v5.30.3: Fixed configuration issues when a user with limited configur…

…ation access changes the configurations for the application. Audit is improved
h-mdm · Dec 24, 2024 · 39a7550 · 39a7550
1 parent a25b8d2
commit 39a7550
Show file tree

Hide file tree

Showing 18 changed files with 69 additions and 15 deletions.
diff --git a/common/src/main/java/com/hmdm/persistence/ApplicationDAO.java b/common/src/main/java/com/hmdm/persistence/ApplicationDAO.java
@@ -469,9 +469,9 @@ public void updateApplicationConfigurations(LinkConfigurationsToAppRequest reque
     }
 
     @Transactional
-    public void updateApplicationVersionConfigurations(LinkConfigurationsToAppVersionRequest request) {
+    public void updateApplicationVersionConfigurations(LinkConfigurationsToAppVersionRequest request, User user) {
         final int applicationVersionId = request.getApplicationVersionId();
-        this.removeApplicationConfigurationsByVersionId(applicationVersionId);
+        this.removeApplicationConfigurationsByVersionId(applicationVersionId, user);
 
         // If this version is set for installation, then other versions of same app must be set for de-installation
         final List<ApplicationVersionConfigurationLink> configurations = request.getConfigurations();
@@ -498,20 +498,22 @@ public void updateApplicationVersionConfigurations(LinkConfigurationsToAppVersio
 
         this.insertApplicationVersionConfigurations(applicationVersionId, configurations);
 
-        SecurityContext.get().getCurrentUser().ifPresent(user -> {
-            this.mapper.recheckConfigurationMainApplications(user.getCustomerId());
-            this.mapper.recheckConfigurationContentApplications(user.getCustomerId());
-            this.mapper.recheckConfigurationKioskModes(user.getCustomerId());
-        });
+        this.mapper.recheckConfigurationMainApplications(user.getCustomerId());
+        this.mapper.recheckConfigurationContentApplications(user.getCustomerId());
+        this.mapper.recheckConfigurationKioskModes(user.getCustomerId());
     }
 
-    public void removeApplicationConfigurationsByVersionId(Integer applicationVersionId) {
+    public void removeApplicationConfigurationsByVersionId(Integer applicationVersionId, User user) {
         final ApplicationVersion applicationVersion = findApplicationVersionById(applicationVersionId);
         final Application application = this.mapper.findById(applicationVersion.getApplicationId());
         final int userCustomerId = SecurityContext.get().getCurrentUser().get().getCustomerId();
 
         if (application.isCommon() || application.getCustomerId() == userCustomerId) {
-            this.mapper.removeApplicationVersionConfigurationsById(userCustomerId, applicationVersionId);
+            if (!user.isAllConfigAvailable()) {
+                this.mapper.removeApplicationVersionConfigurationsForLimitedUser(user.getId(), applicationVersionId);
+            } else {
+                this.mapper.removeApplicationVersionConfigurationsById(userCustomerId, applicationVersionId);
+            }
         } else {
             throw SecurityException.onApplicationAccessViolation(application);
         }

diff --git a/common/src/main/java/com/hmdm/persistence/mapper/ApplicationMapper.java b/common/src/main/java/com/hmdm/persistence/mapper/ApplicationMapper.java
@@ -231,6 +231,14 @@ List<ApplicationVersionConfigurationLink> getApplicationVersionConfigurationsWit
     void removeApplicationVersionConfigurationsById(@Param("customerId") int customerId,
                                                     @Param("id") Integer applicationVersionId);
 
