Merge branch 'develop' into add-inter-connection-tests

pull/86/head
Luciano Righetti 2022-01-26 15:31:49 +01:00
commit d91a362e99
30 changed files with 321 additions and 84 deletions

View File

@ -110,6 +110,14 @@ class ResendFailedMessageProcessor extends BroodsOutboxProcessor implements Gene
$dataSent = $outboxRequest->data['sent']; $dataSent = $outboxRequest->data['sent'];
$response = $this->Broods->sendRequest($brood, $url, true, $dataSent); $response = $this->Broods->sendRequest($brood, $url, true, $dataSent);
$jsonReply = $response->getJson(); $jsonReply = $response->getJson();
if (is_null($jsonReply)) {
$jsonReply = [
'success' => false,
'errors' => [
__('Brood returned an invalid JSON.')
]
];
}
$success = !empty($jsonReply['success']); $success = !empty($jsonReply['success']);
$messageSuccess = __('Message successfully sent to `{0}`', $brood->name); $messageSuccess = __('Message successfully sent to `{0}`', $brood->name);
$messageFail = __('Could not send message to `{0}`.', $brood->name); $messageFail = __('Could not send message to `{0}`.', $brood->name);
@ -126,7 +134,7 @@ class ResendFailedMessageProcessor extends BroodsOutboxProcessor implements Gene
[], [],
$success, $success,
$success ? $messageSuccess : $messageFail, $success ? $messageSuccess : $messageFail,
[] $jsonReply['errors'] ?? []
); );
} }

View File

@ -110,6 +110,7 @@ class AppController extends Controller
} }
unset($user['password']); unset($user['password']);
$this->ACL->setUser($user); $this->ACL->setUser($user);
$this->Navigation->genBreadcrumbs($user);
$this->request->getSession()->write('authUser', $user); $this->request->getSession()->write('authUser', $user);
$this->isAdmin = $user['role']['perm_admin']; $this->isAdmin = $user['role']['perm_admin'];
if (!$this->ParamHandler->isRest()) { if (!$this->ParamHandler->isRest()) {

View File

@ -188,12 +188,12 @@ class ACLComponent extends Component
'add' => ['*'], 'add' => ['*'],
'edit' => ['*'], 'edit' => ['*'],
'delete' => ['*'], 'delete' => ['*'],
'getSettingByName' => ['*'], 'getMySettingByName' => ['*'],
'setSetting' => ['*'], 'setMySetting' => ['*'],
'saveSetting' => ['*'], 'saveSetting' => ['*'],
'getBookmarks' => ['*'], 'getMyBookmarks' => ['*'],
'saveBookmark' => ['*'], 'saveMyBookmark' => ['*'],
'deleteBookmark' => ['*'] 'deleteMyBookmark' => ['*']
], ],
'Api' => [ 'Api' => [
'index' => ['*'] 'index' => ['*']
@ -277,9 +277,29 @@ class ACLComponent extends Component
$this->user = $user; $this->user = $user;
} }
public function getUser(): User public function getUser(): ?User
{ {
return $this->user; if (!empty($this->user)) {
return $this->user;
}
return null;
}
public function canEditUser(User $currentUser, User $user): bool
{
if (empty($user) || empty($currentUser)) {
return false;
}
if (!$currentUser['role']['perm_admin']) {
if (!$currentUser['role']['perm_org_admin']) {
return false;
} else {
if ($currentUser['organisation_id'] !== $user['organisation_id']) {
return false;
}
}
}
return true;
} }
/* /*

View File

@ -88,7 +88,7 @@ class CRUDComponent extends Component
$this->Controller->restResponsePayload = $this->RestResponse->viewData($data, 'json'); $this->Controller->restResponsePayload = $this->RestResponse->viewData($data, 'json');
} else { } else {
$this->Controller->loadComponent('Paginator'); $this->Controller->loadComponent('Paginator');
$data = $this->Controller->Paginator->paginate($query); $data = $this->Controller->Paginator->paginate($query, $this->Controller->paginate ?? []);
if (isset($options['afterFind'])) { if (isset($options['afterFind'])) {
$function = $options['afterFind']; $function = $options['afterFind'];
if (is_callable($options['afterFind'])) { if (is_callable($options['afterFind'])) {
@ -157,9 +157,6 @@ class CRUDComponent extends Component
{ {
$this->getMetaTemplates(); $this->getMetaTemplates();
$data = $this->Table->newEmptyEntity(); $data = $this->Table->newEmptyEntity();
if (!empty($params['fields'])) {
$this->Controller->set('fields', $params['fields']);
}
if ($this->request->is('post')) { if ($this->request->is('post')) {
$patchEntityParams = [ $patchEntityParams = [
'associated' => [], 'associated' => [],
@ -223,6 +220,9 @@ class CRUDComponent extends Component
} }
} }
} }
if (!empty($params['fields'])) {
$this->Controller->set('fields', $params['fields']);
}
$this->Controller->entity = $data; $this->Controller->entity = $data;
$this->Controller->set('entity', $data); $this->Controller->set('entity', $data);
} }
@ -295,13 +295,13 @@ class CRUDComponent extends Component
$data->where($params['conditions']); $data->where($params['conditions']);
} }
$data = $data->first(); $data = $data->first();
if (isset($params['afterFind'])) {
$data = $params['afterFind']($data, $params);
}
if (empty($data)) { if (empty($data)) {
throw new NotFoundException(__('Invalid {0}.', $this->ObjectAlias)); throw new NotFoundException(__('Invalid {0}.', $this->ObjectAlias));
} }
$data = $this->getMetaFields($id, $data); $data = $this->getMetaFields($id, $data);
if (!empty($params['fields'])) {
$this->Controller->set('fields', $params['fields']);
}
if ($this->request->is(['post', 'put'])) { if ($this->request->is(['post', 'put'])) {
$patchEntityParams = [ $patchEntityParams = [
'associated' => [] 'associated' => []
@ -352,6 +352,9 @@ class CRUDComponent extends Component
} }
} }
} }
if (!empty($params['fields'])) {
$this->Controller->set('fields', $params['fields']);
}
$this->Controller->entity = $data; $this->Controller->entity = $data;
$this->Controller->set('entity', $data); $this->Controller->set('entity', $data);
} }
@ -469,7 +472,11 @@ class CRUDComponent extends Component
} }
$data = $data->first(); $data = $data->first();
if (isset($params['beforeSave'])) { if (isset($params['beforeSave'])) {
$data = $params['beforeSave']($data); try {
$data = $params['beforeSave']($data);
} catch (Exception $e) {
$data = false;
}
} }
if (!empty($data)) { if (!empty($data)) {
$success = $this->Table->delete($data); $success = $this->Table->delete($data);

