Andras Iklody
eeaa071024
Removal of the remains of the old authorization / adding new ones where
...
needed
2013-04-26 14:43:44 +02:00
Andras Iklody
4396cec8ea
Integrated ownership, ACL and minor fixes
...
- Orgs can propose new attributes or changes to existing attributes for
events that they do not own
- publishing users of the owner organisation can see, accept or discard
them
- Reworked the access control
- minor fixes
2013-04-25 14:04:08 +02:00
Christophe Vandeplas
d11422831e
fix sanitization in Users #96
2013-04-24 13:06:35 +02:00
iglocska
e7a7ea8824
Small error
2013-03-25 17:12:10 +01:00
iglocska
745581d38e
Small bug
...
- Messages left empty for all but the first user in a mass custom e-mail
- fixed.
2013-03-25 17:07:56 +01:00
iglocska
4aa2bf748b
Small message notifying the admin that the e-mail was sent
...
- flash message after e-mail sent
2013-03-25 16:52:59 +01:00
iglocska
b28e884eb0
Debug exception left in
...
- removed
2013-03-25 16:50:26 +01:00
iglocska
0a06ceed3b
E-mailing system for site-admins
...
- site admins able to contact users by e-mail from within the system
- PGP encrypted where available
- Password reset with automatic temporary key generation
- all of the above options have a mass-email version where every user is
contacted at once
- Potential new users can be contacted too (GPG key can be supplied)
2013-03-25 16:38:56 +01:00
Andras Iklody
afed0f2046
Changes to link validation and minor fixes
...
- Links get validated now to filter malicios code
- removed a double edit button in the case of an admin editing himself
- fixed an error with adding new attributes
2013-02-11 11:26:34 +01:00
Andras Iklody
e88a3a9cf7
Updates to security
...
- perm_auth new toggle, can disable auth key usage for a role
- prevents sync / rest with a perm_auth == false key
- some changes to sync to provide better feedback on why it failed
- rewording of distribution options
2013-02-06 17:45:43 +01:00
Andras Iklody
6ef3ea7050
Missing file from the last commit
...
Missed a file from the package
2013-02-05 09:21:29 +01:00
Andras Iklody
66b9969d29
Security for UsersController
...
org admins could edit users of other orgs by accessing the edit page
through the URL. Fixed.
2013-01-29 10:51:18 +01:00
Andras Iklody
97f56a2275
Further changes to org admins
...
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
2013-01-29 08:56:38 +01:00
Noud de Brouwer
4c83ad3cfe
coding standards
...
Coding Standards.
2013-01-28 08:42:20 +00:00
Noud de Brouwer
a6371f5ad8
coding standards
...
Coding Standards.
2013-01-28 08:32:01 +00:00
Andras Iklody
9739cd1e35
Fix for the org admin privileges
...
Editing / creating users and the organisation permissions for org admins
2013-01-25 12:22:55 +01:00
Noud de Brouwer
d6adb11f52
RBAC
...
only create users within own organisation.
2013-01-25 07:52:32 +00:00
deresz
b1b47bc56f
Better fix to Sanitize::clean() problem
...
'escape' option was removed.
2013-01-24 10:38:51 +01:00
Noud de Brouwer
f8b9d85c62
Sanitize
...
Sanitize can not be used in PGP key.
2013-01-24 08:19:47 +00:00
Noud de Brouwer
48ad60eb61
GPG
...
start of check/correct.
2013-01-23 15:22:21 +00:00
Noud de Brouwer
8bf8ef17ca
RBAC
...
so role is editable.
(i will not commit/push during after hours ;) )
2013-01-22 18:37:30 +00:00
Noud de Brouwer
7e5c34770e
RBAC
...
role editable on user page (by admin).
2013-01-22 15:25:08 +00:00
Noud de Brouwer
d89ab91dee
coding standards
...
Coding Standards.
2012-12-18 16:44:07 +00:00
Noud de Brouwer
8864ee78f7
generateAllFor<FieldName>
...
so we can use an URL like:
http://localhost/ <TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
2012-12-18 03:50:52 +00:00
Andras Iklody
1ceadab700
Added features from branch analysis_levels
...
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
2012-12-17 15:51:30 +01:00
noud
26c8ad57ee
Role
...
renamed everything group to role (i.s.o. renaming just the visable).
