From afabaece878302c5b2c78414ede66509e6059f61 Mon Sep 17 00:00:00 2001 From: Bogdanova Olga Date: Fri, 13 Nov 2020 11:35:50 +0300 Subject: [PATCH 1/4] Fixed initial setup --- config/vanilla/bootstrap.early.php | 101 +----------------- config/vanilla/config.php | 96 +++++++++++++---- docker-compose.dev.yml | 2 + me.vanilla.env | 50 +++++++++ .../dashboard/models/class.rolemodel.php | 24 +++-- .../dashboard/settings/class.hooks.php | 63 ++++++----- 6 files changed, 177 insertions(+), 159 deletions(-) create mode 100644 me.vanilla.env diff --git a/config/vanilla/bootstrap.early.php b/config/vanilla/bootstrap.early.php index c81bdcd..02072db 100644 --- a/config/vanilla/bootstrap.early.php +++ b/config/vanilla/bootstrap.early.php @@ -1,104 +1,5 @@ sql(); - - // Cache Settings - saveToConfig('Cache.Enabled', getenv('CACHE_ENABLED'), true); - saveToConfig('Cache.Method', getenv('CACHE_METHOD'), 'dirtycache'); - saveToConfig('memcached.Store', getenv('MEMCACHED_SERVER'), 'localhost:11211'); - - saveToConfig('Garden.Email.SupportName', getenv('MAIL_FROM_NAME') ); - saveToConfig('Garden.Email.SupportAddress', getenv('MAIL_FROM_ADDRESS')); - saveToConfig('Garden.Email.UseSmtp', getenv('MAIL_USE_SMTP')); - saveToConfig('Garden.Email.SmtpHost', getenv('MAIL_SMTP_HOSTNAME')); - saveToConfig('Garden.Email.SmtpUser', getenv('MAIL_SMTP_USERNAME')); - saveToConfig('Garden.Email.SmtpPassword', getenv('MAIL_SMTP_PASSWORD')); - saveToConfig('Garden.Email.SmtpPort', getenv('MAIL_SMTP_PORT')); - saveToConfig('Garden.Email.SmtpSecurity', getenv('MAIL_SMTP_SECURITY')); - - // Appearance - saveToConfig('Garden.Theme', 'topcoder-theme', false); - saveToConfig('Garden.MobileTheme', 'topcoder-theme', false); - saveToConfig('Feature.NewFlyouts.Enabled', true); - - // Feature - saveToConfig('Garden.EditContentTimeout', -1, false); - - // Profile settings - saveToConfig('Garden.Profile.EditPhotos', false); - - // Add settings for the Topcoder plugin - saveToConfig('Plugins.Topcoder.BaseApiURL', getenv('TOPCODER_PLUGIN_BASE_API_URL'),false); - saveToConfig('Plugins.Topcoder.MemberApiURI', getenv('TOPCODER_PLUGIN_MEMBER_API_URI'),false); - saveToConfig('Plugins.Topcoder.RoleApiURI', getenv('TOPCODER_PLUGIN_ROLE_API_URI'),false); - saveToConfig('Plugins.Topcoder.ResourceRolesApiURI', '/v5/resource-roles', false); - saveToConfig('Plugins.Topcoder.ResourcesApiURI', '/v5/resources', false); - saveToConfig('Plugins.Topcoder.MemberProfileURL', getenv('TOPCODER_PLUGIN_MEMBER_PROFILE_URL'), false); // prod: - saveToConfig('Plugins.Topcoder.UseTopcoderAuthToken', getenv('TOPCODER_PLUGIN_USE_AUTH_TOKEN'), false); - - saveToConfig('Plugins.Topcoder.ValidIssuers', str_replace(["[", "]", "\\", "\"", " "], '', getenv('VALID_ISSUERS'))); - - //Add settings for Topcoder M2M Auth0 - saveToConfig('Plugins.Topcoder.M2M.Auth0Audience', getenv('AUTH0_AUDIENCE')); - saveToConfig('Plugins.Topcoder.M2M.Auth0ClientId', getenv('AUTH0_CLIENT_ID')); - saveToConfig('Plugins.Topcoder.M2M.Auth0ClientSecret', getenv('AUTH0_CLIENT_SECRET')); - saveToConfig('Plugins.Topcoder.M2M.Auth0Url', getenv('AUTH0_URL')); - saveToConfig('Plugins.Topcoder.M2M.Auth0ProxyServerUrl', getenv('AUTH0_PROXY_SERVER_URL')); - - //Add settings for Topcoder SSO Auth0 - saveToConfig('Plugins.Topcoder.SSO.Auth0Domain', getenv('TOPCODER_PLUGIN_SSO_AUTH0DOMAIN')); - saveToConfig('Plugins.Topcoder.SSO.AuthorizationURI', '/v3/authorizations/1'); - saveToConfig('Plugins.Topcoder.SSO.CookieName', 'v3jwt',false); - saveToConfig('Plugins.Topcoder.SSO.TopcoderRS256.ID', getenv('TOPCODER_PLUGIN_SSO_TOPCODER_RS256_ID'), false); - saveToConfig('Plugins.Topcoder.SSO.TopcoderHS256.ID', getenv('TOPCODER_PLUGIN_SSO_TOPCODER_HS256_ID'), false); - - saveToConfig('Plugins.Topcoder.SSO.TopcoderHS256.Secret', getenv('TOPCODER_HS256_SECRET') ); - saveToConfig('Plugins.Topcoder.SSO.TopcoderRS256.UsernameClaim', 'nickname',false); - saveToConfig('Plugins.Topcoder.SSO.TopcoderHS256.UsernameClaim', 'handle',false); - $topcoderSSOAuth0Url = getenv('TOPCODER_PLUGIN_SSO_REFRESHTOKENURL'); - saveToConfig('Plugins.Topcoder.SSO.RefreshTokenURL', $topcoderSSOAuth0Url,false); - $signInUrl = getenv('TOPCODER_PLUGIN_SIGNIN_URL'); - $signOutUrl = getenv('TOPCODER_PLUGIN_SIGNOUT_URL'); - if($signInUrl === false) { - $signInUrl =$topcoderSSOAuth0Url.'?retUrl='.urlencode('https://'.$_SERVER['SERVER_NAME'].'/'); - } - if($signOutUrl === false) { - $signOutUrl =$topcoderSSOAuth0Url.'?logout=true&retUrl='.urlencode('https://'.$_SERVER['SERVER_NAME'].'/'); - } - saveToConfig('Plugins.Topcoder.AuthenticationProvider.SignInUrl', $signInUrl,false); - saveToConfig('Plugins.Topcoder.AuthenticationProvider.SignOutUrl', $signOutUrl,false); - saveToConfig('Plugins.Topcoder.AuthenticationProvider.RegisterUrl', getenv('TOPCODER_PLUGIN_AUTHENTICATIONPROVIDER_REGISTERURL'),false); - - // Filestack - saveToConfig('Plugins.Filestack.ApiKey', getenv('FILESTACK_API_KEY'),false); - - // SumoLogic - saveToConfig('Plugins.Sumologic.HttpSourceURL', '',false); - saveToConfig('Plugins.Sumologic.BatchSize', '10',false); - - // Add settings for the Editor plugin - if(c('Plugins.editor.ForceWysiwyg') === false) { - saveToConfig('Plugins.editor.ForceWysiwyg', false); - } - - // Add settings for the Syntax Prettifier plugin - if(c('Plugins.GooglePrettify.LineNumbers') === false) { - saveToConfig('Plugins.GooglePrettify.LineNumbers', ''); - saveToConfig('Plugins.GooglePrettify.NoCssFile', ''); - saveToConfig('Plugins.GooglePrettify.UseTabby', ''); - saveToConfig('Plugins.GooglePrettify.Language', ''); - } - - // Add settings for the Recaptcha plugin - if(c('Recaptcha.PrivateKey') === false) { - saveToConfig('Recaptcha.PrivateKey', getenv('RECAPTCHA_PLUGIN_PRIVATE_KEY'), false); - saveToConfig('Recaptcha.PublicKey', getenv('RECAPTCHA_PLUGIN_PUBLIC_KEY'), false); - } - - // Fix: Add the 'topcoder' role type in Role Table. It should be removed after upgrading existing DB. - // The Topcoder plugin's setup method will upgrade DB during Vanilla installation - $SQL->query('alter table GDN_Role modify Type enum(\'topcoder\', \'guest\', \'unconfirmed\', \'applicant\', \'member\', \'moderator\', \'administrator\')'); - + // Only for update in future } \ No newline at end of file diff --git a/config/vanilla/config.php b/config/vanilla/config.php index f0fe9a8..dee04c0 100644 --- a/config/vanilla/config.php +++ b/config/vanilla/config.php @@ -1,19 +1,20 @@ 'utility/showtouchicon', @@ -90,8 +132,18 @@ 1 => 'Internal', ); $Configuration['Routes']['DefaultController'] = 