View File

@ -1,7 +1,7 @@
<?php <?php
namespace BreadcrumbNavigation; namespace BreadcrumbNavigation;
require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 'base.php'); require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 'base.php');
class UsersNavigation extends BaseNavigation class UsersNavigation extends BaseNavigation
{ {
@ -24,17 +24,21 @@ class UsersNavigation extends BaseNavigation
$bcf = $this->bcf; $bcf = $this->bcf;
$request = $this->request; $request = $this->request;
$passedData = $this->request->getParam('pass'); $passedData = $this->request->getParam('pass');
$this->bcf->addLink('Users', 'view', 'UserSettings', 'index', function ($config) use ($bcf, $request, $passedData) { $currentUser = $this->currentUser;
if (!empty($passedData[0])) { $ownUser = (!empty($passedData[0]) && $passedData[0] === $currentUser['id']);
$user_id = $passedData[0]; if ($ownUser) {
$linkData = [ $this->bcf->addLink('Users', 'view', 'UserSettings', 'index', function ($config) use ($bcf, $request, $passedData, $currentUser) {
'label' => __('Account settings', h($user_id)), if (!empty($passedData[0])) {
'url' => sprintf('/users/settings/%s', h($user_id)) $user_id = $passedData[0];
]; $linkData = [
return $linkData; 'label' => __('Account settings', h($user_id)),
} 'url' => sprintf('/users/settings/%s', h($user_id))
return []; ];
}); return $linkData;
}
return [];
});
}
$this->bcf->addLink('Users', 'view', 'UserSettings', 'index', function ($config) use ($bcf, $request, $passedData) { $this->bcf->addLink('Users', 'view', 'UserSettings', 'index', function ($config) use ($bcf, $request, $passedData) {
if (!empty($passedData[0])) { if (!empty($passedData[0])) {
$user_id = $passedData[0]; $user_id = $passedData[0];

View File

@ -5,6 +5,7 @@ class BaseNavigation
{ {
protected $bcf; protected $bcf;
protected $request; protected $request;
public $currentUser;
public function __construct($bcf, $request) public function __construct($bcf, $request)
{ {
@ -12,8 +13,13 @@ class BaseNavigation
$this->request = $request; $this->request = $request;
} }
public function setCurrentUser($currentUser)
{
$this->currentUser = $currentUser;
}
public function addRoutes() {} public function addRoutes() {}
public function addParents() {} public function addParents() {}
public function addLinks() {} public function addLinks() {}
public function addActions() {} public function addActions() {}
} }

View File

@ -17,8 +17,9 @@ require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . 's
class NavigationComponent extends Component class NavigationComponent extends Component
{ {
private $user = null; private $currentUser = null;
public $breadcrumb = null; public $breadcrumb = null;
public $fullBreadcrumb = null;
public $iconToTableMapping = [ public $iconToTableMapping = [
'Individuals' => 'address-book', 'Individuals' => 'address-book',
'Organisations' => 'building', 'Organisations' => 'building',
@ -42,10 +43,10 @@ class NavigationComponent extends Component
$this->request = $config['request']; $this->request = $config['request'];
} }
public function beforeFilter($event) public function genBreadcrumbs(\App\Model\Entity\User $user)
{ {
$this->fullBreadcrumb = $this->genBreadcrumb(); $this->currentUser = $user;
$this->breadcrumb = $this->getBreadcrumb(); $this->breadcrumb = $this->fullBreadcrumb = $this->genBreadcrumb();
} }
public function getSideMenu(): array public function getSideMenu(): array
@ -56,7 +57,7 @@ class NavigationComponent extends Component
return $sidemenu; return $sidemenu;
} }
public function addUserBookmarks($sidemenu): array public function addUserBookmarks($sidemenu): array
{ {
$bookmarks = $this->getUserBookmarks(); $bookmarks = $this->getUserBookmarks();
@ -81,7 +82,7 @@ class NavigationComponent extends Component
}, $bookmarks); }, $bookmarks);
return $links; return $links;
} }
public function getBreadcrumb(): array public function getBreadcrumb(): array
{ {
$controller = $this->request->getParam('controller'); $controller = $this->request->getParam('controller');
@ -141,6 +142,7 @@ class NavigationComponent extends Component
require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . $navigationFile); require_once(APP . 'Controller' . DS . 'Component' . DS . 'Navigation' . DS . $navigationFile);
$reflection = new \ReflectionClass("BreadcrumbNavigation\\{$navigationClassname}Navigation"); $reflection = new \ReflectionClass("BreadcrumbNavigation\\{$navigationClassname}Navigation");
$navigationClasses[$navigationClassname] = $reflection->newInstance($bcf, $request); $navigationClasses[$navigationClassname] = $reflection->newInstance($bcf, $request);
$navigationClasses[$navigationClassname]->setCurrentUser($this->currentUser);
} }
return $navigationClasses; return $navigationClasses;
} }
@ -284,7 +286,7 @@ class BreadcrumbFactory
$this->addLink($controller, 'view', $controller, 'edit'); $this->addLink($controller, 'view', $controller, 'edit');
$this->addLink($controller, 'edit', $controller, 'view'); $this->addLink($controller, 'edit', $controller, 'view');
$this->addSelfLink($controller, 'edit'); $this->addSelfLink($controller, 'edit');
$this->addAction($controller, 'view', $controller, 'add'); $this->addAction($controller, 'view', $controller, 'add');
$this->addAction($controller, 'view', $controller, 'delete'); $this->addAction($controller, 'view', $controller, 'delete');
$this->addAction($controller, 'edit', $controller, 'add'); $this->addAction($controller, 'edit', $controller, 'add');

