cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity
951 Commits
12 Branches
30 Tags
21 MiB
Commit Graph

455 Commits (d1cdbda97229a8c576fc3bf57125df2b790d78c8)

Author SHA1 Message Date
iglocska a9c1619bda
new: [Exception] 429 added 2022-02-07 01:59:33 +01:00
iglocska 88f3cc7944
fix: [security] user settings allow enumeration of usernames 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-04 00:45:42 +01:00
iglocska a263234917
fix: [security] open endpoints should only be open when enabled 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-04 00:36:31 +01:00
iglocska 15190b930e
fix: [security] Sharing group ACL fixes 
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg

- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-04 00:16:24 +01:00
iglocska 5fbd53883f
fix: [sync] created field rules added 
- should stop issues of SG/Individual downloads from remote brood
 2022-01-31 09:35:33 +01:00
iglocska 788feab011
chg: [Version] bump 2022-01-27 22:12:35 +01:00
iglocska cf67c3d1f0
fix: [roles] setting default should be exclusive 
- added aftersave action to remove default from other roles
 2022-01-27 22:06:26 +01:00
iglocska 1ca0f21b86
chg: [user add] form defaults 
- org will default to own org for site admins
- role will default to the default role (if set)
 2022-01-27 21:54:59 +01:00
iglocska 93d4917953
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-27 21:00:32 +01:00
iglocska c983c6f130
fix: [Keycloak baseurl] remove trailing slashes 2022-01-27 20:59:58 +01:00
iglocska eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation 
- opens it up for modifications by the hooking functions
 2022-01-27 20:59:20 +01:00
iglocska 7834ab3d62
chg: [settingsTable] Use settings array for the actual saving in saveSetting 
- allows us to modify a value in the processing steps before the value is committed to disk
 2022-01-27 20:57:35 +01:00
Andras Iklody 6443f36650
Merge pull request #86 from righel/add-inter-connection-tests 
Add inter-connection test
 2022-01-27 16:13:35 +01:00
Sami Mokaddem 7de1c14407
chg: [userSettings:add] Adhere to the passed user context 2022-01-27 10:44:47 +01:00
Sami Mokaddem 789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings 2022-01-27 08:41:31 +01:00
Sami Mokaddem 2e7aabf704
fix: [users:toggle] Prevent users to disable admins 2022-01-26 16:10:33 +01:00
Sami Mokaddem fcffad6777
fix: [users:delete] Typo copy paste error 2022-01-26 15:45:57 +01:00
Luciano Righetti d91a362e99 Merge branch 'develop' into add-inter-connection-tests 2022-01-26 15:31:49 +01:00
iglocska 665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 15:29:53 +01:00
iglocska 95ecc2bc80
fix: [security] fields not adhered to in CRUD components edit 
- users can circumvent restrictions on editable fields
- can lead to privilege escalation when users edit themselves
 2022-01-26 15:28:10 +01:00
Sami Mokaddem 2602b60eb0
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 15:12:46 +01:00
iglocska 006b0aab99
chg: [MISP connector] user edit/delete temporarily commented out as they're not implemented yet 2022-01-26 15:05:38 +01:00
Sami Mokaddem d05868106d
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 14:59:57 +01:00
iglocska 519fcd2b1a
fix: [lax URL validation] added for Broodstable 
- can be reused elsewhere too
- allows for http://hostname style urls
 2022-01-26 14:57:43 +01:00
iglocska f695744bd7
fix: [user view] ACL fixed 2022-01-26 14:57:01 +01:00
iglocska b7facf226d
chg: [Navigationcomponent] added missing changes from previous commit 2022-01-26 14:55:47 +01:00
Sami Mokaddem 74e95855bd
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 14:54:03 +01:00
iglocska 4b5bccae28
chg: [Organisation] Entity accessibility rules 
- make created only accessible when creating new objects
 2022-01-26 14:24:53 +01:00
iglocska c186c88d5c
chg: [navigation] Breadcrumb generation is user aware 
- moved the initialisation of the generation to be invoked from the appcontroller's beforefilter, after the user is loaded into the ACL component
- Only show user setting edits when the user is editing themselves
 2022-01-26 14:21:27 +01:00
iglocska 9a0ddef2af
new: [ACL] added canEditUser() function 
- simple comparison between two users
- checks role + org based permission
 2022-01-26 14:16:28 +01:00
Sami Mokaddem 54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-26 12:11:53 +01:00
Sami Mokaddem f53b458103
fix: [userSettings] Allow admin to edit other user's settings 2022-01-26 12:11:44 +01:00
Luciano Righetti d18471ba95 fix: failing when request is empty json object 2022-01-25 18:02:41 +01:00
iglocska 19c81b7c11
fix: [Sharing groups] UUID and owner org shouldn't be editable 2022-01-25 17:09:29 +01:00
iglocska 1086e41086
fix: [modified] saving fixed for sync captures 
- set the field as not dirty to force an update
- stops the exceptions thrown on pulling these objects in
 2022-01-25 17:01:27 +01:00
iglocska acc9c94baa
Merge branch 'main' into develop 2022-01-25 15:59:31 +01:00
iglocska 55782af52b
fix: [users] add 
- fixed role selection
 2022-01-25 15:58:31 +01:00
Sami Mokaddem 44913c5ed7
fix: [users:settings] Allow admin to see account settings of other users 2022-01-25 15:27:34 +01:00
Sami Mokaddem e05bf61251
chg: [inbox:createEntry] Checks for remote back connection is more flexible 
Handle the case of trailing slash
 2022-01-25 15:02:52 +01:00
Sami Mokaddem eef09f44c4
chg: [brood:connectionTest] Correctly handles network exceptions 2022-01-25 15:02:35 +01:00
Sami Mokaddem 4f8b663b87
chg: [localtTools:connectionRequest] Provide more info on exception 2022-01-25 15:02:30 +01:00
Sami Mokaddem 7d227a4387
chg: [inbox:index] Sort messages by created datetime 2022-01-25 15:02:25 +01:00
Sami Mokaddem dc2bfcb6b2
fix: [components:CRUD] Support of controller's paginate public variable 2022-01-25 15:02:16 +01:00
iglocska e9f77aff51
Merge branch 'develop' into main 2022-01-25 11:36:06 +01:00
iglocska 7830e24e68
Merge branch 'main' of github.com:cerebrate-project/cerebrate into main 2022-01-25 11:35:19 +01:00
iglocska 57e2c75352
fix: [users] role based action filtering added 
- to avoid annoying clickable, but blocked actions for og admins
 2022-01-25 11:34:22 +01:00
Andras Iklody b556f7f22a
Update VERSION.json 2022-01-21 14:39:43 +01:00
iglocska 932a28288d
new: [CRUD] added some new useful features 
- afterFind for the edit functions to make last minute decisions on the modification after already having loaded the data to be modified
- moved the field restrictions to be able to pass it to the view
- try/catch for bulk deletions. A single failure in the beforeSave call will no longer block the entire saving process
 2022-01-21 13:41:29 +01:00
Andras Iklody 80cd93da40
Merge pull request #80 from righel/add-integration-tests 
Add integration tests
 2022-01-19 16:25:19 +01:00
iglocska 475a13847e
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2022-01-19 14:59:48 +01:00