Commit Graph

94 Commits

Author SHA1 Message Date
Damian Mooyman
f1a0aef0d7
BUG fix CMS_ACCESS permission being ignored if in incorrect order in array 2016-06-28 17:45:15 +12:00
Damian Mooyman
5d240feaec Merge remote-tracking branch 'origin/3.2' into 3.3 2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac Merge remote-tracking branch 'origin/3.1' into 3.2
# Conflicts:
#	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
#	docs/en/02_Developer_Guides/14_Files/01_Image.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
#	docs/en/03_Upgrading/index.md
#	docs/en/05_Contributing/01_Code.md
#	forms/TreeMultiselectField.php
#	security/Permission.php
2016-01-19 14:00:19 +13:00
Daniel Hensby
4335d8ed22 FIX Members with no ID inherit logged in user permission 2016-01-05 08:16:18 +00:00
Novusvetus
6266f909e0 API Increased Permission.Code db field to 255 characters 2015-11-27 13:54:37 +13:00
Manuel Teuber
666ce26929 FIX: Permission::checkMember() use of undefined variable $codes 2015-10-07 16:02:36 +13:00
Manuel Teuber
5224fc460c FIX: Permission::checkMember() use of undefined variable $codes 2015-09-29 23:49:29 +02:00
Damian Mooyman
309ac0d196 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	.travis.yml
	admin/code/CMSProfileController.php
	admin/tests/LeftAndMainTest.php
	control/HTTP.php
	security/Permission.php
	tests/forms/FormTest.php
	tests/model/ArrayListTest.php
	tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Daniel Hensby
2d4b743090 FIX Members can access their own profiles in CMS 2015-08-26 15:47:51 +01:00
Daniel Hensby
ab0572e7cc DOCS Permission comments made a bit clearer 2015-08-21 09:16:46 +01:00
Daniel Hensby
6eede57ff2 Fix issue where Access All CMS Sections doesnt work 2015-08-20 22:30:43 +01:00
Damian Mooyman
e14f743bf0 Set deprecation level for all changes in 3.x to 4.0 2015-06-19 13:07:41 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Sean Harvey
404478b07f Removing @deprecated 3.1 functionality and classes.
Changelog has been updated to include what was removed in terms of
major functionality, and what to use as a replacement.
2014-08-18 16:00:13 +12:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Gus King
5797efa263 Documented magic properties of DataObject 2014-01-26 00:11:32 -05:00
Ingo Schommer
0ea7042443 $privileged_permissions visibility (fixes #2464) 2013-09-27 18:56:38 +02:00
Ingo Schommer
03d1d58148 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/code/SecurityAdmin.php
	css/AssetUploadField.css
	docs/en/topics/configuration.md
	security/PermissionRole.php
2013-09-12 17:33:36 +02:00
Ingo Schommer
720c149aee FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:42 +02:00
Ingo Schommer
68ca47b0dd FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:35 +02:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
56f7ce1dcf Merge remote-tracking branch 'origin/3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	control/HTTPResponse.php
	model/Database.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	view/Requirements.php
	view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Simon Welsh
1e629f4585 Merge branch '3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	dev/Profiler.php
	view/Requirements.php
2012-09-21 14:56:56 +12:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Will Rossiter
9babb01a4b FIX: ensure that permissions_for_member() accounts for denied permissions.
Taken from http://open.silverstripe.org/ticket/7296. PermissionTest extended to validate that permissions_for_member() includes permissions denied pre applying patch. PermissionTest passes post patch.
