Merge pull request #1724 from xibosignage/develop

Release 3.3.4

.github/workflows/build-container.yaml

@@ -23,20 +23,20 @@ jobs:
       - name: Build Latest
         if: github.ref == 'refs/heads/master'
         run: |
-          docker build . -t xibosignage/xibo-cms:latest --build-arg GIT_COMMIT=${GITHUB_SHA}
+          docker build . -t ghcr.io/xibosignage/xibo-cms:latest --build-arg GIT_COMMIT=${GITHUB_SHA}
       - name: Push Latest
         if: github.ref == 'refs/heads/master'
         run: |
-          docker login --username ${{ secrets.DOCKER_HUB_USERNAME }} --password ${{ secrets.DOCKER_HUB_TOKEN }}
-          docker push xibosignage/xibo-cms:latest
+          docker login ghcr.io --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
+          docker push ghcr.io/xibosignage/xibo-cms:latest
 
       # Release branch
       - name: Build Branch
         if: github.ref != 'refs/heads/master'
         run: |
-          docker build . -t xibosignage/xibo-cms:${GITHUB_REF##*/} --build-arg GIT_COMMIT=${GITHUB_SHA}
+          docker build . -t ghcr.io/xibosignage/xibo-cms:${GITHUB_REF##*/} --build-arg GIT_COMMIT=${GITHUB_SHA}
       - name: Push Branch
         if: github.ref != 'refs/heads/master'
         run: |
-          docker login --username ${{ secrets.DOCKER_HUB_USERNAME }} --password ${{ secrets.DOCKER_HUB_TOKEN }}
-          docker push xibosignage/xibo-cms:${GITHUB_REF##*/}
+          docker login ghcr.io --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
+          docker push ghcr.io/xibosignage/xibo-cms:${GITHUB_REF##*/}

.github/workflows/build-cypress.yaml

@@ -18,6 +18,6 @@ jobs:
 
       - name: Build Cypress
         run: |
-          docker login --username ${{ secrets.DOCKER_HUB_USERNAME }} --password ${{ secrets.DOCKER_HUB_TOKEN }}
-          docker build . -f Dockerfile.cypress -t xibosignage/xibo-cms:cypress
-          docker push xibosignage/xibo-cms:cypress
+          docker login ghcr.io --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
+          docker build . -f Dockerfile.cypress -t ghcr.io/xibosignage/xibo-cms:cypress
+          docker push ghcr.io/xibosignage/xibo-cms:cypress

.github/workflows/build-tag.yaml

@@ -17,14 +17,14 @@ jobs:
           fetch-depth: 1
       - name: Build Image
         run: |
-          docker build . -t xibosignage/xibo-cms:release-${GITHUB_REF##*/} --build-arg GIT_COMMIT=${GITHUB_SHA}
+          docker build . -t ghcr.io/xibosignage/xibo-cms:release-${GITHUB_REF##*/} --build-arg GIT_COMMIT=${GITHUB_SHA}
       - name: Push Image
         run: |
-          docker login --username ${{ secrets.DOCKER_HUB_USERNAME }} --password ${{ secrets.DOCKER_HUB_TOKEN }}
-          docker push xibosignage/xibo-cms:release-${GITHUB_REF##*/}
+          docker login ghcr.io --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
+          docker push ghcr.io/xibosignage/xibo-cms:release-${GITHUB_REF##*/}
       - name: Build archive
         run: |
-          CONTAINER=$(docker create xibosignage/xibo-cms:release-${GITHUB_REF##*/})
+          CONTAINER=$(docker create ghcr.io/xibosignage/xibo-cms:release-${GITHUB_REF##*/})
           echo 'Copying from container.'
           docker cp "$CONTAINER":/var/www/cms/ xibo-cms-${GITHUB_REF##*/}
           tar -czf xibo-cms-${GITHUB_REF##*/}.tar.gz xibo-cms-${GITHUB_REF##*/}
@@ -38,4 +38,4 @@ jobs:
           fail_on_unmatched_files: true
           files: |
             **.tar.gz
-            **.zip
+            **.zip

