Merge pull request #3885 from ushahidi/develop

Merge develop to master for release 4.4.1

.all-contributorsrc

@@ -648,7 +648,17 @@
       "avatar_url": "https://avatars1.githubusercontent.com/u/2425577?v=4",
       "profile": "https://www.jankaritech.com",
       "contributions": [
-        "infra"
+        "infra",
+        "code"
+      ]
+    },
+    {
+      "login": "webong",
+      "name": "Wisdom Anthony Ebong",
+      "avatar_url": "https://avatars2.githubusercontent.com/u/30173059?v=4",
+      "profile": "http://webong.dev",
+      "contributions": [
+        "code"
       ]
     }
   ],

docs/development-and-code/setup_alternatives/installing-for-production-environments.md

@@ -9,7 +9,7 @@
 ## Required software:
 
 * A linux-based system. We recommend using Ubuntu 16.04 or 18.04.
-* PHP: 7.1.x, running with php-fpm  \(PHP 7.2.x and 7.3.x are not 100% supported at the time, but may work\)
+* PHP: 7.2.x or 7.3.x, running with php-fpm
   * Make sure the same version of PHP is used in the CLI and FPM
 * PHP Extensions:
   * curl

docs/development-and-code/setup_alternatives/platform_release_install.md

@@ -14,7 +14,7 @@ If you are in a shared hosting solution and not sure if it supports Ushahidi, yo
 
 The installation procedure will vary depending on your setup, but the requirements in all cases are
 
-* PHP >=7.0 <=7.1.
+* PHP 7.2 or 7.3.
 * A web server that supports PHP. This can be apache 2 or nginx.
 * PHP invokable from command line
 * The following PHP modules installed:

docs/development-and-code/setup_alternatives/vagrant-setup.md

@@ -26,6 +26,7 @@ Please make sure you install everything in this list before you proceed with the
 * [Composer](https://getcomposer.org/doc/00-intro.md#system-requirements)
 * PHP >=7.0 <7.2 - if you are using Platform V4.0.0
 * PHP >=7.1 <7.4 - if you are using Platform V4.1.0 or later
+* PHP >=7.2 <7.4 - if you are using Platform V4.4.0 or later
 
 ### Getting the API Code
 

docs/development-and-code/setup_alternatives/xampp.md

@@ -31,7 +31,7 @@ The two main components of the Ushahidi Platform are the API and the Client. We
 * Install a Git client
   * A way to check if you have a Git client, is to open a terminal window and type the command `git` . If you receive an answer saying that the command is not found, you need to install.
   * There are several installation options suggested [here](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git).
-* Make sure you have PHP 7.1.x, running with php-fpm  \(PHP 7.2.x is not supported at the time\). 
+* Make sure you have PHP 7.2.x or 7.3.x, running with php-fpm
   * The following PHP Extensions are needed:
   * * curl
     * json
@@ -48,7 +48,6 @@ The two main components of the Ushahidi Platform are the API and the Client. We
 
 **Some useful tutorials and links to get the prerequisites set up:**
 
-* Downgrading from php7.2 => php7.1 in Ubuntu \(added to this list 18/3-2019\): [https://gist.github.com/dosjota/9666a7274b4036588b92987b84267245](https://gist.github.com/dosjota/9666a7274b4036588b92987b84267245)
 * Installing Composer on Ubuntu \(added to this list 18/3-2019\): [https://www.digitalocean.com/community/tutorials/how-to-install-and-use-composer-on-ubuntu-18-04](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-composer-on-ubuntu-18-04)
 
 {% hint style="warning" %}

docs/development-and-code/upgrading-ushahidi/upgrading-from-v3.x.x-to-v4.x.x.md

@@ -18,7 +18,8 @@ Please ensure that you are using a supported version of PHP for the version of p
 * **v2** supports up to PHP 5.4
 * **v3** supports PHP 5.6 and 7.0
 * **v4.0.0** supports PHP 7.0 to 7.2
-* **v4.1.0+** supports PHP 7.1 to 7.3 \(inclusive\). This change was made to ensure we support versions of PHP that are getting security fixes at the very least. See PHP maintainance schedules [here](https://www.php.net/supported-versions.php).
+* **v4.1.0+** supports PHP 7.1 to 7.3 \(inclusive\). This change was made to ensure we support versions of PHP that are getting security fixes at the very least. See PHP maintenance schedules [here](https://www.php.net/supported-versions.php).
+* **v4.4.0+** supports PHP 7.2 and 7.3 \(inclusive\). This is, again, according to PHP 7.1 scheduled End-Of-Life.
 
