Commit Graph

67 Commits

Author SHA1 Message Date
Dan Brown
4051d5b803
ZIP Exports: Added new import permission
Also updated new route/view to new non-book-specific flow.
Also fixed down migration of old export permissions migration.
2024-10-29 12:11:51 +00:00
Dan Brown
ff2674c464
Notifications: Added role receive-notifications permission 2023-07-25 17:59:04 +01:00
Dan Brown
c337439370
Rolled out use of seperate link color style 2023-01-28 16:06:11 +00:00
Dan Brown
8ec6b07690
Updated role permission table to responsive format 2022-11-03 13:28:07 +00:00
Dan Brown
ec4cbbd004
Refactored common list handling operations to new class 2022-10-30 15:16:06 +00:00
Dan Brown
f75091a1c5
Revised webhooks list to new format
Also aligned query naming to start with model in use.
Also added created/updated sort options to roles.
2022-10-30 12:02:06 +00:00
Dan Brown
98b59a1024
Revised role index list to align with user list 2022-10-29 20:52:17 +01:00
Dan Brown
b8b0afa0df
Cleaned up old permission JS code
Removed now unused JS entity-permissions compontent.
Updated existing permissions-table compontent to newer format.
Removed now unused translation string.
2022-10-02 13:57:32 +01:00
Dan Brown
d8672944a5
Added image view access notice to role form
Added to clarify the role permission in scenarios where users may have
not read the docs site to understand image access control.

Related to #3688
2022-09-06 17:20:35 +01:00
Dan Brown
9da3130a12
Aligned bookshelf terminology to consistently be 'Shelf'
For #3553
EN only, other languages should be handled via CrowdIn
2022-09-01 14:55:35 +01:00
Dan Brown
e8e38f1f7b
Added an 'editor-change' role permission 2022-04-17 14:33:06 +01:00
Dan Brown
31dbf132b9
Started playing with new settings view layout 2022-03-26 21:36:05 +00:00
Dan Brown
00eedafbfd
Added timeout and debugging statuses to webhooks
- Added a user-configurable timeout option to webhooks.
- Added webhook fields for last-call/error datetime, in addition to last
  error string, which are shown on  webhook edit view.

Related to #3122
2022-01-03 19:42:48 +00:00
Dan Brown
da01913616
Added ability to copy a role
- Copies via loading in model on create view.
- Updated role views while editing to bring up to similar format as
  that used for more modern app areas.
- Added tests to cover.

Related to #1123
2021-12-19 12:27:14 +00:00
Dan Brown
41438adbd1
Continued review of #2169
- Removed uneeded custom refresh or logout actions for OIDC.
- Restructured how the services and guards are setup for external auth
  systems. SAML2 and OIDC now directly share a lot more logic.
- Renamed any OpenId references to OIDC or OpenIdConnect
- Removed non-required CSRF excemption for OIDC

Not tested, Come to roadblock due to lack of PHP8 support in upstream
dependancies. Certificate was deemed to be non-valid on every test
attempt due to changes in PHP8.
2021-10-06 23:05:26 +01:00
Dan Brown
193d7fb3fe
Merge branch 'openid' of https://github.com/jasperweyne/BookStack into jasperweyne-openid 2021-10-06 13:18:21 +01:00
Dan Brown
eda9e89c55
Added role permissions for exporting content 2021-08-28 21:48:17 +01:00
Dan Brown
a61c9c5e98
Reorgranised blade view files to form a convention
- Primarily moved and re-organised view files.
- Included readme within views to document the convention.
- Fixed some issues with page field select list in previous commit.
- Tweaked some route names while going through.
- Split some views out further.

Closes #2805
2021-08-22 13:17:32 +01:00
Dan Brown
09c2814dc7
Added role based MFA control
- Added new DB column for control and role updated create/update actions.
- Created new middleware as a start to actual enforcement logic.
- Added indicator to role list of whether MFA is enforced.
2021-07-03 13:34:48 +01:00
Dan Brown
7ba6962707
Removed lesser-used middleware and updated localization middleware
So that DB/User access is not explicitly enforced.
Same for GlobalViewData middleware although that was also just doubling
up on ways to access user/auth info.
Also cleaned up Localization Middleware doc blocks.
2021-01-17 13:41:43 +00:00
Dan Brown
1ac11c1852
Added warning to role screen for important permissions
Warning related to permissions that could allow a person to promote
their own permissions to gain more privileges than expected.

For #2105.
2020-08-04 15:26:13 +01:00
Dan Brown
5f1ee5fb0e
Removed role 'name' field from database
The 'name' field was really redundant and caused confusion in the
codebase, since the 'Display' name is often used and we have a
'system_name' for the admin and public role.

This fixes #2032, Where external auth group matching has confusing
behaviour as matching was done against the display_name, if no
external_auth field is set, but only roles with a match 'name' field
would be considered.

