kp-forks · pull · Jan 13, 2025 · Jan 8, 2025 · Jan 13, 2025 · Jan 13, 2025
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -129,11 +129,6 @@ jobs:
             bim_support: false
             target: all-in-one
             runner: runner=4cpu-linux-arm64
-          - platform: linux/ppc64le
-            digest: ppc-aio
-            bim_support: false
-            target: all-in-one
-            runner: runner=4cpu-linux-x64
     steps:
       - name: Checkout
         with:

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -355,8 +355,8 @@ GEM
     awesome_nested_set (3.8.0)
       activerecord (>= 4.0.0, < 8.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.1031.0)
-    aws-sdk-core (3.214.1)
+    aws-partitions (1.1035.0)
+    aws-sdk-core (3.215.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
@@ -371,7 +371,7 @@ GEM
     aws-sdk-sns (1.92.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.10.1)
+    aws-sigv4 (1.11.0)
       aws-eventstream (~> 1, >= 1.0.2)
     axe-core-api (4.10.2)
       dumb_delegator
@@ -713,7 +713,7 @@ GEM
     launchy (3.0.1)
       addressable (~> 2.8)
       childprocess (~> 5.0)
-    lefthook (1.10.1)
+    lefthook (1.10.3)
     letter_opener (1.10.0)
       launchy (>= 2.2, < 4)
     letter_opener_web (3.0.0)
@@ -831,7 +831,7 @@ GEM
     optimist (3.2.0)
     os (1.1.4)
     ostruct (0.6.1)
-    ox (2.14.19)
+    ox (2.14.20)
       bigdecimal (>= 3.0)
     paper_trail (15.2.0)
       activerecord (>= 6.1)

diff --git a/app/models/queries/projects.rb b/app/models/queries/projects.rb
@@ -54,6 +54,7 @@ module Queries::Projects
     order Orders::LatestActivityAtOrder
     order Orders::RequiredDiskSpaceOrder
     order Orders::CustomFieldOrder
+    order Orders::LifeCycleStepOrder
     order Orders::ProjectStatusOrder
     order Orders::NameOrder
     order Orders::TypeaheadOrder

diff --git a/app/models/queries/projects/orders/life_cycle_step_order.rb b/app/models/queries/projects/orders/life_cycle_step_order.rb
@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+class Queries::Projects::Orders::LifeCycleStepOrder < Queries::Orders::Base
+  self.model = Project
+
+  validates :life_cycle_step_definition, presence: { message: I18n.t(:"activerecord.errors.messages.does_not_exist") }
+
+  def self.key
+    /\Alcsd_(\d+)\z/
+  end
+
+  def life_cycle_step_definition
+    return @life_cycle_step_definition if defined?(@life_cycle_step_definition)
+
+    @life_cycle_step_definition = Project::LifeCycleStepDefinition.find_by(id: attribute[/\Alcsd_(\d+)\z/, 1])
+  end
+
+  def available?
+    life_cycle_step_definition.present? &&
+      OpenProject::FeatureDecisions.stages_and_gates_active? &&
+      User.current.allowed_in_any_project?(:view_project_stages_and_gates)
+  end
+
+  private
+
+  def joins
+    join = <<~SQL.squish
+      LEFT JOIN (
+              SELECT steps.*, steps.definition_id as def_id
+              FROM project_life_cycle_steps steps
+              WHERE
+                steps.active = true
+                AND steps.definition_id = :definition_id
+                AND steps.project_id IN (#{viewable_project_ids.to_sql})
+            ) #{subquery_table_name} ON #{subquery_table_name}.project_id = projects.id
+    SQL
+
+    ActiveRecord::Base.sanitize_sql([join, { definition_id: life_cycle_step_definition.id }])
+  end
+
+  # Since we can combine multiple queries with their respective ORDER BY clauses, we need to make sure
+  # that the names of our tables are unique. It suffices to include the definition id into the name as there can only
+  # ever be one order statement per definition.
+  def subquery_table_name
+    definition_id = life_cycle_step_definition.id
+
+    :"life_cycle_steps_subquery_#{definition_id}"
+  end
+
+  def order(scope)
+    with_raise_on_invalid do
+      scope.where(order_condition)
+           .order(*order_by_start_and_end_date)
+    end
+  end
+
+  # Ensure that only life cycle columns viewable to the current user are considered
+  # for ordering the query result.
+  def viewable_project_ids
+    Project.allowed_to(User.current, :view_project_stages_and_gates).select(:id)
+  end
+
+  def order_condition
+    # To avoid SQL injection warnings, we use Arel to build the condition.
+    # Note that this SQL query uses the subquery defined in `joins`.
+    steps_table = Arel::Table.new(subquery_table_name.to_s)
+
+    # WHERE subquery_table_name.def_id = life_cycle_step_definition.id OR subquery_table_name.def_id IS NULL
+    steps_table[:def_id]
+      .eq(life_cycle_step_definition.id)
+      .or(steps_table[:def_id].eq(nil))
+  end
+
+  def order_by_start_and_end_date
+    steps_table = Arel::Table.new(subquery_table_name.to_s)
+
+    # Even though a gate does not define an end_date, this code still works.
+    [
+      steps_table[:start_date].send(direction),
+      steps_table[:end_date].send(direction)
+    ]
+  end
+end
diff --git a/db/migrate/migration_utils/permission_adder.rb b/db/migrate/migration_utils/permission_adder.rb
@@ -32,17 +32,24 @@ module PermissionAdder
       module_function
 
       def add(having, add)
-        Role
+        added_permission = OpenProject::AccessControl.permission(add)
+
+        role_scope = Role
           .joins(:role_permissions)
           .where(role_permissions: { permission: having.to_s })
           .references(:role_permissions)
-          .find_each do |role|
+
+        role_scope.find_each do |role|
           # Check if the add-permission already exists before adding
-          already_exists = RolePermission
-                             .exists?(role_id: role.id, permission: add.to_s)
-          unless already_exists
-            role.add_permission! add
-          end
+          next if RolePermission.exists?(role_id: role.id, permission: add.to_s)
+
+          # we cannot add permissions that require a member to a non-member role
+          next if added_permission.require_member? && role.builtin == Role::BUILTIN_NON_MEMBER
+
+          # we cannot add permissions that require a logged in user to an anonymous role
+          next if added_permission.require_loggedin? && role.builtin == Role::BUILTIN_ANONYMOUS
+
+          role.add_permission! add
         end
       end
     end

diff --git a/frontend/package-lock.json b/frontend/package-lock.json