WIP

databox/api/src/Elasticsearch/AssetDataTemplateSearch.php

@@ -115,14 +115,19 @@ protected function createACLBoolQuery(array $filters, ?string $userId, array $gr
             throw new BadRequestHttpException('Collection is not in the same workspace');
         }
 
-        if (!$this->security->isGranted(AbstractVoter::READ, $workspace)) {
-            throw new AccessDeniedHttpException('Cannot read workspace');
+        $aclBoolQuery = new Query\BoolQuery();
+
+        if (null !== $collection) {
+            if (!$this->security->isGranted(AbstractVoter::EDIT, $collection)) {
+                $aclBoolQuery->addMust(new Query\Term(['collectionId' => 'NONE']));
+            }
+        } elseif (!$this->security->isGranted(AbstractVoter::READ, $workspace)) {
+            $aclBoolQuery->addMust(new Query\Term(['workspaceId' => 'NONE']));
         }
 
         $rootQuery = new Query\BoolQuery();
         $rootQuery->addMust(new Query\Term(['workspaceId' => $workspace->getId()]));
 
-        $aclBoolQuery = new Query\BoolQuery();
         $rootQuery->addMust($aclBoolQuery);
         $shoulds = [];
 

databox/api/src/Security/Voter/AssetVoter.php

@@ -36,11 +36,6 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
         $userId = $user instanceof JwtUser ? $user->getId() : false;
         $isOwner = fn (): bool => $userId && $subject->getOwnerId() === $userId;
 
-        $workspace = $subject->getWorkspace();
-        if (!$this->security->isGranted(AbstractVoter::READ, $workspace)) {
-            return false;
-        }
-
         switch ($attribute) {
             case self::CREATE:
                 if (null !== $collection = $subject->getReferenceCollection()) {

databox/api/src/Security/Voter/CollectionVoter.php

@@ -41,9 +41,6 @@ private function doVote(string $attribute, Collection $subject, TokenInterface $
         $isOwner = fn (): bool => $userId && $subject->getOwnerId() === $userId;
 
         $workspace = $subject->getWorkspace();
-        if (!$this->security->isGranted(AbstractVoter::READ, $workspace)) {
-            return false;
-        }
 
         return match ($attribute) {
             self::CREATE => $subject->getParent() ? $this->security->isGranted(AbstractVoter::EDIT, $subject->getParent())

databox/client/src/components/Routing/router.tsx

@@ -1,7 +1,8 @@
 import React, {Component, FunctionComponent, useContext} from 'react';
-import {Navigate, Route} from 'react-router-dom';
-import {getPath, RouteDefinition} from "../../routes";
+import {Route} from 'react-router-dom';
+import {RouteDefinition} from "../../routes";
 import {UserContext} from "../Security/UserContext";
+import {useKeycloakUrls} from "../../lib/keycloak";
 
 type WrapperProps = {
     component: FunctionComponent<any>
@@ -12,16 +13,12 @@ function RouteProxy({
     public: isPublic,
 }: WrapperProps) {
     const {user} = useContext(UserContext);
+    const {getLoginUrl} = useKeycloakUrls();
 
     if (!isPublic && !user) {
-        const currentPath = getCurrentPath();
+        document.location.href = getLoginUrl();
 
-        return <Navigate
-            to={getPath('login')}
-            state={{
-                from: currentPath,
-            }}
-        />
+        return <></>
     }
 
     return <Component/>
@@ -67,7 +64,3 @@ export default function createRoute(
         />}
     />
 };
-
-function getCurrentPath(): string {
-    return window.location.href.replace(window.location.origin, '');
-}

expose/client/config-compiler.js

@@ -55,7 +55,7 @@
         keycloakUrl: env.KEYCLOAK_URL,
         realmName: env.KEYCLOAK_REALM_NAME,
         clientId: env.CLIENT_ID,
-        requestSignatureTtl: env.S3_REQUEST_SIGNATURE_TTL,
+        requestSignatureTtl: env.S3_REQUEST_SIGNATURE_TTL ? parseInt(env.S3_REQUEST_SIGNATURE_TTL) : 86400,
         disableIndexPage: ['true', '1', 'on'].includes(env.DISABLE_INDEX_PAGE),
     };
 });

expose/client/src/component/App.js

@@ -41,18 +41,18 @@ class App extends PureComponent {
     }
 
     render() {
-        const css = config.get('globalCSS');
+        const css = config.globalCSS;
 
         return <Router>
             {css && <style>
                 {css}
             </style>}
-            {config.get('displayServicesMenu') && <DashboardMenu
-                dashboardBaseUrl={config.get('dashboardBaseUrl')}
+            {config.displayServicesMenu && <DashboardMenu
+                dashboardBaseUrl={config.dashboardBaseUrl}
             />}
             <Switch>
                 <Route path="/auth" component={OAuthR}/>
-                {!config.get('disableIndexPage') && <Route path="/" exact component={PublicationIndex} />}
+                {!config.disableIndexPage && <Route path="/" exact component={PublicationIndex} />}
                 <Route path="/embed/:asset" exact render={({match: {params}}) => <EmbeddedAsset
                     id={params.asset}
                 />}/>

expose/client/src/component/ConfigWrapper.js

@@ -12,7 +12,8 @@ export default function ConfigWrapper() {
             .get(`/config`)
             .then((res) => {
                 Object.keys(res).forEach(k => {
-                    config.set(k, res[k]);
+                    // @ts-ignore bypass readonly
+                    config[k] = res[k];
                 });
 
                 setLoaded(true);

expose/client/src/component/Layout.js

@@ -16,7 +16,7 @@ class Layout extends PureComponent {
         super(props);
 
         this.state = {
-            displayMenu: config.get('sidebarDefaultOpen'),
+            displayMenu: config.sidebarDefaultOpen,
         }
     }
 
