From 442c0a9a00c2154f0b1d7a3d1c9143964c3cb569 Mon Sep 17 00:00:00 2001
From: Felix Hamann <felix.hamann@campus.lmu.de>
Date: Sun, 8 Jul 2018 18:37:57 +0200
Subject: [PATCH 01/12] show-hide-settings now persistant

---
 templates/standalone/showHide.julius | 50 ++++++++++++++++++----------
 templates/widgets/asidenav.hamlet    |  2 +-
 2 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/templates/standalone/showHide.julius b/templates/standalone/showHide.julius
index 40ae6b711..09b3c3e2e 100644
--- a/templates/standalone/showHide.julius
+++ b/templates/standalone/showHide.julius
@@ -8,29 +8,45 @@
 
 document.addEventListener('DOMContentLoaded', function() {
 
-  var elements = Array.from(document.querySelectorAll('.js-show-hide__toggle')),
-      toggles = [];
+  var LSNAME = 'SHOW_HIDE';
 
   function addEventHandler(el) {
     el.addEventListener('click', function elClickListener() {
-      var toggle = toggles[el.dataset.index];
-      toggle.collapsed = !toggle.collapsed;
-      toggle.parent.classList.toggle('js-show-hide--collapsed', toggle.collapsed);
+      var newState = el.parentElement.classList.toggle('js-show-hide--collapsed');
+      updateLSState(el.dataset.shIndex || null, newState);
     });
   }
 
-  elements.forEach(function(el, i) {
-    el.dataset.index = i;
-    var coll = el.dataset.collapsed === 'true';
-    if (coll) {
-      el.parentElement.classList.add('js-show-hide--collapsed')
+  function updateLSState(index, state) {
+    if (!index) {
+      return false;
     }
-    Array.from(el.parentElement.children).forEach(function(el) {
-      if (!el.classList.contains('js-show-hide__toggle')) {
-        el.classList.add('js-show-hide__target');
-      }
-    });
-    toggles.push({index: i, collapsed: coll, parent: el.parentElement});
-    addEventHandler(el);
+    var lsData = fromLocalStorage();
+    lsData[index] = state;
+    window.localStorage.setItem(LSNAME, JSON.stringify(lsData));
+  }
+
+  function collapsedStateInLocalStorage(index) {
+    return fromLocalStorage()[index] || null;
+  }
+
+  function fromLocalStorage() {
+    return JSON.parse(window.localStorage.getItem(LSNAME)) || {};
+  }
+
+  Array
+    .from(document.querySelectorAll('.js-show-hide__toggle'))
+    .forEach(function(el) {
+      var index = el.dataset.shIndex || null;
+      el.parentElement.classList.toggle(
+        'js-show-hide--collapsed',
+        collapsedStateInLocalStorage(index) || el.dataset.collapsed === 'true'
+      );
+      Array.from(el.parentElement.children).forEach(function(el) {
+        if (!el.classList.contains('js-show-hide__toggle')) {
+          el.classList.add('js-show-hide__target');
+        }
+      });
+      addEventHandler(el);
   });
 });
diff --git a/templates/widgets/asidenav.hamlet b/templates/widgets/asidenav.hamlet
index 0f4fff888..69ab002b3 100644
--- a/templates/widgets/asidenav.hamlet
+++ b/templates/widgets/asidenav.hamlet
@@ -3,7 +3,7 @@ $newline never
   <div .asidenav>
     $forall tid@TermIdentifier{..} <- favouriteTerms
       <div .asidenav__box>
-        <h3 .asidenav__box-title.js-show-hide__toggle>
+        <h3 .asidenav__box-title.js-show-hide__toggle data-sh-index="#{display season}-#{year}">
           $case season
             $of Winter
               _{MsgWinterTermShort year}

From a02e2cdc98807d019b40556e9450ca6551c00bc4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 8 Jul 2018 20:12:07 +0200
Subject: [PATCH 02/12] Prevent admins elevating rights to more schools by
 session-hijacking

