webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-10-31 03:50:27 +03:00
Code Activity
3,836 Commits 20 Branches 216 Tags
user_permissions
Commit Graph

781 Commits

Author SHA1 Message Date
Dan Brown
2f1491c5a4 Split out 'restrictEntityQuery' function components 
Also fixed search query issue with abiguous column
 2023-01-13 16:07:36 +00:00
Dan Brown
451e4ac452 Fixed collapsed perm. gen for book sub-items. 
Also converted the existing "JointPermission" usage to the new
collapsed permission system.
 2022-12-23 14:05:43 +00:00
Dan Brown
39acbeac68 Started new permission-caching/querying model 2022-12-22 15:09:17 +00:00
Dan Brown
2d9d2bba80 Added additional case thats known to currently fail 
Also removed so no-longer-relevant todo/comments.
 2022-12-21 17:14:54 +00:00
Dan Brown
adabf06dbe Added more inter-method permissions test cases 2022-12-20 19:10:09 +00:00
Dan Brown
5ffc10e688 Added entity user permission scenarios 
Also added definitions for general expected behaviour to readme doc, and
added some entity role inherit scenarios to check they meet expectations.
Currently failing role test but not an issue with test, needs fixing to
app logic.
 2022-12-20 15:50:41 +00:00
Dan Brown
6a6f5e4d19 Added a bunch of role content permissions 2022-12-17 19:46:48 +00:00
Dan Brown
491beee93e Added additional entity_role_permission scenario tests 2022-12-17 15:27:09 +00:00
Dan Brown
f844ae0902 Create additional test helper classes 
Following recent similar actions done for entities.
Required at this stage to provider better & cleaner helpers
for common user and permission actions to built out permission testing.
 2022-12-15 12:29:10 +00:00
Dan Brown
d54ea1b3ed Started more formal permission test case definitions 2022-12-15 11:22:53 +00:00
Dan Brown
e8a8fedfd6 Started aligning permission behaviour across application methods 2022-12-14 18:14:01 +00:00
Dan Brown
f8c4725166 Aligned logic to entity_permission role_id usage change 
Now idenitifies fallback using role_id and user_id = null.
Lays some foundations for handling user_id.
 2022-12-07 22:07:03 +00:00
Dan Brown
31c28be57a Converted md settings to localstorage, added preview resize 2022-11-28 14:08:20 +00:00
Dan Brown
0527c4a1ea Added test to preference boolean endpoint 2022-11-28 12:17:22 +00:00
Dan Brown
40a1377c0b Fixed tests to align with recent changes, Updated php deps 2022-11-23 12:08:55 +00:00
Dan Brown
e20c944350 Fixed OIDC handling when no JWKS 'use' prop exists 
Now assume, based on OIDC discovery spec, that keys without 'use' are
'sig' keys. Should not affect existing use-cases since existance of such
keys would have throw exceptions in prev. versions of bookstack.

For #3869
 2022-11-23 11:50:59 +00:00
Dan Brown
e7e83a4109 Added new endpoint for search suggestions 2022-11-21 10:35:53 +00:00
Dan Brown
a1b1f8138a Updated email confirmation flow so confirmation is done via POST 
To avoid non-user GET requests (Such as those from email scanners)
auto-triggering the confirm submission. Made auto-submit the form via
JavaScript in this extra added step with user-link backup to keep
existing user flow experience.

