• last updated 10 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Let admin manage notifications of a user

Otherwise, we have currently no user-interface to e.g. unsubscribe the notifications of a user

to avoid sending mails to a domain (which might be in user by some other organization).

Improve handling of cases, where the exam was closed, but some exam-takers have not submitted their results.

Essentially this change avoids an error message and repeated messages, which might

come form autosaving or other ajax calls.

provide compatibility for Tcl versions before tcl 8.6.2

Revert to previous strategy of determining available subcommands.

Running the provided subcommand is dangerous, since the command might

have side effects, might require connections, etc.

The feature test for "ns_http run" was incorrect, since it was not

introduced with 4.99.15 (as the comment suggested), but already with

4.99.4 (2017)... but at this time, the command did not return a dict,

which is assumed in the http-client procs. One can use "ns_http stats"

as an indicator for this feature, which was introduced at the time

when "ns_http run" was starting to return dicts as results.

Provide a more precise name for the feature test of ns_http returning

dicts (naming the feature simply "ns_http" is not a good idea, since

the command could of course be used already before the feature change).

use 'self' for "security::csp::require object-src" instead of 'none' since the latter is non-incremental

don't create a cache, which is not needed

Fix proc name

Do not improperly rely on apm_version_names_compare to check for NaviServer version number, use a more reliable capability check instead

Change the regexp so that we catch multiple kinds of error pattern indicating the subcommand does not exist: NaviServer and Tcl return sligthly different error messages

Extend test to expose that we need a better idiom to detect also NaviServer commands

Use a different idiom to detect if a command supports a subcommand, fixing acs-tcl.acs__command_has_subcommand automated test

Fix wording

New test for acs::cmd_has_subcommand exposing how flags at the beginning and end of the error message are not properly recognized

file 00-icanuse-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
ensure, that the minimal set of controls is provided, also, when there are hidden form fields

improve spelling

since the form-field "file" supports the file multiple attribute, the internal representation is as well a list.

this change takes now as file-name for the local renderer as well the first file name list element.

add the original filename to the generated url, so that it is also delivered to the user

Keep supporting the previous proc signature, throwing a warning

util::http should provide enough fallback via curl already without targeting specific Naviserver versions, use other fallbacks only when no implementation is available

Fix webserver version check using 'apm_version_names_compare' for rc versions.

Between 4.99.6 and 4.99.20rc1, for example, 'apm_version_names_compare' will consider the latter to be the lowest.

As this is not the expected behavior for webserver version check, this patch just removes the rc part of the version before comparing in the few cases where this is done, and should be removed if the behavior changes in the future.

Fix version check

Tear down a lot of boilerplate used to support native HTTP api on Naviserver versions < 4.99.15, which will now fallback to curl

    • -245
    • +40
Doc formatting changes

    • -330
    • +406
Avoid markup in documentation

Reduce people expectations

Fix acs-tcl.logout_from_everywhere test case and support again invalidating of all existing user logins, useful e.g. to make sure no device still holds a valid login when we change our password on a device

Test the use case supposedly supported by sec_change_user_auth_token: invalidate all existing login cookies (e.g. when the users change their password) so that all devices need to log in again

the test exposes a long standing regression (~17 years) where this was broken in order to support persistent login. See e.g. https://openacs.org/forums/message-view?message_id=1691183#msg_1691183

file security-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
improve documentation