.github/workflows/test-suite.yaml

@@ -17,7 +17,7 @@ jobs:
       - name: Pull
         run: |
           docker pull mysql:5.7
-          docker pull xibosignage/xibo-xmr:latest
+          docker pull ghcr.io/xibosignage/xibo-xmr:latest
       - name: Get Diff
         run: |
           git fetch origin ${GITHUB_BASE_REF}
@@ -29,7 +29,7 @@ jobs:
       - name: Run
         run: |
           docker run --name cms-db -e MYSQL_RANDOM_ROOT_PASSWORD=yes -e MYSQL_DATABASE=cms -e MYSQL_USER=cms -e MYSQL_PASSWORD=jenkins -d mysql:5.7
-          docker run --name cms-xmr -d xibosignage/xibo-xmr:latest
+          docker run --name cms-xmr -d ghcr.io/xibosignage/xibo-xmr:latest
           docker run --name cms-web -e MYSQL_USER=cms -e MYSQL_PASSWORD=jenkins -e XIBO_DEV_MODE=true -e XMR_HOST=cms-xmr --link cms-db:db --link cms-xmr:50001 -d cms-web
       - name: Wait for CMS
         run: |
@@ -51,4 +51,4 @@ jobs:
         run: |
           docker exec cms-db mysql -ucms -pjenkins cms -e "INSERT INTO oauth_clients (id, secret, name, userId, authCode, clientCredentials) VALUES ('MrGPc7e3IL1hA6w13l7Ru5giygxmNiafGNhFv89d', 'Pk6DdDgu2HzSoepcMHRabY60lDEvQ9ucTejYvc5dOgNVSNaOJirCUM83oAzlwe0KBiGR2Nhi6ltclyNC1rmcq0CiJZXzE42KfeatQ4j9npr6nMIQAzMal8O8RiYrIoono306CfyvSSJRfVfKExIjj0ZyE4TUrtPezJbKmvkVDzh8aj3kbanDKatirhwpfqfVdfgsqVNjzIM9ZgKHnbrTX7nNULL3BtxxNGgDMuCuvKiJFrLSyIIz1F4SNrHwHz', 'cypress', 1, 0, 1)"
           docker exec cms-db mysql -ucms -pjenkins cms -e "INSERT INTO oauth_client_scopes (clientId, scopeId) VALUES ('MrGPc7e3IL1hA6w13l7Ru5giygxmNiafGNhFv89d', 'all') ON DUPLICATE KEY UPDATE scopeId = scopeId"
-          docker run --ipc=host --name cms-cypress --link=cms-web:web -v $(pwd)/cypress.config.js:/app/cypress.config.js -v $(pwd)/cypress:/app/cypress xibosignage/xibo-cms:cypress bash -c "CYPRESS_baseUrl=http://web /app/node_modules/.bin/cypress run --config screenshotsFolder=/app/results,video=false --reporter junit --reporter-options 'mochaFile=/app/results/results_cypress_[hash].xml,toConsole=true'"
+          docker run --ipc=host --name cms-cypress --link=cms-web:web -v $(pwd)/cypress.config.js:/app/cypress.config.js -v $(pwd)/cypress:/app/cypress xibosignage/xibo-cms:cypress bash -c "CYPRESS_baseUrl=http://web /app/node_modules/.bin/cypress run --config screenshotsFolder=/app/results,video=false --reporter junit --reporter-options 'mochaFile=/app/results/results_cypress_[hash].xml,toConsole=true'"

docker-compose.yml

@@ -12,7 +12,7 @@ services:
       MYSQL_DATABASE: "cms"
 
   xmr:
-    image: xibosignage/xibo-xmr:latest
+    image: ghcr.io/xibosignage/xibo-xmr:latest
     ports:
     - "9505:9505"
     environment:
@@ -44,4 +44,4 @@ services:
     - API_URL=http://localhost/swagger.json
 
   quickchart:
-    image: ianw/quickchart
+    image: ianw/quickchart

lib/Connector/XiboSspConnector.php

@@ -155,13 +155,17 @@ public function processSettingsForm(SanitizerInterface $params, array $settings)
         // Update API config.
         $this->setPartners($settings['apiKey'], $partners);
 
