v0.15.0 (see NEWS)

Author: nondeterministic

.gitlab-ci.yml

@@ -1,4 +1,4 @@
-image: openjdk:11.0.14.1-jdk
+image: eclipse-temurin:11
 
 services: 
   - postgres:11

NEWS

@@ -1,8 +1,41 @@
-  ___   ___  ____  _____ ____    _   _ _______        ______  
- / _ \ / _ \|  _ \| ____|  _ \  | \ | | ____\ \      / / ___| 
-| | | | | | | |_) |  _| | |_) | |  \| |  _|  \ \ /\ / /\___ \ 
-| |_| | |_| |  _ <| |___|  __/  | |\  | |___  \ V  V /  ___) |
- \___/ \___/|_| \_\_____|_|     |_| \_|_____|  \_/\_/  |____/ 
+
+   ██████╗  ██████╗ ██████╗ ███████╗██████╗
+  ██╔═══██╗██╔═══██╗██╔══██╗██╔════╝██╔══██╗
+  ██║   ██║██║   ██║██████╔╝█████╗  ██████╔╝
+  ██║   ██║██║   ██║██╔══██╗██╔══╝  ██╔═══╝
+  ╚██████╔╝╚██████╔╝██║  ██║███████╗██║
+   ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═╝
+     ███╗   ██╗███████╗██╗    ██╗███████╗
+     ████╗  ██║██╔════╝██║    ██║██╔════╝
+     ██╔██╗ ██║█████╗  ██║ █╗ ██║███████╗
+     ██║╚██╗██║██╔══╝  ██║███╗██║╚════██║
+     ██║ ╚████║███████╗╚███╔███╔╝███████║
+     ╚═╝  ╚═══╝╚══════╝ ╚══╝╚══╝ ╚══════╝
+
+v0.15.0                    Sa 16. Sep 13:36:29 CEST 2023
+--------------------------------------------------------
+- Main features:
+  - Change of database schema (not a user visible one, but
+    warrants for a new version number)
+
+- Minor improvements and changes:
+  - Add "Clone case" button for logged-in users
+  - Add icons to case buttons for logged-in users
+  - Replace deprecated OpenJDK docker image with Eclipse Temurin image
+  - Update to ScalaJS 1.13.2 and Scala 2.13.11
+  - Update a lot of other library and plugin versions (too many to
+    mention them all explicitly here; cf. a diff, if you care)
+  - New light-weight wrapper around the ScalaJS networking code
+    as to reduce dependencies to third-party networking libraries
+  - Define access level for users to determine which resources
+    (repositories, materia medicas) they have access to
+
+- Bug fixes:
+  - Opening of LARGE cases did not work
+  - Edit new case dialog would not enable or disable the
+    submit and cancel buttons appropriately
+  - OOREP would often crash after any kind of network transmission
+    error, whereas now it fails more gracefully
 
 v0.14.2                    Mo 15. Mai 18:31:05 CEST 2023
 --------------------------------------------------------

README.md

@@ -39,7 +39,7 @@ intended for any production environments or the like without further modificatio
 
 #### Prerequisites
 
-* Java SDK >= 8
+* Java SDK versions 8 or 11
 * Scala Build Tool SBT >= 1.3.0
 * A PostgreSQL database server >= 9.6
 

