Compare commits
40 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 StephanRichter
|
bc9df18307 | ||
|
StephanRichter
|
a8e3122152 | ||
|
StephanRichter
|
dc1a5f4e94 | ||
|
StephanRichter
|
80153ada13 | ||
|
StephanRichter
|
9bf9fba9df | ||
|
StephanRichter
|
01d56ca451 | ||
|
StephanRichter
|
b4af8d1876 | ||
|
StephanRichter
|
69c8d0fe9c | ||
|
StephanRichter
|
bf1a6684a7 | ||
|
StephanRichter
|
5a47ebae2b | ||
|
StephanRichter
|
9d62f15b8f | ||
|
StephanRichter
|
5524ea7878 | ||
|
StephanRichter
|
3d1850b2d2 | ||
|
StephanRichter
|
02283d57ba | ||
|
StephanRichter
|
1768a48e5e | ||
|
StephanRichter
|
1cdf825bcb | ||
|
StephanRichter
|
71c86e512d | ||
|
StephanRichter
|
9d8013bc33 | ||
|
StephanRichter
|
05733d3b7a | ||
|
StephanRichter
|
71c071bbdd | ||
|
StephanRichter
|
1241fee61d | ||
|
StephanRichter
|
d64cb886c9 | ||
|
StephanRichter
|
ac8149e6bb | ||
|
StephanRichter
|
493b61465b | ||
|
StephanRichter
|
df372e9cfd | ||
|
StephanRichter
|
ff58f3ae82 | ||
|
StephanRichter
|
b71db96b47 | ||
|
StephanRichter
|
02434419f4 | ||
|
StephanRichter
|
bd096dc61f | ||
|
StephanRichter
|
9f286f3121 | ||
|
StephanRichter
|
2211f4f39d | ||
|
StephanRichter
|
a6b988df3a | ||
|
StephanRichter
|
1316d3fb1e | ||
|
StephanRichter
|
99fa75a980 | ||
|
StephanRichter
|
6fc590d795 | ||
|
StephanRichter
|
7afc804586 | ||
|
StephanRichter
|
f40692dd3d | ||
|
StephanRichter
|
1c91699bf5 | ||
|
StephanRichter
|
9f5e1e0853 | ||
|
StephanRichter
|
55dfea65b0 |
@@ -53,8 +53,10 @@ jobs:
|
||||
run: |
|
||||
TAGS="$(curl -s -u "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASS }}" https://${{ secrets.REGISTRY_PATH }}/v2/umbrella/tags/list | jq -r ".tags[]")"
|
||||
COUNT=$(echo "$TAGS" | wc -l)
|
||||
echo found $COUNT tags: $TAGS
|
||||
if [ $COUNT -gt 10 ]; then
|
||||
REMAIN=$((COUNT - 10))
|
||||
echo $REMAIN tags will be kept!
|
||||
echo "$TAGS" | head -n $REMAIN > /tmp/old_tags
|
||||
else
|
||||
echo less than 10 tags, skipping cleanup
|
||||
|
||||
@@ -3,7 +3,6 @@ package de.srsoftware.umbrella.accounting;
|
||||
|
||||
import de.srsoftware.umbrella.core.model.Account;
|
||||
import de.srsoftware.umbrella.core.model.Transaction;
|
||||
import de.srsoftware.umbrella.core.model.UmbrellaUser;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
@@ -14,8 +13,6 @@ public interface AccountDb {
|
||||
|
||||
void dropTransactionTag(long transactionId, String tag);
|
||||
|
||||
Collection<UmbrellaUser> getMembers(long accountId);
|
||||
|
||||
Optional<Transaction> lastTransaction(long accountId, String source, String dest, double amount);
|
||||
|
||||
Collection<Account> listAccounts(long userId);
|
||||
|
||||
@@ -7,9 +7,11 @@ import static de.srsoftware.umbrella.core.ConnectionProvider.connect;
|
||||
import static de.srsoftware.umbrella.core.ModuleRegistry.tagService;
|
||||
import static de.srsoftware.umbrella.core.ModuleRegistry.userService;
|
||||
import static de.srsoftware.umbrella.core.constants.Path.*;
|
||||
import static de.srsoftware.umbrella.core.exceptions.UmbrellaException.*;
|
||||
import static de.srsoftware.umbrella.core.exceptions.UmbrellaException.invalidField;
|
||||
import static de.srsoftware.umbrella.core.exceptions.UmbrellaException.missingField;
|
||||
import static de.srsoftware.umbrella.messagebus.MessageBus.messageBus;
|
||||
