Dan Brown
09c2814dc7
Added role based MFA control
...
- Added new DB column for control and role updated create/update actions.
- Created new middleware as a start to actual enforcement logic.
- Added indicator to role list of whether MFA is enforced.
2021-07-03 13:34:48 +01:00
Dan Brown
934a833818
Apply fixes from StyleCI
2021-06-26 15:23:15 +00:00
Dan Brown
bbfb330b92
Added check of owner field for manage-permissions-own
...
This permission was still checking based on created-by.
Updated testing to specifically check the owner since the tests
were passing by the fact of matching creator and owner.
Fixes #2445
2021-01-04 18:07:39 +00:00
Dan Brown
4c580d1571
Added owners to entity creation and updated tests
2020-12-30 22:18:28 +00:00
Dan Brown
ef1b98019a
Fixed some mis-refactoring and split search service
...
Search service broken into index and runner tools.
2020-11-22 00:17:45 +00:00
Dan Brown
da37700ac2
Implemented user, api_tokem & role activity logging
...
Also refactored some role content, primarily updating the permission
controller to be RoleController since it only dealt with roles.
2020-11-20 18:53:01 +00:00
Dan Brown
5f1ee5fb0e
Removed role 'name' field from database
...
The 'name' field was really redundant and caused confusion in the
codebase, since the 'Display' name is often used and we have a
'system_name' for the admin and public role.
This fixes #2032 , Where external auth group matching has confusing
behaviour as matching was done against the display_name, if no
external_auth field is set, but only roles with a match 'name' field
would be considered.
This also fixes and error where the role users migration, on role
delete, would not actually fire due to mis-matching http body keys.
Looks like this has been an issue from the start. Added some testing to
cover. Fixes #2211 .
Also converted phpdoc to typehints in many areas of the reviewed code
during the above.
2020-08-04 14:55:01 +01:00
Dan Brown
a9f02550f0
Removed joint_permissions auto_increment id
...
Removed auto_incrementing id and set a primary key of the [role_id,
entity_type, entity_id, action] instead since this table could recieve a
lot of activity, especially when permission regeneration was automated,
leading to very high auto_increment counts which could max out the
integer limit.
Also updated some RolesTest comment endpoints to align with
recent route changes.
Should fix #2091
2020-08-04 13:02:31 +01:00
Dan Brown
f84bf8e883
Updated test files to be PSR-4 compliant
...
Closes #1924
2020-04-04 01:16:05 +01:00
Dan Brown
5491bd62a2
Fixed test failing due to redirect changes
...
- Also set APP_THEME param during testing to avoid local conflicts
2019-12-21 13:48:44 +00:00
Dan Brown
140298bd96
Updated to Laravel 5.8
2019-09-13 23:58:40 +01:00
Dan Brown
f417675b1d
Prevented normal users from changing own email
...
To address #1542
Updates to only allow email changes by users with the users-manage role
permission.
2019-08-06 21:29:42 +01:00
Dan Brown
7f3f6e65b9
Aligned item creation wording and updated shelf-book-add logic
2019-04-15 20:45:04 +01:00
Dan Brown
7cda9b026e
Updated tests to suit layout changes, Updated 404 page
...
- Also replaced 'or' usage in templates with null coalescing operator
2019-04-06 18:36:17 +01:00
Dan Brown
50e5527483
Added test to cover "users" header link in correct permission conditions
2019-01-05 15:22:47 +00:00
Dan Brown
2317bf2350
Added check for last admin on role change
...
Will show error message if last admin and admin role is removed.
Closes #1124
Also cleaned up user controller a little.
2018-12-30 16:11:58 +00:00
Dan Brown
919660678b
Re-structured the app code to be feature based rather than code type based
2018-09-25 12:30:50 +01:00
Dan Brown
b59e5942c8
Added testing coverage for Bookshelves
...
Created modified TestResponse so we can use DOM operations in new
Testcases as we move away from the BrowserKit tests.
2018-09-21 15:15:16 +01:00
Dan Brown
cdb1c7ef88
Added destination permission checking to entity move
2018-04-14 18:47:13 +01:00
Dan Brown
1a9f676416
Updated create routes to prevent slug clashes
...
Fixes #758
2018-03-25 11:34:42 +01:00
Dan Brown
621142a46e
Removed outdated translations and updated tests
2017-09-09 18:41:59 +01:00
Dan Brown
e9831a7507
Merge branch 'master' of git://github.com/Abijeet/BookStack into Abijeet-master
2017-08-01 19:24:33 +01:00
Dan Brown
4db2c274e2
Prevent empty-state actions visible without permission.
...
Fixes #411
2017-07-02 15:59:40 +01:00
Dan Brown
cbff801aec
Added test to cover f99c8ff
.
...
Closes #409
2017-07-02 15:40:42 +01:00
Abijeet
574ee820a9
#47 - Fixes the issues with the test case.
2017-06-13 02:37:50 +05:30
Abijeet
7d02f77e67
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 02:31:17 +05:30
Dan Brown
5570e858e5
Made more efficiency improvements to permission system
2017-04-30 11:38:58 +01:00
Dan Brown
33a2999a57
Namespaced tests to align with new laravel default
2017-02-04 11:58:42 +00:00
Dan Brown
6669998c10
Upgraded to Laravel 5.4
2017-01-25 19:35:40 +00:00
Dan Brown
dabf149411
Added user setting system and added user-lang option
...
Supports #115
2017-01-15 16:27:24 +00:00
Dan Brown
581c382f65
Fixed image delete permission issue
...
Also fixed missing translations and wrote tests to cover issue.
Fixes #258
2017-01-08 19:19:30 +00:00
Dan Brown
0775cd09a1
Extracted text for remaining views
2016-12-04 14:08:04 +00:00
Dan Brown
57dc53ceff
Extracted text from book & chapter views
2016-11-17 13:33:07 +00:00
Dan Brown
3b7d223b0c
Updated and added tests for new default user system
...
Closes #138
2016-09-29 17:07:58 +01:00
Dan Brown
05666efda9
Added hidden public role to fit with new permissions system
2016-05-01 19:36:53 +01:00
Dan Brown
a81a56706e
Rolled out new permissions system throughout application
2016-04-24 16:54:20 +01:00
Dan Brown
097d9c9f3c
Updated entity restrictions to allow permissions, Not just restrict
...
Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do.
Referenced in issue #89 .
2016-03-30 20:15:44 +01:00
Dan Brown
5283919d24
Added new page drafts and started image entity attaching
...
Closes #80 .
2016-03-13 12:04:08 +00:00
Dan Brown
bf7852ce85
Organised test files & added page update draft tests
...
Also cleaned styling for new autosave ui parts.
Closes #36 .
2016-03-12 16:31:02 +00:00