Merge branch 'master' into develop

2025-01-17 14:18:27 +01:00 · 2023-01-12 19:38:38 +01:00 · 2023-01-12 19:38:38 +01:00 · ba0615f580
commit ba0615f580
parent 59af7eed7c c49309322f
10 changed files with 113 additions and 43 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,9 @@ HumHub Changelog
 - Enh #6001: Added new `ContentActiveFixture` and migrated `PostFixture` to it
 - Fix #6007: Fix number of space members
 - Fix #6012: View own invisible profile
+- Fix #6027: Fix private user visibility by guest
+- Fix #6030: Use all searchable profile fields in UserPicker searching
+- Fix #6026: Fix visibility members counter for guests

 1.13.0 (December 21, 2022)
 --------------------------
--- a/protected/humhub/modules/content/components/ContentContainerController.php
+++ b/protected/humhub/modules/content/components/ContentContainerController.php
@ -162,6 +162,6 @@ class ContentContainerController extends Controller
        /* @var Space|User $contentContainerClass */
        $contentContainerClass = $contentContainer->class;

-        return $contentContainerClass::find()->where(['guid' => $guid])->visible()->one();
+        return $contentContainerClass::find()->where(['guid' => $guid])->one();
    }
 }
--- a/protected/humhub/modules/space/tests/codeception/acceptance.suite.yml
+++ b/protected/humhub/modules/space/tests/codeception/acceptance.suite.yml
@ -21,3 +21,6 @@ modules:
          port: 4444
          window_size: maximize
          restart: true
+          capabilities:
+            chromeOptions:
+              args: ["--lang=en-US"]
--- a/protected/humhub/modules/space/widgets/SpaceDirectoryIcons.php
+++ b/protected/humhub/modules/space/widgets/SpaceDirectoryIcons.php
@ -8,7 +8,9 @@
 namespace humhub\modules\space\widgets;

 use humhub\components\Widget;
+use humhub\modules\space\models\Membership;
 use humhub\modules\space\models\Space;
+use Yii;

 /**
 * SpaceDirectoryIcons shows footer icons for spaces cards
@ -29,9 +31,17 @@ class SpaceDirectoryIcons extends Widget
     */
    public function run()
    {
+        if ($this->space->getAdvancedSettings()->hideMembers) {
+            return '';
+        }
+
+        $membership = $this->space->getMembership();
+        $membersCount = Membership::getSpaceMembersQuery($this->space)->active()->visible()->count();
+
        return $this->render('spaceDirectoryIcons', [
            'space' => $this->space,
-            'showMemberships' => !$this->space->getAdvancedSettings()->hideMembers
+            'membersCount' => Yii::$app->formatter->asShortInteger($membersCount),
+            'canViewMembers' => $membership && $membership->isPrivileged(),
        ]);
    }

--- a/protected/humhub/modules/space/widgets/views/spaceDirectoryIcons.php
+++ b/protected/humhub/modules/space/widgets/views/spaceDirectoryIcons.php
@ -5,18 +5,19 @@
 * @license https://www.humhub.com/licences
 */

-use humhub\modules\space\models\Membership;
 use humhub\modules\space\models\Space;
-use yii\helpers\Url;
-use yii\web\View;
+use humhub\widgets\Link;
+use yii\helpers\Html;

-/* @var $this View */
 /* @var $space Space */
-/* @var $showMemberships bool */
-?>
+/* @var $membersCount int */
+/* @var $canViewMembers bool */

