1. 27 Mar, 2014 2 commits
  2. 26 Mar, 2014 1 commit
    • Tobias Zeuch's avatar
      New watchlistnotification Plugin (Bug 1041228) · 6fe99d5f
      Tobias Zeuch authored and Robert Lyon's avatar Robert Lyon committed
      
      
      Introducing a new plugin watchlistnotification that responds to the
      events saveartefact, blockinstancecommit and deleteblockinstance. It
      stores the changed view and the blockinstance in a table watchlist_queue
      and checks via cron if there were any changes on a view and if for that
      view the last change has happened some time ago (the minutes are stored
      in config under watchlistnotification_delay, the default is 20min).
      
      If so, a message is generated that informs the watchlist recipient about
      which view and which block-instances on this view have been touched
      (added or changed).
      
      As there is no way to disable the built-in/old watchlist-notification-
      system, this is disabled in the mahara-core code, that is,
      artefact/lib.php and lib/view.php
      
      Change-Id: I039c5285cdd1b09ed9eb38a647e0c1510c3cabb9
      Signed-off-by: default avatarTobias Zeuch <tobias.zeuch@kit.edu>
      6fe99d5f
  3. 25 Mar, 2014 1 commit
  4. 12 Mar, 2014 1 commit
  5. 22 Jan, 2014 1 commit
    • Robert Lyon's avatar
      Allowing for users to not show up in public search (bug 1257953) · e8f57ea6
      Robert Lyon authored
      
      
      Thinking of privacy issues here - when should the users showup on
      search results.
      
      This patch allows users to show up based on the access of their
      profile page (accesstypes: public, loggedin, friends) and whether
      'Show users in public search' is set or not.
      
      Normally all profile pages are accessible by logged in users - but
      this can be altered if 'Logged-in profile access' is unchecked and
      users remove the access off their profile page.
      
      Change-Id: I4daa8cb2812bddb231ba489dfeefb4843b653d40
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      e8f57ea6
  6. 05 Dec, 2013 1 commit
  7. 27 Nov, 2013 1 commit
  8. 17 Nov, 2013 1 commit
  9. 11 Nov, 2013 1 commit
  10. 14 Oct, 2013 1 commit
  11. 09 Oct, 2013 1 commit
    • Aaron Wells's avatar
      Fixing variable name typo · 083baf17
      Aaron Wells authored
      Bug1237183 : This typo caused a warning to be thrown when changing the search plugin
      
      Change-Id: Ia8b6cc9eb8fd878a90437a2212f915e0450cd063
      083baf17
  12. 20 Aug, 2013 1 commit
  13. 19 Aug, 2013 1 commit
  14. 16 Jun, 2013 1 commit
    • Robert Lyon's avatar
      Fix for automatic account expiry (Bug #1097565) · 4919c4e1
      Robert Lyon authored
      
      
      Added site options to allow for override of user expiry when
      setting site expiry (if the user is not site admin).
      
      - for new users
      - for new users and existing users without expiry set
      - for all users
      
      Allowing for switching back to 'no end date'.
      Need to force refresh the page to display info correctly after save.
      
      Change-Id: I0a772b3db7c2ae5144ed4120cf851d4bba633f66
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      4919c4e1
  15. 28 Apr, 2013 1 commit
  16. 15 Feb, 2013 1 commit
  17. 21 Jan, 2013 2 commits
    • Jiri Baum's avatar
      Masquerading auditability - log events. (Bug #1027574) · 7a6d1f34
      Jiri Baum authored
      
      
      Log events, including both user IDs when masquerading is in progress. The log
      can be configured to log all events or only those while masquerading is in
      progress or none. The log is expired after a configurable delay.
      
      Note that this logs all events (or all masquerading events) even though this
      feature only includes one report of one type of event.
      
      Change-Id: I7a59d98b84b0527a55363b4d01448b9b1809aa9e
      Signed-off-by: default avatarJiri Baum <jiri@catalyst-au.net>
      7a6d1f34
    • Jiri Baum's avatar
      Masquerading auditability - ask for reason, notify, emit event. (Bug #900983) · 40517fde
      Jiri Baum authored
      
      
      Masquerading (aka Loginas) is a useful and sometimes indispensable function.
      However, previously it was rather too powerful, because admins can do anything
      as the target user, with no indication that it is not the user themselves doing
      so.
      
      This feature adds some auditability to masquerading, by logging and reporting
      who, when, why and (partially) what, as well as notifying the affected user.
      
      See also bugs: #900983 and #1027574
      
      This commit changes the masquerading feature itself to request a reason from
      the admin masquerading, notify the user, and emit an event (for logging by the
      next commit).
      
