Commit Graph

307 Commits (3e706867e93973fae3e84e74080268ced30ddc58)

Author SHA1 Message Date
iglocska 80acf81743 new: Added PGP fingerprint and PGP key status to user view 2017-02-22 10:55:24 +01:00
devnull- d38ce2fd62 Implement 'sign' option 2017-02-21 09:42:33 +01:00
iglocska a59aab9b23 fix: Re-added the accidentally removed code in a merge, fixes #1965
- affects f0e1a27b7d
2017-02-20 18:43:36 +01:00
iglocska a4696a9366 fix: fixed a bug retrieving an org with no users 2017-02-06 18:15:26 +01:00
iglocska b6ce529f3a new: Send out credentials directly during user creation 2017-02-02 11:11:51 +01:00
Iglocska e8303537e7 fix: Organisation UI and API improvements
- opened up the organisations controller to API actions
  - this includes index/add/edit/delete
  - uses the still new-ish standardised REST library
  - send GET requests to add/edit to view the parameters

- reworked the org index to paginate 60 items instead of 20 and to have a view all button
2017-01-20 10:33:38 +01:00
iglocska 38626ee548 fix: Fixed an issue with an empty SMIME field preventing users from being added, fixes #1821 2017-01-10 13:24:29 +01:00
iglocska ba9b084f48 Merge branch '2.4' into 1541 2016-09-18 13:12:11 +02:00
iglocska 075056b4f8 chg: generatePassword now uses random passwords with a minimum length of 12 characters 2016-09-18 13:07:16 +02:00
iglocska 62a2211a23 Merge branch '2.4' into 1457 2016-09-18 13:06:03 +02:00
Cristian Bell 4f288bd23f fix: removing some unused code. 2016-09-16 16:15:26 +02:00
Andreas Ziegler 25e52a6786 chg: remove some references to variables 2016-09-15 17:08:58 +02:00
Andreas Ziegler 7a5dad6598 chg: use new Tool for random string generation 2016-09-15 17:07:12 +02:00
Iglocska 8034f9af4b chg: Removed requirement for findAdminsResponsibleForUser for not site admin
- Take own org's admins / siteadmins before looking for site admins from other orgs
2016-09-03 23:58:52 +02:00
Iglocska f9e6180c06 fix: cleanup of missing whitespaces in PR 2016-09-03 23:58:13 +02:00
Cristian Bell f37963fde4 Merge branch 'fix_1311_only_show_API/authkey_to_user_with_rights' of https://github.com/cristianbell/MISP into cristianbell-fix_1311_only_show_API/authkey_to_user_with_rights 2016-09-02 15:35:11 +02:00
iglocska 822b0bf8fa chg: Cleanup of the controllers and models
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
2016-08-25 11:38:37 +02:00
Cristian Bell c19fa90e92 chg: only show API/authkey to user with API key rights, fixes #1311
- code improvements as per @iglocska 's comments.  thanks.
2016-08-24 09:59:38 +02:00
Cristian Bell 139de84952 chg: only show API/authkey to user with API key rights, fixes #1311
- adds some missing code parts from the initial commit.
2016-08-23 17:12:55 +02:00
Cristian Bell 7774f52fe7 chg: only show API/authkey to user with API key rights, fixes #1311 2016-08-23 16:20:39 +02:00
Andreas Ziegler 1c641b809e chg: add spaces before opening curly brackets 2016-08-22 02:57:56 +02:00
Andreas Ziegler cffcfa81d7 chg: remove whitespace (space/tab) from empty lines 2016-08-22 02:52:51 +02:00
Andreas Ziegler f0905dc536 chg: rename FileAccess to FileAccessTool
every other tool classes name in the Lib/Tools/ folder also ends with "Tool"
2016-08-19 19:25:32 +02:00
Andreas Ziegler a2ff5424e1 chg: change FileAccess from static to instantiable class 2016-08-19 19:22:15 +02:00
Andreas Ziegler 4a37f4edbc chg: remove obsolete backticks from sql queries
backticks are only necessary to escape reserved keywords.
as backticks are MySQL-specific, having them only where really necessary
 makes integrating support for other DBMS easier.
2016-08-15 06:26:25 +02:00
