- Event was not deleted when another non site-admin org user tried to
delete an event due to the event not being read before its organisation
was compared to that of the logged in user -> fixed.
- Pulling all from the server list view would cause all new events to be
pulled as intended, but attachments would not be pulled with their
respective attributes
- the few lines of code responsible for loading the file and base64
encrypting it for the transfer were misplaced within a correlation check
- fixed.
- site admins able to contact users by e-mail from within the system
- PGP encrypted where available
- Password reset with automatic temporary key generation
- all of the above options have a mass-email version where every user is
contacted at once
- Potential new users can be contacted too (GPG key can be supplied)
- New search functionality on request - restrict attributes by
organisation
- Also, attributes in the list attributes and search attributes result
pages, that belong to the user's organisation will have a red event ID
- To restrict the authentication key from being used by interactive users,
implemented a new export page that uses the uses cake's user
authentication
- the old export features still exist for users with perm_auth enabled
accounts - renamed to automation
- Exporting the events that found attributes belong to in a search
attributes result page
- exporting of individual events to file by clicking a link in event view
- The original creator of an event will also get contacted by contact org
if he/she has the contactalerts turned off.
- error in the SQL permissions of normal users and org admins - they
weren't able to modify/delete events of their own organisation that they
themselves didn't create
- generateCount used to just run through all attributes and save them, to
generate the count. It led to VERY long execution times on larger
databases (25k+ attributes). With the extra processing that each save()
does for attributes, this was horribly slow.
- new generateCount just saves the events based on the number of
associated attributes, only having to save the events (of which there
are considerably less).
- Removed javascripts based title bubble showing the event info in related
events / attributes and in the search attribute view.
- Replaced it with values provided by extra cake queries as the delay for
fetching the info field through a js rest request was annoyingly slow
- some coding standards
- Updated the check for authorisation to view an event and attribute as
the system hid some valid combinations (such as a server only attribute
in a higher distribution level event).
- Regexp, blacklist, roles, whitelists now logged
- adminCRUD now sets ID (for the logging) on edit
- some minor UI changes (removal of empty action menues on the left menu
bar)
- changes to the validation of the results
- fixes an issue where the escaping of slashes showed up with a //
- made the found results more visible and case insensitive
- Fixed an issue that caused attribute values to be converted to 1 on
save in case of an empty regexp table
- Filename validation now happens via whitelisting instead of filename
sanitization
- Only the creating org of the event can change the distribution of
attributes
- Attribute distribution setting are only pushed on edits if they were
manually changed (so that the distribution level of events on the
creating server doesn't get degraded by an edit and push of the event at
a synced server when using connected community settings).
- slight change to the batch attribute search, the search terms are only
echoed up to 9 terms to prevent the mass echoing of a long list
- Editing attributes caused an error because the uuid was not passed back
from the form (and it is used to find the attribute locally for rest)
- UUID is now used from the read attribute for non rest users. In the long
run it would be cleaner to not allow non rest users to reach that part
of the code.
- some changes to the access control
- re-renabled regexp and blacklists, will need a closer look though
- editing a role should update ACL
- some other minor things
- Fixed issues with the sync
- Secondary publishes on remote servers failed
- Introduced new fields in events to stop backward traverse of
edit information that lead to low performance and eroneous
distribution information updates when more than 2 servers were
linked
- Deletion of an attribute now deletes on remote servers
- Changes to the event ownership
- Original creator org now noted in the event itself
- Only original creator org can change distribution
- Events will show up with the original creator org for users
(admins can see both that and the owner of the event on the
local instance)
- Server.organization now used in junction with the connecting
user's org and the instance's org (from the bootstrap) to
determine distribution flow control and access rights
- Lots of minor changes
Andras Iklody