mirror of
https://github.com/grocy/grocy.git
synced 2025-09-16 09:51:30 +00:00
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
cc1d1121d3 | ||
|
71c724ccdd | ||
|
|
6e710adb71 | ||
|
|
6e2b4b116e | ||
|
|
18724d836e |
1
changelog/57_2.6.2_2020-04-03.md
Normal file
1
changelog/57_2.6.2_2020-04-03.md
Normal file
@@ -0,0 +1 @@
|
||||
Security fix (see [#696](https://github.com/grocy/grocy/issues/696))
|
||||
28
changelog/58_UNRELEASED_2020-xx-xx.md
Normal file
28
changelog/58_UNRELEASED_2020-xx-xx.md
Normal file
@@ -0,0 +1,28 @@
|
||||
### New feature: Price history per store
|
||||
- Define stores under master data
|
||||
- New product option to set the default store
|
||||
- Track on purchase/inventory in which store you bought the product (gets prefilled by the last store you purchased the product, or the default store of the product if you never bought it)
|
||||
- => The price history chart on the product card shows a line per store
|
||||
- (Thanks @immae and @kriddles)
|
||||
|
||||
### Stock improvements
|
||||
- When creating a new product, the "QU id stock" is now preset by the "QU id purchase" (because most of the time that's most probably the same) (thanks @Mik-)
|
||||
|
||||
### Recipe fixes
|
||||
- Fixed a PHP notice on the recipes page when there are no recipes (thanks @mrunkel)
|
||||
|
||||
### Calendar fixes
|
||||
- Fixed that the "Share/Integrate calendar (iCal)" button did not work (thanks @tsia)
|
||||
|
||||
### API improvements
|
||||
- The endpoint `/stock/products/{productId}/locations` now also returns the current stock amount of the product in that loctation (new field/property `amount`) (thanks @Forceu)
|
||||
|
||||
### General & other improvements
|
||||
- New `config.php` setting `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_FIELD_NUMBER_PAD` which activates the number pad for best-before-date fields on (supported) mobile browsers (useful because of [shorthands](https://github.com/grocy/grocy#input-shorthands-for-date-fields)) (defaults to `true`) (thanks @Mik-)
|
||||
- Enhancements for the camera barcode scanner (thanks @Mik-)
|
||||
- The light button only displayed when the device has a flash light
|
||||
- New `config.php` setting `FEATURE_FLAG_AUTO_TORCH_ON_WITH_CAMERA` to always enable the flash light automatically
|
||||
- Various display/CSS improvements
|
||||
- Prerequisites (PHP extensions, critical files/folders) will now be checked and properly reported if there are problems (thanks @Forceu)
|
||||
- Improved the the overview pages on mobile devices (main column was hidden) (thanks @Mik-)
|
||||
- Optimized the handling of settings provided by `data/settingoverrides` files (thanks @dacto)
|
||||
@@ -4,6 +4,7 @@ namespace Grocy\Middleware;
|
||||
|
||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
||||
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
|
||||
use Psr\Http\Message\ResponseFactoryInterface;
|
||||
use Psr\Http\Message\ResponseInterface as Response;
|
||||
use Slim\Routing\RouteContext;
|
||||
|
||||
@@ -12,13 +13,15 @@ use Grocy\Services\LocalizationService;
|
||||
|
||||
class SessionAuthMiddleware extends BaseMiddleware
|
||||
{
|
||||
public function __construct(\DI\Container $container, string $sessionCookieName)
|
||||
public function __construct(\DI\Container $container, string $sessionCookieName, ResponseFactoryInterface $responseFactory)
|
||||
{
|
||||
parent::__construct($container);
|
||||
$this->SessionCookieName = $sessionCookieName;
|
||||
$this->ResponseFactory = $responseFactory;
|
||||
}
|
||||
|
||||
protected $SessionCookieName;
|
||||
protected $ResponseFactory;
|
||||
|
||||
public function __invoke(Request $request, RequestHandler $handler): Response
|
||||
{
|
||||
@@ -44,8 +47,8 @@ class SessionAuthMiddleware extends BaseMiddleware
|
||||
if ((!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName])) && $routeName !== 'login')
|
||||
{
|
||||
define('GROCY_AUTHENTICATED', false);
|
||||
$response = $handler->handle($request);
|
||||
$response = $response->withHeader('Location', $this->AppContainer->get('UrlManager')->ConstructUrl('/login'));
|
||||
$response = $this->ResponseFactory->createResponse();
|
||||
return $response->withHeader('Location', $this->AppContainer->get('UrlManager')->ConstructUrl('/login'));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -125,7 +125,7 @@ $app->group('', function(RouteCollectorProxy $group)
|
||||
$group->get('/api', '\Grocy\Controllers\OpenApiController:DocumentationUi');
|
||||
$group->get('/manageapikeys', '\Grocy\Controllers\OpenApiController:ApiKeysList');
|
||||
$group->get('/manageapikeys/new', '\Grocy\Controllers\OpenApiController:CreateNewApiKey');
|
||||
})->add(new SessionAuthMiddleware($container, $container->get('LoginControllerInstance')->GetSessionCookieName()));
|
||||
})->add(new SessionAuthMiddleware($container, $container->get('LoginControllerInstance')->GetSessionCookieName(), $app->getResponseFactory()));
|
||||
|
||||
$app->group('/api', function(RouteCollectorProxy $group)
|
||||
{
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{
|
||||
"Version": "2.6.1",
|
||||
"ReleaseDate": "2020-03-06"
|
||||
"Version": "2.6.2",
|
||||
"ReleaseDate": "2020-04-03"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user