Merge remote-tracking branch 'origin/release/8.3' into dev

[ci skip]
pull/7051/head
Oliver Günther 6 years ago
commit 5e5f3b22e9
No known key found for this signature in database
GPG Key ID: A3A8BDAD7C0C552C
  1. 1
      app/assets/stylesheets/content/_index.sass
  2. 6
      app/assets/stylesheets/content/_security_badge.sass
  3. 4
      app/helpers/security_badge_helper.rb
  4. 5
      app/models/permitted_params.rb
  5. 11
      app/views/admin/info.html.erb
  6. 2
      app/views/customizable/_form.html.erb
  7. 13
      app/views/homescreen/blocks/_administration.html.erb
  8. 8
      app/views/settings/_general.html.erb
  9. 8
      config/locales/en.yml
  10. 15
      docs/configuration/configuration.md
  11. 3
      lib/open_project/configuration.rb
  12. 3
      lib/open_project/static/links.rb

@ -64,6 +64,7 @@
@import content/hide_until_initialized
@import content/hidden
@import content/search
@import content/security_badge
@import content/contextual
@import content/tooltip
@import content/grid

@ -0,0 +1,6 @@
.security-badge--container
height: 28px
.security-badge--help-icon
position: relative
top: -8px

@ -41,4 +41,8 @@ module SecurityBadgeHelper
uri.query = info.to_query
uri.to_s
end
def display_security_badge_graphic?
OpenProject::Configuration.security_badge_displayed? && Setting.security_badge_displayed?
end
end

@ -108,7 +108,10 @@ class PermittedParams
end
def group
params.require(:group).permit(*self.class.permitted_attributes[:group])
permitted_params = params.require(:group).permit(*self.class.permitted_attributes[:group])
permitted_params = permitted_params.merge(custom_field_values(:group))
permitted_params
end
def group_membership

@ -48,13 +48,18 @@ See docs/COPYRIGHT.rdoc for more details.
<span><strong><%= OpenProject::Info.versioned_name %></strong> (<%= @db_adapter_name %>)</span>
</div>
</div>
<% if Setting.security_badge_displayed? %>
<% if display_security_badge_graphic? %>
<div class="attributes-key-value--key"></div>
<div class="attributes-key-value--value-container">
<div class="attributes-key-value--value -text">
<%= content_tag :span do %>
<div class="security-badge--container">
<%= content_tag :object, nil, data: security_badge_url, type: "image/svg+xml" %>
<% end %>
<%= link_to '',
::OpenProject::Static::Links[:security_badge_documentation][:href],
title: t(:label_what_is_this),
class: 'security-badge--help-icon icon-context icon-help1',
target: '_blank' %>
</div>
</div>
</div>
<% end %>

@ -35,7 +35,7 @@ See docs/COPYRIGHT.rdoc for more details.
<div class="form--field <%= required ? '-required' : '' %>">
<%# display all fields OR only display required fields OR only display optional fields #%>
<% if all_fields || (only_required && required) || (!only_required && !required) %>
<%= value_form.custom_field(container_class: '-wide') %>
<%= value_form.custom_field(container_class: '-wide', required: required) %>
<% end %>
</div>
<% end %>

@ -47,9 +47,14 @@
<%= link_to t(:label_custom_style), custom_style_path,
title: t(:label_custom_style) %>
</li>
<%= content_tag :li do %>
<%= content_tag :object, nil, data: security_badge_url, type: "image/svg+xml", style: "vertical-align:top;" %>
<% end if Setting.security_badge_displayed? %>
<%= call_hook(:homescreen_administration_links) %>
</ul>
<%= content_tag :div, class: 'security-badge--container' do %>
<%= content_tag :object, nil, data: security_badge_url, type: "image/svg+xml" %>
<%= link_to '',
::OpenProject::Static::Links[:security_badge_documentation][:href],
title: t(:label_what_is_this),
class: 'security-badge--help-icon icon-context icon-help1',
target: '_blank' %>
<% end if display_security_badge_graphic? %>