2012-12-12 16:15:01 +01:00
noud
52a7625a9d
Source Code Review
...
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
2012-12-12 14:01:00 +01:00
noud
1bd14256e0
coding standards
...
correction conform conding standards.
2012-12-04 09:07:33 +01:00
Andras Iklody
1bf1e6f2a8
Slight change to the histogram
...
Data for types that had "|" or "-" in the name (such as ip-src)
were omitted - should be fixed now
2012-11-29 16:13:31 +01:00
noud
80571386ad
audit log & terms
...
do not handle a timed out user log.
and
better check on login and termsaccepted.
2012-11-26 10:50:23 +01:00
noud
b3a6a656d4
users
...
show the correct Org during edit.
2012-11-22 11:57:26 +01:00
noud
6495787023
Audit log
...
Following events are now being logged:
1. Adding a new user.
2. Deleting a user.
2012-10-31 15:34:43 +01:00
noud
1c3ca8909b
Users
...
invited by filled.
2012-10-31 10:00:01 +01:00
noud
2b24b36639
(internationalization)
...
setFlash using __(), so transletable lateron.
2012-10-30 09:13:35 +01:00
noud
503d5bcb0e
Audit log.
...
Edit user (now?) needs an extra check on the second password.
2012-09-26 17:13:19 +02:00
noud
8f3d624c1a
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AppController.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Controller/UsersController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Server.php
app/Model/User.php
app/View/Attributes/edit.ctp
app/View/Attributes/index.ctp
app/View/Elements/actions_menu.ctp
app/View/Events/add.ctp
app/View/Events/index.ctp
app/View/Events/view.ctp
app/View/Events/xml/view.ctp
app/View/Servers/index.ctp
app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
noud
1d04652476
CakePHP Coding Standards
...
changed to camel caps format where needed.
2012-09-19 11:05:10 +02:00
noud
94a367c2f5
CakePHP Coding Standards
...
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html
Eclipse:
Window->Preferences
General->Editors->Text Editors
Displayed tab width: 4
Insert spaces for tabs NOT
PHP->Code Style->Formatter
Tab policy: Tabs
File->Convert Line Delimeters To->Unix [default]
http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/
Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
noud
2459bca386
(Audit) logs.
...
The writing of the log in User was done by me using calls to the PHP db
driver (during my second or third day). Very wrong given that is driver
and db dependant. Now use CakePHPs calls to have abstraction.
2012-08-23 10:25:14 +02:00
noud
cf40a908d4
SysLog.SysLog lib import.
2012-08-22 14:05:39 +02:00
Andrzej Dereszowski
3ff180e898
Merge branch 'develop_0.2.2-0.2.3' into develop
...
Conflicts:
app/Config/Schema/schema_0.2.2.php
app/Config/routes.php
app/Controller/AppController.php
app/Controller/UsersController.php
app/Model/User.php
app/README.txt
2012-07-24 16:09:48 +02:00
Andrzej Dereszowski
bf98f2db3c
Merge branch 'develop_0.2.2_fixes' into develop
...
Conflicts:
app/Model/Attribute.php
2012-07-11 16:15:27 +02:00
noud
e67d9ebdec
Fix to authError getting displayed before login.
2012-07-11 10:19:57 +02:00
noud
a08842e7d4
Fix to New User, some validation error then authkey not defined.
2012-07-10 15:38:10 +02:00
noud
66c5312ea6
DataBase migrate, Audit and Access Control granulation.
2012-06-28 17:24:12 +02:00
root
b4558887ce
Revert "Audit and ACL first cut."
...
This reverts commit 5818231f48
.
2012-06-26 09:40:52 +02:00
noud
5818231f48
Audit and ACL first cut.
2012-06-25 15:54:52 +02:00
Christophe Vandeplas
1f52ab82fe
fixing bug created in commit 957e4f232b
2012-06-13 14:42:42 +02:00
Christophe Vandeplas
957e4f232b
minor memory usage improvements by referencing in foreach ($array as
...
&$value) loop
2012-06-11 11:40:31 +02:00
Christophe Vandeplas
2d335f5dbe
cleanup of comments and todos
...
minor memory performance improvement
2012-06-11 11:01:58 +02:00