Fixes/issues from 3.3.7 (#1948)

* Grid Filtering : Fix tag filter xibosignage/xibo#3063 * Users : Fix edit form password change xibosignage/xibo#3070 * Folders : Allow only super admins to create folders under Root Folder. Adjust feature description to suit. xibosignage/xibo#3072 * Ad Campaign : Fix feature check for edit xibosignage/xibo#3074 * Ad Campaign : Do not validate on owner change. xibosignage/xibo#3075 * Users : Fix homeFolder selection for non-current user on edit and set homeFolder forms. xibosignage/xibo#3076 * Members Forms : Fix sorting by member column on all relevant forms. * Schedule Grid : Fix end date for Command event type * Player Software : validate fileName on save to avoid potential duplicates * Folder : Fix title for Root Folder * Player Software : Make sure fileName does not contain spaces.
xibosignage · Jul 31, 2023 · 0c88a16 · 0c88a16
1 parent c509322
commit 0c88a16
Show file tree

Hide file tree

Showing 22 changed files with 282 additions and 57 deletions.
diff --git a/lib/Controller/Campaign.php b/lib/Controller/Campaign.php
@@ -257,7 +257,10 @@ public function grid(Request $request, Response $response)
 
         $embed = ($parsedParams->getString('embed') !== null) ? explode(',', $parsedParams->getString('embed')) : [];
 
-        $campaigns = $this->campaignFactory->query($this->gridRenderSort($parsedParams), $this->gridRenderFilter($filter, $parsedParams));
+        $campaigns = $this->campaignFactory->query(
+            $this->gridRenderSort($parsedParams),
+            $this->gridRenderFilter($filter, $parsedParams)
+        );
 
         foreach ($campaigns as $campaign) {
             /* @var \Xibo\Entity\Campaign $campaign */
@@ -284,11 +287,15 @@ public function grid(Request $request, Response $response)
 
             // Schedule
             if ($this->getUser()->featureEnabled('schedule.add') && $campaign->type === 'list') {
-                $campaign->buttons[] = array(
+                $campaign->buttons[] = [
                     'id' => 'campaign_button_schedule',
-                    'url' => $this->urlFor($request,'schedule.add.form', ['id' => $campaign->campaignId, 'from' => 'Campaign']),
+                    'url' => $this->urlFor(
+                        $request,
+                        'schedule.add.form',
+                        ['id' => $campaign->campaignId, 'from' => 'Campaign']
+                    ),
                     'text' => __('Schedule')
-                );
+                ];
             }
 
