From 352c3997bdd1c1561f0cc0332e9110caca199297 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 12 Mar 2024 15:57:47 +0100 Subject: [PATCH 01/25] fix check if current user is owner --- inc/inc.ClassNotificationService.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inc/inc.ClassNotificationService.php b/inc/inc.ClassNotificationService.php index 3da5f9152..8711a72b3 100644 --- a/inc/inc.ClassNotificationService.php +++ b/inc/inc.ClassNotificationService.php @@ -437,7 +437,7 @@ class SeedDMS_NotificationService { * the currently logged in user is not the * owner and the owner is not already in the list of notifiers. */ - if($user->getID() != $version->getUser()->getID() && $version->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($version->getUser(), $nl['users'])) + if($user->getID() != $version->getUser()->getID() && $version->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($version->getUser(), $nl['users'])) $this->toIndividual($user, $version->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); } /* }}} */ @@ -571,7 +571,7 @@ class SeedDMS_NotificationService { * the currently logged in user is not the * owner and the owner is not already in the list of notifiers. */ - if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) + if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); } /* }}} */ @@ -1011,7 +1011,7 @@ class SeedDMS_NotificationService { * the currently logged in user is not the * owner and the owner is not already in the list of notifiers. */ - if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) + if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); } /* }}} */ @@ -1130,7 +1130,7 @@ class SeedDMS_NotificationService { * the currently logged in user is not the * owner and the owner is not already in the list of notifiers. */ - if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) + if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); } /* }}} */ @@ -1166,7 +1166,7 @@ class SeedDMS_NotificationService { * the currently logged in user is not the * owner and the owner is not already in the list of notifiers. */ - if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) + if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); } /* }}} */ From 423ee97ef14c2f42cd40990f562b76c9fd78f76f Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 12 Mar 2024 15:58:46 +0100 Subject: [PATCH 02/25] add changes of 5.1.34 --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index 60cdd4c1c..a673f86ba 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -9,6 +9,7 @@ - documents can be updated by dragging a file on a document list item - dragging a folder on a folder list item oder the drag and drop area will recursively upload the folder hierarchy including all files +- fix checking if user is owner when sending notifications -------------------------------------------------------------------------------- Changes in version 5.1.33 From 81b45ceeffe0f6f60f8b2810c50e0f5c4f2d75ae Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 13 Mar 2024 09:29:39 +0100 Subject: [PATCH 03/25] do not show fast upload area if access on folder is insufficient --- CHANGELOG | 1 + views/bootstrap/class.ViewFolder.php | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a673f86ba..ae2e3307c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -10,6 +10,7 @@ - dragging a folder on a folder list item oder the drag and drop area will recursively upload the folder hierarchy including all files - fix checking if user is owner when sending notifications +- do not show fast upload area if access on folder is insufficient -------------------------------------------------------------------------------- Changes in version 5.1.33 diff --git a/views/bootstrap/class.ViewFolder.php b/views/bootstrap/class.ViewFolder.php index 30ad20424..37b39bed8 100644 --- a/views/bootstrap/class.ViewFolder.php +++ b/views/bootstrap/class.ViewFolder.php @@ -474,13 +474,13 @@ $('body').on('click', '.order-btn', function(ev) { $folder = $this->params['folder']; $maxuploadsize = $this->params['maxuploadsize']; - $this->contentHeading(getMLText("dropupload"), true); if ($folder->getAccessMode($user) >= M_READWRITE) { + $this->contentHeading(getMLText("dropupload"), true); ?>
SeedDMS_Core_File::format_filesize($maxuploadsize)]); ?>
errorMsg(getMLText('access_denied')); + //$this->errorMsg(getMLText('access_denied')); } } /* }}} */ From 935c9557f9c22d4398b49d73fc5dfac29c324f41 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 15 Mar 2024 07:08:28 +0100 Subject: [PATCH 04/25] getMandatoryReviewers() and getMandatoryApprovers() require 3 params --- restapi/index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/restapi/index.php b/restapi/index.php index d6854b6e5..2978e6915 100644 --- a/restapi/index.php +++ b/restapi/index.php @@ -728,13 +728,13 @@ class RestapiController { /* {{{ */ if($settings->_workflowMode == 'traditional' || $settings->_workflowMode == 'traditional_only_approval') { // add mandatory reviewers/approvers if($settings->_workflowMode == 'traditional') { - $mreviewers = getMandatoryReviewers($mfolder, $userobj); + $mreviewers = getMandatoryReviewers($mfolder, null, $userobj); if($mreviewers['i']) $reviewers['i'] = array_merge($reviewers['i'], $mreviewers['i']); if($mreviewers['g']) $reviewers['g'] = array_merge($reviewers['g'], $mreviewers['g']); } - $mapprovers = getMandatoryApprovers($mfolder, $userobj); + $mapprovers = getMandatoryApprovers($mfolder, null, $userobj); if($mapprovers['i']) $approvers['i'] = array_merge($approvers['i'], $mapprovers['i']); if($mapprovers['g']) From 996163f72fc589963f9c160f5be10cd85490a73b Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Mon, 18 Mar 2024 07:50:10 +0100 Subject: [PATCH 05/25] show parent folder in list of documents --- views/bootstrap/class.AttributeMgr.