From 74ef5781e12e7d7c2e532634d80fc12e46a99bc4 Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Fri, 1 May 2026 14:34:03 +0200 Subject: [PATCH 1/2] fix: re-apply JSONResponse swap, blank-line nit, apexcharts license MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Three small fixes to clear the failing checks on PR #87 (release development → beta). DashboardShareApiController — re-apply the DataResponse → JSONResponse swap from #79. PR #80 (security) was opened from a base before #79 landed; when #80 merged, its diff base contained the old DataResponse code, silently reverting the swap. Brings the 21 phpstan errors in this controller back to zero, same as the already-merged #79 fix. AdminTemplateService:328 — collapse a stray double blank line after pickFirstMatch() into a single blank line. Single phpcs error introduced by #79's generateUuid() addition (added \n\n between methods instead of \n). .license-overrides.json — add apexcharts@5.10.6. license-checker flags it as `Custom: https://apexcharts.com/media/apexcharts-logo.png` because it picks up a stray HTTP URL from the package's README; the actual project is MIT-licensed (LICENSE file in the repo). It arrives as a transitive dep through @conduction/nextcloud-vue, so this is a generic fix not tied to any one feature. NOT included: the eslint Nc* import/named errors. Those are blocked on nextcloud-vue cutting a release from development (PR #102 merged into ncvue/development, not yet propagated to ncvue/main where semantic-release publishes from). Verified locally: - composer phpstan → [OK] No errors (was 21) - composer phpcs → clean (was 1) - composer test:unit → 354/354 --- .license-overrides.json | 3 +- .../DashboardShareApiController.php | 64 +++++++++---------- lib/Service/AdminTemplateService.php | 1 - 3 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.license-overrides.json b/.license-overrides.json index 397dae22..e7d10fde 100644 --- a/.license-overrides.json +++ b/.license-overrides.json @@ -1,3 +1,4 @@ { - "mydash": "Own package - EUPL-1.2 licensed — approved 2026-03-15" + "mydash": "Own package - EUPL-1.2 licensed — approved 2026-03-15", + "apexcharts@5.10.6": "MIT — license-checker misreports as 'Custom: …apexcharts-logo.png' from a stray HTTP URL in the package's README. Upstream project is MIT-licensed (https://github.com/apexcharts/apexcharts.js/blob/main/LICENSE). Approved 2026-05-01." } diff --git a/lib/Controller/DashboardShareApiController.php b/lib/Controller/DashboardShareApiController.php index 83f6bfcf..07d7e0e1 100644 --- a/lib/Controller/DashboardShareApiController.php +++ b/lib/Controller/DashboardShareApiController.php @@ -31,7 +31,7 @@ use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\NoAdminRequired; -use OCP\AppFramework\Http\DataResponse; +use OCP\AppFramework\Http\JSONResponse; use OCP\IRequest; /** @@ -65,13 +65,13 @@ public function __construct( * * @param int $id The dashboard ID. * - * @return DataResponse The list of shares. + * @return JSONResponse The list of shares. */ #[NoAdminRequired] - public function index(int $id): DataResponse + public function index(int $id): JSONResponse { if ($this->userId === null) { - return new DataResponse( + return new JSONResponse( data: ['error' => 'Not logged in'], statusCode: Http::STATUS_UNAUTHORIZED ); @@ -86,15 +86,15 @@ public function index(int $id): DataResponse callback: static fn($s) => $s->jsonSerialize(), array: $shares ); - return new DataResponse(data: $serialized); + return new JSONResponse(data: $serialized); } catch (DoesNotExistException) { - return new DataResponse( + return new JSONResponse( data: ['error' => 'Dashboard not found'], statusCode: Http::STATUS_NOT_FOUND ); } catch (Exception) { // ADR-005: do not leak raw exception messages to clients. - return new DataResponse( + return new JSONResponse( data: ['error' => 'Forbidden'], statusCode: Http::STATUS_FORBIDDEN ); @@ -109,7 +109,7 @@ public function index(int $id): DataResponse * @param string|null $shareWith The recipient. * @param string|null $permissionLevel The permission level. * - * @return DataResponse The created/updated share. + * @return JSONResponse The created/updated share. */ #[NoAdminRequired] public function create( @@ -117,9 +117,9 @@ public function create( ?string $shareType=null, ?string $shareWith=null, ?string $permissionLevel=null - ): DataResponse { + ): JSONResponse { if ($this->userId === null) { - return new DataResponse( + return new JSONResponse( data: ['error' => 'Not logged in'], statusCode: Http::STATUS_UNAUTHORIZED ); @@ -133,24 +133,24 @@ public function create( permissionLevel: (string) $permissionLevel, callerId: $this->userId ); - return new DataResponse( + return new JSONResponse( data: $share->jsonSerialize(), statusCode: Http::STATUS_CREATED ); } catch (InvalidArgumentException) { // ADR-005: do not leak raw exception messages to clients. - return new DataResponse( + return new JSONResponse( data: ['error' => 'Invalid request'], statusCode: Http::STATUS_BAD_REQUEST ); } catch (DoesNotExistException) { - return new DataResponse( + return new JSONResponse( data: ['error' => 'Dashboard not found'], statusCode: Http::STATUS_NOT_FOUND ); } catch (Exception) { // ADR-005: do not leak raw exception messages to clients. - return new DataResponse( + return new JSONResponse( data: ['error' => 'Forbidden'], statusCode: Http::STATUS_FORBIDDEN ); @@ -162,13 +162,13 @@ public function create( * * @param int $shareId The share ID. * - * @return DataResponse Empty 204 on success. + * @return JSONResponse Empty 204 on success. */ #[NoAdminRequired] - public function destroy(int $shareId): DataResponse + public function destroy(int $shareId): JSONResponse { if ($this->userId === null) { - return new DataResponse( + return new JSONResponse( data: ['error' => 'Not logged in'], statusCode: Http::STATUS_UNAUTHORIZED ); @@ -179,15 +179,15 @@ public function destroy(int $shareId): DataResponse shareId: $shareId, callerId: $this->userId ); - return new DataResponse(data: [], statusCode: Http::STATUS_NO_CONTENT); + return new JSONResponse(data: [], statusCode: Http::STATUS_NO_CONTENT); } catch (DoesNotExistException) { - return new DataResponse( + return new JSONResponse( data: ['error' => 'Share not found'], statusCode: Http::STATUS_NOT_FOUND ); } catch (Exception) { // ADR-005: do not leak raw exception messages to clients. - return new DataResponse( + return new JSONResponse( data: ['error' => 'Forbidden'], statusCode: Http::STATUS_FORBIDDEN ); @@ -200,13 +200,13 @@ public function destroy(int $shareId): DataResponse * @param int $id The dashboard ID. * @param array|null $shares The new share list. * - * @return DataResponse The new full share list. + * @return JSONResponse The new full share list. */ #[NoAdminRequired] - public function replace(int $id, ?array $shares=null): DataResponse + public function replace(int $id, ?array $shares=null): JSONResponse { if ($this->userId === null) { - return new DataResponse( + return new JSONResponse( data: ['error' => 'Not logged in'], statusCode: Http::STATUS_UNAUTHORIZED ); @@ -226,21 +226,21 @@ public function replace(int $id, ?array $shares=null): DataResponse callback: static fn($s) => $s->jsonSerialize(), array: $newShares ); - return new DataResponse(data: $serialized); + return new JSONResponse(data: $serialized); } catch (InvalidArgumentException) { // ADR-005: do not leak raw exception messages to clients. - return new DataResponse( + return new JSONResponse( data: ['error' => 'Invalid request'], statusCode: Http::STATUS_BAD_REQUEST ); } catch (DoesNotExistException) { - return new DataResponse( + return new JSONResponse( data: ['error' => 'Dashboard not found'], statusCode: Http::STATUS_NOT_FOUND ); } catch (Exception) { // ADR-005: do not leak raw exception messages to clients. - return new DataResponse( + return new JSONResponse( data: ['error' => 'Forbidden'], statusCode: Http::STATUS_FORBIDDEN ); @@ -254,15 +254,15 @@ public function replace(int $id, ?array $shares=null): DataResponse * @param string $shareType The share type. * @param string $shareWith The recipient user/group ID. * - * @return DataResponse The count of deleted rows. + * @return JSONResponse The count of deleted rows. */ #[NoAdminRequired] public function revokeForRecipient( string $shareType, string $shareWith - ): DataResponse { + ): JSONResponse { if ($this->userId === null) { - return new DataResponse( + return new JSONResponse( data: ['error' => 'Not logged in'], statusCode: Http::STATUS_UNAUTHORIZED ); @@ -274,10 +274,10 @@ public function revokeForRecipient( shareWith: $shareWith, callerId: $this->userId ); - return new DataResponse(data: ['deleted' => $count]); + return new JSONResponse(data: ['deleted' => $count]); } catch (InvalidArgumentException) { // ADR-005: do not leak raw exception messages to clients. - return new DataResponse( + return new JSONResponse( data: ['error' => 'Invalid request'], statusCode: Http::STATUS_BAD_REQUEST ); diff --git a/lib/Service/AdminTemplateService.php b/lib/Service/AdminTemplateService.php index d8868a5e..e9e3adf8 100644 --- a/lib/Service/AdminTemplateService.php +++ b/lib/Service/AdminTemplateService.php @@ -327,7 +327,6 @@ public static function pickFirstMatch( return null; }//end pickFirstMatch() - /** * Generate a UUID v4. * From 8c15a6b0956fc9337700770166e310f3d8c654e9 Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Fri, 1 May 2026 14:48:26 +0200 Subject: [PATCH 2/2] fix(license): use bare 'apexcharts' key (script strips @version before lookup) --- .license-overrides.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.license-overrides.json b/.license-overrides.json index e7d10fde..f1f9d4e5 100644 --- a/.license-overrides.json +++ b/.license-overrides.json @@ -1,4 +1,4 @@ { "mydash": "Own package - EUPL-1.2 licensed — approved 2026-03-15", - "apexcharts@5.10.6": "MIT — license-checker misreports as 'Custom: …apexcharts-logo.png' from a stray HTTP URL in the package's README. Upstream project is MIT-licensed (https://github.com/apexcharts/apexcharts.js/blob/main/LICENSE). Approved 2026-05-01." + "apexcharts": "MIT — license-checker misreports as 'Custom: …apexcharts-logo.png' from a stray HTTP URL in the package's README. Upstream project is MIT-licensed (https://github.com/apexcharts/apexcharts.js/blob/main/LICENSE). Approved 2026-05-01." }