Commit graph

807 commits

Author SHA1 Message Date
Dan Brown
9e8240a736
Addressed additional unsupported array spread operation 2022-11-03 14:40:01 +00:00
Dan Brown
f809bd3a62
Updated tests to align with recent list changes 2022-11-01 14:53:36 +00:00
Dan Brown
d4e71e431b
Revised revision list to responsive layout 2022-10-31 21:26:31 +00:00
Dan Brown
80d2889217
Updated tags list to new responsive format 2022-10-31 11:40:28 +00:00
Dan Brown
2bbf7b2194
Revised audit log list to new responsive format 2022-10-30 20:24:08 +00:00
Dan Brown
2c114e1a4a
Split out user controller preference methods to new controller 2022-10-30 15:25:02 +00:00
Dan Brown
ec4cbbd004
Refactored common list handling operations to new class 2022-10-30 15:16:06 +00:00
Dan Brown
f75091a1c5
Revised webhooks list to new format
Also aligned query naming to start with model in use.
Also added created/updated sort options to roles.
2022-10-30 12:02:06 +00:00
Dan Brown
98b59a1024
Revised role index list to align with user list 2022-10-29 20:52:17 +01:00
Dan Brown
986346a0e9
Redesigned users list to be responsive and aligned 2022-10-29 15:23:21 +01:00
Dan Brown
2a65331573
Worked towards phpstan level 2, 13 errors remain 2022-10-24 12:12:48 +01:00
Dan Brown
6951aa3d39
Fixed permission row permission check 2022-10-14 16:03:06 +01:00
Dan Brown
98c6422fa6
Extracted entity perms. text to translation files 2022-10-11 15:52:56 +01:00
Dan Brown
0fae807713
Fixed and updated "Everyone Else" permissions handling
- Fixed inheriting control for new system.
- Tested copying shelf permissions to books.
- Added additional handling for inheriting scenario identification.
2022-10-10 17:22:38 +01:00
Dan Brown
0f68be608d
Removed most usages of restricted entitiy property 2022-10-10 16:58:26 +01:00
Dan Brown
803934d020
Added interface for adding/removing roles in entity perms. 2022-10-10 12:24:23 +01:00
Dan Brown
ffd6a1002e
Centralised handling of permission form data to own class
Also updates show roles on permission view to just those with
permissions applied.
Fixes rounded borders for lone permission rows.
Moves "Everyone Else" handling from role to new class.
2022-10-09 17:14:11 +01:00
Dan Brown
bf591765c1
Reorgranised permission routes into their own controller
Also introduced helpers for getting entities by slugs since we do it in
so many places.
2022-10-09 16:36:03 +01:00
Dan Brown
0e94fd44a8
Added contents to book-show endpoint
Created a generic list formatting helper class for this, to align with
logic used on the search results endpoint and for easier future re-use
in a standardised way.
Also updated some class property types.
Added test to cover new books-contents results.
Related to #3734
2022-09-29 15:08:18 +01:00
Dan Brown
8f3430d386
Improved tag suggestion handling
- Aligned prefix-type filtering with back-end.
- Increased suggestion search cut-off from 3 to 4.
- Increased amount of suggestions shown.
- Ordered suggestions to be name asc, as you'd expect on search.
- Updated front-end filtering to use full search query, instead of
  truncated version, for further front-end filtering capability.

Related to #3720
2022-09-28 13:50:40 +01:00
Dan Brown
f4388d5e4a
Removed usage of laravel/ui dependency
Brings app auth controller handling aligned within the app, rather than
having many overrides of the framwork packages causing confusion and
messiness over time.
2022-09-22 16:54:27 +01:00
Dan Brown
7165481075
Updated auth controllers with property types 2022-09-22 15:12:05 +01:00
Dan Brown
8a749c6acf
Added and ran PHPCS 2022-09-18 01:25:20 +01:00
Dan Brown
623ccd4cfa
Removed old thai files, added romanian as lang option
Also applied styleci changes
2022-09-06 17:41:32 +01:00
Dan Brown
fbef0d06f2
Added permission visiblity control to image-delete button
Includes test to cover.
For #3697
2022-09-05 15:52:12 +01:00
Dan Brown
ee1e936660
Applied styleci changes, updated composer deps 2022-09-05 13:18:37 +01:00
Dan Brown
9158a66bff
Updated & improved language locale handling
Extracted much of the language and locale work to a seperate, focused class.
Updated php set_locale usage to prioritise UTF8 usage.
Added locale options for windows.
Clarified what's a locale and a bookstack language string.