Closes #3797
 2022-11-12 15:11:59 +00:00
Dan Brown
d2cd33e226 Added login/register message partials for easier use via theme system 
Related to #608
 2022-11-12 09:02:33 +00:00
Dan Brown
d2260b234c Fixed app logo visibility with secure_restricted images 
Includes test to cover.
For #3827
 2022-11-10 14:15:59 +00:00
Dan Brown
832356d56e Added test to cover books perms. gen with deleted chapter 
Closes #3796
 2022-11-10 13:48:17 +00:00
Dan Brown
a3fcc98d6e Aligned user preference endpoints in style and behaviour 
Changes their endpoints and remove the user id from the URLs.
Simplifies list changes to share a single endpoint, which aligns it to
the behaviour of the existing sort preference endpoint.
Also added test to ensure user preferences are deleted on user delete.
 2022-11-09 19:30:08 +00:00
Dan Brown
24a7e8500d Added tests to cover shortcut endpoints 2022-11-09 18:42:54 +00:00
Dan Brown
f809bd3a62 Updated tests to align with recent list changes 2022-11-01 14:53:36 +00:00
Dan Brown
7b2fd515da Updated test to align with latest translation 2022-10-21 10:41:55 +01:00
Dan Brown
f0ac454be1 Prevented saml2 autodiscovery on metadata load 
Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
 2022-10-16 09:50:08 +01:00
Dan Brown
6adc642d2f Merge branch 'development' into bugfix/fix-being-unable-to-clear-filters 2022-10-15 15:12:55 +01:00
Dan Brown
bd412ddbf9 Updated test for perms. changes and fixed static issues 2022-10-12 12:12:36 +01:00
Dan Brown
0f68be608d Removed most usages of restricted entitiy property 2022-10-10 16:58:26 +01:00
Dan Brown
aee0e16194 Started code update for new entity permission format 2022-10-08 13:52:59 +01:00
Dan Brown
1df9ec9647 Added proper entity permission removal on role deletion 
Added test to cover.
 2022-10-07 13:12:33 +01:00
Allan
d4143c3101 Only output hidden user filters when not set to 'me' 2022-10-06 19:25:47 +02:00
Dan Brown
900e853b15 Quick run through of applying new test entity helper class 2022-09-29 22:11:16 +01:00
Dan Brown
b56f7355aa Migrated much test entity usage via find/replace 2022-09-29 17:31:38 +01:00
Dan Brown
068a8a068c Extracted entity testcase methods to own class 
Also added some new fetch helper methods for future use.
 2022-09-29 16:49:25 +01:00
Dan Brown
0e94fd44a8 Added contents to book-show endpoint 
Created a generic list formatting helper class for this, to align with
logic used on the search results endpoint and for easier future re-use
in a standardised way.
Also updated some class property types.
Added test to cover new books-contents results.
Related to #3734
 2022-09-29 15:08:18 +01:00
Dan Brown
60171b3522 Updated book copy to copy shelf relations 
Where permission to edit the shelf is allowed.
For #3699
 2022-09-28 14:14:51 +01:00
Dan Brown
1ac1cf0c78 Applied permissions to revision action visibility 
Related to #3723
 2022-09-28 11:10:06 +01:00
Dan Brown
bf56254077 Merge branch 'auth_review' into development 2022-09-27 19:34:48 +01:00
Dan Brown
f21669c0c9 Cleaned testing service provider usage 
Moved testing content out of AppServiceProvider, to a testing-specific
service provider. Updated docs and added composer commands to support
parallel testing.
Also reverted unintentional change to wysiwyg/config.js.
 2022-09-27 01:27:51 +01:00
Dan Brown
e18033ec1a Added initial support for parallel testing 2022-09-26 21:25:32 +01:00
Dan Brown
5c5ea64228 Added login throttling test, updated reset-pw test method names 2022-09-22 17:29:38 +01:00
Dan Brown
90b4257889 Split out registration and pw-reset tests methods 2022-09-22 17:15:15 +01:00
Dan Brown
8a749c6acf Added and ran PHPCS 2022-09-18 01:25:20 +01:00
Dan Brown
623ccd4cfa Removed old thai files, added romanian as lang option 
Also applied styleci changes
 2022-09-06 17:41:32 +01:00
Dan Brown
d8672944a5 Added image view access notice to role form 
Added to clarify the role permission in scenarios where users may have
not read the docs site to understand image access control.

Related to #3688
 2022-09-06 17:20:35 +01:00
Dan Brown
6955b2fd5a Widened svg content attribute xss filtering 
Takes care of additional cases that can occur.
Closes #3705
 2022-09-06 17:01:56 +01:00
Dan Brown
24f82749ff Updated OIDC group attr option name 
To match the existing option name for display names.
Closes #3704
 2022-09-06 16:33:17 +01:00
Dan Brown
7101ce3050 Added "page_include_parse" theme event 
For custom control of include tag parsing.
 2022-09-05 16:40:42 +01:00
Dan Brown
fbef0d06f2 Added permission visiblity control to image-delete button 
Includes test to cover.
For #3697
 2022-09-05 15:52:12 +01:00