From bd0130ea315d5f25a0da9c7bd1382228dbcd7593 Mon Sep 17 00:00:00 2001 From: mattamon Date: Mon, 16 Dec 2024 12:12:06 +0100 Subject: [PATCH 1/7] Fix faulty slash in condition --- src/Helper/GridHelperService.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php index 45ae42b87..51ad8d82e 100644 --- a/src/Helper/GridHelperService.php +++ b/src/Helper/GridHelperService.php @@ -935,7 +935,7 @@ private function optimizedConcatLike(string $fullpath): string return '( (`path` = "' . $path . '/" AND `key` = "' . $leaf . '") OR - `path` LIKE "' . $fullpath . '/%" + `path` LIKE "' . $fullpath . '%" )'; } @@ -999,11 +999,11 @@ protected function getPermittedPathsByUser(string $type, User $user): string // the result would be like `(((path1 OR path2) AND (not_path3 AND not_path4)))` $forbiddenAndAllowedSql = '('; - if ($allowedPathSql || $forbiddenPathSql) { + if (!empty($allowedPathSql) || !empty($forbiddenPathSql)) { $forbiddenAndAllowedSql .= '('; $forbiddenAndAllowedSql .= $allowedPathSql ? '( ' . implode(' OR ', $allowedPathSql) . ' )' : ''; - if ($forbiddenPathSql) { + if (!empty($forbiddenPathSql)) { //if $allowedPathSql "implosion" is present, we need `AND` in between $forbiddenAndAllowedSql .= $allowedPathSql ? ' AND ' : ''; $forbiddenAndAllowedSql .= implode(' AND ', $forbiddenPathSql); From 0b7366ea5516dfd3db077d24168e5a48066cb069 Mon Sep 17 00:00:00 2001 From: Sebastian Blank Date: Mon, 16 Dec 2024 19:07:53 +0100 Subject: [PATCH 2/7] Fix: Video Element not working (#785) * Fix: Video Element not working * data.allowedTypes is already correct from PHP class --- public/js/pimcore/document/editables/video.js | 1 - 1 file changed, 1 deletion(-) diff --git a/public/js/pimcore/document/editables/video.js b/public/js/pimcore/document/editables/video.js index 0153d9ae3..a7074d889 100644 --- a/public/js/pimcore/document/editables/video.js +++ b/public/js/pimcore/document/editables/video.js @@ -20,7 +20,6 @@ pimcore.document.editables.video = Class.create(pimcore.document.editable, { initialize: function($super, id, name, config, data, inherited) { $super(id, name, config, data, inherited); - data.allowedTypes = config.allowedTypes; this.data = data; }, From 3d0fca204f3918e65eebd253caae766738cffc99 Mon Sep 17 00:00:00 2001 From: Christian Fasching Date: Tue, 17 Dec 2024 14:32:25 +0100 Subject: [PATCH 3/7] [Bug] Fixed permission checks in certain constellations (#798) * fixed permission checks in certain constellations * fixed style * fixed permission checks in certain constellations --- src/Helper/GridHelperService.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php index 51ad8d82e..ddc46c7e4 100644 --- a/src/Helper/GridHelperService.php +++ b/src/Helper/GridHelperService.php @@ -954,7 +954,7 @@ private function optimizedConcatNotLike(string $fullpath, bool $onlyChildren = f } return '( - (`path` != "' . $path . '/" AND `key` != "' . $leaf . '") + NOT (`path` = "' . $path . '/" AND `key` = "' . $leaf . '") AND `path` NOT LIKE "' . $fullpath . '/%" )'; @@ -989,7 +989,9 @@ protected function getPermittedPathsByUser(string $type, User $user): string //if any allowed child is found, the current folder can be listed but its content is still blocked $onlyChildren = true; } - $forbiddenPathSql[] = $this->optimizedConcatNotLike($forbiddenPath, $onlyChildren) . $exceptions; + $forbiddenPathSql[] = + '(' . $this->optimizedConcatNotLike($forbiddenPath, $onlyChildren) . $exceptions . ')' + ; } foreach ($elementPaths['allowed'] as $allowedPaths) { $allowedPathSql[] = $this->optimizedConcatLike($allowedPaths); From 10815c50be0bd9d53da888c09cc17f802c637934 Mon Sep 17 00:00:00 2001 From: Lisa Lamplmair Date: Tue, 17 Dec 2024 14:47:07 +0100 Subject: [PATCH 4/7] [BUG] fix permission check