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/views/bootstrap/class.AttributeMgr.php b/views/bootstrap/class.AttributeMgr.php index 097069356..1fe5fddb7 100644 --- a/views/bootstrap/class.AttributeMgr.php +++ b/views/bootstrap/class.AttributeMgr.php @@ -142,10 +142,14 @@ $(document).ready( function() { print $this->folderListHeader(); print "\n"; foreach($res['folders'] as $subFolder) { - echo $this->folderListRow($subFolder); + $extracontent = array(); + $extracontent['below_title'] = $this->getListRowPath($subFolder); + echo $this->folderListRow($subFolder, false, $extracontent); } foreach($res['docs'] as $document) { - echo $this->documentListRow($document, $previewer); + $extracontent = array(); + $extracontent['below_title'] = $this->getListRowPath($document); + echo $this->documentListRow($document, $previewer, false, 0, $extracontent); } echo "\n\n"; @@ -161,7 +165,9 @@ $(document).ready( function() { print "\n\n\n"; foreach($res['contents'] as $content) { $doc = $content->getDocument(); - echo $this->documentListRow($doc, $previewer); + $extracontent = array(); + $extracontent['below_title'] = $this->getListRowPath($doc); + echo $this->documentListRow($doc, $previewer, false, 0, $extracontent); } print ""; } From 4e91604d445023acac1c3b54ce726fb7e71e7bcb Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Mon, 18 Mar 2024 10:38:33 +0100 Subject: [PATCH 06/25] show parent of document in list of linked documents --- views/bootstrap/class.ViewDocument.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/views/bootstrap/class.ViewDocument.php b/views/bootstrap/class.ViewDocument.php index 8adc1208c..3874ce92d 100644 --- a/views/bootstrap/class.ViewDocument.php +++ b/views/bootstrap/class.ViewDocument.php @@ -1605,7 +1605,9 @@ $(document).ready( function() { if(is_string($txt)) echo $txt; else { - echo $this->documentListRow($targetDoc, $previewer, true); + $extracontent = array(); + $extracontent['below_title'] = $this->getListRowPath($targetDoc); + echo $this->documentListRow($targetDoc, $previewer, true, 0, $extracontent); } print ""; print getMLText("document_link_by")." ".htmlspecialchars($responsibleUser->getFullName()); @@ -1671,7 +1673,9 @@ $(document).ready( function() { if(is_string($txt)) echo $txt; else { - echo $this->documentListRow($sourceDoc, $previewer, true); + $extracontent = array(); + $extracontent['below_title'] = $this->getListRowPath($sourceDoc); + echo $this->documentListRow($sourceDoc, $previewer, true, 0, $extracontent); } print ""; if (($user->getID() == $responsibleUser->getID()) || ($document->getAccessMode($user) == M_ALL )) From 88c49363acd3f92603df712eafc7707c92b17ca7 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Mon, 18 Mar 2024 13:54:35 +0100 Subject: [PATCH 07/25] document search show path of items --- op/op.Ajax.php | 3 ++- views/bootstrap/styles/application.js | 35 ++++++++++++++++++++------ views/bootstrap4/styles/application.js | 35 ++++++++++++++++++++------ 3 files changed, 58 insertions(+), 15 deletions(-) diff --git a/op/op.Ajax.php b/op/op.Ajax.php index 7c1078536..e91e2b71d 100644 --- a/op/op.Ajax.php +++ b/op/op.Ajax.php @@ -114,7 +114,8 @@ switch($command) { $result = array(); foreach($hits['docs'] as $hit) { if($hit->getAccessMode($user, 'search') >= M_READ) { - $result[] = $hit->getID().'#'.$hit->getName(); +// $result[] = $hit->getID().'#'.$hit->getName(); + $result[] = array('type'=>'D', 'id'=>$hit->getId(), 'name'=>htmlspecialchars($hit->getName()), 'path'=>htmlspecialchars($hit->getParent()->getFolderPathPlain(true, '/'))); } } header('Content-Type: application/json'); diff --git a/views/bootstrap/styles/application.js b/views/bootstrap/styles/application.js index c03ec5225..a5d2133f1 100644 --- a/views/bootstrap/styles/application.js +++ b/views/bootstrap/styles/application.js @@ -186,21 +186,42 @@ function initMost() { }); }, /* updater is called when the item in the list is clicked. It is - * actually provided to update the input field where you type, but here - * we use it to update a second input field with the doc id. */ + * provided to update the input field where you type. */ updater: function (item) { - strarr = item.value.split("#"); target = this.$element.data('target'); - $('#'+target).attr('value', strarr[0]); - return strarr[1]; + $('#'+target).attr('value', item.id); + return item.value; + }, + sorter: function(items) { + return items; }, /* Set a matcher that allows any returned value */ matcher : function (item) { return true; }, highlighter : function (item) { - strarr = item.split("#"); - return ' ' + strarr[1].replace(/ ' + item.name.replace(/' + item.path + '' : ''); + }, + /* This only works with a modified version of bootstrap typeahead located + * in boostrap-typeahead.js Search for 'render' + * The line + * this.render = this.options.render || this.render + * was added to bootstrap-typeahead.js + * The following function is a copy of the original render function but + * access item.name instead of item + */ + render : function (items) { + var that = this + + items = $(items).map(function (i, item) { + i = $(that.options.item).attr('data-value', item.name).attr('data-id', item.id).attr('data-type', item.type); + i.find('a').html(that.highlighter(item)) + return i[0] + }) + + items.first().addClass('active') + this.$menu.html(items) + return this } }); /* }}} */ diff --git a/views/bootstrap4/styles/application.js b/views/bootstrap4/styles/application.js index ae87f474a..d2375d10a 100644 --- a/views/bootstrap4/styles/application.js +++ b/views/bootstrap4/styles/application.js @@ -193,21 +193,42 @@ function initMost() { }); }, /* updater is called when the item in the list is clicked. It is - * actually provided to update the input field where you type, but here - * we use it to update a second input field with the doc id. */ + * provided to update the input field where you type. */ updater: function (item) { - strarr = item.value.split("#"); target = this.$element.data('target'); - $('#'+target).attr('value', strarr[0]); - return strarr[1]; + $('#'+target).attr('value', item.id); + return item.value; + }, + sorter: function(items) { + return items; }, /* Set a matcher that allows any returned value */ matcher : function (item) { return true; }, highlighter : function (item) { - strarr = item.split("#"); - return ' ' + strarr[1].replace(/ ' + item.name.replace(/' + item.path + '' : ''); + }, + /* This only works with a modified version of bootstrap typeahead located + * in boostrap-typeahead.js Search for 'render' + * The line + * this.render = this.options.render || this.render + * was added to bootstrap-typeahead.js + * The following function is a copy of the original render function but + * access item.name instead of item + */ + render : function (items) { + var that = this + + items = $(items).map(function (i, item) { + i = $(that.options.item).attr('data-value', item.name).attr('data-id', item.id).attr('data-type', item.type); + i.find('a').html(that.highlighter(item)) + return i[0] + }) + + items.first().addClass('active') + this.