Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2018 01 17 tara perm roles #60

Open
wants to merge 227 commits into
base: permission_roles
Choose a base branch
from
Open

2018 01 17 tara perm roles #60

wants to merge 227 commits into from

Conversation

ridz1208
Copy link

@ridz1208 ridz1208 commented Feb 2, 2018
edited
Loading

@Tara I made this PR just to point you towards my branch of changes implemented on top of yours. This branch was rebased on top of 19.0 since soon 19.0 will be pushed to bugfix,minor and major so this is taking some advance on it. (to see clear changes do a git compare with aces/19.0-dev)

non-roles-related changes

roles-related changes:

  • created a roles class and a permissions class
  • cleaned up the patch moved stuff around in the script alot
  • added more restrictive rules to the arguments passed from the command line
  • extracted as much as possible SQL code from the script and moved it into the Role and permission classes
  • commented several sections of the code
  • similar changes in the ajax
  • modified SQL to follow latest conventions

changes are not yet done....

Compare to 19.0
https://github.com/aces/Loris/compare/19.0-dev...ridz1208:2018_01_17_tara_perm_roles?expand=1

Jkat and others added 30 commits October 5, 2017 14:05
@Jkat @driusan
[Core] Fixing Instrument setup function call definitions (aces#2916)
215d69f 
This updates the function signature of NDB_BVL_Instrument to fix PHP warnings introduced by aces#2812. 

Developers of instruments should update their own code accordingly, to ensure they don't generate their own errors about mismatched signature types.
@xlecours @driusan
allow post data to be resent instead of discarded after redirect (ace…
198a259 
…s#2941)

This allows post data to be automatically resent after a redirect by changing the HTTP response code from 301 to 307.
@kongtiaowang @driusan
[Core] update Utility::nullifyEmpty to use return value (aces#2952)
f7f324c 
Update some calls to Utility::nullifyEmpty to use the return value in order to make it possible to later update to pass-by-value and not depend on (documented) side-effects of the function call.
@driusan
[Reset Password] UI should say username, not email (aces#3042)
d527300 
Password resets use the username to send the password reset email, but the front-end prompts for an email. This fixes the text in the frontend.
@driusan
Improve entropy in temporary password generation (aces#3045)
6b1168b 
Update mt_rand to use random_int when generating temporary passwords.

From the PHP manual regarding mt_rand:
 
Caution
This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using random_int(), random_bytes(), or openssl_random_pseudo_bytes() instead.
@davidblader @driusan
Fix MRI Protocol Show/Hide links (aces#3057)
0b47680 
Show / Hide mri-protocol table functionality was not doing anything. This re-adds the mri-protocol id to the table and calls the show / hide functions on the parent element to get rid of dynamic table artifacts.

See: https://redmine.cbrain.mcgill.ca/issues/8830
@Jkat @driusan
Fixing Excel Dumps URL rewrites (aces#2978)
8afb203 
Old LORIS instances used a hardcoded dataDumps directory with an .htaccess file to protect it, but LORIS is currently treating the directory as a module, even if it exists.

This adds an exception so that those projects can still access their old excel dumps, but should not affect new LORIS instances.
@driusan
Fix empty result in getMaxThreadStatus for NDB_BVL_Feedback (aces#3141)
178d9be 
The NDB_BVL_Feedback class incorrectly had a isset check instead of an !empty
check to determine if an SQL query returned any results. isset would never
be false, because the variable is set directly above the check.

This updates it to be !empty, so that "null" is properly returned when
there is no feedback.
@ridz1208 @driusan
[tools] Properly escape table and column names in upgrade script (ace…
dc5d005 
…s#3168)

Properly escape table and column names in tools/DB_date_zeros_removal.php script.
@davidblader @driusan
[Data Dictionary] Update TestPlan to include testing of data_dictiona…
beef99d 
…ry_builder.php (aces#3053)

TestPlan for this module should include testing of related tool scripts.
@davidblader @driusan
[Imaging Uploader] Fix "Please click here to go back" link RM13189 (a…
c3328cd 
…ces#3163)
@driusan
Declare User::isPasswordStrong to be a static function (aces#3169)
63a7e76 
This fixes the error:

"Deprecated: Non-static method User::isPasswordStrong() should not be called statically in /var/www/loris/php/libraries/SinglePointLogin.class.inc on line 201" when resetting a password.

`git grep isPasswordStrong` shows that all calls to User::isPasswordStrong are already
made statically, so only the function signature needs to be updated.
@ridz1208 @driusan
[login] added slashes at the end of account links (aces#3176)
f1a5add 
This slashes at the end of the password-reset and request-account links on the login page, in order to prevent an unnecessary redirect to the URL with a slash at the end.

