From 17cca83e5c6f227b6fa924e391a0d590eefae8a8 Mon Sep 17 00:00:00 2001
From: Elio Schmutz <e.schmutz@4teamwork.ch>
Date: Wed, 26 Feb 2020 13:45:00 +0100
Subject: [PATCH 1/2] Restrict `geverui` cookie to admin unit

---
 docs/HISTORY.txt                                   |  1 +
 opengever/base/browser/resources/base.js           |  3 ++-
 opengever/base/browser/resources/js_cookie.min.js  |  2 ++
 opengever/core/profiles/default/jsregistry.xml     | 11 +++++++++++
 .../20200226132815_add_js_cookie/__init__.py       |  0
 .../20200226132815_add_js_cookie/jsregistry.xml    | 14 ++++++++++++++
 .../20200226132815_add_js_cookie/upgrade.py        |  9 +++++++++
 7 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 opengever/base/browser/resources/js_cookie.min.js
 create mode 100644 opengever/core/upgrades/20200226132815_add_js_cookie/__init__.py
 create mode 100644 opengever/core/upgrades/20200226132815_add_js_cookie/jsregistry.xml
 create mode 100644 opengever/core/upgrades/20200226132815_add_js_cookie/upgrade.py

diff --git a/docs/HISTORY.txt b/docs/HISTORY.txt
index 89ce2dee1d1..b0d02e5017e 100644
--- a/docs/HISTORY.txt
+++ b/docs/HISTORY.txt
@@ -4,6 +4,7 @@ Changelog
 2020.2.0rc1 (unreleased)
 ------------------------
 
+- Restrict `geverui` cookie to admin unit. [elioschmutz]
 - Extend the opengever deployment directive with workspace roles. [elioschmutz]
 - Set seen_tours for all users in test fixture. [njohner]
 
diff --git a/opengever/base/browser/resources/base.js b/opengever/base/browser/resources/base.js
index f7ea2d85d19..bcac5633063 100644
--- a/opengever/base/browser/resources/base.js
+++ b/opengever/base/browser/resources/base.js
@@ -45,6 +45,7 @@ $(document).delegate('body', 'tabbedview.unknownresponse', function(event, overv
  * to the new gever-ui.
  */
 function switchUI(){
-  createCookie('geverui', '1');
+  var pathname = new URL($('body').data('portal-url')).pathname;
+  Cookies.set('geverui', '1', {path: pathname});
   window.location.reload(true);
 }
diff --git a/opengever/base/browser/resources/js_cookie.min.js b/opengever/base/browser/resources/js_cookie.min.js
new file mode 100644
index 00000000000..5bb95440202
--- /dev/null
+++ b/opengever/base/browser/resources/js_cookie.min.js
@@ -0,0 +1,2 @@
+// V2.2.1 - https://github.com/js-cookie/js-cookie
+!function(e){var n;if("function"==typeof define&&define.amd&&(define(e),n=!0),"object"==typeof exports&&(module.exports=e(),n=!0),!n){var t=window.Cookies,o=window.Cookies=e();o.noConflict=function(){return window.Cookies=t,o}}}(function(){function f(){for(var e=0,n={};e<arguments.length;e++){var t=arguments[e];for(var o in t)n[o]=t[o]}return n}function a(e){return e.replace(/(%[0-9A-Z]{2})+/g,decodeURIComponent)}return function e(u){function c(){}function t(e,n,t){if("undefined"!=typeof document){"number"==typeof(t=f({path:"/"},c.defaults,t)).expires&&(t.expires=new Date(1*new Date+864e5*t.expires)),t.expires=t.expires?t.expires.toUTCString():"";try{var o=JSON.stringify(n);/^[\{\[]/.test(o)&&(n=o)}catch(e){}n=u.write?u.write(n,e):encodeURIComponent(String(n)).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g,decodeURIComponent),e=encodeURIComponent(String(e)).replace(/%(23|24|26|2B|5E|60|7C)/g,decodeURIComponent).replace(/[\(\)]/g,escape);var r="";for(var i in t)t[i]&&(r+="; "+i,!0!==t[i]&&(r+="="+t[i].split(";")[0]));return document.cookie=e+"="+n+r}}function n(e,n){if("undefined"!=typeof document){for(var t={},o=document.cookie?document.cookie.split("; "):[],r=0;r<o.length;r++){var i=o[r].split("="),c=i.slice(1).join("=");n||'"'!==c.charAt(0)||(c=c.slice(1,-1));try{var f=a(i[0]);if(c=(u.read||u)(c,f)||a(c),n)try{c=JSON.parse(c)}catch(e){}if(t[f]=c,e===f)break}catch(e){}}return e?t[e]:t}}return c.set=t,c.get=function(e){return n(e,!1)},c.getJSON=function(e){return n(e,!0)},c.remove=function(e,n){t(e,"",f(n,{expires:-1}))},c.defaults={},c.withConverter=e,c}(function(){})});
diff --git a/opengever/core/profiles/default/jsregistry.xml b/opengever/core/profiles/default/jsregistry.xml
index 836153d4f0d..b3cc8568790 100644
--- a/opengever/core/profiles/default/jsregistry.xml
+++ b/opengever/core/profiles/default/jsregistry.xml
@@ -54,6 +54,17 @@
       insert-after="++resource++datetimepicker/js/datetimepicker_widget.js"
       />
 
