Merge branch 'master' of github.com:alchemy-fr/phraseanet-services in…

…to w2445

databox/api/src/Storage/RenditionManager.php

@@ -173,12 +173,16 @@ public function getAssetRenditionUsedAs(string $as, string $assetId): ?AssetRend
             ->select('r')
             ->from(AssetRendition::class, 'r')
             ->innerJoin('r.definition', 'd')
+            ->innerJoin('d.class', 'c')
             ->andWhere('r.asset = :asset')
+            ->andWhere('c.public = true')
             ->andWhere(sprintf('d.useAs%s = :as', ucfirst($as)))
             ->setParameters([
                 'asset' => $assetId,
                 'as' => true,
             ])
+            ->addOrderBy('d.priority', 'DESC')
+            ->setMaxResults(1)
             ->getQuery()
             ->getOneOrNullResult();
     }

databox/client/docker/nginx/conf.d/app.conf

@@ -4,7 +4,7 @@ server {
   server_name _;
   server_tokens off;
 
-  add_header X-Robots-Tag "noindex";
+  add_header X-Robots-Tag "noindex, nofollow";
   add_header X-Content-Type-Options "nosniff";
   add_header X-Frame-Options "deny";
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

databox/client/src/components/Ui/PrivacyField.tsx

@@ -1,6 +1,7 @@
 import React, {useState} from 'react';
 import MenuItem from '@mui/material/MenuItem';
 import {
+    Alert,
     Checkbox,
     FormControl,
     FormControlLabel,
@@ -33,6 +34,10 @@ function getValue(value: string, workspace: boolean, auth: boolean): number {
     }
 }
 
+function getAllowedValue(value: number, inheritedPrivacy?: number): number {
+    return Math.max(inheritedPrivacy ?? 0, value);
+}
+
 function getKeyValue(value: string): number {
     switch (value) {
         default:
@@ -83,67 +88,58 @@ export default function PrivacyField<TFieldValues extends FieldValues>({
         defaultValue: 0 as any,
     });
 
-    const firstValue = React.useMemo(() => value, []);
     const [p, w, a] = getFields(value);
     const [privacy, setPrivacy] = useState<string>(p);
     const [workspaceOnly, setWorkspaceOnly] = useState(w);
     const [auth, setAuth] = useState(a);
 
     const ip = inheritedPrivacy ?? 0;
     const inheritedKeyPrivacy = getKeyValue(getFields(ip)[0]);
-    const resolvedPrivacy =
-        inheritedKeyPrivacy > 0 && getKeyValue(privacy) <= inheritedKeyPrivacy
-            ? getFields(inheritedKeyPrivacy)[0]
-            : privacy;
-    const workspaceOnlyLocked = getValue(resolvedPrivacy, false, true) === ip;
-    const resolvedWorkspaceOnly = workspaceOnlyLocked ? false : workspaceOnly;
-    const authLocked =
-        getValue(resolvedPrivacy, resolvedWorkspaceOnly, false) === ip;
-    const resolveAuth = authLocked ? false : auth;
 
     React.useEffect(() => {
-        const [p, w, a] = getFields(value);
+        const [p, w, a] = getFields(getAllowedValue(value, inheritedPrivacy));
         setPrivacy(p);
-        setWorkspaceOnly(
-            w ||
-                (firstValue === value &&
-                    getKeyValue(privacy) < inheritedKeyPrivacy &&
-                    getValue(resolvedPrivacy, true, resolveAuth) === ip)
-        );
-        setAuth(
-            a ||
-                (firstValue === value &&
-                    getValue(resolvedPrivacy, resolvedWorkspaceOnly, true) ===
-                        ip)
-        );
+        setWorkspaceOnly(w);
+        setAuth(a);
     }, [value]);
 
     const handlePChange = (e: SelectChangeEvent): void => {
         const v = e.target.value;
         setPrivacy(v);
-        onChange(getValue(v, resolvedWorkspaceOnly, resolveAuth));
+        onChange(getAllowedValue(getValue(v, workspaceOnly, auth), inheritedPrivacy));
     };
     const handleWSOnlyChange = (
         e: React.ChangeEvent<HTMLInputElement>
     ): void => {
         setWorkspaceOnly(e.target.checked);
-        onChange(getValue(resolvedPrivacy, e.target.checked, resolveAuth));
+        onChange(getAllowedValue(getValue(privacy, e.target.checked, auth), inheritedPrivacy));
     };
     const handleAuthChange = (e: React.ChangeEvent<HTMLInputElement>): void => {
         setAuth(e.target.checked);
         onChange(
-            getValue(resolvedPrivacy, resolvedWorkspaceOnly, e.target.checked)
+            getAllowedValue(getValue(privacy, workspaceOnly, e.target.checked), inheritedPrivacy)
         );
     };
 
