09c2814dc7 
								
							 
						 
						
							
							
								
								Added role based MFA control  
							
							... 
							
							
							
							- Added new DB column for control and role updated create/update actions.
- Created new middleware as a start to actual enforcement logic.
- Added indicator to role list of whether MFA is enforced. 
							
						 
						
							2021-07-03 13:34:48 +01:00  
				
					
						
							
							
								 
						
							
								934a833818 
								
							 
						 
						
							
							
								
								Apply fixes from StyleCI  
							
							
							
						 
						
							2021-06-26 15:23:15 +00:00  
				
					
						
							
							
								 
						
							
								bbfb330b92 
								
							 
						 
						
							
							
								
								Added check of owner field for manage-permissions-own  
							
							... 
							
							
							
							This permission was still checking based on created-by.
Updated testing to specifically check the owner since the tests
were passing by the fact of matching creator and owner.
Fixes  #2445  
							
						 
						
							2021-01-04 18:07:39 +00:00  
				
					
						
							
							
								 
						
							
								4c580d1571 
								
							 
						 
						
							
							
								
								Added owners to entity creation and updated tests  
							
							
							
						 
						
							2020-12-30 22:18:28 +00:00  
				
					
						
							
							
								 
						
							
								ef1b98019a 
								
							 
						 
						
							
							
								
								Fixed some mis-refactoring and split search service  
							
							... 
							
							
							
							Search service broken into index and runner tools. 
							
						 
						
							2020-11-22 00:17:45 +00:00  
				
					
						
							
							
								 
						
							
								da37700ac2 
								
							 
						 
						
							
							
								
								Implemented user, api_tokem & role activity logging  
							
							... 
							
							
							
							Also refactored some role content, primarily updating the permission
controller to be RoleController since it only dealt with roles. 
							
						 
						
							2020-11-20 18:53:01 +00:00  
				
					
						
							
							
								 
						
							
								5f1ee5fb0e 
								
							 
						 
						
							
							
								
								Removed role 'name' field from database  
							
							... 
							
							
							
							The 'name' field was really redundant and caused confusion in the
codebase, since the 'Display' name is often used and we have a
'system_name' for the admin and public role.
This fixes  #2032 , Where external auth group matching has confusing
behaviour as matching was done against the display_name, if no
external_auth field is set, but only roles with a match 'name' field
would be considered.
This also fixes and error where the role users migration, on role
delete, would not actually fire due to mis-matching http body keys.
Looks like this has been an issue from the start. Added some testing to
cover. Fixes  #2211 .
Also converted phpdoc to typehints in many areas of the reviewed code
during the above. 
							
						 
						
							2020-08-04 14:55:01 +01:00  
				
					
						
							
							
								 
						
							
								a9f02550f0 
								
							 
						 
						
							
							
								
								Removed joint_permissions auto_increment id  
							
							... 
							
							
							
							Removed auto_incrementing id and set a primary key of the [role_id,
entity_type, entity_id, action] instead since this table could recieve a
lot of activity, especially when permission regeneration was automated,
leading to very high auto_increment counts which could max out the
integer limit.
Also updated some RolesTest comment endpoints to align with
recent route changes.
Should fix  #2091  
							
						 
						
							2020-08-04 13:02:31 +01:00  
				
					
						
							
							
								 
						
							
								f84bf8e883 
								
							 
						 
						
							
							
								
								Updated test files to be PSR-4 compliant  
							
							... 
							
							
							
							Closes  #1924  
						
							2020-04-04 01:16:05 +01:00  
				
					
						
							
							
								 
						
							
								5491bd62a2 
								
							 
						 
						
							
							
								
								Fixed test failing due to redirect changes  
							
							... 
							
							
							
							- Also set APP_THEME param during testing to avoid local conflicts 
							
						 
						
							2019-12-21 13:48:44 +00:00  
				
					
						
							
							
								 
						
							
								140298bd96 
								
							 
						 
						
							
							
								
								Updated to Laravel 5.8  
							
							
							
						 
						
							2019-09-13 23:58:40 +01:00  
				
					
						
							
							
								 
						
							
								f417675b1d 
								
							 
						 
						
							
							
								
								Prevented normal users from changing own email  
							
							... 
							
							
							
							To address #1542 
Updates to only allow email changes by users with the users-manage role
permission. 
							
						 
						
							2019-08-06 21:29:42 +01:00  
				
					
						
							
							
								 
						
							
								7f3f6e65b9 
								
							 
						 
						
							
							
								
								Aligned item creation wording and updated shelf-book-add logic  
							
							
							
						 
						
							2019-04-15 20:45:04 +01:00  
				
					
						
							
							
								 
						
							
								7cda9b026e 
								
							 
						 
						
							
							
								
								Updated tests to suit layout changes, Updated 404 page  
							
							... 
							
							
							
							- Also replaced 'or' usage in templates with null coalescing operator 
							
						 
						
							2019-04-06 18:36:17 +01:00  
				
					
						
							
							
								 
						
							
								50e5527483 
								
							 
						 
						
							
							
								
								Added test to cover "users" header link in correct permission conditions  
							
							
							
						 
						
							2019-01-05 15:22:47 +00:00  
				
					
						
							
							
								 
						
							
								2317bf2350 
								
							 
						 
						
							
							
								
								Added check for last admin on role change  
							
							... 
							
							
							
							Will show error message if last admin and admin role is removed.
Closes  #1124 
Also cleaned up user controller a little. 
							
						 
						
							2018-12-30 16:11:58 +00:00  
				
					
						
							
							
								 
						
							
								919660678b 
								
							 
						 
						
							
							
								
								Re-structured the app code to be feature based rather than code type based  
							
							
							
						 
						
							2018-09-25 12:30:50 +01:00  
				
					
						
							
							
								 
						
							
								b59e5942c8 
								
							 
						 
						
							
							
								
								Added testing coverage for Bookshelves  
							
							... 
							