in GridHelperService for wrong query column if type is asset (#793) * [BUG] fix permission check in GridHelperService for wrong query column if type is asset * add fixes for slashes and empty checks * revert / --------- Co-authored-by: Christian Fasching Co-authored-by: robertSt7 --- src/Helper/GridHelperService.php | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php index ddc46c7e4..3709913e6 100644 --- a/src/Helper/GridHelperService.php +++ b/src/Helper/GridHelperService.php @@ -315,8 +315,8 @@ public function getFilterCondition(string $filterJson, ClassDefinition $class, ? $fieldConditions = []; foreach ($filter['value'] as $filterValue) { $brickCondition = '(' . $brickField->getFilterCondition($filterValue, $operator, - ['brickPrefix' => $brickPrefix] - ) . ' AND ' . $brickType . '.fieldname = ' . $db->quote($brickFilterField) . ')'; + ['brickPrefix' => $brickPrefix] + ) . ' AND ' . $brickType . '.fieldname = ' . $db->quote($brickFilterField) . ')'; $fieldConditions[] = $brickCondition; } @@ -325,7 +325,7 @@ public function getFilterCondition(string $filterJson, ClassDefinition $class, ? } } else { $brickCondition = '(' . $brickField->getFilterCondition($filter['value'], $operator, - ['brickPrefix' => $brickPrefix]) . ' AND ' . $brickType . '.fieldname = ' . $db->quote($brickFilterField) . ')'; + ['brickPrefix' => $brickPrefix]) . ' AND ' . $brickType . '.fieldname = ' . $db->quote($brickFilterField) . ')'; $conditionPartsFilters[] = $brickCondition; } } elseif ($field instanceof ClassDefinition\Data\UrlSlug) { @@ -926,14 +926,15 @@ public function createXlsxExportFile(FilesystemOperator $storage, string $fileHa /** * A more performant alternative to "CONCAT(`path`,`key`) LIKE $fullpath" */ - private function optimizedConcatLike(string $fullpath): string + private function optimizedConcatLike(string $fullpath, string $type = 'object'): string { $pathParts = explode('/', $fullpath); $leaf = array_pop($pathParts); $path = implode('/', $pathParts); + $queryColumn = $type === 'asset' ? '`filename`' : '`key`'; return '( - (`path` = "' . $path . '/" AND `key` = "' . $leaf . '") + (`path` = "' . $path . '/" AND ' . $queryColumn . ' = "' . $leaf . '") OR `path` LIKE "' . $fullpath . '%" )'; @@ -943,18 +944,23 @@ private function optimizedConcatLike(string $fullpath): string * A more performant alternative to "CONCAT(`path`,`key`) NOT LIKE $fullpath" * Set $onlyChildren to true when you want to exclude the folder/element itself */ - private function optimizedConcatNotLike(string $fullpath, bool $onlyChildren = false): string + private function optimizedConcatNotLike( + string $fullpath, + bool $onlyChildren = false, + string $type = 'object' + ): string { $pathParts = explode('/', $fullpath); $leaf = array_pop($pathParts); $path = implode('/', $pathParts); + $queryColumn = $type === 'asset' ? '`filename`' : '`key`'; if ($onlyChildren) { return '`path` NOT LIKE "' . $fullpath . '/%"'; } return '( - NOT (`path` = "' . $path . '/" AND `key` = "' . $leaf . '") + NOT (`path` = "' . $path . '/" AND ' . $queryColumn . ' = "' . $leaf . '") AND `path` NOT LIKE "' . $fullpath . '/%" )'; @@ -983,18 +989,18 @@ protected function getPermittedPathsByUser(string $type, User $user): string if ($exceptionsConcat !== '') { $exceptionsConcat.= ' OR '; } - $exceptionsConcat.= $this->optimizedConcatLike($path); + $exceptionsConcat.