Commit Graph

1485 Commits

Author SHA1 Message Date
3083979855 Added method for using enity ownership in relation queries
It has a large linear-entity-scaling performance impact though.
2023-01-15 17:38:08 +00:00
55642a33ee Attempted fix of issues, realised new query system is a failure
As part of the permission checking we need to check owner user status.
Upon this, we'd also want to check page draft status (and its
creator/owner).
These, for cross-entity/relation queries would need up to another 4 joins.
The performance/index usage is already questionable here.
2023-01-14 13:50:41 +00:00
93ba572369 Aligned admin permission check restriction ignore 2023-01-13 22:19:29 +00:00
a825f27930 Updated additional relation queries to apply permissions correctly 2023-01-13 22:13:31 +00:00
932e1d7c61 Got entity relation query permission application working
May be issues at points of use though, Added todo for this in code.
Also added extra indexes to collapsed table for better query
performance.
2023-01-13 17:10:20 +00:00
2f1491c5a4 Split out 'restrictEntityQuery' function components
Also fixed search query issue with abiguous column
2023-01-13 16:07:36 +00:00
026e9030b9 Reworked userCan permission check to follow defined logic.
Got all current scenario tests passing.
Also fixes own permission which was using the wrong field.
2022-12-23 21:07:49 +00:00
451e4ac452 Fixed collapsed perm. gen for book sub-items.
Also converted the existing "JointPermission" usage to the new
collapsed permission system.
2022-12-23 14:05:43 +00:00
7330139555 Created big scary query to apply permissions via new format 2022-12-22 20:32:06 +00:00
39acbeac68 Started new permission-caching/querying model 2022-12-22 15:09:17 +00:00
2d9d2bba80 Added additional case thats known to currently fail
Also removed so no-longer-relevant todo/comments.
2022-12-21 17:14:54 +00:00
d54ea1b3ed Started more formal permission test case definitions 2022-12-15 11:22:53 +00:00
e8a8fedfd6 Started aligning permission behaviour across application methods 2022-12-14 18:14:01 +00:00
60bf838a4a Added joint_user_permissions handling to query system
Some issues exist to resolve though, not in final state.
2022-12-11 22:53:46 +00:00
0411185fbb Added, and built perm. gen for, joint_user_permissions table 2022-12-11 14:51:53 +00:00
7a269e7689 Added users to permission form interface
Also updated non-joint permission handling to support user permissions.
2022-12-10 14:37:18 +00:00
f8c4725166 Aligned logic to entity_permission role_id usage change
Now idenitifies fallback using role_id and user_id = null.
Lays some foundations for handling user_id.
2022-12-07 22:07:03 +00:00
69d702c783 Updated locale list to align with lang folders 2022-11-30 12:13:50 +00:00
31c28be57a Converted md settings to localstorage, added preview resize 2022-11-28 14:08:20 +00:00
9fd5190c70 Added md editor ui dropdown options & their back-end storage
Still need to perform actual in-editor functionality for those controls.
2022-11-27 20:30:14 +00:00
e20c944350 Fixed OIDC handling when no JWKS 'use' prop exists
Now assume, based on OIDC discovery spec, that keys without 'use' are
'sig' keys. Should not affect existing use-cases since existance of such
keys would have throw exceptions in prev. versions of bookstack.

For #3869
2022-11-23 11:50:59 +00:00
e7e83a4109 Added new endpoint for search suggestions 2022-11-21 10:35:53 +00:00
19a792bc12 Started on a live-preview on global search input 2022-11-14 10:24:14 +00:00
a1b1f8138a Updated email confirmation flow so confirmation is done via POST
To avoid non-user GET requests (Such as those from email scanners)
auto-triggering the confirm submission. Made auto-submit the form via
JavaScript in this extra added step with user-link backup to keep
existing user flow experience.

Closes #3797
2022-11-12 15:11:59 +00:00
d2260b234c Fixed app logo visibility with secure_restricted images
Includes test to cover.
For #3827
2022-11-10 14:15:59 +00:00
737904fa63 Extracted shortcut text to language files 2022-11-10 10:25:28 +00:00
a3fcc98d6e Aligned user preference endpoints in style and behaviour
Changes their endpoints and remove the user id from the URLs.
Simplifies list changes to share a single endpoint, which aligns it to
the behaviour of the existing sort preference endpoint.
Also added test to ensure user preferences are deleted on user delete.
2022-11-09 19:30:08 +00:00
24a7e8500d Added tests to cover shortcut endpoints 2022-11-09 18:42:54 +00:00
9067902267 Added shortcut input controls to make custom shortcuts work 2022-11-09 14:40:44 +00:00
66c8809799 Started interface user shortcut form interface
Built controller actions and initual UI.
Still needs JS logic for shortcut input handling.
2022-11-08 21:17:45 +00:00
9e8240a736 Addressed additional unsupported array spread operation 2022-11-03 14:40:01 +00:00
6364c541ea Fixed phpstan static usage warning, updated ci flows
CI flow updates to follow deprecation warnings
2022-11-03 14:14:22 +00:00
f809bd3a62 Updated tests to align with recent list changes 2022-11-01 14:53:36 +00:00
d4e71e431b Revised revision list to responsive layout 2022-10-31 21:26:31 +00:00
80d2889217 Updated tags list to new responsive format 2022-10-31 11:40:28 +00:00
2bbf7b2194 Revised audit log list to new responsive format 2022-10-30 20:24:08 +00:00
2c114e1a4a Split out user controller preference methods to new controller 2022-10-30 15:25:02 +00:00
ec4cbbd004 Refactored common list handling operations to new class 2022-10-30 15:16:06 +00:00
f75091a1c5 Revised webhooks list to new format
Also aligned query naming to start with model in use.
Also added created/updated sort options to roles.
2022-10-30 12:02:06 +00:00
98b59a1024 Revised role index list to align with user list 2022-10-29 20:52:17 +01:00
986346a0e9 Redesigned users list to be responsive and aligned 2022-10-29 15:23:21 +01:00
2a65331573 Worked towards phpstan level 2, 13 errors remain 2022-10-24 12:12:48 +01:00
ea6eacb400 Fixed chapter fetching during joint permission building
Somehow I accidentally deleted previous line 143 in this commit:
3839bf6bf11ac6b4d19c2ae8f62a314a2c164251
which would then break permission generation for content related to, or
containing, chapters in the recycle bin.
Found via user report (subz) & debugging in discord.
2022-10-21 21:49:29 +01:00
905d339572 Added greek language option 2022-10-20 12:25:02 +01:00
f0ac454be1 Prevented saml2 autodiscovery on metadata load
Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
2022-10-16 09:50:08 +01:00
6951aa3d39 Fixed permission row permission check 2022-10-14 16:03:06 +01:00
bd412ddbf9 Updated test for perms. changes and fixed static issues 2022-10-12 12:12:36 +01:00
98c6422fa6 Extracted entity perms. text to translation files 2022-10-11 15:52:56 +01:00
0fae807713 Fixed and updated "Everyone Else" permissions handling
- Fixed inheriting control for new system.
- Tested copying shelf permissions to books.
- Added additional handling for inheriting scenario identification.
2022-10-10 17:22:38 +01:00
0f68be608d Removed most usages of restricted entitiy property 2022-10-10 16:58:26 +01:00