View File

@ -20,6 +20,12 @@ class InboxController extends AppController
public $quickFilterFields = ['scope', 'action', ['title' => true], ['comment' => true]]; public $quickFilterFields = ['scope', 'action', ['title' => true], ['comment' => true]];
public $containFields = ['Users']; public $containFields = ['Users'];
public $paginate = [
'order' => [
'Inbox.created' => 'desc'
]
];
public function beforeFilter(EventInterface $event) public function beforeFilter(EventInterface $event)
{ {
parent::beforeFilter($event); parent::beforeFilter($event);

View File

@ -304,7 +304,17 @@ class LocalToolsController extends AppController
throw new MethodNotAllowedException(__('No local tool ID supplied.')); throw new MethodNotAllowedException(__('No local tool ID supplied.'));
} }
$params['local_tool_id'] = $postParams['local_tool_id']; $params['local_tool_id'] = $postParams['local_tool_id'];
$encodingResult = $this->LocalTools->encodeConnection($params); try {
$encodingResult = $this->LocalTools->encodeConnection($params);
} catch (\Exception $e) {
$encodingResult = [
'inboxResult' => [
'success' => false,
'message' => __('Error while trying to encode connection'),
'errors' => [$e->getMessage()],
],
];
}
$inboxResult = $encodingResult['inboxResult']; $inboxResult = $encodingResult['inboxResult'];
if ($inboxResult['success']) { if ($inboxResult['success']) {
if ($this->ParamHandler->isRest()) { if ($this->ParamHandler->isRest()) {

View File

@ -71,6 +71,7 @@ class SharingGroupsController extends AppController
if (empty($currentUser['role']['perm_admin'])) { if (empty($currentUser['role']['perm_admin'])) {
$params['conditions'] = ['organisation_id' => $currentUser['organisation_id']]; $params['conditions'] = ['organisation_id' => $currentUser['organisation_id']];
} }
$params['fields'] = ['name', 'releasability', 'description', 'active'];
$this->CRUD->edit($id, $params); $this->CRUD->edit($id, $params);
$responsePayload = $this->CRUD->getResponsePayload(); $responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) { if (!empty($responsePayload)) {

