Sami Mokaddem
5fa0280f15
fix: [sharingrGroup:delete] Missing params variable
2022-03-01 14:08:16 +01:00
Sami Mokaddem
8450e83607
chg: [sharingroup:index] Changed conditions allowing member org to view a sharing group
...
Previously only the SG owner could see the SG
2022-02-28 14:23:40 +01:00
Sami Mokaddem
b628bc38ae
fix: [sharinggroups:view] Typo skipping org membership check
2022-02-28 14:23:00 +01:00
Sami Mokaddem
7ea5acb167
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-21 11:17:05 +01:00
iglocska
6e67a5b239
fix: [security] Sharing group creation on behalf of other organisation fixed
...
- org admin could create sharing groups on behalf of other organisations
- can lead to misleading sharing groups being created
- as reported by Dawid Czarnecki of Zigrin Security
2022-02-19 01:21:29 +01:00
Sami Mokaddem
62ca877f0b
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-08 08:42:25 +01:00
iglocska
15190b930e
fix: [security] Sharing group ACL fixes
...
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:16:24 +01:00
iglocska
19c81b7c11
fix: [Sharing groups] UUID and owner org shouldn't be editable
2022-01-25 17:09:29 +01:00
Sami Mokaddem
324ac1ce40
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into refactor-metatemplates
2022-01-20 09:00:45 +01:00
iglocska
22e4a90af0
chg: [ACL] tightened ACL for several controllers
...
- org admins now have access to new functionalities, added ACL for them
- Affected controllers:
- Authkeys, encryptionkeys, users, sharinggroups
- sets defaults/restricts access accordingly
2021-11-24 01:32:05 +01:00
Sami Mokaddem
fd21934641
chg: [sharingGroups] Cleaned useless view variables
2021-11-23 14:55:21 +01:00
mokaddem
b3c25f0cae
new: [instance:search_all] Early work on search all feature
2021-09-10 11:55:54 +02:00
mokaddem
4e74da6163
fix: [controllers] Return data based on the CRUD component response
2021-06-29 16:15:05 +02:00
mokaddem
41948044cd
fix: [sharinggroups] Possibility to remove/add org from sharinggroup
2021-01-18 17:26:35 +01:00
mokaddem
a4bb09253f
chg: [sharinggroup] Improved support of CRUDComponent
2021-01-13 14:15:53 +01:00
mokaddem
54c513613e
fix: [sharingGroup] Various fixes for sharing groups
...
- Renamed sharingGroupsOrgs table to follow cake4's recommendation
- Fix case if logged user doesn't have an organisation
- Provide all orgs if user is admin
- Fix issue with model associated with sharingGroupOrgs
- Fix addOrg missing entity for genericForm helper
2020-11-25 16:06:31 +01:00
iglocska
8dbc5ae016
fix: [sharing groups] don't include ALL user details in the sharing group
2020-06-25 02:05:28 +02:00
iglocska
ecc81bdb00
new: [Sharing groups] added (wip)
...
- CRUD
- attach organisation
still missing:
- remove organisation
2020-06-25 01:44:26 +02:00