Merge branch 'release/2023.42' into release/2023.39

ushahidi · Oct 25, 2023 · 16701c7 · 16701c7
2 parents 8eb64b3 + 86baacf
commit 16701c7
Show file tree

Hide file tree

Showing 29 changed files with 461 additions and 338 deletions.
diff --git a/database/migrations/phinx/20231016120259_add_user_id_to_tags_table.php b/database/migrations/phinx/20231016120259_add_user_id_to_tags_table.php
@@ -0,0 +1,41 @@
+<?php
+
+use Phinx\Migration\AbstractMigration;
+
+class AddUserIdToTagsTable extends AbstractMigration
+{
+    /**
+     * Change Method.
+     *
+     * Write your reversible migrations using this method.
+     *
+     * More information on writing migrations is available here:
+     * https://book.cakephp.org/phinx/0/en/migrations.html
+     *
+     * The following commands can be used in this method and Phinx will
+     * automatically reverse them when rolling back:
+     *
+     *    createTable
+     *    renameTable
+     *    addColumn
+     *    addCustomColumn
+     *    renameColumn
+     *    addIndex
+     *    addForeignKey
+     *
+     * Any other destructive changes will result in an error when trying to
+     * rollback the migration.
+     *
+     * Remember to call "create()" or "update()" and NOT "save()" when working
+     * with the Table class.
+     */
+    public function change()
+    {
+        $this->table('tags')
+            ->addColumn('user_id', 'integer', [
+                'after' => 'parent_id',
+                'null' => true,
+            ])
+            ->update();
+    }
+}
diff --git a/src/Ushahidi/Core/Concerns/FilterRecords.php b/src/Ushahidi/Core/Concerns/FilterRecords.php
@@ -31,7 +31,7 @@ trait FilterRecords
      *         'orderby' => 'username',
      *     ]);
      *
-     * @param  Array $filters
+     * @param  array $filters
      * @return $this
      */
     public function setFilters(array $filters)
@@ -45,8 +45,8 @@ public function setFilters(array $filters)
      *
      *     $this->setFilter('role', 'admin');
      *
-     * @param  String $name
-     * @param  Mixed  $value
+     * @param  string $name
+     * @param  mixed  $value
      * @return $this
      */
     public function setFilter($name, $value)
@@ -64,9 +64,9 @@ public function setFilter($name, $value)
      *
      * NOTE: Defaults cannot be provided when using this method!
      *
-     * @param  Array $allowed  allowed parameters
-     * @param  Array $force    force all parameters to be defined
-     * @return Array
+     * @param  array $allowed  allowed parameters
+     * @param  array $force    force all parameters to be defined
+     * @return array
      */
     public function getFilters(array $allowed, $force = false)
     {

diff --git a/src/Ushahidi/Core/Concerns/OwnerAccess.php b/src/Ushahidi/Core/Concerns/OwnerAccess.php
@@ -25,7 +25,7 @@ trait OwnerAccess
      *
      * @return boolean
      */
-    protected function isUserOwner(Entity $ownable, Entity $user)
+    public function isUserOwner(Entity $ownable, Entity $user)
     {
         // @todo ensure we always check the original user_id not the updated value!
         return ($user->getId() && $ownable->user_id === $user->getId());
@@ -36,7 +36,7 @@ protected function isUserOwner(Entity $ownable, Entity $user)
      *
      * @return boolean
      */
-    protected function isUserAndOwnerAnonymous(Entity $ownable, Entity $user)
+    public function isUserAndOwnerAnonymous(Entity $ownable, Entity $user)
     {
         // @todo ensure we always check the original user_id not the updated value!
         return (! $user->getId() && ! $ownable->user_id);

diff --git a/src/Ushahidi/Core/Concerns/PrivAccess.php b/src/Ushahidi/Core/Concerns/PrivAccess.php
@@ -20,7 +20,8 @@ trait PrivAccess
     /**
      * Get a list of all possible privilges.
      * By default, returns standard HTTP REST methods.
-     * @return Array
+     *
+     * @return array
      */
     protected function getAllPrivs()
     {

diff --git a/src/Ushahidi/Core/Tool/Acl.php b/src/Ushahidi/Core/Tool/Acl.php
@@ -57,10 +57,14 @@ public function hasPermission(Entity $user, $permission)
     protected function customRoleHasPermission(Entity $user, $permission)
     {
         $role = $this->role_repo->getByName($user->role);
-        $permissions = array_map('strtolower', $role->permissions);
-
-        // Does the user have the permission?
-        return in_array(strtolower($permission), $permissions);
+        if (isset($role->permissions) && is_array($role->permissions)) {
+            $permissions = array_map('strtolower', $role->permissions);
+
+            // Does the user have the permission?
+            return in_array(strtolower($permission), $permissions);
+        }
+
+        return false;
     }
 
     protected function defaultHasPermission(Entity $user, $permission)

diff --git a/src/Ushahidi/Core/Tool/Authorizer/SetAuthorizer.php b/src/Ushahidi/Core/Tool/Authorizer/SetAuthorizer.php
@@ -44,10 +44,10 @@ class SetAuthorizer implements Authorizer
     // if roles are available for this deployment.
     use AccessControlList;
 
