Merge branch 'hotfix/security-adjustment'

src/classes/api/endpoints/class-tainacan-rest-background-processes-controller.php

@@ -242,8 +242,9 @@ public function get_item( $request ) {
     }
 
     public function prepare_item_for_response($item, $request) {
-        $item->log = $this->get_log_url($item->ID, $item->action);
-        $item->error_log = $this->get_log_url($item->ID, $item->action, 'error');
+        $key_log = $item->bg_uuid ?? $item->ID;
+        $item->log = $this->get_log_url($key_log, $item->action);
+        $item->error_log = $this->get_log_url($key_log, $item->action, 'error');
         $nonce = wp_create_nonce( 'wp_rest' );
         $item->output = str_replace("&_wpnonce=[nonce]", "&_wpnonce=$nonce", $item->output);
         return $item;

src/classes/api/endpoints/class-tainacan-rest-exporters-controller.php

@@ -111,7 +111,7 @@ public function register_routes() {
 	 * @throws \Exception
 	 */
 	public function  export_permissions_check($request) {
-		return true;
+		return current_user_can('manage_tainacan');
 	}
 
 	public function get_registered_exporters() {

src/classes/api/endpoints/class-tainacan-rest-importers-controller.php

@@ -137,7 +137,7 @@ public function register_routes(){
 	 */
 	public function  import_permissions_check($request){
 		// TODO
-		return true;
+		return current_user_can('manage_tainacan');
 	}
 
 	/**

src/classes/class-tainacan-background-process.php

@@ -114,7 +114,8 @@ public function save($priority = 10) {
 					'action' => $this->action,
 					'name' => $this->get_name(),
 					'queued_on' => date('Y-m-d H:i:s'),
-					'status' => 'waiting'
+					'status' => 'waiting',
+					'bg_uuid' => uniqid(),
 				]
 			);
 			$this->ID = $wpdb->insert_id;
@@ -263,6 +264,7 @@ protected function get_batch() {
 		$batch->key  = $query->ID;
 		$batch->data = maybe_unserialize( $query->data );
 		$batch->status = $query->status;
+		$batch->bg_uuid = $query->bg_uuid;
 
 		if ($batch->status != 'running') {
 			$this->open($batch->key);
@@ -271,6 +273,33 @@ protected function get_batch() {
 		return $batch;
 	}
 
+
+	/**
+	 * Get batch by key ID
+	 *
+	 * @return stdClass Return the batch
+	 */
+	protected function get_batch_by_key($key) {
+		global $wpdb;
+
+		$table = $this->table;
+
+		$query = $wpdb->get_row( $wpdb->prepare( "
+			SELECT *
+			FROM {$table}
+			WHERE action = %s
+			AND ID = %s
+			LIMIT 1
+		", $this->action, $key  ) );
+
+		$batch       = new \stdClass();
+		$batch->key  = $query->ID;
+		$batch->data = maybe_unserialize( $query->data );
+		$batch->status = $query->status;
+		$batch->bg_uuid = $query->bg_uuid;		
+		return $batch;
+	}
+
 	/**
 	 * Handle
 	 *
@@ -428,10 +457,14 @@ protected function write_log_to_file($key, array $log, $type = '') {
 	}
 
 	protected function write_log($key, $log) {
-		$this->write_log_to_file($key, $log);
+		$batch = $this->get_batch_by_key($key);
+		$key_log = $batch->bg_uuid ?? $key;
+		$this->write_log_to_file($key_log, $log);
 	}
 	protected function write_error_log($key, $log) {
-		$this->write_log_to_file($key, $log, 'error');
+		$batch = $this->get_batch_by_key($key);
+		$key_log = $batch->bg_uuid ?? $key;
+		$this->write_log_to_file($key_log, $log, 'error');
 	}
 
 	private function recursive_stingify_log_array(array $log, $break = true) {

src/classes/exporter/class-tainacan-exporter.php

@@ -689,7 +689,6 @@ public function add_new_file($key) {
 		$upload_dir_info = wp_upload_dir();
 		$prefix = $this->get_id();
 		$upload_dir = trailingslashit( $upload_dir_info['basedir'] );
-		// $upload_url = trailingslashit( $upload_dir_info['baseurl'] );
 		$exporter_folder = 'tainacan/exporter';
 		$file_suffix = "{$exporter_folder}/{$prefix}_{$key}";
 

src/migrations.php

@@ -509,6 +509,20 @@ static function update_default_collections_orderby() {
 		);
 	}
 
