Skip to content

Commit

Permalink
Update #568 & #569
Browse files Browse the repository at this point in the history 
- Fixed permissions for dashboard.
  • Loading branch information
@oyeaussie
oyeaussie committed Aug 31, 2024
1 parent f5bf6f0 commit 6542d8a
Show file tree
Hide file tree
Showing 12 changed files with 118 additions and 46 deletions.
21 changes: 14 additions & 7 deletions apps/Core/Components/Dashboards/DashboardsComponent.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,9 @@ public function viewAction()
}
} else {
if (isset($this->getData()['id'])) {
$dashboardId = $this->getData()['id'];
if ($this->getData()['id'] != 0) {
$dashboardId = $this->getData()['id'];
}
} else {
if (is_string($this->app['settings'])) {
$this->app['settings'] = $this->helper->decode($this->app['settings'], true);
Expand All @@ -35,17 +37,22 @@ public function viewAction()
$dashboardId = $this->app['settings']['defaultDashboard'];
}
}
}

$dashboard = $this->basepackages->dashboards->getDashboardById($dashboardId, true, false);
if (isset($dashboardId)) {
$dashboard = $this->basepackages->dashboards->getDashboardById($dashboardId, true, false);

$this->view->setViewsDir($this->modules->views->getPhalconViewPath() . $this->getURI());

$this->view->setViewsDir($this->modules->views->getPhalconViewPath() . $this->getURI());
$this->view->dashboard = $dashboard;

$this->view->dashboard = $dashboard;
$this->view->dashboards = $this->basepackages->dashboards->dashboards;

$this->view->dashboards = $this->basepackages->dashboards->dashboards;
$this->view->widgetsTree = $this->basepackages->widgets->getWidgetsTree();

return;
}
}

$this->view->widgetsTree = $this->basepackages->widgets->getWidgetsTree();
}

public function addAction()
Expand Down
7 changes: 7 additions & 0 deletions apps/Core/Components/Errors/ErrorsComponent.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,13 @@ public function idNotFoundAction()
$this->addResponse('Id Not Found', 1);
}

public function permissionDeniedAction()
{
$this->view->pick('common/errors/permissiondenied');

$this->addResponse('Permission denied, contact administrator!', 1);
}

public function serverErrorAction()
{
$this->view->pick('common/errors/servererror');
Expand Down
23 changes: 10 additions & 13 deletions apps/Core/Views/Default/html/common/errors/forbidden.html
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,27 @@
{% set sectionId = '403' %}
<div id="{{componentId}}-{{sectionId}}" hidden>
<div id="{{componentId}}-{{sectionId}}">
<div class="row">
<div class="col">
<div class="jumbotron text-center bg-warning">
<div class="jumbotron text-center bg-danger">
<h1>
<span class="text-white"><i class="fas fa-fw fa-ban"></i> Forbidden! (Error:403)</span>
<span class="text-white"><i class="fas fa-fw fa-ban"></i> Permission Denied! (Error:403)</span>
</h1>
<p class="lead text-white">Sorry! You don't have permission to access this component.</p>
<p>
<a href="{{links.url('home')}}" class="contentAjaxLink btn btn-primary btn-lg">
<span class="text-uppercase">Goto Home</span>
</a>
</p>
<p class="lead">Not allowed to access this resource.</p>
<a href="#" class="btn btn-primary btn-lg text-center contentAjaxLink">
<span class="text-uppercase">Try Again</span>
</a>
</div>
</div>
</div>
<div class="row">
<div class="col">
<h2>What happened?</h2>
<p class="lead">A 403 error status indicates that you don't have permission to access this component.</p>
<p class="lead">A 500 error status implies there is a problem with the web server's software causing it to malfunction.</p>
</div>
<div class="col">
<h2>What can I do?</h2>
<p class="lead">Please check that you're in the right place and
<a href="mailto:[email protected]?Subject=Permission%20Denied%20Error" class="font-weight-bold">contact</a> the administrator if you believe this to be an error.
</p>
<p class="lead">Nothing you can do at the moment. If you need immediate assistance, please
<a href="mailto:[email protected]?Subject=Internal%20Server%20Error">contact</a> us.</p>
</div>
</div>
</div>
27 changes: 27 additions & 0 deletions apps/Core/Views/Default/html/common/errors/permissiondenied.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{% set sectionId = '403' %}
<div id="{{componentId}}-{{sectionId}}">
<div class="row">
<div class="col">
<div class="jumbotron text-center bg-danger">
<h1>
<span class="text-white"><i class="fas fa-fw fa-ban"></i> Permission Denied! (Error:403)</span>
</h1>
<p class="lead">Not allowed to access this resource.</p>
<a href="#" class="btn btn-primary btn-lg text-center contentAjaxLink">
<span class="text-uppercase">Try Again</span>
</a>
</div>
</div>
</div>
<div class="row">
<div class="col">
<h2>What happened?</h2>
<p class="lead">A 403 error status implies that you do not have access to this resource.</p>
</div>
<div class="col">
<h2>What can I do?</h2>
<p class="lead">Nothing you can do at the moment. If you need immediate assistance, please
<a href="mailto:?Subject=Permission%20Denied%20Error">contact</a> us.</p>
</div>
</div>
</div>
23 changes: 14 additions & 9 deletions apps/Core/Views/Default/html/dashboards/dashboards.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ <h6><i class="fa fa-fw fa-info-circle text-info"></i> No widgets added to this d
afterInit: function() {
var swalSound = window['dataCollection'].env.sounds.swalSound;
var grid;
var isOwner = "{{isOwner}}";