             // Preview
@@ -319,7 +326,7 @@ public function grid(Request $request, Response $response)
                         'url' => $this->urlFor($request, 'campaign.edit.form', ['id' => $campaign->campaignId]),
                         'text' => __('Edit'),
                     );
-                } else if ($campaign->type === 'ad' && $this->getUser()->featureEnabled('ad.campaigns')) {
+                } else if ($campaign->type === 'ad' && $this->getUser()->featureEnabled('ad.campaign')) {
                     $campaign->buttons[] = [
                         'id' => 'campaign_button_edit',
                         'linkType' => '_self',
@@ -333,11 +340,22 @@ public function grid(Request $request, Response $response)
                     // Select Folder
                     $campaign->buttons[] = [
                         'id' => 'campaign_button_selectfolder',
-                        'url' => $this->urlFor($request,'campaign.selectfolder.form', ['id' => $campaign->campaignId]),
+                        'url' => $this->urlFor(
+                            $request,
+                            'campaign.selectfolder.form',
+                            ['id' => $campaign->campaignId]
+                        ),
                         'text' => __('Select Folder'),
                         'multi-select' => true,
                         'dataAttributes' => [
-                            ['name' => 'commit-url', 'value' => $this->urlFor($request,'campaign.selectfolder', ['id' => $campaign->campaignId])],
+                            [
+                                'name' => 'commit-url',
+                                'value' => $this->urlFor(
+                                    $request,
+                                    'campaign.selectfolder',
+                                    ['id' => $campaign->campaignId]
+                                )
+                            ],
                             ['name' => 'commit-method', 'value' => 'put'],
                             ['name' => 'id', 'value' => 'campaign_button_selectfolder'],
                             ['name' => 'text', 'value' => __('Move to Folder')],
@@ -350,7 +368,11 @@ public function grid(Request $request, Response $response)
                 // Copy the campaign
                 $campaign->buttons[] = [
                     'id' => 'campaign_button_copy',
-                    'url' => $this->urlFor($request,'campaign.copy.form', ['id' => $campaign->campaignId]),
+                    'url' => $this->urlFor(
+                        $request,
+                        'campaign.copy.form',
+                        ['id' => $campaign->campaignId]
+                    ),
                     'text' => __('Copy')
                 ];
             } else {
@@ -363,11 +385,22 @@ public function grid(Request $request, Response $response)
                 // Delete Campaign
                 $campaign->buttons[] = [
                     'id' => 'campaign_button_delete',
-                    'url' => $this->urlFor($request,'campaign.delete.form', ['id' => $campaign->campaignId]),
+                    'url' => $this->urlFor(
+                        $request,
+                        'campaign.delete.form',
+                        ['id' => $campaign->campaignId]
+                    ),
                     'text' => __('Delete'),
                     'multi-select' => true,
                     'dataAttributes' => [
-                        ['name' => 'commit-url', 'value' => $this->urlFor($request,'campaign.delete', ['id' => $campaign->campaignId])],
+                        [
+                            'name' => 'commit-url',
+                            'value' => $this->urlFor(
+                                $request,
+                                'campaign.delete',
+                                ['id' => $campaign->campaignId]
+                            )
+                        ],
                         ['name' => 'commit-method', 'value' => 'delete'],
                         ['name' => 'id', 'value' => 'campaign_button_delete'],
                         ['name' => 'text', 'value' => __('Delete')],
@@ -472,7 +505,8 @@ public function addForm(Request $request, Response $response)
      *  @SWG\Parameter(
      *      name="cyclePlaybackEnabled",
      *      in="formData",
-     *      description="When cycle based playback is enabled only 1 Layout from this Campaign will be played each time it is in a Schedule loop. The same Layout will be shown until the 'Play count' is achieved.",
+     *      description="When cycle based playback is enabled only 1 Layout from this Campaign will be played each time
+     * it is in a Schedule loop. The same Layout will be shown until the 'Play count' is achieved.",
      *      type="integer",
      *      required=false
      *   ),
@@ -573,7 +607,9 @@ public function add(Request $request, Response $response)
             $campaign->playCount = ($campaign->cyclePlaybackEnabled) ? $sanitizedParams->getInt('playCount') : null;
 
             // For compatibility with existing API implementations we set a default here.
-            $campaign->listPlayOrder = ($campaign->cyclePlaybackEnabled) ? 'block' : $sanitizedParams->getString('listPlayOrder', ['default' => 'round']);
+            $campaign->listPlayOrder = ($campaign->cyclePlaybackEnabled)
+                    ? 'block'
+                    : $sanitizedParams->getString('listPlayOrder', ['default' => 'round']);
         } else if ($campaign->type === 'ad') {
             $campaign->targetType = $sanitizedParams->getString('targetType');
             $campaign->target = $sanitizedParams->getInt('target');
@@ -1445,7 +1481,9 @@ public function selectFolder(Request $request, Response $response, $id)
 
         $campaign->folderId = $folderId;
         $folder = $this->folderFactory->getById($campaign->folderId);
-        $campaign->permissionsFolderId = ($folder->getPermissionFolderId() == null) ? $folder->id : $folder->getPermissionFolderId();
+        $campaign->permissionsFolderId = ($folder->getPermissionFolderId() == null)
+            ? $folder->id
+            : $folder->getPermissionFolderId();
 
         if ($campaign->isLayoutSpecific === 1) {
             $layouts = $this->layoutFactory->getByCampaignId($campaign->campaignId, true, true);

diff --git a/lib/Controller/Display.php b/lib/Controller/Display.php
@@ -499,6 +499,7 @@ public function getFilters(SanitizerInterface $parsedQueryParams): array
             'logicalOperatorName' => $parsedQueryParams->getString('logicalOperatorName'),
             'bounds' => $parsedQueryParams->getString('bounds'),
             'syncGroupId' => $parsedQueryParams->getInt('syncGroupId'),
+            'syncGroupIdMembers' => $parsedQueryParams->getInt('syncGroupIdMembers')
         ];
     }
 
@@ -659,12 +660,17 @@ function grid(Request $request, Response $response)
     {
         $parsedQueryParams = $this->getSanitizer($request->getQueryParams());
         // Embed?
-        $embed = ($parsedQueryParams->getString('embed') != null) ? explode(',', $parsedQueryParams->getString('embed')) : [];
+        $embed = ($parsedQueryParams->getString('embed') != null)
+            ? explode(',', $parsedQueryParams->getString('embed'))
+            : [];
 
         $filter = $this->getFilters($parsedQueryParams);
 
