1. 21 Jan, 2015 1 commit
  2. 14 Jan, 2015 1 commit
  3. 22 Sep, 2014 1 commit
  4. 18 Sep, 2014 1 commit
    • Robert Lyon's avatar
      The archiving of submitted pages/collections from groups (Bug #1335670) · 5c57b565
      Robert Lyon authored
      This patch contains:
      - The export queue system where pages/collections on release from
      submission are added to the export queue table ready to be archived.
      - The export queue admin page showing what is in the queue to be
      exported. The cron runs every 6 minutes. Queue items failed to export
      are also shown here.
      - The archive list admin page, where one can download the generated
      leap2a files for the archived submissions.
      
      In this patch you should be able to add things to the export queue by
      either releasing a sumbission on a group that has 'archive
      submissions' option ticked. This will add the archive to that archived
      submission page, or you can also run a leap2a export from portfolio
      export which will add the export queue and send you an email once the
      export is done.
      
      Things to note:
      - The is a server busy function that stops the export queue from
      running but I'm not too sure if the threshold is too low/high
      - The export queue tries to export the first 100 items each run but if
      resources are fine in handling that easily then the number could be
      higher but I'm not sure of what will be a good number.
      - Currently there is alsoe infrastructure like table columns for dealing
      with releasing submissions from external systems (eg moodle) but that
      functuionality is yet to be built.
      - The checking of server busy in MS windows untested - may need to
      just let MS ignore server busy check as there doesn't seem to be
      standard way to check this.
      
      Change-Id: If4c1d272e9c5d46fbf16b2ff73ceb2687c06ffd4
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      5c57b565
  5. 16 Sep, 2014 1 commit
    • Nigel Cunningham's avatar
      (Bug548021) Add support for anonymising pages. · 9624d430
      Nigel Cunningham authored
      This patch adds support for anonymising pages.
      
      It creates a site option in the General Settings section named 'Allow
      anonymous pages' that must be checked for any page to be anonymised.
      
      If the site option is enabled, a new 'Anonymise' setting in the
      'Edit title and description' tab of pages is enabled, allowing the owner
      to request that this page be anonymised.
      
      When both settings are enabled and a user views a page, two things may
      happen to the author's information.
      
      First, if the user is not logged in or does not have admin, staff or
      owner privileges for the page, the author's name is replaced by the
      anonymous text (defaulting to "(Author's name hidden)") in both the
      body of the page and the metadata author field.
      
      If the user does have admin, staff or owner privileges for the page,
      the author's name is anonymised as above except that the text displayed
      is made into a link. When this link is clicked, the anonymous author
      text is replaced by the normal author information for the page.
      
      Anonymous pages displayed in the 'Latest pages' block and shared with
      a group are also anonymised by this patch.
      
      Change-Id: I2e2c92f641329a1a305cf58a5c5d47bf95436a8b
      Signed-off-by: default avatarNigel Cunningham <nigelc@catalyst-au.net>
      9624d430
  6. 15 Sep, 2014 1 commit
  7. 14 Sep, 2014 1 commit
  8. 07 May, 2014 1 commit
  9. 16 Apr, 2014 1 commit
    • Nathan Lewis's avatar
      Improvements to notification system (Bug #1299993) · 63e0484d
      Nathan Lewis authored
      - Each activity type can specify a default notification method. They default
        to 'email' to remain backwards compatible.
      - Each activity type can specify if it is allowed to be set to 'none'. Defaults
        to 'allowed' for backwards compatibility.
      - Removed 'required' from notification settings - it didn't make sense, and the
        change above deals with this in a better way.
      - The site wide defaults for each activity type can be edited in
        Site options -> Notification settings. These are applied to new users or
        whenever a user does not have the appropriate usr_activity_preference records.
      - Removed 'Default notification method' as it's functionality is now covered by
        the change above.
      - There is a separate help next to each activity type to explain what messages
        will be affected by the setting.
      
      Change-Id: I131cdeefbeaa8e43688aefd9d770fc8cb9bceea8
      Signed-off-by: default avatarNathan Lewis <nathan.lewis@totaralms.com>
      63e0484d
  10. 27 Mar, 2014 2 commits
  11. 26 Mar, 2014 1 commit
    • Tobias Zeuch's avatar
      New watchlistnotification Plugin (Bug 1041228) · 6fe99d5f
      Tobias Zeuch authored
      Introducing a new plugin watchlistnotification that responds to the
      events saveartefact, blockinstancecommit and deleteblockinstance. It
      stores the changed view and the blockinstance in a table watchlist_queue
      and checks via cron if there were any changes on a view and if for that
      view the last change has happened some time ago (the minutes are stored
      in config under watchlistnotification_delay, the default is 20min).
      