This also fixes and error where the role users migration, on role
delete, would not actually fire due to mis-matching http body keys.
Looks like this has been an issue from the start. Added some testing to
cover. Fixes #2211.

Also converted phpdoc to typehints in many areas of the reviewed code
during the above.
2020-08-04 14:55:01 +01:00
Jasper Weyne
07a6d7655f First basic OpenID Connect implementation 2020-07-01 23:27:50 +02:00
Dan Brown
e743cd3f60
Added files missed in previous commit 2020-02-02 10:59:03 +00:00
Dan Brown
d336ba6874
Started work on API token controls
- Added access-api permission.
- Started user profile UI work.
- Created database table and model for tokens.
- Fixed incorrect templates down migration :(
2019-12-29 13:02:26 +00:00
Dan Brown
3a17ba2cb9
Started using OneLogin SAML lib directly
- Aligned and formatted config options.
- Provided way to override onelogin lib options if required.
- Added endpoints in core bookstack routes.
- Provided way to debug details provided by idp and formatted by
bookstack.
- Started on test work
- Handled case of email address already in use.
2019-11-17 13:26:43 +00:00
Dan Brown
bb1f43cbd8
Merge branch 'feature/saml' of git://github.com/Xiphoseer/BookStack into Xiphoseer-feature/saml 2019-11-16 12:42:45 +00:00
Dan Brown
ae93a6ed07
Converted primary color use to css variable
- Removed all existing SCSS usage of primary color.
- Cut down custom styles injection to just be css vars.
- Reduced button styles so default button is primary.
- Updated button styles to lighten/brighten on hover & active states even
when a custom color is set.
- Removed unused scss color vars.
- Updated default BookStack blue to achieve better accessibility.
2019-08-25 12:40:04 +01:00
Daniel Seiler
bda0082461 Add login and automatic registration; Prepare Group sync 2019-08-06 23:42:46 +02:00
Dan Brown
2ebbc6b658
Merge branch 'master' into 129-page-templates 2019-08-04 16:26:38 +01:00
Dan Brown
4b0c4e621a
Replaced use of custom 'baseUrl' helper with 'url'
Also changed up how base URL setting was being done
by manipulating incoming request URLs instead of
altering then on generation.
2019-08-04 14:26:39 +01:00
Dan Brown
71167426bb
Started implementation of page template 2019-07-07 13:45:46 +01:00
Dan Brown
f797d2da20
Added column select-all to role permission table 2019-04-13 13:16:18 +01:00
Dan Brown
07adfb2ff1
Added select-all helpers to permission tables 2019-04-13 12:07:27 +01:00
Dan Brown
221a483b40
Standardised view referencing to dot-notation 2019-04-07 12:00:09 +01:00
Dan Brown
8c21b5345d
Cleaned up usage of some core scss files 2019-04-07 11:34:40 +01:00
Dan Brown
b00b319e83
Re-arranged some list items to flexbox instead of grid
Since flexbox is better supported on a wider range of elements
2019-02-16 15:05:18 +00:00
Dan Brown
5325870271
Updated auth pages to new design, Removed public layout 2019-02-03 17:34:15 +00:00
Dan Brown
880d4f35da
Started the migration of the setting views 2019-02-02 15:49:57 +00:00
Dan Brown
8ff969dd17
Updated so permission effect admins more
Asset permissions can now be configured for admins.
joint_permissions will now effect admins more often.
Made so shelves header link will hide if you have no bookshelves view
permission.
2018-09-20 19:48:08 +01:00
Dan Brown
c3986cedfc
Added shelve icon, improved migration, added role permission
Icon is placeholder for now
Migration will now copy permissions from Books to apply to shelves.
Role view updated with visibility on shelve permission
2018-08-04 12:45:45 +01:00
Dan Brown
f421d83627
Added ability to set custom ldap group -> role mapping
Added input in role form to allow matching against custom names.
Changed default mapping to use role display name instead of the hidden
DB name.
2018-07-15 19:34:42 +01:00
Dan Brown
d886c6a32e
Removed old ng tags, Fixed header spacing
Also prevent pointer error on custom home page
2018-05-28 10:33:38 +01:00
Dan Brown
81fa021083
Finished migrated from icon-font to SVG 2018-02-17 19:49:00 +00:00
Dan Brown
5ab39bfd5a
Started migration to SVG icons 2018-02-17 13:30:52 +00:00
Dan Brown
4cb4c9e568
Updated remaining views to 2017 design update.
Also fixed issue with duplicate confirmation email.
2017-08-26 17:17:04 +01:00
Abijeet
148350009c #47 Adds comment permission to each role. 2017-01-29 14:25:20 +05:30
Dan Brown
33d4844f17
Fixed role 'manage own permissions' permission 2017-01-22 12:16:02 +00:00
Dan Brown
c9700e38e2
Created solution for JS translations
Also tidied up existing components and JS
2016-12-31 14:27:40 +00:00
Dan Brown
0775cd09a1
Extracted text for remaining views 2016-12-04 14:08:04 +00:00