cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity
1,165 Commits
12 Branches
30 Tags
21 MiB
Commit Graph

350 Commits (71cd1e307dad331a905d8ba1d5ed024f31bc2dfb)

Author SHA1 Message Date
Sami Mokaddem 71cd1e307d
chg: [Component:CRUD] Only show used meta-template in view pages 2022-03-01 15:21:56 +01:00
Sami Mokaddem 5fa0280f15
fix: [sharingrGroup:delete] Missing params variable 2022-03-01 14:08:16 +01:00
Sami Mokaddem f8c8bbcb0b
fix: [component:CRUD] Fixed typo massageMetaFields 2022-03-01 14:07:20 +01:00
Sami Mokaddem 0fb03aae91
fix: [Component:CRUD] Removed confusing `get` parameter 
- It was confusing and using it could lead to unwanted consequences
- It's clearer to implement the desired logic on controller's side
 2022-03-01 14:02:26 +01:00
Sami Mokaddem 713f867082
chg: [component:CRUD] Better validation messages 2022-03-01 09:51:51 +01:00
Sami Mokaddem 8450e83607
chg: [sharingroup:index] Changed conditions allowing member org to view a sharing group 
Previously only the SG owner could see the SG
 2022-02-28 14:23:40 +01:00
Sami Mokaddem b628bc38ae
fix: [sharinggroups:view] Typo skipping org membership check 2022-02-28 14:23:00 +01:00
Sami Mokaddem 8293312f90
fix: [instance:search_all] Support of conditions and afterFind when using global search 2022-02-28 14:16:12 +01:00
Sami Mokaddem aa351b3ccb
fix: [Component:CRUD] Prevent duplication of first metafield if it was unmodified 2022-02-28 11:08:42 +01:00
Sami Mokaddem c13fb53ae0
chg: [organisations] Added meta-field global filtering 2022-02-28 10:50:04 +01:00
Sami Mokaddem 3ef64911f9
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable 2022-02-28 09:51:51 +01:00
Sami Mokaddem 4089623eaa
chg: [users] Removed useless imports 2022-02-28 09:37:29 +01:00
Sami Mokaddem 04b82d356e
chg: [indexTable:filtering] Initial work on supporting custom operators 2022-02-25 15:36:55 +01:00
iglocska 9d04533e14
chg: [users] restrict org admins from creating other org admins 
- temporary solution for a single community, make this optional in the future
 2022-02-25 10:20:25 +01:00
Sami Mokaddem a9570426db
fix: [component:CRUD] Fix edit where query parameters where not passed correctly 
It fixes meta-fields duplication while saving
 2022-02-25 08:19:01 +01:00
iglocska 79459838eb
chg: [user add] if no password was set, set a random one 
- can't be used so far as we have no emailing in place
- it allows user creation when username/password mode is disabled
 2022-02-25 00:31:19 +01:00
iglocska 6f6c10670e
new: [CRUD] added beforeMarshal hook 2022-02-25 00:30:50 +01:00
iglocska 828946a97f
new: [users] several changes 
- make usernames immutable
- restrict user creation to aligned individuals (org admin only)
- optionally create individual while creating a user
 2022-02-24 13:45:10 +01:00
Sami Mokaddem 64cb0f920a
chg: [mailinglist] Added ACL conditions on mailing list operations 
- Site admins have all authorizations
- Org admins can manipulate the list their user own (can be later replaced by organisation_id instead of user_id)
- Other users can see the all lists they are included in
 2022-02-23 10:03:12 +01:00
Sami Mokaddem d2c98fc3c5
chg: [Component:ACL] Added entries for mailing list 2022-02-23 10:01:18 +01:00
Sami Mokaddem ba047885c9
chg: [Component:ACL] Added entry for audit log filtering 2022-02-23 10:00:42 +01:00
Sami Mokaddem 20d896ad47
chg: [Component:CRUD] Allow to filter out rows from the index with afterFind 
Filtering can be achieved by returning `false` instead of the row in the `afterFind` function
 2022-02-23 09:58:55 +01:00
Sami Mokaddem bf3e31c59a
fix: [Component:CRUD] Typo in merge conflict 2022-02-23 08:18:08 +01:00
Sami Mokaddem bce4c5fde9
chg: [Component:CRUD] Removed comment and init correct variable type 2022-02-21 11:51:05 +01:00
Sami Mokaddem aeac86cb52
chg: [Component:CRUD] Typo 2022-02-21 11:48:41 +01:00
Sami Mokaddem 7ea5acb167
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable 2022-02-21 11:17:05 +01:00
iglocska b67c221476
fix: [copy pasta fail] left previous assignment in that is now superseeded by the if branch above 2022-02-20 15:07:58 +01:00
iglocska e2bb58d3c7
fix: [flood protection] default to 127.0.0.1 if no remote_addr is set as we're dealing with a local CLI script 2022-02-20 15:00:15 +01:00
iglocska c005cb7f66
fix: [error code] adding an authkey for a user you are not authorised to modify resulted in a 404 instead of a 405 2022-02-20 14:56:21 +01:00
iglocska b046990153
fix: [flood protection] default to REMOTE_ADDR if the selected default logging IP source header is not populated 2022-02-20 11:49:57 +01:00
iglocska 283299bf36
fix: [security] flood protection control enabled by default 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-19 01:34:07 +01:00
iglocska 6e67a5b239
fix: [security] Sharing group creation on behalf of other organisation fixed 
- org admin could create sharing groups on behalf of other organisations
- can lead to misleading sharing groups being created

