* Capabilities API
* introduce auxilliary capability model
* capability model and query
* render in sql
* fix pagination
* introduce sql representer
* extract abstract sql representer class
* remove yet unused methods
* abstract sql collection representer
* contract_actions as part of permissions
* filter for capability id - used in GET
* id filter validation
* remove unused representer
* remove unused wp representer
* reuse renaming class
* add spec for access control
* add principal filter to capability
* add context filter
* extract capability sql into scope
* admin gets all capabilities
* require to have one filter set to keep performance bearable
* consider active project modules for capabilities
* limit capability based on principal visiblity and user state
* rework capability to be tableless
* spec not being allowed to see on request level
* add actions to capability representer
* add action api
* extract sql index endpoint
* remove unused class
* prepare sending signaling error - not yet frontend exposed
* extract show endpoint for sql rendered responses
* use UNION for better performance
* include navigation links on collections
* remove string replacements
* extract collection representer into hal sql module
* no capabilities when blocked
* remove commented out code
* avoid nil for wiki page slugs as they would be invalid
Also explicitly enables having "!" for a wiki title but fails hard for all cases, which are not handled by default or custom.
* move legacy specs over
In case of the `!` operator, other memberships interferred. This was because of the left join leading to result sets that where not of interest. The now used not.in does not have that problem
* Refactoring: Create shared examples for user contracts
* Users::UpdateContract spec added
* Add spec for updating the login of a user
* Add spec for permitted params when global permission to :manage_user
* Remove spec for :login updates for user UpdateContractSpec
The writability of the login attribute is not part of the contract
(yet).
* Use user contract for checking writability of user attributes
* Fixing user contract specs.
* use persisted user in spec
Co-authored-by: ulferts <jens.ulferts@googlemail.com>
* fix custom field validation on unpersisted record
For unpersisted records, the customized value on a custom field is not yet set even though the custom field has been constructed using customized.custom_fields.build
This needs to be countered by setting the customized explicitly.
Without this, e.g. validations that depend on the customized fail
* adapt spec to have the members created in setup
Co-authored-by: ulferts <jens.ulferts@googlemail.com>
For unpersisted records, the customized value on a custom field is not yet set even though the custom field has been constructed using customized.custom_fields.build
This needs to be countered by setting the customized explicitly.
Without this, e.g. validations that depend on the customized fail
When a user has the manage_users permission in any project, they are
eligible to view all users for inviting them to the project.
This however is not reflected in the principals API, where only users
in all visible projects are found.
* Move replacing invalid references into separate job for principals
* Write migration to remove existing invalid custom values and responsible
* Fix other specs
* Fix other specs
* rewrite replacing user in records
* consolidate principal deletion
* include placeholder users in spec
Co-authored-by: ulferts <jens.ulferts@googlemail.com>
* Adding placeholder user contracts
* Adding create, update, and delete services for placeholder users
* WIP: Adding Placeholder User contract specs [ci skip]
* Extract contract validation into common helper
* Add common validation in BaseContract + common example for admin checks
* Introduce common ModelContract shared context for validations
* WIP: PlaceholderUser controller, i18n, and routes [ci skip]
* Placeholder users index page and query
- moved all group related scopes from User to Principal to make them also available in PlaceholderUser.
* end
* Create PlaceholderUser
* Feature spec for editing a placeholder user
* Manage PlaceholderUser memberships
The managment of memberships is pretty similar for User and PlaceholderUser. This commit extacts the similarities and uses them for both.
* General partial and show view for PlaceholderUser
* Delete obosolete partial
* Allow RequireAdminGuard to be used as a module function
* Fix I18n for confirmation text
* Smaller code improvements
* Fix: Syntax for accessing status enums was wrong.
* Use UpdateService for updating a placeholder user
* Add spec for PlaceholderUsersController
* First code improvements after code review.
- more improvements to come.
* Further code improvements after review
... still more to come
* Correct namespace of delete service
* Fix: Make placeholder user contract validate
* Remove :type attribute from base contract of User and PlaceholerUser
...and add it to the CreateContracts.
Also add type validations.
