From df86e62330259d1d5f057cbc595ba9d1a75cd0f6 Mon Sep 17 00:00:00 2001
From: tcharles <tcharles@centreon.com>
Date: Wed, 10 Apr 2019 10:27:50 +0200
Subject: [PATCH 1/6] fix(widget) : widget params on public view #7383

correctly set widget params when you load a public view
---
 www/class/centreonCustomView.class.php | 42 ++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/www/class/centreonCustomView.class.php b/www/class/centreonCustomView.class.php
index d759ff27e4b..a1619986115 100644
--- a/www/class/centreonCustomView.class.php
+++ b/www/class/centreonCustomView.class.php
@@ -640,9 +640,51 @@ public function loadCustomView($params)
         if (!$dbResult) {
             throw new \Exception("An error occured");
         }
+        
+        //if the view is being added for the first time, we make sure that the widget parameters are going to be set
+        if (!$update) {
+            $this->addPublicViewWidgetParams($params['viewLoad'], $this->userId);
+        }
+        
         return $params['viewLoad'];
     }
 
+    /**
+    * @param $viewId
+    * @param $userId
+    * @throws Exception
+    */
+    public function addPublicViewWidgetParams($viewId, $userId)
+    {
+        //get all widget parameters from the view that is being added
+        if (isset($userId) && $userId) {
+            $query = 'SELECT * FROM widget_views wv LEFT JOIN widget_preferences wp ON wp.widget_view_id=wv.widget_view_id ' .
+                'LEFT JOIN custom_view_user_relation cvur ON cvur.custom_view_id=wv.custom_view_id ' .
+                'WHERE cvur.custom_view_id = :viewId and cvur.locked = 0';
+            $stmt = $this->db->prepare($query);
+            $stmt->bindParam(':viewId', $viewId, PDO::PARAM_INT);
+            $dbResult = $stmt->execute();
+            if (!$dbResult) {
+                throw new \Exception("An error occured");
+            }
+
+            //add every widget parameters for the current user
+            while ($row = $stmt->fetch()) {
+                $query2 = 'INSERT INTO widget_preferences VALUES (:widget_view_id, :parameter_id, :preference_value, :user_id)';
+
+                $stmt2 = $this->db->prepare($query2);
+                $stmt2->bindParam(':widget_view_id', $row['widget_view_id'], PDO::PARAM_INT);
+                $stmt2->bindParam(':parameter_id', $row['parameter_id'], PDO::PARAM_INT);
+                $stmt2->bindParam(':preference_value', $row['preference_value'], PDO::PARAM_STR);
+                $stmt2->bindParam(':user_id', $userId, PDO::PARAM_INT);
+
+                $dbResult2 = $stmt2->execute();
+                if (!$dbResult2) {
+                    throw new \Exception("An error occured");
+                }
+            }
+        }
+    }
 
     /**
      * @param $params

From e4922e313d8f3acc411ae2dfc87e8a68d7519266 Mon Sep 17 00:00:00 2001
From: sc979 <34628915+sc979@users.noreply.github.com>
Date: Wed, 10 Apr 2019 11:47:45 +0200
Subject: [PATCH 2/6] fix(ci): codingStyle and psr2

---
 www/class/centreonCustomView.class.php | 29 +++++++++++++++++---------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/www/class/centreonCustomView.class.php b/www/class/centreonCustomView.class.php
index a1619986115..65b88c9829c 100644
--- a/www/class/centreonCustomView.class.php
+++ b/www/class/centreonCustomView.class.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -658,21 +658,27 @@ public function addPublicViewWidgetParams($viewId, $userId)
     {
         //get all widget parameters from the view that is being added
         if (isset($userId) && $userId) {
-            $query = 'SELECT * FROM widget_views wv LEFT JOIN widget_preferences wp ON wp.widget_view_id=wv.widget_view_id ' .
+            $stmt = $this->db->prepare(
+                'SELECT * FROM widget_views wv ' .
+                'LEFT JOIN widget_preferences wp ON wp.widget_view_id = wv.widget_view_id ' .
                 'LEFT JOIN custom_view_user_relation cvur ON cvur.custom_view_id=wv.custom_view_id ' .
-                'WHERE cvur.custom_view_id = :viewId and cvur.locked = 0';
-            $stmt = $this->db->prepare($query);
+                'WHERE cvur.custom_view_id = :viewId and cvur.locked = 0'
+            );
             $stmt->bindParam(':viewId', $viewId, PDO::PARAM_INT);
             $dbResult = $stmt->execute();
             if (!$dbResult) {
-                throw new \Exception("An error occured");
+                throw new \Exception(
+                    "An error occurred when retrieving user's Id : " . userId .
+                    " parameters of the widgets from the view: Id = " . $viewId
+                );
             }
 