 ### Database config changes
 

docs/frequently-asked-questions.md

@@ -130,6 +130,7 @@ Please ensure that you are using a supported version of PHP for the version of p
 * **v3** supports PHP 5.6 and 7.0
 * **v4.0.0** supports PHP 7.0 to 7.2
 * **v4.1.0+** supports PHP 7.1 to 7.3 \(inclusive\). This change was made to ensure we support versions of PHP that are getting security fixes at the very least. See PHP maintainance schedules [here](https://www.php.net/supported-versions.php).
+* **v4.4.0+** supports PHP 7.2 and 7.3 \(inclusive\). This is, again, according to PHP 7.1 scheduled End-Of-Life
 
 ### I’m getting a database connection error.
 

src/App/Repository/Config/features.php

@@ -75,12 +75,12 @@
     // Enable or disable HXL export to HDX
     // We will need a new 'hxl-download' flag when we do the HXL downloads for P1
     'hxl' => [
-        'enabled' => false,
+        'enabled' => true,
     ],
 
     // Enable or disable User Settings feature
     'user-settings' => [
-        'enabled' => false,
+        'enabled' => true,
     ],
 
     // Enable or disable the Anonymisation of Reporters

src/App/Repository/OhanzeeRepository.php

@@ -242,7 +242,7 @@ protected function selectQuery(array $where = [])
     protected function executeInsert(array $input)
     {
         if (!$input) {
-            throw new RuntimeException(sprintf(
+            throw new \RuntimeException(sprintf(
                 'Cannot create an empty record in table "%s"',
                 $this->getTable()
             ));

src/App/Repository/PostRepository.php

@@ -208,12 +208,31 @@ protected function selectQuery(array $where = [])
         $query = parent::selectQuery($where);
 
         // Join to messages and load message id
-        $query->join('messages', 'LEFT')->on('posts.id', '=', 'messages.post_id')
+        $query
+            ->join('messages', 'LEFT')
+            ->on('posts.id', '=', 'messages.post_id')
             ->select(
                 ['messages.id', 'message_id'],
-                ['messages.type', 'source'],
-                ['messages.contact_id', 'contact_id'],
-                ['messages.data_source_message_id', 'data_source_message_id']
+                ['messages.type', 'source']
+            );
+
+        /*
+         * The above join is optimized by the (post_id,type) index on messages.
+         *
+         * Add now a separate join into same table, to retrieve more message details.
+         *
+         * Compared to having all the details come from a single join, this will speed
+         * things up *very* considerably, *IF* there are many messages, *BUT* rather
+         * few matches of posts to messages.
+         * (This easily happens when twitter searches have few usable results,
+         *  spam filled e-mail inboxes are being imported, etc)
+         */
+        $query
+            ->join(['messages', 'msgs2'], 'LEFT')
+            ->on('msgs2.id', '=', 'messages.id')
+            ->select(
+                ['msgs2.contact_id', 'contact_id'],
+                ['msgs2.data_source_message_id', 'data_source_message_id']
             );
 
         // Join to form

src/App/Validator/Role/Create.php

@@ -15,11 +15,10 @@ class Create extends Update
 {
     protected function getRules()
     {
-        return parent::getRules() +
-            [
+        return array_merge_recursive(parent::getRules(), [
                 'name' => [
                     ['not_empty'],
                 ]
-            ];
+        ]);
     }
 }

src/Core/CoreConfig.php

@@ -300,6 +300,7 @@ public function define(Container $di)
         $di->params['Ushahidi\Factory\UsecaseFactory']['map']['users'] = [
             'login'    => $di->lazyNew('Ushahidi\Core\Usecase\User\LoginUser'),
             'register' => $di->lazyNew('Ushahidi\Core\Usecase\User\RegisterUser'),
+            'update'   => $di->lazyNew('Ushahidi\Core\Usecase\User\UpdateUser'),
             'getresettoken' => $di->lazyNew('Ushahidi\Core\Usecase\User\GetResetToken'),
             'passwordreset' => $di->lazyNew('Ushahidi\Core\Usecase\User\ResetUserPassword'),
         ];

src/Core/Tool/Authorizer/ApiKeyAuthorizer.php

@@ -12,11 +12,13 @@
 namespace Ushahidi\Core\Tool\Authorizer;
 
 use Ushahidi\Core\Entity;
+use Ushahidi\Core\Entity\Permission;
 use Ushahidi\Core\Tool\Authorizer;
 use Ushahidi\Core\Traits\AdminAccess;
 use Ushahidi\Core\Traits\UserContext;
 use Ushahidi\Core\Traits\PrivAccess;
 use Ushahidi\Core\Traits\PrivateDeployment;
+use Ushahidi\Core\Tool\Permissions\AclTrait;
 
 class ApiKeyAuthorizer implements Authorizer
 {
@@ -32,6 +34,9 @@ class ApiKeyAuthorizer implements Authorizer
     // It uses `PrivateDeployment` to check whether a deployment is private
     use PrivateDeployment;
 
