From dcb7a775ebaa011eae58b5a841bb4f8a55c88f53 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 12 Jun 2020 15:02:29 +0200
Subject: [PATCH 1/4] show info about installed seeddms and php extensions

---
 out/out.Info.php               |  4 +++
 views/bootstrap/class.Info.php | 61 ++++++++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
diff --git a/out/out.Info.php b/out/out.Info.php
index 21f5b1483..079fc9986 100644
--- a/out/out.Info.php
+++ b/out/out.Info.php
@@ -47,9 +47,13 @@ if(@ini_get('allow_url_fopen') == '1') {
 	}
 }
 
+$reposurl = $settings->_repositoryUrl;
+$extmgr = new SeedDMS_Extension_Mgr($settings->_rootDir."/ext", $settings->_cacheDir, $reposurl);
+
 if($view) {
 	$view->setParam('version', $v);
 	$view->setParam('availversions', $versions);
+	$view->setParam('extmgr', $extmgr);
 	$view($_GET);
 	exit;
 }
diff --git a/views/bootstrap/class.Info.php b/views/bootstrap/class.Info.php
index 1bc7d8637..66b9659ba 100644
--- a/views/bootstrap/class.Info.php
+++ b/views/bootstrap/class.Info.php
@@ -36,6 +36,7 @@ class SeedDMS_View_Info extends SeedDMS_Bootstrap_Style {
 		$user = $this->params['user'];
 		$version = $this->params['version'];
 		$availversions = $this->params['availversions'];
+		$extmgr = $this->params['extmgr'];
 
 		$this->htmlStartPage(getMLText("admin_tools"));
 		$this->globalNavigation();
@@ -53,6 +54,66 @@ class SeedDMS_View_Info extends SeedDMS_Bootstrap_Style {
 		} else {
 			$this->warningMsg(getMLText('no_version_check'));
 		}
+?>
+<div class="row-fluid">
+<div class="span6">
+<?php
+		$this->contentHeading(getMLText("seeddms_info"));
+		$seedextensions = $extmgr->getExtensionConfiguration();
+		echo "<table class=\"table table-condensed\">\n";
+		echo "<thead>\n<tr>\n";
+		echo "<th>".getMLText("name");
+		echo "</th>\n";
+		echo "</tr>\n</thead>\n<tbody>\n";
+		$dbversion = $dms->getDBVersion();
+		echo "<tr><td>".getMLText('seeddms_version')."</td><td>".$version->version()."</td></tr>\n";
+		if($user->isAdmin()) {
+			echo "<tr><td>".getMLText('database_schema_version')."</td><td>".$dbversion['major'].".".$dbversion['minor'].".".$dbversion['subminor']."</td></tr>\n";
+			foreach($seedextensions as $extname=>$extconf)
+				echo "<tr><td>".$extname."<br />".$extconf['title']."</td><td>".$extconf['version']."</td></tr>\n";
+		}
+		echo "</tbody>\n</table>\n";
+?>
+</div>
+<div class="span6">
+<?php
+		if($user->isAdmin()) {
+			$this->contentHeading(getMLText("php_info"));
+			echo "<table class=\"table table-condensed\">\n";
+			echo "<thead>\n<tr>\n";
+			echo "<th>".getMLText("name");
+			echo "</th>\n";
+			echo "</tr>\n</thead>\n<tbody>\n";
+			echo "<tr><td>PHP</td><td>".phpversion()."</td></tr>\n";
+			echo "<tr><td>Path to php.ini</td><td>".php_ini_loaded_file()."</td></tr>\n";
+			echo "</tbody>\n</table>\n";
+
+			$this->contentHeading(getMLText("installed_php_extensions"));
+			$phpextensions = get_loaded_extensions(false);
+			echo "<table class=\"table table-condensed\">\n";
+			echo "<thead>\n<tr>\n";
+			echo "<th>".getMLText("name");
+			echo "</th>\n";
+			echo "</tr>\n</thead>\n<tbody>\n";
+			foreach($phpextensions as $extname)
+				echo "<tr><td>".$extname."</td><td>"."</td></tr>\n";
+			echo "</tbody>\n</table>\n";
+
+			$this->contentHeading(getMLText("missing_php_extensions"));
+			echo "<table class=\"table table-condensed\">\n";
+			echo "<thead>\n<tr>\n";
+			echo "<th>".getMLText("name");
+			echo "</th>\n";
+			echo "</tr>\n</thead>\n<tbody>\n";
+			$requiredext = array('zip', 'xml', 'xsl', 'json', 'intl', 'fileinfo', 'mbstring', 'curl');
+			foreach(array_diff($requiredext, $phpextensions) as $extname)
+				echo "<tr><td>".$extname."</td><td>"."</td></tr>\n";
+			echo "</tbody>\n</table>\n";
+		}
+?>
+</div>
+</div>
+<?php
 		$this->contentContainerStart();
 		echo $version->banner();
 		$this->contentContainerEnd();

From f16d1821cc9bce4be6af0f7487cc4599741c1d50 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 16 Jun 2020 07:18:30 +0200
Subject: [PATCH 2/4] add start and end date to getDateChooser()