= $this->optimizedConcatLike($path, $type); } $exceptions = ' OR (' . $exceptionsConcat . ')'; //if any allowed child is found, the current folder can be listed but its content is still blocked $onlyChildren = true; } $forbiddenPathSql[] = - '(' . $this->optimizedConcatNotLike($forbiddenPath, $onlyChildren) . $exceptions . ')' + '(' . $this->optimizedConcatNotLike($forbiddenPath, $onlyChildren, $type) . $exceptions . ')' ; } foreach ($elementPaths['allowed'] as $allowedPaths) { - $allowedPathSql[] = $this->optimizedConcatLike($allowedPaths); + $allowedPathSql[] = $this->optimizedConcatLike($allowedPaths, $type); } // this is to avoid query error when implode is empty. From 2626a8562dc7aa72ef6fe8a3016a02e80598dd9c Mon Sep 17 00:00:00 2001 From: robertSt7 Date: Tue, 17 Dec 2024 13:47:34 +0000 Subject: [PATCH 5/7] Apply php-cs-fixer changes --- src/Helper/GridHelperService.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php index 3709913e6..2f5cc959d 100644 --- a/src/Helper/GridHelperService.php +++ b/src/Helper/GridHelperService.php @@ -315,8 +315,8 @@ public function getFilterCondition(string $filterJson, ClassDefinition $class, ? $fieldConditions = []; foreach ($filter['value'] as $filterValue) { $brickCondition = '(' . $brickField->getFilterCondition($filterValue, $operator, - ['brickPrefix' => $brickPrefix] - ) . ' AND ' . $brickType . '.fieldname = ' . $db->quote($brickFilterField) . ')'; + ['brickPrefix' => $brickPrefix] + ) . ' AND ' . $brickType . '.fieldname = ' . $db->quote($brickFilterField) . ')'; $fieldConditions[] = $brickCondition; } @@ -325,7 +325,7 @@ public function getFilterCondition(string $filterJson, ClassDefinition $class, ? } } else { $brickCondition = '(' . $brickField->getFilterCondition($filter['value'], $operator, - ['brickPrefix' => $brickPrefix]) . ' AND ' . $brickType . '.fieldname = ' . $db->quote($brickFilterField) . ')'; + ['brickPrefix' => $brickPrefix]) . ' AND ' . $brickType . '.fieldname = ' . $db->quote($brickFilterField) . ')'; $conditionPartsFilters[] = $brickCondition; } } elseif ($field instanceof ClassDefinition\Data\UrlSlug) { @@ -948,8 +948,7 @@ private function optimizedConcatNotLike( string $fullpath, bool $onlyChildren = false, string $type = 'object' - ): string - { + ): string { $pathParts = explode('/', $fullpath); $leaf = array_pop($pathParts); $path = implode('/', $pathParts); From 0e3a8e14cb2399e348f4ab88e7147d37b76bbdd6 Mon Sep 17 00:00:00 2001 From: Christian Fasching Date: Tue, 17 Dec 2024 14:47:58 +0100 Subject: [PATCH 6/7] optimize permission concat (#799) --- src/Helper/GridHelperService.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php index 2f5cc959d..8b6beffb6 100644 --- a/src/Helper/GridHelperService.php +++ b/src/Helper/GridHelperService.php @@ -928,6 +928,11 @@ public function createXlsxExportFile(FilesystemOperator $storage, string $fileHa */ private function optimizedConcatLike(string $fullpath, string $type = 'object'): string { + //special case for the root folder + if($fullpath === '/') { + return '`path` LIKE "/%"'; + } + $pathParts = explode('/', $fullpath); $leaf = array_pop($pathParts); $path = implode('/', $pathParts); @@ -936,7 +941,7 @@ private function optimizedConcatLike(string $fullpath, string $type = 'object'): return '( (`path` = "' . $path . '/" AND ' . $queryColumn . ' = "' . $leaf . '") OR - `path` LIKE "' . $fullpath . '%" + `path` LIKE "' . $fullpath . '/%" )'; } From 38bc0b2e9ce5896a6942a9e6f40e2e4ba6df52d0 Mon Sep 17 00:00:00 2001 From: robertSt7 Date: Tue, 17 Dec 2024 13:48:25 +0000 Subject: [PATCH 7/7] Apply php-cs-fixer changes --- src/Helper/GridHelperService.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php index 8b6beffb6..9bab4b4d0 100644 --- a/src/Helper/GridHelperService.php +++ b/src/Helper/GridHelperService.php @@ -929,7 +929,7 @@ public function createXlsxExportFile(FilesystemOperator $storage, string $fileHa private function optimizedConcatLike(string $fullpath, string $type = 'object'): string { //special case for the root folder - if($fullpath === '/') { + if ($fullpath === '/') { return '`path` LIKE "/%"'; }