diff --git a/lib/Alchemy/Phrasea/Controller/Prod/UsrLists.php b/lib/Alchemy/Phrasea/Controller/Prod/UsrLists.php
index 960dc0658a..02a6cb2692 100644
--- a/lib/Alchemy/Phrasea/Controller/Prod/UsrLists.php
+++ b/lib/Alchemy/Phrasea/Controller/Prod/UsrLists.php
@@ -217,7 +217,7 @@ class UsrLists implements ControllerProviderInterface
$em->merge($list);
$em->flush();
-
+
$datas = array(
'success' => true
, 'message' => ''
@@ -246,7 +246,7 @@ class UsrLists implements ControllerProviderInterface
$em = $app['Core']->getEntityManager();
$repository = $em->getRepository('\Entities\Usr');
-
+
try
{
$repository = $em->getRepository('\Entities\UsrList');
@@ -255,13 +255,18 @@ class UsrLists implements ControllerProviderInterface
$em->remove($list);
$em->flush();
+
+ $datas = array(
+ 'success' => true
+ , 'message' => sprintf(_('List has been deleted'))
+ );
}
catch (\Exception $e)
{
$datas = array(
'success' => false
- , 'message' => sprintf(_('Unable to create list %s'), $list_name)
+ , 'message' => sprintf(_('Unable to delete list'))
);
}
@@ -275,11 +280,41 @@ class UsrLists implements ControllerProviderInterface
/**
* Remove a usr_id from a list
*/
- $controllers->post('/list/{list_id}/remove/{usr_id}/', function() use ($app)
+ $controllers->post('/list/{list_id}/remove/{entry_id}/', function() use ($app)
{
$em = $app['Core']->getEntityManager();
- $repository = $em->getRepository('\Entities\Usr');
+ try
+ {
+ $repository = $em->getRepository('\Entities\UsrList');
+
+ $list = $repository->findUserListByUserAndId($user, $list_id);
+ /* @var $list \Entities\UsrList */
+
+ $entry_repository = $em->getRepository('\Entities\UsrListEntry');
+
+ $user_entry = $entry_repository->findEntryByListAndEntryId($list, $entry_id);
+
+ $em->remove($user_entry);
+ $em->flush();
+
+ $datas = array(
+ 'success' => false
+ , 'message' => _('Entry removed from list')
+ );
+ }
+ catch (\Exception $e)
+ {
+
+ $datas = array(
+ 'success' => false
+ , 'message' => _('Unable to remove entry from list')
+ );
+ }
+
+ $Json = $app['Core']['Serializer']->serialize($datas, 'json');
+
+ return new Response($Json, 200, array('Content-Type' => 'application/json'));
}
);
@@ -290,7 +325,42 @@ class UsrLists implements ControllerProviderInterface
{
$em = $app['Core']->getEntityManager();
- $repository = $em->getRepository('\Entities\Usr');
+ try
+ {
+ $repository = $em->getRepository('\Entities\UsrList');
+
+ $list = $repository->findUserListByUserAndId($user, $list_id);
+ /* @var $list \Entities\UsrList */
+ $user_entry = \User_Adapter::getInstance($usr_id, appbox::get_instance());
+
+ $entry = new \Entities\UsrListEntry();
+ $entry->setUser($user_entry);
+ $entry->setList($list);
+
+ $list->addUsrListEntry($entry);
+
+ $em->persist($entry);
+ $em->merge($list);
+
+ $em->flush();
+
+ $datas = array(
+ 'success' => false
+ , 'message' => _('Usr added to list')
+ );
+ }
+ catch (\Exception $e)
+ {
+
+ $datas = array(
+ 'success' => false
+ , 'message' => _('Unable to add usr to list')
+ );
+ }
+
+ $Json = $app['Core']['Serializer']->serialize($datas, 'json');
+
+ return new Response($Json, 200, array('Content-Type' => 'application/json'));
}
);
@@ -300,18 +370,108 @@ class UsrLists implements ControllerProviderInterface
$controllers->post('/list/{list_id}/share/{usr_id}/', function() use ($app)
{
$em = $app['Core']->getEntityManager();
+ $user = $app['Core']->getAuthenticatedUser();
- $repository = $em->getRepository('\Entities\Usr');
+ try
+ {
+ $repository = $em->getRepository('\Entities\UsrList');
+