$menu.html(items) + return this } }); /* }}} */ From 18715fe4fac2a0bb48a724b15b03231a44e55279 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 14:01:52 +0100 Subject: [PATCH 08/25] check more error codes in attribute validation --- inc/inc.Language.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/inc/inc.Language.php b/inc/inc.Language.php index 64489d93e..8c9ceb59d 100644 --- a/inc/inc.Language.php +++ b/inc/inc.Language.php @@ -333,10 +333,24 @@ function getAttributeValidationText($error, $attrname='', $attrvalue='', $regex= } /* }}} */ function getAttributeValidationError($error, $attrname='', $attrvalue='', $regex='') { /* {{{ */ + if(is_object($attrvalue)) + $attrvalue = $attrvalue->getId(); switch($error) { - case 10: + case 14: return array("attr_not_in_valueset", array('attrname'=>$attrname, 'value'=>$attrvalue)); break; + case 13: + return array("attr_not_a_group", array('attrname'=>$attrname, 'value'=>$attrvalue)); + break; + case 12: + return array("attr_not_a_user", array('attrname'=>$attrname, 'value'=>$attrvalue)); + break; + case 11: + return array("attr_not_a_folder", array('attrname'=>$attrname, 'value'=>$attrvalue)); + break; + case 10: + return array("attr_not_a_document", array('attrname'=>$attrname, 'value'=>$attrvalue)); + break; case 9: return array("attr_malformed_date", array('attrname'=>$attrname, 'value'=>$attrvalue)); break; From 5235a859fc8d54c0eba875dadd01a47186b33ac4 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 14:02:24 +0100 Subject: [PATCH 09/25] add comment how $tmpDN is used --- inc/inc.ClassLdapAuthentication.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inc/inc.ClassLdapAuthentication.php b/inc/inc.ClassLdapAuthentication.php index ff4eb17b9..b5f69cc92 100644 --- a/inc/inc.ClassLdapAuthentication.php +++ b/inc/inc.ClassLdapAuthentication.php @@ -127,6 +127,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { */ if (isset($settings->_ldapBaseDN)) { $ldapSearchAttribut = "uid="; + /* $tmpDN will only be used as a last resort if searching for the user failed */ $tmpDN = "uid=".$username.",".$settings->_ldapBaseDN; } @@ -134,6 +135,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { if (isset($settings->_ldapType)) { if ($settings->_ldapType==1) { $ldapSearchAttribut = "sAMAccountName="; + /* $tmpDN will only be used as a last resort if searching for the user failed */ $tmpDN = $username.'@'.$settings->_ldapAccountDomainName; // Add the following if authentication with an Active Dir doesn't work // See https://sourceforge.net/p/seeddms/discussion/general/thread/19c70d8d/ From 39ded6779d52ad0d3e183fc834eee34ca150749b Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 14:04:56 +0100 Subject: [PATCH 10/25] check if attribute is aof type document or folder and multivalue --- op/op.AttributeMgr.php | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/op/op.AttributeMgr.php b/op/op.AttributeMgr.php index 24b94a0eb..8eccffc1d 100644 --- a/op/op.AttributeMgr.php +++ b/op/op.AttributeMgr.php @@ -73,8 +73,13 @@ if ($action == "addattrdef") { if($minvalues > $maxvalues) { UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max")); } - if($multiple && $valueset == '' && !in_array($type, array(SeedDMS_Core_AttributeDefinition::type_user, SeedDMS_Core_AttributeDefinition::type_group))) { - UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_needs_valueset")); + if($multiple) { + if(in_array($type, array(SeedDMS_Core_AttributeDefinition::type_document, SeedDMS_Core_AttributeDefinition::type_folder))) { + UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_but_doc_or_folder")); + } + if($valueset == '' && !in_array($type, array(SeedDMS_Core_AttributeDefinition::type_user, SeedDMS_Core_AttributeDefinition::type_group))) { + UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_needs_valueset")); + } } $controller->setParam('name', $name); @@ -150,8 +155,13 @@ else if ($action == "editattrdef") { if($minvalues > $maxvalues) { UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max")); } - if($multiple && $valueset == '' && !in_array($type, array(SeedDMS_Core_AttributeDefinition::type_user, SeedDMS_Core_AttributeDefinition::type_group))) { - UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_needs_valueset")); + if($multiple) { + if(in_array($type, array(SeedDMS_Core_AttributeDefinition::type_document, SeedDMS_Core_AttributeDefinition::type_folder))) { + UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_but_doc_or_folder")); + } + if($valueset == '' && !in_array($type, array(SeedDMS_Core_AttributeDefinition::type_user, SeedDMS_Core_AttributeDefinition::type_group))) { + UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_needs_valueset")); + } } $controller->setParam('name', $name); From 825186a046582a0eca25241107878f86bd8a0a01 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 15:28:58 +0100 Subject: [PATCH 11/25] set default lang in login form if language selector is turned off --- out/out.Login.php | 1 + views/bootstrap/class.Login.php | 3 +++ 2 files changed, 4 insertions(+) diff --git a/out/out.Login.php b/out/out.Login.php index d3307be62..f669696ca 100644 --- a/out/out.Login.php +++ b/out/out.Login.php @@ -58,6 +58,7 @@ if($view) { $view->setParam('languages', getLanguages()); $view->setParam('enablelanguageselector', $settings->_enableLanguageSelector); $view->setParam('enablethemeselector', $settings->_enableThemeSelector); + $view->setParam('defaultlanguage', $settings->_language); $view($_GET); exit; } diff --git a/views/bootstrap/class.Login.php b/views/bootstrap/class.Login.php index 1c3760767..2ca2f60a2 100644 --- a/views/bootstrap/class.Login.php +++ b/views/bootstrap/class.Login.php @@ -88,6 +88,7 @@ $(document).ready( function() { $themes = $this->params['themes']; $msg = $this->params['msg']; $languages = $this->params['languages']; + $defaultlanguage = $this->params['defaultlanguage']; $enableLanguageSelector = $this->params['enablelanguageselector']; $enableThemeSelector = $this->params['enablethemeselector']; @@ -147,6 +148,8 @@ $(document).ready( function() { 'options'=>$options ) ); + } elseif($defaultlanguage) { + echo ""; } if($enableThemeSelector) { $options = array(); From 20e61d16910681db936d86107060f1cef4e5eb5b Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 16:19:53 +0100 Subject: [PATCH 12/25] send status changes to uploader of document --- inc/inc.ClassNotificationService.