iglocska c94140bc9a fix: Moved lookup function from controller to model and fixed some other issues
- That function has no reason not to be in a model
- Removed invalid contain
- Simple lookup against the users table is more efficient
2016-08-13 23:30:31 +02:00
Cristian Bell 4f169a8ffa fix: Remove the default defined salt #625 2016-07-20 11:17:23 +02:00
Andreas Ziegler 50dc59fb52 chg: users autoalert/contactalert not empty & input style checkbox forced 2016-07-11 21:25:59 +02:00
Iglocska b80cc56ec9 Merge branch '2.4' into write 2016-07-04 19:33:45 +02:00
Iglocska 6a07ce7b73 fix: Fix to an issue with default values not set by the beforeValidate of users 2016-06-13 03:15:08 +02:00
Iglocska f219c3c67a fix: Some small fixes
- Lowered TLP string setting to low importance
- auto set authkey if not set during user creation
2016-06-08 13:18:34 +02:00
Andreas Ziegler aec73ed50a chg: improve file access using new Lib 2016-06-07 00:21:14 +02:00
Andreas Ziegler 048c74860c fix: move unlink() to correct location 2016-06-06 14:36:14 +02:00
Andreas Ziegler 958aa7c414 use consistent spacing around else if 2016-06-04 15:49:54 +02:00
Andreas Ziegler e600df3262 use consistent spacing around else 2016-06-04 15:46:34 +02:00
Andreas Ziegler 8f9e152d8c add space before opening curly brackets 2016-06-04 15:45:11 +02:00
Andreas Ziegler 0fe692c56a remove whitespace at end of line 2016-06-04 01:10:45 +02:00
Andreas Ziegler 898ea1d97c remove whitespace (space/tab) from empty lines 2016-06-04 01:08:16 +02:00
Andreas Ziegler 1582d593ee Model/User.php: indention fixed 2016-05-31 17:36:06 +02:00
Iglocska c4725a3108 fix: Accidental invalid debug code left in the verifyGPG admin task breaking the script 2016-05-27 15:46:11 +02:00
Andreas Ziegler dc0974a55b misc cleanup 2016-05-21 05:10:49 +02:00
Iglocska d02adf2085 new: Added the news functionality back
- admins can add/edit/delete news items
- users get redirected if there is a newsitem that they haven't seen yet
2016-05-20 01:17:26 +02:00
Iglocska 4e94913504 fix: Contact Users Form Email Issue fixed, fixes #1130 2016-05-18 11:15:11 +02:00
Iglocska d2ae260ee0 chg: Further progress on the attribute soft-deletes 2016-05-08 21:53:04 +02:00
Iglocska 89447644de chg: Small test with the embedded headers 2016-04-27 16:03:03 +02:00
Iglocska 9ad1339e73 chg: Reverted the previous change 2016-04-27 15:13:07 +02:00
Iglocska 49dfce6e38 fix: Testing encrypted headers !wip 2016-04-27 11:50:34 +02:00
Iglocska eba687f189 fix: Fixed an issue with handling SMIME encrypted messages on instances that don't have a signing key 2016-04-27 09:30:18 +02:00
Iglocska f01185c416 chg: dev: Made signing optional for SMIME.
- If no signing key is found / setting is not set, it will just encrypt
2016-04-26 17:47:04 +02:00
Iglocska 8db889ce7e SMIME changes
- tied into auto upgrade system
- tied into server settings
- some cleanup of overly verbose debug
- Enforcing enable/disable everywhere
- Changed temporary file structure
2016-04-26 16:40:12 +02:00
Iglocska 267caa3315 Merge branch '2.4' into smime
Conflicts:
	app/Controller/AppController.php
2016-04-25 23:12:57 +02:00
Iglocska 71d7cfc5f0 Left off file 2016-04-22 10:52:00 +02:00
Iglocska 24c7fa61fe Merge branch 'permissionfix' into 2.4 2016-04-18 17:41:59 +02:00
devnull- 26b0c5db97 Missing ''domains.airbus@airbus.com': 'ai' 2016-04-05 13:29:40 +02:00
devnull- 3bd339d189 Patch SMIME to sign and encrypt email 2016-04-04 19:23:05 +02:00
Iglocska c95b94a9a8 Fix to an issue with the password reset breaking the credentials
- The password change forced on users by administrators couldn't save new passwords
- instead it reset the password to a new random password

