Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-07-02 17:41:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,071 Commits 17 Branches 195 Tags 90 MiB
777027bc48
Commit Graph

827 Commits

Author SHA1 Message Date
Dan Brown
1fa5a31960
Fixed role entity permissions ignoring inheritance 
Added additional scnenario tests to cover
 2023-01-24 21:26:41 +00:00
Dan Brown
8be36455ab
Addressed fallback override cases found during testing 
Had misalignment between query and usercan, The nuance between fallback
and entity-role permissions was not taken into account by the query
system. Now added with new test cases to cover.
 2023-01-24 20:42:20 +00:00
Dan Brown
1660e72cc5
Migrated remaining relation permission usages 
Now all tests are passing.
Some level of manual checks to do.
 2023-01-24 19:04:32 +00:00
Dan Brown
78ebcb6f38
Addressed a range of deprecation warnings 
Closes #3969
 2023-01-21 20:50:04 +00:00
Dan Brown
e2a72d16aa
Made adjustments to fit copied work into dev branch 
Ported non-compatible elements, Now all tests passing apart from some
specific permission scenario tests which are probably correctly failing.
Updates some tests to better avoid messing environment state.
 2023-01-21 13:03:47 +00:00
Dan Brown
c724bfe4d3
Copied over work from user_permissions branch 
Only that relevant to the additional testing work.
 2023-01-21 11:08:34 +00:00
Dan Brown
6070d804f8
Fixed incorrect pluralisation for de_informal 
Updated language system to only use initial part of locale for
translation pluralisation to better match the hard-coded logic of the
built-in MessageSelector. Extends and overrides Laravel's default for
this system.

Added test to cover.
Related to #3976.
 2023-01-16 16:56:41 +00:00
Dan Brown
0123d83fb2
Fixed not being able to remove all user roles 
User roles would only be actioned if they existed in the form request,
hence removal of all roles would have no data to action upon.
This adds a placeholder 0-id role to ensure there is always role data to
send, even when no roles are selected. This field value is latter
filtered out.

Added test to cover.

Likely related to #3922.
 2022-12-16 17:44:13 +00:00
Dan Brown
31c28be57a
Converted md settings to localstorage, added preview resize 2022-11-28 14:08:20 +00:00
Dan Brown
0527c4a1ea
Added test to preference boolean endpoint 2022-11-28 12:17:22 +00:00
Dan Brown
40a1377c0b
Fixed tests to align with recent changes, Updated php deps 2022-11-23 12:08:55 +00:00
Dan Brown
e20c944350
Fixed OIDC handling when no JWKS 'use' prop exists 
Now assume, based on OIDC discovery spec, that keys without 'use' are
'sig' keys. Should not affect existing use-cases since existance of such
keys would have throw exceptions in prev. versions of bookstack.

For #3869
 2022-11-23 11:50:59 +00:00
Dan Brown
e7e83a4109
Added new endpoint for search suggestions 2022-11-21 10:35:53 +00:00
Dan Brown
a1b1f8138a
Updated email confirmation flow so confirmation is done via POST 
To avoid non-user GET requests (Such as those from email scanners)
auto-triggering the confirm submission. Made auto-submit the form via
JavaScript in this extra added step with user-link backup to keep
existing user flow experience.