      If so, a message is generated that informs the watchlist recipient about
      which view and which block-instances on this view have been touched
      (added or changed).
      
      As there is no way to disable the built-in/old watchlist-notification-
      system, this is disabled in the mahara-core code, that is,
      artefact/lib.php and lib/view.php
      
      Change-Id: I039c5285cdd1b09ed9eb38a647e0c1510c3cabb9
      Signed-off-by: default avatarTobias Zeuch <tobias.zeuch@kit.edu>
      6fe99d5f
  12. 25 Mar, 2014 1 commit
  13. 12 Mar, 2014 1 commit
  14. 22 Jan, 2014 1 commit
    • Robert Lyon's avatar
      Allowing for users to not show up in public search (bug 1257953) · e8f57ea6
      Robert Lyon authored
      Thinking of privacy issues here - when should the users showup on
      search results.
      
      This patch allows users to show up based on the access of their
      profile page (accesstypes: public, loggedin, friends) and whether
      'Show users in public search' is set or not.
      
      Normally all profile pages are accessible by logged in users - but
      this can be altered if 'Logged-in profile access' is unchecked and
      users remove the access off their profile page.
      
      Change-Id: I4daa8cb2812bddb231ba489dfeefb4843b653d40
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      e8f57ea6
  15. 05 Dec, 2013 1 commit
  16. 27 Nov, 2013 1 commit
  17. 17 Nov, 2013 1 commit
  18. 11 Nov, 2013 1 commit
  19. 14 Oct, 2013 1 commit
  20. 09 Oct, 2013 1 commit
    • Aaron Wells's avatar
      Fixing variable name typo · 083baf17
      Aaron Wells authored
      Bug1237183 : This typo caused a warning to be thrown when changing the search plugin
      
      Change-Id: Ia8b6cc9eb8fd878a90437a2212f915e0450cd063
      083baf17
  21. 20 Aug, 2013 1 commit
  22. 19 Aug, 2013 1 commit
  23. 16 Jun, 2013 1 commit
    • Robert Lyon's avatar
      Fix for automatic account expiry (Bug #1097565) · 4919c4e1
      Robert Lyon authored
      Added site options to allow for override of user expiry when
      setting site expiry (if the user is not site admin).
      
      - for new users
      - for new users and existing users without expiry set
      - for all users
      
      Allowing for switching back to 'no end date'.
      Need to force refresh the page to display info correctly after save.
      
      Change-Id: I0a772b3db7c2ae5144ed4120cf851d4bba633f66
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      4919c4e1
  24. 28 Apr, 2013 1 commit
  25. 15 Feb, 2013 1 commit
  26. 21 Jan, 2013 2 commits
    • Jiri Baum's avatar
      Masquerading auditability - log events. (Bug #1027574) · 7a6d1f34
      Jiri Baum authored
      Log events, including both user IDs when masquerading is in progress. The log
      can be configured to log all events or only those while masquerading is in
      progress or none. The log is expired after a configurable delay.
      
      Note that this logs all events (or all masquerading events) even though this
      feature only includes one report of one type of event.
      
      Change-Id: I7a59d98b84b0527a55363b4d01448b9b1809aa9e
      Signed-off-by: default avatarJiri Baum <jiri@catalyst-au.net>
      7a6d1f34
    • Jiri Baum's avatar
      Masquerading auditability - ask for reason, notify, emit event. (Bug #900983) · 40517fde
      Jiri Baum authored
      Masquerading (aka Loginas) is a useful and sometimes indispensable function.
      However, previously it was rather too powerful, because admins can do anything
      as the target user, with no indication that it is not the user themselves doing
      so.
      
      This feature adds some auditability to masquerading, by logging and reporting
      who, when, why and (partially) what, as well as notifying the affected user.
      
      See also bugs: #900983 and #1027574
      
      This commit changes the masquerading feature itself to request a reason from
      the admin masquerading, notify the user, and emit an event (for logging by the
      next commit).
      
