3083979855
Added method for using enity ownership in relation queries
...
It has a large linear-entity-scaling performance impact though.
2023-01-15 17:38:08 +00:00
55642a33ee
Attempted fix of issues, realised new query system is a failure
...
As part of the permission checking we need to check owner user status.
Upon this, we'd also want to check page draft status (and its
creator/owner).
These, for cross-entity/relation queries would need up to another 4 joins.
The performance/index usage is already questionable here.
2023-01-14 13:50:41 +00:00
93ba572369
Aligned admin permission check restriction ignore
2023-01-13 22:19:29 +00:00
a825f27930
Updated additional relation queries to apply permissions correctly
2023-01-13 22:13:31 +00:00
932e1d7c61
Got entity relation query permission application working
...
May be issues at points of use though, Added todo for this in code.
Also added extra indexes to collapsed table for better query
performance.
2023-01-13 17:10:20 +00:00
2f1491c5a4
Split out 'restrictEntityQuery' function components
...
Also fixed search query issue with abiguous column
2023-01-13 16:07:36 +00:00
026e9030b9
Reworked userCan permission check to follow defined logic.
...
Got all current scenario tests passing.
Also fixes own permission which was using the wrong field.
2022-12-23 21:07:49 +00:00
451e4ac452
Fixed collapsed perm. gen for book sub-items.
...
Also converted the existing "JointPermission" usage to the new
collapsed permission system.
2022-12-23 14:05:43 +00:00
7330139555
Created big scary query to apply permissions via new format
2022-12-22 20:32:06 +00:00
39acbeac68
Started new permission-caching/querying model
2022-12-22 15:09:17 +00:00
2d9d2bba80
Added additional case thats known to currently fail
...
Also removed so no-longer-relevant todo/comments.
2022-12-21 17:14:54 +00:00
d54ea1b3ed
Started more formal permission test case definitions
2022-12-15 11:22:53 +00:00
e8a8fedfd6
Started aligning permission behaviour across application methods
2022-12-14 18:14:01 +00:00
60bf838a4a
Added joint_user_permissions handling to query system
...
Some issues exist to resolve though, not in final state.
2022-12-11 22:53:46 +00:00
0411185fbb
Added, and built perm. gen for, joint_user_permissions table
2022-12-11 14:51:53 +00:00
7a269e7689
Added users to permission form interface
...
Also updated non-joint permission handling to support user permissions.
2022-12-10 14:37:18 +00:00
f8c4725166
Aligned logic to entity_permission role_id usage change
...
Now idenitifies fallback using role_id and user_id = null.
Lays some foundations for handling user_id.
2022-12-07 22:07:03 +00:00
69d702c783
Updated locale list to align with lang folders
2022-11-30 12:13:50 +00:00
31c28be57a
Converted md settings to localstorage, added preview resize
2022-11-28 14:08:20 +00:00
9fd5190c70
Added md editor ui dropdown options & their back-end storage
...
Still need to perform actual in-editor functionality for those controls.
2022-11-27 20:30:14 +00:00
e20c944350
Fixed OIDC handling when no JWKS 'use' prop exists
...
Now assume, based on OIDC discovery spec, that keys without 'use' are
'sig' keys. Should not affect existing use-cases since existance of such
keys would have throw exceptions in prev. versions of bookstack.
For #3869
2022-11-23 11:50:59 +00:00
e7e83a4109
Added new endpoint for search suggestions
2022-11-21 10:35:53 +00:00
19a792bc12
Started on a live-preview on global search input
2022-11-14 10:24:14 +00:00
a1b1f8138a
Updated email confirmation flow so confirmation is done via POST
...
To avoid non-user GET requests (Such as those from email scanners)
auto-triggering the confirm submission. Made auto-submit the form via
JavaScript in this extra added step with user-link backup to keep
existing user flow experience.
Closes #3797
2022-11-12 15:11:59 +00:00
d2260b234c
Fixed app logo visibility with secure_restricted images
...
Includes test to cover.
For #3827
2022-11-10 14:15:59 +00:00
737904fa63
Extracted shortcut text to language files
2022-11-10 10:25:28 +00:00
a3fcc98d6e
Aligned user preference endpoints in style and behaviour
...
Changes their endpoints and remove the user id from the URLs.
Simplifies list changes to share a single endpoint, which aligns it to
the behaviour of the existing sort preference endpoint.
Also added test to ensure user preferences are deleted on user delete.
2022-11-09 19:30:08 +00:00
24a7e8500d
Added tests to cover shortcut endpoints
2022-11-09 18:42:54 +00:00
9067902267
Added shortcut input controls to make custom shortcuts work
2022-11-09 14:40:44 +00:00
66c8809799
Started interface user shortcut form interface
...
Built controller actions and initual UI.
Still needs JS logic for shortcut input handling.
2022-11-08 21:17:45 +00:00
9e8240a736
Addressed additional unsupported array spread operation
2022-11-03 14:40:01 +00:00
6364c541ea
Fixed phpstan static usage warning, updated ci flows
...
CI flow updates to follow deprecation warnings
2022-11-03 14:14:22 +00:00
f809bd3a62
Updated tests to align with recent list changes
2022-11-01 14:53:36 +00:00
d4e71e431b
Revised revision list to responsive layout
2022-10-31 21:26:31 +00:00
80d2889217
Updated tags list to new responsive format
2022-10-31 11:40:28 +00:00
2bbf7b2194
Revised audit log list to new responsive format
2022-10-30 20:24:08 +00:00
2c114e1a4a
Split out user controller preference methods to new controller
2022-10-30 15:25:02 +00:00
ec4cbbd004
Refactored common list handling operations to new class
2022-10-30 15:16:06 +00:00
f75091a1c5
Revised webhooks list to new format
...
Also aligned query naming to start with model in use.
Also added created/updated sort options to roles.
2022-10-30 12:02:06 +00:00
98b59a1024
Revised role index list to align with user list
2022-10-29 20:52:17 +01:00
986346a0e9
Redesigned users list to be responsive and aligned
2022-10-29 15:23:21 +01:00
2a65331573
Worked towards phpstan level 2, 13 errors remain
2022-10-24 12:12:48 +01:00
ea6eacb400
Fixed chapter fetching during joint permission building
...
Somehow I accidentally deleted previous line 143 in this commit:
3839bf6bf11ac6b4d19c2ae8f62a314a2c164251
which would then break permission generation for content related to, or
containing, chapters in the recycle bin.
Found via user report (subz) & debugging in discord.
2022-10-21 21:49:29 +01:00
905d339572
Added greek language option
2022-10-20 12:25:02 +01:00
f0ac454be1
Prevented saml2 autodiscovery on metadata load
...
Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
2022-10-16 09:50:08 +01:00
6951aa3d39
Fixed permission row permission check
2022-10-14 16:03:06 +01:00
bd412ddbf9
Updated test for perms. changes and fixed static issues
2022-10-12 12:12:36 +01:00
98c6422fa6
Extracted entity perms. text to translation files
2022-10-11 15:52:56 +01:00
0fae807713
Fixed and updated "Everyone Else" permissions handling
...
- Fixed inheriting control for new system.
- Tested copying shelf permissions to books.
- Added additional handling for inheriting scenario identification.
2022-10-10 17:22:38 +01:00
0f68be608d
Removed most usages of restricted entitiy property
2022-10-10 16:58:26 +01:00