colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,080 Commits 1 Branch 0 Tags 48 MiB
Commit Graph

830 Commits

Author SHA1 Message Date
Dan Brown 48df8725d8
Added better drawing load failure handling 
Failure of loading drawings will now close the drawing view and show an
error message, hinting at file or permission issues, instead of leaving
the user facing a continuosly loading interface.

Adds test to cover.

This also updates errors from our HTTP service to be wrapped in a custom
error type for better identification and so the error is an actual
javascript error. Should be object compatible.

Related to #3955.
 2023-01-26 12:18:33 +00:00
Dan Brown a50b0ea1e5
Covered app icon setting with testing 2023-01-25 16:41:41 +00:00
Dan Brown 0f113ec41f
Merge pull request #3986 from BookStackApp/permission_testing 
Permission Testing & Alignment
 2023-01-24 21:37:28 +00:00
Dan Brown 1fa5a31960
Fixed role entity permissions ignoring inheritance 
Added additional scnenario tests to cover
 2023-01-24 21:26:41 +00:00
Dan Brown 8be36455ab
Addressed fallback override cases found during testing 
Had misalignment between query and usercan, The nuance between fallback
and entity-role permissions was not taken into account by the query
system. Now added with new test cases to cover.
 2023-01-24 20:42:20 +00:00
Dan Brown 1660e72cc5
Migrated remaining relation permission usages 
Now all tests are passing.
Some level of manual checks to do.
 2023-01-24 19:04:32 +00:00
Dan Brown 78ebcb6f38
Addressed a range of deprecation warnings 
Closes #3969
 2023-01-21 20:50:04 +00:00
Dan Brown e2a72d16aa
Made adjustments to fit copied work into dev branch 
Ported non-compatible elements, Now all tests passing apart from some
specific permission scenario tests which are probably correctly failing.
Updates some tests to better avoid messing environment state.
 2023-01-21 13:03:47 +00:00
Dan Brown c724bfe4d3
Copied over work from user_permissions branch 
Only that relevant to the additional testing work.
 2023-01-21 11:08:34 +00:00
Dan Brown 6070d804f8
Fixed incorrect pluralisation for de_informal 
Updated language system to only use initial part of locale for
translation pluralisation to better match the hard-coded logic of the
built-in MessageSelector. Extends and overrides Laravel's default for
this system.

Added test to cover.
Related to #3976.
 2023-01-16 16:56:41 +00:00
Dan Brown 0123d83fb2
Fixed not being able to remove all user roles 
User roles would only be actioned if they existed in the form request,
hence removal of all roles would have no data to action upon.
This adds a placeholder 0-id role to ensure there is always role data to
send, even when no roles are selected. This field value is latter
filtered out.

Added test to cover.

Likely related to #3922.
 2022-12-16 17:44:13 +00:00
Dan Brown 31c28be57a
Converted md settings to localstorage, added preview resize 2022-11-28 14:08:20 +00:00
Dan Brown 0527c4a1ea
Added test to preference boolean endpoint 2022-11-28 12:17:22 +00:00
Dan Brown 40a1377c0b
Fixed tests to align with recent changes, Updated php deps 2022-11-23 12:08:55 +00:00
Dan Brown e20c944350
Fixed OIDC handling when no JWKS 'use' prop exists 
Now assume, based on OIDC discovery spec, that keys without 'use' are
'sig' keys. Should not affect existing use-cases since existance of such
keys would have throw exceptions in prev. versions of bookstack.

For #3869
 2022-11-23 11:50:59 +00:00
Dan Brown e7e83a4109
Added new endpoint for search suggestions 2022-11-21 10:35:53 +00:00
Dan Brown a1b1f8138a
Updated email confirmation flow so confirmation is done via POST 
To avoid non-user GET requests (Such as those from email scanners)
auto-triggering the confirm submission. Made auto-submit the form via
JavaScript in this extra added step with user-link backup to keep
existing user flow experience.

