summaryrefslogtreecommitdiff
path: root/modules/user/views
AgeCommit message (Collapse)Author
2009-06-15Add string to localizerunostar
2009-06-13Create gallery::date_time(), gallery::date() and gallery::time()Bharat Mediratta
functions that format a unix timestamp into a date+time/date/time string. Partial fix for ticket #347. Signed-off-by: <unostar@danalan.info>
2009-06-06Fix formatting.Bharat Mediratta
2009-06-01Security pass over all controller code. Mostly adding CSRF checkingBharat Mediratta
and verifying user permissions, but there are several above-the-bar changes: 1) Server add is now only available to admins. This is a hard requirement because we have to limit server access (eg: server_add::children) to a user subset and the current permission model doesn't include that. Easiest fix is to restrict to admins. Got rid of the server_add permission. 2) We now know check permissions at every level, which means in controllers AND in helpers. This "belt and suspenders" approach will give us defense in depth in case we overlook it in one area. 3) We now do CSRF checking in every controller method that changes the code, in addition to the Forge auto-check. Again, defense in depth and it makes scanning the code for security much simpler. 4) Moved Simple_Uploader_Controller::convert_filename_to_title to item:convert_filename_to_title 5) Fixed a bug in sending notification emails. 6) Fixed the Organize code to verify that you only have access to your own tasks. In general, added permission checks to organize which had pretty much no validation code. I did my best to verify every feature that I touched.
2009-05-31Localize a stringBharat Mediratta
2009-05-31user admin faceliftjhilden
* added drag & drop help message for empty groups * fixed overflow issue with more than ~10 members in one group * CSS improvements
2009-05-31Run all variables that come from user-entered data through p::clean()Bharat Mediratta
2009-05-26Quick fix for ticket #144. Reapply event handler for delete link gDialog ↵Chad Kieffer
when group is refreshed.
2009-05-26Link to gallery.panel.js from the head, not body.Chad Kieffer
2009-05-26Split out re-used JavaScript for common functions (messages, valign), panel ↵Chad Kieffer
toggle, and forms to external files.
2009-05-13Make the 'this user cannot be deleted' link actually not clickable.Bharat Mediratta
2009-05-13Colorize admin user rows to make them stand outBharat Mediratta
2009-05-13Use the name field if the full_name field is empty.Bharat Mediratta
2009-04-17Fix i18n for "Logged in as" stringAndy Staudacher
2009-04-05Add a weight column to the items model. Change the album ordering toTim Almdal
use this as the default instead of id. This prepares the way for manual reordering in the organize functionality.
2009-03-27Put csrf token into Admin_View and Theme_View by default, then use itBharat Mediratta
directly wherever possible instead of access::csrf_token().
2009-03-16Fix indentationBharat Mediratta
2009-03-16Combined "Logged in as..." and "Modify Profile" to by just "Logged in as ↵Chad Kieffer
FullName"
2009-03-16Missed this in the last commitBharat Mediratta
2009-03-16Clean up the login, maintenance login and required-top-level-login code.Bharat Mediratta
We now have two clear and separate login approaches: login/ajax login/html Choose the one that's appropriate. Totally simplified the maintenance page to be separate from the theme and dead simple, and use login/html approach there. Totally simplified the top level login (login_page.html.php) to just be a login page, not the rest of the chrome on the page and use the login/ajax approach there. Don't use access::required in albums and then catch the exception, instead use access::can and check the return code. Improve the text for maintenance mode.
2009-03-11Fix ticket #119. Display the full name of the user in the same blockTim Almdal
as the Modify profile and logout links.
2009-02-26Add slightly more visual feedback when you're hovering over aBharat Mediratta
draggable user. Also, drag the icon and name not just the icon.
2009-02-23Remove second Add User button, don't need it, at least not now.Chad Kieffer
2009-02-11Button mania continues. Make edit and delete user/group links buttons, ↵Chad Kieffer
buttons, buttons!