View File

@ -124,7 +124,13 @@ class UserSettingsController extends AppController
} }
} }
public function getSettingByName($settingsName) /**
* Get a setting by name for the currently logged-in user
*
* @param [type] $settingsName
* @return void
*/
public function getMySettingByName($settingsName)
{ {
$setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $settingsName); $setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $settingsName);
if (is_null($setting)) { if (is_null($setting)) {
@ -140,7 +146,7 @@ class UserSettingsController extends AppController
$this->render('view'); $this->render('view');
} }
public function setSetting($settingsName = false) public function setMySetting($settingsName = false)
{ {
if (!$this->request->is('get')) { if (!$this->request->is('get')) {
$setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $settingsName); $setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $settingsName);
@ -160,22 +166,23 @@ class UserSettingsController extends AppController
$this->set('settingName', $settingsName); $this->set('settingName', $settingsName);
} }
public function saveSetting() public function saveSetting($user_id = false)
{ {
$user = $this->getRequestedUserIfAllowed($user_id);
if ($this->request->is('post')) { if ($this->request->is('post')) {
$data = $this->ParamHandler->harvestParams([ $data = $this->ParamHandler->harvestParams([
'name', 'name',
'value' 'value'
]); ]);
$setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $data['name']); $setting = $this->UserSettings->getSettingByName($user, $data['name']);
if (is_null($setting)) { // setting not found, create it if (is_null($setting)) { // setting not found, create it
$result = $this->UserSettings->createSetting($this->ACL->getUser(), $data['name'], $data['value']); $result = $this->UserSettings->createSetting($user, $data['name'], $data['value']);
} else { } else {
$result = $this->UserSettings->editSetting($this->ACL->getUser(), $data['name'], $data['value']); $result = $this->UserSettings->editSetting($user, $data['name'], $data['value']);
} }
$success = !empty($result); $success = !empty($result);
$message = $success ? __('Setting saved') : __('Could not save setting'); $message = $success ? __('Setting saved') : __('Could not save setting');
$this->CRUD->setResponseForController('setSetting', $success, $message, $result); $this->CRUD->setResponseForController('saveSetting', $success, $message, $result);
$responsePayload = $this->CRUD->getResponsePayload(); $responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
@ -183,7 +190,7 @@ class UserSettingsController extends AppController
} }
} }
public function getBookmarks($forSidebar = false) public function getMyBookmarks($forSidebar = false)
{ {
$bookmarks = $this->UserSettings->getSettingByName($this->ACL->getUser(), $this->UserSettings->BOOKMARK_SETTING_NAME); $bookmarks = $this->UserSettings->getSettingByName($this->ACL->getUser(), $this->UserSettings->BOOKMARK_SETTING_NAME);
$bookmarks = json_decode($bookmarks['value'], true); $bookmarks = json_decode($bookmarks['value'], true);
@ -193,7 +200,7 @@ class UserSettingsController extends AppController
$this->render('/element/UserSettings/saved-bookmarks'); $this->render('/element/UserSettings/saved-bookmarks');
} }
public function saveBookmark() public function saveMyBookmark()
{ {
if (!$this->request->is('get')) { if (!$this->request->is('get')) {
$result = $this->UserSettings->saveBookmark($this->ACL->getUser(), $this->request->getData()); $result = $this->UserSettings->saveBookmark($this->ACL->getUser(), $this->request->getData());
@ -208,7 +215,7 @@ class UserSettingsController extends AppController
$this->set('user_id', $this->ACL->getUser()->id); $this->set('user_id', $this->ACL->getUser()->id);
} }
public function deleteBookmark() public function deleteMyBookmark()
{ {
if (!$this->request->is('get')) { if (!$this->request->is('get')) {
$result = $this->UserSettings->deleteBookmark($this->ACL->getUser(), $this->request->getData()); $result = $this->UserSettings->deleteBookmark($this->ACL->getUser(), $this->request->getData());
@ -248,4 +255,26 @@ class UserSettingsController extends AppController
} }
return $isAllowed; return $isAllowed;
} }
/**
* Return the requested user if user permissions allow it. Otherwise, return the user currently logged-in
*
* @param bool|int $user_id
* @return void
*/
private function getRequestedUserIfAllowed($user_id = false)
{
$currentUser = $this->ACL->getUser();
if (is_bool($user_id)) {
return $currentUser;
}
if (!empty($currentUser['role']['perm_admin'])) {
$user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations']
]);
} else {
$user = $currentUser;
}
return $user;
}
} }

