Fixes#3332.
FileUpload widget uploads file to the disk specified by default in config/filesystem.php instead of storage.uploads.disk in config/cms.php, if we use System\Models\File following the instruction in here.
Although we can still create another class extending System\Models\File or October\Rain\Database\Attach\File and use it as the model for attachOne/Many relation, System\Models\File seems to be the one that responsible to look at storage.uploads.disk in config/cms.php, because the existing methods are using storage.uploads.*.
Credit to @pikanji
Credit to @alxy
In case a new administrator is created by a non-superuser and no permission is set directly on creation, `permissions` is not initialized correctly. Thus, when the non-superuser tries to acceess `$this->model->permissions` it is not populated with an empty array as expected.
I have actually no clue why it does work for superusers however, as they should certainly experience the same issue, but this is not the case.
Fixes#3315 by moving the manipulation of the filter widget scopes to the controller event method instead of before any part of the controller constructor method is run.
Add `data-input-preset-remove-stop-words="false"` to an element being handled with the input preset JS to disable the removal of stop words from slug generation. Credit to @tim0991.
This enables arbitrary form contexts to be defined to override the default values when using a form with custom contexts. I.e. `$this->update($id, 'mycustomcontext');` will load the form definition from `mycustomcontext[form]` instead of `update[form]`
This aligns better with the relation principal "parent saves child" / "child cannot save parent" and is more conducive to the natural workflow of a coder, ie
// Relation first
$gallery = new Gallery;
$gallery->save();
// Primary model last
$post = new Post;
$post->gallery = $gallery;
$post->save();
Refs https://github.com/octobercms/library/pull/277
This fixes a small issue where the form is submitted an extra unnamed null field is present in the request due to a trailing & symbol in `requestData` when `data` is empty.
This logic could have been placed in the ValidationException class or the framework.js file. It seems more fitting for it to be in the framework.js file.
Converts a field name in the form of `model_json_attribute[subproperty]` to the dot syntax version used by validation rules `model_json_attribute.subproperty` for more accurate checking of the validation rules in the form widget.
This fixes#2613 by reloading the form widgets with the modified data after `model.filterFields`. **NOTE**: `$this->processExistingItems()` isn't simply just moved to `prepareVars()` because that messes up the adding new repeater item functionality by repeating the content from the fields for the last item in that group that already exists on the repeater.
* Add support for a source index offset
Improves the reporting of errors in the importing process by getting the correct offset for the displayed row where the error took place.
* Add the source index offset to the row number
Refs ce6df84b04
This builds on 4fd1ca824f by switching from a two tier approach to permissions (superusers and regular users), to a three tier approach (superusers (developer), second-in-command (clients with manage_users permissions), and regular users). If support for a four tier approach is necessary (Superuser, Franchise Owner, Franchise Business Manager, Franchise Staff as an example), then it can be implemented simply by adding a flag to roles that would prevent anyone except for a superuser from assigning that role.
The specific changes made by this commit is to support users with the manage_users permission (but who are not superusers) to be able to assign roles to other users and improvements to the sanctity of the superuser itself. Non-superusers can no longer see or edit superusers in the backend (that was previously poorly handled as a non-superuser with manage_users could take over a superuser account since they could modify that account willy-nilly), and the is_superuser filter is accordingly removed as well.
Current changes to the ``framework.js`` led to a breaking change due to the fact, that ``options.data`` was no longer populated with the request data. The ``options`` object is part of the ``context`` object, which is later beeing passed to ``ajaxBeforeSend``
The two relevant versions of the file show the change of behavior:
b6fedfb688/modules/system/assets/js/framework.js (L56) => https://github.com/octobercms/october/blob/develop/modules/system/assets/js/framework.js#L88
The change is required to remain consistent with the old behavior. This code is tested and appears to be working as it did formerly.
This issue has been addressed too early in the process lifecycle. The line number should be incremented later, say in the view layer when the error is displayed. A simple helper to determine what the index increment should do well.
$row + $indexIncrement
This is so we don't have to rebuild the array, which is computationally expensive for large datasets and could be frustrating for a developer expecting untouched index values, or likewise needing to prepare our special format.
This fixes an issue where the row number reported by import error logs would be off by 1 or 2 depending on whether the first row was labelled as titles or not.
As arrays start at 0 in PHP, `$firstRowTitles = false` would result in reported row numbers being off by one less than their actual number. If `$firstRowTitles = true`, the reported row number would be off by two less than their actual number (one for the zero index, one for the first row not existing in the `$results` set).
Adds the ability to specify an `ignoreTimezone: true` option on the config for a datepicker form widget or date column type. This will ignore both October's and the backend user's timezone settings to display the date exactly as it is stored.
This fixes an issue when composer automatically calls the `php artisan october:util set build` command after installing dependencies but before a database has been initialized for October.