'discussions'; +$Configuration['Routes']['XmZpbGVzdGFjaygvLiopPyQ='] = array ( + 0 => 'vanilla/filestack$1', + 1 => 'Internal', +); // Vanilla +$Configuration['Vanilla']['SSO']['Debug'] = true; +$Configuration['Vanilla']['Activity']['ShowDiscussionBody'] = true; +$Configuration['Vanilla']['EnableCategoryFollowing'] = true; $Configuration['Vanilla']['Version'] = '3.0'; -// Last edited by admin (172.26.0.1) 2020-09-03 13:16:33 \ No newline at end of file +// memcached +$Configuration['memcached']['Store'] = getenv('MEMCACHED_SERVER'); + +// Initial setup config \ No newline at end of file diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 674b70a..b360c27 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -7,6 +7,8 @@ services: - 3306:3306 env_file: - ./mysql.env + security_opt: + - seccomp:unconfined command: --default-authentication-plugin=mysql_native_password vanilla-forums: links: diff --git a/me.vanilla.env b/me.vanilla.env new file mode 100644 index 0000000..dfae400 --- /dev/null +++ b/me.vanilla.env @@ -0,0 +1,50 @@ +# MAIL SETTINGS +MAIL_FROM_NAME=obog-vanilla +MAIL_FROM_ADDRESS=o_bogdanova@inbox.ru +MAIL_SMTP_HOSTNAME=smtp.sendgrid.net +MAIL_SMTP_USERNAME=apikey +MAIL_SMTP_PASSWORD=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 +MAIL_SMTP_PORT=465 +MAIL_SMTP_SECURITY=ssl +MAIL_USE_SMTP=1 +# TOPCODER PLUGIN +TOPCODER_PLUGIN_BASE_API_URL=https://api.topcoder-dev.com +TOPCODER_PLUGIN_MEMBER_API_URI=/v3/members +TOPCODER_PLUGIN_ROLE_API_URI=/v3/roles +TOPCODER_PLUGIN_MEMBER_PROFILE_URL=https://www.topcoder.com/members +TOPCODER_PLUGIN_USE_AUTH_TOKEN=1 +# OAUTH2 SSO PLUGIN +TOPCODER_AUTH0_SECRET=yvaegnvYhFhWUwL3s0nObhZz76ZVYE4qVms3z75ngm3ubHu1ZmwyKStML7N_i9nE +TOPCODER_AUTH0_REGISTER_URL= +TOPCODER_AUTH0_SIGNIN_URL=https://topcoder-dev.auth0.com +TOPCODER_AUTH0_SIGNOUT_URL= +TOPCODER_AUTH0_PROFILE_URL=https://topcoder-dev.auth0.com/userinfo +TOPCODER_AUTH0_ASSOCIATION_KEY=Q9iRXM0QzGRidhcUK8MSTXxBRrmvrjA4 +TOPCODER_AUTH0_AUTHORIZE_URL=https://topcoder-dev.auth0.com/authorize +TOPCODER_AUTH0_TOKEN_URL=https://topcoder-dev.auth0.com/oauth/token +TOPCODER_AUTH0_ACCEPTED_SCOPE=openid email profile +TOPCODER_AUTH0_PROFILE_KEY_EMAIL=email +TOPCODER_AUTH0_PROFILE_KEY_PHOTO=picture +TOPCODER_AUTH0_PROFILE_KEY_NAME=nickname +TOPCODER_AUTH0_PROFILE_KEY_FULL_NAME=sub +TOPCODER_AUTH0_PROFILE_KEY_UNIQUE_ID= +TOPCODER_AUTH0_PROMPT=login +TOPCODER_AUTH0_BEARER_TOKEN=0 +TOPCODER_AUTH0_BASE_URL=https://topcoder-dev.auth0.com +# RECAPTCHA PLUGIN +RECAPTCHA_PLUGIN_PRIVATE_KEY= +RECAPTCHA_PLUGIN_PUBLIC_KEY= +#M2M TOKEN, internal SSO +AUTH0_AUDIENCE=https://m2m.topcoder-dev.com/ +AUTH0_CLIENT_ID=WtU9RZotPo8neafEZk2rSp7fHntaPNU4 +AUTH0_CLIENT_SECRET=ZCXOxBCW85W1Pk7wJMtDIt3nCXtz0u_EXQy5lp9LIiXUFVhkAfta6p1V2P9OWEiu +AUTH0_PROXY_SERVER_URL=https://auth0proxy.topcoder-dev.com/token +AUTH0_URL=https://topcoder-dev.auth0.com/oauth/token +AUTH0_SECRET=yvaegnvYhFhWUwL3s0nObhZz76ZVYE4qVms3z75ngm3ubHu1ZmwyKStML7N_i9nE +# MYSQL +MYSQL_HOST=mysql-local +MYSQL_DATABASE=vanilladb +MYSQL_ROOT_USER=root +MYSQL_ROOT_PASSWORD=root +#FILESTACK +FILESTACK_API_KEY=AtHqdUvWUTEuccpTvSTKaz \ No newline at end of file diff --git a/vanilla/applications/dashboard/models/class.rolemodel.php