Tag:
Branch:
Tree:
61357f5091
12-3-1-notes-fixes
45001-component-to-show-the-list-of-non-working-days-of-year
45827-project-list-dropdown-actions-cut-off
Small-docs-fix
bug-process-documentation
bug/36827-creating-work-package-in-status-not-available-for-work-package-type
bug/41714-clicking-on-files-tab-scrolls-up-on-ios
bug/41851-blank-email-reminders-page-when-creating-account-manually
bug/43193-remove-oauth-cookie-after-successful-authorization-against-nextcloud
bug/43323-nextcloud-validation-error-in-new-storage-host-field
bug/43504-date-picker-not-working-as-expected-for-utc-time-hour-minus
bug/44924-error-in-souce-string-for-team-planner
bump/angular13
chore/file-list-padding-overwrite
chore/fix-error-toast-for-broken-oauth-data
chore/restructure-file-list-style
code-maintenance/45463-apply-rails-5-0-defaults
dev
display-skeleton-view-over-team-planner-calendar
docker-install
docs-add-details-follow-precede-gantt-distance
docs-add-details-follow-precede-gantt-distance-2
docs-update-to-notifications
docs-updates
docs-updates-for-12.5
documentation/design-system
feat/design-system
featuer/26688/in-app-notifications-table-change
feature/26688/ian-announcements
feature/37398-select-input-none-option
feature/37441-dynamic-form-v2
feature/40228-openapi-spec
feature/40228-openapi-specification-part-2
feature/41530-copying-a-project-shall-also-copy-file-links-attached-to-all-work-packages
feature/42358-standardise-date-pickers
feature/42358-standardise-date-pickers-2
feature/42358-standardise-date-pickers-drop-modal-portal
feature/43118-access-project-dropdown-entries-via-arrow-keys
feature/43638-update-team-planner-and-calendar-for-duration-and-non-working-days-rebased
feature/43644-revoke-access-to-storage-granted-by-oauth
feature/44212-new-release-teaser-block-for-123
feature/45963-remove-select-all-and-open-storage-interaction-elements-from-file-pickers
feature/api_v3_activities_index
feature/documenting-services-and-contracts
feature/ee-date-alerts
feature/file-links-oauth-connection-manager-rebased
feature/in-app-notifications-settings
feature/invite-user-modal
feature/notification_signaling
feature/openapi-spec-and-swagger-ui
feature/placeholder-users
feature/settings_api
feature/spot-list-tooltip-rework
feature/team-planner-fullcalendar
feature/translations-hierarchy
fix-column-width-including-ngselect
fix-tab-info-not-updated-in-notification-center
fix/34436-edit-backlog-date-focus-backlog-details
fix/34436-edit-backlog-date-focus-backlog-details-firefox-quirk
fix/35563-hide-boards-user-is-not-allowed
fix/36521-Saving-changes-to-user-profile-after-handling-error-message-leads-to-user-profile
fix/37509/modal-position-relative
fix/39123-mobile-tab-overflow
fix/39833-work-package-parent-shrink
fix/41437-project-selector
fix/41535-datepicker-overflow
fix/42397-project-filter-is-not-applied-in-embedded-table
fix/43085/default-cf-value-filter
fix/43230-toggle-disabled-state-not-defined
fix/43259-the-list-style-in-the-nextcloud-section-is-not-correct
fix/44197-sort-workpackages-by-updated-at
fix/44846-custom-field-multi-select
fix/45586/totp-clock-error-discoverability
fix/activity-change-detection
fix/activity-tab-spec
fix/api-spec-storage-files
fix/attachments-drag-n-drop-chrome
fix/comment-number-cut-off-on-moblie
fix/custom-plugin-frozen
fix/improve_scheduling_performance-with-simpler_sql
fix/inline-wp-button-macro
fix/json_serialize_delayed_job
fix/missing-omniauth-strategy
fix/notification_and_wp_visiblity_check_performance
fix/op-sidemenu-href
fix/op-sidemenu-onpush
fix/rails_7_scope_merging_on_index
fix/re-enable-rake-task
fix/reject-invalid-host-headers
fix/remove-differential-building
fix/run-url-github
fix/selector_for_board_specs
fix/storybook-zone-aware-promise
fix/update_robot_txt