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inc/inc.ClassNotificationService.php b/inc/inc.ClassNotificationService.php index 8711a72b3..887df64c1 100644 --- a/inc/inc.ClassNotificationService.php +++ b/inc/inc.ClassNotificationService.php @@ -576,7 +576,7 @@ class SeedDMS_NotificationService { } /* }}} */ /** - * This notification is sent when a new attachment is created. + * This notification is sent when an attachment is deleted. */ public function sendDeleteFileMail($file, $user) { /* {{{ */ $document = $file->getDocument(); @@ -814,10 +814,10 @@ class SeedDMS_NotificationService { $params['sitename'] = $this->settings->_siteName; $params['http_root'] = $this->settings->_httpRoot; - // if user is not owner send notification to owner - if ($user->getID() != $document->getOwner()->getID() && - false === SeedDMS_Core_DMS::inList($document->getOwner(), $notifyList['users'])) { - $this->toIndividual($user, $document->getOwner(), $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER); + // if user is not uploader of the version send notification to uploader + if ($user->getID() != $content->getUser()->getID() && + false === SeedDMS_Core_DMS::inList($content->getUser(), $notifyList['users'])) { + $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); } $this->toList($user, $notifyList["users"], $subject, $message, $params, SeedDMS_NotificationService::RECV_NOTIFICATION); foreach ($notifyList["groups"] as $grp) { From 7c07fba0baaa6c63e82032a748cba657042244b3 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 16:21:00 +0100 Subject: [PATCH 13/25] do not send submitted approval/review mail to owner --- inc/inc.ClassNotificationService.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inc/inc.ClassNotificationService.php b/inc/inc.ClassNotificationService.php index 887df64c1..fab12be73 100644 --- a/inc/inc.ClassNotificationService.php +++ b/inc/inc.ClassNotificationService.php @@ -1123,8 +1123,10 @@ class SeedDMS_NotificationService { /* Send mail to owner only if the currently logged in user is not the * owner and the owner is not already in the list of notifiers. */ + /* if($user->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($document->getOwner(), $nl['users'])) $this->toIndividual($user, $document->getOwner(), $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER); + */ /* Send mail to uploader of version only if the uploader is not the owner and * the currently logged in user is not the @@ -1159,8 +1161,10 @@ class SeedDMS_NotificationService { /* Send mail to owner only if the currently logged in user is not the * owner and the owner is not already in the list of notifiers. */ + /* if($user->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($document->getOwner(), $nl['users'])) $this->toIndividual($user, $document->getOwner(), $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER); + */ /* Send mail to uploader of version only if the uploader is not the owner and * the currently logged in user is not the From 6490052342c765651127842ff1fcf7ed9f554075 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 16:23:57 +0100 Subject: [PATCH 14/25] do not check if owner has got submitted review/approval email, because owners not longer receive that mail --- inc/inc.ClassNotificationService.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/inc.ClassNotificationService.php b/inc/inc.ClassNotificationService.php index fab12be73..aef7df339 100644 --- a/inc/inc.ClassNotificationService.php +++ b/inc/inc.ClassNotificationService.php @@ -1132,7 +1132,7 @@ class SeedDMS_NotificationService { * the currently logged in user is not the * owner and the owner is not already in the list of notifiers. */ - if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) + if($user->getID() != $content->getUser()->getID() /* && $content->getUser()->getID() != $document->getOwner()->getID() */ && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); } /* }}} */ @@ -1170,7 +1170,7 @@ class SeedDMS_NotificationService { * the currently logged in user is not the * owner and the owner is not already in the list of notifiers. */ - if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) + if($user->getID() != $content->getUser()->getID() /* && $content->getUser()->getID() != $document->getOwner()->getID() */ && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); } /* }}} */ From e383f8be117287f5400b885464dd958b176bdac2 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 16:28:29 +0100 Subject: [PATCH 15/25] add changes for 5.1.34 --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index ae2e3307c..b92a7aea3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -11,6 +11,9 @@ recursively upload the folder hierarchy including all files - fix checking if user is owner when sending notifications - do not show fast upload area if access on folder is insufficient +- do not send notification mail 'submitted review/approval' to owner of + document, still send it to uploader of version +- set default language in login form if language selector is turned off -------------------------------------------------------------------------------- Changes in version 5.1.33 From 0017137d0beb0d58c3bc0896988c9b0c00ebe9b4 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 17:05:41 +0100 Subject: [PATCH 16/25] allow login by email if turned on in configuration --- inc/inc.ClassDbAuthentication.php | 5 +++++ inc/inc.ClassSettings.php | 4 ++++ op/op.Settings.php | 1 + views/bootstrap/class.Settings.php | 1 + 4 files changed, 11 insertions(+) diff --git a/inc/inc.ClassDbAuthentication.php b/inc/inc.ClassDbAuthentication.php index 2d65e8516..0c7eaad4f 100644 --- a/inc/inc.ClassDbAuthentication.php +++ b/inc/inc.ClassDbAuthentication.php @@ -47,6 +47,11 @@ class SeedDMS_DbAuthentication extends SeedDMS_Authentication { if($user = $dms->getUserByLogin($username)) { $userid = $user->getID(); + // Check if password matches + if (!seed_pass_verify($password, $user->getPwd())) { + $user = null; + } + } elseif(!empty($this->settings->_enableLoginByEmail) && ($user = $dms->getUserByEmail($username))) { // Check if password matches if (!seed_pass_verify($password, $user->getPwd())) { $user = null; diff --git a/inc/inc.ClassSettings.php b/inc/inc.ClassSettings.php index 39b8ec88e..b0fa9da5e 100644 --- a/inc/inc.ClassSettings.php +++ b/inc/inc.ClassSettings.php @@ -45,6 +45,8 @@ class Settings { /* {{{ */ var $_enableGuestLogin = false; // If you even want guest to be logged in automatically, set the following to true var $_enableGuestAutoLogin = false; + // If you want to allow login by email, set the following to true + var $_enableLoginByEmail = false; // Allow users to reset their password var $_enablePasswordForgotten = false; // Do not allow users to change password @@ -627,6 +629,7 @@ class Settings { /* {{{ */ $tab = $node[0]->attributes(); $this->_enableGuestLogin = Settings::boolVal($tab["enableGuestLogin"]); $this->_enableGuestAutoLogin = Settings::boolVal($tab["enableGuestAutoLogin"]); + $this->_enableLoginByEmail = Settings::boolVal($tab["enableLoginByEmail"]); $this->_enablePasswordForgotten = Settings::boolVal($tab["enablePasswordForgotten"]); $this->_passwordStrength = intval($tab["passwordStrength"]); $this->_passwordStrengthAlgorithm = strval($tab["passwordStrengthAlgorithm"]); @@ -1011,6 +1014,7 @@ class Settings { /* {{{ */ $node = $this->getXMLNode($xml, '/configuration/system', 'authentication'); $this->setXMLAttributValue($node, "enableGuestLogin", $this->_enableGuestLogin); $this->setXMLAttributValue($node, "enableGuestAutoLogin", $this->_enableGuestAutoLogin); + $this->setXMLAttributValue($node, "enableLoginByEmail", $this->_enableLoginByEmail); $this->setXMLAttributValue($node, "enablePasswordForgotten", $this->_enablePasswordForgotten); $this->setXMLAttributValue($node, "passwordStrength", $this->_passwordStrength); $this->setXMLAttributValue($node, "passwordStrengthAlgorithm", $this->_passwordStrengthAlgorithm); diff --git a/op/op.Settings.php b/op/op.Settings.php index 351d1560b..1ac008924 100644 --- a/op/op.Settings.php +++ b/op/op.Settings.php @@ -193,6 +193,7 @@ if ($action == "saveSettings") // SETTINGS - SYSTEM - AUTHENTICATION setBoolValue("enableGuestLogin"); setBoolValue("enableGuestAutoLogin"); + setBoolValue("enableLoginByEmail"); setBoolValue("restricted"); setBoolValue("enableUserImage"); setBoolValue("disableSelfEdit"); diff --git a/views/bootstrap/class.Settings.php b/views/bootstrap/class.Settings.php index f82a9ac1e..2791c335d 100644 --- a/views/bootstrap/class.Settings.php +++ b/views/bootstrap/class.Settings.php @@ -479,6 +479,7 @@ if(($kkk = $this->callHook('getFullSearchEngine')) && is_array($kkk)) showConfigHeadline('settings_Authentication'); ?> showConfigCheckbox('settings_enableGuestLogin', 'enableGuestLogin'); ?> showConfigCheckbox('settings_enableGuestAutoLogin', 'enableGuestAutoLogin'); ?> +showConfigCheckbox('settings_enableLoginByEmail', 'enableLoginByEmail'); ?> showConfigCheckbox('settings_restricted', 'restricted'); ?> showConfigCheckbox('settings_enableUserImage', 'enableUserImage'); ?> showConfigCheckbox('settings_disableSelfEdit', 'disableSelfEdit'); ?> From 2b7f90991aaeea78c8c60973a69d4be8f79d1946 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 20 Mar 2024 18:21:22 +0100 Subject: [PATCH 17/25] support login by email --- inc/inc.ClassLdapAuthentication.php | 52 ++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/inc/inc.ClassLdapAuthentication.php b/inc/inc.ClassLdapAuthentication.php index b5f69cc92..db9ae1449 100644 --- a/inc/inc.ClassLdapAuthentication.php +++ b/inc/inc.ClassLdapAuthentication.php @@ -126,7 +126,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { * look like if searching for that user didn't return a dn. */ if (isset($settings->_ldapBaseDN)) { - $ldapSearchAttribut = "uid="; + $ldapSearchAttribut = "uid"; /* $tmpDN will only be used as a last resort if searching for the user failed */ $tmpDN = "uid=".$username.",".$settings->_ldapBaseDN; } @@ -134,7 +134,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { /* Active directory has a different base dn */ if (isset($settings->_ldapType)) { if ($settings->_ldapType==1) { - $ldapSearchAttribut = "sAMAccountName="; + $ldapSearchAttribut = "sAMAccountName"; /* $tmpDN will only be used as a last resort if searching for the user failed */ $tmpDN = $username.'@'.$settings->_ldapAccountDomainName; // Add the following if authentication with an Active Dir doesn't work @@ -157,7 +157,21 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { } else { $bind = @ldap_bind($ds); } + $dn = false; + + /* The simplest search is just the username */ + $ldapsearchterm = $ldapSearchAttribut.'='.$username; + /* If login by email is allowed, the search for user name is ored with + * the search for the email. + */ + if($settings->_enableLoginByEmail) { + $ldapsearchterm = "|(".$ldapsearchterm.")(mail=".$username.")"; + } + /* If a ldap filter is set, it will be anded */ + if($settings->_ldapFilter) { + $ldapsearchterm = "&(".$ldapsearchterm.")".$settings->_ldapFilter; + } /* If bind succeed, then get the dn of the user. If a filter * is set, it will be used to allow only those users to log in * matching the filter criteria. Depending on the type of server, @@ -165,19 +179,32 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { * 'sAMAccountName=' or 'uid='. All other filters are ANDed. * A common filter is '(mail=*)' to ensure a user has an email * address. + * If the previous bind failed, we could try later to bind with + * the user's credentials (this was until 6.0.26 and 5.1.33 the case), + * but if login by email is allowed, it makes no sense to try it. The + * only way to bind is by using a correct dn and that cannot be + * formed with an email. */ if ($bind) { + /* if (!empty($settings->_ldapFilter)) { - $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")"); + $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.'='.$username.")".$settings->_ldapFilter.")"); } else { - $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$username); + $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.'='.$username); } + */ + $search = ldap_search($ds, $settings->_ldapBaseDN, "(".$ldapsearchterm.")"); if (!is_bool($search)) { $info = ldap_get_entries($ds, $search); if (!is_bool($info) && $info["count"]>0) { $dn = $info[0]['dn']; + /* Set username to login name in case the email was used for authentication */ + $username = $info[0][$ldapSearchAttribut][0]; } } + } elseif(!empty($settings->_enableLoginByEmail)) { + ldap_close($ds); + return null; } /* If the previous bind failed, try it with the users creditionals @@ -190,8 +217,10 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { * If that user was filtered out, because filter was set to '(mail=*)' * and the user doesn't have a mail address, then $dn will not be * set and $tmpDN will be used instead, allowing a successfull bind. + * Also do not take the $tmpDN if login by email is allowed, because + * the username could be the email and that doesn't form a valid dn. */ - if (is_bool($dn) && empty($settings->_ldapFilter)) { + if (is_bool($dn) && empty($settings->_ldapFilter) && empty($settings->_enableLoginByEmail)) { $dn = $tmpDN; } @@ -203,6 +232,9 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { /* Check if user already exists in the database. Return with an error * only if the sql statements fails, but not if no user was found. + * The username may not be the one passed to this function anymore. It + * could have been overwritten by uid (or sAMAccountName) derived from + * the above ldap search. */ $user = $dms->getUserByLogin($username); if($user === false) { @@ -219,13 +251,15 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { // Successfully authenticated. Now check to see if the user exists within // the database. If not, add them in if _restricted is not set, - // but do not add their password. + // but do not set the password of the user. if (!