backend/app/org/multics/baueran/frep/backend/controllers/Get.scala

@@ -51,13 +51,13 @@ class Get @Inject()(cc: ControllerComponents, dbContext: DBContext) extends Abst
       case None =>
         Logger.error("Get: login() not completed successfully: sending user to logout to be safe.")
         Redirect(sys.env.get("OOREP_URL_LOGOUT").getOrElse(""))
-      case Some(uid) =>
-        memberDao.increaseLoginCounter(uid)
-        memberDao.setLastSeen(uid, new MyDate())
-        Logger.debug(s"Get: login() completed for user ${uid.toString}.")
+      case Some(member) =>
+        memberDao.increaseLoginCounter(member.member_id)
+        memberDao.setLastSeen(member.member_id, new MyDate())
+        Logger.debug(s"Get: login() completed for user ${member.member_id.toString}.")
         Redirect(serverUrl(request))
           .withCookies(
-            Cookie(CookieFields.id.toString, uid.toString, secure = true, httpOnly = false),
+            Cookie(CookieFields.id.toString, member.member_id.toString, secure = true, httpOnly = false),
             Cookie(CookieFields.cookiePopupAccepted.toString, "1", secure = true, httpOnly = false)
           )
     }
@@ -99,13 +99,13 @@ class Get @Inject()(cc: ControllerComponents, dbContext: DBContext) extends Abst
   def serve_static_html(page: String) = Action { implicit request: Request[AnyContent] =>
     page match {
       case "index" => Ok(views.html.index_landing(request))
-      case "cookies" => Ok(views.html.index_static_content(request, views.html.partial.cookies.render, "OOREP - Privacy policy"))
-      case "contact" => Ok(views.html.index_static_content(request, views.html.partial.contact.render, "OOREP - Contact"))
-      case "datenschutz" => Ok(views.html.index_static_content(request, views.html.partial.datenschutz.render, "OOREP - Datenschutzerklärung"))
-      case "faq" => Ok(views.html.index_static_content(request, views.html.partial.faq.render, "OOREP - Frequently asked questions and answers"))
-      case "forgot_password" => Ok(views.html.index_static_content(request, views.html.partial.forgot_password.render, s"OOREP ${xml.Utility.escape("—")} open online homeopathic repertory"))
-      case "impressum" => Ok(views.html.index_static_content(request, views.html.partial.impressum.render, "OOREP - Impressum", "de"))
-      case "register" => Ok(views.html.index_static_content(request, views.html.partial.register.render, "OOREP - Registration"))
+      case "cookies" => Ok(views.html.index_static_content(request, views.html.partial.cookies.render(), "OOREP - Privacy policy"))
+      case "contact" => Ok(views.html.index_static_content(request, views.html.partial.contact.render(), "OOREP - Contact"))
+      case "datenschutz" => Ok(views.html.index_static_content(request, views.html.partial.datenschutz.render(), "OOREP - Datenschutzerklärung"))
+      case "faq" => Ok(views.html.index_static_content(request, views.html.partial.faq.render(), "OOREP - Frequently asked questions and answers"))
+      case "forgot_password" => Ok(views.html.index_static_content(request, views.html.partial.forgot_password.render(), s"OOREP ${xml.Utility.escape("—")} open online homeopathic repertory"))
+      case "impressum" => Ok(views.html.index_static_content(request, views.html.partial.impressum.render(), "OOREP - Impressum", "de"))
+      case "register" => Ok(views.html.index_static_content(request, views.html.partial.register.render(), "OOREP - Registration"))
       case _ => NotFound(views.html.defaultpages.notFound("GET", page))
     }
   }
@@ -150,8 +150,8 @@ class Get @Inject()(cc: ControllerComponents, dbContext: DBContext) extends Abst
 
   def apiAuthenticate() = Action { request: Request[AnyContent] =>
     getAuthenticatedUser(request) match {
-      case Some(uid) =>
-        Ok(uid.toString)
+      case Some(member) =>
+        Ok(member.member_id.toString)
       case None =>
         val errStr = s"Get: apiAuthenticate(): User cannot be authenticated."
         Logger.error(errStr)
@@ -164,11 +164,11 @@ class Get @Inject()(cc: ControllerComponents, dbContext: DBContext) extends Abst
   }
 
   def apiAvailableRepertoriesAndRemedies() = Action { request: Request[AnyContent] =>
-    Ok((repertoryDao.getRepsAndRemedies(getAuthenticatedUser(request) != None).asJson.toString))
+    Ok((repertoryDao.getRepsAndRemedies(getAuthenticatedUser(request)).asJson.toString))
   }
 
   def apiAvailableMateriaMedicasAndRemedies() = Action { request: Request[AnyContent] =>
-    Ok(mmDao.getMMsAndRemedies(getAuthenticatedUser(request) != None).asJson.toString())
+    Ok(mmDao.getMMsAndRemedies(getAuthenticatedUser(request)).asJson.toString())
   }
 
