d1aa20c5fb
security: [users:edit] Prevent edit of all users with lower privileges by any org_admins
2022-12-08 12:12:10 +01:00
6945e602b8
chg: [users:edit] Added role associated data for the user to be edited
2022-12-08 11:35:22 +01:00
1b47b669ff
fix: [users:view] Fallback value if Keycloak was never configured
2022-12-08 11:32:26 +01:00
561f6d1c77
fix: [user:add/edit] Correctly index orgs by their IDs
2022-12-08 10:54:55 +01:00
53f669e25c
new: [sync+meta_fields] Initial work on meta_field synchronisation and meta_template_directory - WiP
...
The new directory allows to ingest meta_fields without knowing their associated meta_template. Improved the way data is re-arranged, how meta-templates are saved and a helper widget showing the difference local objects have with their remote counter-part
2022-12-07 14:54:28 +01:00
89a13a12a0
chg: [organisations:index] Added support of `full` option to include metafields
2022-12-02 09:51:28 +01:00
e5080e6fda
fix: [brood:preview] Restored searching capability on browsing
2022-11-29 11:51:03 +01:00
a9ef415f9d
fix: [organisation:index] Indentation fix
2022-11-15 14:54:01 +01:00
ae8ecf3955
chg: [organisation:index] Added quickfilter showing all orgs having the same nationality as logged user.org
2022-11-15 11:41:30 +01:00
31750da7c9
chg: [organisation:index] Removed ENISA-specific quick filters
...
But kept them as develop documentation...
2022-11-15 11:40:59 +01:00
6ed9978661
chg: [inbox:filtering] Possibility to filter on severity
2022-11-15 11:22:02 +01:00
d23cf2e2c6
new: [inbox:index] Added support of various context filtering
...
- My notification includes message without user_ids
- User registration
- Inter-connection requests
- Data changed
- severity:*
2022-11-15 11:21:26 +01:00
62c228c44e
chg: [auditLogs:index] Added possibility to view and filter logs base on `created` field
2022-11-14 16:11:18 +01:00
0b26bd629f
fix: [crud:index] requestedEntryAmount doesn't reset the query anymore
2022-11-14 15:55:07 +01:00
b53f2681b4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into feature-metafield-dropdown
2022-11-14 14:53:02 +01:00
f3023eb82c
fix: [individual edit] permission check fix
2022-11-14 11:37:58 +01:00
260e1d30a1
new: [individuals] rework
...
- allow modifications for org admins of individuals associated to their users
- unless they're site admins
- add user information to the individual index to bring clarity to the individual vs users confusion
- rework of the user form field object
2022-11-13 11:09:34 +01:00
ab5cee58ad
fix: [crud] speculative fix for notice error on metatemplates being accessed that aren't loaded
2022-11-11 15:30:55 +01:00
f6f94983e4
fix: [users] several fixes
...
- User enrollment in KC moved to the aftersave (we consider cerebrate to be authoritative)
- adhere to restriction parameters in deletion
2022-11-11 15:08:56 +01:00
c2bff49185
fix: [beforesave] hook removed on get requests
2022-11-11 15:08:23 +01:00
f4b33d1852
fix: [keycloak sync] not needed on user index
...
- was a test that was left in
2022-11-11 10:07:35 +01:00
b1f09dc97e
new: [permission limitations] subsystem added
...
- add limitations for users with given meta fields
- x number / org and y number / globally
- add comments to the limitations
- enforced on user creation/modification
2022-11-09 14:09:27 +01:00
10ce8beb30
chg: [CRUD] component - only try to unlink MetaFields if it's actually loaded
2022-11-09 13:58:02 +01:00
540fd63423
fix: [API] cleaned up the individual API
2022-11-04 09:33:39 +01:00
7504bfab10
fix: [API] rearrange component - handle collections correctly
...
- return a new collection with the individual values transferred to it after changes
- avoids some weird quirks with unsetting related Objects not taking effect
2022-11-04 09:31:46 +01:00
73ad04906a
fix: [typo] capitalisation mistake blocking org edits
2022-11-02 12:11:56 +01:00
11510ea28f
new: [individual] editing enabled for org admins
...
- requires that a user exist for the given individual
2022-10-31 14:42:58 +01:00
2a31e39762
new: [keycloak] automatically set mappings
2022-10-31 13:26:12 +01:00
2f4b6ed2ff
chg: [keycloak] integration rework
...
- switch to the use of attributes
- several minor fixes
2022-10-31 11:31:38 +01:00
03bd4aba30
new: [genericElement:group_table_action] Added support of `show # element` in the table
2022-10-28 09:13:15 +02:00
0db625ce45
chg: [inbox:index] Added filtering on `created` time
2022-10-27 15:57:35 +02:00
aeda393bba
chg: [component:CRUD] Improved filtering to support form type based on database column type
2022-10-27 15:56:39 +02:00
e1499fb705
chg: [inbox:index] Added quick filter on scope
2022-10-27 11:22:55 +02:00
c8ff7bb4b2
new: [adminNotificationBehavior] Added first version of new behavior and associated inboxProcessor
...