$settings->_restricted) { - // Retrieve the user's LDAP information. + /* Retrieve the user's LDAP information. At this time the username is + * the uid or sAMAccountName, even if the email was used for login. + */ if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) { - $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")"); + $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.'='.$username.")".$settings->_ldapFilter.")"); } else { - $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$username); + $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.'='.$username); } if (!is_bool($search)) { From 28aaf8e28feb29b8788e5b49939ac36b23749486 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 21 Mar 2024 08:23:08 +0100 Subject: [PATCH 18/25] users will see only their own notifications --- views/bootstrap/class.DocumentNotify.php | 20 ++++++++++---------- views/bootstrap/class.FolderNotify.php | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/views/bootstrap/class.DocumentNotify.php b/views/bootstrap/class.DocumentNotify.php index a6463abcf..2404ec5e6 100644 --- a/views/bootstrap/class.DocumentNotify.php +++ b/views/bootstrap/class.DocumentNotify.php @@ -151,10 +151,10 @@ $(document).ready( function() { } else { print "\n"; foreach ($notifyList["users"] as $userNotify) { - print ""; - print ""; - print ""; if ($user->isAdmin() || $user->getID() == $userNotify->getID()) { + print ""; + print ""; + print ""; print "\n"; echo createHiddenFieldWithKey('documentnotify')."\n"; print "getID()."\">\n"; @@ -164,14 +164,14 @@ $(document).ready( function() { print ""; print ""; print "\n"; - }else print ""; - print ""; + print ""; + } } foreach ($notifyList["groups"] as $groupNotify) { - print ""; - print ""; - print ""; if ($user->isAdmin() || $groupNotify->isMember($user,true)) { + print ""; + print ""; + print ""; print "\n"; echo createHiddenFieldWithKey('documentnotify')."\n"; print "getID()."\">\n"; @@ -181,8 +181,8 @@ $(document).ready( function() { print ""; print ""; print "\n"; - }else print ""; - print ""; + print ""; + } } print "
" . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "
" . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "
" . htmlspecialchars($groupNotify->getName()) . "
" . htmlspecialchars($groupNotify->getName()) . "
\n"; } diff --git a/views/bootstrap/class.FolderNotify.php b/views/bootstrap/class.FolderNotify.php index 56a7a5961..ada8b3d4e 100644 --- a/views/bootstrap/class.FolderNotify.php +++ b/views/bootstrap/class.FolderNotify.php @@ -151,10 +151,10 @@ $(document).ready(function() { } else { print "\n"; foreach ($notifyList["users"] as $userNotify) { - print ""; - print ""; - print ""; if ($user->isAdmin() || $user->getID() == $userNotify->getID()) { + print ""; + print ""; + print ""; print "\n"; echo createHiddenFieldWithKey('foldernotify')."\n"; print "getID()."\">\n"; @@ -164,14 +164,14 @@ $(document).ready(function() { print ""; print ""; print "\n"; - }else print ""; - print ""; + print ""; + } } foreach ($notifyList["groups"] as $groupNotify) { - print ""; - print ""; - print ""; if ($user->isAdmin() || $groupNotify->isMember($user,true)) { + print ""; + print ""; + print ""; print "\n"; echo createHiddenFieldWithKey('foldernotify')."\n"; print "getID()."\">\n"; @@ -181,8 +181,8 @@ $(document).ready(function() { print ""; print ""; print "\n"; - }else print ""; - print ""; + print ""; + } } print "
" . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "
" . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "
" . htmlspecialchars($groupNotify->getName()) . "
" . htmlspecialchars($groupNotify->getName()) . "
\n"; } From 6cb356454f535c59e8a68485876673e165f2f8c4 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 21 Mar 2024 08:24:43 +0100 Subject: [PATCH 19/25] fix label of menu item for notifications --- views/bootstrap/class.Bootstrap.php | 4 ++-- views/bootstrap4/class.Bootstrap4.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index 85ee1100a..37cfe7de5 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -713,7 +713,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);; $menuitems['edit_folder_access'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderAccess.php?folderid=".$folderID."&showtree=".showtree(), 'label'=>getMLText('edit_folder_access')); } if ($accessobject->check_view_access('FolderNotify')) - $menuitems['edit_existing_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>getMLText('edit_existing_notify')); + $menuitems['edit_folder_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>getMLText('edit_folder_notify')); } if($enableClipboard) { $menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'F'.$folder->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard")); @@ -782,7 +782,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);; } if ($accessMode >= M_READ && !$this->params['user']->isGuest()) { if ($accessobject->check_view_access('DocumentNotify')) - $menuitems['edit_existing_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.DocumentNotify". $docid, 'label'=>getMLText('edit_existing_notify')); + $menuitems['edit_document_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.DocumentNotify". $docid, 'label'=>getMLText('edit_document_notify')); } if($enableClipboard) { $menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'D'.$document->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard")); diff --git a/views/bootstrap4/class.Bootstrap4.php b/views/bootstrap4/class.Bootstrap4.php index 797d11343..8116d8d5f 100644 --- a/views/bootstrap4/class.Bootstrap4.php +++ b/views/bootstrap4/class.Bootstrap4.php @@ -716,7 +716,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);; $menuitems['edit_folder_access'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderAccess.php?folderid=".