+    const workspaceOnlyLocked = !!inheritedPrivacy && getValue(privacy, true, auth) < inheritedPrivacy;
+    const authLocked = !!inheritedPrivacy && getValue(privacy, workspaceOnly, false) < inheritedPrivacy;
+
     const label = t('form.privacy.label', 'Privacy');
 
     return (
+        <>
+            {!!inheritedPrivacy ? <>
+                <Alert severity={'warning'}>
+                    {t('form.privacy.inherited', 'This collection cannot be more restricted than its parent collection.')}
+                </Alert>
+            </> : null}
         <FormControl>
-            <InputLabel>{label}</InputLabel>
+            <InputLabel>
+                {label}
+            </InputLabel>
             <Select<string>
                 label={label}
-                value={resolvedPrivacy}
+                value={privacy}
                 onChange={handlePChange}
             >
                 {Object.keys(choices).map(k => {
@@ -164,12 +160,13 @@ export default function PrivacyField<TFieldValues extends FieldValues>({
                     );
                 })}
             </Select>
-            {['private', 'public'].includes(resolvedPrivacy) && (
+
+            {['private', 'public'].includes(privacy) && (
                 <FormControlLabel
                     disabled={workspaceOnlyLocked}
                     control={
                         <Checkbox
-                            checked={resolvedWorkspaceOnly}
+                            checked={workspaceOnly}
                             onChange={handleWSOnlyChange}
                         />
                     }
@@ -180,12 +177,12 @@ export default function PrivacyField<TFieldValues extends FieldValues>({
                     labelPlacement="end"
                 />
             )}
-            {resolvedPrivacy === 'public' && (
+            {privacy === 'public' && (
                 <FormControlLabel
-                    disabled={authLocked || resolvedWorkspaceOnly}
+                    disabled={authLocked || workspaceOnly}
                     control={
                         <Checkbox
-                            checked={resolveAuth || resolvedWorkspaceOnly}
+                            checked={auth || workspaceOnly}
                             onChange={handleAuthChange}
                         />
                     }
@@ -197,5 +194,6 @@ export default function PrivacyField<TFieldValues extends FieldValues>({
                 />
             )}
         </FormControl>
+        </>
     );
 }

databox/client/src/types.ts

@@ -246,7 +246,7 @@ export interface Collection extends IPermissions {
     public: boolean;
     shared: boolean;
     privacy: number;
-    inheritedPrivacy: number;
+    inheritedPrivacy?: number;
     createdAt: string;
     updatedAt: string;
     owner?: User;

expose/api/docker/nginx/tpl/default.conf

@@ -7,7 +7,7 @@ server {
 
     server_tokens off;
 
-    add_header X-Robots-Tag "noindex";
+    add_header X-Robots-Tag "noindex, nofollow";
     add_header X-Content-Type-Options "nosniff";
     add_header X-Frame-Options "deny";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

expose/client/docker/nginx/conf.d/app.conf

@@ -4,7 +4,7 @@ server {
   server_name _;
   server_tokens off;
 
-  add_header X-Robots-Tag "noindex";
+  add_header X-Robots-Tag "noindex, nofollow";
   add_header X-Content-Type-Options "nosniff";
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
 

infra/docker/matomo-nginx/nginx.conf

@@ -5,7 +5,7 @@ upstream php-handler {
 server {
 	listen 80;
 
-    add_header X-Robots-Tag "noindex";
+    add_header X-Robots-Tag "noindex, nofollow";
 	add_header Referrer-Policy origin; # make sure outgoing links don't show the URL to the Matomo instance
 	root /var/www/html; # replace with path to your matomo instance
 	index index.php;

infra/docker/nginx-fpm-base/tpl/default.conf

@@ -5,7 +5,7 @@ server {
 
     client_max_body_size $UPLOAD_MAX_FILE_SIZE;
 
-    add_header X-Robots-Tag "noindex";
+    add_header X-Robots-Tag "noindex, nofollow";
     add_header X-Content-Type-Options "nosniff";
     add_header X-Frame-Options "deny";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

uploader/api/src/Controller/Admin/TargetCrudController.php

@@ -52,7 +52,7 @@ public function configureFields(string $pageName): iterable
         yield CodeField::new('pullModeUrl', 'Pull mode URL')
             ->onlyOnIndex();
         yield TextField::new('targetUrl')
-            ->setHelp('Leave empty for pull mode. i.e: "https://phraseanet.phrasea.local/api/v1/upload/enqueue/" for Phraseanet, "http://databox-api/incoming-uploads" for Databox upload');
+            ->setHelp('Leave empty for pull mode. i.e: "https://phraseanet.phrasea.local/api/v1/upload/enqueue/" for Phraseanet, "http://api-databox.phrasea.local/incoming-uploads" for Databox upload');
         yield TextField::new('targetTokenType')
             ->setHelp('Use "OAuth" for Phraseanet')
             ->setFormTypeOptions(['attr' => ['placeholder' => 'Defaults to "Bearer"']])

uploader/client/docker/nginx/conf.d/app.conf

@@ -4,7 +4,7 @@ server {
   server_name _;
   server_tokens off;
 
-  add_header X-Robots-Tag "noindex";
+  add_header X-Robots-Tag "noindex, nofollow";
   add_header X-Content-Type-Options "nosniff";
   add_header X-Frame-Options "deny";
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";