- as reported by Dawid Czarnecki of Zigrin Security
 2022-02-19 01:21:29 +01:00
iglocska b41b0dd712
fix: [security] privilege escalation via user edit fixed 
- org admins could circumvent the role restrictions and elevate themselves to a site admin

- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-19 01:02:49 +01:00
Sami Mokaddem a77e29fa38
new: [layout:sidebar] Notifications in the sidebar 2022-02-08 17:58:30 +01:00
Sami Mokaddem 62ca877f0b
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable 2022-02-08 08:42:25 +01:00
iglocska c7b226f844
chg: [flood protection] added cleanup 2022-02-07 02:14:53 +01:00
iglocska d45a4dc499
new: [registration] added optional registration flood protection 
- As reported by Dawid Czarnecki from Zigrin Security
 2022-02-07 02:03:41 +01:00
iglocska e6643365d2
new: [flood protection] behaviour added 
simple expiration system to allow flood protections to be added to any functionality
 2022-02-07 02:01:59 +01:00
iglocska 88f3cc7944
fix: [security] user settings allow enumeration of usernames 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-04 00:45:42 +01:00
iglocska a263234917
fix: [security] open endpoints should only be open when enabled 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-04 00:36:31 +01:00
iglocska 15190b930e
fix: [security] Sharing group ACL fixes 
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg

- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-04 00:16:24 +01:00
iglocska cf67c3d1f0
fix: [roles] setting default should be exclusive 
- added aftersave action to remove default from other roles
 2022-01-27 22:06:26 +01:00
iglocska 1ca0f21b86
chg: [user add] form defaults 
- org will default to own org for site admins
- role will default to the default role (if set)
 2022-01-27 21:54:59 +01:00
Andras Iklody 6443f36650
Merge pull request #86 from righel/add-inter-connection-tests 
Add inter-connection test
 2022-01-27 16:13:35 +01:00
Sami Mokaddem 7de1c14407
chg: [userSettings:add] Adhere to the passed user context 2022-01-27 10:44:47 +01:00
Sami Mokaddem 789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings 2022-01-27 08:41:31 +01:00
Sami Mokaddem 2e7aabf704
fix: [users:toggle] Prevent users to disable admins 2022-01-26 16:10:33 +01:00
Sami Mokaddem fcffad6777
fix: [users:delete] Typo copy paste error 2022-01-26 15:45:57 +01:00
Luciano Righetti d91a362e99 Merge branch 'develop' into add-inter-connection-tests 2022-01-26 15:31:49 +01:00
iglocska 665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 15:29:53 +01:00