Closes #3797
 2022-11-12 15:11:59 +00:00
Dan Brown d2cd33e226
Added login/register message partials for easier use via theme system 
Related to #608
 2022-11-12 09:02:33 +00:00
Dan Brown d2260b234c
Fixed app logo visibility with secure_restricted images 
Includes test to cover.
For #3827
 2022-11-10 14:15:59 +00:00
Dan Brown 832356d56e
Added test to cover books perms. gen with deleted chapter 
Closes #3796
 2022-11-10 13:48:17 +00:00
Dan Brown a3fcc98d6e
Aligned user preference endpoints in style and behaviour 
Changes their endpoints and remove the user id from the URLs.
Simplifies list changes to share a single endpoint, which aligns it to
the behaviour of the existing sort preference endpoint.
Also added test to ensure user preferences are deleted on user delete.
 2022-11-09 19:30:08 +00:00
Dan Brown 24a7e8500d
Added tests to cover shortcut endpoints 2022-11-09 18:42:54 +00:00
Dan Brown f809bd3a62
Updated tests to align with recent list changes 2022-11-01 14:53:36 +00:00
Dan Brown 7b2fd515da
Updated test to align with latest translation 2022-10-21 10:41:55 +01:00
Dan Brown f0ac454be1
Prevented saml2 autodiscovery on metadata load 
Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
 2022-10-16 09:50:08 +01:00
Dan Brown 6adc642d2f
Merge branch 'development' into bugfix/fix-being-unable-to-clear-filters 2022-10-15 15:12:55 +01:00
Dan Brown bd412ddbf9
Updated test for perms. changes and fixed static issues 2022-10-12 12:12:36 +01:00
Dan Brown 0f68be608d
Removed most usages of restricted entitiy property 2022-10-10 16:58:26 +01:00
Dan Brown aee0e16194
Started code update for new entity permission format 2022-10-08 13:52:59 +01:00
Dan Brown 1df9ec9647
Added proper entity permission removal on role deletion 
Added test to cover.
 2022-10-07 13:12:33 +01:00
Allan d4143c3101 Only output hidden user filters when not set to 'me' 2022-10-06 19:25:47 +02:00
Dan Brown 900e853b15
Quick run through of applying new test entity helper class 2022-09-29 22:11:16 +01:00
Dan Brown b56f7355aa
Migrated much test entity usage via find/replace 2022-09-29 17:31:38 +01:00
Dan Brown 068a8a068c
Extracted entity testcase methods to own class 
Also added some new fetch helper methods for future use.
 2022-09-29 16:49:25 +01:00
Dan Brown 0e94fd44a8
Added contents to book-show endpoint 
Created a generic list formatting helper class for this, to align with
logic used on the search results endpoint and for easier future re-use
in a standardised way.
Also updated some class property types.
Added test to cover new books-contents results.
Related to #3734
 2022-09-29 15:08:18 +01:00
Dan Brown 60171b3522
Updated book copy to copy shelf relations 
Where permission to edit the shelf is allowed.
For #3699
 2022-09-28 14:14:51 +01:00
Dan Brown 1ac1cf0c78
Applied permissions to revision action visibility 
Related to #3723
 2022-09-28 11:10:06 +01:00
Dan Brown bf56254077
Merge branch 'auth_review' into development 2022-09-27 19:34:48 +01:00
Dan Brown f21669c0c9
Cleaned testing service provider usage 
Moved testing content out of AppServiceProvider, to a testing-specific
service provider. Updated docs and added composer commands to support
parallel testing.
Also reverted unintentional change to wysiwyg/config.js.
 2022-09-27 01:27:51 +01:00
Dan Brown e18033ec1a
Added initial support for parallel testing 2022-09-26 21:25:32 +01:00
Dan Brown 5c5ea64228
Added login throttling test, updated reset-pw test method names 2022-09-22 17:29:38 +01:00
Dan Brown 90b4257889
Split out registration and pw-reset tests methods 2022-09-22 17:15:15 +01:00
Dan Brown 8a749c6acf
Added and ran PHPCS 2022-09-18 01:25:20 +01:00
Dan Brown 623ccd4cfa
Removed old thai files, added romanian as lang option 
Also applied styleci changes
 2022-09-06 17:41:32 +01:00
Dan Brown d8672944a5
Added image view access notice to role form 
Added to clarify the role permission in scenarios where users may have
not read the docs site to understand image access control.