-        // If the API key has changed during this request, clear out displays on the old API key
-        if ($existingApiKey !== $settings['apiKey']) {
-            // Clear all displays for this CMS on the existing key
-            $this->setDisplays($existingApiKey, $existingCmsUrl, [], $settings);
-        } else if (!empty($existingCmsUrl) && $existingCmsUrl !== $settings['cmsUrl']) {
-            // Clear all displays for this CMS on the existing key
-            $this->setDisplays($settings['apiKey'], $existingCmsUrl, [], $settings);
+        try {
+            // If the API key has changed during this request, clear out displays on the old API key
+            if ($existingApiKey !== $settings['apiKey']) {
+                // Clear all displays for this CMS on the existing key
+                $this->setDisplays($existingApiKey, $existingCmsUrl, [], $settings);
+            } else if (!empty($existingCmsUrl) && $existingCmsUrl !== $settings['cmsUrl']) {
+                // Clear all displays for this CMS on the existing key
+                $this->setDisplays($settings['apiKey'], $existingCmsUrl, [], $settings);
+            }
+        } catch (\Exception $e) {
+            $this->getLogger()->error('Failed to set displays '. $e->getMessage());
         }
 
         // Add displays on the new API key (maintenance also does this, but do it now).

lib/Controller/Applications.php

@@ -1,8 +1,8 @@
 <?php
 /*
- * Copyright (C) 2022 Xibo Signage Ltd
+ * Copyright (C) 2023 Xibo Signage Ltd
  *
- * Xibo - Digital Signage - http://www.xibo.org.uk
+ * Xibo - Digital Signage - https://xibosignage.com
  *
  * This file is part of Xibo.
  *
@@ -305,6 +305,16 @@ public function authorize(Request $request, Response $response)
                 Carbon::now()->format(DateFormatHelper::getSystemFormat()),
                 $request->getAttribute('ip_address')
             );
+
+            $this->getLog()->audit(
+                'Auth',
+                0,
+                'Application access approved',
+                [
+                    'Application identifier ends with' => substr($authRequest->getClient()->getIdentifier(), -8),
+                    'Application Name' => $authRequest->getClient()->getName()
+                ]
+            );
         } else {
             $authRequest->setAuthorizationApproved(false);
         }
@@ -604,6 +614,16 @@ public function revokeAccess(Request $request, Response $response, $id, $userId)
         // clear cache for this clientId/userId pair, this is how we know the application is no longer approved
         $this->pool->getItem('C_' . $client->key . '/' . $userId)->clear();
 
+        $this->getLog()->audit(
+            'Auth',
+            0,
+            'Application access revoked',
+            [
+                'Application identifier ends with' => substr($client->key, -8),
+                'Application Name' => $client->getName()
+            ]
+        );
+
         $this->getState()->hydrate([
             'httpStatus' => 204,
             'message' => sprintf(__('Access to %s revoked'), $client->name)

lib/Controller/Display.php

@@ -716,6 +716,10 @@ function grid(Request $request, Response $response)
                     $display->commercialLicenceDescription = __('Display is not licensed');
             }
 
+            if ($display->clientCode < 400) {
+                $display->commercialLicenceDescription .= ' (' . __('The status will be updated with each Commercial Licence check') . ')';
+            }
+
             // Thumbnail
             $display->thumbnail = '';
             // If we aren't logged in, and we are showThumbnail == 2, then show a circle

lib/Controller/DisplayGroup.php

@@ -1,8 +1,8 @@
 <?php
 /*
- * Copyright (c) 2022 Xibo Signage Ltd
+ * Copyright (C) 2022-2023 Xibo Signage Ltd
  *
- * Xibo - Digital Signage - http://www.xibo.org.uk
+ * Xibo - Digital Signage - https://xibosignage.com
  *
  * This file is part of Xibo.
  *
@@ -1254,6 +1254,7 @@ public function assignDisplayGroup(Request $request, Response $response, $id)
         }
 
