         <div class="pb-3 fw-light">
-            <?= h($data['description']) ?>
+            <?= !empty($data['descriptionHtml']) ? $data['descriptionHtml'] : h($data['description']) ?>
         </div>
     <?php endif; ?>
-    <div class="panel col-lg-8">
+    <div class="panel col-lg-12">
         <?= $fieldsString ?>
     </div>
 
diff --git a/templates/element/genericElements/Form/formLayouts/formRaw.php b/templates/element/genericElements/Form/formLayouts/formRaw.php
index 1e445f7..8b66bae 100644
--- a/templates/element/genericElements/Form/formLayouts/formRaw.php
+++ b/templates/element/genericElements/Form/formLayouts/formRaw.php
@@ -1,6 +1,6 @@
-<?php if (!empty($data['description'])) : ?>
+<?php if (!empty($data['description']) || !empty($data['descriptionHtml'])) : ?>
     <div class="pb-3 fw-light">
-        <?= h($data['description']) ?>
+        <?= !empty($data['descriptionHtml']) ? $data['descriptionHtml'] : h($data['description']) ?>
     </div>
 <?php endif; ?>
 <?= $ajaxFlashMessage ?>

From 178a5b658f531ef2947d83ca83eb9fe7b0c1a232 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 12 Dec 2022 16:49:52 +0100
Subject: [PATCH 67/69] chg: [behavior:keycloak] Perform case insensitive
 comparison

For both cerebrate and keycloak users
---
 src/Model/Behavior/AuthKeycloakBehavior.php | 28 +++++++--------------
 1 file changed, 9 insertions(+), 19 deletions(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index 622c510..6b8904b 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -52,7 +52,7 @@ class AuthKeycloakBehavior extends Behavior
             ->where(['username' => $profile_payload[$fields['username']]])
             ->contain('Individuals')
             ->first();
-        if ($existingUser['individual']['email'] !== $profile_payload[$fields['email']]) {
+        if (mb_strtolower($existingUser['individual']['email']) !== mb_strtolower($profile_payload[$fields['email']])) {
             return false;
         }
         return $existingUser;
@@ -297,7 +297,6 @@ class AuthKeycloakBehavior extends Behavior
             'modified' => [],
         ];
         foreach ($users as &$user) {
-            $changed = false;
             if (empty($keycloakUsersParsed[$user['username']])) {
                 if ($this->createUser($user, $clientId)) {
                     $changes['created'][] = $user['username'];
@@ -355,16 +354,7 @@ class AuthKeycloakBehavior extends Behavior
 
     private function checkAndUpdateUser(array $keycloakUser, array $user): bool
     {
-        if (
-            $keycloakUser['enabled'] == $user['disabled'] ||
-            $keycloakUser['firstName'] !== $user['individual']['first_name'] ||
-            $keycloakUser['lastName'] !== $user['individual']['last_name'] ||
-            $keycloakUser['email'] !== $user['individual']['email'] ||
-            (empty($keycloakUser['attributes']['role_name']) || $keycloakUser['attributes']['role_name'] !== $user['role']['name']) ||
-            (empty($keycloakUser['attributes']['role_uuid']) || $keycloakUser['attributes']['role_uuid'] !== $user['role']['uuid']) ||
-            (empty($keycloakUser['attributes']['org_name']) || $keycloakUser['attributes']['org_name'] !== $user['organisation']['name']) ||
-            (empty($keycloakUser['attributes']['org_uuid']) || $keycloakUser['attributes']['org_uuid'] !== $user['organisation']['uuid'])
-        ) {
+        if ($this->checkKeycloakUserRequiresUpdate($keycloakUser, $user)) {
             $change = [
                 'enabled' => !$user['disabled'],
                 'firstName' => $user['individual']['first_name'],
@@ -416,13 +406,13 @@ class AuthKeycloakBehavior extends Behavior
     {
 
