Replaced the existing PNG flag icons with the flag-icon-css library that uses SVGs, has more flags, and is more active (i.e well maintained). Credit to @mariavilaro & @w20k. Thanks to @petehalverson for Octodock for easy testing of this.
The removed css rule makes filelist entries unreadable on touchscreen clients
that also have default pointer input support. The entries have a blue background
with white text when hovered. By setting the background to transparent the
text is no longer readable. Credit to @tobias-kuendig
Added documentation for the following events:
media.folder.delete
media.file.delete
media.folder.rename
media.file.rename
media.folder.create
media.folder.move
media.file.move
media.file.upload
Added inline documentation for the following filter widget events:
backend.filter.extendQuery
backend.filter.extendScopesBefore
backend.filter.extendScopes
Fixes#3627. This changes the logic for hiding tabs when all of their fields are hidden to specifically only target direct children of the tab pane when looking for visible fields because repeaters will have fields present that are only hidden by virtue of the parent field being hidden however the previous behaviour would consider it visible.
Fix pathing issue in media manager
Currently there is a way to manipulate folder names using the request headers for the medafinder folder path. since `validatePath` does not validate file names but rather only validates the existence of a folder in a parent/subdirectory. We can utilize `validateFileName` to verify if the name of the folder path being created is valid during the folder creation process and the name applying process.
Documented in e56468a95b. Credit to @manogi.
Added an option to change from the "search on every keystroke" functionality to one where the serach is only fired when hitting the enter key. This makes sense when having larger datasets or CMS users who are slow typers.
This changes Backend::dateTime to return an empty string instead of the current date when dealing with a null date. It should only affect the date field preview instance. Credit to @pvullioud
Fixes#3260. Enables setting the target field for the trigger API to a form context an arbitrary number of levels above the current field by prepending the field name with `^` for each level to go up. For instance, if you had a field [allow_pictures] in the base form and a [records] repeater with [image] fields, and you set the target field for the trigger on [image] to [^allow_pictures] then it would work properly instead of looking for an [allow_pictures] field on the [records] field. Credit to @MartynasJanu. Documented in edc78b584b
Credit @mcharytoniuk.
While importing over 250k records ImportModel kept running into various problems. One of them was too big memory usage - `ImportModel` loaded the complete file upfront (`$reader->fetchAll()`). Simple one-line change to `$reader->fetch()` makes `ImportModel` import CSV file row-by-row and returning an iterator which limits memory usage and allows data to be imported. This change optimizes memory usage and allows much simpler importing of larger files.
If the parent of the file attachment relationship already exists, then attach the file directly to it in this request instead of going through deferred bindings. Will continue to attach files through deferred binding if the parent relation doesn't exist.
Adds support to retrieve protected files using the class they are defined to be using if that class differs from the default System\Models\File class. This makes it possible to use a custom class extending the base file model class that does output processing on the file data (for example, an EncryptedFile class that has to decrypt the file contents before they can be output to the browser).
Stores the last visited page of list widgets in the session to restore to on next page load. Does not apply when filters / searches are applied. Credit to @tobias-kuendig
Supports absolute redirects being used in the FormController behaviour.
If the form_config.yaml specifies
```twig
create:
redirect: https://api.example.com/oauth/authorize
```
Then the behaviour will now properly redirect the user to the URL provided where previously it would redirect to a url along the lines of `october.example.com/backend/https://api.example.com/oauth/authorize`. Relative backend redirect URLs are unchanged.
Adds the `useRelationCount` property to tell the list controller to use the number of related records for the specified `relation` as the value for that column.
Credit to @alxy
In case a new administrator is created by a non-superuser and no permission is set directly on creation, `permissions` is not initialized correctly. Thus, when the non-superuser tries to acceess `$this->model->permissions` it is not populated with an empty array as expected.
I have actually no clue why it does work for superusers however, as they should certainly experience the same issue, but this is not the case.
Fixes#3315 by moving the manipulation of the filter widget scopes to the controller event method instead of before any part of the controller constructor method is run.
This enables arbitrary form contexts to be defined to override the default values when using a form with custom contexts. I.e. `$this->update($id, 'mycustomcontext');` will load the form definition from `mycustomcontext[form]` instead of `update[form]`
This aligns better with the relation principal "parent saves child" / "child cannot save parent" and is more conducive to the natural workflow of a coder, ie
// Relation first
$gallery = new Gallery;
$gallery->save();
// Primary model last
$post = new Post;
$post->gallery = $gallery;
$post->save();
Refs https://github.com/octobercms/library/pull/277
Converts a field name in the form of `model_json_attribute[subproperty]` to the dot syntax version used by validation rules `model_json_attribute.subproperty` for more accurate checking of the validation rules in the form widget.