This behavior allows to specify on which fields modification site-admins should be notified by receiving a message in their inbox
2022-10-26 17:10:04 +02:00
9c41fd548f
fix: [auth] added keycloak logout
2022-10-25 15:08:41 +02:00
3d5508055a
chg: [inbox:index] Allow filtering index by user.id and user.name
2022-10-25 14:50:39 +02:00
eb6dec8b64
fix: [component:CRUD] Default custom contextual filters do not override search parameters anymore
2022-10-25 14:50:11 +02:00
00c1ae616f
new: [inboxes] Added `severity` level and `message` and removed `description` column
2022-10-25 14:38:16 +02:00
8d7e2b0df2
chg: [inboxes:UI] Renamed `request` into `message`
2022-10-25 10:26:03 +02:00
726dab255e
chg: [inbox:index] Changed quick filter to show `my notification` by default
2022-10-25 10:24:01 +02:00
745340adff
fix: [component:CRUD] Only show metafields filters wjen the model has the behavior
2022-10-25 10:23:11 +02:00
fc0920c7c3
chg: [component:APIRearrange] Rearrange for all iterators
2022-10-21 15:56:53 +02:00
d1d88391e1
fix: [auditlogs:index] Typo preventing showing the `changed` field
2022-10-21 15:55:31 +02:00
41a241cada
new: [pgp] library ported from MISP
...
- added proper view elements for encryption keys
- added key information extraction
2022-10-21 15:25:52 +02:00
ddfc83af6f
chg: [navigation:socialProvider] Improved UI for SSO profile management
2022-10-21 14:14:38 +02:00
0f27435251
fix: [metaTemplates] Correctly show update message
2022-10-21 14:07:41 +02:00
455daba4d4
fix: [navigation:meta-template] Correctly show badge for new templates
2022-10-21 14:06:46 +02:00
8d26be28a2
chg: [auditlogs:index] Reverse sort by ID
2022-09-20 15:31:42 +02:00
760badd268
fix: [alignments] missing contains added
2022-09-19 02:17:36 +02:00
fd6d3466d7
fix: [authkey] should only be used in a rest context
...
- otherwise some weird authentication snafus can happen
- as reported by SK-CERT
2022-09-19 02:14:57 +02:00
4c0c6ef4ac
fix: [counter graphs] fixed to disallow invalid interval entries
...
- as reported by SK-CERT
2022-09-19 01:46:57 +02:00
a9eccb3097
fix: [security] X-FRAME-OPTIONS: DENY added to all responses
...
- as reported by SK-CERT
2022-09-19 01:11:18 +02:00
af1e2fd632
new: [security] Bruteforce protection added
...
- logins allow for 5 attempts every 5 minutes
- Code ported and updated from MISP
- As reported by SK-CERT
2022-09-19 00:25:15 +02:00
254fdc3b84
chg: [security] keycloak enabled - disallow multiple users from being created for the same individual
...
- as reported by SK-CERT
2022-09-18 19:26:24 +02:00
85e8a35091
fix: [api rearrange] shouldn't trigger when dealing with arrays
2022-09-18 18:27:00 +02:00
370995ab50
fix: [audit log] error due to compressible fields not being streams when compression not enabled
2022-09-18 18:16:34 +02:00
3857de8499
fix: [notice] errors when not logged in removed
2022-08-24 14:47:40 +02:00
fac19e0a3c
fix: [exception] speculative fix to a check causing a 500
2022-08-24 11:43:36 +02:00
4c1ce31d50
fix: [unauthed] users internal error fixed
2022-08-24 11:42:38 +02:00
d35a674505
chg: [navigation] added keycloak self management
...
- also some changes to the navigation system
2022-08-24 11:39:56 +02:00
94bfafb743
fix: [meta template] fixes
2022-08-23 16:02:52 +02:00
8bc3088e12
fix: [revert] meta fields unindexing
...
- required for the saving of vchanges
2022-08-23 14:50:13 +02:00
095dd4513c
chg: [rearrange] moved to Entity
2022-08-23 11:42:30 +02:00
d96353ee4f
chg: [APIRearrange] component tied into rest response
2022-08-19 13:02:25 +02:00
3e0d015f69
fix: [meta] template loading reworked
...
- no more crappy string numeric keys among others
2022-08-19 13:01:47 +02:00
b9e5b76766
new: [component] APIRearrange component added
...
