Commit Graph

840 Commits

Author SHA1 Message Date
Ingo Schommer
c55c7c33f8 Merge branch '3.0'
Conflicts:
	admin/code/CMSProfileController.php
	composer.json
	tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Sean Harvey
587d669861 Removing deprecated PasswordEncryptor::compare() method
Use PasswordEncryptor::check() instead
2012-11-15 14:43:16 +13:00
Sean Harvey
f122b103a1 Remove deprecated Group::addToGroupByName()
Use $member->addToGroupByCode($groupcode) instead
2012-11-15 14:43:15 +13:00
Mateusz Uzdowski
a8b0e44d98 API Hash autologin tokens before storing in the database.
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.

This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Sean Harvey
169366a011 Merge branch '3.0' 2012-11-06 13:04:21 +13:00
Sean Harvey
3451da001a BUG Fixing session keep alive for non-ADMIN users
SecurityAdmin isn't always available for CMS users, as they might
not have permission to view that section. This fixes the problem
with session keep alive by moving the ping to Security/ping, which
is available for all users.
2012-11-05 15:41:10 +13:00
Will Rossiter
69ea73b4ed Merge pull request #777 from halkyon/field_edit3
Member_ProfileForm respect canEdit() permissions on Member
2012-10-27 20:11:46 -07:00
Sean Harvey
f6a90467e4 Merge branch '3.0' 2012-10-15 10:10:01 +13:00
Damian Mooyman
c99991ba7a BUG Dummy Page_Controller initiated during login now is correctly initialised via dependency injection 2012-10-11 13:45:54 +13:00
Ingo Schommer
d1ee7612f5 Merge remote-tracking branch 'origin/3.0' 2012-10-08 16:48:52 +02:00
Saophalkun Ponlu
e3a27ea7da CMS member profile now is no longer in a popup (#7880) 2012-10-08 12:57:55 +02:00
Sean Harvey
0cce58040a BUG Fix deprecated use of dataFieldByName() in Member_Validator 2012-10-08 09:26:28 +13:00
Ingo Schommer
56f7ce1dcf Merge remote-tracking branch 'origin/3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	control/HTTPResponse.php
	model/Database.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	view/Requirements.php
	view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
b75c4b84ec Localization for PermissionCheckboxSetField 2012-09-28 16:41:25 +02:00
Jeremy Bridson
07bc75c281 ENHANCEMENT: open/7881 - removed disabled checkboxes and replaced them with green ticks. Added help text above the list of permissions. Removed action buttons by fade out when user goes to users permissions tab. 2012-09-28 16:37:35 +02:00
Ingo Schommer
91e4fde96f ENHANCEMENT "Readonly" behaviour for CMS tabs 2012-09-28 16:37:35 +02:00
Simon Welsh
1e629f4585 Merge branch '3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	dev/Profiler.php
	view/Requirements.php
2012-09-21 14:56:56 +12:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Sean Harvey
9c2be0f025 Merge branch '3.0' 2012-09-17 15:16:52 +12:00
Josh
399b2a23da FIXED: collateFamilyIDs() nested groups throws error
http://open.silverstripe.org/ticket/7835
2012-09-14 12:12:37 -03:00
Ingo Schommer
6544c8fc13 Merge remote-tracking branch 'origin/3.0' 2012-09-11 14:05:45 +02:00
Ingo Schommer
5eca675146 Fixed PermissionRole field localization 2012-09-11 13:53:09 +02:00
Sean Harvey
5cbd2dbeb4 BUG CMSProfileController::Member_ProfileForm() respecting canEdit() permissions on Member
CMSProfileController currently checks canView() which ensures that a logged in CMS
Member can access the profile controller, but when saving the record on Member_ProfileForm
there is no check for canEdit(), so extended permissions don't get respected.

