Skip to content

Commit

Permalink
Merge pull request #1436 from dasgarner/release32
Browse files Browse the repository at this point in the history 
3.2.0 - testing fixes
  • Loading branch information
@dasgarner
dasgarner authored Sep 13, 2022
2 parents e32e5e7 + d18e180 commit ad1a597
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 10 deletions.
9 changes: 6 additions & 3 deletions lib/Controller/User.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1886,7 +1886,12 @@ public function permissions(Request $request, Response $response, $entity, $id)
throw new AccessDeniedException(__('This object is not shared with you with edit permission'));
}

if ($object->permissionsClass() === 'Xibo\Entity\Folder' && $object->getId() === 1) {
throw new InvalidArgumentException(__('You cannot share the root folder'), 'id');
}

$sanitizedParams = $this->getSanitizer($request->getParams());

// Get all current permissions
$permissions = $this->permissionFactory->getAllByObjectId($this->getUser(), $object->permissionsClass(), $id);

Expand Down Expand Up @@ -2045,7 +2050,7 @@ private function parsePermissionsEntity($entity, $objectId)

/**
* Updates a set of permissions from a set of groupIds
* @param array[Permission] $permissions
* @param Permission[] $permissions
* @param array $groupIds
*/
private function updatePermissions($permissions, $groupIds)
Expand All @@ -2054,8 +2059,6 @@ private function updatePermissions($permissions, $groupIds)

// List of groupIds with view, edit and del assignments
foreach ($permissions as $row) {
/* @var \Xibo\Entity\Permission $row */

// Check and see what permissions we have been provided for this selection
// If all permissions are 0, then the record is deleted
if (is_array($groupIds)) {
Expand Down
23 changes: 16 additions & 7 deletions lib/Middleware/Actions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Slim\App as App;
use Slim\Routing\RouteContext;
use Xibo\Entity\User;
use Xibo\Entity\UserNotification;
use Xibo\Factory\UserNotificationFactory;
use Xibo\Helper\Environment;
Expand Down Expand Up @@ -59,8 +60,16 @@ public function process(Request $request, RequestHandler $handler): Response
$resource = $route->getPattern();
$routeParser = $app->getRouteCollector()->getRouteParser();

// Process Actions
if (!Environment::migrationPending() && $container->get('configService')->getSetting('DEFAULTS_IMPORTED') == 0) {
// Do we have a user set?
/** @var User $user */
$user = $container->get('user');

// Import the default layout, if we're a super admin (and we're logged in)
// TODO: consider if we can remove this entirely in v4.
if (!Environment::migrationPending()
&& $container->get('configService')->getSetting('DEFAULTS_IMPORTED') == 0
&& $user->isSuperAdmin()
) {
$folder = $container->get('configService')->uri('layouts', true);

foreach (array_diff(scandir($folder), array('..', '.')) as $file) {
Expand All @@ -70,7 +79,7 @@ public function process(Request $request, RequestHandler $handler): Response
$layout = $container->get('layoutFactory')->createFromZip(
$folder . '/' . $file,
null,
$container->get('userFactory')->getSystemUser()->getId(),
$user->getId(),
false,
false,
true,
Expand Down Expand Up @@ -113,9 +122,9 @@ public function process(Request $request, RequestHandler $handler): Response

// Only process notifications if we are a full request
if (!$this->isAjax($request)) {
if ($container->get('user')->userId != null
if ($user->userId != null
&& $container->get('session')->isExpired() == 0
&& $container->get('user')->featureEnabled('drawer')
&& $user->featureEnabled('drawer')
) {
// Notifications
$notifications = [];
Expand All @@ -130,7 +139,7 @@ public function process(Request $request, RequestHandler $handler): Response
$extraNotifications++;
} else {
// We're not in DEV mode and therefore install/index.php shouldn't be there.
if ($container->get('user')->userTypeId == 1 && file_exists(PROJECT_ROOT . '/web/install/index.php')) {
if ($user->userTypeId == 1 && file_exists(PROJECT_ROOT . '/web/install/index.php')) {
$container->get('logger')->notice('Install.php exists and shouldn\'t');

$notifications[] = $factory->create(__('There is a problem with this installation. "install.php" should be deleted.'));
Expand Down Expand Up @@ -170,7 +179,7 @@ public function process(Request $request, RequestHandler $handler): Response
}
}

if (!$this->isAjax($request) && $container->get('user')->isPasswordChangeRequired == 1 && $resource != '/user/page/password') {
if (!$this->isAjax($request) && $user->isPasswordChangeRequired == 1 && $resource != '/user/page/password') {
return $handler->handle($request)->withHeader('Location', $routeParser->urlFor('user.force.change.password.page'));
}

Expand Down
9 changes: 9 additions & 0 deletions views/user-page.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,15 @@
{% if currentUser.featureEnabled("folder.view") %}
// Submit the folder ownerships
var selected = $(dialog).find("#container-form-folder-tree").jstree("get_selected");
// jsTree selects the root folder if all child folders are selected, we need to
// remove that.
var rootIndex = selected.indexOf('1');
if (rootIndex > -1) {
selected.splice(rootIndex, 1);
}
// View/edit for our group
var groupIds = {};
groupIds[xhr.data.groupId] = {
"view": 1,
Expand Down

0 comments on commit ad1a597

Please sign in to comment.