- alter the data's format before passing it back via the RestResponseComponent
- to be used to clean up UI specific artifacts / junk
- also to maintain compability between versions/tools
2022-08-19 13:00:19 +02:00
cbb737e18e
fix: [deprecation] pagination component's use removed to comply with 4.4 requirements
2022-08-17 14:00:38 +02:00
60d8a8f655
fix: [deprecation] toList() queries updated
2022-08-17 13:49:11 +02:00
fa68d62890
fix: [component:CRUD] Removed deprecation notice when trying to extract without requesting the collection
2022-06-08 11:56:09 +02:00
8c4c75d83a
fix: [localTools:action] Catch error if local tool's action returned unexpected data
2022-06-08 11:51:52 +02:00
be064bb0c9
new: [KC] profile link added
2022-05-17 10:42:44 +02:00
4575406b33
fix: [users] edit
...
- various issues fixed with the edit function
- re-added the chance to change organisations of a user as a site admin
- tighter checks on the options for the drop downs
2022-05-17 04:02:06 +02:00
2289e91aca
fix: [component:CRUD] Avoid patching entity if it wasn't modified
2022-03-09 12:01:15 +01:00
c0a76d3f99
fix: error when entity has no meta_fields
2022-03-09 09:27:53 +01:00
61736531b1
chg: [indexTable:context_filters] Support of default context filter
...
This filter is used by default if none is provided
2022-03-09 08:55:59 +01:00
e5d0ffa041
fix: remove filter
2022-03-08 15:55:23 +01:00
1a5ee2767f
fix: remove commented line
2022-03-08 15:54:38 +01:00
9a2c6a4c4b
new: add api tests for MetaTemplates and openapi spec, fix minor issues.
2022-03-08 15:51:07 +01:00
c064ca6f53
fix: Bumped ACLComponent
2022-03-01 15:23:44 +01:00
71cd1e307d
chg: [Component:CRUD] Only show used meta-template in view pages
2022-03-01 15:21:56 +01:00
5fa0280f15
fix: [sharingrGroup:delete] Missing params variable
2022-03-01 14:08:16 +01:00
f8c8bbcb0b
fix: [component:CRUD] Fixed typo massageMetaFields
2022-03-01 14:07:20 +01:00
0fb03aae91
fix: [Component:CRUD] Removed confusing `get` parameter
...
- It was confusing and using it could lead to unwanted consequences
- It's clearer to implement the desired logic on controller's side
2022-03-01 14:02:26 +01:00
713f867082
chg: [component:CRUD] Better validation messages
2022-03-01 09:51:51 +01:00
8450e83607
chg: [sharingroup:index] Changed conditions allowing member org to view a sharing group
...
Previously only the SG owner could see the SG
2022-02-28 14:23:40 +01:00
b628bc38ae
fix: [sharinggroups:view] Typo skipping org membership check
2022-02-28 14:23:00 +01:00
8293312f90
fix: [instance:search_all] Support of conditions and afterFind when using global search
2022-02-28 14:16:12 +01:00
aa351b3ccb
fix: [Component:CRUD] Prevent duplication of first metafield if it was unmodified
2022-02-28 11:08:42 +01:00
c13fb53ae0
chg: [organisations] Added meta-field global filtering
2022-02-28 10:50:04 +01:00
3ef64911f9
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-28 09:51:51 +01:00
4089623eaa
chg: [users] Removed useless imports
2022-02-28 09:37:29 +01:00
04b82d356e
chg: [indexTable:filtering] Initial work on supporting custom operators
2022-02-25 15:36:55 +01:00
9d04533e14
chg: [users] restrict org admins from creating other org admins
...
- temporary solution for a single community, make this optional in the future
2022-02-25 10:20:25 +01:00
a9570426db
fix: [component:CRUD] Fix edit where query parameters where not passed correctly
...
It fixes meta-fields duplication while saving
2022-02-25 08:19:01 +01:00
79459838eb
chg: [user add] if no password was set, set a random one
...
- can't be used so far as we have no emailing in place
- it allows user creation when username/password mode is disabled
2022-02-25 00:31:19 +01:00
6f6c10670e
new: [CRUD] added beforeMarshal hook
2022-02-25 00:30:50 +01:00
828946a97f
new: [users] several changes
...
- make usernames immutable
- restrict user creation to aligned individuals (org admin only)
- optionally create individual while creating a user
2022-02-24 13:45:10 +01:00
64cb0f920a
chg: [mailinglist] Added ACL conditions on mailing list operations
...
- Site admins have all authorizations
- Org admins can manipulate the list their user own (can be later replaced by organisation_id instead of user_id)
- Other users can see the all lists they are included in
2022-02-23 10:03:12 +01:00
d2c98fc3c5
chg: [Component:ACL] Added entries for mailing list
2022-02-23 10:01:18 +01:00
ba047885c9
chg: [Component:ACL] Added entry for audit log filtering
2022-02-23 10:00:42 +01:00
Sami Mokaddem