- Resetting the password of such users via the admin interface should fix the issue
- Alternatively manually setting the password also fixes it
2016-03-30 09:39:00 +02:00
Iglocska 468bced3b4 Fix to an invalid default password complexity validation, fixes #585 2016-03-29 15:13:23 +02:00
Iglocska afaa537b82 First implementation of the new auth mechanism 2016-03-15 23:04:20 +01:00
Iglocska 77c9ce3b73 Fix to a critical vulnerability for the login authentication mechanism
- The API key check was incorrectly logging in the wrong user when the API key started with a numeric value
2016-02-19 12:40:50 +01:00
Iglocska 4c14d3a859 Merge branch '2.4' into features/delegation
Conflicts:
	app/Controller/AppController.php
	app/Model/AppModel.php
	app/Model/Event.php
	app/Model/Log.php
	app/Model/Server.php
	app/View/Elements/footer.ctp
	app/webroot/css/main.css
2016-02-12 05:56:32 +01:00
William Robinet 4fea371c4b Fix permissions 2016-02-11 17:03:51 +01:00
Iglocska d6c0b6d853 Fixes to several permission issues with the e-mailer
- contact e-mail recipients were incorrectly set resulting in the e-mails landing at the wrong recipient
- disabled users were not excluded from certain e-mails
2016-02-02 15:30:23 +01:00
Iglocska 7b3d2af8c4 Reverted the header change, added note in app/Config/email on how to enable it
- otherwise it might break custom e-mail configurations
2016-01-28 13:13:15 +01:00
Iglocska e12e0a018d Fix for the previous header issue 2016-01-28 13:05:22 +01:00
Iglocska 8799d6a745 Attempt to fix the returnPath issue
- it looks like PHP is overriding the setting
2016-01-28 11:36:15 +01:00
Iglocska e827d1044d Set the returnPath header in e-mails correctly 2016-01-28 11:16:49 +01:00
Iglocska c834715aae First steps 2016-01-10 19:47:21 +01:00
iglocska 181566bafb More graceful handling of pgp errors in the emailer
- until now the encryption of emails happened in a try catch block
- however, crypt_gpg throws a fatal error instead of an exception, killing the background worker

- added an extra checking algorithm that will test the key for a valid encryption key (encryption enabled + not expired)
- if it's not there, it will just log an error message and continue execution of the other e-mails
2015-12-22 16:27:08 +01:00
Iglocska 4a93d868de Fixed an issue where non-sharing group events would only send alert e-mails to site admins 2015-12-18 16:33:41 +01:00
Iglocska 8ddceaddc3 Typo fixed 2015-12-18 16:27:25 +01:00
Iglocska b9dfed927b Removed debug 2015-12-18 09:40:26 +01:00
Iglocska cf119bc315 Fix to a previous merge issue with the e-mailer 2015-12-18 09:38:36 +01:00
Iglocska bc2c14c815 Disable e-mailing globally for an instance 2015-12-15 10:52:31 +01:00
Iglocska fa7fa322cb First stab at the push filters influencing the pull of a remote instance 2015-12-06 19:41:29 +01:00
iglocska 485c007b39 Merge branch 'master' into 2.4-beta
Conflicts:
	VERSION.json
	app/Lib/Tools/XMLConverterTool.php
	app/Model/Event.php
	app/Model/EventTag.php
	app/Model/TemplateElementAttribute.php
	app/Model/TemplateElementFile.php
	app/Model/TemplateElementText.php
	app/Model/ThreatLevel.php
	app/View/Attributes/index.ctp
	app/View/Elements/eventattribute.ctp
	app/View/Elements/eventattributerow.ctp
	app/View/Elements/global_menu.ctp
	app/View/Elements/side_menu.ctp
	app/View/Events/automation.ctp
	app/View/Events/index.ctp
	app/View/Pages/administration.ctp
	app/View/ShadowAttributes/index.ctp
	app/View/Tags/index.ctp
2015-11-17 01:14:51 +01:00
iglocska da5fac5873 Added logging of auth key changes, fixes #715
- Changing the auth key now creates a log entry that inclues the user's ID, e-mail address old and new autkeys
- Also removed the logging of the hashed password for newly created users
2015-11-16 00:22:58 +01:00
iglocska 5941772b3a Merge branch 'master' into 2.4-beta
Conflicts:
	VERSION.json
2015-11-12 09:49:04 +01:00
iglocska 69031ab35e Fixed an issue where PGP keys that are set to never expire show up as expired 2015-11-12 09:46:33 +01:00
iglocska 1c6f45de52 Merge branch 'master' into 2.4-beta
Conflicts:
	VERSION.json
	app/Controller/EventsController.php
2015-11-12 09:26:29 +01:00
iglocska 675ceb2e0e Better verification of PGP keys
- checks whether the key can be used to encrypt and whether it's expired
2015-11-11 17:03:59 +01:00
iglocska 9faf3df8ae Some fixes to the api authentication
- Handle user not found gracefully
- Log the failed authentication correctly
2015-11-09 08:52:06 +01:00
Iglocska 7a686a2718 Merge branch 'master' into 2.4-beta
Also, reworked a lot of remaining distribution checks not handled by the main fetch methods

