451e4ac452
Fixed collapsed perm. gen for book sub-items.
...
Also converted the existing "JointPermission" usage to the new
collapsed permission system.
2022-12-23 14:05:43 +00:00
39acbeac68
Started new permission-caching/querying model
2022-12-22 15:09:17 +00:00
2d9d2bba80
Added additional case thats known to currently fail
...
Also removed so no-longer-relevant todo/comments.
2022-12-21 17:14:54 +00:00
adabf06dbe
Added more inter-method permissions test cases
2022-12-20 19:10:09 +00:00
5ffc10e688
Added entity user permission scenarios
...
Also added definitions for general expected behaviour to readme doc, and
added some entity role inherit scenarios to check they meet expectations.
Currently failing role test but not an issue with test, needs fixing to
app logic.
2022-12-20 15:50:41 +00:00
6a6f5e4d19
Added a bunch of role content permissions
2022-12-17 19:46:48 +00:00
491beee93e
Added additional entity_role_permission scenario tests
2022-12-17 15:27:09 +00:00
f844ae0902
Create additional test helper classes
...
Following recent similar actions done for entities.
Required at this stage to provider better & cleaner helpers
for common user and permission actions to built out permission testing.
2022-12-15 12:29:10 +00:00
d54ea1b3ed
Started more formal permission test case definitions
2022-12-15 11:22:53 +00:00
e8a8fedfd6
Started aligning permission behaviour across application methods
2022-12-14 18:14:01 +00:00
f8c4725166
Aligned logic to entity_permission role_id usage change
...
Now idenitifies fallback using role_id and user_id = null.
Lays some foundations for handling user_id.
2022-12-07 22:07:03 +00:00
31c28be57a
Converted md settings to localstorage, added preview resize
2022-11-28 14:08:20 +00:00
0527c4a1ea
Added test to preference boolean endpoint
2022-11-28 12:17:22 +00:00
40a1377c0b
Fixed tests to align with recent changes, Updated php deps
2022-11-23 12:08:55 +00:00
e20c944350
Fixed OIDC handling when no JWKS 'use' prop exists
...
Now assume, based on OIDC discovery spec, that keys without 'use' are
'sig' keys. Should not affect existing use-cases since existance of such
keys would have throw exceptions in prev. versions of bookstack.
For #3869
2022-11-23 11:50:59 +00:00
e7e83a4109
Added new endpoint for search suggestions
2022-11-21 10:35:53 +00:00
a1b1f8138a
Updated email confirmation flow so confirmation is done via POST
...
To avoid non-user GET requests (Such as those from email scanners)
auto-triggering the confirm submission. Made auto-submit the form via
JavaScript in this extra added step with user-link backup to keep
existing user flow experience.
Closes #3797
2022-11-12 15:11:59 +00:00
d2cd33e226
Added login/register message partials for easier use via theme system
...
Related to #608
2022-11-12 09:02:33 +00:00
d2260b234c
Fixed app logo visibility with secure_restricted images
...
Includes test to cover.
For #3827
2022-11-10 14:15:59 +00:00
832356d56e
Added test to cover books perms. gen with deleted chapter
...
Closes #3796
2022-11-10 13:48:17 +00:00
a3fcc98d6e
Aligned user preference endpoints in style and behaviour
...
Changes their endpoints and remove the user id from the URLs.
Simplifies list changes to share a single endpoint, which aligns it to
the behaviour of the existing sort preference endpoint.
Also added test to ensure user preferences are deleted on user delete.
2022-11-09 19:30:08 +00:00
24a7e8500d
Added tests to cover shortcut endpoints
2022-11-09 18:42:54 +00:00
f809bd3a62
Updated tests to align with recent list changes
2022-11-01 14:53:36 +00:00
7b2fd515da
Updated test to align with latest translation
2022-10-21 10:41:55 +01:00
f0ac454be1
Prevented saml2 autodiscovery on metadata load
...
Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
2022-10-16 09:50:08 +01:00
6adc642d2f
Merge branch 'development' into bugfix/fix-being-unable-to-clear-filters
2022-10-15 15:12:55 +01:00
bd412ddbf9
Updated test for perms. changes and fixed static issues
2022-10-12 12:12:36 +01:00
0f68be608d
Removed most usages of restricted entitiy property
2022-10-10 16:58:26 +01:00
aee0e16194
Started code update for new entity permission format
2022-10-08 13:52:59 +01:00
1df9ec9647
Added proper entity permission removal on role deletion
...
Added test to cover.
2022-10-07 13:12:33 +01:00
d4143c3101
Only output hidden user filters when not set to 'me'
2022-10-06 19:25:47 +02:00
900e853b15
Quick run through of applying new test entity helper class
2022-09-29 22:11:16 +01:00
b56f7355aa
Migrated much test entity usage via find/replace
2022-09-29 17:31:38 +01:00
068a8a068c
Extracted entity testcase methods to own class
...
Also added some new fetch helper methods for future use.
2022-09-29 16:49:25 +01:00
0e94fd44a8
Added contents to book-show endpoint
...
Created a generic list formatting helper class for this, to align with
logic used on the search results endpoint and for easier future re-use
in a standardised way.
Also updated some class property types.
Added test to cover new books-contents results.
Related to #3734
2022-09-29 15:08:18 +01:00
60171b3522
Updated book copy to copy shelf relations
...
Where permission to edit the shelf is allowed.
For #3699
2022-09-28 14:14:51 +01:00
1ac1cf0c78
Applied permissions to revision action visibility
...
Related to #3723
2022-09-28 11:10:06 +01:00
bf56254077
Merge branch 'auth_review' into development
2022-09-27 19:34:48 +01:00
f21669c0c9
Cleaned testing service provider usage
...
Moved testing content out of AppServiceProvider, to a testing-specific
service provider. Updated docs and added composer commands to support
parallel testing.
Also reverted unintentional change to wysiwyg/config.js.
2022-09-27 01:27:51 +01:00
e18033ec1a
Added initial support for parallel testing
2022-09-26 21:25:32 +01:00
5c5ea64228
Added login throttling test, updated reset-pw test method names
2022-09-22 17:29:38 +01:00
90b4257889
Split out registration and pw-reset tests methods
2022-09-22 17:15:15 +01:00
8a749c6acf
Added and ran PHPCS
2022-09-18 01:25:20 +01:00
623ccd4cfa
Removed old thai files, added romanian as lang option
...
Also applied styleci changes
2022-09-06 17:41:32 +01:00
d8672944a5
Added image view access notice to role form
...
Added to clarify the role permission in scenarios where users may have
not read the docs site to understand image access control.
Related to #3688
2022-09-06 17:20:35 +01:00
6955b2fd5a
Widened svg content attribute xss filtering
...
Takes care of additional cases that can occur.
Closes #3705
2022-09-06 17:01:56 +01:00
24f82749ff
Updated OIDC group attr option name
...
To match the existing option name for display names.
Closes #3704
2022-09-06 16:33:17 +01:00
7101ce3050
Added "page_include_parse" theme event
...
For custom control of include tag parsing.
2022-09-05 16:40:42 +01:00
fbef0d06f2
Added permission visiblity control to image-delete button
...
Includes test to cover.
For #3697
2022-09-05 15:52:12 +01:00
ee1e936660
Applied styleci changes, updated composer deps
2022-09-05 13:18:37 +01:00