         $displayGroup->load();
+        $this->getDispatcher()->dispatch(new DisplayGroupLoadEvent($displayGroup), DisplayGroupLoadEvent::$NAME);
 
         if (!$this->getUser()->checkEditable($displayGroup)) {
             throw new AccessDeniedException();

lib/Controller/UserGroup.php

@@ -1,8 +1,8 @@
 <?php
 /*
- * Copyright (c) 2022 Xibo Signage Ltd
+ * Copyright (C) 2023 Xibo Signage Ltd
  *
- * Xibo - Digital Signage - http://www.xibo.org.uk
+ * Xibo - Digital Signage - https://xibosignage.com
  *
  * This file is part of Xibo.
  *
@@ -20,6 +20,7 @@
  * along with Xibo.  If not, see <http://www.gnu.org/licenses/>.
  */
 namespace Xibo\Controller;
+
 use Slim\Http\Response as Response;
 use Slim\Http\ServerRequest as Request;
 use Xibo\Entity\Permission;
@@ -143,7 +144,7 @@ function grid(Request $request, Response $response)
 
             // we only want to show certain buttons, depending on the user logged in
             if ($this->getUser()->featureEnabled('usergroup.modify')
-                && $this->isEditable($group)
+                && $this->getUser()->checkEditable($group)
             ) {
                 // Edit
                 $group->buttons[] = array(
@@ -234,7 +235,7 @@ function editForm(Request $request, Response $response, $id)
     {
         $group = $this->userGroupFactory->getById($id);
 
-        if (!$this->isEditable($group)) {
+        if (!$this->getuser()->checkEditable($group)) {
             throw new AccessDeniedException();
         }
 
@@ -264,7 +265,7 @@ function deleteForm(Request $request, Response $response, $id)
     {
         $group = $this->userGroupFactory->getById($id);
 
-        if (!$this->isEditable($group)) {
+        if (!$this->getuser()->checkEditable($group)) {
             throw new AccessDeniedException();
         }
 
@@ -490,7 +491,7 @@ function edit(Request $request, Response $response, $id)
 
         $group = $this->userGroupFactory->getById($id);
 
-        if (!$this->isEditable($group)) {
+        if (!$this->getuser()->checkEditable($group)) {
             throw new AccessDeniedException();
         }
 
@@ -567,7 +568,7 @@ function delete(Request $request, Response $response, $id)
 
         $group = $this->userGroupFactory->getById($id);
 
-        if (!$this->isEditable($group)) {
+        if (!$this->getuser()->checkEditable($group)) {
             throw new AccessDeniedException();
         }
 
@@ -681,7 +682,7 @@ public function membersForm(Request $request, Response $response, $id)
     {
         $group = $this->userGroupFactory->getById($id);
 
-        if (!$this->isEditable($group)) {
+        if (!$this->getuser()->checkEditable($group)) {
             throw new AccessDeniedException();
         }
 
@@ -775,7 +776,7 @@ public function assignUser(Request $request, Response $response, $id)
         $sanitizedParams = $this->getSanitizer($request->getParams());
 
         $group = $this->userGroupFactory->getById($id);
-        if (!$this->isEditable($group)) {
+        if (!$this->getuser()->checkEditable($group)) {
             throw new AccessDeniedException();
         }
 
@@ -879,7 +880,7 @@ public function unassignUser(Request $request, Response $response, $id)
         $group = $this->userGroupFactory->getById($id);
         $sanitizedParams = $this->getSanitizer($request->getParams());
 