View File

@ -33,16 +33,30 @@ class UsersController extends AppController
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
return $responsePayload; return $responsePayload;
} }
$this->set(
'validRoles',
$this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0])->all()->toArray()
);
$this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate'); $this->set('metaGroup', $this->isAdmin ? 'Administration' : 'Cerebrate');
} }
public function add() public function add()
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$validRoles = [];
if (!$currentUser['role']['perm_admin']) {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0])->all()->toArray();
} else {
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
}
$this->CRUD->add([ $this->CRUD->add([
'beforeSave' => function($data) use ($currentUser) { 'beforeSave' => function($data) use ($currentUser, $validRoles) {
if (!$currentUser['role']['perm_admin']) { if (!$currentUser['role']['perm_admin']) {
$data['organisation_id'] = $currentUser['organisation_id']; $data['organisation_id'] = $currentUser['organisation_id'];
if (!in_array($data['role_id'], array_keys($validRoles))) {
throw new MethodNotAllowedException(__('You do not have permission to assign that role.'));
}
} }
$this->Users->enrollUserRouter($data); $this->Users->enrollUserRouter($data);
return $data; return $data;
@ -65,9 +79,7 @@ class UsersController extends AppController
$org_conditions = ['id' => $currentUser['organisation_id']]; $org_conditions = ['id' => $currentUser['organisation_id']];
} }
$dropdownData = [ $dropdownData = [
'role' => $this->Users->Roles->find('list', [ 'role' => $validRoles,
'sort' => ['name' => 'asc']
]),
'individual' => $this->Users->Individuals->find('list', [ 'individual' => $this->Users->Individuals->find('list', [
'sort' => ['email' => 'asc'] 'sort' => ['email' => 'asc']
]), ]),
@ -82,7 +94,8 @@ class UsersController extends AppController
public function view($id = false) public function view($id = false)
{ {
if (empty($id) || empty($this->ACL->getUser()['role']['perm_admin'])) { $currentUser = $this->ACL->getUser();
if (empty($id) || (empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
$id = $this->ACL->getUser()['id']; $id = $this->ACL->getUser()['id'];
} }
$this->CRUD->view($id, [ $this->CRUD->view($id, [
@ -98,6 +111,12 @@ class UsersController extends AppController
public function edit($id = false) public function edit($id = false)
{ {
$currentUser = $this->ACL->getUser(); $currentUser = $this->ACL->getUser();
$validRoles = [];
if (!$currentUser['role']['perm_admin']) {
$validRoles = $this->Users->Roles->find('list')->select(['id', 'name'])->order(['name' => 'asc'])->where(['perm_admin' => 0])->all()->toArray();
} else {
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
}
if (empty($id)) { if (empty($id)) {
$id = $currentUser['id']; $id = $currentUser['id'];
} else { } else {
@ -128,6 +147,21 @@ class UsersController extends AppController
$params['fields'][] = 'role_id'; $params['fields'][] = 'role_id';
$params['fields'][] = 'organisation_id'; $params['fields'][] = 'organisation_id';
$params['fields'][] = 'disabled'; $params['fields'][] = 'disabled';
} else if (!empty($this->ACL->getUser()['role']['perm_org_admin'])) {
$params['fields'][] = 'username';
$params['fields'][] = 'role_id';
$params['fields'][] = 'disabled';
if (!$currentUser['role']['perm_admin']) {
$params['afterFind'] = function ($data, &$params) use ($currentUser, $validRoles) {
if (!in_array($data['role_id'], array_keys($validRoles))) {
throw new MethodNotAllowedException(__('You cannot edit the given privileged user.'));
}
if ($data['organisation_id'] !== $currentUser['organisation_id']) {
throw new MethodNotAllowedException(__('You cannot edit the given user.'));
}
return $data;
};
}
} }
$this->CRUD->edit($id, $params); $this->CRUD->edit($id, $params);
$responsePayload = $this->CRUD->getResponsePayload(); $responsePayload = $this->CRUD->getResponsePayload();
@ -135,9 +169,7 @@ class UsersController extends AppController
return $responsePayload; return $responsePayload;
} }
$dropdownData = [ $dropdownData = [
'role' => $this->Users->Roles->find('list', [ 'role' => $validRoles,
'sort' => ['name' => 'asc']
]),
'individual' => $this->Users->Individuals->find('list', [ 'individual' => $this->Users->Individuals->find('list', [
'sort' => ['email' => 'asc'] 'sort' => ['email' => 'asc']
]), ]),
@ -161,6 +193,23 @@ class UsersController extends AppController
public function delete($id) public function delete($id)
{ {
$validRoles = [];
if (!$currentUser['role']['perm_admin']) {
$validRoles = $this->Users->Roles->find('list')->order(['name' => 'asc'])->all()->toArray();
}
$params = [
'beforeSave' => function($data) use ($currentUser, $validRoles) {
if (!$currentUser['role']['perm_admin']) {
if ($data['organisation_id'] !== $currentUser['organisation_id']) {
throw new MethodNotAllowedException(__('You do not have permission to remove the given user.'));
}
if (!in_array($data['role_id'], array_keys($validRoles))) {
throw new MethodNotAllowedException(__('You do not have permission to remove the given user.'));
}
}
return $data;
}
];
$this->CRUD->delete($id); $this->CRUD->delete($id);
$responsePayload = $this->CRUD->getResponsePayload(); $responsePayload = $this->CRUD->getResponsePayload();
if (!empty($responsePayload)) { if (!empty($responsePayload)) {
@ -218,10 +267,21 @@ class UsersController extends AppController
} }
} }
public function settings() public function settings($user_id=false)
{ {
$this->set('user', $this->ACL->getUser()); $editingAnotherUser = false;
$all = $this->Users->UserSettings->getSettingsFromProviderForUser($this->ACL->getUser()['id'], true); $currentUser = $this->ACL->getUser();
if (empty($currentUser['role']['perm_admin']) || $user_id == $currentUser->id) {
$user = $currentUser;
} else {
$user = $this->Users->get($user_id, [
'contain' => ['Roles', 'Individuals' => 'Organisations', 'Organisations', 'UserSettings']
]);
$editingAnotherUser = true;
}
$this->set('editingAnotherUser', $editingAnotherUser);
$this->set('user', $user);
$all = $this->Users->UserSettings->getSettingsFromProviderForUser($user->id, true);
$this->set('settingsProvider', $all['settingsProvider']); $this->set('settingsProvider', $all['settingsProvider']);
$this->set('settings', $all['settings']); $this->set('settings', $all['settings']);
$this->set('settingsFlattened', $all['settingsFlattened']); $this->set('settingsFlattened', $all['settingsFlattened']);

View File

@ -526,6 +526,7 @@ class MispConnector extends CommonConnectorTools
] ]
], ],
'actions' => [ 'actions' => [
/*
[ [
'open_modal' => '/localTools/action/' . h($params['connection']['id']) . '/editUser?id={{0}}', 'open_modal' => '/localTools/action/' . h($params['connection']['id']) . '/editUser?id={{0}}',
'modal_params_data_path' => ['User.id'], 'modal_params_data_path' => ['User.id'],
@ -538,6 +539,7 @@ class MispConnector extends CommonConnectorTools
'icon' => 'trash', 'icon' => 'trash',
'reload_url' => '/localTools/action/' . h($params['connection']['id']) . '/serversAction' 'reload_url' => '/localTools/action/' . h($params['connection']['id']) . '/serversAction'
] ]
*/
], ],
'title' => false, 'title' => false,
'description' => false, 'description' => false,

View File

@ -10,5 +10,10 @@ class Organisation extends AppModel
protected $_accessible = [ protected $_accessible = [
'*' => true, '*' => true,
'id' => false, 'id' => false,
'created' => false
];
protected $_accessibleOnNew = [
'created' => true
]; ];
} }

View File

@ -46,4 +46,9 @@ class AppTable extends Table
} }
} }
} }
public function isValidUrl($value, array $context): bool
{
return filter_var($value, FILTER_VALIDATE_URL);
}
} }

