fix: [app] Prevent some ID overrides

pull/67/head
mokaddem 2021-06-28 14:49:38 +02:00
parent 15da5d067b
commit cf3a8653e1
9 changed files with 123 additions and 57 deletions

View File

@ -156,6 +156,27 @@ class BroodsController extends AppController
}
}
public function downloadSharingGroup($brood_id, $sg_id)
{
$result = $this->Broods->downloadSharingGroup($brood_id, $sg_id, $this->ACL->getUser()['id']);
$success = __('Sharing group fetched from remote.');
$fail = __('Could not save the remote sharing group');
if ($this->ParamHandler->isRest()) {
if ($result) {
return $this->RestResponse->saveSuccessResponse('Brood', 'downloadSharingGroup', $brood_id, 'json', $success);
} else {
return $this->RestResponse->saveFailResponse('Brood', 'downloadSharingGroup', $brood_id, $fail, 'json');
}
} else {
if ($result) {
$this->Flash->success($success);
} else {
$this->Flash->error($fail);
}
$this->redirect($this->referer());
}
}
public function interconnectTools()
{
$this->InboxProcessors = TableRegistry::getTableLocator()->get('InboxProcessors');

View File

@ -130,7 +130,7 @@ class CRUDComponent extends Component
if ($this->request->is('post')) {
$patchEntityParams = [
'associated' => [],
'accessibleFields' => ['uuid' => true],
'accessibleFields' => $data->getAccessibleFieldForNew(),
];
if (!empty($params['id'])) {
unset($params['id']);

View File

@ -12,4 +12,13 @@ class Individual extends AppModel
'id' => false,
'uuid' => false,
];
protected $_accessibleOnNew = [
'uuid' => true,
];
public function getAccessibleFieldForNew(): array
{
return $this->_accessibleOnNew;
}
}

View File

@ -7,5 +7,18 @@ use Cake\ORM\Entity;
class Organisation extends AppModel
{
protected $_accessible = [
'*' => true,
'id' => false,
'uuid' => false,
];
protected $_accessibleOnNew = [
'uuid' => true,
];
public function getAccessibleFieldForNew(): array
{
return $this->_accessibleOnNew;
}
}

View File

@ -0,0 +1,28 @@
<?php
namespace App\Model\Entity;
use App\Model\Entity\AppModel;
use Cake\ORM\Entity;
class SharingGroup extends AppModel
{
protected $_accessible = [
'*' => true,
'id' => false,
'uuid' => false,
'organisation_id' => false,
'user_id' => false,
];
protected $_accessibleOnNew = [
'uuid' => true,
'organisation_id' => true,
'user_id' => true,
];
public function getAccessibleFieldForNew(): array
{
return $this->_accessibleOnNew;
}
}

View File

@ -115,6 +115,7 @@ class BroodsTable extends AppTable
}
}
// TODO: Delete this function?
public function downloadAndCapture($brood_id, $object_id, $scope, $path)
{
$query = $this->find();
@ -122,7 +123,7 @@ class BroodsTable extends AppTable
if (empty($brood)) {
throw new NotFoundException(__('Brood not found'));
}
$response = $this->HTTPClientGET(sprintf('/%s/view/%s/index.json', $scope, $org_id), $brood);
$response = $this->HTTPClientGET(sprintf('/%s/view/%s.json', $scope, $org_id), $brood);
if ($response->isOk()) {
$org = $response->getJson();
$this->Organisation = TableRegistry::getTableLocator()->get('Organisations');
@ -140,7 +141,7 @@ class BroodsTable extends AppTable
if (empty($brood)) {
throw new NotFoundException(__('Brood not found'));
}
$response = $this->HTTPClientGET(sprintf('/organisations/view/%s/index.json', $org_id), $brood);
$response = $this->HTTPClientGET(sprintf('/organisations/view/%s.json', $org_id), $brood);
if ($response->isOk()) {
$org = $response->getJson();
$this->Organisation = TableRegistry::getTableLocator()->get('Organisations');
@ -158,7 +159,7 @@ class BroodsTable extends AppTable
if (empty($brood)) {
throw new NotFoundException(__('Brood not found'));
}
$response = $this->HTTPClientGET(sprintf('/individuals/view/%s/index.json', $individual_id), $brood);
$response = $this->HTTPClientGET(sprintf('/individuals/view/%s.json', $individual_id), $brood);
if ($response->isOk()) {
$individual = $response->getJson();
$this->Individuals = TableRegistry::getTableLocator()->get('Individuals');
@ -169,6 +170,24 @@ class BroodsTable extends AppTable
}
}
public function downloadSharingGroup($brood_id, $sg_id, $user_id)
{
$query = $this->find();
$brood = $query->where(['id' => $brood_id])->first();
if (empty($brood)) {
throw new NotFoundException(__('Brood not found'));
}
$response = $this->HTTPClientGET(sprintf('/sharing-groups/view/%s.json', $sg_id), $brood);
if ($response->isOk()) {
$individual = $response->getJson();
$this->SharingGroups = TableRegistry::getTableLocator()->get('SharingGroups');
$result = $this->SharingGroups->captureSharingGroup($individual, $user_id);
return $result;
} else {
return false;
}
}
public function queryLocalTools($brood_id)
{
$query = $this->find();

