From 5f2a862bc8a419ec0c9c55ccf0e080ee6250058b Mon Sep 17 00:00:00 2001 From: Ludovic Marcotte Date: Wed, 4 May 2016 14:15:18 -0400 Subject: [PATCH] (fix) XSRF supprot for all contact operations --- UI/Contacts/UIxContactFolderActions.m | 3 ++- .../ContactsUI/UIxContactFoldersView.wox | 6 +++--- .../ContactsUI/UIxContactViewTemplate.wox | 2 +- .../js/Contacts/AddressBook.service.js | 17 +++++++++++++++++ .../js/Contacts/AddressBookController.js | 7 ------- .../js/Contacts/AddressBooksController.js | 5 ----- .../js/Contacts/Card.service.js | 14 ++++++++++++++ .../js/Contacts/CardController.js | 5 ----- 8 files changed, 37 insertions(+), 22 deletions(-) diff --git a/UI/Contacts/UIxContactFolderActions.m b/UI/Contacts/UIxContactFolderActions.m index 09b27a29f..972357b9c 100644 --- a/UI/Contacts/UIxContactFolderActions.m +++ b/UI/Contacts/UIxContactFolderActions.m @@ -69,7 +69,8 @@ content = [NSMutableString string]; request = [context request]; sourceFolder = [self clientObject]; - contactsId = [request formValuesForKey: @"uid"]; + contactsId = [[[[context request] contentAsString] objectFromJSONString] objectForKey: @"uids"]; + if (!contactsId) contactsId = [sourceFolder toOneRelationshipKeys]; diff --git a/UI/Templates/ContactsUI/UIxContactFoldersView.wox b/UI/Templates/ContactsUI/UIxContactFoldersView.wox index 53d92ff7f..652d24684 100644 --- a/UI/Templates/ContactsUI/UIxContactFoldersView.wox +++ b/UI/Templates/ContactsUI/UIxContactFoldersView.wox @@ -9,7 +9,7 @@ className="UIxPageFrame" title="title" const:userDefaultsKeys="SOGoContactsCategories" - const:jsFiles="vendor/ckeditor/ckeditor.js, vendor/ckeditor/ck.js, Common.js, Preferences.services.js, Mailer.services.js, Contacts.js, Contacts.services.js, vendor/angular-file-upload.min.js"> + const:jsFiles="vendor/ckeditor/ckeditor.js, vendor/ckeditor/ck.js, Common.js, Preferences.services.js, Mailer.services.js, Contacts.js, Contacts.services.js, vendor/angular-file-upload.min.js, vendor/FileSaver.min.js"> @@ -96,7 +96,7 @@ - + @@ -353,7 +353,7 @@ - + diff --git a/UI/Templates/ContactsUI/UIxContactViewTemplate.wox b/UI/Templates/ContactsUI/UIxContactViewTemplate.wox index 09f396095..fc2a50ff1 100644 --- a/UI/Templates/ContactsUI/UIxContactViewTemplate.wox +++ b/UI/Templates/ContactsUI/UIxContactViewTemplate.wox @@ -36,7 +36,7 @@ + ng-click="editor.card.export()"> diff --git a/UI/WebServerResources/js/Contacts/AddressBook.service.js b/UI/WebServerResources/js/Contacts/AddressBook.service.js index 18c011f0d..c7eab1dc3 100644 --- a/UI/WebServerResources/js/Contacts/AddressBook.service.js +++ b/UI/WebServerResources/js/Contacts/AddressBook.service.js @@ -632,6 +632,23 @@ }); }; + /** + * @function $exportCards + * @memberof AddressBook.prototype + * @desc Export the selected/all cards + * @returns a promise of the HTTP operation + */ + AddressBook.prototype.exportCards = function(selectedOnly) { + var selectedUIDs; + + if (selectedOnly) { + var selectedCards = _.filter(this.$cards, function(card) { return card.selected; }); + selectedUIDs = _.map(selectedCards, 'id'); + } + + return AddressBook.