0614db919e
fixes information leakage vulnerability on REST XML outputs
2013-05-22 10:52:03 +02:00
62a3da46f2
removed useless hop_count
2013-05-22 08:18:34 +02:00
0eec208b45
Further changes to the authorisation
2013-04-26 15:46:39 +02:00
eeaa071024
Removal of the remains of the old authorization / adding new ones where
...
needed
2013-04-26 14:43:44 +02:00
5c0fc36b79
fix sanitization in Servers #96
2013-04-24 12:23:03 +02:00
3e89c80d09
Removed some obsolete code
...
- getName functions removed
- Fixed a reference to it in the logable behaviour
2013-04-18 08:49:59 +02:00
9a6733acfd
Removal of deprecated code
...
- The flag private is deprecated, removed together with the code that was
affected by it
2013-04-17 11:13:09 +02:00
32dc28adb9
Update to the admin privileges
...
- Changed the requirement for a lot of functions to be site admin as
opposed to admin.
2013-03-05 15:19:58 +01:00
fad8e809ad
Minor changes
...
- some changes to the access control
- re-renabled regexp and blacklists, will need a closer look though
- editing a role should update ACL
- some other minor things
2013-02-21 17:24:41 +01:00
0f947085cb
Reworked the sync / release control
...
- Fixed issues with the sync
- Secondary publishes on remote servers failed
- Introduced new fields in events to stop backward traverse of
edit information that lead to low performance and eroneous
distribution information updates when more than 2 servers were
linked
- Deletion of an attribute now deletes on remote servers
- Changes to the event ownership
- Original creator org now noted in the event itself
- Only original creator org can change distribution
- Events will show up with the original creator org for users
(admins can see both that and the owner of the event on the
local instance)
- Server.organization now used in junction with the connecting
user's org and the instance's org (from the bootstrap) to
determine distribution flow control and access rights
- Lots of minor changes
2013-02-19 15:37:35 +01:00
e88a3a9cf7
Updates to security
...
- perm_auth new toggle, can disable auth key usage for a role
- prevents sync / rest with a perm_auth == false key
- some changes to sync to provide better feedback on why it failed
- rewording of distribution options
2013-02-06 17:45:43 +01:00
5706fe183f
Redirect for ServersController
...
Added redirect for index in case of non sync users
2013-02-06 08:34:41 +01:00
4d0fe60347
Corrected a typo preventing the sync from working
2013-01-30 14:02:36 +01:00
97f56a2275
Further changes to org admins
...
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
2013-01-29 08:56:38 +01:00
8d88bcb2b5
Fix for the synchronisation
...
An error in the pull fix broke the push/publish feature. Fixed.
2013-01-27 21:27:58 +01:00
3d40095547
coding standards
...
Coding Standards.
2013-01-25 07:51:20 +00:00
24b10579ad
Pull fixed
...
Fixed the issues with pull, should work fine now
2013-01-24 17:32:57 +01:00
d89ab91dee
coding standards
...
Coding Standards.
2012-12-18 16:44:07 +00:00
52a7625a9d
Source Code Review
...
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
2012-12-12 14:01:00 +01:00
1e4597c009
distribution
...
if distribute upstream, do not alter org, user_id nor distribution
settings.
2012-11-28 11:09:08 +01:00
4c31bb06cc
sync
...
lastpushedid reminder.
2012-11-26 15:37:10 +01:00
b00cc0e8b2
sync & code
...
a new NameController() needs $Name->constructClasses().
odd this ever did work before (CakePHP 2.2.2 versus 2.2.3 diff?).
2012-11-20 13:55:53 +01:00
5a35e1a918
sync & merge
...
merged develop with master and have to alter ServersController a little.
2012-11-20 11:14:57 +01:00
957b3e27b8
Merge branch 'master' into develop
...
Conflicts:
app/Controller/ServersController.php
2012-11-20 11:01:18 +01:00
8b3903cde6
sync
...
push from v2 to v1.
2012-11-20 09:54:54 +01:00
52c9114694
sync
...
array correction done so no 2 kinda the same tests during pull.
2012-11-19 13:42:41 +01:00
8f70b7ce9e
sync
...
sync attributes on pull.
