Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,829 Commits 18 Branches 197 Tags 95 MiB
replace_joint_permissions
Commit Graph

780 Commits

Author SHA1 Message Date
Dan Brown
451e4ac452
Fixed collapsed perm. gen for book sub-items. 
Also converted the existing "JointPermission" usage to the new
collapsed permission system.
 2022-12-23 14:05:43 +00:00
Dan Brown
39acbeac68
Started new permission-caching/querying model 2022-12-22 15:09:17 +00:00
Dan Brown
2d9d2bba80
Added additional case thats known to currently fail 
Also removed so no-longer-relevant todo/comments.
 2022-12-21 17:14:54 +00:00
Dan Brown
adabf06dbe
Added more inter-method permissions test cases 2022-12-20 19:10:09 +00:00
Dan Brown
5ffc10e688
Added entity user permission scenarios 
Also added definitions for general expected behaviour to readme doc, and
added some entity role inherit scenarios to check they meet expectations.
Currently failing role test but not an issue with test, needs fixing to
app logic.
 2022-12-20 15:50:41 +00:00
Dan Brown
6a6f5e4d19
Added a bunch of role content permissions 2022-12-17 19:46:48 +00:00
Dan Brown
491beee93e
Added additional entity_role_permission scenario tests 2022-12-17 15:27:09 +00:00
Dan Brown
f844ae0902
Create additional test helper classes 
Following recent similar actions done for entities.
Required at this stage to provider better & cleaner helpers
for common user and permission actions to built out permission testing.
 2022-12-15 12:29:10 +00:00
Dan Brown
d54ea1b3ed
Started more formal permission test case definitions 2022-12-15 11:22:53 +00:00
Dan Brown
e8a8fedfd6
Started aligning permission behaviour across application methods 2022-12-14 18:14:01 +00:00
Dan Brown
f8c4725166
Aligned logic to entity_permission role_id usage change 
Now idenitifies fallback using role_id and user_id = null.
Lays some foundations for handling user_id.
 2022-12-07 22:07:03 +00:00
Dan Brown
31c28be57a
Converted md settings to localstorage, added preview resize 2022-11-28 14:08:20 +00:00
Dan Brown
0527c4a1ea
Added test to preference boolean endpoint 2022-11-28 12:17:22 +00:00
Dan Brown
40a1377c0b
Fixed tests to align with recent changes, Updated php deps 2022-11-23 12:08:55 +00:00
Dan Brown
e20c944350
Fixed OIDC handling when no JWKS 'use' prop exists 
Now assume, based on OIDC discovery spec, that keys without 'use' are
'sig' keys. Should not affect existing use-cases since existance of such
keys would have throw exceptions in prev. versions of bookstack.

For #3869
 2022-11-23 11:50:59 +00:00
Dan Brown
e7e83a4109
Added new endpoint for search suggestions 2022-11-21 10:35:53 +00:00
Dan Brown
a1b1f8138a
Updated email confirmation flow so confirmation is done via POST 
To avoid non-user GET requests (Such as those from email scanners)
auto-triggering the confirm submission. Made auto-submit the form via
JavaScript in this extra added step with user-link backup to keep
existing user flow experience.

