Commit Graph

157 Commits

Author SHA1 Message Date
Dan Brown 09c2814dc7
Added role based MFA control
- Added new DB column for control and role updated create/update actions.
- Created new middleware as a start to actual enforcement logic.
- Added indicator to role list of whether MFA is enforced.
2021-07-03 13:34:48 +01:00
Dan Brown 916a82616f
Complete base flow for TOTP setup
- Includes DB storage and code validation.
- Extracted TOTP work to its own service file.
- Still needs testing to cover this side of things.
2021-06-30 22:10:02 +01:00
Dan Brown 934a833818 Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Dan Brown bf8e7f3393
Started addition of favourite system 2021-05-16 00:29:56 +01:00
Dan Brown c4e31a0d5e
Updated hard-coded string lengths for indexed columns
Since this is what's causing issues for people during migration due to max
key lengths.
Related to #2710.
2021-04-27 20:53:22 +01:00
Dan Brown 3a9caea846 Started work on user slugs
Related to #2525
2021-03-08 22:34:22 +00:00
Dan Brown 44c41e9e4d Updated footer links to be a configurable list
Made so footer link ordering, names and urls can be set.
Cleaned up some of the setting-service and added support for array
setting types, which are cleaned on entry and stored as json with a new
type indicator column on the settings table for auto-decode.
Also added testing to cover this feature.

Related to #1973 and #854
2021-01-31 00:23:15 +00:00
Dan Brown b493becadf
Started change for entities to have concept of owners 2020-12-30 18:25:35 +00:00
Dan Brown ef1b98019a
Fixed some mis-refactoring and split search service
Search service broken into index and runner tools.
2020-11-22 00:17:45 +00:00
Dan Brown 712ccd23c4
Updated activities table format
Renamed some columns to be more generic and applicable.
Removed now redundant book_id column.
Allowed nullable entity morph columns for non-entity activity.

Ran tests and made required changes.
2020-11-08 00:03:19 +00:00
Dan Brown 04197e393a
Started work on the recycle bin interface 2020-10-03 18:44:12 +01:00
Dan Brown 691027a522
Started implementation of recycle bin functionality 2020-09-27 23:24:33 +01:00
Gertjan Krol 4b0d1ddf39 Fixed the `AddActivityIndexes` migration's `down()` method 2020-09-22 19:22:27 +02:00
Dan Brown 78bf044a7a
Added audit log interface
- Displays the currently tracked activities in the system.

Related to #2173 and #1167
2020-09-19 12:06:45 +01:00
Dan Brown 5f1ee5fb0e
Removed role 'name' field from database
The 'name' field was really redundant and caused confusion in the
codebase, since the 'Display' name is often used and we have a
'system_name' for the admin and public role.

This fixes #2032, Where external auth group matching has confusing
behaviour as matching was done against the display_name, if no
external_auth field is set, but only roles with a match 'name' field
would be considered.

This also fixes and error where the role users migration, on role
delete, would not actually fire due to mis-matching http body keys.
Looks like this has been an issue from the start. Added some testing to
cover. Fixes #2211.

Also converted phpdoc to typehints in many areas of the reviewed code
during the above.
2020-08-04 14:55:01 +01:00
Dan Brown a9f02550f0
Removed joint_permissions auto_increment id
Removed auto_incrementing id and set a primary key of the [role_id,
entity_type, entity_id, action] instead since this table could recieve a
lot of activity, especially when permission regeneration was automated,
leading to very high auto_increment counts which could max out the
integer limit.

Also updated some RolesTest comment endpoints to align with
recent route changes.

