Merge branch 'develop' into main

Internet2 · Sep 29, 2023 · 9628024 · 9628024
2 parents 151f0a3 + 0562175
commit 9628024
Show file tree

Hide file tree

Showing 12 changed files with 101 additions and 43 deletions.
diff --git a/app/Config/Schema/schema.xml b/app/Config/Schema/schema.xml
@@ -1263,7 +1263,36 @@
       <col>source_label</col>
     </index>
   </table>
-
+
+  <table name="co_provisioning_targets">
+    <field name="id" type="I">
+      <key />
+      <autoincrement />
+    </field>
+    <field name="co_id" type="I">
+      <notnull />
+      <constraint>REFERENCES cm_cos(id)</constraint>
+    </field>
+    <field name="description" type="C" size="256" />
+    <field name="plugin" type="C" size="32" />
+    <field name="provision_co_group_id" type="I">
+      <constraint>REFERENCES cm_co_groups(id)</constraint>
+    </field>
+    <field name="skip_org_identity_source_id" type="I">
+      <constraint>REFERENCES cm_org_identity_sources(id)</constraint>
+    </field>
+    <field name="status" type="C" size="2" />
+    <field name="retry_interval" type="I" />
+    <field name="max_retry" type="I" />
+    <field name="ordr" type="I" />
+    <field name="created" type="T" />
+    <field name="modified" type="T" />
+
+    <index name="co_provisioning_targets_i1">
+      <col>co_id</col>
+    </index>
+  </table>
+
   <table name="co_provisioning_counts">
     <field name="id" type="I">
       <key />
@@ -1297,35 +1326,6 @@
     </index>
   </table>
 
-  <table name="co_provisioning_targets">
-    <field name="id" type="I">
-      <key />
-      <autoincrement />
-    </field>
-    <field name="co_id" type="I">
-      <notnull />
-      <constraint>REFERENCES cm_cos(id)</constraint>
-    </field>
-    <field name="description" type="C" size="256" />
-    <field name="plugin" type="C" size="32" />
-    <field name="provision_co_group_id" type="I">
-      <constraint>REFERENCES cm_co_groups(id)</constraint>
-    </field>
-    <field name="skip_org_identity_source_id" type="I">
-      <constraint>REFERENCES cm_org_identity_sources(id)</constraint>
-    </field>
-    <field name="status" type="C" size="2" />
-    <field name="retry_interval" type="I" />
-    <field name="max_retry" type="I" />
-    <field name="ordr" type="I" />
-    <field name="created" type="T" />
-    <field name="modified" type="T" />
-
-    <index name="co_provisioning_targets_i1">
-      <col>co_id</col>
-    </index>
-  </table>
-
   <table name="identifiers">
     <field name="id" type="I">
       <key />

diff --git a/app/Controller/CoPeopleController.php b/app/Controller/CoPeopleController.php
@@ -237,6 +237,14 @@ public function beforeRender() {
       $args['contain'] = false;
 
       $this->set('vv_vetting_step_count', $this->Co->VettingStep->find('count', $args));
+
+      // Calculate COU node path from root in case the role COU has a parent id.
+      foreach($this->viewVars["co_people"][0]["CoPersonRole"] as $idx => $prole) {
+        if(isset($prole['Cou']['id'])) {
+          // Add the path to parent node under the COU record
+          $this->viewVars["co_people"][0]["CoPersonRole"][$idx]["Cou"]["path"] = $this->constructTreeParentPath($prole['Cou']['id']);
+        }
+      }
     }
 
     parent::beforeRender();
@@ -474,7 +482,29 @@ public function compare($id) {
       $this->view($id);
     }
   }
-
+
+  /**
+   * Create path from parent
+   *
+   * @param  int    $nodeId   The ID of the node
+   * @return string           The path
+   *
+   * @since  COmanage Registry        v4.3.0
+   */
+  public function constructTreeParentPath($nodeId) {
+    if(empty($nodeId)) return "";
+    if(!$this->CoPerson->CoPersonRole->Cou->Behaviors->enabled('Tree')) {
+      return "";
+    }
+
+    $parents = $this->CoPerson->CoPersonRole->Cou->getPath($nodeId);
+
+    if(empty($parents)) return "";
+
+    $parent_names = Hash::extract($parents, '{n}.Cou.name');
+    return implode(" / ", $parent_names);
+  }
+
   /**
    * Expunge (delete with intelligent clean up) a CO Person.
    * - precondition: <id> must exist

diff --git a/app/Controller/Component/RoleComponent.php b/app/Controller/Component/RoleComponent.php
@@ -1276,12 +1276,20 @@ public function isCoOrCouAdminForCoPerson($coPersonId, $subjectCoPersonId) {
    * @param  Integer CO Person Role ID of subject
    * @return Boolean True if the CO Person is a CO(U) Administrator for the subject, false otherwise
    */
-   
+
   public function isCoOrCouAdminForCoPersonRole($coPersonId, $subjectCoPersonRoleId) {
     if(!$coPersonId) {
       return false;
     }
 
+    // Find the person's CO
+    try {
+      $coId = $this->cachedCoIdLookup($coPersonId);
+    }
+    catch(InvalidArgumentException $e) {
+      throw new InvalidArgumentException($e->getMessage());
+    }
+
     // Look up the CO Person ID for the subject and then hand off the request.
 
