Skip to content

Commit

Permalink
Merge branch 'develop'
Browse files Browse the repository at this point in the history
  • Loading branch information
@johnvanbreda
johnvanbreda committed Feb 5, 2019
2 parents 13065f3 + 094243c commit ff86f24
Show file tree
Hide file tree
Showing 20 changed files with 1,421 additions and 147 deletions.
4 changes: 2 additions & 2 deletions application/config/version.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,14 @@
*
* @var string
*/
$config['version'] = '2.4.0';
$config['version'] = '2.5.0';

/**
* Version release date.
*
* @var string
*/
$config['release_date'] = '2018-01-21';
$config['release_date'] = '2018-02-05';

/**
* Link to the code repository downloads page.
Expand Down
19 changes: 10 additions & 9 deletions application/libraries/MY_ORM.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1624,27 +1624,27 @@ protected function createAttributes($isInsert) {
$attrId = $arr[1];
$valueId = count($arr)>2 ? $arr[2] : NULL;
$attrDef = self::loadAttrDef($this->object_name, $attrId);
if ($attrDef->allow_ranges === 't' && !empty($this->submission['fields']["$field:upper"])
&& !empty($this->submission['fields']["$field:upper"]['value'])) {
$value .= ' - ' . $this->submission['fields']["$field:upper"]['value'];
}
$attr = $this->createAttributeRecord($attrId, $valueId, $value, $attrDef);
if ($attr === FALSE) {
// Failed to create attribute so drop out.
return FALSE;
}
// If this attribute is a multivalue array, then any existing
// attributes which are not in the submission for the same attr ID
// should be removed. We need to keep an array of the multi-value
// attribute IDs, with a sub-array for the existing value IDs that
// were included in the submission, so that we can mark-delete the
// ones that are not in the submission.
$attr = $this->createAttributeRecord($attrId, $valueId, $value, $attrDef);
if ($attr === FALSE) {
// Failed to create attribute so drop out.
return FALSE;
}
if ($attrDef->multi_value === 't' && count($arr)) {
if (!isset($multiValueData["attr:$attrId"])) {
$multiValueData["attr:$attrId"] = array('attrId' => $attrId, 'ids' => []);
}
$multiValueData["attr:$attrId"]['ids'] = array_merge($multiValueData["attr:$attrId"]['ids'], $attr);
}
if ($attrDef->allow_ranges === 't' && !empty($this->submission['fields']["$field:upper"])
&& !empty($this->submission['fields']["$field:upper"]['value'])) {
$value .= ' - ' . $this->submission['fields']["$field:upper"]['value'];
}
}
}
// Delete any old values from a mult-value attribute. No need to worry
Expand Down Expand Up @@ -1755,6 +1755,7 @@ protected function createAttributeRecord($attrId, $valueId, $value, $attrDef) {
$attrValueModel->where([
$this->object_name.'_attribute_id' => $attrId,
$this->object_name.'_id' => $this->id,
'deleted' => 'f',
])->find();
}

Expand Down
58 changes: 56 additions & 2 deletions application/libraries/ReportEngine.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,18 @@ class ReportEngine {
*/
private $recordCountResult;

/**
* List of reports that have been explicitly authorised.
*
* Reports may have an attribute restricted="true", in which case they are
* only available if explicitly authorised by the REST API for an
* authenticated client.
*
* @var array
*/
private $authorisedReports = [];


/**
* Constructor.
*
Expand Down Expand Up @@ -126,6 +138,23 @@ public function reportList() {
return $reports;
}

/**
* Returns true if a report cannot be accessed because it is restricted.
*
* @param string $report
* Report file path.
* @param array $metadata
* Report metadata.
*
* @return bool
* True if the report is inaccessible for this request.
*/
private function isReportRestricted($report, array $metadata) {
return !empty($metadata['restricted'])
&& $metadata['restricted'] !== 'false'
&& !in_array(ltrim($report, '/'), $this->authorisedReports);
}