+
+	static function alter_table_tnc_bg_process_add_uuid() {
+		global $wpdb;
+		// update default order by "creation_date" to "date"
+		$table_name = $wpdb->prefix . 'tnc_bg_process';
+		$column_exists = $wpdb->get_results(  "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '$table_name' AND column_name = 'bg_uuid'"  );
+
+	    if(empty($column_exists)) {
+			$wpdb->query("
+	        ALTER TABLE $table_name
+	        ADD bg_uuid text NULL
+	        ");
+		}
+	}
 }
 
 

src/readme.txt

@@ -1,21 +1,21 @@
 === Tainacan ===
-Contributors: andrebenedito, daltonmartins, fabianobn, jacsonp, leogermani, weryques, wetah, eduardohumberto, ravipassos, jessicafpx, marinagiolo, omarceloavila, vnmedeiros, tainacan, r-guimaraes, suelanesilva, ccaio, alanargomes, ateneagarcia123, rodrigo0freire, clarandreozzi
-Tags: museums, libraries, archives, GLAM, collections, repository
+Contributors: andrebenedito, daltonmartins, fabianobn, jacsonp, leogermani, weryques, wetah, eduardohumberto, ravipassos, jessicafpx, marinagiolo, omarceloavila, vnmedeiros, tainacan, suelanesilva, ccaio, alanargomes, ateneagarcia123, rodrigo0freire, clarandreozzi
+Tags: museums, archives, GLAM, collections, repository
 Requires at least: 5.9
 Tested up to: 6.4
 Requires PHP: 7.0
-Stable tag: 0.20.7
+Stable tag: 0.20.8
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
 
-Tainacan is an open-source, powerful and flexible digital repository platform for WordPress. With all the tools of a professional repository platform, you can manage and publish your digital collections as easily as posting to your blog. It is versatile and can be used to create a digital collection, a digital library or a digital repository for your institutional or personal collection.
+Tainacan is an open-source, powerful and flexible digital repository platform for WordPress. 
 
 == Description ==
 
 [Tainacan](https://tainacan.org/) is an [open-source](https://github.com/tainacan/tainacan), powerful and flexible digital repository platform for WordPress. Manage and publish your digital collections just as easily as you post to your blog, having all the tools of a professional repository platform. It can be used for the creation of a digital collection, a digital library or a digital repository for your institutional or personal collection.
 
-Tainacan aims to facilitate the activities of organizing, documenting, disseminating and displaying digital objects based on simple and accessible principles of digital curation. The plugin integrates with the WordPress block engine, making it easy to reuse objects for different and varied uses.
+Tainacan aims to facilitate the activities of organizing, documenting, disseminating and displaying digital objects based on simple and accessible principles of digital curation. The plugin integrates with the WordPress block engine, making it easy to reuse objects for different and varied uses. You can manage and publish your digital collections as easily as posting to your blog. It is versatile and can be used to create a digital collection, a digital library or a digital repository for your institutional or personal collection.
 