2009-02-09Indent fixes.Chad Kieffer
2009-02-08Clean up add user and group buttons to move the + icon to the left. The + ↵Chad Kieffer
icon doesn't appear within the button outline with buttons that aren't floated. Will have to debug later.
2009-02-06jQuery-based buttons! Form updates, short form updates. Need to fix add ↵Chad Kieffer
user/group buttons and search form on search results page.
2009-02-04A preview of the password reset functionality. What's working... youTim Almdal
can start to logon, request the password to be reset, and an email is sent to the users email address. If you click on the link you get an unformatted form. But its a start :-)
2009-02-03Beginning of edit user panel fix. Form is displayed again. Added display of ↵Chad Kieffer
user email address to list.
2009-02-01For consistency with the rest of the admin UI, display User list as table, ↵Chad Kieffer
not list. Apply cursor: move to jQuery UI draggable and sortable. Clean up admin table styles a bit.
2009-01-29Fix lint errorsBharat Mediratta
2009-01-29Fix url for delete group link.Bharat Mediratta
2009-01-28Fully implement the user administration backend with drag/drop to addBharat Mediratta
users to groups.
2009-01-28Add drag and drop support to the admin_users interface. This is stillBharat Mediratta
a work in progress but it actually works mostly.
2009-01-27Add gravatars to usersBharat Mediratta
2009-01-27Clean up indentationBharat Mediratta
2009-01-25Use url:site() on add user link, change user list from class to id to make ↵Chad Kieffer
it unique, changed gFirstRow to gHeaderRow to make more semantically meaningful. Fixed closing span that I broke after Bharat fixed it last night.
2009-01-25Admin theme style cleanup. Merged separate selected, available, unavailable ↵Chad Kieffer
into a single set of reusable classes. Applied alternating row bg colors. Removed inline CSS from admin views. Moved user admin css into admin_default theme style sheet.
2009-01-25Fix all 'add' links and make them open in a dialogBharat Mediratta
2009-01-25Fix indentation which helped me to find an extra </span>. SimplifiedBharat Mediratta
some of the logic.
2009-01-24Admin theme style cleanup. Merged separate selected, available, unavailable ↵Chad Kieffer
into a single set of reusable classes. Applied alternating row bg colors. Removed inline CSS from admin views. Moved user admin css into admin_default theme style sheet.
2009-01-23Ajaxified user edit forms. They're populated, but don't submit yet.Chad Kieffer
2009-01-22toggling of user edit panel works now.Jakob Hilden
added groups to the admin_user view, so you will eventually be able to edit users, groups and memberships on one admin page.
2009-01-22Added new UI element, gPanel, which is a similar mechanism to gDialog. ↵Chad Kieffer
Panels are hidden inline elements that can be revealed within list items, tables cells, etc. Still need to add the toggle off and ajaxify content.
2009-01-20totally incomplete version of user admin UI.Jakob Hilden
2009-01-15Changing t() placeholder syntax from {{replace_me}} to %replace_me.Andy Staudacher
2009-01-08i18n refactoring: Rename all _() (reserved by gettext) calls to t().Andy Staudacher
- And refactor printf to our string interpolation / pluralization syntax - Also, a slight change to the translations_incomings table, using binary(16) instead of char(32) as message key.
2009-01-06Fix up all the various little forms to have submit buttons, fieldset ↵Bharat Mediratta
legends, etc etc.
2009-01-03Added default user avatar. Comment thread updates, including display of ↵Chad Kieffer
avatar. Sidebar block display white space updates. Combined gLoginMenu and gCredits css.
2009-01-01Change the preamble for views in two ways:Bharat Mediratta
1) drop unnecessary semicolon 2) start with <?php for extra security in the case that the server itself doesn't have short_tags enabled (the app won't work, but we need to make sure that we're still secure)
generated by cgit v1.2.3 (git 2.51.0) at 2025-12-24 17:05:51 +0000