function initGrid(removeDom = true) {
if (dataCollectionComponent['{{componentId}}-{{sectionId}}']['grid']) {
Expand All @@ -115,7 +116,6 @@ <h6><i class="fa fa-fw fa-info-circle text-info"></i> No widgets added to this d
'animate' : false,
'sizeToContent' : true
});

}

initGrid();
Expand Down Expand Up @@ -166,8 +166,10 @@ <h6><i class="fa fa-fw fa-info-circle text-info"></i> No widgets added to this d
addWidgetToGrid(response.responseData.widgetsData[widget]);
}

$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('disabled', false);
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('hidden', false);
if (isOwner) {
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('disabled', false);
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('hidden', false);
}
grid.enableMove(false);
grid.enableResize(false);
} else {
Expand Down Expand Up @@ -205,7 +207,6 @@ <h6><i class="fa fa-fw fa-info-circle text-info"></i> No widgets added to this d
});
}


function initWidgetCardButtons() {
$('.btn-tool-widgetRemove').off();
$('.btn-tool-widgetRemove').click(function() {
Expand Down Expand Up @@ -292,7 +293,7 @@ <h6><i class="fa fa-fw fa-info-circle text-info"></i> No widgets added to this d
newWidget['w'] = 3;//25% of the screen
newWidget['minW'] = 3;//25% of the screen
newWidget['method'] = widgetsData['widget']['method'];
newWidget['widget_id'] = widgetsData['widget']['id'];
newWidget['widget_id'] = widgetsData['widget_id'];
newWidget['dashboard_id'] = widgetsData['dashboard_id'];

if (widgetsData['settings']['w']) {
Expand Down Expand Up @@ -383,8 +384,10 @@ <h6><i class="fa fa-fw fa-info-circle text-info"></i> No widgets added to this d

addWidgetToGrid(response.responseData);
$('#{{componentId}}-{{sectionId}}-no-widgets').attr('hidden', true);
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('hidden', false);
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('disabled', false);
if (isOwner) {
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('hidden', false);
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('disabled', false);
}

$('#{{componentId}}-{{sectionId}}-modal-button-add').attr('disabled', true);
grid.enableMove(false);
Expand Down Expand Up @@ -451,8 +454,10 @@ <h6><i class="fa fa-fw fa-info-circle text-info"></i> No widgets added to this d

if (grid.save().length === 0) {
$('#{{componentId}}-{{sectionId}}-no-widgets').attr('hidden', false);
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('disabled', true);
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('hidden', true);
if (isOwner) {
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('disabled', true);
$('#{{componentId}}-{{sectionId}}-edit-widgets').attr('hidden', true);
}
} else {
var postData = { };
postData[$('#security-token').attr('name')] = $('#security-token').val();
Expand Down
2 changes: 2 additions & 0 deletions apps/Core/Views/Default/html/dashboards/widgets/buttons.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,12 @@
{% set saveHidden = true %}
{% set addDisabled = true %}
{% set addHidden = true %}
{% set isOwner = false %}
{% if access.auth.account() %}
{% if dashboard['created_by'] == access.auth.account()['id'] %}
{% set addDisabled = false %}
{% set addHidden = false %}
{% set isOwner = true %}
{% endif %}
{% endif %}
<div class="row">
Expand Down
1 change: 1 addition & 0 deletions apps/Core/Views/Default/html/errors/permissionDenied.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Placeholder file. Do not remove
20 changes: 8 additions & 12 deletions apps/Core/Views/Default/html/system/geo/timezones/widgets/worldclock/worldclock.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,20 +313,16 @@ <h6><i class="fa fa-fw fa-info-circle text-danger"></i> Please edit widget and a
}