---
 models               |  1 +
 src/Handler/Users.hs | 11 ++++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/models b/models
index 90b554663..909a72610 100644
--- a/models
+++ b/models
@@ -12,6 +12,7 @@ User json
 UserAdmin
     user   UserId
     school SchoolId
+    UniqueUserAdmin user school
 UserLecturer
     user   UserId
     school SchoolId
diff --git a/src/Handler/Users.hs b/src/Handler/Users.hs
index ba2ad0022..48010f33c 100644
--- a/src/Handler/Users.hs
+++ b/src/Handler/Users.hs
@@ -13,6 +13,7 @@ import Import
 import Handler.Utils
 
 import qualified Data.Map as Map
+import qualified Data.Set as Set
 
 import qualified Database.Esqueleto as E
 
@@ -95,7 +96,15 @@ postAdminHijackUserR cID = do
   case hijackRes of
     FormSuccess uid'
       | uid' == uid -> do
-          User{..} <- runDB $ get404 uid
+          myUid <- requireAuthId
+          User{..} <- runDB $ do
+            otherSchoolsAdmin <- Set.fromList . map (userAdminSchool . entityVal) <$> selectList [UserAdminUser ==. uid] []
+            otherSchoolsLecturer <- Set.fromList . map (userLecturerSchool . entityVal) <$> selectList [UserLecturerUser ==. uid] []
+            mySchools <- Set.fromList . map (userAdminSchool . entityVal) <$> selectList [UserAdminUser ==. myUid] []
+            when (not $ (otherSchoolsAdmin `Set.union` otherSchoolsLecturer) `Set.isSubsetOf` mySchools) $
+              permissionDenied "Cannot escalate admin status to additional schools"
+
+            get404 uid
           setCredsRedirect $ Creds "dummy" (userPlugin <> ":" <> userIdent) []
       | otherwise -> error "This should be impossible by definition of `hijackUserForm`"
     FormFailure errs -> toTypedContent <$> mapM_ (addMessage "error" . toHtml) errs

From 61404a4c0c52c15ff06534b145f6bd702bb2f3ad Mon Sep 17 00:00:00 2001
From: Felix Hamann <felix.hamann@campus.lmu.de>
Date: Sun, 8 Jul 2018 20:29:36 +0200
Subject: [PATCH 03/12] asidenav-cleanup and show-hide-classes

---
 templates/adminTest.hamlet        | 4 ++--
 templates/widgets/asidenav.hamlet | 4 ++--
 templates/widgets/asidenav.julius | 9 ---------
 3 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/templates/adminTest.hamlet b/templates/adminTest.hamlet
index 394729cd0..6afe2d43d 100644
--- a/templates/adminTest.hamlet
+++ b/templates/adminTest.hamlet
@@ -8,10 +8,10 @@
     Der Handler sollte jeweils aktuelle Beispiele für alle möglichen Funktionalitäten enthalten, so dass man immer weiß, wo man nachschlagen kann.
 
 
-<div .container>
+<div .container.js-show-hide>
   <h2 .js-show-hide__toggle>Teilweise funktionierende Abschnitte
 
-  <ul>
+  <ul .js-show-hide__target>
     <li .list-group-item>
       <a href=@{UsersR}>Benutzer Verwaltung
 
diff --git a/templates/widgets/asidenav.hamlet b/templates/widgets/asidenav.hamlet
index 69ab002b3..346b356f5 100644
--- a/templates/widgets/asidenav.hamlet
+++ b/templates/widgets/asidenav.hamlet
@@ -2,14 +2,14 @@ $newline never
 <aside .main__aside>
   <div .asidenav>
     $forall tid@TermIdentifier{..} <- favouriteTerms
-      <div .asidenav__box>
+      <div .asidenav__box.js-show-hide>
         <h3 .asidenav__box-title.js-show-hide__toggle data-sh-index="#{display season}-#{year}">
           $case season
             $of Winter
               _{MsgWinterTermShort year}
             $of Summer
               _{MsgSummerTermShort year}
-        <ul .asidenav__list>
+        <ul .asidenav__list.js-show-hide__target>
           $forall (Course{..}, courseRoute, pageActions) <- favouriteTerm tid
             <li .asidenav__list-item :highlight courseRoute:.asidenav__list-item--active>
               <a .asidenav__link-wrapper href=@{courseRoute}>
diff --git a/templates/widgets/asidenav.julius b/templates/widgets/asidenav.julius
index 18b55b952..772e1b455 100644
--- a/templates/widgets/asidenav.julius
+++ b/templates/widgets/asidenav.julius
@@ -19,15 +19,6 @@
 document.addEventListener('DOMContentLoaded', function() {
 