+    @Delete({"DELETE FROM configurationApplications " +
+            "WHERE applicationVersionId=#{id} " +
+            "AND configurationId IN (SELECT configurationId " +
+            "                        FROM userConfigurationAccess " +
+            "                        WHERE userId=#{userId})"})
+    void removeApplicationVersionConfigurationsForLimitedUser(@Param("userId") int userId,
+                                                              @Param("id") Integer applicationVersionId);
+
     void insertApplicationConfigurations(@Param("applicationId") Integer applicationId,
                                          @Param("versionId") Integer applicationVersionId,
                                          @Param("confs") List<ApplicationConfigurationLink> configurations);

diff --git a/plugins/audit/src/main/java/com/hmdm/plugins/audit/rest/filter/ResourceAuditInfo.java b/plugins/audit/src/main/java/com/hmdm/plugins/audit/rest/filter/ResourceAuditInfo.java
@@ -50,6 +50,7 @@ public enum ResourceAuditInfo {
     UPDATE_FILE("POST", "/rest/private/web-ui-files/move", true, "plugin.audit.action.update.file", true, true),
     REMOVE_FILE("POST", "/rest/private/web-ui-files/remove", true, "plugin.audit.action.remove.file", true, true),
     UPDATE_APP_CONFIG("POST", "/rest/private/applications/configurations", true, "plugin.audit.action.update.app.config", true, true),
+    UPDATE_VERSION_CONFIG("POST", "/rest/private/applications/version/configurations", true, "plugin.audit.action.version.config", true, true),
     UPDATE_DESIGN("POST", "/rest/private/settings/design", true, "plugin.audit.action.update.design", true, true),
     UPDATE_USERROLES("POST", "/rest/private/settings/userRoles", false, "plugin.audit.action.update.user.roles", true, true),
     UPDATE_LANGUAGE("POST", "/rest/private/settings/lang", true, "plugin.audit.action.update.language", true, true),

diff --git a/plugins/audit/src/main/webapp/audit.module.js b/plugins/audit/src/main/webapp/audit.module.js
@@ -65,15 +65,24 @@ angular.module('plugin-audit', ['ngResource', 'ui.bootstrap', 'ui.router', 'ngTa
             "plugin.audit.action.update.application",
             "plugin.audit.action.update.webapp",
             "plugin.audit.action.remove.application",
+            "plugin.audit.action.update.version",
+            "plugin.audit.action.remove.version",
+            "plugin.audit.action.update.file",
+            "plugin.audit.action.remove.file",
             "plugin.audit.action.update.app.config",
+            "plugin.audit.action.version.config",
             "plugin.audit.action.update.design",
             "plugin.audit.action.update.user.roles",
             "plugin.audit.action.update.language",
             "plugin.audit.action.update.plugins",
             "plugin.audit.action.update.user",
             "plugin.audit.action.remove.user",
             "plugin.audit.action.update.group",
-            "plugin.audit.action.remove.group"
+            "plugin.audit.action.remove.group",
+            "plugin.audit.action.password.changed",
+            "plugin.audit.action.password.reset",
+            "plugin.audit.action.device.reset",
+            "plugin.audit.action.device.lock"
         ];
         $scope.filters = [{item: '', localized: localization.localize('plugin.audit.all.items')}];
         filters.forEach(function(item, index) {

diff --git a/plugins/audit/src/main/webapp/i18n/ar_AE.json b/plugins/audit/src/main/webapp/i18n/ar_AE.json
@@ -12,6 +12,7 @@
   "plugin.audit.action.update.webapp": "تم تحديث تطبيق الويب" ,
   "plugin.audit.action.remove.application": "تمت إزالة التطبيق" ,
   "plugin.audit.action.update.app.config": "تم تغيير تكوينات التطبيق" ,
+  "plugin.audit.action.version.config": "تم تغيير تكوينات الإصدار",
   "plugin.audit.action.update.design": "تم تحديث إعدادات التصميم" ,
   "plugin.audit.action.update.user.roles": "تم تحديث إعدادات دور المستخدم" ,
   "plugin.audit.action.update.language": "تم تحديث إعدادات اللغة" ,

diff --git a/plugins/audit/src/main/webapp/i18n/de_DE.json b/plugins/audit/src/main/webapp/i18n/de_DE.json
@@ -16,6 +16,7 @@
   "plugin.audit.action.update.file": "Datei aktualisiert",
   "plugin.audit.action.remove.file": "Datei entfernt",
   "plugin.audit.action.update.app.config": "Anwendungskonfigurationen geändert",
+  "plugin.audit.action.version.config": "Versionskonfigurationen geändert",
   "plugin.audit.action.update.design": "Designeinstellungen aktualisiert",
   "plugin.audit.action.update.user.roles": "Benutzerrolleneinstellungen aktualisiert",
   "plugin.audit.action.update.language": "Spracheinstellungen aktualisiert",

