Merge branch 'master' into develop

awalkowiak · Nov 14, 2017 · 51726e4 · 51726e4
2 parents 99be62b + 70b4a74
commit 51726e4
Show file tree

Hide file tree

Showing 79 changed files with 1,433 additions and 1,631 deletions.
diff --git a/grails-app/conf/AccessLogFilters.groovy b/grails-app/conf/AccessLogFilters.groovy
@@ -12,12 +12,11 @@ import org.apache.commons.logging.LogFactory
 
 class AccessLogFilters {
 
-	private static final Log accessLog = LogFactory.getLog('accessLog')
-
 	def filters = {
 		all(controller:'*', action:'*') {
 			before = {
-				accessLog.info("$controllerName:$actionName")
+				log.info("$controllerName.$actionName: [user:${session?.user?.username}, location:${session?.warehouse?.name}]")
+                log.debug("$controllerName.$actionName: ${params}")
 			}
 		}
 	}

diff --git a/grails-app/conf/Config.groovy b/grails-app/conf/Config.groovy
@@ -130,12 +130,21 @@ grails.validateable.packages = [
 ]
 
 /* Default settings for emails sent through the SMTP appender  */
-mail.error.server = 'localhost'
-mail.error.port = 25
-mail.error.from = '[email protected]'
+//mail.error.server = 'localhost'
+//mail.error.port = 25
+//mail.error.from = '[email protected]'
+//mail.error.to = '[email protected]'
+//mail.error.subject = '[OpenBoxes '+GrailsUtil.environment+']'
+//mail.error.debug = true
+mail.error.debug = false
 mail.error.to = '[email protected]'
-mail.error.subject = '[OpenBoxes '+GrailsUtil.environment+']'
-mail.error.debug = true
+mail.error.server = grails.mail.host
+mail.error.port = grails.mail.port
+mail.error.from = grails.mail.from
+mail.error.username = grails.mail.username
+mail.error.password = grails.mail.password
+mail.error.prefix = grails.mail.prefix
+
 
 // set per-environment serverURL stem for creating absolute links
 environments {
@@ -215,7 +224,7 @@ log4j = {
                 "Username: %X{username}%n" +
                 "Location: %X{location}%n" +
                 "Locale: %X{locale}%n" +
-				"IP address: %X{ipAddress} http://whatismyipaddress.com/ip/%X{ipAddress}%n" +
+				"IP address: %X{ipAddress}%n" +
 				"Request URI: %X{requestUri}%n" +
                 "Request URL: %X{requestUrl}%n" +
 				"Query string: %X{queryString}%n" +
@@ -229,7 +238,7 @@ log4j = {
 					name: 'smtp',
 					to: mail.error.to,
 					from: mail.error.from,
-					subject: mail.error.subject + " %m",
+					subject: mail.error.prefix + " %m",
 					threshold: Level.ERROR,
 					//SMTPHost: mail.error.server,
 					layout: pattern(conversionPattern: conversionPattern))
@@ -240,11 +249,11 @@ log4j = {
 					name: 'smtp',
 					to: mail.error.to,
 					from: mail.error.from,
-					subject: mail.error.subject + " %m",
+					subject: mail.error.prefix + " %m",
 					threshold: Level.ERROR,
-					//SMTPHost: mail.error.server,
-					//SMTPUsername: mail.error.username,
-					//SMTPPassword: mail.error.password,
+					SMTPHost: mail.error.server,
+					SMTPUsername: mail.error.username,
+					SMTPPassword: mail.error.password,
 					SMTPDebug: mail.error.debug,
 					layout: pattern(conversionPattern: conversionPattern))
 			}
@@ -254,12 +263,12 @@ log4j = {
 					name: 'smtp',
 					to: mail.error.to,
 					from: mail.error.from,
-					subject: mail.error.subject + " An application error occurred",
+					subject: mail.error.prefix + " Application error occurred",
 					threshold: Level.ERROR,
-					//SMTPHost: mail.error.server,
-					//SMTPUsername: mail.error.username,
+					SMTPHost: mail.error.server,
+					SMTPUsername: mail.error.username,
 					SMTPDebug: mail.error.debug,
-					//SMTPPassword: mail.error.password,
+					SMTPPassword: mail.error.password,
 					layout: pattern(conversionPattern: conversionPattern))
 			}
 

