Commit Graph

432 Commits

Author SHA1 Message Date
Ingo Schommer
8f098c1341 ENHANCEMENT MemberCsvBulkLoader for easy member import with group associations (merged from r94251)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98714 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:30 +13:00
Sam Minnee
4513b0b79f MINOR: Fixed caching of login page for tests
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98538 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:29 +13:00
Sam Minnee
ec326f752e BUGFIX: Make Security/login page's ID give a different number for loggedin vs loggedout, to help with partial caching
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98534 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:28 +13:00
Sam Minnee
ff666ff25d BUGFIX: Make login form work without any theme loaded.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98432 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:28 +13:00
Ingo Schommer
96f022be85 MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98274 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:25 +13:00
Andrew Short
a0ab707feb FEATURE: Moved the log-in validation process from individual authenticators into Member->checkPassword() and canLogIn(), to allow more extensibility and control (trunk, 2.4).
MINOR: Use a ValidationResult to log in a member so that custom errors can be generated.

From: Andrew Short <andrewjshort@gmail.com> (from r98267)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98268 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:25 +13:00
Sam Minnee
30382db462 BUGFIX: Don't register member IDs that don't exist in the DB as being logged in.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98265 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:25 +13:00
Will Rossiter
18fe161702 BUGFIX: fixed member labels not appearing in cms popup. #5025
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98030 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:19 +13:00
Ingo Schommer
db31ff5ad1 API CHANGE Removed $blankItemText parameter from Permission::get_codes()
ENHANCEMENT Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97819 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:16 +13:00
Ingo Schommer
4557ba87aa API CHANGE Removed Member::init_db_fields(), its no longer needed due to the Member.PasswordEncyrption property changing from an ENUM to Varchar.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97818 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:16 +13:00
Sam Minnee
00e5caf49c BUGFIX: Fixed Permission::get_members_by_permission() for DB abstractions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97653 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:15 +13:00
Ingo Schommer
31280ece2c BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97480 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:13 +13:00
Ingo Schommer
51c14227b2 API CHANGE Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271)
API CHANGE Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
ENHANCEMENT Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
MINOR Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin'

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97478 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:13 +13:00
Andrew Short
168114d4e2 ENHANCEMENT: Updated Member->getMemberFormFields() to use scaffolding and to be in line with Member->getCMSFields().
From: Andrew Short <andrewjshort@gmail.com> (from r97401)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97436 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:12 +13:00
Geoff Munn
81d775f06f BUGFIX: old 2.3 passwords now handled correctly and migrated accordingly
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97357 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:11 +13:00
Geoff Munn
f4de365be8 API CHANGE: Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email'
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97270 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:10 +13:00
Sam Minnee
25a437e5a0 BUGFIX: Removed XSS holes (from r94823)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96773 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:07 +13:00
Sam Minnee
150457f8a2 BUGFIX: Don't let non ADMINs with permission-editing rights assign themselves ADMIN permissions. (from r89805)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96718 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:02 +13:00
Sam Minnee
66c7eb6f10 MINOR update merge info, merged in r87119 (from r88839)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96714 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:02 +13:00
Sam Minnee
51a2eeed15 MERGE merged back a whole bunch of defect fixes from trunk (from r87846)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96712 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:02 +13:00
Geoff Munn
6b59dc3e78 BUGFIX: Fallback for arrays which do not contain 'alreadyLoggedIn' values
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@95968 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:00 +13:00
Mateusz Uzdowski
d6b4ad39d8 BUGFIX: adding onAfterDelete hooks to remove the no longer necessary permissions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94859 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Mateusz Uzdowski
7cdf62fd1c MINOR: added comment
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94856 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Mateusz Uzdowski
056dae8103 BUGFIX: orphaned permissions and subsite administrator groups were causing trouble - now with the JOIN the first global administrator group is picked up when ussing the override login.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94835 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Mateusz Uzdowski
fa3fe47284 BUGFIX: removing permissions before re-applying them (previously it just removed the components on the relation which resulted in permissions having GroupID set to 0)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94810 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Will Rossiter
cd9f6cc9b2 MINOR: removed duplicate writes for performance
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94438 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:58 +13:00
Will Rossiter
1eb9fe83c1 APICHANGE: Group::addByGroupName() now creates the group if one does not already exist (from r83010)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94430 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:57 +13:00
Andrew O'Neil
a783448266 BUGFIX: Make sure findAnAdministrator gets a global administrator when subsites is installed.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94369 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:57 +13:00
Sean Harvey
06b7dc5de3 BUGFIX #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete()
MINOR Added additional tests to MemberTest


