From 4358d855ef1a7c5759b0157d0d0ec40d05d877da Mon Sep 17 00:00:00 2001 From: Dennis Eichhorn Date: Fri, 11 Oct 2024 19:17:39 +0000 Subject: [PATCH] bug fixes --- Admin/Installer.php | 2 +- Admin/Routes/Web/Api.php | 24 ++++++++++- Controller/ApiController.php | 38 +++++++++------- Controller/BackendController.php | 4 +- .../Components/AddressEditor/AddressView.php | 7 ++- .../AddressEditor/addresses.tpl.php | 4 +- .../Components/ContactEditor/ContactView.php | 7 ++- .../Components/ContactEditor/contacts.tpl.php | 4 +- Theme/Backend/accounts-view.tpl.php | 43 ++++++++++++++++--- Theme/Backend/groups-create.tpl.php | 1 + Theme/Backend/groups-view.tpl.php | 8 ++-- Theme/Backend/modules-info.tpl.php | 20 ++++++--- 12 files changed, 119 insertions(+), 43 deletions(-) diff --git a/Admin/Installer.php b/Admin/Installer.php index d90110b..fa48d4e 100755 --- a/Admin/Installer.php +++ b/Admin/Installer.php @@ -90,7 +90,7 @@ final class Installer extends InstallerAbstract (OperatingSystem::getSystem() === SystemType::WIN ? 'php.exe' : 'php' - ) . ' ' . __DIR__ . '/../../../../cli.php -v' + ) . ' ' . __DIR__ . '/../../../cli.php -v' ); $cmdResult = $cmdResult === null || $cmdResult === false ? '' : $cmdResult; diff --git a/Admin/Routes/Web/Api.php b/Admin/Routes/Web/Api.php index d097323..450f525 100755 --- a/Admin/Routes/Web/Api.php +++ b/Admin/Routes/Web/Api.php @@ -190,7 +190,7 @@ return [ ], ], ], - '^.*/admin/find/accgrp(\?.*$|$)' => [ + '^.*/admin/accgrp/find(\?.*$|$)' => [ [ 'dest' => '\Modules\Admin\Controller\ApiController:apiAccountGroupFind', 'verb' => RouteVerb::GET, @@ -290,6 +290,17 @@ return [ 'state' => PermissionCategory::MODULE, ], ], + [ + 'dest' => '\Modules\Admin\Controller\ApiController:apiDeleteAccountFromGroup', + 'verb' => RouteVerb::DELETE, + 'csrf' => true, + 'active' => true, + 'permission' => [ + 'module' => ApiController::NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionCategory::MODULE, + ], + ], ], '^.*/admin/account/group(\?.*$|$)' => [ [ @@ -303,6 +314,17 @@ return [ 'state' => PermissionCategory::MODULE, ], ], + [ + 'dest' => '\Modules\Admin\Controller\ApiController:apiDeleteGroupFromAccount', + 'verb' => RouteVerb::DELETE, + 'csrf' => true, + 'active' => true, + 'permission' => [ + 'module' => ApiController::NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionCategory::MODULE, + ], + ], ], '^.*/admin/group/permission(\?.*$|$)' => [ diff --git a/Controller/ApiController.php b/Controller/ApiController.php index e24229a..d9adc60 100755 --- a/Controller/ApiController.php +++ b/Controller/ApiController.php @@ -135,6 +135,7 @@ final class ApiController extends Controller ); if ($login > LoginReturnType::OK) { + $this->app->sessionManager->sessionStart(); $this->app->sessionManager->set('UID', $login, true); $response->set($request->uri->__toString(), new \phpOMS\Model\Message\Redirect()); } elseif ($login === LoginReturnType::NOT_ACTIVATED) { @@ -187,6 +188,7 @@ final class ApiController extends Controller { $response->header->set('Content-Type', MimeType::M_JSON . '; charset=utf-8', true); + $this->app->sessionManager->sessionStart(); $this->app->sessionManager->remove('UID'); $this->app->sessionManager->save(); @@ -839,7 +841,7 @@ final class ApiController extends Controller // request account is valid if ($requestAccount <= 0) { - $this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []); + $this->fillJsonResponse($request, $response, NotificationLevel::ERROR, '', 'Invalid account', []); $response->header->status = RequestStatusCode::R_403; return; @@ -854,7 +856,7 @@ final class ApiController extends Controller if ($account->login === null || AccountMapper::login($account->login, (string) $request->getData('oldpass')) !