Removed `minNumber` and `maxNumber` options, they are not enforceable on the client side without a lot more work. Added `number` filter type, added missing numberrange filter template, consolidated styles for filter-date and filter-number filters.
* Remove redundant returns
`$this->putSession()` in `Backend\Traits\SessionMaker` doesn't return anything, and the return values of these methods are not used; so returning the value of `putSession()` in these methods is redundant.
* Add support for sort direction to MediaLibrary
Adds support for switching the direction that item lists get sorted by the media library. This necessitates the changing of the default direction of Last Modified and Size to Ascending, previously their sorting direction was Descending while Title was sorted in Ascending order. This shouldn't change anything as the user still has the power to sort by either direction. Fully backwards compatible with any calls to `sortItemList`.
* Support sorting direction in the MediaManager widget
Adds further support for specifying a sorting direction to the MediaManager widget itself
* Display sorting direction options
* Improving styles for sorting direction
* Send sorting information to the MediaManager
* Add translations for sorting feature
* Removing strange ghost whitespace
Improves the flexibility of scope type properties by removing conditional logic specific to the date and daterange scope types and laying the groundwork for scopes to define their own custom properties that can be loaded from the scope configuration defined by the developer.
`$this->putSession()` in `Backend\Traits\SessionMaker` doesn't return anything, and the return values of these methods are not used; so returning the value of `putSession()` in these methods is redundant.
Make extension comparisons done in `getFileType()` case insensitive to support audio/visual file types being correctly recognized when the file being uploaded has an uppercase extension as is occasionally the case. I.e. `.JPG` is the same as `.jpg`, this just tells October to consider them the same.
If raw == (string) content, then it is a markdown email (html/text are ignored -- markdown sets them)
If raw == (bool) true, then it is true raw (html/text must be supplied)
There is an unfortunate workflow issue when updating from Build 419 -> Build 420 via the back-end, which seems unavoidable. The first update will fail because there is some logic that occurs after the core zip is extracted, this results in a half 5.1 / half 5.5 version of the app running and it chokes. Refreshing the page and performing the update again fixes it.
These are roles defined by a special API code, once a system role code is detected, the role becomes locked and its permissions are sourced from the AuthManager. All permissions are granted to system roles by default, unless otherwise specified. This should make it easier to create client accounts as "Publishers", hiding developer tools like the CMS and Builder plugins by default.
Follow up to 2046efb51d.
The previous commit prevented users from visually managing permissions that they themselves didn't have access to, this follow-up commit enforces that limitation serverside to defend against crafted privilege escalation attacks by authenticated users.
Prevents users from granting permissions that they themselves do not have. Fixes#1673, and is a partial solution to #2367. However, this still does not address the issue of being able to assign / manage groups that have permissions that the user doing the management does not themselves have. That will have to be addressed separately as a part of #2367.
Removes unused descriptionFrom property that was probably copy-pasta remnants from the RecordFinder formwidget when nameFrom was implemented in 6aaf4cce43. Also removed it from the docs here: 6164e4a9e7
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
* Add support for previewMode in Repeater FormWidget
Refs: #2724, 5f91c45f79
It appears there is no way around this. All directories should be lower case in October, prior to this, October wanted uppercase characters. Make up your mind guy, come on! ;-)
This is a breaking change that will require further attention - refs #1854
Eg: myComponent, the default component partial would use lower case folders
- /plugins/acme/test/components/mycomponent/default.htm
The theme component partial override would use case sensitive folders
- /themes/foobar/partials/myComponent/default.htm
This is fixed as
- /themes/foobar/partials/mycomponent/default.htm
Minor code fix to ModelBehavior class
The methods were far too generic. When a trait or behavior is used, it's usually a good include to include the name of the trait in the methods and properties it provides. This reduces the chance of a conflict with the implementing class.
pikanji
Alexander Guth
Luke Towers
viamage
tim0991
Jim Cottrell
Miro Rauhala
Samuel Georges
HekmatFavid
Pásztor Gábor
ametad
Steve Mortimer
TimFoerster
Szabó Gergő
SeriousKen
Jan
Christophe Vuagniaux
Nikolay
arifnyet
Fl0Cri
Vojta Svoboda
Luke Towers
James Allen
Harmen Janssen
Wellyson Freitas
datune
Floris Koch
Massimo Ghinassi
Jofry S
Tschallacka
Vardan Akopian
Peter Halverson
Christian
Matheus Naldi
Sang Min Oh
Sevdin Filiz
samorai
Jan Vince
Alexander Shapoval
Alwin Drenth
BenjaVR
Stanislav Rimsha
Benjamin
Max Schmitt
Sevdin Filiz
Hartmut Glücker
buuug7
Tobias Kündig
Vladimir Kattsov