$folderID."&showtree=".showtree(), 'label'=>getMLText('edit_folder_access')); } if ($accessobject->check_view_access('FolderNotify')) - $menuitems['edit_existing_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>getMLText('edit_existing_notify')); + $menuitems['edit_folder_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>getMLText('edit_folder_notify')); } if($enableClipboard) { $menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'F'.$folder->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard")); @@ -781,7 +781,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);; } if ($accessMode >= M_READ && !$this->params['user']->isGuest()) { if ($accessobject->check_view_access('DocumentNotify')) - $menuitems['edit_existing_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.DocumentNotify". $docid, 'label'=>getMLText('edit_existing_notify')); + $menuitems['edit_document_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.DocumentNotify". $docid, 'label'=>getMLText('edit_document_notify')); } if($enableClipboard) { $menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'D'.$document->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard")); From 7bdfd5f88fe7996501dd87f2acc6142321860feb Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 22 Mar 2024 10:01:19 +0100 Subject: [PATCH 20/25] code cleanup --- op/op.DocumentNotify.php | 24 +++++++++++++----------- op/op.FolderNotify.php | 22 +++++++++++++--------- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/op/op.DocumentNotify.php b/op/op.DocumentNotify.php index e0ba58116..2ba2a5d64 100644 --- a/op/op.DocumentNotify.php +++ b/op/op.DocumentNotify.php @@ -52,37 +52,39 @@ $action = $_POST["action"]; if (isset($_POST["userid"]) && (!is_numeric($_POST["userid"]) || $_POST["userid"]<-1)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("unknown_user")); } +$userid = isset($_POST["userid"]) ? $_POST["userid"] : -1; -$userid = 0; -if(isset($_POST["userid"])) - $userid = $_POST["userid"]; +if ($userid > 0){ + $u=$dms->getUser($userid); + if (($u->getId() != $user->getId()) && !$user->isAdmin()) + UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); +} if (isset($_POST["groupid"]) && (!is_numeric($_POST["groupid"]) || $_POST["groupid"]<-1)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("unknown_group")); } -if(isset($_POST["groupid"])) - $groupid = $_POST["groupid"]; +$groupid = isset($_POST["groupid"]) ? $_POST["groupid"] : -1; -if (isset($_POST["groupid"])&&$_POST["groupid"]!=-1){ +if ($groupid > 0){ $group=$dms->getGroup($groupid); if (!$group->isMember($user,true) && !$user->isAdmin()) UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } $folder = $document->getFolder(); -$docPathHTML = getFolderPathHTML($folder, true). " / ".$document->getName().""; if ($document->getAccessMode($user) < M_READ) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } // delete notification -if ($action == "delnotify"){ - if ($userid) { +if ($action == "delnotify") { + + if ($userid > 0) { $obj = $dms->getUser($userid); $res = $document->removeNotify($userid, true); - } elseif (isset($groupid)) { + } elseif ($groupid > 0) { $obj = $dms->getGroup($groupid); $res = $document->removeNotify($groupid, false); } @@ -137,7 +139,7 @@ else if ($action == "addnotify") { break; } } - if ($groupid != -1) { + if ($groupid > 0) { $res = $document->addNotify($groupid, false); switch ($res) { case -1: diff --git a/op/op.FolderNotify.php b/op/op.FolderNotify.php index 903b9dc03..4156e00f1 100644 --- a/op/op.FolderNotify.php +++ b/op/op.FolderNotify.php @@ -53,19 +53,24 @@ if (isset($_POST["userid"]) && (!is_numeric($_POST["userid"]) || $_POST["userid" } $userid = isset($_POST["userid"]) ? $_POST["userid"] : -1; +if ($userid > 0){ + $u=$dms->getUser($userid); + if (($u->getId() != $user->getId()) && !$user->isAdmin()) + UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); +} + if (isset($_POST["groupid"]) && (!is_numeric($_POST["groupid"]) || $_POST["groupid"]<-1)) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_group")); } + $groupid = isset($_POST["groupid"]) ? $_POST["groupid"] : -1; -if (isset($_POST["groupid"])&&$_POST["groupid"]!=-1){ +if ($groupid > 0){ $group=$dms->getGroup($groupid); if (!$group->isMember($user,true) && !$user->isAdmin()) UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } -$folderPathHTML = getFolderPathHTML($folder, true); - if ($folder->getAccessMode($user) < M_READ) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } @@ -74,12 +79,11 @@ if ($folder->getAccessMode($user) < M_READ) { if ($action == "delnotify") { if ($userid > 0) { - $res = $folder->removeNotify($userid, true); $obj = $dms->getUser($userid); - } - elseif ($groupid > 0) { - $res = $folder->removeNotify($groupid, false); + $res = $folder->removeNotify($userid, true); + } elseif ($groupid > 0) { $obj = $dms->getGroup($groupid); + $res = $folder->removeNotify($groupid, false); } switch ($res) { case -1: @@ -106,7 +110,7 @@ if ($action == "delnotify") { // Add notification ---------------------------------------------------------- else if ($action == "addnotify") { - if ($userid != -1) { + if ($userid > 0) { $res = $folder->addNotify($userid, true); switch ($res) { case -1: @@ -132,7 +136,7 @@ else if ($action == "addnotify") { break; } } - if ($groupid != -1) { + if ($groupid > 0) { $res = $folder->addNotify($groupid, false); switch ($res) { case -1: From 39179d605627d1b40c7ee826c7bf42d6da735adb Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 22 Mar 2024 10:02:37 +0100 Subject: [PATCH 21/25] show login name of user --- views/bootstrap/class.GroupMgr.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/views/bootstrap/class.GroupMgr.php b/views/bootstrap/class.GroupMgr.php index e0cb49596..7d9e0e939 100644 --- a/views/bootstrap/class.GroupMgr.php +++ b/views/bootstrap/class.GroupMgr.php @@ -208,7 +208,7 @@ $(document).ready( function() { print ""; print ""; - print "" . htmlspecialchars($member->getFullName()) . ""; + print "" . htmlspecialchars($member->getFullName()." (".$member->getLogin().")") ."
".htmlspecialchars($member->getEmail()). ""; print "" . ($group->isMember($member,true)?getMLText("manager"):" ") . ""; print ""; print "
getID()."\" />getID()."\" />".createHiddenFieldWithKey('rmmember')."