Closes #3797
 2022-11-12 15:11:59 +00:00
Dan Brown
d2cd33e226
Added login/register message partials for easier use via theme system 
Related to #608
 2022-11-12 09:02:33 +00:00
Dan Brown
d2260b234c
Fixed app logo visibility with secure_restricted images 
Includes test to cover.
For #3827
 2022-11-10 14:15:59 +00:00
Dan Brown
832356d56e
Added test to cover books perms. gen with deleted chapter 
Closes #3796
 2022-11-10 13:48:17 +00:00
Dan Brown
a3fcc98d6e
Aligned user preference endpoints in style and behaviour 
Changes their endpoints and remove the user id from the URLs.
Simplifies list changes to share a single endpoint, which aligns it to
the behaviour of the existing sort preference endpoint.
Also added test to ensure user preferences are deleted on user delete.
 2022-11-09 19:30:08 +00:00
Dan Brown
24a7e8500d
Added tests to cover shortcut endpoints 2022-11-09 18:42:54 +00:00
Dan Brown
f809bd3a62
Updated tests to align with recent list changes 2022-11-01 14:53:36 +00:00
Dan Brown
7b2fd515da
Updated test to align with latest translation 2022-10-21 10:41:55 +01:00
Dan Brown
f0ac454be1
Prevented saml2 autodiscovery on metadata load 
Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
 2022-10-16 09:50:08 +01:00
Dan Brown
6adc642d2f
Merge branch 'development' into bugfix/fix-being-unable-to-clear-filters 2022-10-15 15:12:55 +01:00
Dan Brown
bd412ddbf9
Updated test for perms. changes and fixed static issues 2022-10-12 12:12:36 +01:00
Dan Brown
0f68be608d
Removed most usages of restricted entitiy property 2022-10-10 16:58:26 +01:00
Dan Brown
aee0e16194
Started code update for new entity permission format 2022-10-08 13:52:59 +01:00
Dan Brown
1df9ec9647
Added proper entity permission removal on role deletion 
Added test to cover.
 2022-10-07 13:12:33 +01:00
Allan
d4143c3101 Only output hidden user filters when not set to 'me' 2022-10-06 19:25:47 +02:00
Dan Brown
900e853b15
Quick run through of applying new test entity helper class 2022-09-29 22:11:16 +01:00
Dan Brown
b56f7355aa
Migrated much test entity usage via find/replace 2022-09-29 17:31:38 +01:00
Dan Brown
068a8a068c
Extracted entity testcase methods to own class 
Also added some new fetch helper methods for future use.
 2022-09-29 16:49:25 +01:00
Dan Brown
0e94fd44a8
Added contents to book-show endpoint 
Created a generic list formatting helper class for this, to align with
logic used on the search results endpoint and for easier future re-use
in a standardised way.
Also updated some class property types.
Added test to cover new books-contents results.
Related to #3734
 2022-09-29 15:08:18 +01:00
Dan Brown
60171b3522
Updated book copy to copy shelf relations 
Where permission to edit the shelf is allowed.
For #3699
 2022-09-28 14:14:51 +01:00
Dan Brown
1ac1cf0c78
Applied permissions to revision action visibility 
Related to #3723
 2022-09-28 11:10:06 +01:00
Dan Brown
bf56254077
Merge branch 'auth_review' into development 2022-09-27 19:34:48 +01:00
Dan Brown
f21669c0c9
Cleaned testing service provider usage 
Moved testing content out of AppServiceProvider, to a testing-specific
service provider. Updated docs and added composer commands to support
parallel testing.
Also reverted unintentional change to wysiwyg/config.js.
 2022-09-27 01:27:51 +01:00
Dan Brown
e18033ec1a
Added initial support for parallel testing 2022-09-26 21:25:32 +01:00
Dan Brown
5c5ea64228
Added login throttling test, updated reset-pw test method names 2022-09-22 17:29:38 +01:00
Dan Brown
90b4257889
Split out registration and pw-reset tests methods 2022-09-22 17:15:15 +01:00
Dan Brown
8a749c6acf
Added and ran PHPCS 2022-09-18 01:25:20 +01:00
Dan Brown
623ccd4cfa
Removed old thai files, added romanian as lang option 
Also applied styleci changes
 2022-09-06 17:41:32 +01:00
Dan Brown
d8672944a5
Added image view access notice to role form 
Added to clarify the role permission in scenarios where users may have
not read the docs site to understand image access control.