             //add every widget parameters for the current user
             while ($row = $stmt->fetch()) {
-                $query2 = 'INSERT INTO widget_preferences VALUES (:widget_view_id, :parameter_id, :preference_value, :user_id)';
-
-                $stmt2 = $this->db->prepare($query2);
+                $stmt2 = $this->db->prepare(
+                    'INSERT INTO widget_preferences ' .
+                    'VALUES (:widget_view_id, :parameter_id, :preference_value, :user_id)'
+                );
                 $stmt2->bindParam(':widget_view_id', $row['widget_view_id'], PDO::PARAM_INT);
                 $stmt2->bindParam(':parameter_id', $row['parameter_id'], PDO::PARAM_INT);
                 $stmt2->bindParam(':preference_value', $row['preference_value'], PDO::PARAM_STR);
@@ -680,7 +686,10 @@ public function addPublicViewWidgetParams($viewId, $userId)
 
                 $dbResult2 = $stmt2->execute();
                 if (!$dbResult2) {
-                    throw new \Exception("An error occured");
+                    throw new \Exception(
+                        "An error occurred when adding user's Id : " . $userId .
+                        " parameters to the widgets from the view: Id = " . $viewId
+                    );
                 }
             }
         }

From 0e8855a93c4b9ea2743905509554b2ea71592add Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Chapron?= <schapron@centreon.com>
Date: Thu, 11 Apr 2019 13:47:35 +0200
Subject: [PATCH 3/6] fix(widget): correct the query using user's the custom
 view's locked parameter

---
 www/class/centreonCustomView.class.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/www/class/centreonCustomView.class.php b/www/class/centreonCustomView.class.php
index 65b88c9829c..eee766b3968 100644
--- a/www/class/centreonCustomView.class.php
+++ b/www/class/centreonCustomView.class.php
@@ -661,14 +661,14 @@ public function addPublicViewWidgetParams($viewId, $userId)
             $stmt = $this->db->prepare(
                 'SELECT * FROM widget_views wv ' .
                 'LEFT JOIN widget_preferences wp ON wp.widget_view_id = wv.widget_view_id ' .
-                'LEFT JOIN custom_view_user_relation cvur ON cvur.custom_view_id=wv.custom_view_id ' .
-                'WHERE cvur.custom_view_id = :viewId and cvur.locked = 0'
+                'LEFT JOIN custom_view_user_relation cvur ON cvur.custom_view_id = wv.custom_view_id ' .
+                'WHERE cvur.custom_view_id = :view_id AND cvur.is_owner = 1 AND cvur.user_id = wp.user_id'
             );
             $stmt->bindParam(':viewId', $viewId, PDO::PARAM_INT);
             $dbResult = $stmt->execute();
             if (!$dbResult) {
                 throw new \Exception(
-                    "An error occurred when retrieving user's Id : " . userId .
+                    "An error occurred when retrieving user's Id : " . $userId .
                     " parameters of the widgets from the view: Id = " . $viewId
                 );
             }

From 48c9019548b8bca532755b172885d39e449f56d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Chapron?= <schapron@centreon.com>
Date: Mon, 15 Apr 2019 11:56:25 +0200
Subject: [PATCH 4/6] fix wrong binding name