diff --git a/plugins/audit/src/main/webapp/i18n/en_US.json b/plugins/audit/src/main/webapp/i18n/en_US.json
@@ -16,6 +16,7 @@
   "plugin.audit.action.update.file": "File updated",
   "plugin.audit.action.remove.file": "File deleted",
   "plugin.audit.action.update.app.config": "Application configurations changed",
+  "plugin.audit.action.version.config": "Version configurations changed",
   "plugin.audit.action.update.design": "Design settings updated",
   "plugin.audit.action.update.user.roles": "User role settings updated",
   "plugin.audit.action.update.language": "Language settings updated",

diff --git a/plugins/audit/src/main/webapp/i18n/es_ES.json b/plugins/audit/src/main/webapp/i18n/es_ES.json
@@ -16,6 +16,7 @@
   "plugin.audit.action.update.file": "Archivo actualizado",
   "plugin.audit.action.remove.file": "Archivo removido",
   "plugin.audit.action.update.app.config": "Configuraciones de aplicacion cambiadas",
+  "plugin.audit.action.version.config": "Сonfiguraciones de la versión cambiadas",
   "plugin.audit.action.update.design": "Configuracion de diseño actualizada",
   "plugin.audit.action.update.user.roles": "Configuracion de rol de usuario actualizada",
   "plugin.audit.action.update.language": "Opciones de Lenguaje actualizadas",

diff --git a/plugins/audit/src/main/webapp/i18n/fr_FR.json b/plugins/audit/src/main/webapp/i18n/fr_FR.json
@@ -16,6 +16,7 @@
   "plugin.audit.action.update.file": "Fichier actualisée",
   "plugin.audit.action.remove.file": "Fichier supprimé",
   "plugin.audit.action.update.app.config": "Les configurations d'application ont changé",
+  "plugin.audit.action.version.config": "Les configurations de version ont changé",
   "plugin.audit.action.update.design": "Paramètres de conception actualisés",
   "plugin.audit.action.update.user.roles": "Paramètres de rôle utilisateur actualisés",
   "plugin.audit.action.update.language": "Paramètres de langue actualisés",

diff --git a/plugins/audit/src/main/webapp/i18n/ja_JP.json b/plugins/audit/src/main/webapp/i18n/ja_JP.json
@@ -16,6 +16,7 @@
   "plugin.audit.action.update.file": "ファイルが更新されました",
   "plugin.audit.action.remove.file": "ファイルが削除されました",
   "plugin.audit.action.update.app.config": "アプリケーション構成が変更されました",
+  "plugin.audit.action.version.config": "バージョン構成が変更されました",
   "plugin.audit.action.update.design": "デザイン設定を更新しました",
   "plugin.audit.action.update.user.roles": "ユーザー役割の設定が更新されました",
   "plugin.audit.action.update.language": "言語設定が更新されました",

diff --git a/plugins/audit/src/main/webapp/i18n/pt_PT.json b/plugins/audit/src/main/webapp/i18n/pt_PT.json
@@ -15,7 +15,8 @@
   "plugin.audit.action.remove.version": "Versão do aplicativo excluída",
   "plugin.audit.action.update.file": "Arquivo atualizado",
   "plugin.audit.action.remove.file": "Arquivo deletado",
-  "plugin.audit.action.update.app.config": "Atualizou Configuração do Aplicativo",
+  "plugin.audit.action.update.app.config": "Configurações da aplicação alteradas",
+  "plugin.audit.action.version.config": "Configurações de versão alteradas",
   "plugin.audit.action.update.design": "Atualizou Configurações de Design",
   "plugin.audit.action.update.user.roles": "Atualizou Permissões de usuário",
   "plugin.audit.action.update.language": "Atualizou Configurações de Idioma",