diff --git a/grails-app/conf/RoleFilters.groovy b/grails-app/conf/RoleFilters.groovy
@@ -13,29 +13,47 @@ class RoleFilters {
     def static changeActions = ['edit', 'delete', 'create', 'add', 'process', 'save',
             'update', 'importData', 'receive', 'showRecordInventory', 'withdraw', 'cancel', 'change', 'toggle']
     def static changeControllers = ['createProductFromTemplate']
+
     def static adminControllers = ['createProduct', 'createProductFromTemplate', 'admin']
-    def static adminActions = ['console':['index','execute'], 'product': ['create'], 'person': ['list'], 'user': ['list'], 'location': ['edit'], 'shipper': ['create'], 'locationGroup': ['create'], 'locationType': ['create'], '*': ['delete']]
+    def static adminActions = ['product': ['create'], 'person': ['list'], 'user': ['list'], 'location': ['edit'], 'shipper': ['create'], 'locationGroup': ['create'], 'locationType': ['create']]
+
+    def static superuserControllers = []
+    def static superuserActions = ['console':['index','execute'], '*': ['delete']]
+
     def filters = {
         readonlyCheck(controller: '*', action: '*') {
             before = {
-                if (SecurityFilters.actionsWithAuthUserNotRequired.contains(actionName) || actionName == "chooseLocation" || controllerName == "errors") return true
+
+                // Anonymous
+                if (SecurityFilters.actionsWithAuthUserNotRequired.contains(actionName) || actionName == "chooseLocation" || controllerName == "errors")
+                    return true
+
+                // Authorized user s
                 def missBrowser = !userService.canUserBrowse(session.user)
                 def missManager = needManager(controllerName, actionName) && !userService.isUserManager(session.user)
                 def missAdmin = needAdmin(controllerName, actionName) && !userService.isUserAdmin(session.user)
-                if (missBrowser || missManager || missAdmin) {
-                    response.sendError(401)
+                def missSuperuser = needSuperuser(controllerName, actionName) && !userService.isSuperuser(session.user)
+
+                if (missBrowser || missManager || missAdmin || missSuperuser) {
+                    log.info ("User ${session?.user?.username} does not have access to ${controllerName}/${actionName} in location ${session?.warehouse?.name}")
+                    redirect(controller:"errors", action:"handleUnauthorized")
                     return false
                 }
                 return true
             }
         }
     }
 
-    def static Boolean needAdmin(controllerName, actionName) {
+    static Boolean needSuperuser(controllerName, actionName) {
+        superuserControllers?.contains(controllerName) || superuserActions[controllerName]?.contains(actionName) || superuserActions['*'].any { actionName?.startsWith(it) }
+    }
+
+
+    static Boolean needAdmin(controllerName, actionName) {
         adminControllers?.contains(controllerName) || adminActions[controllerName]?.contains(actionName) || adminActions['*'].any { actionName?.startsWith(it) }
     }
 
-    def static Boolean needManager(controllerName, actionName) {
+    static Boolean needManager(controllerName, actionName) {
         changeActions.any { actionName?.startsWith(it) } || controllerName?.contains("Workflow") || changeControllers?.contains(controllerName)
     }
 

diff --git a/grails-app/conf/UtilFilters.groovy b/grails-app/conf/UtilFilters.groovy
@@ -28,14 +28,14 @@ class UtilFilters {
 
             afterView = {
                 if (params.showTime) {
-                    session._showTime = params.showTime == "on"
+                    session?._showTime = params.showTime == "on"
                 }
                 if (session._showTime) {
-                    def actionDuration = request._timeAfterRequest - request._timeBeforeRequest
-                    def viewDuration = System.currentTimeMillis() - request._timeAfterRequest
+                    def actionDuration = request?._timeAfterRequest - request?._timeBeforeRequest
+                    def viewDuration = System.currentTimeMillis() - request?._timeAfterRequest
 
-                    request.actionDuration = actionDuration
-                    request.viewDuration = viewDuration
+                    request?.actionDuration = actionDuration
+                    request?.viewDuration = viewDuration
                     log.info("Request duration for (${controllerName}/${actionName}): ${actionDuration}ms/${viewDuration}ms")
                 }
             }

diff --git a/grails-app/controllers/org/pih/warehouse/core/ErrorsController.groovy b/grails-app/controllers/org/pih/warehouse/core/ErrorsController.groovy
@@ -23,7 +23,16 @@ class ErrorsController {
 	def userService
     def grailsApplication
 
+
+    def update = {
+        render(view: "/error")
+    }
+
 	def handleException = {
+        if (request.isXhr()) {
+            render([errorCode: 500, errorMessage: request?.exception?.message?:""] as JSON)
+            return
+        }
 		render(view: "/error")
 	}
 

diff --git a/grails-app/controllers/org/pih/warehouse/order/OrderController.groovy b/grails-app/controllers/org/pih/warehouse/order/OrderController.groovy
@@ -545,7 +545,7 @@ class OrderController {
                     flash.message = "Failed to import packing list items due to an unknown error."
                 }
             } catch (Exception e) {
-                log.error("Failed to import packing list due to the following error: " + e.message, e)
+                log.warn("Failed to import packing list due to the following error: " + e.message, e)
                 flash.message = "Failed to import packing list due to the following error: " + e.message
             }
         }