   /**
@@ -180,7 +180,7 @@ class Get @Inject()(cc: ControllerComponents, dbContext: DBContext) extends Abst
         val errStr = "Get: apiSecAvailableFiles() failed: not authenticated"
         Logger.error(errStr)
         Unauthorized(errStr)
-      case Some(uid) =>
+      case Some(_) =>
         if (!isUserAuthorized(request, memberId)) {
           val err = s"Get: apiSecAvailableFiles() failed: not authorised"
           Logger.error(err)
@@ -218,9 +218,9 @@ class Get @Inject()(cc: ControllerComponents, dbContext: DBContext) extends Abst
 
   def apiSecGetCase(caseId: String) = Action { request: Request[AnyContent] =>
     getAuthenticatedUser(request) match {
-      case Some(uid) if (caseId.forall(_.isDigit)) => {
+      case Some(member) if (caseId.forall(_.isDigit)) => {
         cazeDao.get(caseId.toInt) match {
-          case Right(caze) if (caze.member_id == uid) =>
+          case Right(caze) if (caze.member_id == member.member_id) =>
             if (!isUserAuthorized(request, caze.member_id)) {
               val err = s"Get: apiSecGetCase() failed: not authorised."
               Logger.error(err)
@@ -291,7 +291,7 @@ class Get @Inject()(cc: ControllerComponents, dbContext: DBContext) extends Abst
       val cleanedUpAbbrev = repertoryAbbrev.replaceAll("[^0-9A-Za-z\\-]", "")
 
       // Check if user is allowed to access the resource at all (might be Private or Protected and user not logged in)
-      if (repertoryDao.getRepsAndRemedies(getAuthenticatedUser(request) != None).find(_.info.abbrev == cleanedUpAbbrev) == None) {
+      if (repertoryDao.getRepsAndRemedies(getAuthenticatedUser(request)).find(_.info.abbrev == cleanedUpAbbrev) == None) {
         Logger.info(s"Get: apiLookupRep(abbrev: ${repertoryAbbrev}, symptom: ${symptom}, page: ${page}, remedy: ${remedyString}, weight: ${minWeight}): user not allowed to access ressource.")
         NoContent
       }
@@ -317,7 +317,7 @@ class Get @Inject()(cc: ControllerComponents, dbContext: DBContext) extends Abst
       val cleanedUpAbbrev = mmAbbrev.replaceAll("[^0-9A-Za-z\\-]", "")
 
       // Check if user is allowed to access the resource at all (might be Private or Protected and user not logged in)
-      if (mmDao.getMMsAndRemedies(getAuthenticatedUser(request) != None).find(_.mminfo.abbrev == cleanedUpAbbrev) == None) {
+      if (mmDao.getMMsAndRemedies(getAuthenticatedUser(request)).find(_.mminfo.abbrev == cleanedUpAbbrev) == None) {
         Logger.info(s"Get: apiLookupMM(abbrev: ${mmAbbrev}, symptom: ${symptom}, page: ${page}, remedy: ${remedyString}): user not allowed to access ressource.")
         NoContent
       }

backend/app/org/multics/baueran/frep/backend/controllers/package.scala

@@ -2,6 +2,7 @@ package org.multics.baueran.frep.backend
 
 import play.api.mvc._
 import org.multics.baueran.frep.backend.dao.{CazeDao, EmailHistoryDao, FileDao, MMDao, MemberDao, PasswordChangeRequestDao, RepertoryDao}
+import org.multics.baueran.frep.shared.Member
 
 package object controllers {
 
@@ -34,11 +35,11 @@ package object controllers {
     *         as in the DB.  This indicates that the user has prior logged in to the system.
     */
 
