From cf3a8653e18886329c00727b2dcd221a6c6c03a3 Mon Sep 17 00:00:00 2001 From: mokaddem Date: Mon, 28 Jun 2021 14:49:38 +0200 Subject: [PATCH] fix: [app] Prevent some ID overrides --- src/Controller/BroodsController.php | 21 +++++++++++ src/Controller/Component/CRUDComponent.php | 2 +- src/Model/Entity/Individual.php | 9 +++++ src/Model/Entity/Organisation.php | 13 +++++++ src/Model/Entity/SharingGroup.php | 28 +++++++++++++++ src/Model/Table/BroodsTable.php | 25 +++++++++++-- src/Model/Table/IndividualsTable.php | 7 ++-- src/Model/Table/OrganisationsTable.php | 34 +++++++----------- src/Model/Table/SharingGroupsTable.php | 41 ++++++++-------------- 9 files changed, 123 insertions(+), 57 deletions(-) diff --git a/src/Controller/BroodsController.php b/src/Controller/BroodsController.php index 1c0a11b..94afeda 100644 --- a/src/Controller/BroodsController.php +++ b/src/Controller/BroodsController.php @@ -156,6 +156,27 @@ class BroodsController extends AppController } } + public function downloadSharingGroup($brood_id, $sg_id) + { + $result = $this->Broods->downloadSharingGroup($brood_id, $sg_id, $this->ACL->getUser()['id']); + $success = __('Sharing group fetched from remote.'); + $fail = __('Could not save the remote sharing group'); + if ($this->ParamHandler->isRest()) { + if ($result) { + return $this->RestResponse->saveSuccessResponse('Brood', 'downloadSharingGroup', $brood_id, 'json', $success); + } else { + return $this->RestResponse->saveFailResponse('Brood', 'downloadSharingGroup', $brood_id, $fail, 'json'); + } + } else { + if ($result) { + $this->Flash->success($success); + } else { + $this->Flash->error($fail); + } + $this->redirect($this->referer()); + } + } + public function interconnectTools() { $this->InboxProcessors = TableRegistry::getTableLocator()->get('InboxProcessors'); diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php index 8b77364..86bb1ec 100644 --- a/src/Controller/Component/CRUDComponent.php +++ b/src/Controller/Component/CRUDComponent.php @@ -130,7 +130,7 @@ class CRUDComponent extends Component if ($this->request->is('post')) { $patchEntityParams = [ 'associated' => [], - 'accessibleFields' => ['uuid' => true], + 'accessibleFields' => $data->getAccessibleFieldForNew(), ]; if (!empty($params['id'])) { unset($params['id']); diff --git a/src/Model/Entity/Individual.php b/src/Model/Entity/Individual.php index 471df36..dbcb03c 100644 --- a/src/Model/Entity/Individual.php +++ b/src/Model/Entity/Individual.php @@ -12,4 +12,13 @@ class Individual extends AppModel 'id' => false, 'uuid' => false, ]; + + protected $_accessibleOnNew = [ + 'uuid' => true, + ]; + + public function getAccessibleFieldForNew(): array + { + return $this->_accessibleOnNew; + } } diff --git a/src/Model/Entity/Organisation.php b/src/Model/Entity/Organisation.php index 89fb838..3428c34 100644 --- a/src/Model/Entity/Organisation.php +++ b/src/Model/Entity/Organisation.php @@ -7,5 +7,18 @@ use Cake\ORM\Entity; class Organisation extends AppModel { + protected $_accessible = [ + '*' => true, + 'id' => false, + 'uuid' => false, + ]; + protected $_accessibleOnNew = [ + 'uuid' => true, + ]; + + public function getAccessibleFieldForNew(): array + { + return $this->_accessibleOnNew; + } } diff --git a/src/Model/Entity/SharingGroup.php b/src/Model/Entity/SharingGroup.php index e69de29..e47ba4a 100644 --- a/src/Model/Entity/SharingGroup.php +++ b/src/Model/Entity/SharingGroup.php @@ -0,0 +1,28 @@ + true, + 'id' => false, + 'uuid' => false, + 'organisation_id' => false, + 'user_id' => false, + ]; + + protected $_accessibleOnNew = [ + 'uuid' => true, + 'organisation_id' => true, + 'user_id' => true, + ]; + + public function getAccessibleFieldForNew(): array + { + return $this->_accessibleOnNew; + } +} diff --git a/src/Model/Table/BroodsTable.php b/src/Model/Table/BroodsTable.php index c0a08b8..4502a76 100644 --- a/src/Model/Table/BroodsTable.php +++ b/src/Model/Table/BroodsTable.php @@ -115,6 +115,7 @@ class BroodsTable extends AppTable } } + // TODO: Delete this function? public function downloadAndCapture($brood_id, $object_id, $scope, $path) { $query = $this->find(); @@ -122,7 +123,7 @@ class BroodsTable extends AppTable if (empty($brood)) { throw new NotFoundException(__('Brood not found')); } - $response = $this->HTTPClientGET(sprintf('/%s/view/%s/index.json', $scope, $org_id), $brood); + $response = $this->HTTPClientGET(sprintf('/%s/view/%s.json', $scope, $org_id), $brood); if ($response->isOk()) { $org = $response->getJson(); $this->Organisation = TableRegistry::getTableLocator()->get('Organisations'); @@ -140,7 +141,7 @@ class BroodsTable extends AppTable if (empty($brood)) { throw new NotFoundException(__('Brood not found')); } - $response = $this->HTTPClientGET(sprintf('/organisations/view/%s/index.json', $org_id), $brood); + $response = $this->HTTPClientGET(sprintf('/organisations/view/%s.json', $org_id), $brood); if ($response->isOk()) { $org = $response->getJson(); $this->Organisation = TableRegistry::getTableLocator()->get('Organisations'); @@ -158,7 +159,7 @@ class BroodsTable extends AppTable if (empty($brood)) { throw new NotFoundException(__('Brood not found')); } - $response = $this->HTTPClientGET(sprintf('/individuals/view/%s/index.json', $individual_id), $brood); + $response = $this->HTTPClientGET(sprintf('/individuals/view/%s.json', $individual_id), $brood); if ($response->isOk()) { $individual = $response->getJson(); $this->Individuals = TableRegistry::getTableLocator()->get('Individuals'); @@ -169,6 +170,24 @@ class BroodsTable extends AppTable } } + public function downloadSharingGroup($brood_id, $sg_id, $user_id) + { + $query = $this->find(); + $brood = $query->where(['id' => $brood_id])->first(); + if (empty($brood)) { + throw new NotFoundException(__('Brood not found')); + } + $response = $this->HTTPClientGET(sprintf('/sharing-groups/view/%s.json', $sg_id), $brood); + if ($response->isOk()) { + $individual = $response->getJson(); + $this->SharingGroups = TableRegistry::getTableLocator()->get('SharingGroups'); + $result = $this->SharingGroups->captureSharingGroup($individual, $user_id); + return $result; + } else { + return false; + } + } + public function queryLocalTools($brood_id) { $query = $this->find(); diff --git a/src/Model/Table/IndividualsTable.php b/src/Model/Table/IndividualsTable.php index 79c6982..da73d92 100644 --- a/src/Model/Table/IndividualsTable.php +++ b/src/Model/Table/IndividualsTable.php @@ -55,11 +55,10 @@ class IndividualsTable extends AppTable return null; } if (empty($existingIndividual)) { - $entity = $this->newEmptyEntity(); - $this->patchEntity($entity, $individual, [ - 'accessibleFields' => ['uuid' => true] + $entityToSave = $this->newEmptyEntity(); + $this->patchEntity($entityToSave, $individual, [ + 'accessibleFields' => $entityToSave->getAccessibleFieldForNew() ]); - $entityToSave = $entity; } else { $this->patchEntity($existingIndividual, $individual); $entityToSave = $existingIndividual; diff --git a/src/Model/Table/OrganisationsTable.php b/src/Model/Table/OrganisationsTable.php index c23ee7b..8587864 100644 --- a/src/Model/Table/OrganisationsTable.php +++ b/src/Model/Table/OrganisationsTable.php @@ -55,9 +55,6 @@ class OrganisationsTable extends AppTable public function captureOrg($org): ?int { - if (!empty($org['id'])) { - unset($org['id']); - } if (!empty($org['uuid'])) { $existingOrg = $this->find()->where([ 'uuid' => $org['uuid'] @@ -66,27 +63,20 @@ class OrganisationsTable extends AppTable return null; } if (empty($existingOrg)) { - $data = $this->newEmptyEntity(); - $data = $this->patchEntity($data, $org, ['associated' => []]); - if (!$this->save($data)) { - return null; - } - $savedOrg = $data; + $entityToSave = $this->newEmptyEntity(); + $this->patchEntity($entityToSave, $org, [ + 'accessibleFields' => $entityToSave->getAccessibleFieldForNew() + ]); } else { - $reserved = ['id', 'uuid', 'metaFields']; - foreach ($org as $field => $value) { - if (in_array($field, $reserved)) { - continue; - } - $existingOrg->$field = $value; - } - if (!$this->save($existingOrg)) { - return null; - } - $savedOrg = $existingOrg; + $this->patchEntity($existingOrg, $org); + $entityToSave = $existingOrg; } - $this->postCaptureActions($savedOrg->id, $org); - return $savedOrg->id; + $savedEntity = $this->save($entityToSave, ['associated' => false]); + if (!$savedEntity) { + return null; + } + $this->postCaptureActions($savedEntity->id, $org); + return $savedEntity->id; } public function postCaptureActions($id, $org) diff --git a/src/Model/Table/SharingGroupsTable.php b/src/Model/Table/SharingGroupsTable.php index 41cf20c..6f18157 100644 --- a/src/Model/Table/SharingGroupsTable.php +++ b/src/Model/Table/SharingGroupsTable.php @@ -46,9 +46,6 @@ class SharingGroupsTable extends AppTable public function captureSharingGroup($input, int $user_id = 0): ?int { - if (!empty($input['id'])) { - unset($input['id']); - } if (!empty($input['uuid'])) { $existingSG = $this->find()->where([ 'uuid' => $input['uuid'] @@ -57,41 +54,31 @@ class SharingGroupsTable extends AppTable return null; } if (empty($existingSG)) { - $data = $this->newEmptyEntity(); + $entityToSave = $this->newEmptyEntity(); $input['organisation_id'] = $this->Organisations->captureOrg($input['organisation']); $input['user_id'] = $user_id; - $data = $this->patchEntity($data, $input, ['associated' => []]); - if (!$this->save($data)) { - return null; - } - $savedSG = $data; + $this->patchEntity($entityToSave, $input, [ + 'accessibleFields' => $entityToSave->getAccessibleFieldForNew() + ]); } else { - $reserved = ['id', 'uuid', 'metaFields']; - foreach ($input as $field => $value) { - if (in_array($field, $reserved)) { - continue; - } - $existingSG->$field = $value; - } - if (!$this->save($existingSG)) { - return null; - } - $savedSG = $existingSG; + $this->patchEntity($existingSG, $input); + $entityToSave = $existingSG; } - $this->postCaptureActions($savedSG->id, $input); - return $savedSG->id; + $savedEntity = $this->save($entityToSave, ['associated' => false]); + if (!$savedEntity) { + return null; + } + $this->postCaptureActions($savedEntity, $input); + return $savedEntity->id; } - public function postCaptureActions($id, $input): void + public function postCaptureActions($savedEntity, $input): void { - $sharingGroup = $this->find()->where([ - 'id' => $id - ])->first(); $orgs = []; foreach ($input['sharing_group_orgs'] as $sgo) { $organisation_id = $this->Organisations->captureOrg($sgo); $orgs[] = $this->SharingGroupOrgs->get($organisation_id); } - $this->SharingGroupOrgs->link($sharingGroup, $orgs); + $this->SharingGroupOrgs->link($savedEntity, $orgs); } }