2012-11-19 09:13:08 +01:00
d3cf89660b
sync
...
conform the new distribution.
pull on events works too.
2012-11-19 09:02:43 +01:00
1cddb6abe0
distribution
...
conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities
Push is tested, pull not yet.
2012-11-16 15:25:57 +01:00
ea0ab59e4f
code standards
...
corrections toward code standards.
2012-11-14 17:16:36 +01:00
dd979f7325
sync
...
make pull work on an event with just one attribute.
2012-11-09 13:01:00 +01:00
d55f226275
distribution
...
now attributes do work same for pull like push.
2012-11-05 12:49:51 +01:00
29c966810e
distribution
...
let pull behave same way as a push in regard to distribution.
2012-11-05 10:24:50 +01:00
39abe9e589
Distribution
...
distribution changes conform func.spec.
2012-10-29 16:49:04 +01:00
311a09e2b0
fixes bug 87 - on import of existing event: event info changed, tagged
...
private. Also fixes events tagged private when added using REST api.
2012-10-19 13:28:32 +02:00
8f3d624c1a
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AppController.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Controller/UsersController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Server.php
app/Model/User.php
app/View/Attributes/edit.ctp
app/View/Attributes/index.ctp
app/View/Elements/actions_menu.ctp
app/View/Events/add.ctp
app/View/Events/index.ctp
app/View/Events/view.ctp
app/View/Events/xml/view.ctp
app/View/Servers/index.ctp
app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
1d04652476
CakePHP Coding Standards
...
changed to camel caps format where needed.
2012-09-19 11:05:10 +02:00
94a367c2f5
CakePHP Coding Standards
...
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html
Eclipse:
Window->Preferences
General->Editors->Text Editors
Displayed tab width: 4
Insert spaces for tabs NOT
PHP->Code Style->Formatter
Tab policy: Tabs
File->Convert Line Delimeters To->Unix [default]
http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/
Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
253d8e1b58
Merge branch 'master' into develop
...
Conflicts:
app/Controller/EventsController.php
app/Model/Attribute.php
app/View/Events/view.ctp
2012-09-17 13:02:53 +02:00
35e1a455cd
further cleanup of logo improvement
2012-08-31 10:45:54 +02:00
4ae71fc963
Sync.
...
Sync worked, but we did not know what to do with user_id and org.
Now, on sync, anonymize the user_id, get the Server.organization and put
that into Event.org.
And, display owning flag if Event.user_id or get the Server.logo
belonging to Event.org (=Server.organization) when Event.user_id is
empty (=0).
To this there is organization name and logo in bootstrap and
other organizations names and logos in Servers.
2012-08-28 15:36:14 +02:00
8c1cfa731a
loggable behaviour.
...
some merge correction for events and servers, so we log again.
2012-08-22 14:39:41 +02:00
cdc7484944
REST edit Event implementation.
...
Now after publish, edit and (re)publish an event,
that event will be updated on the other servers.
2012-08-07 11:57:52 +02:00
3ff180e898
Merge branch 'develop_0.2.2-0.2.3' into develop
...
Conflicts:
app/Config/Schema/schema_0.2.2.php
app/Config/routes.php
app/Controller/AppController.php
app/Controller/UsersController.php
app/Model/User.php
app/README.txt
2012-07-24 16:09:48 +02:00
66c5312ea6
DataBase migrate, Audit and Access Control granulation.
2012-06-28 17:24:12 +02:00
b4558887ce
Revert "Audit and ACL first cut."
...
This reverts commit 5818231f48
2012-06-26 09:40:52 +02:00
5818231f48
Audit and ACL first cut.
2012-06-25 15:54:52 +02:00
7cea666c9b
fix an php error when importing attributes with incorrect type -
...
category validation
2012-06-13 16:02:27 +02:00
957e4f232b
minor memory usage improvements by referencing in foreach ($array as
...
&$value) loop
2012-06-11 11:40:31 +02:00
39fb9bca1d
Attribute types validation is now a separate function that uses the
...
Attribute->type_definitions variable
2012-05-31 17:12:26 +02:00
Christophe Vandeplas