import static de.srsoftware.umbrella.messagebus.events.Event.EventType.CREATE;
|
||||
import static java.lang.System.Logger.Level.WARNING;
|
||||
|
||||
import com.sun.net.httpserver.HttpExchange;
|
||||
import de.srsoftware.configuration.Configuration;
|
||||
@@ -53,7 +55,6 @@ public class AccountingModule extends BaseHandler implements AccountingService {
|
||||
case TRANSACTION -> {
|
||||
try {
|
||||
var transaction = accountDb.loadTransaction(Long.parseLong(path.pop()));
|
||||
if (!accountDb.getMembers(transaction.accountId()).contains(user.get())) throw forbidden("You are not allowed to access account {id}",Field.ID,transaction.accountId());
|
||||
yield dropTransaction(transaction, user.get(), path, ex);
|
||||
} catch (NumberFormatException ignored) {
|
||||
yield super.doDelete(path,ex);
|
||||
@@ -127,7 +128,6 @@ public class AccountingModule extends BaseHandler implements AccountingService {
|
||||
default -> {
|
||||
try {
|
||||
var accountId = Long.parseLong(head);
|
||||
if (!accountDb.getMembers(accountId).contains(user.get())) throw forbidden("You are not allowed to access account {id}",Field.ID,accountId);
|
||||
yield postToAccount(accountId,path,user.get(),ex);
|
||||
} catch (NumberFormatException ignored) {
|
||||
yield super.doPost(path,ex);
|
||||
@@ -156,6 +156,7 @@ public class AccountingModule extends BaseHandler implements AccountingService {
|
||||
}
|
||||
|
||||
private boolean dropTransactionTag(UmbrellaUser user, Transaction transaction, HttpExchange ex) throws IOException {
|
||||
LOG.log(WARNING,"Missing permission check in AccountModule.dropTransactionTag!");
|
||||
var json = json(ex);
|
||||
if (!json.has(Field.TAG)) throw missingField(Field.TAG);
|
||||
var tag = json.getString(Field.TAG);
|
||||
@@ -185,7 +186,7 @@ public class AccountingModule extends BaseHandler implements AccountingService {
|
||||
}
|
||||
|
||||
private boolean getAccount(UmbrellaUser user, long accountId, HttpExchange ex) throws IOException {
|
||||
if (!accountDb.getMembers(accountId).contains(user)) throw forbidden("You are not allowed to access account {id}",Field.ID,accountId);
|
||||
LOG.log(WARNING,"Missing authorization check in AccountingModule.getAccount(…)!");
|
||||
return sendContent(ex, loadAccount(accountId));
|
||||
}
|
||||
|
||||
@@ -224,7 +225,7 @@ public class AccountingModule extends BaseHandler implements AccountingService {
|
||||
|
||||
private boolean patchTransaction(UmbrellaUser user, long transactionId, HttpExchange ex) throws IOException {
|
||||
var transaction = accountDb.loadTransaction(transactionId);
|
||||
if (!accountDb.getMembers(transaction.accountId()).contains(user)) throw forbidden("You are not allowed to access account {id}",Field.ID,transaction.accountId());
|
||||
LOG.log(WARNING,"Missing permission check in patchTransaction(…)!");
|
||||
var oldData = transaction.toMap();
|
||||
var json = json(ex);
|
||||
if (json.has(Field.AMOUNT)) transaction.amount(json.getDouble(Field.AMOUNT));
|
||||
@@ -336,6 +337,7 @@ public class AccountingModule extends BaseHandler implements AccountingService {
|
||||
}
|
||||
|
||||
private boolean postSearchTags(long accountId, UmbrellaUser user, HttpExchange ex) throws IOException {
|
||||
LOG.log(WARNING,"Missing authorization check in AccountingModule.getAccount(…)!");
|
||||
var key = body(ex);
|
||||