Related to #3688
 2022-09-06 17:20:35 +01:00
Dan Brown
6955b2fd5a
Widened svg content attribute xss filtering 
Takes care of additional cases that can occur.
Closes #3705
 2022-09-06 17:01:56 +01:00
Dan Brown
24f82749ff
Updated OIDC group attr option name 
To match the existing option name for display names.
Closes #3704
 2022-09-06 16:33:17 +01:00
Dan Brown
7101ce3050
Added "page_include_parse" theme event 
For custom control of include tag parsing.
 2022-09-05 16:40:42 +01:00
Dan Brown
fbef0d06f2
Added permission visiblity control to image-delete button 
Includes test to cover.
For #3697
 2022-09-05 15:52:12 +01:00
Dan Brown
ee1e936660
Applied styleci changes, updated composer deps 2022-09-05 13:18:37 +01:00
Dan Brown
2fe261e207
Updated page revisions link visibility 
To match the actual visibilities of the revisions listing page and
options.
Related to #2946
 2022-09-03 12:32:21 +01:00
Dan Brown
7f8b3eff5a
Fixed failing tests due to shelf text changes, applied styleci changes 2022-09-02 14:47:44 +01:00
Dan Brown
c76b5e2ec4
Fixed local_secure_restricted preventing attachment uploads 
Due to option name change and therefore lack of handling.
Added test case to cover.
 2022-09-02 14:40:17 +01:00
Dan Brown
092b6d6378
Added test and handling for local_secure_restricted in exports 2022-09-02 14:21:43 +01:00
Dan Brown
f88330202b
Added test to cover secure restricted functionality 2022-09-02 14:03:23 +01:00
Dan Brown
f28ed0ef0b
Fixed shelf covers being stored as 'cover_book' 
Are now stored as 'cover_bookshelf' as expected.
Added a migrate to alter existing shelf cover image types.
 2022-09-02 12:54:54 +01:00
Dan Brown
34c63e1c30
Added test & update to prevent page creation w/ empty slug 
Caused by changes to page repo in reference work,
This adds back in the slug generate although at a more central place.
Adds a test case to cover the problematic scenario.
 2022-09-01 12:53:34 +01:00
Dan Brown
9153be963d
Added book child reference handling on book url change 
Closes #3683
 2022-08-30 22:00:32 +01:00
Dan Brown
1cc7c649dc
Applied StyleCi changes, updated php deps 2022-08-29 17:46:41 +01:00
Dan Brown
e537d0c4e8
Merge pull request #3656 from BookStackApp/x_linking 
Link reference tracking & updating
 2022-08-29 17:45:05 +01:00
Dan Brown
6edf2c155d
Added maintenance action to regenerate references 2022-08-29 17:30:26 +01:00
Dan Brown
401c156687
Merge pull request #3616 from BookStackApp/oidc_group_sync 
Added OIDC group sync functionality
 2022-08-25 11:17:18 +01:00
Dan Brown
b86ee6d252
Rolled out reference link updating logic usage 
Added test to cover updating of content on reference url change
 2022-08-21 18:05:19 +01:00
Dan Brown
f634b4ea57
Added entity meta link to reference page 
Not totally happy with implementation as is requires extra service to be
injected to core controllers, but does the job.
Included test to cover.
Updated some controller properties to be typed while there.
 2022-08-20 12:07:38 +01:00
Dan Brown
d198332d3c
Rolled out reference pages to all entities, added testing 
Including testing to check permissions applied to listed references.
 2022-08-19 22:40:44 +01:00
Dan Brown
bbe504c559
Added reference handling on page actions 
Page update/create/restore/clone/delete.
Added a couple of tests to cover a couple of those.
 2022-08-17 17:37:27 +01:00
Dan Brown
3290ab3ac9
Added regenerate-references command test 
Also updated model resolvers to only fetch model ID, to prevent bringing
back way more data from database than desired.
 2022-08-17 16:59:23 +01:00
Dan Brown
5d29d0cc7b
Added reference storage system, and command to re-index 
Also re-named/orgranized some files for this, to make them "References"
specific instead of a subset of "Util".
 2022-08-17 14:40:14 +01:00
Dan Brown
344b3a3615
Added system to extract model references from HTML content 
For the start of a managed cross-linking system.
 2022-08-16 13:23:53 +01:00
Dan Brown
837fd74bf6
Refactored search-based code to its own folder 
Also applied StyleCI changes
 2022-08-16 11:28:05 +01:00
Dan Brown
5f7cd735ea
Added content filtering of tags with javascript or data in values attr 
Case would be blocked by CSP but adding for cases where CSP may not be
active when content taken externally.

For #3636
 2022-08-11 10:28:32 +01:00
Dan Brown
16eedc8264
Fixed failed permission checks due to non-loaded fields 
Added additional exceptions to prevent such cases in the future, so
that they are caught in dev ideally.
Added test case specifically for reported favourite scenario.
 2022-08-10 08:06:48 +01:00
Dan Brown
97ec560282
Added test to cover export body start/end partial usage 2022-08-09 13:49:42 +01:00
Dan Brown
45dc28ba2a
Applied latest styleci changes 2022-08-09 13:26:45 +01:00
Dan Brown
6e0a7344fa
Added revision activity types to system and audit log 
Closes #3628
 2022-08-09 13:25:18 +01:00
Dan Brown
89ec9a5081
Sprinkled in some user language validation 
For #3615
 2022-08-04 17:24:04 +01:00
Dan Brown
b987bea37a
Added OIDC group sync functionality 
Is generally aligned with out SAML2 group sync functionality, but for
OIDC based upon feedback in #3004.
Neeeded the tangental addition of being able to define custom scopes on
the initial auth request as some systems use this to provide additional
id token claims such as groups.