   var asidenavEl = document.querySelector('.main__aside');
-  var mainEl = document.querySelector('.main__content');
-
-  asidenavEl.style.height = `${mainEl.clientHeight + 75}px`;
-
-  window.addEventListener('resize', function() {
-    window.requestAnimationFrame(function() {
-      asidenavEl.style.height = `${mainEl.clientHeight + 75}px`;
-    });
-  });
 
   window.utils.aside(asidenavEl);
 

From cb5d0f4762fc0d9a0ba7d6f5e529d723bb77adc4 Mon Sep 17 00:00:00 2001
From: Felix Hamann <felix.hamann@campus.lmu.de>
Date: Sun, 8 Jul 2018 20:30:19 +0200
Subject: [PATCH 04/12] fix for invisible text in alerts

---
 templates/standalone/alerts.julius | 6 +++++-
 templates/standalone/alerts.lucius | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/templates/standalone/alerts.julius b/templates/standalone/alerts.julius
index 17fbb4109..94ecea104 100644
--- a/templates/standalone/alerts.julius
+++ b/templates/standalone/alerts.julius
@@ -11,7 +11,11 @@
       autoDecay = parseInt(dataDecay, 10);
     }
     closeEl.classList.add('alert__close');
-    closeEl.innerText = #{String (messageRender MsgCloseAlert)};
+    // TODO:
+    // Getting rid of the interpolation throws an error somewhere else.
+    // Help please!
+    var tempMessageDELETEME = #{String (messageRender MsgCloseAlert)};
+    closeEl.innerText = tempMessageDELETEME.substr(0, 0);
     closeEl.addEventListener('click', function(event) {
       alertEl.classList.add('alert--invisible');
     });
diff --git a/templates/standalone/alerts.lucius b/templates/standalone/alerts.lucius
index cef5ebdc9..356ccf723 100644
--- a/templates/standalone/alerts.lucius
+++ b/templates/standalone/alerts.lucius
@@ -72,6 +72,7 @@
 
   .alert {
     margin-left: 80px;
+    max-width: 420px;
   }
 }
 

From 4fe479f9f38fc70427fd34ddb3735de117bdba05 Mon Sep 17 00:00:00 2001
From: Felix Hamann <felix.hamann@campus.lmu.de>
Date: Sun, 8 Jul 2018 20:51:39 +0200
Subject: [PATCH 05/12] move HOME to the left in navbar

---
 src/Foundation.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Foundation.hs b/src/Foundation.hs
index 8f56b2117..16b1e5209 100644
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@@ -655,7 +655,7 @@ submissionList tid csh shn uid = E.select . E.from $ \(course `E.InnerJoin` shee
 
 defaultLinks :: [MenuTypes]
 defaultLinks = -- Define the menu items of the header.
-  [ NavbarRight $ MenuItem
+  [ NavbarAside $ MenuItem
       { menuItemLabel = "Home"
       , menuItemIcon = Just "home"
       , menuItemRoute = HomeR

From 9c6a4f86b9dac69b255b32805d5c3f600af69421 Mon Sep 17 00:00:00 2001
From: Felix Hamann <felix.hamann@campus.lmu.de>
Date: Sun, 8 Jul 2018 21:28:03 +0200
Subject: [PATCH 06/12] add class for comma-separated list

---
 templates/default-layout.lucius | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/templates/default-layout.lucius b/templates/default-layout.lucius
index 4c95fb25d..f415d343d 100644
--- a/templates/default-layout.lucius
+++ b/templates/default-layout.lucius
@@ -115,10 +115,6 @@ ul {
   list-style-type: none;
 }
 
-.list--inline > li {
-  display: inline-block;
-}
-
 h1, h2, h3, h4, h5 {
   font-weight: 600;
 }
@@ -422,6 +418,22 @@ input[type="button"].btn-info:hover,
   line-height: 25px;
 }
 