fix/whitelist_date_on_config_yaml_load
fix/wysiwyg-changes_wo_ckeditor
hal_presenter_demo
housekeeping/update-rxjs
implementation-wp-quick-add-modal-component
implementation/42204-add-file-links-collection-to-work-package-resource
implementation/42379-add-endpoint-to-update-cache-with-live-data
implementation/42843-add-authorization-state-to-storages-api-endpoint
implementation/43693-add-file-link-list-component-to-new-work-package-form
implementation/45083-update-look-of-activity-items-in-activity-module-for-project-and-work-packages
integration/outdated_10.5
packaging/sles15
refactor/autocompleters
refactor/hal-resource-2
refactor/handle-prettier-dependency
release/11.2
release/11.3
release/11.4
release/12.0
release/12.1
release/12.2
release/12.3
release/12.4
revert-10203-fix/ldap-sync-mutex
revert-9332-feature/37472-dynamic-forms-v2-flat-resources_links-model
spike/fullcalendar-resources
spike/hotwire
spike/try-removing-shoulda
stable/10
stable/11
stable/12
stable/5
stable/6
stable/7
stable/8
stable/9
task/41010-add-configure-work-packages-forms-(headlines)-(premium-feature)
task/42684-project-settings-change-screenshot-and-customize-text
task/42759-new-wording-for-note-in-the-english-user-guide
task/43309-edit-forum-section-in-user-guide
task/43662-edit-work-package-faq
task/44235-user-guide-notification-typo-fix
task/44256-user-guide-calculate-work-package-progress-with-work-package-status
update-style-guide-screenshots
wizard-test
11.2.1
2.4.0
release/3.0.0
sprint/2014_08
sprint/2014_09
sprint/2014_10
sprint/2014_11
sprint/2014_12
sprint/2014_13
sprint/2014_16
sprint/2014_18
sprint/2015_01
sprint/2015_02
sprint/2015_03
sprint/2015_04
v10.0.0
v10.0.1
v10.0.2
v10.1.0
v10.2.0
v10.2.1
v10.2.2
v10.3.0
v10.3.1
v10.4.0
v10.4.1
v10.5
v10.5.0
v10.5.1
v10.6.0
v10.6.1
v10.6.2
v10.6.3
v10.6.4
v10.6.5
v11.0.0
v11.0.1
v11.0.2
v11.0.3
v11.0.4
v11.1.0
v11.1.1
v11.1.2
v11.1.3
v11.1.4
v11.2.0
v11.2.1
v11.2.2
v11.2.3
v11.2.4
v11.3.0
v11.3.1
v11.3.2
v11.3.3
v11.3.4
v11.3.5
v11.4.0
v11.4.1
v12.0.0
v12.0.1
v12.0.10
v12.0.2
v12.0.3
v12.0.4
v12.0.5
v12.0.6
v12.0.7
v12.0.8
v12.0.9
v12.1.0
v12.1.1
v12.1.2
v12.1.3
v12.1.4
v12.1.5
v12.1.6
v12.2.0
v12.2.1
v12.2.2
v12.2.3
v12.2.4
v12.2.5
v12.3.0
v12.3.1
v12.3.2
v12.3.3
v12.3.4
v12.4.0
v12.4.1
v12.4.2
v12.4.3
v3.0.0
v3.0.1
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.2
v3.0.3
v3.0.4
v3.0.8
v4.0.0
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-beta
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v5.0.0
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.13
v5.0.14
v5.0.15
v5.0.16
v5.0.17
v5.0.18
v5.0.19
v5.0.2
v5.0.20
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.1.0
v7.2.0
v7.2.1
v7.2.2
v7.2.3
v7.3.0
v7.3.1
v7.3.2
v7.4.0
v7.4.1
v7.4.2
v7.4.3
v7.4.4
v7.4.5
v7.4.6
v7.4.7
v8.0.0
v8.0.1
v8.0.2
v8.1.0
v8.2.0
v8.2.1
v8.3.0
v8.3.1
v8.3.2
v8.3.3-pre
v9.0.0
v9.0.0-pre
v9.0.1
v9.0.2
v9.0.2-pre
v9.0.3
v9.0.4
${ noResults }
4 Commits (61357f50918fb20e841b04788f96a2b49d0e8df0)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Oliver Günther
|
e9d7c374cc
|
[37868] Whitelist for attachment mime types and extensions on upload (#9431)
* Add setting for whitelist * Make attachments API BaseServices compatible * Add prepare service and contract * Correctly pass the filename to the UploadedFile * Add presence check to filename * Fix expected validation message * We no longer raise a multipart error when metadata is empty * Fix filesize validation on prepared uploads * Add parser error if invalid metadata json * When attachment is not saved, use filename property * Return correct error message on JSON parser erroro * Fix specs * Use attachment upload representer * Fix direct uploads mocks with new service layer * Lint * Fix export job using