Conflicts:
	VERSION.json
	app/Controller/AttributesController.php
	app/Controller/ShadowAttributesController.php
	app/View/ShadowAttributes/add.ctp
	app/View/ShadowAttributes/edit.ctp
2015-10-30 13:39:12 +01:00
Iglocska 80f29c1f33 More details on the PGP validation tool 2015-10-27 15:18:04 +01:00
Iglocska f9da3f2d2c Small fix to the pgp key validation tool
- doesn't break on completely invalid keys anymore
2015-10-27 14:00:31 +01:00
iglocska 61e865956b Fixes to several issues, fixes #693
- Fixed a critical bug in the XML export
  - As of recently XML exports include relations as they were missing before
  - the sanitisation of the event info field in related attributes was incorrectly sanitized of unicode characters
  - this can lead to the XML export breaking and also for affected events to be blocked from synchronisation

- Proposal fixes
  - fixed an invalid uuid generation that lead to an exception
  - fixed the attachments for proposals still using the old attachment system that disallows most filenames
  - added the automatic creation of hashes for attachment proposals
2015-10-21 23:44:07 +02:00
iglocska da8b2604ba Fixes to some validations issues using cakephp 2.7 2015-10-18 20:51:37 +02:00
Iglocska 025087bf5d Fixes to the first time initialisation script 2015-10-15 11:35:44 +02:00
Iglocska 328c666e3a Merge branch 'master' into feature/sg
Merging all the new changes from master

Conflicts:
	VERSION.json
	app/Console/Command/AdminShell.php
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Log.php
	app/Model/Server.php
	app/Model/User.php
	app/View/Elements/side_menu.ctp
	app/View/Pages/administration.ctp
	app/View/Users/admin_index.ctp
2015-10-12 09:41:20 +02:00
Iglocska dc638adac2 Upgrade to CakePHP 2.7, fixes #684
- cakephp submodule updated to 2.7
- make sure that you update your instance!

- not updating will not break compatibility
2015-10-09 15:59:25 +02:00
Iglocska ad21d5c35a Further work on the Sharing Groups 2015-08-03 14:12:20 +02:00
Iglocska 1bf2995f4e Merge branch 'master' into feature/sg
Conflicts:
	VERSION.json
2015-07-22 17:19:13 +02:00
Richard van den Berg 4b5bc3736a Use setupHttpSocket for fetchPGPKey 2015-07-13 11:05:53 +02:00
Iglocska 0481e6eb02 Merge branch 'master' into feature/sg
Conflicts:
	VERSION.json
	app/Controller/ServersController.php
	app/Controller/ShadowAttributesController.php
	app/Controller/UsersController.php
	app/Model/Event.php
	app/webroot/js/ajaxification.js
2015-06-29 14:27:16 +02:00
Iglocska 6135804afa Removed some junk 2015-06-23 11:00:53 +02:00
Iglocska ea0dd2a33f PGP key selection on fetch, fixes #554
- MISP will now fetch a list of all keys matching the e-mail address from the MIT server from the user edit view
- A popup will present all the matching keys (with the creation date, key ID, email addresses associated - and the fingerprint when hovering over them)
- Once the admin clicks on one, it will fetch the desired key

- future enhancement possibility: move the second stage (the actual key fetch) to the server side instead of a direct ajax query from the user's browser
2015-06-23 10:56:19 +02:00
Iglocska c73f71f243 Merge branch 'master' into feature/sg
The merging is complete