-        if (!$this->isEditable($group)) {
+        if (!$this->getuser()->checkEditable($group)) {
             throw new AccessDeniedException();
         }
 
@@ -915,7 +916,7 @@ function copyForm(Request $request, Response $response, $id)
     {
         $group = $this->userGroupFactory->getById($id);
 
-        if (!$this->isEditable($group)) {
+        if (!$this->getuser()->checkEditable($group)) {
             throw new AccessDeniedException();
         }
 
@@ -991,7 +992,7 @@ public function copy(Request $request, Response $response, $id)
         $sanitizedParams = $this->getSanitizer($request->getParams());
 
         // Check we have permission to view this group
-        if (!$this->isEditable($group)) {
+        if (!$this->getuser()->checkEditable($group)) {
             throw new AccessDeniedException();
         }
 
@@ -1027,14 +1028,4 @@ public function copy(Request $request, Response $response, $id)
 
         return $this->render($request, $response);
     }
-
-    /**
-     * @param \Xibo\Entity\UserGroup $group
-     * @return bool
-     */
-    private function isEditable($group)
-    {
-        return $this->getUser()->isSuperAdmin()
-            || ($this->getUser()->isGroupAdmin() && count(array_intersect($this->getUser()->groups, [$group])));
-    }
 }

lib/Entity/DisplayGroup.php

@@ -1,6 +1,6 @@
 <?php
 /*
- * Copyright (c) 2022 Xibo Signage Ltd
+ * Copyright (C) 2023 Xibo Signage Ltd
  *
  * Xibo - Digital Signage - http://www.xibo.org.uk
  *
@@ -821,6 +821,9 @@ public function delete()
         // Delete assignments
         $this->removeAssignments();
 
+        // delete link to ad campaign.
+        $this->getStore()->update('DELETE FROM `lkcampaigndisplaygroup` WHERE displayGroupId = :displayGroupId', ['displayGroupId' => $this->displayGroupId]);
+
         // Delete the Group itself
         $this->getStore()->update('DELETE FROM `displaygroup` WHERE DisplayGroupID = :displayGroupId', ['displayGroupId' => $this->displayGroupId]);
     }

lib/Entity/User.php

@@ -1,8 +1,8 @@
 <?php
 /*
- * Copyright (c) 2022 Xibo Signage Ltd
+ * Copyright (C) 2023 Xibo Signage Ltd
  *
- * Xibo - Digital Signage - http://www.xibo.org.uk
+ * Xibo - Digital Signage - https://xibosignage.com
  *
  * This file is part of Xibo.
  *
@@ -1172,9 +1172,18 @@ public function checkEditable($object)
             return true;
 
         // Group Admins
-        if ($this->userTypeId == 2 && count(array_intersect($this->groups, $this->userGroupFactory->getByUserId($object->getOwnerId()))))
-            // Group Admin and in the same group as the owner.
-            return true;
+        if ($object->permissionsClass() === 'Xibo\Entity\UserGroup') {
+            // userGroup does not have an owner (getOwnerId() returns 0 ), we need to handle it in a different way.
+            if ($this->userTypeId == 2 && count(array_intersect($this->groups, [$object]))) {
+                // Group Admin and group object in the user array of groups
+                return true;
+            }
+        } else {
+            if ($this->userTypeId == 2 && count(array_intersect($this->groups, $this->userGroupFactory->getByUserId($object->getOwnerId())))) {
+                // Group Admin and in the same group as the owner.
+                return true;
+            }
+        }
 
         // Get the permissions for that entity
         $permissions = $this->loadPermissions($object->permissionsClass());

lib/Helper/Environment.php

@@ -30,7 +30,7 @@
  */
 class Environment
 {
-    public static $WEBSITE_VERSION_NAME = '3.3.3';
+    public static $WEBSITE_VERSION_NAME = '3.3.4';
     public static $XMDS_VERSION = '6';
     public static $XLF_VERSION = 3;
     public static $VERSION_REQUIRED = '7.2.9';