---
 views/bootstrap/class.Bootstrap.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index d22a64d67..cdc3d96c5 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -1096,13 +1096,13 @@ $(document).ready(function() {
 		echo self::getFileChooserHtml($varname, $multiple, $accept);
 	} /* }}} */
 
-	function printDateChooser($defDate = '', $varName, $lang='', $dateformat='yyyy-mm-dd') { /* {{{ */
-		echo self::getDateChooser($defDate, $varName, $lang, $dateformat);
+	function printDateChooser($defDate = '', $varName, $lang='', $dateformat='yyyy-mm-dd', $startdate='', $enddate='') { /* {{{ */
+		echo self::getDateChooser($defDate, $varName, $lang, $dateformat, $startdate, $enddate);
 	} /* }}} */
 
-	function getDateChooser($defDate = '', $varName, $lang='', $dateformat='yyyy-mm-dd') { /* {{{ */
+	function getDateChooser($defDate = '', $varName, $lang='', $dateformat='yyyy-mm-dd', $startdate='', $enddate='') { /* {{{ */
 		$content = '
-			<span class="input-append date span12 datepicker" id="'.$varName.'date" data-date="'.$defDate.'" data-selectmenu="presetexpdate" data-date-format="'.$dateformat.'"'.($lang ? 'data-date-language="'.str_replace('_', '-', $lang).'"' : '').'>
+			<span class="input-append date span12 datepicker" id="'.$varName.'date" data-date="'.$defDate.'" data-selectmenu="presetexpdate" data-date-format="'.$dateformat.'"'.($lang ? ' data-date-language="'.str_replace('_', '-', $lang).'"' : '').($startdate ? ' data-date-start-date="'.$startdate.'"' : '').($enddate ? ' data-date-end-date="'.$enddate.'"' : '').'>
 				<input class="span6" size="16" name="'.$varName.'" id="'.$varName.'" type="text" value="'.$defDate.'" autocomplete="off">
 				<span class="add-on"><i class="icon-calendar"></i></span>
 			</span>';

From 1ba42deef1f1f86466e9f75a98e7ceb87acfd1f8 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 16 Jun 2020 07:19:04 +0200
Subject: [PATCH 3/4] remove $user as it is not needed and causes a php warning

---
 views/bootstrap/class.ErrorDlg.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/views/bootstrap/class.ErrorDlg.php b/views/bootstrap/class.ErrorDlg.php
index a58366fc5..0c7a4aa57 100644
--- a/views/bootstrap/class.ErrorDlg.php
+++ b/views/bootstrap/class.ErrorDlg.php
@@ -33,7 +33,6 @@ class SeedDMS_View_ErrorDlg extends SeedDMS_Bootstrap_Style {
 
 	function show() { /* {{{ */
 		$dms = $this->params['dms'];
-		$user = $this->params['user'];
 		$pagetitle = $this->params['pagetitle'];
 		$errormsg = $this->params['errormsg'];
 		$plain = $this->params['plain'];

From b97387ecb13c150632cee8925e7d4abfb2fa5f9f Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 16 Jun 2020 12:12:50 +0200
Subject: [PATCH 4/4] set http status 403 if user is not admin, set status 500
 for some other errors

---
 restapi/index.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/restapi/index.php b/restapi/index.php
index 805f7cdbc..6fc693faf 100644
--- a/restapi/index.php
+++ b/restapi/index.php
@@ -1414,10 +1414,10 @@ function checkIfAdmin($request, $response) { /* {{{ */
     global $dms, $userobj;
 
     if(!$userobj) {
-        return $response->withJson(array('success'=>false, 'message'=>'Not logged in', 'data'=>''), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'Not logged in', 'data'=>''), 403);
     }
     if(!$userobj->isAdmin()) {
-        return $response->withJson(array('success'=>false, 'message'=>'You must be logged in with an administrator account to access this resource', 'data'=>''), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'You must be logged in with an administrator account to access this resource', 'data'=>''), 403);
     }
 
     return true;
@@ -1679,7 +1679,7 @@ function changeGroupMembership($request, $response, $args, $operationType) { /*
         {
             $message = 'Could not remove user from group.';
         }
-        return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''), 500);
     }
 
     $data = __getGroupData($group);
@@ -1847,7 +1847,7 @@ function changeFolderAccess($request, $response, $args, $operationType, $userOrG
         {
             $message = 'Could not remove user/group access from this folder.';
         }
-        return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''), 500);
     }
 
     $data = array();
@@ -2028,7 +2028,7 @@ function clearFolderAccessList($request, $response, $args) { /* {{{ */
         return $response->withStatus(404);
     }
     if (!$folder->clearAccessList()) {
-        return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. Could not clear access list for this folder.', 'data'=>''), 200);
+        return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. Could not clear access list for this folder.', 'data'=>''), 500);
     }
     return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>''), 200);
 } /* }}} */

".getMLText("name"); + echo "
".getMLText('seeddms_version')."	".$version->version()."
".getMLText('database_schema_version')."	".$dbversion['major'].".".$dbversion['minor'].".".$dbversion['subminor']."
".$extname." ".$extconf['title']."	".$extconf['version']."