Conflicts:
	VERSION.json
	app/Console/Command/ServerShell.php
	app/Controller/AppController.php
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/PostsController.php
	app/Controller/UsersController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Log.php
	app/Model/Server.php
	app/Model/User.php
	app/View/Elements/side_menu.ctp
	app/View/Users/admin_index.ctp
	app/webroot/js/ajaxification.js
2015-06-10 22:54:20 +02:00
Iglocska 822172d425 Fixes to the e-mailer and the HIDS export
- HIDS exports did not include filename|hash types
- Sending a password reset / welcome message picked the opposite subject line
- line breaks were sent as literals.
2015-06-10 09:50:38 +02:00
Iglocska 47d02845d2 Added the option to use an alternat executable for gpg, fixes #498
- users can specify an alternate gnupg executable
- Since GnuPG2 is not compatible with the last stable CryptGPG version, there are 3 options for CentOS / Red Hat users:
  1. Don't use a passphrase for the server's PGP key
  2. Install the beta version of CryptGPG (1.4.0b4)
  3. Install GnuPG classic and point MISP to the executable

- This patch enables option 3, administrators can point MISP to the alternate executable in the server settings
2015-06-09 13:04:33 +02:00
iglocska 42841b59c1 Finished the e-mailing rework branch, fixes #505, fixes #504, fixes #502, fixes #499
- this commit is mostly here to capture what was changed in hotfix 2.3.69

- e-mailing completely reworked, all e-mails now flow through the same method
- that method will handle all encryption and the decisions whether to send e-mails unencrypted to users without an encryption key, whether to keep the body of the e-mail untruncated, etc
- all e-mails are now also logged here (including the reason of a potential failure)

- new server settings for default template messages for password resets / new user welcome messages

- admin e-mail interface reworked and org admins now also have access to the features

- password resets / new user for site and org admins (where applicable) - quickly reset the password of a user and alert them using the pre-defined reset template

=====

- Tuned the freetext import to really accept free-text. Let me know if you have any tips for tuning the detection further!

- it now breaks the passed string on whitespace and line-break and tries to resolve the rest. Filename resolution tightened to exclude anthing that starts or ends with a .
2015-05-27 18:27:53 +02:00
iglocska 620b7d1adb New emailer finished 2015-05-27 17:46:01 +02:00
iglocska ecf9facf07 Further progress 2015-05-25 20:54:10 +02:00
iglocska 3431d2cc0d Rework of the e-mailing, part 1
- Reworking the way e-mails are sent - all of it goes through a centralised e-mail method
- just pass the recipient, recipient encryption key collection, body, alternate body if the message cannot be encrypted, subject, reply to address and pgp key for reply to along and the method will do the rest

- encrypt if possible, check if sending without encryption is allowed, signing, adding attachment for reply to encryption key, using alternate sanitised body if it is enforced for accounts that cannot use encryption is all done in one place

- easy to maintain and expand with future changes (such as the S/MIME pull request on github)
2015-05-25 17:18:39 +02:00
Iglocska de55461eed Several changes
- UI cleanup
- separate view for active / passive sharing groups
- deletion of SGs is blocked if there are still events / attributes / threads around that belong to the SG
2015-04-25 20:49:29 +02:00
Iglocska c24704a6c2 Lots of progress
- further work on implementing the SG changes everywhere
- reworked the alert e-mails
- reworked a lot of the logging
- several convenience methods
2015-04-20 11:46:55 +02:00
iglocska 51ea9c090d Further progress 2015-04-18 07:53:18 +02:00
Iglocska 1e3db8a8ba Further work on the new version
- org checks fixed in a lot of places
- fixed the searches to work with the new organisations
2015-04-14 17:51:38 +02:00
Iglocska 5f70207051 Progress in moving all exports to the new distribution system 2015-04-13 12:42:26 +02:00
iglocska f7f200deb8 Further progress 2015-03-21 14:27:53 +01:00
iglocska 29a6f10048 Merge branch 'master' into feature/sg
Conflicts:
	app/webroot/js/ajaxification.js
2015-02-23 11:38:54 +01:00
iglocska bdc6b5fa8f Initial commit 2015-02-23 11:33:38 +01:00
iglocska 1b4f2a6408 Password complexity definable by admin
- administrators can use a regex and a length setting to define password requirements
- old behavior used if left untouched
2015-01-27 10:41:43 +01:00
iglocska cef94553f7 Merge branch 'hotfix-2.2.39' into develop 2014-09-08 13:34:58 +02:00
iglocska 4c6ea92ba3 Small fix to avoid repeated incorrect invalid messages after the first failed check 2014-09-08 13:34:14 +02:00
iglocska c11b388f32 Merge branch 'hotfix-2.2.39' into develop 2014-09-08 13:24:26 +02:00
iglocska 2bb806d780 Fix to the PGP key validation tool, fixes #284 2014-09-08 13:23:23 +02:00
iglocska b6ee897b82 Fixed an incorrect check for the no PGP key warning condition partially responsible for #271 2014-08-21 15:27:25 +02:00
iglocska 1054ff6e85 Very large PGP keys would prevent users from logging in - fixes #142
- removed the PGP key from the Auth user