-  def getAuthenticatedUser(request: Request[AnyContent]): Option[Int] = {
+  def getAuthenticatedUser(request: Request[AnyContent]): Option[Member] = {
     request.headers.get("X-Remote-User") match {
       case Some(uidStr) if (uidStr.length > 0 && uidStr.forall(_.isDigit)) =>
         Logger.debug(s"getAuthenticatedUser: SUCCESS: uid: ${uidStr}.")
-        return Some(uidStr.toInt)
+        return memberDao.get(uidStr.toInt)
       case Some(uidStr) if (uidStr.length == 0) =>
         Logger.debug(s"getAuthenticatedUser: DEBUG: uid: ${uidStr}.")
       case _ =>
@@ -60,7 +61,7 @@ package object controllers {
 
   def isUserAuthorized(request: Request[AnyContent], tries_to_access_data_of_member_id: Int) = {
     getAuthenticatedUser(request) match {
-      case Some(uid) => uid == tries_to_access_data_of_member_id
+      case Some(member) => member.member_id == tries_to_access_data_of_member_id
       case None => false
     }
   }

backend/app/org/multics/baueran/frep/backend/dao/CazeDao.scala

@@ -3,7 +3,7 @@ package org.multics.baueran.frep.backend.dao
 import org.multics.baueran.frep._
 import backend.db
 import shared.{BetterString, CaseRubric, Caze}
-import io.getquill.{ActionReturning, Query, Update}
+import io.getquill.{ActionReturning, Query, Quoted, Update}
 
 class CazeDao(dbContext: db.db.DBContext) {
 
@@ -34,7 +34,7 @@ class CazeDao(dbContext: db.db.DBContext) {
       // Insert case result IDs
       val rawQuery = quote {
         (id: Int, crs: List[Int]) =>
-          infix"""UPDATE caze SET results=$crs WHERE id=$id"""
+          sql"""UPDATE caze SET results=$crs WHERE id=$id"""
             .as[Update[Caze]]
       }
       run(rawQuery(lift(newId), lift(caseResultIds)))
@@ -59,7 +59,7 @@ class CazeDao(dbContext: db.db.DBContext) {
     else {
       val rawQuery = quote {
         // Notice the '#' in front for dynamic infix queries! It is, sort of, the alternative to lift(...).
-        infix"""SELECT id, header, member_id, date_, description, results FROM caze WHERE id IN (#${ids.mkString(", ")})"""
+        sql"""SELECT id, header, member_id, date_, description, results FROM caze WHERE id IN (#${ids.mkString(", ")})"""
           .as[Query[RawCaze]]
       }
 
@@ -198,7 +198,7 @@ class CazeDao(dbContext: db.db.DBContext) {
         // Add case result ids to case
         val rawQuery = quote {
           (id: Int, crs: List[Int]) =>
-            infix"""UPDATE caze SET results=results || $crs WHERE id=$id"""
+            sql"""UPDATE caze SET results=results || $crs WHERE id=$id"""
               .as[Update[Caze]]
         }
         val numberOfUpdates = run(rawQuery(lift(caseId), lift(caseResultIds)))
@@ -228,7 +228,7 @@ class CazeDao(dbContext: db.db.DBContext) {
         val leftOverCaseResultIds: List[Int] = caze.results.toSet.filterNot(deletedCaseResultIds.toSet).asInstanceOf[Set[Int]].toList
         val rawQuery = quote {
           (id: Int, crs: List[Int]) =>
-            infix"""UPDATE caze SET results=$crs WHERE id=$id"""
+            sql"""UPDATE caze SET results=$crs WHERE id=$id"""
               .as[Update[Caze]]
         }
 