-<?php if ($showMemberships): ?>
-    <a href="#" class="fa fa-users" data-action-click="ui.modal.load"
-       data-action-url="<?= Url::to(['/space/membership/members-list', 'container' => $space]) ?>">
-        <span><?= Yii::$app->formatter->asShortInteger(Membership::getSpaceMembersQuery($space)->active()->visible()->count()) ?></span></a>
-<?php endif; ?>
+$text = ' <span>' . $membersCount . '</span>';
+$class = 'fa fa-users';
+?>
+<?php if ($canViewMembers) : ?>
+    <?= Link::withAction($text, 'ui.modal.load', $space->createUrl('/space/membership/members-list'))->cssClass($class) ?>
+<?php else: ?>
+    <?= Html::tag('span', $text, ['class' => $class]) ?>
+<?php endif; ?>
--- a/protected/humhub/modules/user/components/ActiveQueryUser.php
+++ b/protected/humhub/modules/user/components/ActiveQueryUser.php
@ -74,6 +74,8 @@ class ActiveQueryUser extends AbstractActiveQueryContentContainer
    {
        $this->trigger(self::EVENT_CHECK_VISIBILITY, new ActiveQueryEvent(['query' => $this]));

+        $this->active();
+
        if ($user === null && !Yii::$app->user->isGuest) {
            try {
                $user = Yii::$app->user->getIdentity();
@ -83,19 +85,22 @@ class ActiveQueryUser extends AbstractActiveQueryContentContainer
        }

        $allowedVisibilities = [UserModel::VISIBILITY_ALL];
-        if ($user !== null) {
-            if ((new PermissionManager(['subject' => $user]))->can(ManageUsers::class)) {
-                return $this;
-            }
-
-            $allowedVisibilities[] = UserModel::VISIBILITY_REGISTERED_ONLY;
+        if ($user === null) {
+            // Guest can view only public users
+            return $this->andWhere(['IN', 'user.visibility', $allowedVisibilities]);
        }

-        return $this->active()
-            ->andWhere(['OR',
-                ['user.id' => $user->id], // User can view own profile
-                ['IN', 'user.visibility', $allowedVisibilities]
-            ]);
+        if ((new PermissionManager(['subject' => $user]))->can(ManageUsers::class)) {
+            // Admin/manager can view users with any visibility status
+            return $this;
+        }
+
+        $allowedVisibilities[] = UserModel::VISIBILITY_REGISTERED_ONLY;
+
+        return $this->andWhere(['OR',
+            ['user.id' => $user->id], // User also can view own profile
+            ['IN', 'user.visibility', $allowedVisibilities]
+        ]);
    }


--- a/protected/humhub/modules/user/models/UserFilter.php
+++ b/protected/humhub/modules/user/models/UserFilter.php
@ -8,8 +8,8 @@

 namespace humhub\modules\user\models;

+use humhub\modules\user\components\ActiveQueryUser;
 use Yii;
-use \humhub\modules\user\models\UserPicker;

 /**
 * Special user model class for the purpose of searching users.
@ -145,23 +145,17 @@ class UserFilter extends User
        
        return $query;
    }
-    
+
+    /**
+     * Filter users by keyword
+     *
+     * @param ActiveQueryUser $query
+     * @param string|array $keyword
+     * @return ActiveQueryUser
+     */
    public static function addKeywordFilter($query, $keyword)
    {
-        $query->joinWith('profile');
-        $parts = explode(" ", $keyword);
-        foreach ($parts as $part) {
-            $query->andFilterWhere(
-                    ['or',
-                        ['like', 'user.email', $part],
-                        ['like', 'user.username', $part],
-                        ['like', 'profile.firstname', $part],
-                        ['like', 'profile.lastname', $part],
-                        ['like', 'profile.title', $part]
-                    ]
-            );
-        }
-        return $query;
+        return $query->search($keyword);
    }

    /**
--- a/protected/humhub/modules/user/models/UserPicker.php
+++ b/protected/humhub/modules/user/models/UserPicker.php
@ -71,7 +71,7 @@ class UserPicker
            //Filter out users by means of the fillQuery or default the fillQuery
            $fillQuery = (isset($cfg['fillQuery'])) ? $cfg['fillQuery'] : UserFilter::find()->active();
            UserFilter::addKeywordFilter($fillQuery, $cfg['keyword'], ($cfg['maxResult'] - count($user)));
-            $fillQuery->andFilterWhere(['not in', 'id', self::getUserIdArray($user)]);
+            $fillQuery->andFilterWhere(['not in', 'user.id', self::getUserIdArray($user)]);
            $fillUser = $fillQuery->all();
            
