diff options
| author | diosmosis <diosmosis@users.noreply.github.com> | 2018-08-07 01:20:32 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-08-07 01:20:32 +0300 |
| commit | 2e006803ee17a8d1a992085c6425eddaa84a25f5 (patch) | |
| tree | 6798441780992ff6e1b3010aa98519c2c2af1f5b /core/Access | |
| parent | bb1b1b4b068fc40da896e7eedbad3b2914dc2468 (diff) | |
Scalable UX for user management (#13158)
* Create empty components.
* Mock up users list pagination.
* Finish initial version of mockup.
* Tweak to UI
* More UI changes to new users manager screen.
* More UI changes
* Mock up user permission edits.
* More tweaks to user permission editing (on both edit form & in users table).
* add options
* Another iteration on the UsersManager UI.
* Update UsersManager UI again.
* Implementing parts of the UI, fixing issue w/ overlapping material selects, creating dropdown directives for dropdown w/ submenu using materializecss, change bulk actions to be dropdown button.
* Merge menu/submenu directives.
* More superuser UI only functionality.
* Fill out more logic of users manager UI + merging extra unneeded components/directives.
* More users manager UI only changes.
* Incomplete API method for new users list page.
* Fill in server side pagination logic w/ tests & generally get to work in UI.
* Make sure selects w/ placeholders can be unset.
* Add loading state to users list + fix pagination issues + resize pagination in case the numbers are large.
* Add last seen time to getUsersPlusAccessLevel() so it displays in UI.
* Add permission edit pagination AJAX query + server side code.
* Add "add access" button to user permission component.
* Change permissions column to role + remove superuser checkbox & merge w/ Role column.
* Delete user + bulk delete functionality.
* Get delete users to work when entire search is selected.
* Ask for confirmation before setting access in users list & implement access change logic.
* Get bulk access functionality on users list to work (w/ tests).
* Fix a bug in user table filtering + get permissions edit search to work.
* Complete logic for permissions edit.
* Change add user workflow so we do not have to save each permission edit in memory before saving whole user.
* Add/edit user functionality.
* Toggle superuser access functionality + some modal fixes.
* in users list display ajax loading notification so counter is not changed visibly before rows are loaded.
* initial review changes, disable functionality when viewing user is not superuser and some UI tweaks.
* Redo top controls for user permission edit and add slide up toast notification for when a site is added.
* Display warning in user permission edit if user has no access at all.
* Do not reload users after going back from user edit form.
* Force giving a new user access to a site when creating a user and make sure user list reloads if a user is modified, but does not realod if no user is modified.
* Add form help to the non-straightforward fields.
* Remove old usersmanager code & fix pagination bug.
* Add help icon explaining roles to users list + permission edit.
* Allow admin users to create other users + fix some regressions when making page-users-list not reload every time.
* Apply self review changes.
* Do not allow editing user details when an admin user edits a user.
* Starting on UI tests.
* Limit users displayed in page list to those that already have access to sites the current user is an admin of.
* Refactor bulk/single AJAX calls & redraw component boundaries (users manager component owns user search state, paged users list owns table/control state).
* Get add existing user modal to work.
* write most UI tests + modify fixture
* Fill out rest of UI test suite & get the rest to pass.
* fix couple regressions
* Get UI tests to pass and start on translation.
* adding translations
* try to fix some tests
* Fixing API tests.
* Fixing UsersManager tests.
* Fix UI tests.
* Add capabilities to new API output.
* remove non-existant file references.
* Add Write role to dropdowns.
* Select from proper join.
* tweak test
* Updating UI tests.
* Change styling of user permissions edit.
* Update screenshots
* Apply some PR feedback.
* apply some review feedback
* more review changes
* update file headers
* remove some TODOs
* fix some tests
* some more review fixes
* update test files
* Fix failing tests.
Diffstat (limited to 'core/Access')
| -rw-r--r-- | core/Access/CapabilitiesProvider.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/core/Access/CapabilitiesProvider.php b/core/Access/CapabilitiesProvider.php index 358782eaca..6ed19d69d7 100644 --- a/core/Access/CapabilitiesProvider.php +++ b/core/Access/CapabilitiesProvider.php @@ -62,6 +62,8 @@ class CapabilitiesProvider $capabilities = array_values($capabilities); + $this->checkCapabilityIds($capabilities); + $cache->save($cacheId, $capabilities); return $capabilities; } @@ -105,4 +107,17 @@ class CapabilitiesProvider throw new Exception(Piwik::translate("UsersManager_ExceptionAccessValues", implode(", ", $capabilities))); } } + + /** + * @param Capability[] $capabilities + */ + private function checkCapabilityIds($capabilities) + { + foreach ($capabilities as $capability) { + $id = $capability->getId(); + if (preg_match('/[^a-zA-Z0-9_-]/', $id)) { + throw new \Exception("Capability with invalid ID found: '$id'. Valid characters are 'a-zA-Z0-9_-'."); + } + } + } } |