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94358 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:57 +13:00
Will Rossiter
eb64eec534 API CHANGE: removed deprecated extend calls (r93632). API CHANGE: removed fieldExists(). Use hasField() (r93633). API CHANGE removed listOfFields() (r93647). API CHANGE: removed Tag() and URL() from Image. Use getTag() and getURL(). BUGFIX: updated Image.php to use getTag() (r93639, r93646). API CHANGE: removed val(). Use XML_val() (r93650). API CHANGE: removed $add_action. Use singlar_name or lang tables (r93658). API CHANGE: removed ConfirmedFormAction (r93674). API CHANGE: removed ajax_render on CTF (r93679).
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@93685 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:53 +13:00
Ingo Schommer
03c5caea72 MINOR Updated paths from jsparty to sapphire/thirdparty, cms/thirdparty and sapphire/javascript
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@93611 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:52 +13:00
Ingo Schommer
4452101790 API CHANGE Refactored hiding of Permissions added in r92428. Added PermissionCheckboxSetField?->setHiddenPermissions() (from r92865)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92878 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:38 +13:00
Normann Lou
65b1bc4839 APICHANGE: add the ability to remove some permissions specified by their code in the rendered field html of PermissionChecksetBoxField and full-covered unit tests of this ability.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92428 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:38 +13:00
Sean Harvey
c34ef6d562 BUGFIX More robust checks on the current member in Member::canEdit() and Member::canDelete() if there is no logged in member
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92129 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sean Harvey
797715ef78 BUGFIX Fixed Group::collateFamilyIDs() when working with MSSQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91775 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sam Minnee
f9c0ce652d BUGFIX: Include salt in legacy password encryptor (from r91743)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91746 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sam Minnee
45bbebe19f BUGFIX: Made use of new BasicAuth::protect_entire_site() consistent. (from r91658)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91659 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sam Minnee
ac239d6a0b BUGFIX: Don't enable site-wide protection by default (from r91609)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91613 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sam Minnee
723d075ffd API CHANGE: Replaced BasicAuth::enable() with BasicAuth::protect_entire_site()
API CHANGE: BasicAuth::requireLogin() no longer has an option to automatically log you in.  You can call logIn() on the object returned, instead. (from r91603)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91612 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
65c1c6fd20 NOTFORMERGE Fixed merge error from r91576
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91592 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
07fc3650a3 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665) (merged from r90949)
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004) (merged from r90949)
API CHANGE Deprecated Security::encrypt_passwords() (merged from r90949)
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation (merged from r90949)
API CHANGE Removed Security::get_encryption_algorithms() (merged from r90949)
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. (merged from r90949)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91576 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
2a1abcae2a BUGFIX Legacy password hash migration in MemberAuthenticator::authenticate() which fixes the precision problems mentioned in #3004 when a user logs in (from r90950)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91572 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
710f701645 MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask (merged from r90948)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91564 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Tom Rix
8216448da3 MINOR run checks before running hasMethod, as an extension does not neccessairily have that method.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90691 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:33:53 +00:00
Tom Rix
a1fdff6910 MINOR update PermissionCheckboxSetField to look at roles on the actual group
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90677 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 01:00:54 +00:00
Sam Minnee
57924a2c95 BUGFIX: Fixed glitch in permission code formats.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90550 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-31 00:58:16 +00:00
Tom Rix
33489cdc7f MINOR i18n'd a whole bunch of the new permission codes
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90493 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-30 01:43:34 +00:00
Tom Rix
3dfa7a2103 MINOR fixed ambiguous column
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90481 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-30 00:23:02 +00:00
Tom Rix
26ee7ade66 MINOR implement OnlyAdminCanApply
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90457 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 22:07:44 +00:00
Tom Rix
8096f91ae1 MINOR remove duplicate header
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90397 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 02:56:18 +00:00
Tom Rix
9c5dae4dff MINOR shuffled permissions around, gave them help text and categorized them.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90371 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-29 00:55:20 +00:00
Tom Rix
643be30e67 MINOR permissions on Groups and Roles are now handled by a checkbox set field
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-28 23:03:35 +00:00
Sam Minnee
994e93f790 API CHANGE: replaced Database::USE_ANSI_SQL with DB::USE_ANSI_SQL
API CHANGE: replaced Database::alteration_message() with DB::alteration_message()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90097 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-26 22:03:29 +00:00
Andrew Short
79773042be API CHANGE: Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog.
MINOR: Replaced usage of renamed classes with the new namespaced name.