Includes tests to cover.
Tested live using Okta.
 2022-08-02 16:56:56 +01:00
Dan Brown
0bb5654f80
Updated composer deps, applied StyleCI changes 2022-07-27 11:07:41 +01:00
Dan Brown
bd14dc067b
Added 'Sort Book' action to chapters 
Related to #2335
 2022-07-26 12:36:17 +01:00
Dan Brown
d4a119b2aa
Fixed disabling of avatar urls, Removed id from gravatar image name 
Included test to cover avatar url disabling.
Related to #1835
 2022-07-26 12:10:19 +01:00
Dan Brown
7fdc7c68b9
Added test to cover code favourite pref. endpoint 2022-07-25 18:48:40 +01:00
Dan Brown
975ba4f8d8
Added content-view body classes generated from tags 
Included tests to cover.

Closes #3583
 2022-07-23 18:29:04 +01:00
Dan Brown
840a1ea011
Applied latest styleci changes 2022-07-23 15:11:06 +01:00
Dan Brown
72c8b138e1
Updated tests to use ssddanbrown/asserthtml package 
Closes #3519
 2022-07-23 15:10:18 +01:00
Dan Brown
4e8995c3d0
Added ability to adjust stored IP address precision 
Included tests to cover.

For #3560
 2022-07-23 13:41:29 +01:00
Dan Brown
67d12cc1df
Fixed failing license test 2022-07-23 12:08:55 +01:00
Dan Brown
f573e09004
Applied styleci changes, updated dev version & readme roadmap 2022-07-23 11:36:37 +01:00
Dan Brown
56da25b07a
Fixed failing tests from dompdf chanages 2022-07-17 14:32:09 +01:00
Dan Brown
5f5b6ff0be
Added "ACTIVITY_LOGGED" theme event 
Closes #3572
 2022-07-17 13:28:56 +01:00
Dan Brown
9cf05944f6
Applied StyleCI changes 2022-07-17 10:32:16 +01:00
Dan Brown
e6e6d25974
Removed test web route, extracted text, added test 2022-07-17 10:18:24 +01:00
Dan Brown
8f90996cef
Dropped use of non-view joint permissions 2022-07-16 21:50:42 +01:00
Dan Brown
2989852520
Added simple data model for faster permission generation 2022-07-12 21:13:02 +01:00
Dan Brown
b0a4d3d059
Renamed and cleaned up existing permission service classes use 2022-07-12 20:15:41 +01:00
Dan Brown
2d4f708c79
Extracted permission building out of permission service 2022-07-12 19:38:11 +01:00
Dan Brown
0bcd1795cb
Auth group sync: Fixed unintential mapping behaviour change 
Due to change in how casing was handled when used in the "External Auth
ID" role field.
Likely related to #3535.
Added test to cover.
 2022-06-27 14:18:46 +01:00
Dan Brown
107df6c28f
Applied StyleCI changes 2022-06-25 14:27:32 +01:00
Dan Brown
3ed1ffdbeb
Fixed issue blocking tags on book update 
For #3527
 2022-06-25 13:46:55 +01:00
Dan Brown
46d71a181e
Updated php deps and applied styleci changes 2022-06-22 12:49:58 +01:00
Dan Brown
8d8da31fdd
Added base template convenience partials for theme system users 
Included test to cover usage and paths.
Closes #894
 2022-06-22 12:47:31 +01:00
Dan Brown
0d9b5a9d90
Merge branch 'login-auto-redirect' into development 2022-06-21 15:38:01 +01:00
Dan Brown
8b211ed461
Review and update of login auto initiation PR 
For PR #3406

- Updated naming from 'redirect' to 'initate/initation'.
- Updated phpunit.xml and .env.example.complete files with the new
  option.
- Cleaned up controller logic a bit.
- Added content and design to the new initation view to not leave user
  on a blank view for a while.
- Added non-JS button to initiation view as fallback option for
  progression.
- Moved new test to it's own Test class and expanded with additional
  scenario tests for better functionality coverage.
 2022-06-21 15:32:18 +01:00
Dan Brown
0c6f598d91
Fixed issue where text after line breaks not indexed 
Linebreaks would previously essentially be removed during index and
hence joined to adjacent words, breaking prefix matching.
Added test to cover.
For #3508
 2022-06-20 23:47:42 +01:00