-    protected function isVisibleToUser(Set $entity, $user)
+    protected function isVisibleToUser(Set $set, $user)
     {
-        if ($entity->role) {
-            return in_array($user->role, $entity->role);
+        if ($set->role) {
+            return in_array($user->role, $set->role);
         }
 
         // If no roles are selected, the Set is considered completely public.
@@ -57,6 +57,11 @@ protected function isVisibleToUser(Set $entity, $user)
     /* Authorizer */
     public function isAllowed(Entity $entity, $privilege)
     {
+        // Firstly, all users can search sets
+        if ($privilege === 'search') {
+            return true;
+        }
+
         // These checks are run within the user context.
         $user = $this->getUser();
 
@@ -65,27 +70,34 @@ public function isAllowed(Entity $entity, $privilege)
             return false;
         }
 
-        // First check whether there is a role with the right permissions
-        if ($this->acl->hasPermission($user, Permission::MANAGE_SETS)) {
+        // We check if a user has the 'admin' role. If they do they're
+        // allowed access to everything (all entities and all privileges)
+        $is_admin = $this->isUserAdmin($user);
+        if ($is_admin) {
             return true;
         }
 
-        // Then we check if a user has the 'admin' role. If they do they're
-        // allowed access to everything (all entities and all privileges)
-        if ($this->isUserAdmin($user)) {
+        // We check whether there is a role with the right permissions
+        if ($this->acl->hasPermission($user, Permission::MANAGE_SETS)) {
             return true;
         }
 
         // Non-admin users are not allowed to make sets featured
-        if (in_array($privilege, ['create', 'update']) and $entity->hasChanged('featured')) {
+        if (!$is_admin && $entity->hasChanged('featured') && in_array($privilege, ['create', 'update'])) {
             return false;
         }
 
+        $isUserOwner = $this->isUserOwner($entity, $user);
         // If the user is the owner of this set, they can do anything
-        if ($this->isUserOwner($entity, $user)) {
+        if ($isUserOwner) {
             return true;
         }
 
+        // TODO: We want to check if the set entity is available only to owner
+        // if (!$isUserOwner && $entity->view_options['only_me'] == true) {
+        //     return false;
+        // }
+
         // Check if the Set is only visible to specific roles.
         if ($this->isVisibleToUser($entity, $user) and $privilege === 'read') {
             return true;
@@ -96,11 +108,6 @@ public function isAllowed(Entity $entity, $privilege)
             return true;
         }
 
-        // Finally, all users can search sets
-        if ($privilege === 'search') {
-            return true;
-        }
-
         // If no other access checks succeed, we default to denying access
         return false;
     }

diff --git a/src/Ushahidi/DataSource/Email/Email.php b/src/Ushahidi/DataSource/Email/Email.php
@@ -159,9 +159,13 @@ public function fetch($limit = false)
         // Encryption type
         $encryption = (strcasecmp($encryption, 'none') != 0) ? '/'.$encryption : '';
 
+        // To connect to an SSL IMAP or POP3 server with a self-signed certificate,
+        // add /novalidate-cert after the encryption protocol specification:
+        $no_cert_validation = !empty($encryption) ? '/novalidate-cert' : '';
+
         try {
             // Try to connect
-            $inbox = '{'.$server.':'.$port.'/'.$type.$encryption.'}INBOX';
+            $inbox = '{'.$server.':'.$port.'/'.$type.$encryption.$no_cert_validation.'}INBOX';
             $connection = @imap_open($inbox, $username, $password, 0, 1);
 