diff --git a/plugins/audit/src/main/webapp/i18n/ru_RU.json b/plugins/audit/src/main/webapp/i18n/ru_RU.json
@@ -16,6 +16,7 @@
   "plugin.audit.action.update.file": "Файл изменен",
   "plugin.audit.action.remove.file": "Файл удален",
   "plugin.audit.action.update.app.config": "Изменена привязка приложения к конфигурациям",
+  "plugin.audit.action.version.config": "Изменена привязка версии к конфигурациям",
   "plugin.audit.action.update.design": "Настройки дизайна изменены",
   "plugin.audit.action.update.user.roles": "Настройки ролей изменены",
   "plugin.audit.action.update.language": "Настройки языка изменены",

diff --git a/plugins/audit/src/main/webapp/i18n/zh_CN.json b/plugins/audit/src/main/webapp/i18n/zh_CN.json
@@ -16,6 +16,7 @@
   "plugin.audit.action.update.file": "文件已更新",
   "plugin.audit.action.remove.file": "文件已删除",
   "plugin.audit.action.update.app.config":"应用程序配置已更改",
+  "plugin.audit.action.version.config": "版本配置已更改",
   "plugin.audit.action.update.design":"设计设置已更新",
   "plugin.audit.action.update.user.roles":"用户角色设置已更新",
   "plugin.audit.action.update.language":"语言设置已更新",

diff --git a/plugins/audit/src/main/webapp/i18n/zh_TW.json b/plugins/audit/src/main/webapp/i18n/zh_TW.json
@@ -16,6 +16,7 @@
   "plugin.audit.action.update.file": "文件已更新",
   "plugin.audit.action.remove.file": "文件已刪除",
   "plugin.audit.action.update.app.config":"應用程序配置已更改",
+  "plugin.audit.action.version.config": "版本配置已更改",
   "plugin.audit.action.update.design":"設計設置已更新",
   "plugin.audit.action.update.user.roles":"用戶角色設置已更新",
   "plugin.audit.action.update.language":"語言設置已更新",

diff --git a/server/src/main/java/com/hmdm/rest/resource/ApplicationResource.java b/server/src/main/java/com/hmdm/rest/resource/ApplicationResource.java
@@ -40,6 +40,7 @@
 import com.hmdm.persistence.*;
 import com.hmdm.persistence.domain.ApplicationVersion;
 import com.hmdm.persistence.domain.Customer;
+import com.hmdm.persistence.domain.User;
 import com.hmdm.rest.json.*;
 import com.hmdm.security.SecurityContext;
 import com.hmdm.security.SecurityException;
@@ -225,6 +226,8 @@ public Response updateApplication(Application application) {
                     if (version != null) {
                         version.setUrl(application.getUrl());
                         applicationDAO.updateApplicationVersion(version);
+                        logger.info("Application " + application.getPkg() + " updated to version " + version.getVersion() +
+                                ", user " + SecurityContext.get().getCurrentUserName());
                     }
                 }
                 return Response.OK();
@@ -320,6 +323,8 @@ public Response updateApplicationVersion(ApplicationVersion applicationVersion)
                 applicationVersion = this.applicationDAO.findApplicationVersionById(applicationVersion.getId());
                 return Response.OK(applicationVersion);
             } else {
+                logger.info("Application " + applicationVersion.getApplicationId() + " version updated: " + applicationVersion.getVersion() +
+                        ", user " + SecurityContext.get().getCurrentUserName());
                 this.applicationDAO.updateApplicationVersion(applicationVersion);
                 return Response.OK();
             }
@@ -468,6 +473,13 @@ public Response updateApplicationConfigurations(LinkConfigurationsToAppRequest r
             return Response.PERMISSION_DENIED();
         }
         try {
+            User user = SecurityContext.get().getCurrentUser().get();
+            if (!user.isAllConfigAvailable()) {
+                // Remove all configurations unavailable to user
+                request.getConfigurations().removeIf(c ->
+                        user.getConfigurations().stream().filter(uc -> uc.getId() == c.getConfigurationId()).findFirst() == null);
+            }
+            logger.info("Application configurations updated by user " + SecurityContext.get().getCurrentUserName());
             this.applicationDAO.updateApplicationConfigurations(request);
 