Further extract shared examples for placeholder user attribute
validation
* Refactor: Extract membership hook calls to helper
* Fix redirect paths for membership controllers
* Specs already present in shared exampels.
* Fix duplicates routes for users and placeholder users
* Fix user path
* Add attribute name and lastname
We don't need a writeable check as both are equally writable
* Replace more references to tab_edit_user_path
* Skip specs for PlaceholderUsers::DeletionService
We will tackle that service in a separate PR.
* Fix module usage of RequireAdminGuard
* Fix group filter for placeholder users
* Fix invalid reference to expect_valid
* Fix: Fix tabbed edit path for placeholder users
* Fix status filtering on users
* Linting
* Improve generalisation of individual principal filter cell
- Check for presence of groups and statuses in order
to toggle visibility of their UI element.
- Remove groups from placeholder user controller and
cell initialization and options
* Fix selector on groups assign
* Remove using_shared_fixtures
Co-authored-by: Oliver Günther <mail@oliverguenther.de>
* Rewrite members page to output name column
* Remove white-space nowrap for long login names in administration
* Extend member specs
* Allow query instance to be used in table cell
* Fix memberships specs with changed columns
* Add order for email
* Review feedback
* Allow x to close add member form
* WIP sort firstname/lastname
* Make status sortable
* Extract order_by_name into the order class
* Re-add but deprecate order_by_name
It's still in use in combination with some special scopes
(custom actions for example) that I don't want to remove right now
* Rewrite order_by_name into scope
AnyFixture will create once instance of a factory for reuse in a number of specs.
This will work fine until we require a clean slate for a specific example.
As we have numerous tests that test like the database is empty,
we get a number of disadvantages:
- After an example with `with_clean_fixture` metadata, the fixture will only be regenerated
after the next example that uses it. This means the order of execution will change
the number of objects in the DB.
- The more `with_clean_fixture` we have, the smaller the performance advantage of AnyFixture will
result in.
- You cannot use an AnyFixture in a spec that needs a clean slate. This should be obvious but was overlooked
by myself.
* use AR`s scope method instead of singleton class method
By using the scope method, all of Rails` checks and method definition usually done on a method are now also performed on the extracted scope methods
5f3ff60084/activerecord/lib/active_record/scoping/named.rb (L154-L190)
* turn scope classes into modules
* remove intermediate placeholder scope
Doing so, placeholder users will begin to show up in the system
* remove scope without value
* extract scope
* use enum for status
* allow placeholder users to become project members
* display placeholder user member on members widget
* remove now superfluous method
The status name can simply be queried via #status now
* replace possible_assignees/responsibles on project
This also leads to placeholder users becoming eligible as assignees and
responsibles.
* fix aggregated scope on bulk edit
* linting
* remove IssueHelper
* Add global permission for add_user
* Rename fieldset for global roles to "Global"
* Add permission to admin actions
* Add index action to add_user permission
* Redirect to first admin item if only one
* Hide status action for non admins
* Break down user form into partials for easier rendering
* Disable some user form tabs for non-admins
* Make users API and services conformant with endpoints
* Fix references to DeleteService#deletion_allowed?
* Authorize add_user on show as well
* Only show invite user toolbar item with permission
* Fix Delete Service spec
* Fix the way user prefs are handled in service
* Ensure session_id is treated as string
This causes a cast error otherwise as it passes rack session locally
* Fix service call on onboarding controller
* Fix service call on users controller
* Add delete spec for global user
* Hide login attribute again when adding a new user
* Render auth source correctly in simple form
* Fix creating invited users through service
The invitation requires the mail attribute to be present.
Previously, there was a manual error added to the mail.
As the errors are now determined by the contract + model, we now
end up with all missing properties as errors.
* Properly constraint attributes for non-admins
* Add specs for global user
* Start working on how to update password from UsersController
that code is a mess...