Should fix #2091
2020-08-04 13:02:31 +01:00
Dan Brown 692fc46c7d
Removed token 'client' text, avoid confusion w/ oAuth
- Instead have a token_id and a secret.
   - Displayed a 'Token ID' and 'Token Secret'.
2019-12-29 20:07:28 +00:00
Dan Brown 832fbd65af
Added testing coverage to user API token interfaces 2019-12-29 19:46:46 +00:00
Dan Brown dccb279c84
Built out interfaces & endpoints for API token managment 2019-12-29 17:03:52 +00:00
Dan Brown d336ba6874
Started work on API token controls
- Added access-api permission.
- Started user profile UI work.
- Created database table and model for tokens.
- Fixed incorrect templates down migration :(
2019-12-29 13:02:26 +00:00
Dan Brown 44330bdd24
Start user invite system 2019-08-17 15:52:33 +01:00
Dan Brown 71167426bb
Started implementation of page template 2019-07-07 13:45:46 +01:00
Dan Brown 919660678b
Re-structured the app code to be feature based rather than code type based 2018-09-25 12:30:50 +01:00
Dan Brown 818c02ed44
Added null role check to migrate path
Also added check for existing bookshelf role_permissions
in the event the user got that for.
Also related to #1027
2018-09-24 16:30:08 +01:00
Dan Brown 9abdab3991
Updated migration to convert MyISAM tables to InnoDB
New bookshelves_books tables requires foreign constraints which error on MyISAM.
For #1027
2018-09-24 15:58:40 +01:00
Dan Brown b62afcad1f Removed search indexing from migration path to prevent Bookshelf issue 2018-09-23 13:25:12 +01:00
Dan Brown eebfd8904e
Removed old fulltext indexes from migrations
Prevents forcing of MyISAM for some databases
Removed old code to add indexes and added checks for existing indexes before removal.
Should still allow upgrades, rollbacks to old bookstack versions may be funky but
should not be high use-case.
2018-09-23 00:30:48 +01:00
Dan Brown 0b6f83837b
Removed joint_permission generation in older migration 2018-09-20 16:03:01 +01:00
Dan Brown 47b08888ba
Added bookshelf view, update, delete
- Enabled proper ordering of Books in a shelf.
- Improved related item destroy for all entities.
2018-09-16 19:34:09 +01:00
Dan Brown b89411c108
Copied book content, Added create routes
Added view control
Added pivot table for books relation
Added control to assign books
2018-08-27 14:18:09 +01:00
Dan Brown c3986cedfc
Added shelve icon, improved migration, added role permission
Icon is placeholder for now
Migration will now copy permissions from Books to apply to shelves.
Role view updated with visibility on shelve permission
2018-08-04 12:45:45 +01:00
Dan Brown b5a2d3c1c4
Merge remote-tracking branch 'origin' into bookshelves 2018-08-04 11:35:01 +01:00
Dan Brown f421d83627
Added ability to set custom ldap group -> role mapping
Added input in role form to allow matching against custom names.
Changed default mapping to use role display name instead of the hidden
DB name.
2018-07-15 19:34:42 +01:00
Dan Brown 4948b443b6
Started work on bookshelves 2018-06-24 13:38:19 +01:00
Dan Brown 261e57fc4e
Converted books view setting to user setting
Also cleaned up/moved new CSS and removed redundant new book methods.
2017-12-06 16:34:26 +00:00
Dan Brown bc1302a8d8
Merge branch 'BookStackApp-master' of git://github.com/OsmosysSoftware/BookStack into OsmosysSoftware-BookStackApp-master 2017-12-06 15:52:54 +00:00
Bharadwaja G 5034f21394 Added migration file. 2017-09-05 19:53:29 +05:30
Dan Brown fea5630ea4
Made some changes to the comment system
Changed to be rendered server side along with page content.
Changed deletion to fully delete comments from the database.
Added 'local_id' to comments for referencing.
Updated reply system to be non-nested (Incomplete)
Made database comment format entity-agnostic to be more future proof.
Updated designs of comment sections.
2017-09-03 16:37:51 +01:00
Bharadwaja G 7f902e41c7 Resolved conflicts 2017-08-24 12:21:43 +05:30
Dan Brown d6e87420c3
Merged comment migrations and incremented dev version 2017-08-01 20:05:49 +01:00
Dan Brown e9831a7507
Merge branch 'master' of git://github.com/Abijeet/BookStack into Abijeet-master 2017-08-01 19:24:33 +01:00
Dan Brown 2704962277
Updated utfmb4 upgrade command 2017-07-22 16:19:17 +01:00
Dan Brown 6bcd89acf7
Moved utf8mb4 migration to command instead of migration
To prevent errors upon migration.
Command generates out the SQL syntax to make the change instead
so the upgrade can be done manually.