backend/app/org/multics/baueran/frep/backend/dao/FileDao.scala

@@ -119,7 +119,7 @@ class FileDao(dbContext: db.db.DBContext) {
           // Add case id to file
           val rawQuery = quote {
             (localId: Int, localCazeId: Int) =>
-              infix"""UPDATE file SET case_ids=case_ids || $localCazeId WHERE id=$localId"""
+              sql"""UPDATE file SET case_ids=case_ids || $localCazeId WHERE id=$localId"""
                 .as[Update[Caze]]
           }
           if (run(rawQuery(lift(fileId), lift(foundCase.id))) > 0) {

backend/app/org/multics/baueran/frep/backend/dao/MMDao.scala

@@ -1,7 +1,7 @@
 package org.multics.baueran.frep.backend.dao
 
 import io.getquill.Query
-import org.multics.baueran.frep.shared.{HitsPerRemedy, MMAllSearchResults, MMAndRemedyIds, MMChapter, MMInfo, MMSearchResult, MMSection, MyDate, Remedies, Remedy, RemedyEntered, SearchTerms}
+import org.multics.baueran.frep.shared.{HitsPerRemedy, MMAllSearchResults, MMAndRemedyIds, MMChapter, MMInfo, MMSearchResult, MMSection, Member, MyDate, Remedies, Remedy, RemedyEntered, SearchTerms}
 import org.multics.baueran.frep.backend.db
 import org.multics.baueran.frep.shared.Defs.{ResourceAccessLvl, maxNumberOfResultsPerMMPage, maxNumberOfSymptoms}
 
@@ -19,7 +19,7 @@ class MMDao(dbContext: db.db.DBContext) {
       return List()
 
     run {
-      infix"""SELECT remedy.id, remedy.nameabbrev, remedy.namelong, remedy.namealt
+      sql"""SELECT remedy.id, remedy.nameabbrev, remedy.namelong, remedy.namealt
                  FROM remedy
                     JOIN mmchapter ON remedy_id=remedy.id
                     JOIN mminfo ON mminfo_id=mminfo.id AND mminfo.abbrev='#${cleanedAbbrev}'
@@ -37,7 +37,7 @@ class MMDao(dbContext: db.db.DBContext) {
     * So a translator class TmpMMsAndRemedies was necessary - and needs to be adapted, in
     * case the content of the other tables changes, of course.)
     */
-  def getMMsAndRemedies(isUserLoggedIn: Boolean): List[MMAndRemedyIds] = {
+  def getMMsAndRemedies(loggedInMember: Option[Member]): List[MMAndRemedyIds] = {
     case class TmpMMsAndRemedies(id: Int,
                               abbrev: String,
                               lang: Option[String],
@@ -60,7 +60,7 @@ class MMDao(dbContext: db.db.DBContext) {
 
     val tmpResults = run {
       quote {
-        infix"""SELECT mminfo.id, mminfo.abbrev, mminfo.lang, mminfo.fulltitle, mminfo.authorlastname, mminfo.authorfirstname,
+        sql"""SELECT mminfo.id, mminfo.abbrev, mminfo.lang, mminfo.fulltitle, mminfo.authorlastname, mminfo.authorfirstname,
                        mminfo.publisher, mminfo.yearr, mminfo.license, mminfo.access, mminfo.displaytitle, ARRAY_AGG(remedy_id) remedy_ids
                  FROM mmchapter
                     JOIN mminfo ON mmchapter.mminfo_id = mminfo.id GROUP BY (mminfo.abbrev, mminfo.access)"""
@@ -74,10 +74,17 @@ class MMDao(dbContext: db.db.DBContext) {
         r.remedy_ids)
     )
 