== $requestAccount ) { - $this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []); + $this->fillJsonResponse($request, $response, NotificationLevel::ERROR, '', 'Invalid old password', []); $response->header->status = RequestStatusCode::R_403; return; @@ -862,7 +864,7 @@ final class ApiController extends Controller // test password repetition if (((string) $request->getData('newpass')) !== ((string) $request->getData('reppass'))) { - $this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []); + $this->fillJsonResponse($request, $response, NotificationLevel::ERROR, '', 'Invalid password repetition', []); $response->header->status = RequestStatusCode::R_403; return; @@ -872,7 +874,7 @@ final class ApiController extends Controller /** @var \Model\Setting $complexity */ $complexity = $this->app->appSettings->get(names: SettingsEnum::PASSWORD_PATTERN, module: 'Admin'); if (\preg_match($complexity->content, (string) $request->getData('newpass')) !== 1) { - $this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []); + $this->fillJsonResponse($request, $response, NotificationLevel::ERROR, '', 'Invalid password complexity', []); $response->header->status = RequestStatusCode::R_403; return; @@ -1522,7 +1524,7 @@ final class ApiController extends Controller { /** @var \Modules\Admin\Models\Group[] $groups */ $groups = GroupMapper::getAll() - ->where('name', '%' . ($request->getDataString('search') ?? '') . '%', 'LIKE') + ->where('name', '%' . ($request->getDataString('group') ?? '') . '%', 'LIKE') ->limit($request->getDataInt('limit') ?? 50) ->executeGetArray(); @@ -1534,7 +1536,7 @@ final class ApiController extends Controller } /** - * Api method to get an accoung + * Api method to get an account * * @param RequestAbstract $request Request * @param ResponseAbstract $response Response @@ -2757,17 +2759,16 @@ final class ApiController extends Controller public function apiAddAccountPermission(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void { if (!empty($val = $this->validatePermissionCreate($request))) { - $response->header->status = RequestStatusCode::R_400; $this->createInvalidCreateResponse($request, $response, $val); + $response->header->status = RequestStatusCode::R_400; return; } $permission = $this->createPermissionFromRequest($request); - if (!($permission instanceof AccountPermission)) { - $response->data['permission_create'] = new FormValidation($val); - $response->header->status = RequestStatusCode::R_400; + // @todo Create a response text + $response->header->status = RequestStatusCode::R_400; return; } @@ -2969,7 +2970,7 @@ final class ApiController extends Controller } $account = (int) $request->getData('account'); - $groups = [$request->getDataInt('account-list') ?? 0]; + $groups = [$request->getDataInt('group') ?? 0]; // @todo Check if already in group @@ -2990,7 +2991,7 @@ final class ApiController extends Controller { $val = []; if (($val['account'] = !$request->hasData('account')) - || ($val['accountlist'] = !$request->hasData('account-list')) + || ($val['group'] = !$request->hasData('group')) ) { return $val; } @@ -3965,8 +3966,7 @@ final class ApiController extends Controller $hasLocationChange = ($request->getDataString('address') ?? $address->address) !== $address->address || ($request->getDataString('postal') ?? $address->postal) !== $address->postal || ($request->getDataString('city') ?? $address->city) !== $address->city - || ($request->getDataString('state') ?? $address->state) !== $address->state - || ($request->getDataString('country') ?? $address->country) !