cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity
907 Commits
12 Branches
30 Tags
21 MiB
Commit Graph

248 Commits (665999b8f4a69fde35c2fac84195d8b09caca5bf)

Author SHA1 Message Date
iglocska 665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 15:29:53 +01:00
iglocska 95ecc2bc80
fix: [security] fields not adhered to in CRUD components edit 
- users can circumvent restrictions on editable fields
- can lead to privilege escalation when users edit themselves
 2022-01-26 15:28:10 +01:00
Sami Mokaddem d05868106d
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 14:59:57 +01:00
iglocska f695744bd7
fix: [user view] ACL fixed 2022-01-26 14:57:01 +01:00
iglocska b7facf226d
chg: [Navigationcomponent] added missing changes from previous commit 2022-01-26 14:55:47 +01:00
Sami Mokaddem 74e95855bd
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 14:54:03 +01:00
iglocska c186c88d5c
chg: [navigation] Breadcrumb generation is user aware 
- moved the initialisation of the generation to be invoked from the appcontroller's beforefilter, after the user is loaded into the ACL component
- Only show user setting edits when the user is editing themselves
 2022-01-26 14:21:27 +01:00
iglocska 9a0ddef2af
new: [ACL] added canEditUser() function 
- simple comparison between two users
- checks role + org based permission
 2022-01-26 14:16:28 +01:00
Sami Mokaddem 54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 12:11:53 +01:00
Sami Mokaddem f53b458103
fix: [userSettings] Allow admin to edit other user's settings 2022-01-26 12:11:44 +01:00
iglocska 19c81b7c11
fix: [Sharing groups] UUID and owner org shouldn't be editable 2022-01-25 17:09:29 +01:00
iglocska acc9c94baa
Merge branch 'main' into develop 2022-01-25 15:59:31 +01:00
iglocska 55782af52b
fix: [users] add 
- fixed role selection
 2022-01-25 15:58:31 +01:00
Sami Mokaddem 44913c5ed7
fix: [users:settings] Allow admin to see account settings of other users 2022-01-25 15:27:34 +01:00
Sami Mokaddem 4f8b663b87
chg: [localtTools:connectionRequest] Provide more info on exception 2022-01-25 15:02:30 +01:00
Sami Mokaddem 7d227a4387
chg: [inbox:index] Sort messages by created datetime 2022-01-25 15:02:25 +01:00
Sami Mokaddem dc2bfcb6b2
fix: [components:CRUD] Support of controller's paginate public variable 2022-01-25 15:02:16 +01:00
iglocska e9f77aff51
Merge branch 'develop' into main 2022-01-25 11:36:06 +01:00
iglocska 57e2c75352
fix: [users] role based action filtering added 
- to avoid annoying clickable, but blocked actions for og admins
 2022-01-25 11:34:22 +01:00
iglocska 932a28288d
new: [CRUD] added some new useful features 
- afterFind for the edit functions to make last minute decisions on the modification after already having loaded the data to be modified
- moved the field restrictions to be able to pass it to the view
- try/catch for bulk deletions. A single failure in the beforeSave call will no longer block the entire saving process
 2022-01-21 13:41:29 +01:00
Andras Iklody 80cd93da40
Merge pull request #80 from righel/add-integration-tests 
Add integration tests
 2022-01-19 16:25:19 +01:00
iglocska d488f01051
fix: [authkey] add fixed 
- incorrectly potentially filter out valid options when adding a key by a regular user
 2022-01-19 14:39:03 +01:00
Luciano Righetti ee5c723c71 Merge branch 'develop' into add-integration-tests 2022-01-18 18:11:53 +01:00
iglocska f75d0829d1
fix: [user edit] fixed for non admins 2022-01-18 17:52:59 +01:00
iglocska dbaa2ba7b3
fix: [encryption keys] several fixes 
- fix the user view to correctly point to the list of related encryption keys