+ $list = $repository->findUserListByUserAndId($user, $list_id);
+ /* @var $list \Entities\UsrList */
+
+ if($list->getOwner($user)->getList() < \Entities\UsrListOwner::ROLE_EDITOR)
+ {
+ throw new \Exception('You are not authorized to do this');
+ }
+
+ $new_owner = \User_Adapter::getInstance($usr_id, appbox::get_instance());
+
+ if($list->hasAccess($new_owner))
+ {
+ $owner = $list->getOwner($new_owner);
+ }
+ else
+ {
+ $owner = new \Entities\UsrListOwner();
+ $owner->setList($list);
+ $owner->setUser($new_owner);
+
+ $list->addUsrListOwner($owner);
+
+ $em->persist($owner);
+ $em->merge($list);
+ }
+
+ $role = $app['request']->get('role', \Entities\UsrListOwner::ROLE_USER);
+
+ $owner->setRole($role);
+
+ $em->merge($owner);
+ $em->flush();
+
+ $datas = array(
+ 'success' => false
+ , 'message' => _('Usr added to list')
+ );
+ }
+ catch (\Exception $e)
+ {
+
+ $datas = array(
+ 'success' => false
+ , 'message' => _('Unable to add usr to list')
+ );
+ }
+
+ $Json = $app['Core']['Serializer']->serialize($datas, 'json');
+
+ return new Response($Json, 200, array('Content-Type' => 'application/json'));
}
);
/**
* UnShare a list to a user
*/
- $controllers->post('/list/{list_id}/unshare/{usr_id}/', function() use ($app)
+ $controllers->post('/list/{list_id}/unshare/{owner_id}/', function() use ($app)
{
$em = $app['Core']->getEntityManager();
+ $user = $app['Core']->getAuthenticatedUser();
- $repository = $em->getRepository('\Entities\Usr');
+ try
+ {
+ $repository = $em->getRepository('\Entities\UsrList');
+
+ $list = $repository->findUserListByUserAndId($user, $list_id);
+ /* @var $list \Entities\UsrList */
+
+ if($list->getOwner($user)->getList() < \Entities\UsrListOwner::ROLE_ADMIN)
+ {
+ throw new \Exception('You are not authorized to do this');
+ }
+
+ $owners_repository = $em->getRepository('\Entities\UsrListOwner');
+
+ $owner = $owners_repository->findByListAndOwner($list, $owner_id);
+
+ $em->remove($owner);
+ $em->flush();
+
+ $datas = array(
+ 'success' => false
+ , 'message' => _('Owner removed from list')
+ );
+ }
+ catch (\Exception $e)
+ {
+
+ $datas = array(
+ 'success' => false
+ , 'message' => _('Unable to add usr to list')
+ );
+ }
+
+ $Json = $app['Core']['Serializer']->serialize($datas, 'json');
+
+ return new Response($Json, 200, array('Content-Type' => 'application/json'));
}
);
diff --git a/lib/Alchemy/Phrasea/Core.php b/lib/Alchemy/Phrasea/Core.php
index 7fbe38374a..5f14a15d35 100644
--- a/lib/Alchemy/Phrasea/Core.php
+++ b/lib/Alchemy/Phrasea/Core.php
@@ -18,13 +18,14 @@ use Alchemy\Phrasea\Core\Configuration;
require_once __DIR__ . '/../../vendor/Silex/vendor/pimple/lib/Pimple.php';
/**
+ *
+ * Phraseanet Core Container
*
* @license http://opensource.org/licenses/gpl-3.0 GPLv3
* @link www.phraseanet.com
*/
class Core extends \Pimple
{
-
protected static $availableLanguages = array(
'ar_SA' => 'العربية'
@@ -358,7 +359,6 @@ class Core extends \Pimple
public static function initAutoloads()
{
require_once __DIR__ . '/../../vendor/symfony/src/Symfony/Component/ClassLoader/UniversalClassLoader.php';
-
require_once __DIR__ . '/../../vendor/Twig/lib/Twig/Autoloader.php';
require_once __DIR__ . '/../../vendor/Twig-extensions/lib/Twig/Extensions/Autoloader.php';
diff --git a/lib/Doctrine/Entities/UsrList.php b/lib/Doctrine/Entities/UsrList.php
index dcdfefecf9..9fc5c8a62b 100644
--- a/lib/Doctrine/Entities/UsrList.php
+++ b/lib/Doctrine/Entities/UsrList.php
@@ -156,6 +156,22 @@ class UsrList
return false;
}
+ /**
+ *
+ * @param \User_Adapter $user
+ * @return \Entities\UsrListOwner
