checks
- actAs acl removed from role and user models together with some extra
code related to the ACL
- Fix of the filename regex as pointed out by cvandeplas.
- Orgs can propose new attributes or changes to existing attributes for
events that they do not own
- publishing users of the owner organisation can see, accept or discard
them
- Reworked the access control
- minor fixes
- Removed javascripts based title bubble showing the event info in related
events / attributes and in the search attribute view.
- Replaced it with values provided by extra cake queries as the delay for
fetching the info field through a js rest request was annoyingly slow
- some coding standards
- Regexp, blacklist, roles, whitelists now logged
- adminCRUD now sets ID (for the logging) on edit
- some minor UI changes (removal of empty action menues on the left menu
bar)
- Fixed an issue that caused attribute values to be converted to 1 on
save in case of an empty regexp table
- Filename validation now happens via whitelisting instead of filename
sanitization
- Only the creating org of the event can change the distribution of
attributes
- Attribute distribution setting are only pushed on edits if they were
manually changed (so that the distribution level of events on the
creating server doesn't get degraded by an edit and push of the event at
a synced server when using connected community settings).
- slight change to the batch attribute search, the search terms are only
echoed up to 9 terms to prevent the mass echoing of a long list
- some changes to the access control
- re-renabled regexp and blacklists, will need a closer look though
- editing a role should update ACL
- some other minor things
Found a bug where an instance that has a lower attribute count pushing to
another would cause the attributes with equal attribute ID to get
overwritten with the pushed ones. Unsetting the attribute ID before the
push fixes this.
- Fixed issues with the sync
- Secondary publishes on remote servers failed
- Introduced new fields in events to stop backward traverse of
edit information that lead to low performance and eroneous
distribution information updates when more than 2 servers were
linked
- Deletion of an attribute now deletes on remote servers
- Changes to the event ownership
- Original creator org now noted in the event itself
- Only original creator org can change distribution
- Events will show up with the original creator org for users
(admins can see both that and the owner of the event on the
local instance)
- Server.organization now used in junction with the connecting
user's org and the instance's org (from the bootstrap) to
determine distribution flow control and access rights
- Lots of minor changes
- Links get validated now to filter malicios code
- removed a double edit button in the case of an admin editing himself
- fixed an error with adding new attributes
- perm_auth new toggle, can disable auth key usage for a role
- prevents sync / rest with a perm_auth == false key
- some changes to sync to provide better feedback on why it failed
- rewording of distribution options
- moved and fixed the aros_acos creation on the new role creation
- new method in appController that sets all the aros_acos from scratch
(for example for a new instance, or a changed acos / aros table)
- some minor changes, redirects to the terms page on invalid events
removed, etc.
- Admins cannot manually change anyone's authkey, they need to generate a
new one via the reset link
- Some pages could be accessed by changing the url - fixed (though needs
further testing)
- Edited a change in the manual that may have been confusing
- Some changes to the way ACL is set up - still needs more work