---
 www/class/centreonCustomView.class.php | 49 ++++++++++++++------------
 1 file changed, 27 insertions(+), 22 deletions(-)

diff --git a/www/class/centreonCustomView.class.php b/www/class/centreonCustomView.class.php
index eee766b3968..1711e083271 100644
--- a/www/class/centreonCustomView.class.php
+++ b/www/class/centreonCustomView.class.php
@@ -662,7 +662,7 @@ public function addPublicViewWidgetParams($viewId, $userId)
                 'SELECT * FROM widget_views wv ' .
                 'LEFT JOIN widget_preferences wp ON wp.widget_view_id = wv.widget_view_id ' .
                 'LEFT JOIN custom_view_user_relation cvur ON cvur.custom_view_id = wv.custom_view_id ' .
-                'WHERE cvur.custom_view_id = :view_id AND cvur.is_owner = 1 AND cvur.user_id = wp.user_id'
+                'WHERE cvur.custom_view_id = :viewId AND cvur.is_owner = 1 AND cvur.user_id = wp.user_id'
             );
             $stmt->bindParam(':viewId', $viewId, PDO::PARAM_INT);
             $dbResult = $stmt->execute();
@@ -677,12 +677,12 @@ public function addPublicViewWidgetParams($viewId, $userId)
             while ($row = $stmt->fetch()) {
                 $stmt2 = $this->db->prepare(
                     'INSERT INTO widget_preferences ' .
-                    'VALUES (:widget_view_id, :parameter_id, :preference_value, :user_id)'
+                    'VALUES (:widgetViewId, :parameterId, :preferenceValue, :userId)'
                 );
-                $stmt2->bindParam(':widget_view_id', $row['widget_view_id'], PDO::PARAM_INT);
-                $stmt2->bindParam(':parameter_id', $row['parameter_id'], PDO::PARAM_INT);
-                $stmt2->bindParam(':preference_value', $row['preference_value'], PDO::PARAM_STR);
-                $stmt2->bindParam(':user_id', $userId, PDO::PARAM_INT);
+                $stmt2->bindParam(':widgetViewId', $row['widget_view_id'], PDO::PARAM_INT);
+                $stmt2->bindParam(':parameterId', $row['parameter_id'], PDO::PARAM_INT);
+                $stmt2->bindParam(':preferenceValue', $row['preference_value'], PDO::PARAM_STR);
+                $stmt2->bindParam(':userId', $userId, PDO::PARAM_INT);
 
                 $dbResult2 = $stmt2->execute();
                 if (!$dbResult2) {
@@ -725,11 +725,12 @@ public function shareCustomView($params, $userId)
             }
 
             // select user already share
-            $query = 'SELECT user_id FROM custom_view_user_relation ' .
+            $stmt = $this->db->prepare(
+                'SELECT user_id FROM custom_view_user_relation ' .
                 'WHERE custom_view_id = :viewId ' .
                 'AND user_id <> :userId ' .
-                'AND usergroup_id IS NULL ';
-            $stmt = $this->db->prepare($query);
+                'AND usergroup_id IS NULL '
+            );
             $stmt->bindParam(':viewId', $params['custom_view_id'], PDO::PARAM_INT);
             $stmt->bindParam(':userId', $userId, PDO::PARAM_INT);
             $dbResult = $stmt->execute();
@@ -744,10 +745,11 @@ public function shareCustomView($params, $userId)
             // check if the view is share at a new user
             foreach ($sharedUsers as $sharedUserId => $locked) {
                 if (isset($oldSharedUsers[$sharedUserId])) {
-                    $query = 'UPDATE custom_view_user_relation SET is_share = 1, locked = :isLocked ' .
+                    $stmt = $this->db->prepare(
+                        'UPDATE custom_view_user_relation SET is_share = 1, locked = :isLocked ' .
                         'WHERE user_id = :userId ' .
-                        'AND custom_view_id = :viewId';
-                    $stmt = $this->db->prepare($query);
+                        'AND custom_view_id = :viewId'
+                    );
                     $stmt->bindParam(':isLocked', $locked, PDO::PARAM_INT);
                     $stmt->bindParam(':userId', $sharedUserId, PDO::PARAM_INT);
                     $stmt->bindParam(':viewId', $params['custom_view_id'], PDO::PARAM_INT);
@@ -757,10 +759,11 @@ public function shareCustomView($params, $userId)
                     }
                     unset($oldSharedUsers[$sharedUserId]);
                 } else {
-                    $query = 'INSERT INTO custom_view_user_relation ' .
+                    $stmt = $this->db->prepare(
+                        'INSERT INTO custom_view_user_relation ' .
                         '(custom_view_id, user_id, locked, is_consumed, is_share ) ' .
-                        'VALUES ( :viewId, :sharedUser, :isLocked, 0, 1) ';
-                    $stmt = $this->db->prepare($query);
+                        'VALUES ( :viewId, :sharedUser, :isLocked, 0, 1) '
+                    );
                     $stmt->bindParam(':viewId', $params['custom_view_id'], PDO::PARAM_INT);
                     $stmt->bindParam(':sharedUser', $sharedUserId, PDO::PARAM_INT);
                     $stmt->bindParam(':isLocked', $locked, PDO::PARAM_INT);
@@ -787,24 +790,26 @@ public function shareCustomView($params, $userId)
             }
 