             $errors = imap_errors();

diff --git a/src/Ushahidi/Modules/V5/Actions/Category/Handlers/FetchAllCategoriesQueryHandler.php b/src/Ushahidi/Modules/V5/Actions/Category/Handlers/FetchAllCategoriesQueryHandler.php
@@ -5,8 +5,10 @@
 use App\Bus\Action;
 use App\Bus\Query\AbstractQueryHandler;
 use App\Bus\Query\Query;
+use Ushahidi\Core\Tool\SearchData;
 use Ushahidi\Modules\V5\Actions\Category\Queries\FetchAllCategoriesQuery;
 use Ushahidi\Modules\V5\Repository\Category\CategoryRepository;
+use Illuminate\Support\Facades\Auth;
 
 class FetchAllCategoriesQueryHandler extends AbstractQueryHandler
 {
@@ -29,6 +31,24 @@ public function __invoke(Action $action)
          * @var FetchAllCategoriesQuery $action
          */
         $this->isSupported($action);
-        return $this->categoryRepository->fetchAll($action->getPaging(), $action->getCategorySearchFields());
+
+        $data = new SearchData;
+
+        $searchFields = $action->getCategorySearchFields();
+
+        $user = Auth::guard()->user();
+
+        $data->setFilter('keyword', $searchFields->q());
+
+        $data->setFilter('tag', $searchFields->tag());
+        $data->setFilter('type', $searchFields->type());
+        $data->setFilter('role', $searchFields->role());
+        $data->setFilter('user_id', $user->id ?? null);
+        $data->setFilter('parent_id', $searchFields->parentId());
+        $data->setFilter('is_parent', $searchFields->level() === 'parent');
+        $data->setFilter('is_admin', $searchFields->role() && $searchFields->role() == "admin");
+
+        $this->categoryRepository->setSearchParams($data);
+        return $this->categoryRepository->fetchAll($action->getPaging());
     }
 }
diff --git a/src/Ushahidi/Modules/V5/Actions/Category/Handlers/FetchCategoryByIdQueryHandler.php b/src/Ushahidi/Modules/V5/Actions/Category/Handlers/FetchCategoryByIdQueryHandler.php
@@ -6,9 +6,11 @@
 use App\Bus\Action;
 use App\Bus\Query\AbstractQueryHandler;
 use App\Bus\Query\Query;
+use Ushahidi\Core\Tool\SearchData;
 use Ushahidi\Modules\V5\Actions\Category\Queries\FetchCategoryByIdQuery;
 use Ushahidi\Modules\V5\Models\Category;
 use Ushahidi\Modules\V5\Repository\Category\CategoryRepository;
+use Illuminate\Support\Facades\Auth;
 
 class FetchCategoryByIdQueryHandler extends AbstractQueryHandler
 {

diff --git a/src/Ushahidi/Modules/V5/Actions/Category/Handlers/StoreCategoryCommandHandler.php b/src/Ushahidi/Modules/V5/Actions/Category/Handlers/StoreCategoryCommandHandler.php
@@ -8,6 +8,7 @@
 use Ushahidi\Modules\V5\Actions\Category\Commands\StoreCategoryCommand;
 use Ushahidi\Modules\V5\Models\Category;
 use Ushahidi\Modules\V5\Repository\Category\CategoryRepository;
+use Illuminate\Support\Facades\Auth;
 
 class StoreCategoryCommandHandler extends AbstractCommandHandler
 {
@@ -43,8 +44,11 @@ public function __invoke(Action $action): int
             $parentId = null;
         }
 
+        $user_id = Auth::guard()->user()->id ?? null;
+
         return $this->categoryRepository->store(
             $parentId,
+            $user_id,
             ucfirst($action->getTag()),
             $slug,
             $action->getType(),

diff --git a/src/Ushahidi/Modules/V5/Actions/Category/Handlers/UpdateCategoryCommandHandler.php b/src/Ushahidi/Modules/V5/Actions/Category/Handlers/UpdateCategoryCommandHandler.php
@@ -9,6 +9,7 @@
 use Ushahidi\Modules\V5\Models\Category;
 use Ushahidi\Modules\V5\Repository\Category\CategoryRepository;
 use Ushahidi\Modules\V5\Actions\Category\Commands\UpdateCategoryCommand;
+use Illuminate\Support\Facades\Auth;
 
 class UpdateCategoryCommandHandler extends AbstractCommandHandler
 {
@@ -31,9 +32,12 @@ public function __invoke(Action $action): Category
          */
         $this->isSupported($action);
 
+        $user_id = Auth::guard()->user()->id ?? null;
+
         $this->categoryRepository->update(
             $action->getCategoryId(),
             $action->getParentId(),
+            $user_id,
             $action->getTag(),
             $action->getSlug(),
             $action->getType(),

diff --git a/src/Ushahidi/Modules/V5/Actions/Collection/Handlers/CreateCollectionPostCommandHandler.php b/src/Ushahidi/Modules/V5/Actions/Collection/Handlers/CreateCollectionPostCommandHandler.php
@@ -34,6 +34,6 @@ protected function isSupported(Command $command)
     public function __invoke($action) //: int
     {
         $this->isSupported($action);
-        $this->collection_post_repository->Create($action->getCollectionId(), $action->getPostId());
+        $this->collection_post_repository->create($action->getCollectionId(), $action->getPostId());
     }
 }