         // Get a list of displays
-        $displays = $this->displayFactory->query($this->gridRenderSort($parsedQueryParams), $this->gridRenderFilter($filter, $parsedQueryParams));
+        $displays = $this->displayFactory->query(
+            $this->gridRenderSort($parsedQueryParams),
+            $this->gridRenderFilter($filter, $parsedQueryParams)
+        );
 
         // Get all Display Profiles
         $displayProfiles = [];
@@ -696,8 +702,11 @@ function grid(Request $request, Response $response)
             $display->getCurrentLayoutId($this->pool, $this->layoutFactory);
 
             if ($this->isApi($request)) {
-                $display->lastAccessed = Carbon::createFromTimestamp($display->lastAccessed)->format(DateFormatHelper::getSystemFormat());
-                $display->auditingUntil = ($display->auditingUntil == 0) ? 0 :  Carbon::createFromTimestamp($display->auditingUntil)->format(DateFormatHelper::getSystemFormat());
+                $display->lastAccessed =
+                    Carbon::createFromTimestamp($display->lastAccessed)->format(DateFormatHelper::getSystemFormat());
+                $display->auditingUntil = ($display->auditingUntil == 0)
+                    ? 0
+                    : Carbon::createFromTimestamp($display->auditingUntil)->format(DateFormatHelper::getSystemFormat());
                 $display->storageAvailableSpace = ByteFormatter::format($display->storageAvailableSpace);
                 $display->storageTotalSpace = ByteFormatter::format($display->storageTotalSpace);
                 continue;

diff --git a/lib/Controller/DisplayGroup.php b/lib/Controller/DisplayGroup.php
@@ -266,6 +266,7 @@ public function grid(Request $request, Response $response)
             'folderId' => $parsedQueryParams->getInt('folderId'),
             'logicalOperator' => $parsedQueryParams->getString('logicalOperator'),
             'logicalOperatorName' => $parsedQueryParams->getString('logicalOperatorName'),
+            'displayIdMember' => $parsedQueryParams->getInt('displayIdMember'),
         ];
 
         $scheduleWithView = ($this->getConfig()->getSetting('SCHEDULE_WITH_VIEW_PERMISSION') == 1);

diff --git a/lib/Controller/Folder.php b/lib/Controller/Folder.php
@@ -85,6 +85,7 @@ public function displayPage(Request $request, Response $response)
      */
     public function grid(Request $request, Response $response, $folderId = null)
     {
+        $params = $this->getSanitizer($request->getParams());
         // Should we return information for a specific folder?
         if ($folderId !== null) {
             $folder = $this->folderFactory->getById($folderId);
@@ -98,10 +99,15 @@ public function grid(Request $request, Response $response, $folderId = null)
         } else {
             // Show a tree view of all folders.
             $rootFolder = $this->folderFactory->getById(1);
-            $rootFolder->setUnmatchedProperty('a_attr', [
-                'title' => __('Right click a Folder for further Options')
-            ]);
-            $this->buildTreeView($rootFolder, $this->getUser()->homeFolderId);
+
+            // homeFolderId,
+            // do we show tree for current user
+            // or a specified user?
+            $homeFolderId = ($params->getInt('homeFolderId') !== null)
+                    ? $params->getInt('homeFolderId')
+                    : $this->getUser()->homeFolderId;
+
+            $this->buildTreeView($rootFolder, $homeFolderId);
             return $response->withJson([$rootFolder]);
         }
     }
@@ -359,11 +365,14 @@ public function getContextMenuButtons(Request $request, Response $response, $fol
         return $response->withJson($folder->buttons);
     }
 
-    private function decorateWithButtons($folder)
+    private function decorateWithButtons(\Xibo\Entity\Folder $folder)
     {
         $user = $this->getUser();
 
-        if ($user->featureEnabled('folder.add') &&  $user->checkViewable($folder)) {
+        if ($user->featureEnabled('folder.add')
+            && $user->checkViewable($folder)
+            && (!$folder->isRoot() || $user->isSuperAdmin())
+        ) {
             $folder->buttons['create'] = true;
         }
 

diff --git a/lib/Controller/PlayerSoftware.php b/lib/Controller/PlayerSoftware.php
@@ -608,7 +608,10 @@ public function add(Request $request, Response $response)
             // Add the Player Software record
             $playerSoftware = $this->getPlayerVersionFactory()->createEmpty();
             $playerSoftware->modifiedBy = $this->getUser()->userName;
-            $playerSoftware->fileName = $file->fileName;
+
+            // SoC players have issues parsing fileNames with spaces in them
+            // replace any unexpected character in fileName with -
+            $playerSoftware->fileName = preg_replace('/[^a-zA-Z0-9_.]+/', '-', $file->fileName);
             $playerSoftware->size = filesize($filePath);
             $playerSoftware->md5 = md5_file($filePath);
             $playerSoftware->decorateRecord();

diff --git a/lib/Controller/Schedule.php b/lib/Controller/Schedule.php
@@ -2247,6 +2247,10 @@ public function grid(Request $request, Response $response)
                 $event->toDt = $dayPart->adjustedEnd->format('U');
             }
 