- PGP key of currently logged in user is looked up on demand and not stored in the session
2014-04-01 16:20:47 +02:00
iglocska 7545de6a6c Changes to the admin methods
- cleaned up the methods, they all now return results without debug mode enabled
- Added a verification method for all user GPG keys (as an expired key for example would send out empty messages)
2014-01-21 11:28:18 +01:00
iglocska 54b1b44080 More work on the background jobs
- added scheduler to the export caching
- site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
2014-01-03 15:26:35 +01:00
iglocska 6895548877 Merge branch 'develop' into feature/discussion
- Pivots, attributes, discussions hideable

Conflicts:
	app/Controller/EventsController.php
	app/webroot/css/main.css
2013-09-10 16:51:56 +02:00
iglocska b7d95ed743 Upgrade script for 2.1.8
- we have introduced the "locked" flag for events to protect events of the original creator from being edited by a sync user

- IMPORTANT: before running the script below, make sure to create the locked field for the event table (see INSTALL/LOCKED.sql)

- This script (generateLocked found in the Administrative tools menu) will attempt to set the locked value for existing events to ease the transition

- The default value for locked is 0, and all events created on the instance should be set to this value

- events that were synced from another instance should have their locked value set to 1

- this script checks for local organisations and sets the locked field to 1 for all events not created by them

- a local organisation, as defined for the scope of this scrips is: an organisation with at least 2 members or an organisation with a single member that is not a sync user.

- The script is only accessible by site admins and will return a notification about the number of events altered.
2013-08-21 11:33:30 +02:00
iglocska 1ad3a8ffd6 Discussion boards
- First fully working version
- Create threads or create a thread attached to an event
- Add posts to threads / edit them / delete them
2013-08-14 17:46:57 +02:00
Christophe Vandeplas d8d3254450 more logging with PGP errors 2013-07-17 12:54:55 +02:00
Christophe Vandeplas b8dcc4d00a must be sleepy...holliday effect? 2013-07-11 14:30:56 +02:00
Christophe Vandeplas 7949181fbc improved password generation algorithm in reset password 2013-07-11 14:26:28 +02:00
Iglocska a707df1b31 Strict messages fixes #99 and user edit requiring to change password
fixes #67

- Plugins and the user model were throwing strict messages in php 5.4+
or with E_STRICT on php 5.3 and lower. Should be fixed.

- New cakePHP added automatic HTML5 validation to form fields, which
breaks fields that can alternatively be left empty to not be edited
(such as the password field in user edits) - removed the html5 form
validation from user edits.
2013-05-13 14:27:40 +02:00
Andras Iklody 6332dbf05b Removal of more remnants of the old ACL and tightening of the filename
checks

- actAs acl removed from role and user models together with some extra
code related to the ACL

- Fix of the filename regex as pointed out by cvandeplas.
2013-04-29 10:52:07 +02:00
Andras Iklody 019e976783 Removed the js title bubble for related events
- Removed javascripts based title bubble showing the event info in related
  events / attributes and in the search attribute view.

- Replaced it with values provided by extra cake queries as the delay for
  fetching the info field through a js rest request was annoyingly slow

- some coding standards
2013-03-08 13:16:02 +01:00
Andras Iklody b9d4ac9cba Subscription to alerts from contact reporter
- Users can now choose to subscribe to receive e-mails from the "Contact
  Reporter" feature.
2013-03-06 11:34:22 +01:00
Andras Iklody 0f947085cb Reworked the sync / release control
- Fixed issues with the sync
	- Secondary publishes on remote servers failed
	- Introduced new fields in events to stop backward traverse of
	  edit information that lead to low performance and eroneous
	  distribution information updates when more than 2 servers were
	  linked
	- Deletion of an attribute now deletes on remote servers

- Changes to the event ownership
	- Original creator org now noted in the event itself
	- Only original creator org can change distribution
	- Events will show up with the original creator org for users
	  (admins can see both that and the owner of the event on the
	  local instance)
	- Server.organization now used in junction with the connecting
	  user's org and the instance's org (from the bootstrap) to
	  determine distribution flow control and access rights