Related to #3688
 2022-09-06 17:20:35 +01:00
Dan Brown 6955b2fd5a
Widened svg content attribute xss filtering 
Takes care of additional cases that can occur.
Closes #3705
 2022-09-06 17:01:56 +01:00
Dan Brown 24f82749ff
Updated OIDC group attr option name 
To match the existing option name for display names.
Closes #3704
 2022-09-06 16:33:17 +01:00
Dan Brown 7101ce3050
Added "page_include_parse" theme event 
For custom control of include tag parsing.
 2022-09-05 16:40:42 +01:00
Dan Brown fbef0d06f2
Added permission visiblity control to image-delete button 
Includes test to cover.
For #3697
 2022-09-05 15:52:12 +01:00
Dan Brown ee1e936660
Applied styleci changes, updated composer deps 2022-09-05 13:18:37 +01:00
Dan Brown 2fe261e207
Updated page revisions link visibility 
To match the actual visibilities of the revisions listing page and
options.
Related to #2946
 2022-09-03 12:32:21 +01:00
Dan Brown 7f8b3eff5a
Fixed failing tests due to shelf text changes, applied styleci changes 2022-09-02 14:47:44 +01:00
Dan Brown c76b5e2ec4
Fixed local_secure_restricted preventing attachment uploads 
Due to option name change and therefore lack of handling.
Added test case to cover.
 2022-09-02 14:40:17 +01:00
Dan Brown 092b6d6378
Added test and handling for local_secure_restricted in exports 2022-09-02 14:21:43 +01:00
Dan Brown f88330202b
Added test to cover secure restricted functionality 2022-09-02 14:03:23 +01:00
Dan Brown f28ed0ef0b
Fixed shelf covers being stored as 'cover_book' 
Are now stored as 'cover_bookshelf' as expected.
Added a migrate to alter existing shelf cover image types.
 2022-09-02 12:54:54 +01:00
Dan Brown 34c63e1c30
Added test & update to prevent page creation w/ empty slug 
Caused by changes to page repo in reference work,
This adds back in the slug generate although at a more central place.
Adds a test case to cover the problematic scenario.
 2022-09-01 12:53:34 +01:00
Dan Brown 9153be963d
Added book child reference handling on book url change 
Closes #3683
 2022-08-30 22:00:32 +01:00
Dan Brown 1cc7c649dc
Applied StyleCi changes, updated php deps 2022-08-29 17:46:41 +01:00
Dan Brown e537d0c4e8
Merge pull request #3656 from BookStackApp/x_linking 
Link reference tracking & updating
 2022-08-29 17:45:05 +01:00
Dan Brown 6edf2c155d
Added maintenance action to regenerate references 2022-08-29 17:30:26 +01:00
Dan Brown 401c156687
Merge pull request #3616 from BookStackApp/oidc_group_sync 
Added OIDC group sync functionality
 2022-08-25 11:17:18 +01:00
Dan Brown b86ee6d252
Rolled out reference link updating logic usage 
Added test to cover updating of content on reference url change
 2022-08-21 18:05:19 +01:00
Dan Brown f634b4ea57
Added entity meta link to reference page 
Not totally happy with implementation as is requires extra service to be
injected to core controllers, but does the job.
Included test to cover.
Updated some controller properties to be typed while there.
 2022-08-20 12:07:38 +01:00
Dan Brown d198332d3c
Rolled out reference pages to all entities, added testing 
Including testing to check permissions applied to listed references.
 2022-08-19 22:40:44 +01:00
Dan Brown bbe504c559
Added reference handling on page actions 
Page update/create/restore/clone/delete.
Added a couple of tests to cover a couple of those.
 2022-08-17 17:37:27 +01:00
Dan Brown 3290ab3ac9
Added regenerate-references command test 
Also updated model resolvers to only fetch model ID, to prevent bringing
back way more data from database than desired.
 2022-08-17 16:59:23 +01:00
Dan Brown 5d29d0cc7b
Added reference storage system, and command to re-index 
Also re-named/orgranized some files for this, to make them "References"
specific instead of a subset of "Util".
 2022-08-17 14:40:14 +01:00
Dan Brown 344b3a3615
Added system to extract model references from HTML content 
For the start of a managed cross-linking system.
 2022-08-16 13:23:53 +01:00
Dan Brown 837fd74bf6
Refactored search-based code to its own folder 
Also applied StyleCI changes
 2022-08-16 11:28:05 +01:00
Dan Brown 5f7cd735ea
Added content filtering of tags with javascript or data in values attr 
Case would be blocked by CSP but adding for cases where CSP may not be
active when content taken externally.