b/vanilla/applications/dashboard/models/class.rolemodel.php index 7908c2b..b39b164 100644 --- a/vanilla/applications/dashboard/models/class.rolemodel.php +++ b/vanilla/applications/dashboard/models/class.rolemodel.php @@ -45,14 +45,18 @@ class RoleModel extends Gdn_Model { 'Connect Manager' => [], 'Connect Account Manager' => [], 'Connect Copilot' => [ - 'Name' => ROLE_TOPCODER_CONNECT_COPILOT, - 'Type' => ROLE_TYPE_TOPCODER, - 'Garden.Uploads.Add' => 1 + 'Groups.Category.Manage' => 1, + 'Groups.Moderation.Manage' => 1, + 'Groups.EmailInvitations.Add' => 1 ], 'Connect Admin' => [ // all permissions ], - 'Connect Copilot Manager' => [], + 'Connect Copilot Manager' => [ + 'Groups.Category.Manage' => 1, + 'Groups.Moderation.Manage' => 1, + 'Groups.EmailInvitations.Add' => 1 + ], 'Business Development Representative' => [], 'Presales' => [], 'Account Executive' => [], @@ -63,11 +67,15 @@ class RoleModel extends Gdn_Model { ]; const TOPCODER_PROJECT_ROLES = [ - 'manager' => [], + 'manager' => [ + 'Groups.Category.Manage' => 1, + 'Groups.Moderation.Manage' => 1, + 'Groups.EmailInvitations.Add' => 1 + ], 'copilot' => [ - 'Name' => ROLE_TOPCODER_PROJECT_COPILOT, - 'Type' => ROLE_TYPE_TOPCODER, - 'Garden.Uploads.Add' => 1 + 'Groups.Category.Manage' => 1, + 'Groups.Moderation.Manage' => 1, + 'Groups.EmailInvitations.Add' => 1 ], 'customer' => [], 'observer'=> [], diff --git a/vanilla/applications/dashboard/settings/class.hooks.php b/vanilla/applications/dashboard/settings/class.hooks.php index 9ae898d..1eabced 100644 --- a/vanilla/applications/dashboard/settings/class.hooks.php +++ b/vanilla/applications/dashboard/settings/class.hooks.php @@ -912,52 +912,57 @@ public function updateModel_afterStructure_handler($sender) { if (!$hasPermissions) { PermissionModel::resetAllRoles(); - // TODO: refactor it - //create Topocder roles - $RoleModel = new RoleModel(); $PermissionModel = new PermissionModel(); // Configure default permission for Topcoder roles $allRoles = $RoleModel->getByType(RoleModel::TYPE_TOPCODER)->resultArray(); - foreach ($allRoles as $role) { - $allPermissions = $PermissionModel->getRolePermissions($role['RoleID']); - foreach ($allPermissions as $permission) { - $roleName = $role['Name']; - if (array_key_exists($roleName, RoleModel::TOPCODER_ROLES)) { - if ($roleName == RoleModel::ROLE_TOPCODER_CONNECT_ADMIN || $roleName == RoleModel::ROLE_TOPCODER_ADMINISTRATOR) { - foreach ($permission as $key => $value) { - if ($key != 'PermissionID' && $key != 'RoleID' && $key != 'JunctionTable' && $key != 'JunctionColumn' - && $key !== 'JunctionID') { - $permission[$key] = 1; - } - } - } else { - $globalRolePermissions = RoleModel::TOPCODER_ROLES[$roleName]; - foreach ($permission as $key => $value) { - if ($key != 'PermissionID' && $key != 'RoleID' && $key != 'JunctionTable' && $key != 'JunctionColumn' - && $key !