"; From 637476f0a98860e08ffe8763a68cccfbc85f5f64 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 22 Mar 2024 10:03:40 +0100 Subject: [PATCH 22/25] fix button to remove membership, show login of user --- views/bootstrap/class.GroupView.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/views/bootstrap/class.GroupView.php b/views/bootstrap/class.GroupView.php index 8e7745a3c..d4070eea4 100644 --- a/views/bootstrap/class.GroupView.php +++ b/views/bootstrap/class.GroupView.php @@ -79,14 +79,14 @@ $(document).ready( function() { foreach ($members as $member) { $memberids[] = $member->getId(); - echo "
  • ".htmlspecialchars($member->getFullName()); + echo "
  • ".htmlspecialchars($member->getFullName().", ".$member->getLogin()); if ($member->getEmail()!="") echo " (getEmail())."\">".htmlspecialchars($member->getEmail()).")"; foreach($managers as $manager) if($manager->getId() == $member->getId()) echo ", ".getMLText("manager"); if($ismanager && $member->getId() != $user->getId()) { - echo ' '.getMLText("rm_user").''; + echo ' '.getMLText("rm_user").''; } echo "
    • "; } From 78afbe869957093c6457c1eb9925d17fcb3b12dc Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 22 Mar 2024 10:04:59 +0100 Subject: [PATCH 23/25] take enableusersview into account (currently disabled) --- views/bootstrap/class.DocumentNotify.php | 6 ++++-- views/bootstrap/class.FolderNotify.php | 8 ++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/views/bootstrap/class.DocumentNotify.php b/views/bootstrap/class.DocumentNotify.php index 2404ec5e6..207b5efa2 100644 --- a/views/bootstrap/class.DocumentNotify.php +++ b/views/bootstrap/class.DocumentNotify.php @@ -70,6 +70,7 @@ $(document).ready( function() { $folder = $this->params['folder']; $document = $this->params['document']; $sortusersinlist = $this->params['sortusersinlist']; + $enableusersview = $this->params['enableusersview']; $notifyList = $document->getNotifyList(0, true); @@ -151,7 +152,7 @@ $(document).ready( function() { } else { print "\n"; foreach ($notifyList["users"] as $userNotify) { - if ($user->isAdmin() || $user->getID() == $userNotify->getID()) { + if ($user->isAdmin() || /*$enableusersview || */$user->getID() == $userNotify->getID()) { print ""; print ""; print ""; @@ -168,7 +169,8 @@ $(document).ready( function() { } } foreach ($notifyList["groups"] as $groupNotify) { - if ($user->isAdmin() || $groupNotify->isMember($user,true)) { + /* admins and members of a group may see exiting notifications */ + if ($user->isAdmin() || /*$enableusersview || */$groupNotify->isMember($user,false)) { print ""; print ""; print ""; diff --git a/views/bootstrap/class.FolderNotify.php b/views/bootstrap/class.FolderNotify.php index ada8b3d4e..d9f5cbeb2 100644 --- a/views/bootstrap/class.FolderNotify.php +++ b/views/bootstrap/class.FolderNotify.php @@ -67,9 +67,8 @@ $(document).ready(function() { $dms = $this->params['dms']; $user = $this->params['user']; $folder = $this->params['folder']; - $allUsers = $this->params['allusers']; - $allGroups = $this->params['allgroups']; $sortusersinlist = $this->params['sortusersinlist']; + $enableusersview = $this->params['enableusersview']; $notifyList = $folder->getNotifyList(0, true); @@ -151,7 +150,7 @@ $(document).ready(function() { } else { print "
    " . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "
    " . htmlspecialchars($groupNotify->getName()) . "
    \n"; foreach ($notifyList["users"] as $userNotify) { - if ($user->isAdmin() || $user->getID() == $userNotify->getID()) { + if ($user->isAdmin() || /*$enableusersview || */$user->getID() == $userNotify->getID()) { print ""; print ""; print ""; @@ -168,7 +167,8 @@ $(document).ready(function() { } } foreach ($notifyList["groups"] as $groupNotify) { - if ($user->isAdmin() || $groupNotify->isMember($user,true)) { + /* admins and members of a group may see exiting notifications */ + if ($user->isAdmin() || /*$enableusersview || */$groupNotify->isMember($user,false)) { print ""; print ""; print ""; From 2c4b7295826825802a969cddff117b6ebbccf02c Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 22 Mar 2024 10:06:06 +0100 Subject: [PATCH 24/25] some code clean ups --- out/out.DocumentNotify.php | 9 +++++++-- out/out.FolderNotify.php | 12 ++++++------ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/out/out.DocumentNotify.php b/out/out.DocumentNotify.php index 2a2780c84..cbe78d172 100644 --- a/out/out.DocumentNotify.php +++ b/out/out.DocumentNotify.php @@ -31,6 +31,9 @@ require_once("inc/inc.ClassUI.php"); require_once("inc/inc.ClassAccessOperation.php"); require_once("inc/inc.Authentication.php"); +$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); +$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); + if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"]<1)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } @@ -50,9 +53,11 @@ if ($document->getAccessMode($user) < M_READ) { /* Create object for checking access to certain operations */ $accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); -$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); -$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'sortusersinlist'=>$settings->_sortUsersInList)); if($view) { + $view->setParam('folder', $folder); + $view->setParam('document', $document); + $view->setParam('sortusersinlist', $settings->_sortUsersInList); + $view->setParam('enableusersview', $settings->_enableUsersView); $view->setParam('accessobject', $accessop); $view($_GET); exit; diff --git a/out/out.FolderNotify.php b/out/out.FolderNotify.php index 35b3f2686..5a525466e 100644 --- a/out/out.FolderNotify.php +++ b/out/out.FolderNotify.php @@ -27,15 +27,16 @@ require_once("inc/inc.Init.php"); require_once("inc/inc.Extension.php"); require_once("inc/inc.DBInit.php"); require_once("inc/inc.ClassUI.php"); +require_once("inc/inc.ClassAccessOperation.php"); require_once("inc/inc.Authentication.php"); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); -$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings); if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) { UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id")); } + $folder = $dms->getFolder($_GET["folderid"]); if (!is_object($folder)) { @@ -46,16 +47,15 @@ if ($folder->getAccessMode($user) < M_READ) { UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied")); } -$allUsers = $dms->getAllUsers($settings->_sortUsersInList); -$allGroups = $dms->getAllGroups(); +/* Create object for checking access to certain operations */ +$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings); if($view) { $view->setParam('showtree', showtree()); $view->setParam('folder', $folder); - $view->setParam('allusers', $allUsers); - $view->setParam('allgroups', $allGroups); - $view->setParam('accessobject', $accessop); + $view->setParam('enableusersview', $settings->_enableUsersView); $view->setParam('sortusersinlist', $settings->_sortUsersInList); + $view->setParam('accessobject', $accessop); $view($_GET); exit; } From 5fc7c85bf23836228b76aeac953ec4d8b6ac48db Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 22 Mar 2024 18:55:03 +0100 Subject: [PATCH 25/25] add changes for 5.1.34 --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index b92a7aea3..590e67853 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -14,6 +14,7 @@ - do not send notification mail 'submitted review/approval' to owner of document, still send it to uploader of version - set default language in login form if language selector is turned off +- do not show full list of notifiers to none admins -------------------------------------------------------------------------------- Changes in version 5.1.33
    " . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "
    " . htmlspecialchars($groupNotify->getName()) . "