Closes #3797
 2022-11-12 15:11:59 +00:00
Dan Brown
d2cd33e226
Added login/register message partials for easier use via theme system 
Related to #608
 2022-11-12 09:02:33 +00:00
Dan Brown
d2260b234c
Fixed app logo visibility with secure_restricted images 
Includes test to cover.
For #3827
 2022-11-10 14:15:59 +00:00
Dan Brown
832356d56e
Added test to cover books perms. gen with deleted chapter 
Closes #3796
 2022-11-10 13:48:17 +00:00
Dan Brown
a3fcc98d6e
Aligned user preference endpoints in style and behaviour 
Changes their endpoints and remove the user id from the URLs.
Simplifies list changes to share a single endpoint, which aligns it to
the behaviour of the existing sort preference endpoint.
Also added test to ensure user preferences are deleted on user delete.
 2022-11-09 19:30:08 +00:00
Dan Brown
24a7e8500d
Added tests to cover shortcut endpoints 2022-11-09 18:42:54 +00:00
Dan Brown
f809bd3a62
Updated tests to align with recent list changes 2022-11-01 14:53:36 +00:00
Dan Brown
7b2fd515da
Updated test to align with latest translation 2022-10-21 10:41:55 +01:00
Dan Brown
f0ac454be1
Prevented saml2 autodiscovery on metadata load 
Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
 2022-10-16 09:50:08 +01:00
Dan Brown
6adc642d2f
Merge branch 'development' into bugfix/fix-being-unable-to-clear-filters 2022-10-15 15:12:55 +01:00
Dan Brown
bd412ddbf9
Updated test for perms. changes and fixed static issues 2022-10-12 12:12:36 +01:00
Dan Brown
0f68be608d
Removed most usages of restricted entitiy property 2022-10-10 16:58:26 +01:00
Dan Brown
aee0e16194
Started code update for new entity permission format 2022-10-08 13:52:59 +01:00
Dan Brown
1df9ec9647
Added proper entity permission removal on role deletion 
Added test to cover.
 2022-10-07 13:12:33 +01:00
Allan
d4143c3101 Only output hidden user filters when not set to 'me' 2022-10-06 19:25:47 +02:00
Dan Brown
900e853b15
Quick run through of applying new test entity helper class 2022-09-29 22:11:16 +01:00
Dan Brown
b56f7355aa
Migrated much test entity usage via find/replace 2022-09-29 17:31:38 +01:00
Dan Brown
068a8a068c
Extracted entity testcase methods to own class 
Also added some new fetch helper methods for future use.
 2022-09-29 16:49:25 +01:00
Dan Brown
0e94fd44a8
Added contents to book-show endpoint 
Created a generic list formatting helper class for this, to align with
logic used on the search results endpoint and for easier future re-use
in a standardised way.
Also updated some class property types.
Added test to cover new books-contents results.
Related to #3734
 2022-09-29 15:08:18 +01:00
Dan Brown
60171b3522
Updated book copy to copy shelf relations 
Where permission to edit the shelf is allowed.
For #3699
 2022-09-28 14:14:51 +01:00
Dan Brown
1ac1cf0c78
Applied permissions to revision action visibility 
Related to #3723
 2022-09-28 11:10:06 +01:00
Dan Brown
bf56254077
Merge branch 'auth_review' into development 2022-09-27 19:34:48 +01:00
Dan Brown
f21669c0c9
Cleaned testing service provider usage 
Moved testing content out of AppServiceProvider, to a testing-specific
service provider. Updated docs and added composer commands to support
parallel testing.
Also reverted unintentional change to wysiwyg/config.js.
 2022-09-27 01:27:51 +01:00
Dan Brown
e18033ec1a
Added initial support for parallel testing 2022-09-26 21:25:32 +01:00
Dan Brown
5c5ea64228
Added login throttling test, updated reset-pw test method names 2022-09-22 17:29:38 +01:00
Dan Brown
90b4257889
Split out registration and pw-reset tests methods 2022-09-22 17:15:15 +01:00
Dan Brown
8a749c6acf
Added and ran PHPCS 2022-09-18 01:25:20 +01:00
Dan Brown
623ccd4cfa
Removed old thai files, added romanian as lang option 
Also applied styleci changes
 2022-09-06 17:41:32 +01:00
Dan Brown
d8672944a5
Added image view access notice to role form 
Added to clarify the role permission in scenarios where users may have
not read the docs site to understand image access control.

Related to #3688
 2022-09-06 17:20:35 +01:00
Dan Brown
6955b2fd5a
Widened svg content attribute xss filtering 
Takes care of additional cases that can occur.
Closes #3705
 2022-09-06 17:01:56 +01:00
Dan Brown
24f82749ff
Updated OIDC group attr option name 
To match the existing option name for display names.
Closes #3704
 2022-09-06 16:33:17 +01:00
Dan Brown
7101ce3050
Added "page_include_parse" theme event 
For custom control of include tag parsing.
 2022-09-05 16:40:42 +01:00
Dan Brown
fbef0d06f2
Added permission visiblity control to image-delete button 
Includes test to cover.
For #3697
 2022-09-05 15:52:12 +01:00
Dan Brown
ee1e936660
Applied styleci changes, updated composer deps 2022-09-05 13:18:37 +01:00