From 68ad970c136438a1321f21ebe8a3071bf05298d0 Mon Sep 17 00:00:00 2001 From: Esteban Gallego Date: Wed, 7 Feb 2024 16:46:11 -0500 Subject: [PATCH 1/7] Allow specific routes when assigning Asset from a Project --- ProcessMaker/Providers/AuthServiceProvider.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/ProcessMaker/Providers/AuthServiceProvider.php b/ProcessMaker/Providers/AuthServiceProvider.php index 55d78fd6b5..1a5ac76997 100644 --- a/ProcessMaker/Providers/AuthServiceProvider.php +++ b/ProcessMaker/Providers/AuthServiceProvider.php @@ -136,12 +136,11 @@ private function checkAllowedEndpoints(array $projectIds, string $currentPath): $allowedEndpoints = [ 'api', 'script/', - 'designer/screens', - 'processes/', - 'designer/decision-tables', - 'designer/data-sources', ]; + $dataSourceClass = 'ProcessMaker\Packages\Connectors\DataSources\Models\DataSource'; + $decisionTableClass = 'ProcessMaker\Package\PackageDecisionEngine\Models\DecisionTable'; + // Get the assets associated with the user's projects $projectAssets = DB::table('project_assets') ->select('asset_id', 'asset_type') @@ -159,9 +158,17 @@ private function checkAllowedEndpoints(array $projectIds, string $currentPath): $allowedEndpoints[] = 'modeler/' . $assetId; } elseif ($assetType === Screen::class) { $allowedEndpoints[] = 'designer/screen-builder/' . $assetId . '/edit'; + $allowedEndpoints[] = 'designer/screens/' . $assetId . '/edit'; } elseif ($assetType === Script::class) { $allowedEndpoints[] = 'designer/scripts/' . $assetId . '/builder'; } + + if (class_exists($dataSourceClass) && $assetType === $dataSourceClass) { + $allowedEndpoints[] = 'designer/data-sources/' . $assetId . '/edit'; + } + if (class_exists($decisionTableClass) && $assetType === $decisionTableClass) { + $allowedEndpoints[] = 'decision-tables/table-builder/' . $assetId . '/edit'; + } } return Str::contains($currentPath, $allowedEndpoints); From 33fa6daa5c6531a6f712247f0e261e07800c61a3 Mon Sep 17 00:00:00 2001 From: Esteban Gallego Date: Wed, 7 Feb 2024 16:49:28 -0500 Subject: [PATCH 2/7] Redirect back when updating Screen --- resources/views/processes/screens/edit.blade.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/views/processes/screens/edit.blade.php b/resources/views/processes/screens/edit.blade.php index d53f444f06..38f692e16d 100644 --- a/resources/views/processes/screens/edit.blade.php +++ b/resources/views/processes/screens/edit.blade.php @@ -118,7 +118,7 @@ }); }, onClose() { - window.location.href = '/designer/screens'; + window.history.go(-1); }, onUpdate() { this.resetErrors(); From 8f760b728ec63fc25515c667943bd61694f97fb3 Mon Sep 17 00:00:00 2001 From: Esteban Gallego Date: Wed, 7 Feb 2024 18:34:39 -0500 Subject: [PATCH 3/7] Allow editing of the logged in script --- ProcessMaker/Providers/AuthServiceProvider.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ProcessMaker/Providers/AuthServiceProvider.php b/ProcessMaker/Providers/AuthServiceProvider.php index 1a5ac76997..76d657a649 100644 --- a/ProcessMaker/Providers/AuthServiceProvider.php +++ b/ProcessMaker/Providers/AuthServiceProvider.php @@ -135,7 +135,6 @@ private function checkAllowedEndpoints(array $projectIds, string $currentPath): { $allowedEndpoints = [ 'api', - 'script/', ]; $dataSourceClass = 'ProcessMaker\Packages\Connectors\DataSources\Models\DataSource'; @@ -161,6 +160,7 @@ private function checkAllowedEndpoints(array $projectIds, string $currentPath): $allowedEndpoints[] = 'designer/screens/' . $assetId . '/edit'; } elseif ($assetType === Script::class) { $allowedEndpoints[] = 'designer/scripts/' . $assetId . '/builder'; + $allowedEndpoints[] = 'designer/scripts/' . $assetId . '/edit'; } if (class_exists($dataSourceClass) && $assetType === $dataSourceClass) { From c3fe432de8e47e062ab254854ed5a5d10ba6ef5e Mon Sep 17 00:00:00 2001 From: Esteban Gallego Date: Wed, 7 Feb 2024 18:35:37 -0500 Subject: [PATCH 4/7] Hide core menus for non admin users --- ProcessMaker/Http/Middleware/GenerateMenus.