if (!key.trim().startsWith("{")) { // search tags that contain value of body
|
||||
var tags = accountDb.searchTagsContaining(key, accountId);
|
||||
|
||||
@@ -7,7 +7,6 @@ import static de.srsoftware.tools.jdbc.Condition.*;
|
||||
import static de.srsoftware.tools.jdbc.Query.*;
|
||||
import static de.srsoftware.tools.jdbc.Query.SelectQuery.ALL;
|
||||
import static de.srsoftware.umbrella.accounting.Constants.*;
|
||||
import static de.srsoftware.umbrella.core.ModuleRegistry.userService;
|
||||
import static de.srsoftware.umbrella.core.constants.Field.*;
|
||||
import static de.srsoftware.umbrella.core.exceptions.UmbrellaException.*;
|
||||
import static de.srsoftware.umbrella.core.model.Translatable.t;
|
||||
@@ -20,7 +19,6 @@ import de.srsoftware.umbrella.core.constants.Field;
|
||||
import de.srsoftware.umbrella.core.constants.Text;
|
||||
import de.srsoftware.umbrella.core.model.Account;
|
||||
import de.srsoftware.umbrella.core.model.Transaction;
|
||||
import de.srsoftware.umbrella.core.model.UmbrellaUser;
|
||||
import java.sql.Connection;
|
||||
import java.sql.SQLException;
|
||||
import java.time.ZoneOffset;
|
||||
@@ -148,27 +146,6 @@ public class SqliteDb extends BaseDb implements AccountDb {
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<UmbrellaUser> getMembers(long accountId) {
|
||||
try {
|
||||
var userIds = new HashSet<Long>();
|
||||
var rs = select("DISTINCT "+ SOURCE).from(TABLE_TRANSACTIONS).where(ACCOUNT,equal(accountId)).exec(db);
|
||||
while (rs.next()) try {
|
||||
userIds.add(Long.parseLong(rs.getString(1)));
|
||||
} catch (NumberFormatException ignored) {}
|
||||
rs.close();
|
||||
rs = select("DISTINCT "+ DESTINATION).from(TABLE_TRANSACTIONS).where(ACCOUNT,equal(accountId)).exec(db);
|
||||
while (rs.next()) try {
|
||||
userIds.add(Long.parseLong(rs.getString(1)));
|
||||
} catch (NumberFormatException ignored) {}
|
||||
rs.close();
|
||||
var us = userService();
|
||||
return userIds.stream().map(us::loadUser).toList();
|
||||
} catch (SQLException e) {
|
||||
throw failedToLoadMembers(Text.ACCOUNT);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Optional<Transaction> lastTransaction(long accountId, String source, String dest, double amount) {
|
||||
try {
|
||||
|
||||
@@ -132,7 +132,7 @@
|
||||
color: orange;
|
||||
border: 1px solid orange;
|
||||
border-radius: 5px;
|
||||
z-index: 65;
|
||||
z-index: 50;
|
||||
list-style: none;
|
||||
padding: 4px;
|
||||
margin: 0;
|
||||
|
||||
@@ -33,7 +33,6 @@
|
||||
authors = {...authors, ...data.authors};
|
||||
loader.offset += loader.limit;
|
||||
loader.active = false;
|
||||
console.log({authors});
|
||||
yikes();
|
||||
if (Object.keys(data.notes).length) onscroll(null); // when notes were received, check whether they fill up the page
|
||||
|
||||
@@ -79,4 +78,4 @@
|
||||
</svelte:head>
|
||||
|
||||
<svelte:window {onscroll} />
|
||||
<List {notes} {authors} />
|
||||
<List {notes} />
|
||||
|
||||
@@ -64,7 +64,6 @@
|
||||
<legend class="entity" onclick={() => goToEntity(note)}>{title(note)}</legend>
|
||||
{/if}
|
||||
<legend class="time">
|
||||
{#if !module} {authors[note.user_id].name} – {/if}
|
||||
{note.timestamp.replace('T',' ')}
|
||||
{#if user.id == note.user_id}
|
||||
<button class="symbol" onclick={() => drop(note.id)}></button>
|
||||
|
||||
Reference in New Issue
Block a user