2012-07-01 17:55:20 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Hamish Friedlander
374ed19406 API CHANGE: Change variable expose method in TemplateGlobalProvider and TemplateIteratorProvider to (a) not clash with each other and, (b) be less generic 2012-03-06 09:31:57 +13:00
Hamish Friedlander
fb246bdd08 APICHANGE: Rename getExposedVariables to match coding conventions 2012-03-06 09:31:56 +13:00
Hamish Friedlander
927dbbe717 API-CHANGE: Global template variables can now be called directly using SSViewer_DataPresenter instead of needing to inherit off ViewableData 2012-03-06 09:11:46 +13:00
Fred Condo
d370423825 Clean up trailing ?> per coding standard
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Sam Minnee
0d683dd8ef MINOR: Removed use of deprecated join() in favour of innerJoin() and leftJoin(). 2011-10-29 17:36:38 +13:00
Stig Lindqvist
e38dd08ea5 MINOR: Fix docblocks to reference SS_List instead of (now deprecated) DataObjectSet where appropriate 2011-10-28 15:58:55 +13:00
Ingo Schommer
5257c35dff MINOR Documentation 2011-10-07 14:12:49 +02:00
Will Rossiter
1732a17114 Merged new-orm into datagrid 2011-09-26 16:47:54 +13:00
Ingo Schommer
ce8e72cf0e MINOR Removing executable flag from all files (thanks miiihi) 2011-09-18 22:04:02 +02:00
ajshort
3f132a105b API CHANGE: Replaced DataObjectSet instances with ArrayList. 2011-05-05 20:40:24 +10:00
Sam Minnee
de1494e3a8 ENHANCEMENT: Implemented DataList as the successor of DataObjectSet. DataList doesn't execute the query until it's actually needed, allowing for a more flexible ORM.
API CHANGE: augmentSQL is now passed a DataQuery object from which query parameters can be extracted.
API CHANGE: DataObjectDecorators that manipulate the query can now define augmentDataQueryCreation().
API CHANGE: The container class argument for DataObject::get() is deprecated.
API CHANGE: DataObject::buildSQL() and DataObject::extendedSQL() are deprecated; just use DataObject::get() now.
API CHANGE: DataObject::instance_get() and DataObject::instance_get_one() are deprecated, and can no longer be overloaded.
API CHANGE: DataObject::buildDataObjectSet() is deprecated.
API CHANGE: Cant't call manual manipulation methods on DataList such as insertFirst()
2011-05-01 15:25:45 +12:00
Sam Minnee
58d6cbf81a MINOR: remove SQL table alias keyword AS (from r108961)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112769 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:51:53 +00:00
Andreas Piening
1941c6042c ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.
MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords().
MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords() (from r100799)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@108804 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-08-03 01:05:27 +00:00
Ingo Schommer
06f18485a9 MINOR Improved help texts around permissions (from r100784)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@105651 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-05-25 05:02:08 +00:00
Ingo Schommer
74a04df3c8 API CHANGE Removed $blankItemText parameter from Permission::get_codes()
ENHANCEMENT Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch (from r97819)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102536 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 23:41:33 +00:00
Ingo Schommer
fdce2dfc22 BUGFIX: Fixed Permission::get_members_by_permission() for DB abstractions (from r97653)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102523 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 23:08:59 +00:00
Ingo Schommer
920f0aaa1a BUGFIX: Don't let non ADMINs with permission-editing rights assign themselves ADMIN permissions. (from r89805) (from r96718)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102341 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 01:47:48 +00:00
Ingo Schommer
603657b943 MERGE merged back a whole bunch of defect fixes from trunk (from r87846) (from r96712)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102336 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 01:45:52 +00:00
Ingo Schommer
8a1b1960c0 MINOR Placing 'ADMIN' permission in new 'Administrator' group at the top of the permissions list
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99601 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-22 10:02:10 +00:00
Ingo Schommer
bf3b7e0e9e APICHANGE: add the ability to remove some permissions specified by their code in the rendered field html of PermissionChecksetBoxField and full-covered unit tests of this ability. (from r92428)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92463 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 01:44:52 +00:00
Sam Minnee
57924a2c95 BUGFIX: Fixed glitch in permission code formats.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90550 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-31 00:58:16 +00:00