Commit Graph

2177 Commits (7c7c99daa2c540420fbba58afa73881762f62fc8)

Author SHA1 Message Date
Martin Linkhorst f919bda76f allows for finding roles based on a permission 13 years ago
Jens Ulferts 808f24d905 really setting the custom_field as beeing not required temporarily 13 years ago
Jens Ulferts 20b216247c fallbacks are necessary on validation as they are also used later on 13 years ago
Jens Ulferts f75d1c1ec0 Revert "nested tab attributes are safe, one cannot fake project_id, nor wiki_id" 13 years ago
Martin Linkhorst 680fe507b6 always sort a project hierarchy by name. fixes #30706 13 years ago
Felix Schäfer 2e81aee28b We don't allways want I18n fallbacks 13 years ago
Romano Licker ade3fd1048 enforce date when setting commit_date 13 years ago
jwollert 4ac6a6d7a2 rebranding mailer stuff to openproject 13 years ago
Martin Linkhorst 3e034514f6 re-allow mass assignment of assign_to_id of issue categories. but issue category won't be valid unless assignee is also project member of the category. (mirroring what is possible to select in the view) fixes #28790 13 years ago
Romano Licker d9069356e1 display errors correctly when adding a member to a project 13 years ago
Romano Licker 01f8886a63 fixes: couldn't switch roles on a user & ensure correct 13 years ago
Romano Licker e2d7bde493 fixing copying of members (while copying a project) 13 years ago
Jens Ulferts ce0bdc8abd add start_date to save attributes, validate it as date format 13 years ago
Jens Ulferts 3511600c0a adjust members_controller to work with the protected attributes 13 years ago
Martin Linkhorst 284f689bd7 nested tab attributes are safe, one cannot fake project_id, nor wiki_id 13 years ago
Romano Licker 73c087e19c reset author to current user when copying an issue 13 years ago
Martin Linkhorst 34dbfb2c83 don't use mass assignment for login field, somebody added it to attr_protected 13 years ago
Martin Linkhorst 235fe06944 use safe attributes rather than mass assignment directly 13 years ago
Romano Licker 44f48962bf automatically fill the parent_id field when duplicating an issue 13 years ago
jwollert 7681d943ad fixes copying projects 13 years ago
jwollert 105ef24862 fixes creation of member_roles 13 years ago
jwollert d9f6b52029 protect relations to users (assigned_to, author_id etc.) in models, too 13 years ago
Martin Linkhorst 337561261a some documentation regarding mass assignment, show full stack trace in console 13 years ago
Martin Linkhorst 696ed97dcd fix: use the old style #force_attributes 13 years ago
Martin Linkhorst 12bb66c264 refactor dealing with mass assignment 13 years ago
Martin Linkhorst 42bc728288 fix to work with protected :project_id 13 years ago
jwollert e0a2b9e768 fixes creation of anonymous user. shouldn't mass assign protected attributes (i.e. login) 13 years ago
Martin Linkhorst 1fce5b6a8f added attr_protected calls to protect mass assignment of :project_id through a view 13 years ago
Jean-Philippe Lang f5ac69401d Set user_id as a protected attribute (#922). 13 years ago
Jean-Philippe Lang a6a95c8617 Prevent mass-assignment vulnerability when adding/updating a wiki (#922). 13 years ago
Jean-Philippe Lang 5c6fbc664b Prevent mass-assignment vulnerability when adding/updating a version (#922). 13 years ago
Jean-Philippe Lang 42caba0351 Prevent mass-assignment vulnerability when adding/updating a time entry (#922). 13 years ago
Jean-Philippe Lang 676bf0f751 Prevent mass-assignment vulnerability when adding/updating a news (#922). 13 years ago
Jean-Philippe Lang 4156485090 Prevent mass-assignment vulnerability when adding/updating a forum message (#922). 13 years ago
Jean-Philippe Lang 6b25085997 Prevent mass-assignment vulnerability when adding/updating an issue category (#922). 13 years ago
Jean-Philippe Lang 21c498557e Prevent mass-assignment vulnerability when adding/updating a document (#922). 13 years ago
Jens Ulferts 0c6ddd8030 adding comment 13 years ago
Jens Ulferts 1d1f923306 fixing minor bugs in custom_field: 13 years ago
Jens Ulferts 13813195e9 moving validates_uniqueness_of patch for globalized models into initializers 13 years ago
Jens Ulferts 911682f55c validate default_value in every provided locale 13 years ago
Jens Ulferts 4e07a913c9 possible_values of custom_fields are now localizable 13 years ago
Jens Ulferts 74c9bc2896 enabling default_value of custom_fields to be localized by admins 13 years ago
Jens Ulferts 7178c1b3b7 enabling name attribute of custom_fields to be localized by admins 13 years ago
jwollert dc8483b15d fixes copying projects 13 years ago
jwollert 3eca274548 fixes creation of member_roles 13 years ago
jwollert 934d22ec67 protect relations to users (assigned_to, author_id etc.) in models, too 13 years ago
Jens Ulferts 1c1a7c9d84 refactored allowed_to to be more extensible 13 years ago
Martin Linkhorst 4e9c17fca8 some documentation regarding mass assignment, show full stack trace in console 13 years ago
Martin Linkhorst bfc4a441f4 fix: use the old style #force_attributes 13 years ago
Martin Linkhorst 7b34ebdc47 refactor dealing with mass assignment 13 years ago