+    // Check that the user has the necessary permissions
+    use AclTrait;
+
     /* Authorizer */
     public function isAllowed(Entity $entity, $privilege)
     {
@@ -44,6 +49,11 @@ public function isAllowed(Entity $entity, $privilege)
             return false;
         }
 
+        // Role with the Manage Settings permission can have access
+        if ($this->acl->hasPermission($user, Permission::MANAGE_SETTINGS)) {
+            return true;
+        }
+
         // Admin is allowed access to everything
         if ($this->isUserAdmin($user)) {
             return true;

src/Core/Usecase/UpdateUsecase.php

@@ -80,6 +80,9 @@ public function interact()
         // ... persist the changes
         $this->repo->update($entity);
 
+        // ... send notifications for changes made
+        $this->sendNotifications($entity);
+
         // ... check that the entity can be read by the current user
         if ($this->auth->isAllowed($entity, 'read')) {
             // ... and either load the updated entity from the storage layer
@@ -93,6 +96,12 @@ public function interact()
         }
     }
 
+    // Notification
+    protected function sendNotifications(Entity $entity)
+    {
+        // Logic to send notifications
+    }
+
     // ValidatorTrait
     protected function verifyValid(Entity $entity)
     {

src/Core/Usecase/User/UpdateUser.php

@@ -0,0 +1,25 @@
+<?php
+namespace Ushahidi\Core\Usecase\User;
+
+use Ushahidi\Core\Entity;
+use Ushahidi\Core\Usecase\UpdateUsecase;
+
+class UpdateUser extends UpdateUsecase
+{
+    protected function sendNotifications(Entity $entity)
+    {
+        if ($entity->hasChanged('password')) {
+            // Email the update message
+            $message = <<<TEXT
+            This is a notification to let you know that your Ushahidi password has been changed for the deployment.
+            If you believe that you received this notification in error or you did not make this change,
+            please contact your deployment administrator first to confirm if this was an administrative change.
+            If not, feel free to contact the Ushahidi Support team.
+            Thank you,
+            Ushahidi Support.
+TEXT;
+            $source = app('datasources')->getSource('outgoingemail');
+            $source->send($entity->email, $message, 'Ushahidi Account Password Changed');
+        }
+    }
+}

tests/datasets/ushahidi/Base.yml

@@ -27,6 +27,10 @@ roles:
     name: "noedit"
     display_name: "User cant edit posts"
     protected: 0
+  -
+    name: "settingsmanager"
+    display_name: "Settings Manager"
+    protected: 0
 users:
   -
     id: 1
@@ -82,6 +86,12 @@ users:
     realname: Sets
     email: "sets@ushahidi.com"
     role: "sets"
+  -
+    id: 10
+    password: "$2y$15$iWANGZn.DomLWU.YtjUcX.HEq1hoMGauzXFRubKgar/BRaAj9zQ9q"
+    realname: Settings Manager
+    email: "settingsmanager@ushahidi.com"
+    role: "settingsmanager"
 user_settings:
  -
    id: 1
@@ -1674,6 +1684,12 @@ oauth_access_tokens:
     user_id: 9
     scopes: '["*"]'
     expires_at: "2031-01-01"
+  -
+    id: testsettingsmanager
+    client_id: demoapp
+    user_id: 10
+    scopes: '["*"]'
+    expires_at: "2031-01-01"
 
 oauth_refresh_tokens:
 oauth_personal_access_clients:
@@ -2244,6 +2260,9 @@ roles_permissions:
   -
     role: manager
     permission: Manage Settings
+  -
+    role: settingsmanager
+    permission: Manage Settings
   -
     role: sets
     permission: Manage Collections and Saved Searches

tests/integration/api.apikeys.feature

@@ -55,3 +55,14 @@ Feature: Testing the ApiKey API
         And the type of the "count" property is "numeric"
         And the "count" property equals "1"
         Then the guzzle status code should be 200
+
+    @rolesEnabled
+    Scenario: User with only Manage Settings permission can list Apikeys
+        Given that I want to get all "Apikeys"
+        And that the oauth token is "testsettingsmanager"
+        When I request "/apikeys"
+        Then the response is JSON
+        And the response has a "count" property
+        And the type of the "count" property is "numeric"
+        And the "count" property equals "1"
+        Then the guzzle status code should be 200

tests/integration/bootstrap/RestContext.php

@@ -740,6 +740,7 @@ public function thatIWantToCountAll($objectType)
         'missingtoken' => 99,
         'testnoedit' => 8,
         'testsets' => 9,
+        'testsettingsmanager' => 10,
     ];
 
     /**

tests/integration/users.feature

@@ -108,7 +108,7 @@ Feature: Testing the Users API
 		Then the response is JSON
 		And the response has a "count" property
 		And the type of the "count" property is "numeric"
-		And the "count" property equals "9"
+		And the "count" property equals "10"
 		Then the guzzle status code should be 200
 
 	@resetFixture