@ -57,12 +57,18 @@ See docs/COPYRIGHT.rdoc for more details.
<%= setting_text_field :file_max_size_displayed, size: 6, unit: t(:"number.human.storage_units.units.kb"), container_class: '-xslim' %>
</div>
<div class="form--field"><%= setting_text_field :diff_max_lines_displayed, size: 6, container_class: '-xslim' %></div>
<% if OpenProject::Configuration.security_badge_displayed? %>
<div class="form--field">
<%= setting_check_box :security_badge_displayed %>
<span class="form--field-instructions">
<%= t(:text_notice_security_badge_displayed_html, information_panel_label: t(:label_information), information_panel_path: info_admin_index_path) %>
<%= t(:text_notice_security_badge_displayed_html,
information_panel_label: t(:label_information),
more_info_url: ::OpenProject::Static::Links[:security_badge_documentation][:href],
information_panel_path: info_admin_index_path) %>
</span>
</div>
<% end %>
<%= call_hook(:view_settings_general_form) %>
<fieldset class="form--fieldset">
<legend class="form--fieldset-legend"><%= t(:setting_welcome_text) %></legend>

@ -1582,6 +1582,7 @@ en:
label_view_diff: "View differences"
label_view_revisions: "View revisions"
label_watched_work_packages: "Watched work packages"
label_what_is_this: "What is this?"
label_week: "Week"
label_wiki_content_added: "Wiki page added"
label_wiki_content_updated: "Wiki page updated"
@ -2113,6 +2114,7 @@ en:
setting_per_page_options: "Objects per page options"
setting_plain_text_mail: "Plain text mail (no HTML)"
setting_protocol: "Protocol"
setting_security_badge_displayed: "Display security badge"
setting_registration_footer: "Registration footer"
setting_repositories_automatic_managed_vendor: "Automatic repository vendor type"
setting_repositories_encodings: "Repositories encodings"
@ -2258,6 +2260,12 @@ en:
text_no_configuration_data: "Roles, types, work package statuses and workflow have not been configured yet.\nIt is highly recommended to load the default configuration. You will be able to modify it once loaded."
text_no_notes: "There are no comments available for this work package."
text_notice_too_many_values_are_inperformant: "Note: Displaying more than 100 items per page can increase the page load time."
text_notice_security_badge_displayed_html: >
Note: if enabled, this will display a badge with your installation status in the <a href="%{information_panel_path}">%{information_panel_label}</a> administration panel,
and on the home page. It is displayed to administrators only.
<br/>
The badge will check your current OpenProject version against the official OpenProject release database to alert you of any updates or known vulnerabilities.
For more information on what the check provides, what data is needed to provide available updates, and how to disable this check, please visit <a href="%{more_info_url}">the configuration documentation</a>.
text_own_membership_delete_confirmation: "You are about to remove some or all of your permissions and may no longer be able to edit this project after that.\nAre you sure you want to continue?"
text_plugin_assets_writable: "Plugin assets directory writable"
text_powered_by: "Powered by %{link}"

@ -310,6 +310,21 @@ default:
password: admin
```
## Security badge
OpenProject now provides a release indicator (security badge) that will inform administrators of an OpenProject
installation on whether new releases or security updates are available for your platform.
If enabled, this option will display a badge with your installation status at Administration &gt; Information right next to the release version,
and on the home screen. It is only displayed to administrators.
The badge will match your current OpenProject version against the official OpenProject release database to alert you of any updates or known vulnerabilities.
To ensure the newest available update can be returned, the check will include your installation type, current version, database type, enterprise status and an anonymous unique ID of the instance.
To localize the badge, the user's locale is sent.
To disable rendering the badge, uncheck the setting at Administration &gt; System settings &gt; General or pass
the configuration flag `security_badge_displayed: false` .
## Email configuration
* `email_delivery_method`: The way emails should be delivered. Possible values: `smtp` or `sendmail`

@ -124,8 +124,11 @@ module OpenProject
# Allow in-context translations to be loaded with CSP
'crowdin_in_context_translations' => true,
'registration_footer' => {},
# Display update / security badge, enabled by default
'security_badge_displayed' => true,
'installation_type' => "manual",
'security_badge_url' => "https://releases.openproject.com/v1/check.svg"
}

@ -117,6 +117,9 @@ module OpenProject
client_credentials_code_flow: {
href: 'https://oauth.net/2/grant-types/client-credentials/',
label: 'oauth.flows.client_credentials'
},
security_badge_documentation: {
href: 'https://github.com/opf/openproject/blob/dev/docs/configuration/configuration.md#security-badge'
}
}
end

Loading…
Cancel
Save