             // delete widget preferences for old user
-            $query = 'DELETE FROM widget_preferences ' .
+            $stmt = $this->db->prepare(
+                'DELETE FROM widget_preferences ' .
                 'WHERE widget_view_id IN (SELECT wv.widget_view_id FROM widget_views wv ' .
                 'WHERE wv.custom_view_id = ? ) ' .
-                'AND user_id IN (' . $userIdKey . ') ';
-            $stmt = $this->db->prepare($query);
+                'AND user_id IN (' . $userIdKey . ') '
+            );
             $dbResult = $stmt->execute($queryValue);
             if (!$dbResult) {
                 throw new \Exception($stmt->errorInfo());
             }
 
             // delete view / user relation
-            $query = 'DELETE FROM custom_view_user_relation ' .
+            $stmt = $this->db->prepare(
+                'DELETE FROM custom_view_user_relation ' .
                 'WHERE custom_view_id = ? ' .
-                'AND user_id IN (' . $userIdKey . ') ';
-            $stmt = $this->db->prepare($query);
+                'AND user_id IN (' . $userIdKey . ') '
+            );
             $dbResult = $stmt->execute($queryValue);
             if (!$dbResult) {
-                throw new \Exception("An error occured");
+                throw new \Exception("An error occurred");
             }
 
             ////////////////////////////

From 5a58c681991410e57cf16747e16e1d95e47093a5 Mon Sep 17 00:00:00 2001
From: sc979 <34628915+sc979@users.noreply.github.com>
Date: Mon, 15 Apr 2019 18:29:16 +0200
Subject: [PATCH 5/6] enh : check if $userId is non empty

---
 www/class/centreonCustomView.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/class/centreonCustomView.class.php b/www/class/centreonCustomView.class.php
index 1711e083271..5c4f45a91ae 100644
--- a/www/class/centreonCustomView.class.php
+++ b/www/class/centreonCustomView.class.php
@@ -657,7 +657,7 @@ public function loadCustomView($params)
     public function addPublicViewWidgetParams($viewId, $userId)
     {
         //get all widget parameters from the view that is being added
-        if (isset($userId) && $userId) {
+        if (isset($userId) && !empty($userId)) {
             $stmt = $this->db->prepare(
                 'SELECT * FROM widget_views wv ' .
                 'LEFT JOIN widget_preferences wp ON wp.widget_view_id = wv.widget_view_id ' .

From a701e1d0e1ddd6e2738d5176fbd31da19a8257b4 Mon Sep 17 00:00:00 2001
From: loiclau <loic.lau@gmail.com>
Date: Tue, 16 Apr 2019 10:45:53 +0200
Subject: [PATCH 6/6] Update www/class/centreonCustomView.class.php

Co-Authored-By: sc979 <34628915+sc979@users.noreply.github.com>
---
 www/class/centreonCustomView.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/class/centreonCustomView.class.php b/www/class/centreonCustomView.class.php
index 5c4f45a91ae..fd58884b37d 100644
--- a/www/class/centreonCustomView.class.php
+++ b/www/class/centreonCustomView.class.php
@@ -657,7 +657,7 @@ public function loadCustomView($params)
     public function addPublicViewWidgetParams($viewId, $userId)
     {
         //get all widget parameters from the view that is being added
-        if (isset($userId) && !empty($userId)) {
+        if (!empty($userId)) {
             $stmt = $this->db->prepare(
                 'SELECT * FROM widget_views wv ' .
                 'LEFT JOIN widget_preferences wp ON wp.widget_view_id = wv.widget_view_id ' .