This fixes#2613 by reloading the form widgets with the modified data after `model.filterFields`. **NOTE**: `$this->processExistingItems()` isn't simply just moved to `prepareVars()` because that messes up the adding new repeater item functionality by repeating the content from the fields for the last item in that group that already exists on the repeater.
* Add support for a source index offset
Improves the reporting of errors in the importing process by getting the correct offset for the displayed row where the error took place.
* Add the source index offset to the row number
Refs ce6df84b04
This builds on 4fd1ca824f by switching from a two tier approach to permissions (superusers and regular users), to a three tier approach (superusers (developer), second-in-command (clients with manage_users permissions), and regular users). If support for a four tier approach is necessary (Superuser, Franchise Owner, Franchise Business Manager, Franchise Staff as an example), then it can be implemented simply by adding a flag to roles that would prevent anyone except for a superuser from assigning that role.
The specific changes made by this commit is to support users with the manage_users permission (but who are not superusers) to be able to assign roles to other users and improvements to the sanctity of the superuser itself. Non-superusers can no longer see or edit superusers in the backend (that was previously poorly handled as a non-superuser with manage_users could take over a superuser account since they could modify that account willy-nilly), and the is_superuser filter is accordingly removed as well.
This issue has been addressed too early in the process lifecycle. The line number should be incremented later, say in the view layer when the error is displayed. A simple helper to determine what the index increment should do well.
$row + $indexIncrement
This is so we don't have to rebuild the array, which is computationally expensive for large datasets and could be frustrating for a developer expecting untouched index values, or likewise needing to prepare our special format.
This fixes an issue where the row number reported by import error logs would be off by 1 or 2 depending on whether the first row was labelled as titles or not.
As arrays start at 0 in PHP, `$firstRowTitles = false` would result in reported row numbers being off by one less than their actual number. If `$firstRowTitles = true`, the reported row number would be off by two less than their actual number (one for the zero index, one for the first row not existing in the `$results` set).
Adds the ability to specify an `ignoreTimezone: true` option on the config for a datepicker form widget or date column type. This will ignore both October's and the backend user's timezone settings to display the date exactly as it is stored.
Removed `minNumber` and `maxNumber` options, they are not enforceable on the client side without a lot more work. Added `number` filter type, added missing numberrange filter template, consolidated styles for filter-date and filter-number filters.
Improves the flexibility of scope type properties by removing conditional logic specific to the date and daterange scope types and laying the groundwork for scopes to define their own custom properties that can be loaded from the scope configuration defined by the developer.
These are roles defined by a special API code, once a system role code is detected, the role becomes locked and its permissions are sourced from the AuthManager. All permissions are granted to system roles by default, unless otherwise specified. This should make it easier to create client accounts as "Publishers", hiding developer tools like the CMS and Builder plugins by default.
Follow up to 2046efb51d.
The previous commit prevented users from visually managing permissions that they themselves didn't have access to, this follow-up commit enforces that limitation serverside to defend against crafted privilege escalation attacks by authenticated users.
Prevents users from granting permissions that they themselves do not have. Fixes#1673, and is a partial solution to #2367. However, this still does not address the issue of being able to assign / manage groups that have permissions that the user doing the management does not themselves have. That will have to be addressed separately as a part of #2367.
Removes unused descriptionFrom property that was probably copy-pasta remnants from the RecordFinder formwidget when nameFrom was implemented in 6aaf4cce43. Also removed it from the docs here: 6164e4a9e7
Kanstantsin
Luke Towers
Nicolas Da Mutten
Rike-cz
Szabó Gergő
Nathan van der Werf
LucasZdv
Alexander Shapoval
Tobias Kündig
vosco88
Artem Korsunov
Samuel Georges
Luke Towers
vanmil
Maria Vilaró
datune
Steve Mortimer
Szabolcs Palmer
Michał Płodowski
Christian
Ma3ffin
Viamage
danharrin
Wellyson Freitas
Ayumi Hamasaki
Joey
QuangTrọngOnline
Sebastian Hilger
Pierre-André Vullioud
MartynasJanu
Mohamed Ali Behiry
Miro Rauhala
Mateusz Charytoniuk
CaptainTF
Ramin Firooz
Sajjad Servatjoo
Flakerim Ismani
tim0991
Alexander Guth
Jim Cottrell
Pásztor Gábor
TimFoerster
Christophe Vuagniaux
arifnyet
Fl0Cri
Floris Koch
Massimo Ghinassi
Jofry S
Tschallacka
Sang Min Oh
Sevdin Filiz
Jan Vince
Oleg Samorai
Alwin Drenth
Stanislav Rimsha