+  <javascript
+      cacheable="True"
+      compression="none"
+      cookable="True"
+      expression=""
+      enabled="True"
+      id="++resource++opengever.base/js_cookie.min.js"
+      inline="False"
+      insert-before="*"
+      />
+
   <javascript
       cacheable="True"
       compression="none"
diff --git a/opengever/core/upgrades/20200226132815_add_js_cookie/__init__.py b/opengever/core/upgrades/20200226132815_add_js_cookie/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/opengever/core/upgrades/20200226132815_add_js_cookie/jsregistry.xml b/opengever/core/upgrades/20200226132815_add_js_cookie/jsregistry.xml
new file mode 100644
index 00000000000..d309fec531e
--- /dev/null
+++ b/opengever/core/upgrades/20200226132815_add_js_cookie/jsregistry.xml
@@ -0,0 +1,14 @@
+<object name="portal_javascripts" meta_type="JavaScripts Registry">
+
+  <javascript
+      cacheable="True"
+      compression="none"
+      cookable="True"
+      expression=""
+      enabled="True"
+      id="++resource++opengever.base/js_cookie.min.js"
+      inline="False"
+      insert-before="*"
+      />
+
+</object>
diff --git a/opengever/core/upgrades/20200226132815_add_js_cookie/upgrade.py b/opengever/core/upgrades/20200226132815_add_js_cookie/upgrade.py
new file mode 100644
index 00000000000..67bfbf2fe6f
--- /dev/null
+++ b/opengever/core/upgrades/20200226132815_add_js_cookie/upgrade.py
@@ -0,0 +1,9 @@
+from ftw.upgrade import UpgradeStep
+
+
+class AddJSCookie(UpgradeStep):
+    """Add js cookie.
+    """
+
+    def __call__(self):
+        self.install_upgrade_profile()

From 53e15de354d6441d1bc97ce8e6777a3983930d04 Mon Sep 17 00:00:00 2001
From: Elio Schmutz <e.schmutz@4teamwork.ch>
Date: Wed, 26 Feb 2020 14:18:28 +0100
Subject: [PATCH 2/2] Let the geverui expire in one year instead on session end

---
 opengever/base/browser/resources/base.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opengever/base/browser/resources/base.js b/opengever/base/browser/resources/base.js
index bcac5633063..894d13aae71 100644
--- a/opengever/base/browser/resources/base.js
+++ b/opengever/base/browser/resources/base.js
@@ -46,6 +46,6 @@ $(document).delegate('body', 'tabbedview.unknownresponse', function(event, overv
  */
 function switchUI(){
   var pathname = new URL($('body').data('portal-url')).pathname;
-  Cookies.set('geverui', '1', {path: pathname});
+  Cookies.set('geverui', '1', {path: pathname, expires: 365});
   window.location.reload(true);
 }