For #3636
 2022-08-11 10:28:32 +01:00
Dan Brown 16eedc8264
Fixed failed permission checks due to non-loaded fields 
Added additional exceptions to prevent such cases in the future, so
that they are caught in dev ideally.
Added test case specifically for reported favourite scenario.
 2022-08-10 08:06:48 +01:00
Dan Brown 97ec560282
Added test to cover export body start/end partial usage 2022-08-09 13:49:42 +01:00
Dan Brown 45dc28ba2a
Applied latest styleci changes 2022-08-09 13:26:45 +01:00
Dan Brown 6e0a7344fa
Added revision activity types to system and audit log 
Closes #3628
 2022-08-09 13:25:18 +01:00
Dan Brown 89ec9a5081
Sprinkled in some user language validation 
For #3615
 2022-08-04 17:24:04 +01:00
Dan Brown b987bea37a
Added OIDC group sync functionality 
Is generally aligned with out SAML2 group sync functionality, but for
OIDC based upon feedback in #3004.
Neeeded the tangental addition of being able to define custom scopes on
the initial auth request as some systems use this to provide additional
id token claims such as groups.

Includes tests to cover.
Tested live using Okta.
 2022-08-02 16:56:56 +01:00
Dan Brown 0bb5654f80
Updated composer deps, applied StyleCI changes 2022-07-27 11:07:41 +01:00
Dan Brown bd14dc067b
Added 'Sort Book' action to chapters 
Related to #2335
 2022-07-26 12:36:17 +01:00
Dan Brown d4a119b2aa
Fixed disabling of avatar urls, Removed id from gravatar image name 
Included test to cover avatar url disabling.
Related to #1835
 2022-07-26 12:10:19 +01:00
Dan Brown 7fdc7c68b9
Added test to cover code favourite pref. endpoint 2022-07-25 18:48:40 +01:00
Dan Brown 975ba4f8d8
Added content-view body classes generated from tags 
Included tests to cover.

Closes #3583
 2022-07-23 18:29:04 +01:00
Dan Brown 840a1ea011
Applied latest styleci changes 2022-07-23 15:11:06 +01:00
Dan Brown 72c8b138e1
Updated tests to use ssddanbrown/asserthtml package 
Closes #3519
 2022-07-23 15:10:18 +01:00
Dan Brown 4e8995c3d0
Added ability to adjust stored IP address precision 
Included tests to cover.

For #3560
 2022-07-23 13:41:29 +01:00
Dan Brown 67d12cc1df
Fixed failing license test 2022-07-23 12:08:55 +01:00
Dan Brown f573e09004
Applied styleci changes, updated dev version & readme roadmap 2022-07-23 11:36:37 +01:00
Dan Brown 56da25b07a
Fixed failing tests from dompdf chanages 2022-07-17 14:32:09 +01:00
Dan Brown 5f5b6ff0be
Added "ACTIVITY_LOGGED" theme event 
Closes #3572
 2022-07-17 13:28:56 +01:00
Dan Brown 9cf05944f6
Applied StyleCI changes 2022-07-17 10:32:16 +01:00
Dan Brown e6e6d25974
Removed test web route, extracted text, added test 2022-07-17 10:18:24 +01:00
Dan Brown 8f90996cef
Dropped use of non-view joint permissions 2022-07-16 21:50:42 +01:00
Dan Brown 2989852520
Added simple data model for faster permission generation 2022-07-12 21:13:02 +01:00
Dan Brown b0a4d3d059
Renamed and cleaned up existing permission service classes use 2022-07-12 20:15:41 +01:00
Dan Brown 2d4f708c79
Extracted permission building out of permission service 2022-07-12 19:38:11 +01:00
Dan Brown 0bcd1795cb
Auth group sync: Fixed unintential mapping behaviour change 
Due to change in how casing was handled when used in the "External Auth
ID" role field.
Likely related to #3535.
Added test to cover.
 2022-06-27 14:18:46 +01:00
Dan Brown 107df6c28f
Applied StyleCI changes 2022-06-25 14:27:32 +01:00
Dan Brown 3ed1ffdbeb
Fixed issue blocking tags on book update 
For #3527
 2022-06-25 13:46:55 +01:00
Dan Brown 46d71a181e
Updated php deps and applied styleci changes 2022-06-22 12:49:58 +01:00
Dan Brown 8d8da31fdd
Added base template convenience partials for theme system users 
Included test to cover usage and paths.
Closes #894
 2022-06-22 12:47:31 +01:00