- Lots of minor changes
2013-02-19 15:37:35 +01:00
Noud de Brouwer ce44cdb529 coding standards
this is to the new php53-pear-CakePHP_CodeSniffer-0.1.11.
2013-02-15 14:20:03 +00:00
Noud de Brouwer a6371f5ad8 coding standards
Coding Standards.
2013-01-28 08:32:01 +00:00
Noud de Brouwer 48ad60eb61 GPG
start of check/correct.
2013-01-23 15:22:21 +00:00
Noud de Brouwer ef0f2201ac PGP
clean key remark.
2013-01-23 13:41:34 +00:00
Noud de Brouwer 9da93c51a6 PGP
direction-like-out-commented try.
2013-01-23 12:31:55 +00:00
Noud de Brouwer 8864ee78f7 generateAllFor<FieldName>
so we can use an URL like:
http://localhost/<TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
2012-12-18 03:50:52 +00:00
Andras Iklody 1ceadab700 Added features from branch analysis_levels
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
2012-12-17 15:51:30 +01:00
noud 26c8ad57ee Role
renamed everything group to role (i.s.o. renaming just the visable).
2012-12-12 16:15:01 +01:00
noud eff2f77126 trim
use the TrimBehavior on all inputable models.
2012-11-29 09:35:57 +01:00
noud 6495787023 Audit log
Following events are now being logged: 
1. Adding a new user.
2. Deleting a user.
2012-10-31 15:34:43 +01:00
noud b6c6fda2ee outcommented a debug (PGP related). 2012-10-23 15:01:34 +02:00
noud 8f3d624c1a Merge branch 'master' into develop
Conflicts:
	app/Controller/AppController.php
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Controller/UsersController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Server.php
	app/Model/User.php
	app/View/Attributes/edit.ctp
	app/View/Attributes/index.ctp
	app/View/Elements/actions_menu.ctp
	app/View/Events/add.ctp
	app/View/Events/index.ctp
	app/View/Events/view.ctp
	app/View/Events/xml/view.ctp
	app/View/Servers/index.ctp
	app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
noud 1d04652476 CakePHP Coding Standards
changed to camel caps format where needed.
2012-09-19 11:05:10 +02:00
noud 94a367c2f5 CakePHP Coding Standards
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html

Eclipse:
Window->Preferences
	General->Editors->Text Editors
		Displayed tab width:	4
		Insert spaces for tabs	NOT
	PHP->Code Style->Formatter
		Tab policy:	Tabs
File->Convert Line Delimeters To->Unix [default]

http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/

Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
noud 253d8e1b58 Merge branch 'master' into develop
Conflicts:
	app/Controller/EventsController.php
	app/Model/Attribute.php
	app/View/Events/view.ctp
2012-09-17 13:02:53 +02:00
noud 44172d244b Authkey validation.
An authkey with any length, so less then 40, could be entered.
Now authkey has to have a length of 40 (or higher).
2012-08-17 08:42:21 +02:00
noud 78f629e6dd Redo Event.user_id 2012-07-19 14:52:27 +02:00
noud 66c5312ea6 DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00
root b4558887ce Revert "Audit and ACL first cut."
This reverts commit 5818231f48.
2012-06-26 09:40:52 +02:00
noud 5818231f48 Audit and ACL first cut. 2012-06-25 15:54:52 +02:00
Christophe Vandeplas 5eb6a89384 removed reference to useless user_id.
fixed bug where Contact reporter doesn't work when user does not exist
(contact reporter now sends mails to all the org)
2012-06-08 16:57:10 +02:00
Christophe Vandeplas 7f33beaa4c Micro usability improvement 2012-04-04 19:03:39 +02:00
Andrzej Dereszowski 6c5a5aa427 - small bug with "No GPG key" message marked in the code
- path to homedir for GPG added in User.php
2012-04-02 12:14:27 +02:00
Christophe Vandeplas da48ad4769 Confirm password functionality (thanks to Andrzej) 2012-03-22 10:06:33 +01:00
Christophe Vandeplas ce0c0aba0e isAuthorized now handles permissions on admin,delete,edit,... actions 2012-03-20 14:57:52 +01:00
Christophe Vandeplas 07f6b5e090 cleanup old __('Actions') and non echo __() 2012-03-16 14:13:31 +01:00
Christophe Vandeplas 865a24d0bd Migration to CakePHP 2.1.
Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00