This was also causing conflicts with some nginx reverse-proxy configurations.
@Jkat @driusan
[Install] Updating Heroku postdeploy password generation (aces#3171)
87c7fa4 
Fix Heroku password generation. It was referencing the wrong (old) column name, which no longer exists.
@driusan
Ensure that UserID matches database when logging in (aces#3178)
89ddc81 
The MySQL string comparison in SinglePointLogin was
authenticating in a case-insensitive manner, resulting
in various places in the code failing if they tried to
compare $_SESSION['State']->getUsername() (which has
the value from when the user logged in) with User::singleton()->getUsername()
(which has the value from the database) in PHP (which,
unlike MySQL, *is* case sensitive.)

This updates the SinglePointLogin class so that it uses
the username from the database, rather than the HTTP request
for the username in $_SESSION['State'].
@driusan
Fix mangling of numeric column names in instruments (aces#3179)
29652a1 
In LorisForm, the array key for any numeric field name was getting
mangled to "0" by the array_merge function, causing the saving and
validation to fail.

This replaces array_merge with "+" to ensure that the keys do not
get changed in the submit values.
@driusan
Make Travis immediately exit if it fails linting (aces#3186)
355eb67 
This makes Travis immediately fail if it fails a linting test, rather than waiting for the fully integration test suite to run before indicating failure.

This should speed up our CI process, since currently Travis is waiting for a backlog of builds (which mostly fail PHPCS) to finish before starting new builds.
@MounaSafiHarab @driusan
Instrument List: hasAccess() should have the timePoint variable with …
d377b02 
…capital P (aces#3182)

Fix case in variable name.
@driusan
Allow "0" to be saved in required fields (aces#3180)
b54e555 
LorisForm was determining if a value is supplied by using the empty()
function, which means that 0 was not considered a submitted value.

This changes it to be more specific about what values it checks and only
denies null or the empty string.
@driusan
Fix convert array to string error in dashboard (aces#3149)
4b1d256 
I was getting an error about converting arrays to strings on the dashboard,
because a query which returns no results return an empty array.

This changes the check from !== null to !empty() to fix this error.
@Jkat @driusan
[DQT] Fixing getScanTypes query in CouchDB MRI Importer (aces#3131)
1bc6e5b 
Fix bug where CouchDB MRI import script was not working with MySQL and strict group by mode.
@davidblader @driusan
[Imaging Uploader] Prevent upload duplication and handle other mriFil…
4d587ea 
…e statuses (aces#3150)

When retrieving the list of MRI's, _getFileList will only append files which already exist in the incoming data directory. However these files get deleted when the MRI pipeline runs successfully, allowing for duplicate uploads for previously successful files. It can be assumed that the insertion was successful based on the number of MINCs inserted being > 0. Use this in addition to file existence to generate the mriList which gets checked when an upload form is submitted.
@driusan
[Data Release] Remove superfluous session checks generating PHP Notic…
283bbca 
…es (aces#3016)

This removes redundant code checking config files and client initialization.

It is redundant because these lines of codes don't affect functionality. Attempts to download files, whether logged in or not, function in the same way whether these lines of code are present or not. Successful download if logged in, 401 status code otherwise.

However, the presence of $client->initialize("../project/config.xml"); causes a PHP Notice when a session already exists everytime a file is downloaded.

This code is copy-pasted widely across LORIS and it is likely worth reviewing to see if it adds any functionality.
@driusan
[next_stage] Convert module to proper LORIS module structure (aces#3184)
f4d2136 
This updates the next_stage module to the "modern", non-deprecated module format.
@driusan
Update VERSION to 18.0.2
aea9470
@driusan
[Help Editor] Correct function comment that was copy pasted from else…
7223731 
…where (aces#2977)

Help Editor is not Final Radiological Review
@ridz1208 @driusan
[Candidate] Functions moved to candidate class (aces#3023)
2f9826e 
This moves 2 static functions from the candidate_parameters class to the candidate class since they're used across different modules.
@driusan
[Doc Repo] Remove superfluous session checks generating PHP Notices (a…
36d0976 
…ces#3017)

The ajax script was duplicating code that was already run from AjaxHelper.php, so is removed.
@driusan
[Help Editor] Fix array issues caused by super confusing code (aces#2969
3c82b37 
)

Prevent generation of PHP Notices relating to non-existing array keys in help_editor
@ridz1208 @driusan
[tools] fixing PHP concatenation in DB_date_zeros_removal.php script (a…
612e476 
…ces#3195)

The function call was inside of a string literal, and being interpreted as a string.
kongtiaowang and others added 20 commits January 31, 2018 13:53
@kongtiaowang @driusan
[dashboard] truncated names in dashboard "incomplete tests" section (a…
964bf9a 
…ces#3460)

This fixes the link in the dashboard "incomplete tests" section.
@xlecours @driusan
[Genomic_Browser] select to pselect (aces#3454)
d1f1a86 
This removes the last DB->select by changing them to pselect which use prepared statements.

