These are roles defined by a special API code, once a system role code is detected, the role becomes locked and its permissions are sourced from the AuthManager. All permissions are granted to system roles by default, unless otherwise specified. This should make it easier to create client accounts as "Publishers", hiding developer tools like the CMS and Builder plugins by default.
Follow up to 2046efb51d.
The previous commit prevented users from visually managing permissions that they themselves didn't have access to, this follow-up commit enforces that limitation serverside to defend against crafted privilege escalation attacks by authenticated users.
Prevents users from granting permissions that they themselves do not have. Fixes#1673, and is a partial solution to #2367. However, this still does not address the issue of being able to assign / manage groups that have permissions that the user doing the management does not themselves have. That will have to be addressed separately as a part of #2367.
Removes unused descriptionFrom property that was probably copy-pasta remnants from the RecordFinder formwidget when nameFrom was implemented in 6aaf4cce43. Also removed it from the docs here: 6164e4a9e7
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
The methods were far too generic. When a trait or behavior is used, it's usually a good include to include the name of the trait in the methods and properties it provides. This reduces the chance of a conflict with the implementing class.
Fixes https://github.com/octobercms/october/pull/2663
Adding to build 420+ because this might cause some issues, although it shouldn't. Hoping we don't ever have to roll this back because it fixes another inconsistency when using the model `filterFields` method... some will change values via $field->value (field accessor) and others will change via $this->value ($model accessor). This now puts the field accessor at a consistent priority (first) while retaining the fallback to model.
Use native scroll on mobile devices (much better UX)
Stack settings menu items 2 column medium, 3 column large
The settings search is now forcibly focused
Samuel Georges
Luke Towers
Tschallacka
Hartmut Glücker
buuug7
Tobias Kündig
Szabó Gergő
Christophe Vuagniaux
Alexander Shapoval
Priit Perna
Oscar Arzola