@@ -42,7 +42,7 @@ class Layout extends PureComponent {
                     {this.renderAuthenticated()}
                     <div className="p-3">
                         <h1>
-                            {!config.get('disableIndexPage') ? <Link to={'/'} className="logo">
+                            {!config.disableIndexPage ? <Link to={'/'} className="logo">
                                 <Logo/>
                             </Link> : <Logo/>}
                         </h1>

expose/client/src/component/Logo.js

@@ -2,12 +2,12 @@ import React from 'react';
 import config from '../lib/config';
 
 export function Logo() {
-    const title = config.get('clientLogoAlt') || 'Expose.';
+    const title = config.clientLogoAlt || 'Expose.';
 
-    if (config.get('clientLogoUrl')) {
+    if (config.clientLogoUrl) {
         return <div className="exp-logo">
                 <img
-                src={config.get('clientLogoUrl')}
+                src={config.clientLogoUrl}
                 alt={title}
             />
         </div>

expose/client/src/component/Publication.js

@@ -84,7 +84,7 @@ class Publication extends PureComponent {
 
             this.timeout && clearTimeout(this.timeout);
 
-            const ttl = config.get('requestSignatureTtl');
+            const ttl = config.requestSignatureTtl;
 
             if (!ttl) {
                 throw new Error(`Missing requestSignatureTtl`);

expose/client/src/component/layouts/gallery/GalleryLayout.js

@@ -154,7 +154,7 @@ class GalleryLayout extends React.Component {
     };
 
     render() {
-        const {assetId, data, options} = this.props;
+        const {data, options} = this.props;
         const {currentIndex} = this.state;
         const {
             assets,

expose/client/src/component/layouts/mapbox/MapboxLayout.js

@@ -12,7 +12,7 @@ import {logAssetView} from "../../../lib/log";
 import {getThumbPlaceholder} from "../shared-components/placeholders";
 
 export function initMapbox(mapContainer, {lng, lat, zoom}) {
-    mapboxgl.accessToken = config.get('mapBoxToken');
+    mapboxgl.accessToken = config.mapBoxToken;
 
     let map = new mapboxgl.Map({
         container: mapContainer,

expose/client/src/component/layouts/shared-components/PublicationHeader.js

@@ -23,7 +23,7 @@ export default class PublicationHeader extends PureComponent {
                 </div>}
                 <h1>{title}</h1>
                 {date ? <time>{moment(date).format('LLLL')}</time> : ''}
-                {assets.length > 0 && config.get('zippyEnabled') && <div style={{
+                {assets.length > 0 && config.zippyEnabled && <div style={{
                     position: 'absolute',
                     top: 0,
                     right: 0,
@@ -33,7 +33,7 @@ export default class PublicationHeader extends PureComponent {
             {description && <Description
                 descriptionHtml={description}
             />}
-            {data.downloadEnabled && config.get('zippyEnabled') && assets.length > 0 && <div className={'download-archive'}>
+            {data.downloadEnabled && config.zippyEnabled && assets.length > 0 && <div className={'download-archive'}>
                 <ZippyDownloadButton id={data.id} data={data} />
             </div>}
         </div>

expose/client/src/component/security/AuthenticationMethod.tsx

@@ -7,7 +7,7 @@ import {oauthClient} from "../../lib/api-client";
 type Props = {};
 
 function createLoginUrl(): string {
-    const autoConnectIdP = config.get('autoConnectIdP');
+    const autoConnectIdP = config.autoConnectIdP;
 
     setAuthRedirect(document.location.pathname);
 

expose/client/src/component/security/PublicationSecurityProxy.tsx

@@ -3,7 +3,6 @@ import {Publication} from "../../types";
 import {securityMethods} from "./methods";
 import FullPageLoader from "../FullPageLoader";
 import {logPublicationView} from "../../lib/log";
-import config from "../../lib/config";
 import {oauthClient} from "../../lib/api-client";
 
 type Props = PropsWithChildren<{

expose/client/src/component/themes/ThemeEditorProxy.js

@@ -10,7 +10,7 @@ class ThemeEditorProxy extends Component {
     };
 
     state = {
-        hidden: !config.get('devMode'),
+        hidden: !config.devMode,
     };
 
     static getDerivedStateFromProps(props, state) {

expose/client/src/lib/config.ts

@@ -1,34 +1,21 @@
 
 declare global {
     interface Window {
-        config: Record<string, any>;
+        config: {
+            locales: string[];
+            autoConnectIdP: string | undefined | null;
+            baseUrl: string;
+            keycloakUrl: string;
+            realmName: string;
+            clientId: string;
+            requestSignatureTtl: string;
+            disableIndexPage: string;
+            dashboardBaseUrl: string;
+            globalCSS: string | undefined;
+        };
     }
 }
 
-const configData = window.config;
-
-class Config {
-    get(key: string): any {
-        return configData[key];
-    }
-
-    set(key: string, value: any): void {
-        configData[key] = value;
-    }
-
-    getApiBaseUrl(): string {
-        return configData.baseUrl;
-    }
-
-    getAuthBaseUrl(): string {
-        return configData.authBaseUrl;
-    }
-
-    getClientId(): string {
-        return this.get('clientId');
-    }
-}
-
-const config = new Config();
+const config = window.config;
 
 export default config;