View File

@ -9,6 +9,7 @@ use Cake\Core\Configure;
use Cake\Http\Client; use Cake\Http\Client;
use Cake\Http\Client\Response; use Cake\Http\Client\Response;
use Cake\Http\Exception\NotFoundException; use Cake\Http\Exception\NotFoundException;
use Cake\Http\Client\Exception\NetworkException;
use Cake\ORM\TableRegistry; use Cake\ORM\TableRegistry;
use Cake\Error\Debugger; use Cake\Error\Debugger;
@ -32,7 +33,11 @@ class BroodsTable extends AppTable
->requirePresence(['name', 'url', 'organisation_id'], 'create') ->requirePresence(['name', 'url', 'organisation_id'], 'create')
->notEmptyString('name') ->notEmptyString('name')
->notEmptyString('url') ->notEmptyString('url')
->url('url', __('The provided value is not a valid URL')) ->add('url', 'isValidUrl', [
'rule' => 'isValidUrl',
'message' => __('The provided value is not a valid URL'),
'provider' => 'table'
])
->naturalNumber('organisation_id', false); ->naturalNumber('organisation_id', false);
} }
@ -69,7 +74,14 @@ class BroodsTable extends AppTable
{ {
$brood = $this->find()->where(['id' => $id])->first(); $brood = $this->find()->where(['id' => $id])->first();
$start = microtime(true); $start = microtime(true);
$response = $this->HTTPClientGET('/instance/status.json', $brood); try {
$response = $this->HTTPClientGET('/instance/status.json', $brood);
} catch (NetworkException $e) {
return [
'error' => __('Could not query status'),
'reason' => $e->getMessage(),
];
}
$ping = ((int)(100 * (microtime(true) - $start))); $ping = ((int)(100 * (microtime(true) - $start)));
$errors = [ $errors = [
403 => [ 403 => [

View File

@ -62,8 +62,11 @@ class InboxTable extends AppTable
$this->Broods = \Cake\ORM\TableRegistry::getTableLocator()->get('Broods'); $this->Broods = \Cake\ORM\TableRegistry::getTableLocator()->get('Broods');
$this->Individuals = \Cake\ORM\TableRegistry::getTableLocator()->get('Individuals'); $this->Individuals = \Cake\ORM\TableRegistry::getTableLocator()->get('Individuals');
$errors = []; $errors = [];
$originUrl = trim($entryData['origin'], '/');
$brood = $this->Broods->find() $brood = $this->Broods->find()
->where(['url' => $entryData['origin']]) ->where([
'url IN' => [$originUrl, "{$originUrl}/"]
])
->first(); ->first();
if (empty($brood)) { if (empty($brood)) {
$errors[] = __('Unkown brood `{0}`', $entryData['data']['cerebrateURL']); $errors[] = __('Unkown brood `{0}`', $entryData['data']['cerebrateURL']);

View File

@ -66,6 +66,7 @@ class IndividualsTable extends AppTable
$this->patchEntity($existingIndividual, $individual); $this->patchEntity($existingIndividual, $individual);
$entityToSave = $existingIndividual; $entityToSave = $existingIndividual;
} }
$entityToSave->setDirty('modified', false);
$savedEntity = $this->save($entityToSave, ['associated' => false]); $savedEntity = $this->save($entityToSave, ['associated' => false]);
if (!$savedEntity) { if (!$savedEntity) {
return null; return null;

View File

@ -71,6 +71,7 @@ class OrganisationsTable extends AppTable
$this->patchEntity($existingOrg, $org); $this->patchEntity($existingOrg, $org);
$entityToSave = $existingOrg; $entityToSave = $existingOrg;
} }
$entityToSave->setDirty('modified', false);
$savedEntity = $this->save($entityToSave, ['associated' => false]); $savedEntity = $this->save($entityToSave, ['associated' => false]);
if (!$savedEntity) { if (!$savedEntity) {
return null; return null;

View File

@ -66,6 +66,7 @@ class SharingGroupsTable extends AppTable
$this->patchEntity($existingSG, $input); $this->patchEntity($existingSG, $input);
$entityToSave = $existingSG; $entityToSave = $existingSG;
} }
$entityToSave->setDirty('modified', false);
$savedEntity = $this->save($entityToSave, ['associated' => false]); $savedEntity = $this->save($entityToSave, ['associated' => false]);
if (!$savedEntity) { if (!$savedEntity) {
return null; return null;

View File

@ -1,4 +1,4 @@
{ {
"version": "0.1", "version": "1.3",
"application": "Cerebrate" "application": "Cerebrate"
} }

View File

@ -52,7 +52,8 @@ echo $this->element('genericElements/IndexTable/index_table', [
'name' => __('Changed'), 'name' => __('Changed'),
'sort' => 'changed', 'sort' => 'changed',
'data_path' => 'changed', 'data_path' => 'changed',
'element' => 'json' 'element' => 'json',
'class' => 'text-break'
], ],
], ],
'title' => __('Logs'), 'title' => __('Logs'),

View File

@ -1,4 +1,3 @@
<?php <?php
echo $this->element('genericElements/IndexTable/index_table', $data); echo $this->element('genericElements/IndexTable/index_table', $data);
echo '</div>';
?> ?>