         $condEnabled = $keycloakUser['enabled'] == $user['disabled'];
-        $condFirstname = $keycloakUser['firstName'] !== $user['individual']['first_name'];
-        $condLastname = $keycloakUser['lastName'] !== $user['individual']['last_name'];
-        $condEmail = $keycloakUser['email'] !== $user['individual']['email'];
-        $condRolename = (empty($keycloakUser['attributes']['role_name']) || $keycloakUser['attributes']['role_name'] !== $user['role']['name']);
-        $condRoleuuid = (empty($keycloakUser['attributes']['role_uuid']) || $keycloakUser['attributes']['role_uuid'] !== $user['role']['uuid']);
-        $condOrgname = (empty($keycloakUser['attributes']['org_name']) || $keycloakUser['attributes']['org_name'] !== $user['organisation']['name']);
-        $condOrguuid = (empty($keycloakUser['attributes']['org_uuid']) || $keycloakUser['attributes']['org_uuid'] !== $user['organisation']['uuid']);
+        $condFirstname = mb_strtolower($keycloakUser['firstName']) !== mb_strtolower($user['individual']['first_name']);
+        $condLastname = mb_strtolower($keycloakUser['lastName']) !== mb_strtolower($user['individual']['last_name']);
+        $condEmail = mb_strtolower($keycloakUser['email']) !== mb_strtolower($user['individual']['email']);
+        $condRolename = (empty($keycloakUser['attributes']['role_name']) || mb_strtolower($keycloakUser['attributes']['role_name']) !== mb_strtolower($user['role']['name']));
+        $condRoleuuid = (empty($keycloakUser['attributes']['role_uuid']) || mb_strtolower($keycloakUser['attributes']['role_uuid']) !== mb_strtolower($user['role']['uuid']));
+        $condOrgname = (empty($keycloakUser['attributes']['org_name']) || mb_strtolower($keycloakUser['attributes']['org_name']) !== mb_strtolower($user['organisation']['name']));
+        $condOrguuid = (empty($keycloakUser['attributes']['org_uuid']) || mb_strtolower($keycloakUser['attributes']['org_uuid']) !== mb_strtolower($user['organisation']['uuid']));
         if ($condEnabled || $condFirstname || $condLastname || $condEmail || $condRolename || $condRoleuuid || $condOrgname || $condOrguuid) {
             if ($condEnabled) {
                 $differences['enabled'] = ['keycloak' => $keycloakUser['enabled'], 'cerebrate' => $user['disabled']];

From d293cb52f80529372bdd21279bc6d1f2db8db534 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 12 Dec 2022 16:56:51 +0100
Subject: [PATCH 68/69] chg: [behavior:keycloak] Gracefully handle issues while
 syncing with keycloak

---
 src/Model/Behavior/AuthKeycloakBehavior.php | 26 +++++++++++++++------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index 6b8904b..60bebbb 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -297,14 +297,26 @@ class AuthKeycloakBehavior extends Behavior
             'modified' => [],
         ];
         foreach ($users as &$user) {
-            if (empty($keycloakUsersParsed[$user['username']])) {
-                if ($this->createUser($user, $clientId)) {
-                    $changes['created'][] = $user['username'];
-                }
-            } else {
-                if ($this->checkAndUpdateUser($keycloakUsersParsed[$user['username']], $user)) {
-                    $changes['modified'][] = $user['username'];
+            try {
+                if (empty($keycloakUsersParsed[$user['username']])) {
+                    if ($this->createUser($user, $clientId)) {
+                        $changes['created'][] = $user['username'];
+                    }
+                } else {
+                    if ($this->checkAndUpdateUser($keycloakUsersParsed[$user['username']], $user)) {
+                        $changes['modified'][] = $user['username'];
+                    }
                 }
+            } catch (\Exception $e) {
+                $this->_table->auditLogs()->insert([
+                    'request_action' => 'syncUsers',
+                    'model' => 'User',
+                    'model_id' => 0,
+                    'model_title' => __('Failed to create or modify user ({0}) in keycloak', $user['username']),
+                    'changed' => [
+                        'message' => $e->getMessage(),
+                    ]
+                ]);
             }
         }
         return $changes;

From c700800d8c4b430c8e32ec680357cf82efb2b78f Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 13 Dec 2022 09:45:09 +0100
Subject: [PATCH 69/69] chg: [version] bump

---
 src/VERSION.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/VERSION.json b/src/VERSION.json
index a51d7e0..dd92104 100644
--- a/src/VERSION.json
+++ b/src/VERSION.json
@@ -1,4 +1,4 @@
 {
-    "version": "1.8",
+    "version": "1.9",
     "application": "Cerebrate"
 }