+/* LIST MODIFIERS */
+.list--inline > li {
+  display: inline-block;
+}
+
+.list--comma-separated > li {
+
+  &::after {
+    content: ', ';
+  }
+
+  &:last-of-type::after {
+    content: none;
+  }
+}
+
 /* DEFINITION LIST */
 .deflist {
   display: grid;

From 4b4847d551db124241b097aa2ab6f85f8e8b5fba Mon Sep 17 00:00:00 2001
From: Felix Hamann <felix.hamann@campus.lmu.de>
Date: Sun, 8 Jul 2018 21:28:40 +0200
Subject: [PATCH 07/12] get rid of now unneeded messageRenderer in
 defaultLayout

---
 src/Foundation.hs                  | 1 -
 templates/standalone/alerts.julius | 5 -----
 2 files changed, 6 deletions(-)

diff --git a/src/Foundation.hs b/src/Foundation.hs
index 16b1e5209..04656b02c 100644
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@@ -459,7 +459,6 @@ instance Yesod UniWorX where
     defaultLayout widget = do
         master <- getYesod
         mmsgs  <- getMessages
-        messageRender <- getMessageRender -- needed, since there is no i18n interpolation in Julius
 
         mcurrentRoute <- getCurrentRoute
 
diff --git a/templates/standalone/alerts.julius b/templates/standalone/alerts.julius
index 94ecea104..b3820f60a 100644
--- a/templates/standalone/alerts.julius
+++ b/templates/standalone/alerts.julius
@@ -11,11 +11,6 @@
       autoDecay = parseInt(dataDecay, 10);
     }
     closeEl.classList.add('alert__close');
-    // TODO:
-    // Getting rid of the interpolation throws an error somewhere else.
-    // Help please!
-    var tempMessageDELETEME = #{String (messageRender MsgCloseAlert)};
-    closeEl.innerText = tempMessageDELETEME.substr(0, 0);
     closeEl.addEventListener('click', function(event) {
       alertEl.classList.add('alert--invisible');
     });

From 7ba1c41843403122d9351b1055bc463c470c2001 Mon Sep 17 00:00:00 2001
From: Felix Hamann <felix.hamann@campus.lmu.de>
Date: Sun, 8 Jul 2018 21:35:31 +0200
Subject: [PATCH 08/12] fix for headline-spacings on breadcrumbs-less pages

---
 templates/default-layout.lucius | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/default-layout.lucius b/templates/default-layout.lucius
index f415d343d..8d24883c3 100644
--- a/templates/default-layout.lucius
+++ b/templates/default-layout.lucius
@@ -210,14 +210,14 @@ h4 {
 @media (max-width: 768px) {
 
   .main__content-body {
-    padding: 0 20px 60px;
+    padding: 30px 20px 60px;
   }
 }
 
 @media (max-width: 425px) {
 
   .main__content-body {
-    padding: 0 10px 60px;
+    padding: 20px 10px 60px;
   }
 }
 

From 4c86306bfd098ddf0ab16f7411bab83320985fee Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 8 Jul 2018 22:10:33 +0200
Subject: [PATCH 09/12] Fix NavBar-Highlighting

---
 src/Foundation.hs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Foundation.hs b/src/Foundation.hs
index 04656b02c..5a36a774e 100644
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@@ -493,9 +493,9 @@ instance Yesod UniWorX where
 
         let highlight :: Route UniWorX -> Bool -- highlight last route in breadcrumbs, favorites taking priority
             highlight = let crumbs = mcons mcurrentRoute $ fst <$> parents
-                            actFav = List.intersect (snd3 <$> favourites) crumbs
-                            highRs = if null actFav then crumbs else actFav
-                        in \r -> r `elem` highRs
+                            navItems = map snd3 favourites ++ map (menuItemRoute . menuItem) menuTypes
+                            highR  = find (`elem` navItems) . uncurry (++) $ partition (`elem` map snd3 favourites) crumbs
+                        in \r -> Just r == highR
             favouriteTerms :: [TermIdentifier]
             favouriteTerms = Set.toDescList $ foldMap (\(Course{..}, _, _) -> Set.singleton $ unTermKey courseTerm) favourites
             favouriteTerm :: TermIdentifier -> [(Course, Route UniWorX, [MenuTypes])]