             for (ApplicationConfigurationLink configurationLink : request.getConfigurations()) {
@@ -499,7 +511,15 @@ public Response updateApplicationVersionConfigurations(LinkConfigurationsToAppVe
             return Response.PERMISSION_DENIED();
         }
         try {
-            this.applicationDAO.updateApplicationVersionConfigurations(request);
+            User user = SecurityContext.get().getCurrentUser().get();
+            if (!user.isAllConfigAvailable()) {
+                // Remove all configurations unavailable to user
+                request.getConfigurations().removeIf(c ->
+                        user.getConfigurations().stream().filter(uc -> uc.getId() == c.getConfigurationId()).findFirst() == null);
+            }
+            logger.info("Application version configurations updated by user " +
+                    SecurityContext.get().getCurrentUserName());
+            this.applicationDAO.updateApplicationVersionConfigurations(request, user);
             for (ApplicationVersionConfigurationLink configurationLink : request.getConfigurations()) {
                 if (configurationLink.isNotify()) {
                     this.pushService.notifyDevicesOnUpdate(configurationLink.getConfigurationId());
@@ -536,6 +556,7 @@ public Response searchAdminApplications(@PathParam("value") String value) {
     @Produces(MediaType.APPLICATION_JSON)
     public Response turnApplicationIntoCommon(@PathParam("id") Integer id) {
         try {
+            logger.info("Turn application into common: " + id);
             this.applicationDAO.turnApplicationIntoCommon(id);
             return Response.OK();
         } catch (DuplicateApplicationException e) {

diff --git a/server/src/main/java/com/hmdm/rest/resource/ConfigurationResource.java b/server/src/main/java/com/hmdm/rest/resource/ConfigurationResource.java
@@ -160,7 +160,8 @@ public Response getConfigurations(String filter) {
     @Produces(MediaType.APPLICATION_JSON)
     public Response updateConfiguration(Configuration configuration) {
         if (!SecurityContext.get().hasPermission("configurations")) {
-            log.error("Unauthorized attempt to update the configuration " + configuration.getId());
+            log.error("Unauthorized attempt to update the configuration " + configuration.getId() +
+            ", user " + SecurityContext.get().getCurrentUserName());
             return Response.PERMISSION_DENIED();
         }
         try {
@@ -183,6 +184,7 @@ public Response updateConfiguration(Configuration configuration) {
                         userDAO.updateUserMainDetails(user);
                     }
                 } else {
+                    log.info("Configuration " + configuration.getName() + " updated by user "  + SecurityContext.get().getCurrentUserName());
                     this.configurationDAO.updateConfiguration(configuration);
                     this.pushService.notifyDevicesOnUpdate(configuration.getId());
                 }

diff --git a/server/src/main/java/com/hmdm/rest/resource/UpdateResource.java b/server/src/main/java/com/hmdm/rest/resource/UpdateResource.java
@@ -285,7 +285,8 @@ private void updateAppInConfig(UpdateEntry app) {
             link.setApplicationVersionId(newVersion.getId());
         }
         request.setConfigurations(linkList);
-        applicationDAO.updateApplicationVersionConfigurations(request);
+        logger.info("Application versions updated by the superadmin through 'Check for updates'");
+        applicationDAO.updateApplicationVersionConfigurations(request, SecurityContext.get().getCurrentUser().get());
     }
 
     private void processWebAppEntry(UpdateEntry entry) {

diff --git a/server/src/main/webapp/app/app.js b/server/src/main/webapp/app/app.js
@@ -41,7 +41,7 @@ angular.module('headwind-kiosk',
         'ja_JP': 'ja_JP'
     })
     .constant("LOCALIZATION_BUNDLES", ['en_US', 'ru_RU', 'fr_FR', 'pt_PT', 'ar_AE', 'es_ES', 'de_DE', 'zh_TW', 'zh_CN', 'ja_JP'])
-    .constant("APP_VERSION", "5.30.1") // Update this value on each commit
+    .constant("APP_VERSION", "5.30.3") // Update this value on each commit
     .constant("ENGLISH", "en_US")
     .provider('getBrowserLanguage', function (ENGLISH, SUPPORTED_LANGUAGES) {
         this.f = function () {