== $address->country; + || ($request->getDataString('state') ?? $address->state) !== $address->state; $address->name = $request->getDataString('name') ?? $address->name; $address->fao = $request->getDataString('fao') ?? $address->fao; @@ -3975,7 +3975,10 @@ final class ApiController extends Controller $address->postal = $request->getDataString('postal') ?? $address->postal; $address->city = $request->getDataString('city') ?? $address->city; $address->state = $request->getDataString('state') ?? $address->state; - $address->setCountry($request->getDataString('country') ?? $address->country); + + if (ISO3166TwoEnum::isValidValue($request->getDataString('country') ?? ISO3166TwoEnum::_XXX)) { + $address->setCountry($request->getDataString('country') ?? $address->country); + } if ($hasLocationChange) { $geocoding = Nominatim::geocoding($address->country, $address->city, $address->address); @@ -4067,7 +4070,10 @@ final class ApiController extends Controller $address->postal = $request->getDataString('postal') ?? ''; $address->city = $request->getDataString('city') ?? ''; $address->state = $request->getDataString('state') ?? ''; - $address->setCountry($request->getDataString('country') ?? ISO3166TwoEnum::_XXX); + + if (ISO3166TwoEnum::isValidValue($request->getDataString('country') ?? ISO3166TwoEnum::_XXX)) { + $address->setCountry($request->getDataString('country') ?? ISO3166TwoEnum::_XXX); + } $geocoding = Nominatim::geocoding($address->country, $address->city, $address->address); if ($geocoding === ['lat' => 0.0, 'lon' => 0.0]) { diff --git a/Controller/BackendController.php b/Controller/BackendController.php index f575ba5..9f4ca0d 100755 --- a/Controller/BackendController.php +++ b/Controller/BackendController.php @@ -255,7 +255,9 @@ final class BackendController extends Controller $pageLimit = 25; $view->data['pageLimit'] = $pageLimit; - $mapper = AuditMapper::getAll()->with('createdBy'); + $mapper = AuditMapper::getAll() + ->with('createdBy') + ->where('createdBy', $request->getDataInt('id')); /** @var \Modules\Auditor\Models\Audit[] $list */ $list = AuditMapper::find( diff --git a/Theme/Backend/Components/AddressEditor/AddressView.php b/Theme/Backend/Components/AddressEditor/AddressView.php index ac7cbb8..f0ff811 100644 --- a/Theme/Backend/Components/AddressEditor/AddressView.php +++ b/Theme/Backend/Components/AddressEditor/AddressView.php @@ -60,7 +60,7 @@ class AddressView extends View * @var string * @since 1.0.0 */ - public string $name = ''; + public string $refName = 'account'; /** * API Uri for attribute actions @@ -68,7 +68,7 @@ class AddressView extends View * @var string * @since 1.0.0 */ - public string $apiUri = ''; + public string $endpoint = '{/api}account/address?csrf={$CSRF}'; /** * Reference id @@ -96,6 +96,9 @@ class AddressView extends View $this->form = $data[0]; $this->virtualPath = $data[1] ?? $this->virtualPath; $this->addresses = $data[2] ?? $this->addresses; + $this->refName = $data[3] ?? $this->refName; + $this->refId = $data[4] ?? $this->refId; + $this->endpoint = $data[5] ?? $this->endpoint; return parent::render(); } diff --git a/Theme/Backend/Components/AddressEditor/addresses.tpl.php b/Theme/Backend/Components/AddressEditor/addresses.tpl.php index 6a2f8f4..322d596 100644 --- a/Theme/Backend/Components/AddressEditor/addresses.tpl.php +++ b/Theme/Backend/Components/AddressEditor/addresses.tpl.php @@ -24,13 +24,13 @@ $types = AddressType::getConstants();
-
getHtml('Address', 'Admin', 'Backend'); ?>
- +