+ */
+ public function getOwner(\User_Adapter $user)
+ {
+ foreach ($this->getOwners() as $owner)
+ {
+ if ($owner->getUser()->get_id() == $user->get_id())
+ return $owner;
+ }
+
+ throw new \Exception('This user is not an owner of the list');
+ }
+
/**
* Add users
*
diff --git a/lib/Doctrine/Entities/UsrListEntry.php b/lib/Doctrine/Entities/UsrListEntry.php
index 38c877c885..ef4575d2bc 100644
--- a/lib/Doctrine/Entities/UsrListEntry.php
+++ b/lib/Doctrine/Entities/UsrListEntry.php
@@ -138,5 +138,9 @@ class UsrListEntry
{
return \User_Adapter::getInstance($this->getUsrId(), \appbox::get_instance());
}
+ public function setUser(\User_Adapter $user)
+ {
+ return $this->setUsrId($user->get_id());
+ }
}
\ No newline at end of file
diff --git a/lib/Doctrine/Entities/UsrListOwner.php b/lib/Doctrine/Entities/UsrListOwner.php
index babb4475db..9f2267bf2f 100644
--- a/lib/Doctrine/Entities/UsrListOwner.php
+++ b/lib/Doctrine/Entities/UsrListOwner.php
@@ -18,9 +18,9 @@ namespace Entities;
*/
class UsrListOwner
{
- const ROLE_USER = 'user';
- const ROLE_EDITOR = 'editor';
- const ROLE_ADMIN = 'admin';
+ const ROLE_USER = 1;
+ const ROLE_EDITOR = 2;
+ const ROLE_ADMIN = 3;
/**
* @var integer $id
diff --git a/lib/Doctrine/Proxies/EntitiesUsrListEntryProxy.php b/lib/Doctrine/Proxies/EntitiesUsrListEntryProxy.php
index b4ab53b932..fdc40e6062 100644
--- a/lib/Doctrine/Proxies/EntitiesUsrListEntryProxy.php
+++ b/lib/Doctrine/Proxies/EntitiesUsrListEntryProxy.php
@@ -96,6 +96,12 @@ class EntitiesUsrListEntryProxy extends \Entities\UsrListEntry implements \Doctr
return parent::getUser();
}
+ public function setUser(\User_Adapter $user)
+ {
+ $this->__load();
+ return parent::setUser($user);
+ }
+
public function __sleep()
{
diff --git a/lib/Doctrine/Proxies/EntitiesUsrListOwnerProxy.php b/lib/Doctrine/Proxies/EntitiesUsrListOwnerProxy.php
index 7a4ca66326..6765ac71e8 100644
--- a/lib/Doctrine/Proxies/EntitiesUsrListOwnerProxy.php
+++ b/lib/Doctrine/Proxies/EntitiesUsrListOwnerProxy.php
@@ -102,6 +102,12 @@ class EntitiesUsrListOwnerProxy extends \Entities\UsrListOwner implements \Doctr
return parent::getList();
}
+ public function setUser(\User_Adapter $user)
+ {
+ $this->__load();
+ return parent::setUser($user);
+ }
+
public function getUser()
{
$this->__load();
diff --git a/lib/Doctrine/Proxies/EntitiesUsrListProxy.php b/lib/Doctrine/Proxies/EntitiesUsrListProxy.php
index 9003b77769..7d2270bf23 100644
--- a/lib/Doctrine/Proxies/EntitiesUsrListProxy.php
+++ b/lib/Doctrine/Proxies/EntitiesUsrListProxy.php
@@ -90,6 +90,18 @@ class EntitiesUsrListProxy extends \Entities\UsrList implements \Doctrine\ORM\Pr
return parent::getOwners();
}
+ public function hasAccess(\User_Adapter $user)
+ {
+ $this->__load();
+ return parent::hasAccess($user);
+ }
+
+ public function getOwner(\User_Adapter $user)
+ {
+ $this->__load();
+ return parent::getOwner($user);
+ }
+
public function addUsrListEntry(\Entities\UsrListEntry $users)
{
$this->__load();
diff --git a/lib/Doctrine/Repositories/UsrListEntryRepository.php b/lib/Doctrine/Repositories/UsrListEntryRepository.php
index f01ce73c3a..a66157fd8e 100644
--- a/lib/Doctrine/Repositories/UsrListEntryRepository.php
+++ b/lib/Doctrine/Repositories/UsrListEntryRepository.php
@@ -34,4 +34,22 @@ class UsrListEntryRepository extends EntityRepository
return $query->getResult();
}
+
+ public function findEntryByListAndEntryId(\Entities\UsrList $list, $entry_id)
+ {
+ $entry = $this->find($entry_id);
+
+ if(!$entry)
+ {
+ throw new \Exception_NotFound('Entry not found');
