diff --git a/lib/Controller/User.php b/lib/Controller/User.php index b25f96a2d4..a1a2353b0e 100644 --- a/lib/Controller/User.php +++ b/lib/Controller/User.php @@ -1886,7 +1886,12 @@ public function permissions(Request $request, Response $response, $entity, $id) throw new AccessDeniedException(__('This object is not shared with you with edit permission')); } + if ($object->permissionsClass() === 'Xibo\Entity\Folder' && $object->getId() === 1) { + throw new InvalidArgumentException(__('You cannot share the root folder'), 'id'); + } + $sanitizedParams = $this->getSanitizer($request->getParams()); + // Get all current permissions $permissions = $this->permissionFactory->getAllByObjectId($this->getUser(), $object->permissionsClass(), $id); @@ -2045,7 +2050,7 @@ private function parsePermissionsEntity($entity, $objectId) /** * Updates a set of permissions from a set of groupIds - * @param array[Permission] $permissions + * @param Permission[] $permissions * @param array $groupIds */ private function updatePermissions($permissions, $groupIds) @@ -2054,8 +2059,6 @@ private function updatePermissions($permissions, $groupIds) // List of groupIds with view, edit and del assignments foreach ($permissions as $row) { - /* @var \Xibo\Entity\Permission $row */ - // Check and see what permissions we have been provided for this selection // If all permissions are 0, then the record is deleted if (is_array($groupIds)) { diff --git a/lib/Middleware/Actions.php b/lib/Middleware/Actions.php index 182fdecf4b..425701d5e6 100644 --- a/lib/Middleware/Actions.php +++ b/lib/Middleware/Actions.php @@ -28,6 +28,7 @@ use Psr\Http\Server\RequestHandlerInterface as RequestHandler; use Slim\App as App; use Slim\Routing\RouteContext; +use Xibo\Entity\User; use Xibo\Entity\UserNotification; use Xibo\Factory\UserNotificationFactory; use Xibo\Helper\Environment; @@ -59,8 +60,16 @@ public function process(Request $request, RequestHandler $handler): Response $resource = $route->getPattern(); $routeParser = $app->getRouteCollector()->getRouteParser(); - // Process Actions - if (!Environment::migrationPending() && $container->get('configService')->getSetting('DEFAULTS_IMPORTED') == 0) { + // Do we have a user set? + /** @var User $user */ + $user = $container->get('user'); + + // Import the default layout, if we're a super admin (and we're logged in) + // TODO: consider if we can remove this entirely in v4. + if (!Environment::migrationPending() + && $container->get('configService')->getSetting('DEFAULTS_IMPORTED') == 0 + && $user->isSuperAdmin() + ) { $folder = $container->get('configService')->uri('layouts', true); foreach (array_diff(scandir($folder), array('..', '.')) as $file) { @@ -70,7 +79,7 @@ public function process(Request $request, RequestHandler $handler): Response $layout = $container->get('layoutFactory')->createFromZip( $folder . '/' . $file, null, - $container->get('userFactory')->getSystemUser()->getId(), + $user->getId(), false, false, true, @@ -113,9 +122,9 @@ public function process(Request $request, RequestHandler $handler): Response // Only process notifications if we are a full request if (!$this->isAjax($request)) { - if ($container->get('user')->userId != null + if ($user->userId != null && $container->get('session')->isExpired() == 0 - && $container->get('user')->featureEnabled('drawer') + && $user->featureEnabled('drawer') ) { // Notifications $notifications = []; @@ -130,7 +139,7 @@ public function process(Request $request, RequestHandler $handler): Response $extraNotifications++; } else { // We're not in DEV mode and therefore install/index.php shouldn't be there. - if ($container->get('user')->userTypeId == 1 && file_exists(PROJECT_ROOT . '/web/install/index.php')) { + if ($user->userTypeId == 1 && file_exists(PROJECT_ROOT . '/web/install/index.php')) { $container->get('logger')->notice('Install.php exists and shouldn\'t'); $notifications[] = $factory->create(__('There is a problem with this installation. "install.php" should be deleted.')); @@ -170,7 +179,7 @@ public function process(Request $request, RequestHandler $handler): Response } } - if (!$this->isAjax($request) && $container->get('user')->isPasswordChangeRequired == 1 && $resource != '/user/page/password') { + if (!$this->isAjax($request) && $user->isPasswordChangeRequired == 1 && $resource != '/user/page/password') { return $handler->handle($request)->withHeader('Location', $routeParser->urlFor('user.force.change.password.page')); } diff --git a/views/user-page.twig b/views/user-page.twig index 04c962cfd3..ad87adebe8 100644 --- a/views/user-page.twig +++ b/views/user-page.twig @@ -344,6 +344,15 @@ {% if currentUser.featureEnabled("folder.view") %} // Submit the folder ownerships var selected = $(dialog).find("#container-form-folder-tree").jstree("get_selected"); + + // jsTree selects the root folder if all child folders are selected, we need to + // remove that. + var rootIndex = selected.indexOf('1'); + if (rootIndex > -1) { + selected.splice(rootIndex, 1); + } + + // View/edit for our group var groupIds = {}; groupIds[xhr.data.groupId] = { "view": 1,