            //Either the additional users are disabled (by default) or we disable them by permission
--- a/protected/humhub/modules/user/tests/codeception/acceptance/InvisibleUserCest.php
+++ b/protected/humhub/modules/user/tests/codeception/acceptance/InvisibleUserCest.php
@ -2,12 +2,13 @@

 namespace user\acceptance;

+use humhub\modules\user\models\User;
 use user\AcceptanceTester;

 class InvisibleUserCest
 {

-    public function testUserImpersonation(AcceptanceTester $I)
+    public function testUserInvisible(AcceptanceTester $I)
    {
        $userName = 'Sara Tester';
        $I->wantTo('ensure that user invisibility works');
@ -62,4 +63,57 @@ class InvisibleUserCest
        $I->dontSee($userName, '#globalModal');
    }

+    public function testUserVisibilityOnGuestMode(AcceptanceTester $I)
+    {
+        $I->wantTo('test profile visibilities on guest mode');
+        $I->amOnUser1Profile();
+        $I->waitForText('Please sign in');
+        $I->see('If you\'re already a member, please login with your username/email and password.');
+
+        $I->amGoingTo('enable guest mode');
+        $I->amAdmin();
+        $I->allowGuestAccess();
+
+        $I->amGoingTo('make user public');
+        $I->amUser1(true);
+        $I->amOnPage('/user/account/edit-settings');
+        $I->waitForText('Profile visibility');
+        $I->selectOption('#accountsettings-visibility', User::VISIBILITY_ALL);
+        $I->click('Save');
+        $I->seeSuccess();
+
+        $I->amGoingTo('view public user by guest');
+        $I->logout();
+        $I->amOnUser1Profile();
+        $I->waitForText('Peter Tester');
+
+        $I->amGoingTo('make user visible only for registered users');
+        $I->amUser1();
+        $I->amOnPage('/user/account/edit-settings');
+        $I->waitForText('Profile visibility');
+        $I->selectOption('#accountsettings-visibility', User::VISIBILITY_REGISTERED_ONLY);
+        $I->click('Save');
+        $I->seeSuccess();
+
+        $I->amGoingTo('view user available only for registered users by guest');
+        $I->logout();
+        $I->amOnUser1Profile();
+        $I->waitForText('Login required');
+        $I->see('You need to login to view this user profile!');
+
+        $I->amGoingTo('make user visible only for registered users');
+        $I->amAdmin();
+        $I->amOnRoute(['/admin/user/edit', 'id' => 2]);
+        $I->waitForText('Visibility');
+        $I->selectOption('#usereditform-visibility', User::VISIBILITY_HIDDEN);
+        $I->click('Save');
+        $I->seeSuccess();
+
+        $I->amGoingTo('view private/inivisile user by guest');
+        $I->logout();
+        $I->amOnUser1Profile();
+        $I->waitForText('Login required');
+        $I->see('You need to login to view this user profile!');
+    }
+
 }
--- a/protected/humhub/modules/user/widgets/UserPicker.php
+++ b/protected/humhub/modules/user/widgets/UserPicker.php
@ -196,7 +196,7 @@ class UserPicker extends \yii\base\Widget
            //Filter out users by means of the fillQuery or default the fillQuery
            $fillQuery = (isset($cfg['fillQuery'])) ? $cfg['fillQuery'] : UserFilter::find();
            UserFilter::addKeywordFilter($fillQuery, $cfg['keyword'], ($cfg['maxResult'] - count($user)));
-            $fillQuery->andFilterWhere(['not in', 'id', self::getUserIdArray($user)]);
+            $fillQuery->andFilterWhere(['not in', 'user.id', self::getUserIdArray($user)]);
            $fillUser = $fillQuery->all();
            
            //Either the additional users are disabled (by default) or we disable them by permission