Follow up to 2046efb51d.
The previous commit prevented users from visually managing permissions that they themselves didn't have access to, this follow-up commit enforces that limitation serverside to defend against crafted privilege escalation attacks by authenticated users.
Prevents users from granting permissions that they themselves do not have. Fixes#1673, and is a partial solution to #2367. However, this still does not address the issue of being able to assign / manage groups that have permissions that the user doing the management does not themselves have. That will have to be addressed separately as a part of #2367.
Removes unused descriptionFrom property that was probably copy-pasta remnants from the RecordFinder formwidget when nameFrom was implemented in 6aaf4cce43. Also removed it from the docs here: 6164e4a9e7
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
This should make Windows PCs look a little nicer, albeit inconsistent with others (Sergoe UI is unique). If it's good enough for GitHub, then it's good enough for October.
All text shadows have been stripped, along with some box shading. They were barely noticeable and should speed up the UI.
The Media Manager now uses a white list approach to blocking files, we have been advised that the blacklist approach is too fragile and we agree.
Asset List and Media Manager now use $.oc.alert when displaying errors
Lots of complicated stuff going on here, all elements are getting wiped out when a record is updated and the control is getting disposed at the same time. We've created a dedicated variable to store the datalocker name as a string, this represents a small memory leak but a necessary one it seems.
Fixes#2798
Removed the expand all, collapse all buttons, they are a bit too bulky so have been replaced with the standard CTRL+click behavior.
Added foundation library to repeater.js
Add "titleFrom" option to specify which input to use for the collapsed title
Styling improvements
Refs #2632 + #2631
Samuel Georges
Luke Towers
Hartmut Glücker
Tobias Kündig
Priit Perna
Quezler
Christophe Vuagniaux
juysoft
Christophe Vuagniaux
Szabó Gergő
Konstantin L