							
							
							Created modified TestResponse so we can use DOM operations in new
Testcases as we move away from the BrowserKit tests. 
							
						 
						
							2018-09-21 15:15:16 +01:00  
				
					
						
							
							
								 
						
							
								cdb1c7ef88 
								
							 
						 
						
							
							
								
								Added destination permission checking to entity move  
							
							
							
						 
						
							2018-04-14 18:47:13 +01:00  
				
					
						
							
							
								 
						
							
								1a9f676416 
								
							 
						 
						
							
							
								
								Updated create routes to prevent slug clashes  
							
							... 
							
							
							
							Fixes  #758  
						
							2018-03-25 11:34:42 +01:00  
				
					
						
							
							
								 
						
							
								621142a46e 
								
							 
						 
						
							
							
								
								Removed outdated translations and updated tests  
							
							
							
						 
						
							2017-09-09 18:41:59 +01:00  
				
					
						
							
							
								 
						
							
								e9831a7507 
								
							 
						 
						
							
							
								
								Merge branch 'master' of git://github.com/Abijeet/BookStack into Abijeet-master  
							
							
							
						 
						
							2017-08-01 19:24:33 +01:00  
				
					
						
							
							
								 
						
							
								4db2c274e2 
								
							 
						 
						
							
							
								
								Prevent empty-state actions visible without permission.  
							
							... 
							
							
							
							Fixes  #411  
						
							2017-07-02 15:59:40 +01:00  
				
					
						
							
							
								 
						
							
								cbff801aec 
								
							 
						 
						
							
							
								
								Added test to cover  f99c8ff.  
							
							... 
							
							
							
							Closes  #409  
						
							2017-07-02 15:40:42 +01:00  
				
					
						
							
							
								 
						
							
								574ee820a9 
								
							 
						 
						
							
							
								
								#47  - Fixes the issues with the test case.  
							
							
							
						 
						
							2017-06-13 02:37:50 +05:30  
				
					
						
							
							
								 
						
							
								7d02f77e67 
								
							 
						 
						
							
							
								
								#47  - Added more test cases to test the APIs and permission for comments.  
							
							
							
						 
						
							2017-06-13 02:31:17 +05:30  
				
					
						
							
							
								 
						
							
								5570e858e5 
								
							 
						 
						
							
							
								
								Made more efficiency improvements to permission system  
							
							
							
						 
						
							2017-04-30 11:38:58 +01:00  
				
					
						
							
							
								 
						
							
								33a2999a57 
								
							 
						 
						
							
							
								
								Namespaced tests to align with new laravel default  
							
							
							
						 
						
							2017-02-04 11:58:42 +00:00  
				
					
						
							
							
								 
						
							
								6669998c10 
								
							 
						 
						
							
							
								
								Upgraded to Laravel 5.4  
							
							
							
						 
						
							2017-01-25 19:35:40 +00:00  
				
					
						
							
							
								 
						
							
								dabf149411 
								
							 
						 
						
							
							
								
								Added user setting system and added user-lang option  
							
							... 
							
							
							
							Supports #115  
							
						 
						
							2017-01-15 16:27:24 +00:00  
				
					
						
							
							
								 
						
							
								581c382f65 
								
							 
						 
						
							
							
								
								Fixed image delete permission issue  
							
							... 
							
							
							
							Also fixed missing translations and wrote tests to cover issue.
Fixes  #258  
							
						 
						
							2017-01-08 19:19:30 +00:00  
				
					
						
							
							
								 
						
							
								0775cd09a1 
								
							 
						 
						
							
							
								
								Extracted text for remaining views  
							
							
							
						 
						
							2016-12-04 14:08:04 +00:00  
				
					
						
							
							
								 
						
							
								57dc53ceff 
								
							 
						 
						
							
							
								
								Extracted text from book & chapter views  
							
							
							
						 
						
							2016-11-17 13:33:07 +00:00  
				
					
						
							
							
								 
						
							
								3b7d223b0c 
								
							 
						 
						
							
							
								
								Updated and added tests for new default user system  
							
							... 
							
							
							
							Closes  #138  
						
							2016-09-29 17:07:58 +01:00  
				
					
						
							
							
								 
						
							
								05666efda9 
								
							 
						 
						
							
							
								
								Added hidden public role to fit with new permissions system  
							
							
							
						 
						
							2016-05-01 19:36:53 +01:00  
				
					
						
							
							
								 
						
							
								a81a56706e 
								
							 
						 
						
							
							
								
								Rolled out new permissions system throughout application  
							
							
							
						 
						
							2016-04-24 16:54:20 +01:00  
				
					
						
							
							
								 
						
							
								097d9c9f3c 
								
							 
						 
						
							
							
								
								Updated entity restrictions to allow permissions, Not just restrict  
							
							... 
							
							
							
							Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do.
Referenced in issue #89 . 
							
						 
						
							2016-03-30 20:15:44 +01:00  
				
					
						
							
							
								 
						
							
								5283919d24 
								
							 
						 
						
							
							
								
								Added new page drafts and started image entity attaching  
							
							... 
							
							
							
							Closes  #80 . 
						
							2016-03-13 12:04:08 +00:00  
				
					
						
							
							
								 
						
							
								bf7852ce85 
								
							 
						 
						
							
							
								
								Organised test files & added page update draft tests  
							
							... 
							
							
							
							Also cleaned styling for new autosave ui parts.
Closes  #36 . 
							
						 
						
							2016-03-12 16:31:02 +00:00