if (!found) {
if (dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-func']) {
BazHelpers.setTimeoutTimers.add(function() {
dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-func']
.worldClockZone(dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-widgets'][widgetsData['data']['id']]);
}, 1000, '{{componentId}}', 'worldClock' + widgetsData['data']['id']);
}
BazHelpers.setTimeoutTimers.add(function() {
dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-func']
.worldClockZone(dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-widgets'][widgetsData['data']['id']]);
}, 1000, '{{componentId}}', 'worldClock' + widgetsData['data']['id']);
} else {
BazHelpers.setTimeoutTimers.stop(found);
if (dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-func']) {
BazHelpers.setTimeoutTimers.add(function() {
dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-func']
.worldClockZone(dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-widgets'][widgetsData['data']['id']]);
}, 1000, '{{componentId}}', 'worldClock' + widgetsData['data']['id']);
}
BazHelpers.setTimeoutTimers.add(function() {
dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-func']
.worldClockZone(dataCollectionSection['{{componentId}}-{{sectionId}}-worldclock-widgets'][widgetsData['data']['id']]);
}, 1000, '{{componentId}}', 'worldClock' + widgetsData['data']['id']);
}
}
};
Expand Down
29 changes: 29 additions & 0 deletions system/Base/Providers/BasepackagesServiceProvider/Packages/Dashboards.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
namespace System\Base\Providers\BasepackagesServiceProvider\Packages;

use System\Base\BasePackage;
use System\Base\Providers\AccessServiceProvider\Exceptions\PermissionDeniedException;
use System\Base\Providers\BasepackagesServiceProvider\Packages\Model\BasepackagesDashboards;
use System\Base\Providers\BasepackagesServiceProvider\Packages\Model\Dashboards\BasepackagesDashboardsWidgets;

Expand Down Expand Up @@ -77,6 +78,12 @@ public function addWidgetToDashboard(array $data)
{
$dashboard = $this->getDashboardById($data['dashboard_id']);

if ($this->access->auth->account() &&
$this->access->auth->account()['id'] != $dashboard['created_by']
) {
throw new PermissionDeniedException;
}

$maxWidgetsPerDashboard = 10;

if (isset($dashboard['settings']['maxWidgetsPerDashboard'])) {
Expand Down Expand Up @@ -131,11 +138,21 @@ public function addWidgetToDashboard(array $data)

public function updateWidgetToDashboard(array $data)
{
$dashboard = $this->getDashboardById($data['dashboard_id']);

if ($this->access->auth->account() &&
$this->access->auth->account()['id'] != $dashboard['created_by']
) {
throw new PermissionDeniedException;
}

$this->modelToUse = $this->useModel(BasepackagesDashboardsWidgets::class);

$this->setFfStoreToUse();

try {
$sequence = 0;

foreach ($data['widgets'] as $key => $widget) {
$dbWidget = $this->getFirst('id', $widget['id']);

Expand All @@ -146,13 +163,17 @@ public function updateWidgetToDashboard(array $data)

$dbWidgetArr['settings'] = array_merge($dbWidgetArr['settings'], $widget);

$dbWidgetArr['sequence'] = $sequence;

if ($this->config->databasetype === 'db') {
$dbWidget->assign($dbWidgetArr);

$dbWidget->update();
} else {
$this->update($dbWidgetArr);
}

$sequence++;
}
}

Expand All @@ -170,6 +191,14 @@ public function updateWidgetToDashboard(array $data)

public function removeWidgetFromDashboard(array $data)
{
$dashboard = $this->getDashboardById($data['dashboard_id']);

if ($this->access->auth->account() &&
$this->access->auth->account()['id'] != $dashboard['created_by']
) {
throw new PermissionDeniedException;
}

$this->modelToUse = $this->useModel(BasepackagesDashboardsWidgets::class);

$this->setFfStoreToUse();
Expand Down
7 changes: 3 additions & 4 deletions system/Base/Providers/BasepackagesServiceProvider/Packages/Users/Accounts.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -655,12 +655,11 @@ public function addUpdateSecurity($id, $data)
}
}

if (isset($data['id'])) {
unset($data['id']);
}

if ($accountSecurity) {
if (isset($data['id'])) {
unset($data['id']);
}

$accountSecurity = array_replace($accountSecurity, $data);

if ($this->config->databasetype === 'db') {
Expand Down
2 changes: 1 addition & 1 deletion system/Base/Providers/BasepackagesServiceProvider/Packages/Users/Profiles.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ public function addProfile(array $data)

public function updateProfileViaAccount(array $data)
{
$profile = $this->getProfile($data['profile_package_row_id']);
$profile = $this->getProfile((int) $data['id']);

if (isset($data['first_name']) && isset($data['last_name'])) {
if (($data['first_name'] !== $profile['first_name'] ||
Expand Down
2 changes: 2 additions & 0 deletions system/Base/Providers/DispatcherServiceProvider/Dispatcher.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ function (
if ($class === 'InvalidDataException') {
$action = 'invalidData';
$params = [$exception->getMessage()];
} else if ($class === 'PermissionDeniedException') {
$action = 'permissionDenied';
} else {
$action = 'serverError';
}
Expand Down

0 comments on commit 6542d8a

Please sign in to comment.