attachment service * Fix IFC controller using attachment prepare service * Fix export job * RenameRename params_getter to params_source * Fix mail handler using attachment service * Fix usage of attachment create service in documents * Reuse shared examples for document attachment spec * Fix stubbed attachment service in export job spec * Use admin user in backup spec * Fix export job for bim * Fix attachment integration spec * Fix issues_controller spec * Make budget resource spec reuse common examples * Fix attachment parsing representer spec * Replace prepare part of attachment spec into separate service spec * Clear cache for login spec * Convert document create/update into services * Budget services * Allow options to be passed to property twin * Remove setting author on budget initialize * Replace meetings update with services * Replace ifc models attachment handling with services * Don't check uploader if changed by system * Fix uploader being changed by system * Replace wiki page attach_files with attachable services * Replace avatar saving * Replace snapshot attach_files * Skip double validation when container present * Set snapshot through attachment service * Remove attach_files * Validate content type in contract * Enforce writing the content type without accepting user input * Expect changed content_type * Fix content of viewpoint image to get correct content type * Fix tsv spec * Add create contract spec * Bypass whitelist in internal services when conflicting with user * Fix expects in specs after whitelist bypass * Render contract errors for wiki * Add before_hook to bodied to allow to pre-authorize permissions * Budget errors from contract * Document errors from contract |
3 years ago |
ulferts
|
7ecf08e005
|
rework changed_by_system (#9043)
Before, it was implemented by passing the changed attribut keys over to
the contract to whitelist them.
This lead to:
* The contract interface becoming bloated
* Having to rely on the knowledge of the developer not to falsely
whitelist an attribute. The developer would also have to make sure
to not perform a mass assignment after the attribute has been
whitelisted
The new approach it to integrate the behaviour into the model which is
first altered in the service before it is scrutinized in the contract.
The information about the changed attributes is now stored inside the
model which removes the necessity to flag the whitelisted attribute
separately. Additionally, the exact change is tracked. So if an
attribute is set to one value inside a whitelisted block there is no
risk in later on performing a mass assignment.
This comes at the cost of extending the models which is weird also it is
build into the default SetAttributesService so child classes do not have
to worry. One might include the module into every AR model but currently
we only need it for a very specific use case.
|
4 years ago |
|
ulferts
|
6140f4c7e9
|
update copyright to 2021 (#8925)
Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 |
4 years ago |
|
ulferts
|
ae2edad19b
|
Fix/copy project wiki notifications (#8777)
* rename to convey applicability to all journal notifications * adapt journal completed job to handle wiki content * remove empty module * create wiki_content mail service * introduce copy/create service and contract for wiki pages * specify set attributes and create contract for wiki pages * copy the content attributes * use wiki page create service when copying wiki * introduce specifc service for copying wiki pages The contract disables checks for permissions on the wiki page. The copy_projects permission should suffice to copy everthing in a project * copy wiki pages top down to rewrite hierarchy * limit copied attachments to copied type |
4 years ago |