$$resource.download(this.id, 'export', (angular.isDefined(selectedUIDs) ? {uids: selectedUIDs} : null), {type: 'application/octet-stream'}); + }; + /** * @function $unwrap * @memberof AddressBook.prototype diff --git a/UI/WebServerResources/js/Contacts/AddressBookController.js b/UI/WebServerResources/js/Contacts/AddressBookController.js index 9440c480a..09da37ec9 100644 --- a/UI/WebServerResources/js/Contacts/AddressBookController.js +++ b/UI/WebServerResources/js/Contacts/AddressBookController.js @@ -20,7 +20,6 @@ vm.notSelectedComponent = notSelectedComponent; vm.unselectCards = unselectCards; vm.confirmDeleteSelectedCards = confirmDeleteSelectedCards; - vm.saveSelectedCards = saveSelectedCards; vm.copySelectedCards = copySelectedCards; vm.selectAll = selectAll; vm.sort = sort; @@ -103,12 +102,6 @@ }); } - function saveSelectedCards() { - var selectedCards = _.filter(vm.selectedFolder.$cards, function(card) { return card.selected; }); - var selectedUIDs = _.map(selectedCards, 'id'); - $window.location.href = ApplicationBaseURL + '/' + vm.selectedFolder.id + '/export?uid=' + selectedUIDs.join('&uid='); - } - function copySelectedCards(folder) { var selectedCards = _.filter(vm.selectedFolder.$cards, function(card) { return card.selected; }); vm.selectedFolder.$copyCards(selectedCards, folder).then(function() { diff --git a/UI/WebServerResources/js/Contacts/AddressBooksController.js b/UI/WebServerResources/js/Contacts/AddressBooksController.js index f748ac380..1831b74ee 100644 --- a/UI/WebServerResources/js/Contacts/AddressBooksController.js +++ b/UI/WebServerResources/js/Contacts/AddressBooksController.js @@ -19,7 +19,6 @@ vm.save = save; vm.confirmDelete = confirmDelete; vm.importCards = importCards; - vm.exportCards = exportCards; vm.showLinks = showLinks; vm.showProperties = showProperties; vm.share = share; @@ -203,10 +202,6 @@ } } - function exportCards() { - $window.location.href = ApplicationBaseURL + '/' + vm.service.selectedFolder.id + '/exportFolder'; - } - function showLinks(addressbook) { $mdDialog.show({ parent: angular.element(document.body), diff --git a/UI/WebServerResources/js/Contacts/Card.service.js b/UI/WebServerResources/js/Contacts/Card.service.js index 9df4605e2..b3b5b951d 100644 --- a/UI/WebServerResources/js/Contacts/Card.service.js +++ b/UI/WebServerResources/js/Contacts/Card.service.js @@ -202,6 +202,20 @@ } }; + /** + * @function export + * @memberof Card.prototype + * @desc Download the current card + * @returns a promise of the HTTP operation + */ + Card.prototype.export = function() { + var selectedIDs; + + selectedIDs = [ this.id ]; + + return Card.$$resource.download(this.pid, 'export', {uids: selectedIDs}, {type: 'application/octet-stream'}); + }; + Card.prototype.$fullname = function() { var fn = this.c_cn || '', names; if (fn.length === 0) { diff --git a/UI/WebServerResources/js/Contacts/CardController.js b/UI/WebServerResources/js/Contacts/CardController.js index ce32efeb1..679f2f36a 100644 --- a/UI/WebServerResources/js/Contacts/CardController.js +++ b/UI/WebServerResources/js/Contacts/CardController.js @@ -34,7 +34,6 @@ vm.reset = reset; vm.cancel = cancel; vm.confirmDelete = confirmDelete; - vm.exportCard = exportCard; vm.toggleRawSource = toggleRawSource; vm.showRawSource = false; @@ -133,10 +132,6 @@ }); } - function exportCard() { - $window.location.href = ApplicationBaseURL + '/' + vm.currentFolder.id + '/export?uid=' + vm.card.id; - } - function toggleRawSource($event) { if (!vm.showRawSource && !vm.rawSource) { Card.$$resource.post(vm.currentFolder.id + '/' + vm.card.id, "raw").then(function(data) {