      Change-Id: I066e9fdeb4d2e00679b2aa9b0b839cb4b78629a8
      Signed-off-by: default avatarJiri Baum <jiri@catalyst-au.net>
      40517fde
  27. 17 Jan, 2013 1 commit
  28. 10 Oct, 2012 1 commit
    • Hugh Davenport's avatar
      Remove clamav from site admin options · 2de4e22a
      Hugh Davenport authored
      Bug #1057238
      CVE-2012-2244
      
      When a site administrator can manipulate the path for the
      clamav scanner, they could produce either a reverse shell,
      or allow any user to execute arbitrary remote commands by
      setting it to an uploaded reverse shell, or to /bin/bash
      respectively.
      
      Other executable paths, namely pathtozip, and pathtounzip
      are only set via config.php, and not through the site admin
      interface. This option, pathtoclam, should follow the same
      design.
      
      Change-Id: I7d4822c9f54eda80682d6631699c1ab40f1dc896
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      2de4e22a
  29. 25 Sep, 2012 1 commit
    • Hugh Davenport's avatar
      Add option to disable device detection · 109eb4a5
      Hugh Davenport authored
      Also add a few theme changes that allow some more
      features on small devices.
      - Printing links
      - Settings link in top right corner
      - Create/copy page/collection link
      - Edit/delete buttons
      - Remove group members button
      - Help icons
      - Administration link
      
      Also made the admin link show in full
      
      The items that are disabled when device detection is on
      and user is on a mobile device are:
      - TinyMCE editor
      - Adding new blocks to pages, this is now a non-js version
      - Dropdown menu's
      - Export functionality
      
      Bug #1052060
      
      Change-Id: I5a8fe3cf136bb0c3e76e50a2b3bc48179c675b6a
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      109eb4a5
  30. 01 Aug, 2012 1 commit
  31. 31 May, 2012 1 commit
    • Richard Mansfield's avatar
      Add support in User for theme preference · c1fda6fe
      Richard Mansfield authored
      Part of bug #793308
      
      If a user has the 'theme' property set in their account preferences,
      this is used instead of the site or institution's theme.
      
      The LiveUser::reset_institutions() function, which recalculates the
      institution theme, is now called in place of LiveUser::update_theme()
      whenever a user's institutions have changed.  reset_institutions() now
      calls update_theme() if the user is a LiveUser.
      
      Change-Id: I75b36da85a5aa249c3098078b8588b8a20ac9b48
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      c1fda6fe
  32. 02 Mar, 2012 1 commit
  33. 07 Feb, 2012 1 commit
    • Richard Mansfield's avatar
      Add admin report on access lists of user pages (bug #919009) · 6266cae9
      Richard Mansfield authored
      Adds a new "User reports" page to the admin section, accessible by
      admins, which produces a list of all the pages owned by a given set of
      users, and a list of who is on the access list for each page.
      
      The users are selected using the checkboxes on the admin user search
      page, and the page is reachable from admin user search using a new
      "View reports" button on that page.
      
      The CSV download that previously appeared on the Bulk actions page is
      more appropriate on a reports page, so CSV download is also moved from
      Bulk actions to User reports.  Email and remoteuser fields are only
      displayed to site and institution administrators.
      
      Because some sites will not want to allow staff to see the page access
      lists of all users in their institutions, access to this page by staff
      is controlled by a new "Staff report access" site setting.
      
      Change-Id: Id02b58416e3dfb28fd39c1170426ddefe6669efe
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      6266cae9
  34. 28 Sep, 2011 1 commit
    • Richard Mansfield's avatar
      Create all profiles with logged-in access by default (bug #807278) · f820ea6c
      Richard Mansfield authored
      There is currently only a site-wide setting for logged-in profile view
      access.  This means that when two institutions share a site, and one
      wants open profiles and another only wants institution-visible profiles,
      new users in the open-profile institution must be asked to manually add
      logged-in access on their profile.  Because we expect many more
      open-profile institutions than closed-profile institutions on a site, it
      makes more sense to put the onus on the closed-profile institutions to
      ensure their members remove logged-in access manually.
      
      This change ensures logged-in access is added to all new profiles, but
      only locks that access when the loggedinprofileviewaccess setting is on.
      
      Change-Id: I3375d7b2f8eb635a11879bf7758267f48f74c508
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      f820ea6c
  35. 21 Sep, 2011 1 commit
  36. 24 Aug, 2011 1 commit
  37. 27 Jul, 2011 1 commit
  38. 21 Jul, 2011 1 commit