      Change-Id: I066e9fdeb4d2e00679b2aa9b0b839cb4b78629a8
      Signed-off-by: default avatarJiri Baum <jiri@catalyst-au.net>
      40517fde
  18. 17 Jan, 2013 1 commit
  19. 10 Oct, 2012 1 commit
    • Hugh Davenport's avatar
      Remove clamav from site admin options · 2de4e22a
      Hugh Davenport authored
      
      
      Bug #1057238
      CVE-2012-2244
      
      When a site administrator can manipulate the path for the
      clamav scanner, they could produce either a reverse shell,
      or allow any user to execute arbitrary remote commands by
      setting it to an uploaded reverse shell, or to /bin/bash
      respectively.
      
      Other executable paths, namely pathtozip, and pathtounzip
      are only set via config.php, and not through the site admin
      interface. This option, pathtoclam, should follow the same
      design.
      
      Change-Id: I7d4822c9f54eda80682d6631699c1ab40f1dc896
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      2de4e22a
  20. 25 Sep, 2012 1 commit
    • Hugh Davenport's avatar
      Add option to disable device detection · 109eb4a5
      Hugh Davenport authored
      
      
      Also add a few theme changes that allow some more
      features on small devices.
      - Printing links
      - Settings link in top right corner
      - Create/copy page/collection link
      - Edit/delete buttons
      - Remove group members button
      - Help icons
      - Administration link
      
      Also made the admin link show in full
      
      The items that are disabled when device detection is on
      and user is on a mobile device are:
      - TinyMCE editor
      - Adding new blocks to pages, this is now a non-js version
      - Dropdown menu's
      - Export functionality
      
      Bug #1052060
      
      Change-Id: I5a8fe3cf136bb0c3e76e50a2b3bc48179c675b6a
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      109eb4a5
  21. 01 Aug, 2012 1 commit
  22. 31 May, 2012 1 commit
    • Richard Mansfield's avatar
      Add support in User for theme preference · c1fda6fe
      Richard Mansfield authored
      
      
      Part of bug #793308
      
      If a user has the 'theme' property set in their account preferences,
      this is used instead of the site or institution's theme.
      
      The LiveUser::reset_institutions() function, which recalculates the
      institution theme, is now called in place of LiveUser::update_theme()
      whenever a user's institutions have changed.  reset_institutions() now
      calls update_theme() if the user is a LiveUser.
      
      Change-Id: I75b36da85a5aa249c3098078b8588b8a20ac9b48
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      c1fda6fe
  23. 02 Mar, 2012 1 commit
  24. 07 Feb, 2012 1 commit
    • Richard Mansfield's avatar
      Add admin report on access lists of user pages (bug #919009) · 6266cae9
      Richard Mansfield authored
      
      
      Adds a new "User reports" page to the admin section, accessible by
      admins, which produces a list of all the pages owned by a given set of
      users, and a list of who is on the access list for each page.
      
      The users are selected using the checkboxes on the admin user search
      page, and the page is reachable from admin user search using a new
      "View reports" button on that page.
      
      The CSV download that previously appeared on the Bulk actions page is
      more appropriate on a reports page, so CSV download is also moved from
      Bulk actions to User reports.  Email and remoteuser fields are only
      displayed to site and institution administrators.
      
      Because some sites will not want to allow staff to see the page access
      lists of all users in their institutions, access to this page by staff
      is controlled by a new "Staff report access" site setting.
      
      Change-Id: Id02b58416e3dfb28fd39c1170426ddefe6669efe
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      6266cae9
  25. 28 Sep, 2011 1 commit
    • Richard Mansfield's avatar
      Create all profiles with logged-in access by default (bug #807278) · f820ea6c
      Richard Mansfield authored
      
      
      There is currently only a site-wide setting for logged-in profile view
      access.  This means that when two institutions share a site, and one
      wants open profiles and another only wants institution-visible profiles,
      new users in the open-profile institution must be asked to manually add
      logged-in access on their profile.  Because we expect many more
      open-profile institutions than closed-profile institutions on a site, it
      makes more sense to put the onus on the closed-profile institutions to
      ensure their members remove logged-in access manually.
      
      This change ensures logged-in access is added to all new profiles, but
      only locks that access when the loggedinprofileviewaccess setting is on.
      
      Change-Id: I3375d7b2f8eb635a11879bf7758267f48f74c508
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      f820ea6c
  26. 21 Sep, 2011 1 commit
  27. 24 Aug, 2011 1 commit
  28. 27 Jul, 2011 1 commit
  29. 21 Jul, 2011 1 commit
  30. 12 Jul, 2011 1 commit
  31. 30 Jun, 2011 1 commit
  32. 27 Jun, 2011 1 commit
  33. 08 Jun, 2011 2 commits
  34. 13 May, 2011 1 commit
  35. 29 Apr, 2011 1 commit
  36. 20 Apr, 2011 1 commit
  37. 13 Apr, 2011 1 commit