For #3590 and maybe #3650
2022-09-02 19:19:01 +01:00
Dan Brown
27ac122502
Started work on local_secure_restricted image option 2022-09-01 16:17:14 +01:00
Dan Brown
1cc7c649dc
Applied StyleCi changes, updated php deps 2022-08-29 17:46:41 +01:00
Dan Brown
6edf2c155d
Added maintenance action to regenerate references 2022-08-29 17:30:26 +01:00
Dan Brown
f634b4ea57
Added entity meta link to reference page
Not totally happy with implementation as is requires extra service to be
injected to core controllers, but does the job.
Included test to cover.
Updated some controller properties to be typed while there.
2022-08-20 12:07:38 +01:00
Dan Brown
d198332d3c
Rolled out reference pages to all entities, added testing
Including testing to check permissions applied to listed references.
2022-08-19 22:40:44 +01:00
Dan Brown
d5465726e2
Added inbound references listing for pages 2022-08-19 13:14:43 +01:00
Dan Brown
837fd74bf6
Refactored search-based code to its own folder
Also applied StyleCI changes
2022-08-16 11:28:05 +01:00
Dan Brown
e02bd5e57e
Added content security section to the api docs
Related to #3636
2022-08-11 10:49:45 +01:00
Dan Brown
375abca1ee
Merge pull request #3632 from BookStackApp/ownable_permission_fix
Fixed failed permission checks due to non-loaded fields
2022-08-10 17:59:46 +01:00
Dan Brown
031c67ba58
Reduced the memory usage, db queries and cache hits loading revisions
Updated revision listing to only fetch required fields, massively
reducing memory usage by not loading content.
This also updates user avatar handling to effectively cache the avatar
url within request to avoid re-searching from cache, which may improve
performance of others areas of the application.
This also upates handling of the revisions list view to extract table
row to its own view to break things down a bit.

For #3633
2022-08-10 17:50:35 +01:00
Dan Brown
16eedc8264
Fixed failed permission checks due to non-loaded fields
Added additional exceptions to prevent such cases in the future, so
that they are caught in dev ideally.
Added test case specifically for reported favourite scenario.
2022-08-10 08:06:48 +01:00
Dan Brown
6e0a7344fa
Added revision activity types to system and audit log
Closes #3628
2022-08-09 13:25:18 +01:00
Dan Brown
4209f27f1a
Set a fairly sensible limit on user name validation
Also updated controller properties with types within modified files.
Related to #3614
2022-08-09 12:40:59 +01:00
Dan Brown
89ec9a5081
Sprinkled in some user language validation
For #3615
2022-08-04 17:24:04 +01:00
Dan Brown
0bb5654f80
Updated composer deps, applied StyleCI changes 2022-07-27 11:07:41 +01:00
Dan Brown
0df5ae0658
Added core code-lang-favourites JS, PHP & CSS logic
- Got the functionality now working to favourite items and store that
  status within the system for the user.
- Improved CSS display for usability.
2022-07-25 13:10:27 +01:00
Dan Brown
b0adb74d62
Improved shelf book management interface
- Added ability to search books list (Local simple text match).
- Added handles, hover-states and cursor states for better user
  interaction and clearer use of drag & drop.
- Improved styles for dark mode.
- Converted shelf sort component to newer component format.
- Modernized shelf controller code a little.

Related to #3266
2022-07-24 12:23:25 +01:00
Dan Brown
2332401854
Fixed a couple of non-intended logical permission issues
Both caught in tests:
Fixed loss of permissions for admin users when entity restrictions were
active, since there are no entity-restrictions for the admin role but
we'd force generate them in joint permissions, which would be queried.
Fixed new role permission checks when permissions given with only the
action (eg. 'view'), since the type prefix would be required for role
permission checks. Was previously not needed as only the simpler form
was used in the jointpermissions after merge & calculation.
2022-07-16 20:55:32 +01:00
Dan Brown
1d875ccfb7
Continued removal of joint permission non-view queries
Cleaned up PermissionApplicator to remove old cache system which was
hardly ever actuall caching anything since it was reset after each
public method run.

Changed the scope of 'userCanOnAny' to just check entity permissions,
and added protections of action scope creep, in case a role permission
action was passed by mistake.
2022-07-16 13:17:08 +01:00
Dan Brown
4fb85a9a5c
Started removal of non-view permission queries
Updated ajax search and entity selector usage to display and handle
items that the user does not have permission to interact with.
Started logic changes to not allow permission type to be passed around,
with views instead being the fixed sole permission.
2022-07-13 15:23:03 +01:00
Dan Brown
3ed1ffdbeb
Fixed issue blocking tags on book update
For #3527
2022-06-25 13:46:55 +01:00
Dan Brown
0d9b5a9d90
Merge branch 'login-auto-redirect' into development 2022-06-21 15:38:01 +01:00
Dan Brown
8b211ed461
Review and update of login auto initiation PR
For PR #3406

- Updated naming from 'redirect' to 'initate/initation'.
- Updated phpunit.xml and .env.example.complete files with the new
  option.
- Cleaned up controller logic a bit.
- Added content and design to the new initation view to not leave user
  on a blank view for a while.
- Added non-JS button to initiation view as fallback option for
  progression.
- Moved new test to it's own Test class and expanded with additional
  scenario tests for better functionality coverage.
2022-06-21 15:32:18 +01:00