* Change permitted_params spec to include non-admin params
* Fix create user service spec
* Remove mail_notification param from users controller
It's not part of the contract/params passed to user
* Remove todos
* Extend docs
* Correct the way backlogs patches into the user settings
* Remove superfluous UpdateUserService
* Rewrite duplicated update service examples into common shared example
* Remove duplicate password writable check
* Base Users::DeleteContract on base delete contract
* Move checks for active users into the UserAllowedService
* Restore password writable check as it is not an attribute
* Fix menus for global user
* Allow global users to add custom fields
* Allow global user add permission to reinvite user
* Fix changed var name in update service spec
* Ensure also invited or registered users can be authroized
This ensure that e.g., invited users can also be set as watchers
* fix typo
Co-authored-by: ulferts <jens.ulferts@googlemail.com>
* Add missing copyright note to AnonymousUser [ci skip]
* Addin PlaceholderUser model and its associations
* Ensure PlaceholderUser do not "leak out" uncontrolled
* Extract Associations for User and PlaceholderUser.
- remove obsolete #assigned_issues
- remove obsoete #:responsible_for_issues
- add specs and factory for PlaceholderUser
Adding specs to PlaceholderModel
* Migration: enforce uniqueness of lastname for Group and PlaceholderUser
* Remove obsolete callback `after_add` on groups association.
The association of principals and groups still had a callback
`after_add` that called a method `user_added` on the group.
That method was not defined anymore as it was removed in
commit d93ff52a27.
* Move validation for #groupname to the right spec.
* Cleanup placeholder and group specs
* Remove Setting `workpackage_group_assignment`
* Refactoring: Extract assignable scope from Project to Member
* Refactor: Add Member scope not_locked.
* deprecate hacky scope
* remove wp_group_assignment specific test case
Co-authored-by: ulferts <jens.ulferts@googlemail.com>
* linting
* use Carrierwave's replacement for filename
This avoids having the name altered by Carrierwave later on in the Attachments::FinishDirectUploadJob job where the file is fetched and then the attachment is stored.
* separate cases for no attachment and no local file
Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded.
Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
* rename timestamps on time entry
* add updated_at filter/order for time entries
* rename on cost entries as well
This will make handling in the cost query easier
* adapt specs
* linting
* adapt project activity
* update references to updated_on
* remove outdated docs/code
* global memberships are just memberships
* rewire global membership creation/update/deletion
* delete no longer required code and patches
* move code to core
* move specs to core
* completely remove global roles in the form of a plugin
* adapt specs
* remove unused methods
* migrate existing data
* adapt membership representer to changed timestamps
* global memberships available via API
* implements created/update_at filters on memberships
* update member on roles being added/removed
* specify default value for created_at
* fix project permission check and validation on members
* adapt membership schema
* adapt usage of sort by on members widget
* support created/updated_on for api sort and filter
* remove outdated model file
* rename timestamps
* allow specifying timestamp column for aaj
* reload column information
* further rename of created_on
* include updated_at into journal creation
* adapt document updated_at calculation
* remove references to JournalVersion
* remove outdated docs/code
* global memberships are just memberships
* rewire global membership creation/update/deletion
* delete no longer required code and patches
* move code to core
* move specs to core
* completely remove global roles in the form of a plugin
* adapt specs
* remove unused methods
* migrate existing data
* adapt membership representer to changed timestamps
* global memberships available via API
* implements created/update_at filters on memberships
* update member on roles being added/removed
* specify default value for created_at
* fix project permission check and validation on members
* adapt membership schema
* adapt usage of sort by on members widget
* support created/updated_on for api sort and filter
* rename timestamps on time entry
* add updated_at filter/order for time entries
* rename on cost entries as well
This will make handling in the cost query easier
* adapt specs
* linting
* adapt project activity
* update references to updated_on
* rename to convey applicability to all journal notifications
* adapt journal completed job to handle wiki content
* remove empty module
* create wiki_content mail service
* introduce copy/create service and contract for wiki pages
* specify set attributes and create contract for wiki pages
* copy the content attributes
* use wiki page create service when copying wiki
* introduce specifc service for copying wiki pages
The contract disables checks for permissions on the wiki page. The copy_projects permission should suffice to copy everthing in a project
* copy wiki pages top down to rewrite hierarchy
* limit copied attachments to copied type
ulferts
Oliver Günther
Wieland Lindenthal
Markus Kahl
Cyril Rohr
luz paz