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90075 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-26 03:06:31 +00:00
Andrew O'Neil
813760108c BUGFIX: Security::$default_login_dest isn't used (#4179, simon_w)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90023 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-23 00:18:10 +00:00
Sean Harvey
8bd78f77d8 MINOR Supress session warnings in session_regenerate_id() for a win32 environment (from r81984)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89712 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-21 02:21:05 +00:00
Sam Minnee
3da29fb08d MINOR show the permission/role inheritance chain on a group (from r89024)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89212 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-15 22:40:52 +00:00
Sam Minnee
88d5843cab FEATURE: Add a simple interface for administrating permission roles. (from r85297)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89189 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-15 22:28:11 +00:00
Sam Minnee
dd8120aed7 API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-15 22:27:56 +00:00
Sam Minnee
0c41f681b8 MINOR create the ability to have some roles only be able to be applied by admins (from r88090)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89180 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-15 22:23:39 +00:00
Sam Minnee
7e54fc1fc2 BUGFIX: Fix error when adding roles tab (from r86997)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89172 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-15 22:13:19 +00:00
Sam Minnee
7dd6d10cde MINOR added more documentation around SiteConfig. Also wrote unit tests for permissions inheritance off it. (from r86132)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89164 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-15 21:53:15 +00:00
Sam Minnee
9642c7171c ENHANCEMENT: Added Member::set_login_marker_cookie(), to let developers bypass static caching for logged-in users (from r73803)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88635 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-12 03:27:41 +00:00
Sean Harvey
8b6772fff0 Merged in Member::sendInfo() bug fixes from branches/2.3 - r85779
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86679 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-18 03:07:15 +00:00
Ingo Schommer
e9df16ba5a MINOR Formatting and documentation in Permission
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86084 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 07:01:52 +00:00
Ingo Schommer
2700d73e97 ENHANCEMENT Limiting "alc_enc" cookie (remember login token) to httpOnly to reduce risk of information exposure through XSS
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86027 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:23:31 +00:00
Ingo Schommer
d386db0bc3 ENHANCEMENT Avoid information disclosure in Security/lostpassword form by returning the same message regardless wether a matching email address was found in the database.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86021 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:01:46 +00:00
Ingo Schommer
ed5475bbae ENHANCEMENT Added Member->FailedLoginCount property to allow Member->registerFailedLogin() to persist across sessions by writing them to the database, and be less vulnerable to brute force attacks. This means failed logins will persist longer than before, but are still reset after a valid login.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86017 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 02:42:26 +00:00
Ingo Schommer
6b6c2a8bfa API CHANGE Removed Permission->listcodes(), use custom code
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86006 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 01:54:15 +00:00
Will Rossiter
ebce107d07 MINOR: added check for exec() and fixed the path for the wordlist file. Ticket #4428
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-03 23:36:45 +00:00
Normann Lou
02f4ff232f ENHANCMENT: get svn merged revision 84806:84808 from branches/iss
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@84814 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-19 05:47:02 +00:00
Sam Minnee
cd3db788a9 BUGFIX: Performance improvement to Member::currentUserID()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@84167 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-11 09:16:34 +00:00
Andrew O'Neil
66543e6002 NOTFORMERGE: Merged 84085 from 2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@84089 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-10 04:32:39 +00:00
Sam Minnee
7d49e1adbf BUGFIX: Fixed some bugs in the performance fixes on Permission
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@84066 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-08-08 03:40:24 +00:00
Sam Minnee
fdc6574064 ENHANCEMENT: Performance enhnacement to Permission::check(), to grab all the permission codes from the DB at once.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@83436 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-07-31 05:36:50 +00:00
Sam Minnee
6a52153b9f BUGFIX #4285: Fixed application of decorators when add_extension not used.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@81676 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-07-13 03:56:26 +00:00
Sam Minnee
d38c79f584 ENHANCEMENT: If you are logged in and Security::permissionFailure() is called, just return a 403
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@81430 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-07-09 03:20:32 +00:00
Sam Minnee
7f5838ce3d BUGFIX: MemberAuthenticator::authenticate() returns a member object or false, in keeping with the current docs.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@80250 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-28 02:48:33 +00:00
Sam Minnee