Cleans the "PHP Warning: Missing argument 2 for Database::select()" message in the error log.
@driusan
Update configuration module README to follow imaging_browser template (
4265c70 
…aces#3374)

This updates the configuration module readme.md to follow the template
for module specifications set by the imaging_browser README. (It also
renames the file to README.md to be more consistent.)

The "How to use this module" part of the existing readmd was moved to
markdown help content with slight modification, while the "How to upgrade
from config.xml" which was relevant for the LORIS 14.12 release was removed as it's
no longer relevant.
@driusan
Add next_stage spec (aces#3409)
a85087f 
Add README to next_stage module.
@ridz1208 @driusan
Add README for examiner module (aces#3420)
48ac291 
Add README for examiner module which defines the specifications in the standard format.
@PapillonMcGill @driusan
[media] Add language selector field for upload (aces#3356)
629d3df 
Add a language selector field for media uploads.
@PapillonMcGill @driusan
[survey] added check for Active flag on candidate in query (aces#3384)
5c330e6 
This adds a check for Active candidate in the survey query.
@driusan
Merge remote-tracking branch 'aces/bugfix' into HEAD
a6fe03e
@cmadjar @driusan
[Upgrade Script] Prompt for MySQL username and password (aces#3473)
d884357 
This modifies the way the mysqldump is called in cleanup_mri_tables_for_19-0_release.php.

Instead of using the username and password from the config.xml file, it prompts the user running the script to enter the MySQL username and password to use for mysqldump. The user in the config file does not always have sufficient permissions.
@driusan
Added README for data team helper module (aces#3400)
b6ae02f 
This adds a README/spec for the data team helper module, following the format of other modules.
@kongtiaowang @driusan
[Travis] run docker test on php 7.1 for minor branch (aces#3490)
75c2152 
This runs the LORIS test suite under docker to fixes Travis failures out of our control.
@driusan
Fix Travis build (aces#3494)
f90cafe
@xlecours @driusan
[Survey accounts] Fix surveys datepicker (aces#3497)
2e86a0b 
This add modernizer and polyfill libraries for datepicker to be used by browsers like Safari in surveys.
@cmadjar @driusan
Back up SQL from cleanup_mri_tables_for_19-0_release.php saved in pro…
49b6261 
…ject/backup now (aces#3483)

This updates the cleanup_mri_tables_for_19-0_release.php script to save the backup SQL file in project/backup as suggested in PR aces#3473 by @ridz1208.
@ridz1208 @driusan
[CouchDB] Fix database name in libraries (aces#3489)
cb54fda 
This corrects the name of the config setting referring to the couchDB databases in the config.xml. This name was changed from database to dbName to be differentiated from the MySQL database credentials and was accidentally reverted in 8b09f59.
@driusan
Fix minor branch Travis (aces#3495)
5d6b9ea 
This makes the Travis testing on minor in sync with the major branch, although PHP 7.2 is not tested because the fixes are currently only in major.
@kongtiaowang @driusan
[travis-ci] test php 7.0 and 7.1 on minor branch (aces#3499)
7bda632 
Fix Travis to run on both PHP 7.0 and 7.1 again.
@xlecours @driusan
[API] Adding endpoint for project's images (aces#3369)
3861355 
This adds an endpoint to provide image file links. It support a single GET parameter: "?since=", which takes a date as a parameter and returns the images since that date.
@ridz1208 @driusan
[Version] Version 19.0.0 (aces#3445)
073778a 
Update VERSION file to 19.0.0.
@ridz1208
Merge tag 'v19.0.0' into 2018_02_22_upgrading_minor_to_19
903e0c9
@ridz1208 ridz1208 force-pushed the 2018_01_17_tara_perm_roles branch from c30c73a to 029badd Compare February 23, 2018 00:15
ridz1208 and others added 2 commits February 22, 2018 19:52
@ridz1208
[Core-Database] added new function to avoid code duplication
efeb72a 
smarter

Update Database.class.inc

new function

renamed
@taracampbell @ridz1208
full rebase
1693592 
major changes to the script

Major changes

Everything works

first of many

renamed

renamed
@ridz1208 ridz1208 force-pushed the 2018_01_17_tara_perm_roles branch from 029badd to 1693592 Compare February 23, 2018 00:53
@ridz1208 ridz1208 force-pushed the 2018_01_17_tara_perm_roles branch 3 times, most recently from 085f53e to 32b46e0 Compare March 1, 2018 19:29
@ridz1208 ridz1208 force-pushed the 2018_01_17_tara_perm_roles branch from 32b46e0 to 364e80d Compare March 1, 2018 21:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.