+            if ($event->eventTypeId == \Xibo\Entity\Schedule::$COMMAND_EVENT) {
+                $event->toDt = $event->fromDt;
+            }
+
             if ($this->isApi($request)) {
                 continue;
             }

diff --git a/lib/Controller/User.php b/lib/Controller/User.php
@@ -282,6 +282,7 @@ function grid(Request $request, Response $response)
             'useRegexForName' => $sanitizedParams->getCheckbox('useRegexForName'),
             'retired' => $sanitizedParams->getInt('retired'),
             'logicalOperatorName' => $sanitizedParams->getString('logicalOperatorName'),
+            'userGroupIdMembers' => $sanitizedParams->getInt('userGroupIdMembers'),
         ];
 
         // Load results into an array
@@ -1886,7 +1887,7 @@ public function permissions(Request $request, Response $response, $entity, $id)
 
             if ($object->canChangeOwner()) {
                 $object->setOwner($ownerId);
-                $object->save(['notify' => false, 'manageDynamicDisplayLinks' => false]);
+                $object->save(['notify' => false, 'manageDynamicDisplayLinks' => false, 'validate' => false]);
             } else {
                 throw new ConfigurationException(__('Cannot change owner on this Object'));
             }

diff --git a/lib/Controller/UserGroup.php b/lib/Controller/UserGroup.php
@@ -125,7 +125,8 @@ function grid(Request $request, Response $response)
             'group' => $sanitizedQueryParams->getString('userGroup'),
             'useRegexForName' => $sanitizedQueryParams->getCheckbox('useRegexForName'),
             'logicalOperatorName' => $sanitizedQueryParams->getString('logicalOperatorName'),
-            'isUserSpecific' => 0
+            'isUserSpecific' => 0,
+            'userIdMember' => $sanitizedQueryParams->getInt('userIdMember'),
         ];
 
         $groups = $this->userGroupFactory->query(

diff --git a/lib/Entity/PlayerVersion.php b/lib/Entity/PlayerVersion.php
@@ -29,6 +29,7 @@
 use Xibo\Service\ConfigServiceInterface;
 use Xibo\Service\LogServiceInterface;
 use Xibo\Storage\StorageServiceInterface;
+use Xibo\Support\Exception\DuplicateEntityException;
 
 /**
  * Class PlayerVersion
@@ -225,10 +226,34 @@ public function save($options = [])
             'validate' => true
         ], $options);
 
-        if ($this->versionId == null || $this->versionId == 0)
+        if ($options['validate']) {
+            $this->validate();
+        }
+
+        if ($this->versionId == null || $this->versionId == 0) {
             $this->add();
-        else
+        } else {
             $this->edit();
+        }
+    }
+
+    public function validate() {
+        // do we already have a file with the same exact name?
+        $params = [];
+        $checkSQL = 'SELECT `fileName` FROM `player_software` WHERE `fileName` = :fileName';
+
+        if ($this->versionId != null) {
+            $checkSQL .= ' AND `versionId` <> :versionId ';
+            $params['versionId'] = $this->versionId;
+        }
+
+        $params['fileName'] = $this->fileName;
+
+        $result = $this->getStore()->select($checkSQL, $params);
+
+        if (count($result) > 0) {
+            throw new DuplicateEntityException(__('You already own Player Version file with this name.'));
+        }
     }
 
     public function decorateRecord()

diff --git a/lib/Entity/User.php b/lib/Entity/User.php
@@ -753,7 +753,10 @@ public function save($options = [])
         } else if ($options['passwordUpdate']) {
             $this->updatePassword();
             $this->audit($this->userId, 'User updated password', false);
-        } else if ($this->hash() != $this->hash || $this->hasPropertyChanged('twoFactorRecoveryCodes')) {
+        } else if ($this->hash() != $this->hash
+            || $this->hasPropertyChanged('twoFactorRecoveryCodes')
+            || $this->hasPropertyChanged('password')
+        ) {
             $this->update();
             $this->audit($this->userId, 'User updated');
         }