/**
* Array sorting function for the list of reports and folders.
*
Expand Down Expand Up @@ -167,13 +196,16 @@ private function internalReportList($root, $path) {
}
elseif (substr($file, -4) === '.xml') {
$metadata = XMLReportReader::loadMetadata("$fullPath$file");
if ($this->isReportRestricted("$path$file", $metadata)) {
continue;
}
$file = basename($file, '.xml');
$reportPath = ltrim("$path$file", '/');
$reportInfo = array(
'type' => 'report',
'title' => $metadata['title'],
'description' => $metadata['description'],
'path' => $reportPath
'path' => $reportPath,
);
if (!empty($metadata['standard_params'])) {
$reportInfo['standard_params'] = $metadata['standard_params'];
Expand Down Expand Up @@ -261,6 +293,11 @@ public function requestReport($report = NULL, $reportSource = 'local', $reportFo
// Allow the list of columns to be returned to be passed as a parameter.
$cols = empty($this->providedParams['columns']) ? array() : explode(',', $this->providedParams['columns']);
$this->reportReader = new XMLReportReader($this->report, $this->websiteIds, $this->sharingMode, $cols);
$metadata = XMLReportReader::loadMetadata($this->report);
if ($this->isReportRestricted($report, $metadata)) {
// Abort as restricted report.
throw new Exception('Attempt to access unauthorised report');
}
$this->reportReader->loadStandardParams($this->providedParams, $this->sharingMode);
break;

Expand Down Expand Up @@ -340,6 +377,21 @@ public function requestMetadata($report, $includeUnusedParameters = FALSE) {
return $r;
}

/**
* Authorise access to a list of restricted reports.
*
* If a client's authorisation (e.g. a client project in the RESTful API)
* authorises any restricted reports then this method can be called to enable
* access.
*
* @param array $reports
* List of reports to enable access for, e.g.
* `['library/occurrences/list_for_elastic_sensitive.xml']`.
*/
public function setAuthorisedReports(array $reports) {
$this->authorisedReports = $reports;
}

/**
* Checks parameters and returns request if they're not all there, else compiles the report.
*
Expand Down Expand Up @@ -1028,10 +1080,12 @@ private function mergeQueryWithParams($query, $includeOrderBy = TRUE) {
? $paramDefs[$name]['preprocess'] : [$name => $paramDefs[$name]['preprocess']];
// Use each preprocessing query to calculate the actual param
// value to use.
$websiteFilter = $this->websiteIds ? implode(',', $this->websiteIds) : 'select id from websites';
$masterTaxonListId = warehouse::getMasterTaxonListId();
foreach ($preprocessors as $token => $qry) {
$prequery = str_replace(
["#$name#", '#website_ids#', '#master_list_id#'],
[$value, implode(',', $this->websiteIds), warehouse::getMasterTaxonListId()],
[$value, $websiteFilter, $masterTaxonListId],
$qry
);
$output = $this->reportDb->query($prequery)->result_array(FALSE);
Expand Down
3 changes: 3 additions & 0 deletions application/libraries/XMLReportReader.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,12 @@ public static function loadMetadata($report) {
$metadata['title'] = $reader->getAttribute('title');
$metadata['description'] = $reader->getAttribute('description');
$metadata['featured'] = $reader->getAttribute('featured');
$metadata['restricted'] = $reader->getAttribute('restricted');
$metadata['summary'] = $reader->getAttribute('summary');
if (!$metadata['featured'])
unset($metadata['featured']);
if (!$metadata['restricted'])
unset($metadata['restricted']);
if (!$metadata['summary'])
unset($metadata['summary']);
if (!$metadata['title'])
Expand Down
2 changes: 1 addition & 1 deletion modules/cache_builder/config/cache_builder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1360,7 +1360,7 @@
date_end=s.date_end,
date_type=s.date_type,
created_on=o.created_on,
updated_on=o.updated_on,
updated_on=greatest(o.updated_on, cttl.cache_updated_on),
verified_on=o.verified_on,
created_by_id=o.created_by_id,
group_id=s.group_id,
Expand Down
Loading

0 comments on commit ff86f24

Please sign in to comment.