 
 

src/tainacan.php

@@ -5,17 +5,17 @@
 Description: Open source, powerful and flexible repository platform for WordPress. Manage and publish you digital collections as easily as publishing a post to your blog, while having all the tools of a professional repository platform.
 Author: Tainacan.org
 Author URI: https://tainacan.org/
-Version: 0.20.7
+Version: 0.20.8
 Requires at least: 5.9
 Tested up to: 6.4
 Requires PHP: 7.0
-Stable tag: 0.20.7
+Stable tag: 0.20.8
 Text Domain: tainacan
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 */
 
-const TAINACAN_VERSION = '0.20.7';
+const TAINACAN_VERSION = '0.20.8';
 
 defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
 $TAINACAN_BASE_URL = plugins_url('', __FILE__);

src/views/admin/components/navigation/primary-menu.vue

@@ -103,7 +103,7 @@
                         <span class="menu-text">{{ $i18n.get('capabilities') }}</span>
                     </router-link>
                 </li>
-                <li v-if="!$adminOptions.hidePrimaryMenuImportersButton">
+                <li v-if="!$adminOptions.hidePrimaryMenuImportersButton && $userCaps.hasCapability('manage_tainacan')">
                     <router-link
                             tag="a"
                             to="/importers"
@@ -118,7 +118,7 @@
                         <span class="menu-text menu-text-import">{{ $i18n.get('importers') }}</span>
                     </router-link>
                 </li>
-                <li v-if="!$adminOptions.hidePrimaryMenuExportersButton">
+                <li v-if="!$adminOptions.hidePrimaryMenuExportersButton && $userCaps.hasCapability('manage_tainacan')">
                     <router-link
                             tag="a"
                             to="/exporters"

src/views/admin/components/navigation/tainacan-repository-subheader.vue

@@ -51,12 +51,11 @@
         </h1>
 
         <ul class="repository-subheader-icons">
-            <li>
+            <li v-if="!isRepositoryLevel && !$adminOptions.hideRepositorySubheaderExportButton && $userCaps.hasCapability('manage_tainacan')">
                 <a
                         @click="openAvailableExportersModal"
                         class="button"
                         id="exporter-collection-button"
-                        v-if="!isRepositoryLevel && !$adminOptions.hideRepositorySubheaderExportButton"
                         :aria-label="$i18n.get('exporters')">
                     <span class="icon">
                         <i class="tainacan-icon tainacan-icon-1-25em tainacan-icon-export"/>

src/views/admin/pages/home-page.vue

@@ -88,7 +88,7 @@
                             <span class="menu-text">{{ $i18n.get('title_repository_activities_page') }}</span>
                         </router-link>
                     </li>
-                    <li v-if="!$adminOptions.hideHomeImportersButton">
+                    <li v-if="!$adminOptions.hideHomeImportersButton && $userCaps.hasCapability('manage_tainacan')">
                         <router-link
                                 tag="a"
                                 to="/importers">
@@ -98,7 +98,7 @@
                             <span class="menu-text menu-text-import">{{ $i18n.get('importers') }}</span>
                         </router-link>
                     </li>
-                    <li v-if="!$adminOptions.hideHomeExportersButton">
+                    <li v-if="!$adminOptions.hideHomeExportersButton && $userCaps.hasCapability('manage_tainacan')">
                         <router-link
                                 tag="a"
                                 to="/exporters">

src/views/admin/pages/lists/collections-page.vue

@@ -41,7 +41,9 @@
                             <small class="is-small">{{ $i18n.get('info_preset_collections') }}</small>
                         </div>
                     </b-dropdown-item>
-                    <b-dropdown-item aria-role="listitem">
+                    <b-dropdown-item 
+                            v-if="$userCaps.hasCapability('manage_tainacan')"
+                            aria-role="listitem">
                         <div
                                 id="a-import-collection"
                                 tag="div"

src/views/admin/pages/lists/items-page.vue

@@ -188,7 +188,7 @@
                         </router-link>
                     </b-dropdown-item>
                     <b-dropdown-item 
-                            v-if="!$adminOptions.hideItemsListCreationDropdownImport"
+                            v-if="!$adminOptions.hideItemsListCreationDropdownImport && $userCaps.hasCapability('manage_tainacan')"
                             aria-role="listitem">
                         <div
                                 id="a-import-items"