View File

@ -29,4 +29,3 @@
] ]
]); ]);
?> ?>
</div>

View File

@ -102,12 +102,48 @@ echo $this->element('genericElements/IndexTable/index_table', [
[ [
'open_modal' => '/users/edit/[onclick_params_data_path]', 'open_modal' => '/users/edit/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'edit' 'icon' => 'edit',
'complex_requirement' => [
'options' => [
'datapath' => [
'role_id' => 'role_id'
]
],
'function' => function ($row, $options) use ($loggedUser, $validRoles) {
if (empty($loggedUser['role']['perm_admin'])) {
if (empty($loggedUser['role']['perm_org_admin'])) {
return false;
}
if (!isset($validRoles[$options['datapath']['role_id']])) {
return false;
}
}
return true;
}
]
], ],
[ [
'open_modal' => '/users/delete/[onclick_params_data_path]', 'open_modal' => '/users/delete/[onclick_params_data_path]',
'modal_params_data_path' => 'id', 'modal_params_data_path' => 'id',
'icon' => 'trash' 'icon' => 'trash',
'complex_requirement' => [
'options' => [
'datapath' => [
'role_id' => 'role_id'
]
],
'function' => function ($row, $options) use ($loggedUser, $validRoles) {
if (empty($loggedUser['role']['perm_admin'])) {
if (empty($loggedUser['role']['perm_org_admin'])) {
return false;
}
if (!isset($validRoles[$options['datapath']['role_id']])) {
return false;
}
}
return true;
}
]
], ],
] ]
] ]

View File

@ -10,10 +10,12 @@ foreach ($settingsProvider as $settingTitle => $settingContent) {
]); ]);
} }
$navLinks[] = __('Bookmarks'); if (empty($editingAnotherUser)) {
$tabContents[] = $this->element('UserSettings/saved-bookmarks', [ $navLinks[] = __('Bookmarks');
'bookmarks' => !empty($user->user_settings_by_name['ui.bookmarks']['value']) ? json_decode($user->user_settings_by_name['ui.bookmarks']['value'], true) : [] $tabContents[] = $this->element('UserSettings/saved-bookmarks', [
]); 'bookmarks' => !empty($user->user_settings_by_name['ui.bookmarks']['value']) ? json_decode($user->user_settings_by_name['ui.bookmarks']['value'], true) : []
]);
}
$tabsOptions = [ $tabsOptions = [
'vertical' => true, 'vertical' => true,
@ -29,11 +31,15 @@ $tabsOptions = [
]; ];
$tabs = $this->Bootstrap->tabs($tabsOptions); $tabs = $this->Bootstrap->tabs($tabsOptions);
echo $this->Html->script('settings'); echo $this->Html->script('settings');
$saveUrl = '/userSettings/saveSetting';
if(!empty($editingAnotherUser)) {
$saveUrl .= '/' . h($user->id);
}
?> ?>
<script> <script>
window.settingsFlattened = <?= json_encode($settingsFlattened) ?>; window.settingsFlattened = <?= json_encode($settingsFlattened) ?>;
window.saveSettingURL = '/userSettings/saveSetting' window.saveSettingURL = '<?= $saveUrl ?>'
</script> </script>
<h2 class="fw-light"><?= __('Account settings') ?></h2> <h2 class="fw-light"><?= __('Account settings') ?></h2>
@ -43,7 +49,17 @@ echo $this->Html->script('settings');
<span class="fw-bold font-monospace me-2 fs-5"><?= h($user->username) ?></span> <span class="fw-bold font-monospace me-2 fs-5"><?= h($user->username) ?></span>
<span><?= h($user->individual->full_name) ?></span> <span><?= h($user->individual->full_name) ?></span>
</div> </div>
<div class="fw-light"><?= __('Your personnal account') ?></div> <?php if (!empty($editingAnotherUser)): ?>
<?=
$this->Bootstrap->alert([
'text' => __('Currently editing the account setting of another user.'),
'variant' => 'warning',
'dismissible' => false
])
?>
<?php else: ?>
<div class="fw-light"><?= __('Your personnal account') ?></div>
<?php endif; ?>
</div> </div>
<div class="mt-2"> <div class="mt-2">
<?= $tabs ?> <?= $tabs ?>

View File

@ -57,6 +57,6 @@ $mainPanelHeight = 'calc(100vh - 42px - 1rem - 56px - 38px - 1rem)';
</div> </div>
<?php else: ?> <?php else: ?>
<div> <div>
<?= $contentHtml ?> <?= !empty($contentHtml) ? $contentHtml : sprintf('<p class="text-center mt-3">%s</p>', __('No settings available for this category')) ?>
</div> </div>
<?php endif; ?> <?php endif; ?>

View File

@ -1,6 +1,6 @@
<?php <?php
$tagsHtml = $this->Tag->tags($entity['tags'], [ $tagsHtml = $this->Tag->tags($entity['tags'], [
'allTags' => [], 'allTags' => $allTags ?? [],
'picker' => true, 'picker' => true,
'editable' => true, 'editable' => true,
]); ]);