This adds a check for canEdit() in Member_ProfileForm, and adds some functional tests
to check permissions.
2012-09-07 11:24:47 +12:00
Sean Harvey
dcf5d217ad BUG Fixing deprecated usage of dataFieldByName() in Member_Validator 2012-09-07 11:24:41 +12:00
Ingo Schommer
55892fedd8 Merge remote-tracking branch 'origin/3.0' 2012-08-15 20:32:16 +02:00
Roland Lehmann
701da8b822 Updated translations; i18n for fieldLabels 2012-08-15 20:30:30 +02:00
Ingo Schommer
3bce3550d3 Merge remote-tracking branch 'origin/3.0' 2012-08-12 22:21:06 +02:00
Naomi Guyer
ae52be54f0 FIX: Missing last login time (fixes 7666)
Add in missing user login time
2012-08-10 18:08:53 +12:00
Hamish Friedlander
95d0be636c Merge remote-tracking branch 'origin/3.0' 2012-07-25 11:44:53 +12:00
Hamish Friedlander
b7691077cf API Prep forForeignID for immutability in 3.1 per 7673 2012-07-23 10:31:47 +12:00
Ingo Schommer
4b9ccabcf6 Merge pull request #603 from willrossi/trac7296
FIX: ensure permissions_for_member() accounts for denied permissions
2012-07-05 09:26:04 -07:00
Sean Harvey
bea58b1193 Merge pull request #607 from willrossi/trac6416
FIX: check GetRandom() exists for RandomGenerator.
2012-07-01 18:38:53 -07:00
Sean Harvey
a4ff1d3613 FIX: check GetRandom() exists for RandomGenerator
See http://open.silverstripe.org/ticket/6416
2012-07-01 21:05:10 +12:00
Will Rossiter
f9ea5430bb API: add SecurityToken::reset() as a shortcut for regenerating a secure token.
See http://open.silverstripe.org/ticket/6303
2012-07-01 20:53:58 +12:00
Will Rossiter
9babb01a4b FIX: ensure that permissions_for_member() accounts for denied permissions.
Taken from http://open.silverstripe.org/ticket/7296. PermissionTest extended to validate that permissions_for_member() includes permissions denied pre applying patch. PermissionTest passes post patch.
2012-07-01 17:55:20 +12:00
Will Rossiter
a4bce3fc44 ENHANCEMENT: remove dependencies between framework tests and cms module. 2012-06-20 16:17:29 +02:00
Sam Minnee
3f0136749b API CHANGE: Add Security::ignore_disallowed_actions() to allow site features to be disabled when permissions have failed, rather than redirecting to the log-in form. (Trac #7097) 2012-06-15 15:17:48 +12:00
Sean Harvey
8b2cb9a7d9 BUGFIX Declare PasswordEncryptor_Blowfish::get_cost() as static 2012-06-15 12:13:33 +12:00
Cam Spiers
9139f737b8 ENHANCEMENT: Added the ability to set a cost (the property was protected before and there were no setters and getters) and enforced the php requirements on the cost string used in the salt of crypt. Specifically, two digit from 04-31. Updated unit tests for blowfish algorithm to actually use the salt generation function and to test the newly implemented cost setting and getting functionality. 2012-06-14 15:13:11 +12:00
Ingo Schommer
2a52ce2ff8 MINOR Fixed duplicate help text on Group->getCMSFields() 2012-06-13 15:04:40 +02:00
Marcus Nyeholt
82a1e7d282 MINOR Use injector for creating Member_GroupSet object
MINOR Use injector for creating many many list objects

MINOR Use injector for creating objects from within the DataList

MINOR Use Injector::inst() for creating objects; cannot rely on this->injector being present due to many classes being created with 'new', so use inst() directly

MINOR Remove injector autoset property for now; automatically setting it breaks a few test cases that don't know about it for now, and it's not needed just yet
2012-06-05 01:33:44 +10:00
Sean Harvey
c3eabffcb9 MINOR Use shorthand {class}::get() syntax instead of DataList::create()
in core code.
2012-05-28 21:13:42 +12:00
Sean Harvey
45465dca91 Merge pull request #483 from halkyon/cms_ping_keepalive
Re-instate CMS ping to ensure sessions are kept alive
2012-05-23 15:55:22 -07:00
Sean Harvey
1ed5e3c9be Merge pull request #485 from halkyon/deprecate_director_statics_for_controller
Deprecate director controller static functions
2012-05-23 15:54:57 -07:00
Sean Harvey
60c72c40d9 API CHANGE Use of the DropdownField $emptyString argument is now
properly deprecated (has been marked as deprecated since 2.3). Please
use setEmptyString() on the DropdownField instance instead.
2012-05-23 22:59:40 +12:00
Sean Harvey
77c2365b87 MINOR Replacing deprecated static function calls to Director with
current Controller instance replacements.
2012-05-23 21:50:02 +12:00
Sean Harvey
ecf847b61c ENHANCEMENT Re-instate pinging every 5 minutes in the CMS as a measure
to keep sessions alive. Moved Security/ping to admin/security/ping
2012-05-23 17:15:17 +12:00
Ingo Schommer
69fbdad722 MINOR Removed non-functional "close popup" link from profile editing in CMS (fixes #7343) 2012-05-20 14:03:50 +02:00
Sean Harvey
e5e8f489a2 Merge branch (pull request #247) 'template-global-fixes' of https://github.com/sminnee/sapphire into sminnee-template-global-fixes 2012-05-19 15:39:59 +12:00