+ }
+
+ /* @var $entry \Entities\UsrListEntry */
+ if($entry->getList()->getId() != $list->getId())
+ {
+ throw new \Exception_Forbidden('Entry mismatch list');
+ }
+
+ return $entry;
+ }
}
\ No newline at end of file
diff --git a/lib/Doctrine/Repositories/UsrListOwnerRepository.php b/lib/Doctrine/Repositories/UsrListOwnerRepository.php
index 9ebab13851..5a58262215 100644
--- a/lib/Doctrine/Repositories/UsrListOwnerRepository.php
+++ b/lib/Doctrine/Repositories/UsrListOwnerRepository.php
@@ -12,4 +12,29 @@ use Doctrine\ORM\EntityRepository;
*/
class UsrListOwnerRepository extends EntityRepository
{
+ /**
+ *
+ *
+ * @param \Entities\UsrList $list
+ * @param type $owner_id
+ * @return \Entities\UsrList
+ */
+ public function findByListAndOwner(\Entities\UsrList $list, $owner_id)
+ {
+ $owner = $this->find($owner_id);
+
+ /* @var $owner \Entities\UsrListOwner */
+ if (null === $owner)
+ {
+ throw new \Exception_NotFound(_('Owner is not found'));
+ }
+
+ if (!$owner->getList()->getid() != $list->getId())
+ {
+ throw new \Exception_Forbidden(_('Owner and list mismatch'));
+ }
+
+ return $owner;
+ }
+
}
\ No newline at end of file
diff --git a/lib/classes/ACL.class.php b/lib/classes/ACL.class.php
index ccd588066c..91c73943ae 100644
--- a/lib/classes/ACL.class.php
+++ b/lib/classes/ACL.class.php
@@ -321,7 +321,7 @@ class ACL implements cache_cacheableInterface
$this->give_access_to_base($bas_to_acces);
- foreach ($rights_to_give as $sbas_id => $rights)
+ foreach ($rights_to_give as $base_id => $rights)
{
$this->update_rights_to_base($base_id, $rights);
}
diff --git a/lib/classes/eventsmanager/notify/validationdone.class.php b/lib/classes/eventsmanager/notify/validationdone.class.php
index 172ece27f8..97ff69938b 100644
--- a/lib/classes/eventsmanager/notify/validationdone.class.php
+++ b/lib/classes/eventsmanager/notify/validationdone.class.php
@@ -110,7 +110,7 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
'name' => $user_from->get_display_name()
);
- if (self::mail($to, $from, $params['ssel_id']))
+ if (self::mail($to, $from, $params['ssel_id'], $params['url']))
$mailed = true;
}
@@ -192,7 +192,7 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
* @param int $ssel_id
* @return boolean
*/
- function mail($to, $from, $ssel_id)
+ function mail($to, $from, $ssel_id, $url)
{
try
{
@@ -217,7 +217,7 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
$from['name']
) . "\n";
- $body .= "
\n" . $this->registry->get('GV_ServerName') . 'lightbox/validate/' . $ssel_id;
+ $body .= "
\n" . $url;
return mail::send_mail($subject, $body, $to, $from, array());
}
diff --git a/lib/classes/gatekeeper.class.php b/lib/classes/gatekeeper.class.php
index a0a47e72d6..97aa6996bb 100644
--- a/lib/classes/gatekeeper.class.php
+++ b/lib/classes/gatekeeper.class.php
@@ -76,7 +76,6 @@ class gatekeeper
$session = $appbox->get_session();
if (http_request::is_command_line())
-
return;
if (isset($_SERVER['PHP_SELF']) && trim($_SERVER['PHP_SELF']))
@@ -105,7 +104,7 @@ class gatekeeper
}
catch (Exception $e)
{
-
+
}
}
@@ -122,7 +121,6 @@ class gatekeeper
if ($this->_PHP_SELF == '/thesaurus2/xmlhttp/getterm.x.php'
|| $this->_PHP_SELF == '/thesaurus2/xmlhttp/searchcandidate.x.php'
|| $this->_PHP_SELF == '/thesaurus2/xmlhttp/getsy.x.php')
-
return;
phrasea::redirect('/login/?redirect=/thesaurus2');
break;
@@ -131,7 +129,6 @@ class gatekeeper
break;
case 'admin':
if ($this->_script_name === 'runscheduler.php')
-
return;
phrasea::redirect('/login/?redirect=' . $_SERVER['REQUEST_URI']);
break;