View File

@ -55,8 +55,10 @@ function attachTestConnectionResultHtml(result, $container) {
$testResultDiv.append(getKVHtml('Internal error', result, ['text-danger fw-bold'])) $testResultDiv.append(getKVHtml('Internal error', result, ['text-danger fw-bold']))
} else { } else {
if (result['error']) { if (result['error']) {
if (result['ping']) {
$testResultDiv.append('Status', 'OK', ['text-danger'], `${result['ping']} ms`);
}
$testResultDiv.append( $testResultDiv.append(
getKVHtml('Status', 'OK', ['text-danger'], `${result['ping']} ms`),
getKVHtml('Status', `Error: ${result['error']}`, ['text-danger']), getKVHtml('Status', `Error: ${result['error']}`, ['text-danger']),
getKVHtml('Reason', result['reason'], ['text-danger']) getKVHtml('Reason', result['reason'], ['text-danger'])
) )
@ -165,7 +167,7 @@ function saveSetting(statusNode, settingName, settingValue) {
} }
function openSaveBookmarkModal(bookmark_url = '') { function openSaveBookmarkModal(bookmark_url = '') {
const url = '/user-settings/saveBookmark'; const url = '/user-settings/saveMyBookmark';
UI.submissionModal(url).then(([modalFactory, ajaxApi]) => { UI.submissionModal(url).then(([modalFactory, ajaxApi]) => {
const $input = modalFactory.$modal.find('input[name="bookmark_url"]') const $input = modalFactory.$modal.find('input[name="bookmark_url"]')
$input.val(bookmark_url) $input.val(bookmark_url)
@ -173,7 +175,7 @@ function openSaveBookmarkModal(bookmark_url = '') {
} }
function deleteBookmark(bookmark, forSidebar=false) { function deleteBookmark(bookmark, forSidebar=false) {
const url = '/user-settings/deleteBookmark' const url = '/user-settings/deleteMyBookmark'
AJAXApi.quickFetchAndPostForm(url, { AJAXApi.quickFetchAndPostForm(url, {
bookmark_name: bookmark.name, bookmark_name: bookmark.name,
bookmark_url: bookmark.url, bookmark_url: bookmark.url,
@ -181,7 +183,7 @@ function deleteBookmark(bookmark, forSidebar=false) {
provideFeedback: true, provideFeedback: true,
statusNode: $('.bookmark-table-container'), statusNode: $('.bookmark-table-container'),
}).then((apiResult) => { }).then((apiResult) => {
const url = `/userSettings/getBookmarks/${forSidebar ? '1' : '0'}` const url = `/userSettings/getMyBookmarks/${forSidebar ? '1' : '0'}`
UI.reload(url, $('.bookmark-table-container').parent()) UI.reload(url, $('.bookmark-table-container').parent())
const theToast = UI.toast({ const theToast = UI.toast({
variant: 'success', variant: 'success',
@ -189,7 +191,7 @@ function deleteBookmark(bookmark, forSidebar=false) {
bodyHtml: $('<div/>').append( bodyHtml: $('<div/>').append(
$('<span/>').text('Cancel deletion operation.'), $('<span/>').text('Cancel deletion operation.'),
$('<button/>').addClass(['btn', 'btn-primary', 'btn-sm', 'ms-3']).text('Restore bookmark').click(function () { $('<button/>').addClass(['btn', 'btn-primary', 'btn-sm', 'ms-3']).text('Restore bookmark').click(function () {
const urlRestore = '/user-settings/saveBookmark' const urlRestore = '/user-settings/saveMyBookmark'
AJAXApi.quickFetchAndPostForm(urlRestore, { AJAXApi.quickFetchAndPostForm(urlRestore, {
bookmark_label: bookmark.label, bookmark_label: bookmark.label,
bookmark_name: bookmark.name, bookmark_name: bookmark.name,
@ -198,7 +200,7 @@ function deleteBookmark(bookmark, forSidebar=false) {
provideFeedback: true, provideFeedback: true,
statusNode: $('.bookmark-table-container') statusNode: $('.bookmark-table-container')
}).then(() => { }).then(() => {
const url = `/userSettings/getBookmarks/${forSidebar ? '1' : '0'}` const url = `/userSettings/getMyBookmarks/${forSidebar ? '1' : '0'}`
UI.reload(url, $('.bookmark-table-container').parent()) UI.reload(url, $('.bookmark-table-container').parent())
}) })
}), }),
@ -295,7 +297,7 @@ $(document).ready(() => {
$sidebar.addClass('expanded') $sidebar.addClass('expanded')
} }
const settingName = 'ui.sidebar.expanded'; const settingName = 'ui.sidebar.expanded';
const url = `/user-settings/setSetting/${settingName}` const url = `/user-settings/setMySetting/${settingName}`
AJAXApi.quickFetchAndPostForm(url, { AJAXApi.quickFetchAndPostForm(url, {
value: expanded ? 0 : 1 value: expanded ? 0 : 1
}, { provideFeedback: false}) }, { provideFeedback: false})

View File

@ -1,7 +1,7 @@
// function saveHiddenColumns(table_setting_id, newTableSettings) { // function saveHiddenColumns(table_setting_id, newTableSettings) {
function mergeAndSaveSettings(table_setting_id, newTableSettings) { function mergeAndSaveSettings(table_setting_id, newTableSettings) {
const settingName = 'ui.table_setting' const settingName = 'ui.table_setting'
const urlGet = `/user-settings/getSettingByName/${settingName}` const urlGet = `/user-settings/getMySettingByName/${settingName}`
AJAXApi.quickFetchJSON(urlGet).then(tableSettings => { AJAXApi.quickFetchJSON(urlGet).then(tableSettings => {
tableSettings = JSON.parse(tableSettings.value) tableSettings = JSON.parse(tableSettings.value)
newTableSettings = mergeNewTableSettingsIntoOld(table_setting_id, tableSettings, newTableSettings) newTableSettings = mergeNewTableSettingsIntoOld(table_setting_id, tableSettings, newTableSettings)
@ -19,7 +19,7 @@ function mergeNewTableSettingsIntoOld(table_setting_id, oldTableSettings, newTab
} }
function saveTableSetting(settingName, newTableSettings) { function saveTableSetting(settingName, newTableSettings) {
const urlSet = `/user-settings/setSetting/${settingName}` const urlSet = `/user-settings/setMySetting/${settingName}`
AJAXApi.quickFetchAndPostForm(urlSet, { AJAXApi.quickFetchAndPostForm(urlSet, {
value: JSON.stringify(newTableSettings) value: JSON.stringify(newTableSettings)
}, { }, {