== 'JunctionID') { - $permission[$key] = array_key_exists($key, $globalRolePermissions) ? $globalRolePermissions[$key] : $value; - } - } + $this->updateTopcoderRolePermissions($PermissionModel, $allRoles, RoleModel::TOPCODER_ROLES); + $this->updateTopcoderRolePermissions($PermissionModel, $allRoles, RoleModel::TOPCODER_PROJECT_ROLES); + $this->configureDefaultCategoryPermission($PermissionModel, $allRoles, RoleModel::TOPCODER_ROLES); + + } + } + private function configureDefaultCategoryPermission($PermissionModel, $allRoles) { + foreach ($allRoles as $role) { + $allPermissions = $PermissionModel->getRolePermissions($role['RoleID'], '', 'Category', 'PermissionCategoryID', -1); + foreach ($allPermissions as $permission) { + $roleName = $role['Name']; + if ($roleName == RoleModel::ROLE_TOPCODER_CONNECT_ADMIN || $roleName == RoleModel::ROLE_TOPCODER_ADMINISTRATOR) { + foreach ($permission as $key => $value) { + if ($key != 'PermissionID' && $key != 'RoleID' && $key != 'JunctionTable' && $key != 'JunctionColumn' + && $key !== 'JunctionID') { + $permission[$key] = 1; } $PermissionModel->save($permission); } } } - // Configure default category permission for Topcoder roles - foreach ($allRoles as $role) { - $allPermissions = $PermissionModel->getRolePermissions($role['RoleID'], '', 'Category', 'PermissionCategoryID', -1); - foreach ($allPermissions as $permission) { - $roleName = $role['Name']; + } + } + + private function updateTopcoderRolePermissions($PermissionModel, $allRoles, $topcoderRoles) { + foreach ($allRoles as $role) { + $allPermissions = $PermissionModel->getRolePermissions($role['RoleID']); + foreach ($allPermissions as $permission) { + $roleName = $role['Name']; + if (array_key_exists($roleName, $topcoderRoles)) { if ($roleName == RoleModel::ROLE_TOPCODER_CONNECT_ADMIN || $roleName == RoleModel::ROLE_TOPCODER_ADMINISTRATOR) { foreach ($permission as $key => $value) { if ($key != 'PermissionID' && $key != 'RoleID' && $key != 'JunctionTable' && $key != 'JunctionColumn' && $key !== 'JunctionID') { $permission[$key] = 1; } - $PermissionModel->save($permission); + } + } else { + $globalRolePermissions = $topcoderRoles[$roleName]; + foreach ($permission as $key => $value) { + if ($key != 'PermissionID' && $key != 'RoleID' && $key != 'JunctionTable' && $key != 'JunctionColumn' + && $key !== 'JunctionID') { + $permission[$key] = array_key_exists($key, $globalRolePermissions) ? $globalRolePermissions[$key] : $value; + } } } + $PermissionModel->save($permission); } } } From 341becda5f723b82b096557e8e68da34919edf6d Mon Sep 17 00:00:00 2001 From: Bogdanova Olga Date: Fri, 13 Nov 2020 11:37:36 +0300 Subject: [PATCH 2/4] Garden.Installed=true --- config/vanilla/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/vanilla/config.php b/config/vanilla/config.php index dee04c0..7708e85 100644 --- a/config/vanilla/config.php +++ b/config/vanilla/config.php @@ -1,6 +1,6 @@ Date: Fri, 13 Nov 2020 11:50:58 +0300 Subject: [PATCH 3/4] Fixed initial setup --- config/vanilla/config.php | 2 +- me.vanilla.env | 50 --------------------------------------- 2 files changed, 1 insertion(+), 51 deletions(-) delete mode 100644 me.vanilla.env diff --git a/config/vanilla/config.php b/config/vanilla/config.php index 7708e85..dee04c0 100644 --- a/config/vanilla/config.php +++ b/config/vanilla/config.php @@ -1,6 +1,6 @@ Date: Fri, 13 Nov 2020 11:52:50 +0300 Subject: [PATCH 4/4] Fixed initial setup --- config/vanilla/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/vanilla/config.php b/config/vanilla/config.php index dee04c0..7708e85 100644 --- a/config/vanilla/config.php +++ b/config/vanilla/config.php @@ -1,6 +1,6 @@