In reference to #425
2017-07-22 15:54:17 +01:00
Abijeet 844976c85b Revert "Revert "Bookstack grid view."" 2017-07-12 11:40:50 +05:30
Dan Brown f101e4f010
Fixed quoting db/table names in encoding migration.
Also fixed incorrect if statement in db config.
2017-07-02 17:34:32 +01:00
Dan Brown 005f0eb4fc
Updated default encoding and added conversion migration.
Also updated how DB port is defined so that the DB_PORT
env var can be used or it can be take from the host name.

Fixes #405
2017-07-02 17:30:12 +01:00
Abijeet 7d02f77e67 #47 - Added more test cases to test the APIs and permission for comments. 2017-06-13 02:31:17 +05:30
Abijeet 9558f84b97 #47 - Adds functionality to delete a comment. Also reduces the number of watchers. 2017-06-04 18:52:44 +05:30
Abijeet Patro 3368fe42d8 Merge pull request #10 from BookStackApp/master
Latest changes
2017-05-03 01:41:08 +05:30
Dan Brown 4c985aac7e
Added page revision counting
Adds stored revision counts to pages and the revisions themselves.
Closes #321
2017-04-20 20:58:54 +01:00
Abijeet 8e2437498f Merge branch 'master' of https://github.com/Abijeet/BookStack 2017-04-19 01:23:27 +05:30
Dan Brown 37813a223a
Improved DB prefix support and removed old search method 2017-04-09 14:44:56 +01:00
Dan Brown 070d4aeb6c
Started implementation of new search system 2017-03-19 12:48:44 +00:00
Abijeet 148350009c #47 Adds comment permission to each role. 2017-01-29 14:25:20 +05:30
Abijeet 70991fc1e5 Merge branch 'master' of https://github.com/Abijeet/BookStack 2017-01-29 09:35:46 +05:30
Dan Brown 8f19231ed5
Added options to use database cache & sessions 2017-01-21 16:39:50 +00:00
Abijeet 397db04428 Added comments controller, model, repo, and the database schema. Modified existing Page model to associate with comments. 2017-01-13 21:45:48 +05:30
Dan Brown e639600ba5
Renamed files to attachments 2016-11-12 14:12:26 +00:00
Dan Brown 7ee695d74a
File upload deletion complete & added extension handling
Also fixed issue with file editing on JS side
2016-10-23 13:36:45 +01:00
Dan Brown ac0b29fb6d
Added view, deletion and permissions for files 2016-10-10 20:30:27 +01:00
Dan Brown 673c74ddfc
Started work on attachments
Created base models and started user-facing controls.
2016-10-09 18:58:22 +01:00
Dan Brown 771626b6ec
Started work on making the public role/user configurable
Create a new 'public' guest user and made the public
role visible on role setting screens.
2016-09-29 12:43:46 +01:00
Dan Brown 9dc9724e15 Laravel 5.3 upgrade (#189)
* Started move to laravel 5.3