     $CoPersonRole = ClassRegistry::init('CoPersonRole');
@@ -1292,11 +1300,28 @@ public function isCoOrCouAdminForCoPersonRole($coPersonId, $subjectCoPersonRoleI
 
     $copr = $CoPersonRole->find('first', $args);
 
-    if($copr && isset($copr['CoPersonRole']['co_person_id'])) {
-      return $this->isCoOrCouAdminForCoPerson($coPersonId, $copr['CoPersonRole']['co_person_id']);
-    } else {
+    if(empty($copr)
+      || !isset($copr['CoPersonRole']['co_person_id'])
+      || empty($copr["CoPersonRole"]["cou_id"])) {
       return false;
     }
+
+    // I am the CO Admin
+    if($this->isCoAdminForCoPerson($coPersonId, $copr['CoPersonRole']['co_person_id'])) {
+      return true;
+    }
+
+    // Next, pull the COUs for which $coPersonId is a COU admin
+    $adminCous = $this->couAdminFor($coPersonId);
+
+    if(empty($adminCous)) {
+      return false;
+    }
+
+    $adminCousIds = array_keys($adminCous);
+
+    // I am the COU admin
+    return in_array($copr["CoPersonRole"]["cou_id"], $adminCousIds);
   }
 
   /**

diff --git a/app/Model/CoInvite.php b/app/Model/CoInvite.php
@@ -289,7 +289,7 @@ public function send($coPersonId,
                        $actorPersonId,
                        $toEmail,
                        $fromEmail=null,
-                       $coName,
+                       $coName=null,
                        $subject=null,
                        $template=null,
                        $emailAddressID=null,

diff --git a/app/View/CoPeople/fields.inc b/app/View/CoPeople/fields.inc
@@ -1105,7 +1105,7 @@
                   // Action Column
                   if ($es // Editing self
                     || empty($r['Cou']) // No COU set for this person
-                    || (isset($r['Cou']['name']) && in_array($r['Cou']['name'], $permissions['cous']))
+                    || (isset($r['Cou']['name']) && in_array($r['Cou']['path'], $permissions['cous']))
                   ) // Admin for the COU
                   {
                     // COU Admins can only edit their own folks, so we need a bit of

diff --git a/app/View/Layouts/default.ctp b/app/View/Layouts/default.ctp
@@ -81,7 +81,7 @@
     <?php
       /* only JQuery, Bootstrap, and Vue here - other scripts at bottom. Note that until
          jQueryUI is deprecated, it must be loaded after Bootstrap.  */
-      print $this->Html->script('jquery/jquery-3.5.1.min.js') . "\n    ";
+      print $this->Html->script('jquery/jquery-3.7.1.min.js') . "\n    ";
       print $this->Html->script('bootstrap/bootstrap-4.5.3-dist/js/bootstrap.bundle.min.js') . "\n    ";
       print $this->Html->script('jquery/jquery-ui-1.13.2.custom/jquery-ui.min.js') . "\n    ";
       print $this->Html->script('vue/vue-3.2.31.global.prod.js') . "\n    ";

diff --git a/app/View/Layouts/redirect.ctp b/app/View/Layouts/redirect.ctp
@@ -55,7 +55,7 @@
 
     <!-- Load JavaScript -->
     <?php /* only JQuery and Bootstrap here - other scripts at bottom */
-      print $this->Html->script('jquery/jquery-3.5.1.min.js') . "\n    ";
+      print $this->Html->script('jquery/jquery-3.7.1.min.js') . "\n    ";
       print $this->Html->script('bootstrap/bootstrap-4.5.3-dist/js/bootstrap.min.js') . "\n    ";
       print $this->Html->script('jquery/jquery-ui-1.13.2.custom/jquery-ui.min.js') . "\n    ";
     ?>

diff --git a/app/webroot/js/jquery/jquery-3.5.1.min.js b/app/webroot/js/jquery/jquery-3.5.1.min.js
diff --git a/app/webroot/js/jquery/jquery-3.7.1.min.js b/app/webroot/js/jquery/jquery-3.7.1.min.js
diff --git a/container/aws/buildspec/aws_buildspec.yml b/container/aws/buildspec/aws_buildspec.yml
@@ -3,7 +3,7 @@ version: 0.2
 env:
   shell: bash
   variables:
-    LABEL: "4.3.0-rc2"
+    LABEL: "4.3.0"
   exported-variables:
     - LABEL
 

diff --git a/container/aws/buildspec/aws_buildspec_manifest.yml b/container/aws/buildspec/aws_buildspec_manifest.yml
@@ -3,7 +3,7 @@ version: 0.2
 env:
   shell: bash
   variables:
-    LABEL: "4.3.0-rc2"
+    LABEL: "4.3.0"
   exported-variables:
     - LABEL
 

diff --git a/container/registry/base/comanage_utils.sh b/container/registry/base/comanage_utils.sh
@@ -1348,6 +1348,8 @@ ServerName ${COMANAGE_REGISTRY_VIRTUAL_HOST_SCHEME:-http}://${COMANAGE_REGISTRY_
 UseCanonicalName On
 UseCanonicalPhysicalPort On
 
+Header set Content-Security-Policy "frame-ancestors 'self';"
+
 EOF
 }
 
@@ -1375,6 +1377,7 @@ UseCanonicalName On
 UseCanonicalPhysicalPort On
 
 Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
+Header always set Content-Security-Policy "frame-ancestors 'self';"
 
 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3