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ProcessMaker/Http/Middleware/GenerateMenus.php b/ProcessMaker/Http/Middleware/GenerateMenus.php index cebb3afd04..0d8f41acf5 100644 --- a/ProcessMaker/Http/Middleware/GenerateMenus.php +++ b/ProcessMaker/Http/Middleware/GenerateMenus.php @@ -296,7 +296,8 @@ private function userHasPermission($permission) // Fetch the user's permissions and check if the user has the specific permission $userPermissions = $user->permissions->pluck('group')->unique()->toArray(); - if ($user->can($permission) && count($userPermissions) === 1 && $userPermissions[0] === 'Projects') { + + if ($user->can($permission) && in_array('Projects', $userPermissions)) { return false; // Deny UI access if the user has only the 'Projects' permission } From 1b870a9951031355b4db6adff8f5c4f25819def5 Mon Sep 17 00:00:00 2001 From: Esteban Gallego Date: Wed, 7 Feb 2024 19:12:08 -0500 Subject: [PATCH 5/7] Revert sidebar change --- ProcessMaker/Http/Middleware/GenerateMenus.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ProcessMaker/Http/Middleware/GenerateMenus.php b/ProcessMaker/Http/Middleware/GenerateMenus.php index 0d8f41acf5..9b2e6168a6 100644 --- a/ProcessMaker/Http/Middleware/GenerateMenus.php +++ b/ProcessMaker/Http/Middleware/GenerateMenus.php @@ -297,7 +297,7 @@ private function userHasPermission($permission) // Fetch the user's permissions and check if the user has the specific permission $userPermissions = $user->permissions->pluck('group')->unique()->toArray(); - if ($user->can($permission) && in_array('Projects', $userPermissions)) { + if ($user->can($permission) && count($userPermissions) === 1 && $userPermissions[0] === 'Projects') { return false; // Deny UI access if the user has only the 'Projects' permission } From 0a63e70f70946336ef4e80776d09e70330cca7fe Mon Sep 17 00:00:00 2001 From: Esteban Gallego Date: Wed, 7 Feb 2024 19:27:05 -0500 Subject: [PATCH 6/7] Fix sonarQube issues --- ProcessMaker/Providers/AuthServiceProvider.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ProcessMaker/Providers/AuthServiceProvider.php b/ProcessMaker/Providers/AuthServiceProvider.php index 76d657a649..726fe261d6 100644 --- a/ProcessMaker/Providers/AuthServiceProvider.php +++ b/ProcessMaker/Providers/AuthServiceProvider.php @@ -154,20 +154,20 @@ private function checkAllowedEndpoints(array $projectIds, string $currentPath): // Check asset types and push to $allowedEndpoints if ($assetType === Process::class) { - $allowedEndpoints[] = 'modeler/' . $assetId; + $allowedEndpoints[] = "modeler/{$assetId}"; } elseif ($assetType === Screen::class) { - $allowedEndpoints[] = 'designer/screen-builder/' . $assetId . '/edit'; - $allowedEndpoints[] = 'designer/screens/' . $assetId . '/edit'; + $allowedEndpoints[] = "designer/screen-builder/{$assetId}/edit"; + $allowedEndpoints[] = "designer/screens/{$assetId}/edit"; } elseif ($assetType === Script::class) { - $allowedEndpoints[] = 'designer/scripts/' . $assetId . '/builder'; - $allowedEndpoints[] = 'designer/scripts/' . $assetId . '/edit'; + $allowedEndpoints[] = "designer/scripts/{$assetId}/builder"; + $allowedEndpoints[] = "designer/scripts/{$assetId}/edit"; } if (class_exists($dataSourceClass) && $assetType === $dataSourceClass) { - $allowedEndpoints[] = 'designer/data-sources/' . $assetId . '/edit'; + $allowedEndpoints[] = "designer/data-sources/{$assetId}/edit"; } if (class_exists($decisionTableClass) && $assetType === $decisionTableClass) { - $allowedEndpoints[] = 'decision-tables/table-builder/' . $assetId . '/edit'; + $allowedEndpoints[] = "decision-tables/table-builder/{$assetId}/edit"; } } From 90c2127e7d603e71e4233ff1c02ad0b69372941d Mon Sep 17 00:00:00 2001 From: Esteban Gallego Date: Wed, 7 Feb 2024 19:35:51 -0500 Subject: [PATCH 7/7] Remove extra space --- ProcessMaker/Http/Middleware/GenerateMenus.php | 1 - 1 file changed, 1 deletion(-) diff --git a/ProcessMaker/Http/Middleware/GenerateMenus.php b/ProcessMaker/Http/Middleware/GenerateMenus.php index 9b2e6168a6..cebb3afd04 100644 --- a/ProcessMaker/Http/Middleware/GenerateMenus.php +++ b/ProcessMaker/Http/Middleware/GenerateMenus.php @@ -296,7 +296,6 @@ private function userHasPermission($permission) // Fetch the user's permissions and check if the user has the specific permission $userPermissions = $user->permissions->pluck('group')->unique()->toArray(); - if ($user->can($permission) && count($userPermissions) === 1 && $userPermissions[0] === 'Projects') { return false; // Deny UI access if the user has only the 'Projects' permission }