* Started updating login & registration flows for laravel 5.3 update

* Updated app emails to notification system

* Fixed registations bugs and removed email confirmation model

* Fixed large portion of laravel post-upgrade issues

* Fixed and tested LDAP process
2016-09-17 18:22:04 +01:00
Younès EL BIACHE 6bc72e157a edit summary 2016-07-07 20:53:43 +02:00
Dan Brown 1bec3eaa1e Added checks to use MyISAM if MySQL 5.5 is found 2016-06-04 16:32:57 +01:00
robert 4acf0c4ee0 Making sure MyISAM is set for the tables that need it for new installtions that are using mariadb. 2016-05-25 23:52:43 +02:00
Dan Brown 9d3f329bc9 Fixed missing column drop on migration rollback 2016-05-22 14:56:26 +01:00
Dan Brown b80184cd93 Renamed attribute to tags & continued interface
Also fixed page create route broken in last commit
2016-05-13 21:20:21 +01:00
Dan Brown 1fa079b466 Started the page attributes interface 2016-05-12 23:12:05 +01:00
Dan Brown 5080b4996e Started base work on attribute system 2016-05-06 20:33:08 +01:00
Dan Brown 75a4fc905b Major permission naming refactor and database migration cleanup 2016-05-01 22:33:56 +01:00
Dan Brown 05666efda9 Added hidden public role to fit with new permissions system 2016-05-01 19:36:53 +01:00
Dan Brown a81a56706e Rolled out new permissions system throughout application 2016-04-24 16:54:20 +01:00
Dan Brown ada7c83e96 Continued with database work for permissions overhaul
Added to the entity_permissions table with further required fields and indexes.
Wrote the code for checking permissions.
2016-04-23 18:14:26 +01:00
Dan Brown ea287ebf86 Started creation of intermediate permission table 2016-04-20 21:37:57 +01:00
Dan Brown 6e03078de3 Started work towards adding role view permissions
Work halted as re-write required.
In reference to #92
2016-04-09 12:40:07 +01:00
Dan Brown e1994ef2cf Added editor control in admin settings & Fixed some markdown editor bugs
Also updated the setting system with a more sane approach to handling default values. (Now done via the setting-defaults config file)
2016-03-29 19:26:13 +01:00
Dan Brown 26965fa08f Added a markdown editor 2016-03-25 14:41:15 +00:00
Dan Brown dbe11c1360 Attached images to pages and added restriction filtering
Closes #79
2016-03-13 13:30:47 +00:00
Dan Brown 5283919d24 Added new page drafts and started image entity attaching
Closes #80.
2016-03-13 12:04:08 +00:00
Dan Brown 59ce228c2e Moved page editing to angular controller and started work on update drafts 2016-03-09 22:32:07 +00:00
Dan Brown 201f788806 Implemented database structure and inital interfaces for entity restrictions 2016-02-28 10:49:41 +00:00
Dan Brown 473261be35 Finished initial implementation of custom role system 2016-02-27 19:24:42 +00:00
Dan Brown 54e3122540 Added smarter page finding so changing the page name does not break old urls
Added page & book slug history to revisions so they can be looked up if a page is not found.
2016-02-25 20:01:59 +00:00
Dan Brown 4442a2e6d1 Started work on user profile pages 2016-02-16 21:25:11 +00:00
Dan Brown d32460070f Made ldap auth use the 'dn' if a 'uid' is not present.
Fixes #56
2016-02-08 19:45:01 +00:00
Dan Brown 4bb7f0613f Fixed issue with initial user not having a password 2016-02-01 18:30:50 +00:00
Dan Brown 1c8c9e65c5 Got LDAP auth working to a functional state 2016-01-11 22:41:05 +00:00
Dan Brown 8f7c642f32 Added custom user avatars 2015-12-09 22:30:55 +00:00
Dan Brown c88096b7e2 Revamped image system to use driver-agnotstic storage and be more efficent 2015-12-07 23:00:34 +00:00
Dan Brown 46c905df8a Added search name weighting. Closes #27. 2015-12-05 15:11:48 +00:00
Dan Brown 62338e4a8f Added further tests, Fixed speed_update issues, improved search result query count 2015-11-29 17:33:25 +00:00
Dan Brown 22f8a408fa Added indexes, Reduced queries on pages 2015-11-26 23:45:04 +00:00
Dan Brown ea55b7f141 Added view count tracking with personalised lists 2015-11-21 17:22:14 +00:00
Dan Brown 88049476fe Change application namespace to BookStack 2015-09-10 19:31:09 +01:00
Dan Brown dec0cbb1b2 Got standard form-based registration working 2015-09-05 20:25:57 +01:00
Dan Brown eac7378ce0 Made social accounts attachable 2015-09-04 20:40:36 +01:00
Dan Brown 9a82d27548 Updated Search experience including adding fulltext mysql indicies. 2015-08-31 20:11:44 +01:00
Dan Brown 17f4aa4300 Added initial settings interface, Fixes #9. 2015-08-30 15:31:16 +01:00
Dan Brown ae95d0a239 Added permission system 2015-08-29 15:03:42 +01:00