From 71e57b767dc12ff93ff2f88ee7585c3cd9555382 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 8 Jul 2018 22:10:46 +0200
Subject: [PATCH 10/12] Use comma-separated in AdminUsersR

---
 src/Handler/Users.hs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Handler/Users.hs b/src/Handler/Users.hs
index 48010f33c..9d3965c57 100644
--- a/src/Handler/Users.hs
+++ b/src/Handler/Users.hs
@@ -42,7 +42,7 @@ getUsersR = do
                 E.orderBy [E.asc $ school E.^. SchoolShorthand]
                 return $ school E.^. SchoolShorthand
               return [whamlet|
-                  <ul>
+                  <ul .list--inline .list--comma-separated>
                     $forall (E.Value sh) <- schools
                       <li>#{sh}
                 |]
@@ -55,7 +55,7 @@ getUsersR = do
                 E.orderBy [E.asc $ school E.^. SchoolShorthand]
                 return $ school E.^. SchoolShorthand
               return [whamlet|
-                  <ul>
+                  <ul .list--inline .list--comma-separated>
                     $forall (E.Value sh) <- schools
                       <li>#{sh}
                 |]

From 4993c7994c25f7b74cf351de251992dbc58204c9 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 8 Jul 2018 22:31:11 +0200
Subject: [PATCH 11/12] Fix preference-order on parents

---
 src/Foundation.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Foundation.hs b/src/Foundation.hs
index 5a36a774e..8a307908b 100644
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@@ -492,7 +492,7 @@ instance Yesod UniWorX where
                in (c, courseRoute, ) <$> filterM (menuItemAccessCallback . menuItem) (pageActions courseRoute)
 
         let highlight :: Route UniWorX -> Bool -- highlight last route in breadcrumbs, favorites taking priority
-            highlight = let crumbs = mcons mcurrentRoute $ fst <$> parents
+            highlight = let crumbs = mcons mcurrentRoute $ fst <$> reverse parents
                             navItems = map snd3 favourites ++ map (menuItemRoute . menuItem) menuTypes
                             highR  = find (`elem` navItems) . uncurry (++) $ partition (`elem` map snd3 favourites) crumbs
                         in \r -> Just r == highR

From 0531502b7d3a669ec1297352491b05803e913da7 Mon Sep 17 00:00:00 2001
From: Felix Hamann <felix.hamann@campus.lmu.de>
Date: Sun, 8 Jul 2018 23:53:33 +0200
Subject: [PATCH 12/12] dynamic height of asidenav to avoid over-long bodies

---
 templates/widgets/asidenav.julius | 15 +++++++++++++++
 templates/widgets/asidenav.lucius |  7 +++++++
 2 files changed, 22 insertions(+)

diff --git a/templates/widgets/asidenav.julius b/templates/widgets/asidenav.julius
index 772e1b455..843f2eba9 100644
--- a/templates/widgets/asidenav.julius
+++ b/templates/widgets/asidenav.julius
@@ -19,6 +19,21 @@
 document.addEventListener('DOMContentLoaded', function() {
 
   var asidenavEl = document.querySelector('.main__aside');
+  var mainContentEl = document.querySelector('.main__content');
+
+  function adjustHeight() {
+    window.requestAnimationFrame(function() {
+      asidenavEl.style.height = mainContentEl.clientHeight + 'px';
+    });
+  }
+
+  // unbeknownst to the user (below the fold),  this happes slightly delayed
+  // because of dynamic changes to the styles inside the main__content
+  setTimeout(function() {
+    adjustHeight();
+  }, 10);
+
+  window.addEventListener('resize', adjustHeight);
 
   window.utils.aside(asidenavEl);
 
diff --git a/templates/widgets/asidenav.lucius b/templates/widgets/asidenav.lucius
index bd0f56872..781bd1742 100644
--- a/templates/widgets/asidenav.lucius
+++ b/templates/widgets/asidenav.lucius
@@ -16,6 +16,13 @@
   }
 }
 
+@media (max-width: 768px) {
+
+  .main__aside {
+    min-height: calc(100% - var(--header-height-collapsed));
+  }
+}
+
 @media (max-width: 425px) {
 
   .main__aside {