• last updated 5 hours ago
Constraints: committers
Constraints: files
Constraints: dates
reduce verbosity

Deactivate api-doc access for all registered users by default

Over many years, all "Registered Users" got per default access

to /api-doc. This is probably OK, when one assumes that the

registered users are developers. However, providing source code

access to all registered users can pose a security thread,

especially on large sites.

For new installs, api-doc is now just accessible for site-wide admins.

Providing more liberal rights for users can be achieved via

setting the permissions via the sitemap.

make update script more robust in case the table acs_privilege_descendant_map was already dropped

The old version worked on pg14, but as it looks, not on earlier pg versions.

improve message key

Reform of permissions UI in acs-subsite:

- use simplified tabular view "perm-include" per default, but

allow user to switch to old list-based view

- show number of inherited permissions by default instead of full list

(list can be long). Admin can switch to full list.

- improved configurability of permissions/one.tcl

* ability to pass privileges to be displayed

* provided flag to show inherited_permissions

* provided flag to show detailed permissions (list view)

- improved configurability of permissions/perm-include.tcl

* provided flag "detailed_permissions_p" to provide access

to the old style interface, where all types of privileges

can be provided to all types of parties

- improved functionality of www/permissions/perm-user-add-include

* added search field for filtering users

- modernized idioms

- improved spelling

- extended internationalization

- bumped version of acs-subsite to 5.10.1d9

  1. … 5 more files in changeset.
UI improvements

- fixed link for reloading on apm/version-view page

- added generic icon name "check" (common icon name for checkmark)

- bumped version of acs-templating to 5.10.1d21

- bumped version of acs-admin to 5.10.1d3

- improved layout: removed text-decoration for anchors rendered as buttons.

fix list pagination for Bootstrap 5

add information how many pages are currently selected in dnd mode

Fix documentation

Check that all competences exist inside of the get_set_id api, so that it can be embedded in the same query, make it possible that the returned set is empty, so that the require logic makes sense

Take retrieving the set_id out of the transaction, comment de-facto dead code and add remark

Prefer dict idioms

Avoid extra transaction on single statement

Inline SQL to fetch the current item and check for existance

Go to the datamodel directly to reduce number of queries

No need to check for existance in a separate query, prefer portable idioms

Use a slightly faster idiom to check for existance

Prefer doc as a tcl literal

Prefer plain NaviServer api to quote database lists

added a saftey-belt to handle empty labels

adp:icon: quote content of the "title" attribute

break overlong lines

prefer adp:icon over old-style .gif images

    • -1
    • +1
prefer adp:icon over old-style .gif images

prefer adp:icon over old-style .gif images, whitespace changes

prefer adp:icon over old-style .png images

prefer adp:icon over old-style .png images

file link.gif was initially added on branch oacs-5-10.

file arrow-right.png was initially added on branch oacs-5-10.

    • binary