View File

@ -55,11 +55,10 @@ class IndividualsTable extends AppTable
return null;
}
if (empty($existingIndividual)) {
$entity = $this->newEmptyEntity();
$this->patchEntity($entity, $individual, [
'accessibleFields' => ['uuid' => true]
$entityToSave = $this->newEmptyEntity();
$this->patchEntity($entityToSave, $individual, [
'accessibleFields' => $entityToSave->getAccessibleFieldForNew()
]);
$entityToSave = $entity;
} else {
$this->patchEntity($existingIndividual, $individual);
$entityToSave = $existingIndividual;

View File

@ -55,9 +55,6 @@ class OrganisationsTable extends AppTable
public function captureOrg($org): ?int
{
if (!empty($org['id'])) {
unset($org['id']);
}
if (!empty($org['uuid'])) {
$existingOrg = $this->find()->where([
'uuid' => $org['uuid']
@ -66,27 +63,20 @@ class OrganisationsTable extends AppTable
return null;
}
if (empty($existingOrg)) {
$data = $this->newEmptyEntity();
$data = $this->patchEntity($data, $org, ['associated' => []]);
if (!$this->save($data)) {
return null;
}
$savedOrg = $data;
$entityToSave = $this->newEmptyEntity();
$this->patchEntity($entityToSave, $org, [
'accessibleFields' => $entityToSave->getAccessibleFieldForNew()
]);
} else {
$reserved = ['id', 'uuid', 'metaFields'];
foreach ($org as $field => $value) {
if (in_array($field, $reserved)) {
continue;
}
$existingOrg->$field = $value;
}
if (!$this->save($existingOrg)) {
return null;
}
$savedOrg = $existingOrg;
$this->patchEntity($existingOrg, $org);
$entityToSave = $existingOrg;
}
$this->postCaptureActions($savedOrg->id, $org);
return $savedOrg->id;
$savedEntity = $this->save($entityToSave, ['associated' => false]);
if (!$savedEntity) {
return null;
}
$this->postCaptureActions($savedEntity->id, $org);
return $savedEntity->id;
}
public function postCaptureActions($id, $org)

View File

@ -46,9 +46,6 @@ class SharingGroupsTable extends AppTable
public function captureSharingGroup($input, int $user_id = 0): ?int
{
if (!empty($input['id'])) {
unset($input['id']);
}
if (!empty($input['uuid'])) {
$existingSG = $this->find()->where([
'uuid' => $input['uuid']
@ -57,41 +54,31 @@ class SharingGroupsTable extends AppTable
return null;
}
if (empty($existingSG)) {
$data = $this->newEmptyEntity();
$entityToSave = $this->newEmptyEntity();
$input['organisation_id'] = $this->Organisations->captureOrg($input['organisation']);
$input['user_id'] = $user_id;
$data = $this->patchEntity($data, $input, ['associated' => []]);
if (!$this->save($data)) {
return null;
}
$savedSG = $data;
$this->patchEntity($entityToSave, $input, [
'accessibleFields' => $entityToSave->getAccessibleFieldForNew()
]);
} else {
$reserved = ['id', 'uuid', 'metaFields'];
foreach ($input as $field => $value) {
if (in_array($field, $reserved)) {
continue;
}
$existingSG->$field = $value;
}
if (!$this->save($existingSG)) {
return null;
}
$savedSG = $existingSG;
$this->patchEntity($existingSG, $input);
$entityToSave = $existingSG;
}
$this->postCaptureActions($savedSG->id, $input);
return $savedSG->id;
$savedEntity = $this->save($entityToSave, ['associated' => false]);
if (!$savedEntity) {
return null;
}
$this->postCaptureActions($savedEntity, $input);
return $savedEntity->id;
}
public function postCaptureActions($id, $input): void
public function postCaptureActions($savedEntity, $input): void
{
$sharingGroup = $this->find()->where([
'id' => $id
])->first();
$orgs = [];
foreach ($input['sharing_group_orgs'] as $sgo) {
$organisation_id = $this->Organisations->captureOrg($sgo);
$orgs[] = $this->SharingGroupOrgs->get($organisation_id);
}
$this->SharingGroupOrgs->link($sharingGroup, $orgs);
$this->SharingGroupOrgs->link($savedEntity, $orgs);
}
}