e0fbc7ac83 BUGFIX: Added explicit DataObjectDecorator::load_extra_statics() calls as a workaround for issues with extensions defined directly in-object.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@79720 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-22 02:42:42 +00:00
Sam Minnee
20cbabfcb5 BUGFIX #3750 bgribaudo: Always render the security login form in the $Form template variable.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@79565 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-18 08:22:27 +00:00
Sam Minnee
b2460de140 ENHANCEMENT: Removed circular references from extensions to improve garbage collection.
API CHANGE: The result of any extension returned by Object::extInstance() should have setOwner() called on it before calling a method, and clearOwner() after.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@78414 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-04 06:48:44 +00:00
Tom Rix
4b78089e6a BUGFIX make collateFamilyIDs work with SQLSRV
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@78244 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-02 04:31:35 +00:00
Ingo Schommer
dfa44c055c API CHANGE Changing DataObject::$changed to private visiblity. Please use getChangedFields() and isChanged()
ENHANCEMENT Added DataObject->isChanged() to detect if a field has been changed in this object instance
MINOR Changing call to CompositeDBField->compositeDatabaseFields() in DataObject->hasOwnDatabaseField()
BUGFIX Unsettig "Version" property in DataObject->getChangedField() to allow versioned to write a new version after a call to forceChange()
BUGFIX Introduced $markChanged in Money class
BUGFIX Casting Money->__toString() return value as string
MINOR Changing Member class to use new DataObject->isChanged() API
BUGFIX Using new $markChanged API for CompositeDBFields in DBField::create()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@77893 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-05-27 00:09:23 +00:00
Sean Harvey
230a70b0b7 API CHANGE Removed @deprecated 2.3 function isInGroup() from Member
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@77342 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-05-20 04:54:00 +00:00
Sean Harvey
a5e82ddff1 Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75590 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 01:20:24 +00:00
Sean Harvey
13b358a8dd Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 00:07:39 +00:00
Normann Lou
9a5928438a ENHANCEMENT: Member::getTitle() return more flexible title in case of Surname or/and FirstName missing.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@74665 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-17 06:00:32 +00:00
Geoff Munn
d8f8184986 API CHANGE: autologinhash index removed due to conflicts with nulls in MSSQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73816 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-30 03:04:37 +00:00
Sean Harvey
06cf80edb9 BUGFIX Undefined function "use_error" - should've been "user_error" (Merged from r69938)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73657 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-25 22:30:29 +00:00
Ingo Schommer
b12a00c391 MINOR phpdoc documentation
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73509 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-22 22:59:14 +00:00
Ingo Schommer
b078ad825c BUGFIX Existence check for Member autologin token
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73253 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-17 22:25:22 +00:00
Ingo Schommer
a96ca0eacc BUGFIX Checking for Director::is_site_url() before redirecting in Controller->redirectBack() and MemberLoginForm
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73252 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-17 22:24:50 +00:00
Geoff Munn
aaaf9cdfcd API CHANGE: queries fixed for MSSQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72929 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-11 23:03:28 +00:00
Geoff Munn
807736490f API CHANGE: NOW() replaced with DB-specific version
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72922 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-11 21:50:03 +00:00
Sam Minnee
189f0567f8 Merged from branches/2.2
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72811 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-10 22:17:26 +00:00
Sam Minnee
08a5a7c387 Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72803 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-10 22:08:52 +00:00
Andrew O'Neil
635e2c3df6 Merged from 2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72453 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-04 03:44:11 +00:00
Ingo Schommer
6d708765fe BUGFIX Fixed redirection to external URLs through Security/login with BackURL parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71708 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-11 21:08:28 +00:00
Ingo Schommer
bd2b9efede API CHANGE Member->canView() checks for ADMIN or CMS_ACCESS_SecurityAdmin access if not viewing the currently logged-in member. If permissions are enforced in custom interfaces (e.g. social networking frontends), this will impact the output. To loosen permissions, override or decorate Member->canView()
ENHANCEMENT Added Group->canDelete() AND Member->canView()
ENHANCEMENT Making Member->can*() and Group->can*() methods decoratable

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71327 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-03 23:33:28 +00:00
Ingo Schommer
4822c68947 BUGFIX Don't require ADMIN permissions to view an administrators group - rather set it to readonly through interfaces like SecurityAdmin
ENHANCEMENT Modified Group->canEdit() to check for CMS_ACCESS_SecurityAdmin permissions codes (see r70697)
BUGFIX Using canView() instead of canEdit() in Group->AllChildrenIncludingDeleted()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71320 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-03 22:44:11 +00:00