-    if (isUserLoggedIn)
-      tmpResults.filter(result => result.mminfo.access != ResourceAccessLvl.Private.toString)
-    else
-      tmpResults.filter(result => result.mminfo.access == ResourceAccessLvl.Public.toString || result.mminfo.access == ResourceAccessLvl.Default.toString)
+    loggedInMember match {
+      case Some(member) =>
+        if (member.access.getOrElse("") == ResourceAccessLvl.Private.toString)
+          tmpResults
+        else if (member.access.getOrElse("") == ResourceAccessLvl.Protected.toString)
+          tmpResults.filter(result => result.mminfo.access != ResourceAccessLvl.Private.toString)
+        else
+          tmpResults.filter(result => result.mminfo.access == ResourceAccessLvl.Public.toString || result.mminfo.access == ResourceAccessLvl.Default.toString)
+      case None =>
+        tmpResults.filter(result => result.mminfo.access == ResourceAccessLvl.Public.toString || result.mminfo.access == ResourceAccessLvl.Default.toString)
+    }
   }
 
   /**
@@ -193,7 +200,7 @@ class MMDao(dbContext: db.db.DBContext) {
             .join(query[MMInfo]).on({ case ((s, c), i) => i.id == c.mminfo_id && i.abbrev == lift(abbrev) })
             .join(query[Remedy]).on({ case (((s,c), i), r) => r.id == c.remedy_id &&
             ( r.nameLong.toLowerCase.startsWith(lift(lowerRemedyName)) ||
-              infix"""lower(array_to_string(${r.namealt}, ', '))""".as[String].like(lift(s"%${lowerRemedyName}%")) ) })
+              sql"""lower(array_to_string(${r.namealt}, ', '))""".as[String].like(lift(s"%${lowerRemedyName}%")) ) })
             .filter { case (((s, c), i), r) =>
               s.content.getOrElse("").toLowerCase.like(lift(s"%${approximateSearchTerm}%")) || s.heading.getOrElse("").toLowerCase.like(lift(s"%${approximateSearchTerm}%"))
             }
@@ -215,7 +222,7 @@ class MMDao(dbContext: db.db.DBContext) {
             .join(query[MMInfo]).on({ case ((s, c), i) => i.id == c.mminfo_id && i.abbrev == lift(abbrev) })
             .join(query[Remedy]).on({ case (((s,c), i), r) => r.id == c.remedy_id &&
             ( r.nameLong.toLowerCase.startsWith(lift(lowerRemedyName)) ||
-              infix"""lower(array_to_string(${r.namealt}, ', '))""".as[String].like(lift(s"%${lowerRemedyName}%")) ) })
+              sql"""lower(array_to_string(${r.namealt}, ', '))""".as[String].like(lift(s"%${lowerRemedyName}%")) ) })
             .filter(_ => true)
         }).collect { case (((s, c), i), r) => (s, c)}
       }

backend/app/org/multics/baueran/frep/backend/dao/MemberDao.scala

@@ -8,22 +8,25 @@ class MemberDao(dbContext: db.db.DBContext) {
 
   import dbContext._
 
-  private val tableMember = quote { querySchema[Member]("Member", _.member_id -> "member_id") }
+  private val tableMember = quote { query[Member] }
 
   // Stores the hash of `password` in the member table of database
   def updatePassword(password: String, id: Int) = {
     val rawInsert = quote {
-      infix"""UPDATE member SET hash=(crypt('#${password}', gen_salt('bf'))) WHERE member_id=#${id}"""
+      sql"""UPDATE member SET hash=(crypt('#${password}', gen_salt('bf'))) WHERE member_id=#${id}"""
         .as[Update[Member]]
     }
     run(rawInsert)
   }
 
-  def get(id: Int) = {
+  def get(id: Int): Option[Member] = {
     val select = quote {
       tableMember.filter(_.member_id == lift(id))
     }
-    run(select)
+    run(select) match {
+      case member :: Nil => Some(member)
+      case _ => None
+    }
   }
 
   def getFromEmail(email: String) = {