openproject

Commit Graph

Author	SHA1	Message	Date
Hagen Schink	560b24c178	Fix locale label	10 years ago
Hagen Schink	922c10e4bf	Update query only if query string is available This prevents inadvertently overwriting an existing query's properties if a query string value is missing. See the comment for a complete justification.	10 years ago
Hagen Schink	d68dd55ab3	Stop premature update of membership data	10 years ago
Hagen Schink	30551e21f0	Include modules fully qualified	10 years ago
Hagen Schink	2d0e7f27e2	Set list of enabled modules even if no project exists	10 years ago
Alex Coles	0532e87a40	Minor spacing fixes in AccountController [ci skip] Signed-off-by: Alex Coles <alex@alexbcoles.com>	10 years ago
Alex Coles	8a28b1a730	Prefer #map over #collect in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>	10 years ago
Alex Coles	bb0e6e6aa5	Fix syntax (w/Rubocop) in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>	10 years ago
Alex Coles	336446c59d	Use 1.9+ Hash syntax in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>	10 years ago
Markus Kahl	09e8a972f2	disable password choice config	10 years ago
Hagen Schink	1a8ff4b721	Pass enabled project modules to plug-ins' WP attribute hook We first assumed that it would be sufficient to resolve the enabled project modules by examining the API response. But that is not true if a module is actually enabled but a property is not rendered because of privacy restrictions (for instance).	10 years ago
Hagen Schink	5c24e8e746	Move WP attribute definition for details pane to client	10 years ago
Jens Ulferts	48a52c74ef	hide SQL data from api	10 years ago
Jens Ulferts	e29d0063b0	prevent changes to constant	10 years ago
Oliver Günther	ccc32629cf	OmniAuth: optional attribute mapping in strategies OpenProject currently employs a fixed attribute mapping schema for userdata extracted from OmniAuth::AuthHash. For some strategies (e.g., LDAP), various attribute names are used to determine user attributes. Thus, an override to the fixed mapping from within a strategy is desirable. This commit allows the attribute mapping hash to be merged with attribute overrides from within an OmniAuth strategy.	10 years ago
Jens Ulferts	2a6f756570	read column_sums In `1513a19` I removed column_sums expecting it to be unnecessary. Turns out it is not.	10 years ago
Philipp Tessenow	fe359984e9	no need to check for performed? in exp.api wp-controller	10 years ago
Philipp Tessenow	611c268fec	simplify index action on exp.api work_packages_controller	10 years ago
Philipp Tessenow	374817219f	return a 404 when accessing a not-viewable query via the experimental API	10 years ago
Hagen Schink	486595d8ef	Add comments to explain implementation in detail	10 years ago
Hagen Schink	658f9400da	Improve implementation	10 years ago
Hagen Schink	9821c8e301	Use 'changed' variable for if statement	10 years ago
Hagen Schink	04571227b3	State action explicitly	10 years ago
Hagen Schink	dc5cff4cbc	Recognize filter changes correctly	10 years ago
Philipp Tessenow	c2dafccb8d	Fix wrong redirect after forced pass change A new user (`first_login: true`) who is forced to change his password (`forced_password_change: true`) was redirected to the change_password page (instead of my_page) when he didn't get the login credentials right on the first attempt. The `back_url_hidden_field_tag` was added to the password form to persist the original referer (in the case that the first password change attempt does not succeed). This makes the redirect work exactly as if the password change succeeded on the first try.	10 years ago
Hagen Schink	ddbfa616ab	Extract 'update' handling	10 years ago
Hagen Schink	5356861e8a	Use ActiveRecord::Dirty to get changes on query	10 years ago
Jens Ulferts	d7486ab811	allows api v2 types controller accessible for :view_work_packages permission	10 years ago
Hagen Schink	c496f404a5	Consider difference between update/(de-)publicize	10 years ago
Hagen Schink	dfa56b6c2b	Remove 'percentage done' if it is disabled This should prevent the client to show the attribute if the admin disabled it in the global configuration.	10 years ago
Hagen Schink	c932a77a55	Fix typo	10 years ago
Jens Ulferts	cd65f449dd	removes classes that should have been deleted in #4817547	10 years ago
Hagen Schink	ef039b32ec	Correct query deletion verb on server side	10 years ago
Jens Ulferts	f86b894e11	protects agains query manipulation via API	10 years ago
Jens Ulferts	18eda62459	reuse query link allowance evaluation	10 years ago
Jens Ulferts	f7d92b156e	fixes permission links on query	10 years ago
Jens Ulferts	4817547d4a	introduces policies The pattern used here is taken from pundit although this here does by far not have the functionality pundit offers.	10 years ago
Jens Ulferts	61c05affd4	checks for permission before api/v2/types#index	10 years ago
Philipp Tessenow	1dd7eff8ce	don't overwrite public flag for queries AFTER security check	10 years ago
slawa	d67ab23390	Fix param name where modules are listed	10 years ago
Martin Linkhorst	a2754921dd	make Hound happy (and Markus)	10 years ago
Martin Linkhorst	c43f84ad1b	#after_login can now receive a context variable (usually the controller)	10 years ago
Jens Ulferts	077e0b2f78	types controller is admin only now	10 years ago
Jens Ulferts	01d2569225	allows version selection for global filtering	10 years ago
Mihail Maxacov	a0631745de	fix saved queries don't update wp lists correctly when removing filters	10 years ago
Jens Ulferts	5c06dda316	users allowed new statuses no longer receive an edit menu entry They are not allowed to call the work_package#edit action anyway	10 years ago
slawa	f8b09545ed	Prevent mass assignment vulnerability	10 years ago
Jens Ulferts	1513a19b84	readd experimental controllers and add authorization to them	10 years ago
Jens Ulferts	6cae440a2c	removes no longer needed query menu items controller This is now all handled via API.	10 years ago
Jens Ulferts	3c730ef131	enforces authorization for experimental api	10 years ago

1 2 3 4 5 ...

2528 Commits (560b24c1782228a78e5a6056799359503f89a8af)