@@ -151,7 +148,6 @@ class gatekeeper
return;
case 'setup':
if ($appbox->upgradeavailable())
-
return;
else
phrasea::redirect('/login/');
@@ -161,7 +157,7 @@ class gatekeeper
break;
case 'lightbox':
$this->token_access();
- if(!$session->is_authenticated())
+ if (!$session->is_authenticated())
{
phrasea::redirect('/login/?redirect=' . $_SERVER['REQUEST_URI']);
}
@@ -268,13 +264,12 @@ class gatekeeper
$parm = $request->get_parms('LOG');
if (is_null($parm["LOG"]))
-
return $this;
try
{
- if($session->is_authenticated())
- $session->logout ();
+ if ($session->is_authenticated())
+ $session->logout();
$auth = new Session_Authentication_Token($appbox, $parm['LOG']);
$session->authenticate($auth);
}
@@ -286,10 +281,11 @@ class gatekeeper
try
{
$datas = random::helloToken($parm['LOG']);
+ return phrasea::redirect("/lightbox/validate/" . $datas['datas'] . "/");
}
catch (Exception_NotFound $e)
{
-
+
}
return $this;
diff --git a/lib/classes/record/preview.class.php b/lib/classes/record/preview.class.php
index bcf7ee2893..6d95132d3f 100644
--- a/lib/classes/record/preview.class.php
+++ b/lib/classes/record/preview.class.php
@@ -381,8 +381,14 @@ class record_preview extends record_adapter
$tab[$hour][$site][$action] = array();
if (!isset($tab[$hour][$site][$action][$row['usr_id']]))
+ {
$tab[$hour][$site][$action][$row['usr_id']] =
- array('final' => array(), 'comment' => array());
+ array(
+ 'final' => array()
+ , 'comment' => array()
+ , 'user' => \User_Adapter::getInstance($row['usr_id'], $appbox)
+ );
+ }
if (!in_array($row['final'], $tab[$hour][$site][$action][$row['usr_id']]['final']))
$tab[$hour][$site][$action][$row['usr_id']]['final'][] =
diff --git a/lib/conf.d/Doctrine/Entities.UsrListOwner.dcm.yml b/lib/conf.d/Doctrine/Entities.UsrListOwner.dcm.yml
index 9a6e4af5cc..7afebbff4c 100644
--- a/lib/conf.d/Doctrine/Entities.UsrListOwner.dcm.yml
+++ b/lib/conf.d/Doctrine/Entities.UsrListOwner.dcm.yml
@@ -2,6 +2,9 @@ Entities\UsrListOwner:
type: entity
repositoryClass: Repositories\UsrListOwnerRepository
table: UsrListOwners
+ uniqueConstraints:
+ unique_owner:
+ columns: usr_id,id
id:
id:
type: integer
diff --git a/templates/web/prod/preview/short_history.html b/templates/web/prod/preview/short_history.html
index 2292814be0..5386068f8f 100644
--- a/templates/web/prod/preview/short_history.html
+++ b/templates/web/prod/preview/short_history.html
@@ -3,7 +3,7 @@
{% for hour, sites in record.get_short_history() %}
{% for site, actions in sites %}
{% for action, users in actions %}
- {% for current_user, done in users %}
+ {% for done in users %}
@@ -55,9 +55,9 @@
{% endif %}
{% if user.ACL().has_right_on_base(record.get_base_id(), 'canreport') %}
- {% set user_infos = user.getInfos(current_user) %}
- {% if current_user != session.get_usr_id() and user_infos %}
- {% trans %}report:: par {{user_infos}}{% endtrans %}
+ {% if done['user'].get_id() != session.get_usr_id() %}
+ {% set user_infos = done['user'].get_display_name() %}
+ {% trans %}report:: par {{ user_infos }}{% endtrans %}
{% endif %}
{% endif %}
diff --git a/www/include/jquery.common.js b/www/include/jquery.common.js
index a501b5858b..9b1135d7a9 100644
--- a/www/include/jquery.common.js
+++ b/www/include/jquery.common.js
@@ -366,7 +366,7 @@ function manageSession(data, showMessages)
if($('.notification.unread',box).length > 0)
{
var trigger = $('#notification_trigger') ;
- $('.counter div',trigger)
+ $('.counter',trigger)
.empty()
.append($('.notification.unread',box).length);
$('.counter',trigger).css('visibility','visible');