diff --git a/Theme/Backend/Components/ContactEditor/ContactView.php b/Theme/Backend/Components/ContactEditor/ContactView.php index aa56088..5c3cede 100644 --- a/Theme/Backend/Components/ContactEditor/ContactView.php +++ b/Theme/Backend/Components/ContactEditor/ContactView.php @@ -60,7 +60,7 @@ class ContactView extends View * @var string * @since 1.0.0 */ - public string $name = ''; + public string $refName = 'account'; /** * API Uri for attribute actions @@ -68,7 +68,7 @@ class ContactView extends View * @var string * @since 1.0.0 */ - public string $apiUri = ''; + public string $endpoint = '{/api}account/contact?csrf={$CSRF}'; /** * Reference id @@ -96,6 +96,9 @@ class ContactView extends View $this->form = $data[0]; $this->virtualPath = $data[1] ?? $this->virtualPath; $this->contacts = $data[2] ?? $this->contacts; + $this->refName = $data[3] ?? $this->refName; + $this->refId = $data[4] ?? $this->refId; + $this->endpoint = $data[5] ?? $this->endpoint; return parent::render(); } diff --git a/Theme/Backend/Components/ContactEditor/contacts.tpl.php b/Theme/Backend/Components/ContactEditor/contacts.tpl.php index 0799176..46cf55a 100644 --- a/Theme/Backend/Components/ContactEditor/contacts.tpl.php +++ b/Theme/Backend/Components/ContactEditor/contacts.tpl.php @@ -26,13 +26,13 @@ $subtypes = AddressType::getConstants();
-
getHtml('Contact', 'Admin', 'Backend'); ?>
- +
diff --git a/Theme/Backend/accounts-view.tpl.php b/Theme/Backend/accounts-view.tpl.php index 03717c4..4ced29f 100644 --- a/Theme/Backend/accounts-view.tpl.php +++ b/Theme/Backend/accounts-view.tpl.php @@ -163,7 +163,11 @@ echo $this->data['nav']->render(); ?>
- +
getHtml('Groups'); ?>
@@ -171,7 +175,7 @@ echo $this->data['nav']->render(); ?>
data['nav']->render(); ?>
getHtml('Groups'); ?>download
- +
+ getGroups(); @@ -209,7 +231,12 @@ echo $this->data['nav']->render(); ?> $url = UriFactory::build('{/base}/admin/group/view?{?}&id=' . $value->id); ?> -
getHtml('ID', '0', '0'); ?>expand_lessexpand_more getHtml('Name'); ?>expand_lessexpand_more
close + + + + + + id; ?> printHtml($value->name); ?> @@ -237,7 +264,8 @@ echo $this->data['nav']->render(); ?>
- + +
@@ -332,7 +360,7 @@ echo $this->data['nav']->render(); ?>
- + @@ -350,7 +378,8 @@ echo $this->data['nav']->render(); ?> data-tag="form" data-ui-element="tr" data-add-tpl=".oms-add-tpl-permission" - data-update-form="permissionForm"> + data-update-form="permissionForm" + data-delete-form="permissionForm">
diff --git a/Theme/Backend/groups-create.tpl.php b/Theme/Backend/groups-create.tpl.php index 5ce31db..7d49f45 100755 --- a/Theme/Backend/groups-create.tpl.php +++ b/Theme/Backend/groups-create.tpl.php @@ -24,6 +24,7 @@ echo $this->data['nav']->render(); ?>
getHtml('Group'); ?>
diff --git a/Theme/Backend/groups-view.tpl.php b/Theme/Backend/groups-view.tpl.php index c11d32c..3b2bdca 100644 --- a/Theme/Backend/groups-view.tpl.php +++ b/Theme/Backend/groups-view.tpl.php @@ -125,7 +125,7 @@ echo $this->data['nav']->render(); ?> data-tag="form" data-ui-element="tr" data-add-tpl=".oms-add-tpl-account" - data-delete-form="accountForm"> + data-delete-form="iAddAccountToGroup">
@@ -184,7 +184,8 @@ echo $this->data['nav']->render(); ?>
- + +
@@ -290,7 +291,8 @@ echo $this->data['nav']->render(); ?> data-tag="form" data-ui-element="tr" data-add-tpl=".oms-add-tpl-permission" - data-update-form="permissionForm"> + data-update-form="permissionForm" + data-delete-form="permissionForm">
diff --git a/Theme/Backend/modules-info.tpl.php b/Theme/Backend/modules-info.tpl.php index 6e398ec..a2ed5ea 100755 --- a/Theme/Backend/modules-info.tpl.php +++ b/Theme/Backend/modules-info.tpl.php @@ -57,18 +57,21 @@ if (isset($installed[$id])) {
- +
-
+
-
+
@@ -76,12 +79,17 @@ if (isset($installed[$id])) {
-
- + +
-
+