- until now checkAction was used to check permissions of a user
- but since all of the role permissions are checked beforefilter in
appcontroller and saved into a public array, doing a lookup of the
array saves an SQL call for each permission check.
- Orgs can propose new attributes or changes to existing attributes for
events that they do not own
- publishing users of the owner organisation can see, accept or discard
them
- Reworked the access control
- minor fixes
- User/Role not looked up recursively anymore for authorisation checks -
improves performance significantly. Also, checking perm_add and
perm_modify instead of doing a lookup in the ACL tables
- To restrict the authentication key from being used by interactive users,
implemented a new export page that uses the uses cake's user
authentication
- the old export features still exist for users with perm_auth enabled
accounts - renamed to automation
- Exporting the events that found attributes belong to in a search
attributes result page
- exporting of individual events to file by clicking a link in event view
- generateCount used to just run through all attributes and save them, to
generate the count. It led to VERY long execution times on larger
databases (25k+ attributes). With the extra processing that each save()
does for attributes, this was horribly slow.
- new generateCount just saves the events based on the number of
associated attributes, only having to save the events (of which there
are considerably less).
- some changes to the access control
- re-renabled regexp and blacklists, will need a closer look though
- editing a role should update ACL
- some other minor things
- Fixed issues with the sync
- Secondary publishes on remote servers failed
- Introduced new fields in events to stop backward traverse of
edit information that lead to low performance and eroneous
distribution information updates when more than 2 servers were
linked
- Deletion of an attribute now deletes on remote servers
- Changes to the event ownership
- Original creator org now noted in the event itself
- Only original creator org can change distribution
- Events will show up with the original creator org for users
(admins can see both that and the owner of the event on the
local instance)
- Server.organization now used in junction with the connecting
user's org and the instance's org (from the bootstrap) to
determine distribution flow control and access rights
- Lots of minor changes
- perm_auth new toggle, can disable auth key usage for a role
- prevents sync / rest with a perm_auth == false key
- some changes to sync to provide better feedback on why it failed
- rewording of distribution options
- moved and fixed the aros_acos creation on the new role creation
- new method in appController that sets all the aros_acos from scratch
(for example for a new instance, or a changed acos / aros table)
- some minor changes, redirects to the terms page on invalid events
removed, etc.
- Admins cannot manually change anyone's authkey, they need to generate a
new one via the reset link
- Some pages could be accessed by changing the url - fixed (though needs
further testing)
- Edited a change in the manual that may have been confusing
- Some changes to the way ACL is set up - still needs more work
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
respect distribution Org in correlations.
(for this
add correlations.1_private conform MYSQL.correlaton.sql
and
AppController::generateCorrelation() must be run)
now should be okay on the checkGroup.
(mind, we have a PHP 5.3.10 (dev) and 5.2.10 (f.a.) difference.
for CakePHP should be php > 5.2.8, pear > 1.9.0 and phpunit 3.5.0)
Add "Pull only" as a sharing state where,
everybody does see an event, is pullable,
but will never be pushed.
Has a generatePrivate for db conversion now.
Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).
Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
i have an idea this blackholeCallback seems to overcome a lot of
blackhole situations we got.
Notably during deleting multiple events from the index,
this improved not getting a blackhole a lot.
Forgot to clean View/Helper/AppHelper.php.
Changed underscore method names to private and protected where
appropriate given phpcs code standards errors.
in Config/bootstrap.php add
Configure::write('CyDefSIG.correlation', 'sql');
possible values:
- default, like it was
- db, correlation in database
- sql, selection on attributes i.s.o. per attribute
(sql improvement possible if result conform db above)
Network activity, ip-src
30 class-C network ip addresses
(7650 tupels) (time in ms)
default db sql
all 25366 16601 15941
24839 16604 15611
paginated 16759 8447 6615
17734 8639 8846
this is used in both:
- events/view/<id>
- attributes/event/<id>
Christophe Vandeplas