- fix the lookup on the index to be based on owner_model + owner_id combo
- fix the filtering of the dropdown in the encryption key add form to only valid options
 2022-01-18 16:56:38 +01:00
Luciano Righetti afcfe57767 Merge branch 'develop' into add-integration-tests 2022-01-18 16:26:06 +01:00
iglocska eae8e62e5e
fix: [CRUD] delete post message fix 
- correct order of execution for the beforesave command
 2022-01-18 16:24:24 +01:00
Luciano Righetti 6e31005d79 Merge branch 'develop' into add-integration-tests 2022-01-18 16:11:23 +01:00
iglocska 8cb24baf5f
fix: [ACL] tightening for delete functions 
- implemented beforeSave() function in the CRUD::delete() functionality
- added correct handling for the organisation level encryption keys in the beforeSave constructor
 2022-01-18 15:35:55 +01:00
iglocska c35d67ebca
fix: [encryption keys] functionality to filter orgs/individuals fixed 
- actually execute the query rather than just build it
 2022-01-18 14:59:41 +01:00
Luciano Righetti f48c1a5a17 Merge branch 'develop' into add-integration-tests 2022-01-18 14:29:54 +01:00
iglocska a29a4ea024
Merge branch 'main' into develop 2022-01-18 00:23:19 +01:00
iglocska ec994b05ed
chg: [user] edit restricted to password only for self 2022-01-18 00:20:53 +01:00
iglocska b80d778e1a
fix: [encryption keys] tightened ACL across all CRUD functions 2022-01-18 00:17:47 +01:00
iglocska 8c97c3b3a0
Merge branch 'main' into develop 2022-01-17 17:17:31 +01:00
iglocska 6d13d4aba0
fix: [authkeys] tighten requirements to add authkeys for other org admins 
- site admin: can add to all
- org admin: can add to all in org, except site admin
- everyone else: can add to self only
 2022-01-17 17:16:03 +01:00
Sami Mokaddem 49a3dd1623
chg: [instance] Added support of API response for 2 endpoints 2022-01-17 15:55:55 +01:00
Sami Mokaddem 0c9b032536
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-17 15:30:07 +01:00
Sami Mokaddem 98e8272810
fix: [ACL] Allow anyone to view encryption keys 2022-01-17 15:29:58 +01:00
Sami Mokaddem ef2827e87a
fix: [userSettings] Various permissions issues 2022-01-17 15:24:30 +01:00
iglocska 453c838dfe
fix: [placeholder removed] WiP functionality for local_tool->local_tool connections within the same brood temporarily removed 
- was never fully implemented
 2022-01-17 13:15:26 +01:00
iglocska 1b4c681a88
new: [Outbox] entity added 
- to inherit the appModel functions
 2022-01-17 12:47:48 +01:00
iglocska 12d7607aae
new: [encryption key] view added 
- was missing, despite links to it
 2022-01-17 09:45:45 +01:00
iglocska caf48c9060
fix: [ACL] proper error messages on user edit 
- don't just silently redirect to the own user editing if the user isn't authorised to modify another user
 2022-01-17 09:19:53 +01:00
iglocska 87723c2100
fix: [ACL] added correct file for previous fix (user edit admin permission check) 2022-01-12 10:32:47 +01:00
iglocska 204c60f739
fix: [ACL] fixed ACL check on user edit for the admin permission 
- invalid name used for the lookup (perm_side_admin instead of perm_admin) leading to incorrect downgrading of the permissions
 2022-01-12 10:31:06 +01:00
Luciano Righetti 241e760ad2 add: add API menu option 2022-01-10 16:20:22 +01:00
Luciano Righetti ce1a51cc39 fix: incorrect check 2022-01-10 11:59:23 +01:00
Luciano Righetti a69608530c new: add /api openapi spec view with redoc, add faker to fixtures, validate api responses with openapi spec, add /api/v1/ prefix to api routes 2022-01-07 13:45:52 +01:00
Luciano Righetti f45727704f fix: deprecation warning 2022-01-05 17:44:24 +01:00