1. 13 May, 2019 1 commit
  2. 30 Sep, 2018 1 commit
  3. 09 Sep, 2018 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1790543: Display portfolio instructions · 5cedce1f
      Cecilia Vela Gurovic authored
      1) Add an 'instructions' field to view table via install / update.
      
      2) Add 'Instructions' textarea / wysiwyg field to view settings page and
      have it save to the database
      
      3) Move generic "This area shows a preview of what your page looks like.
      Changes are saved automatically. Drag blocks onto the page to add them.
      You can then also drag them around the page to change their position."
      text in edit page to the help icon and in it's place have an expandable
      area to display the saved 'instructions' message.
      
      4) On view display page have an expandable area to display the saved
      'instructions' message
      
      5) in view edit mode, collapsing/uncollapsing the Instruction section
      is remebered automatically for next time the view is edited
      
      behatnotneeded
      
      Change-Id: Ia56323b9b734b8ebe9498c54dce5a3b934d1fd29
      5cedce1f
  4. 09 Aug, 2018 1 commit
    • Gregor Anzelj's avatar
      Bug 1743870: Moderate portfolios of regular users · 4e5e0aae
      Gregor Anzelj authored and Robert Lyon's avatar Robert Lyon committed
      Allow institution admins and site admins to immediately remove all
      sharing options from a page (or collection if the page is within
      a collection) that is deemed objectionable.
      
      behatnotneeded
      
      Change-Id: I23de7ed5c4678afe8a65e51b2aec06126948c637
      4e5e0aae
  5. 08 Aug, 2018 1 commit
    • Kevin Dibble's avatar
      Bug 1781844: Lock blocks on pages · 3e76e38e
      Kevin Dibble authored and Robert Lyon's avatar Robert Lyon committed
      A lot of users in Mahara create (Template) pages to share out to users.
      This reduces the setup a new user will have to do to. There is an issue
      that on their personal copy, the blocks that were so carefully setup can
      be deleted.
      
      This functionality creates a new column in the database called
      "lockblocks" that can be enabled/disabled on the share page.
      
      When the user copies the page, this setting is copied over and the
      "delete" icon is hidden from view should the lockblocks setting be
      enabled. This only happens on normal portfolio pages.
      
      To unset - the user can edit the page settings and
      disable the lock blocks feature to enable the deletion of the blocks as
      per normal.
      
      behatnotneeded
      Change-Id: I7a2062f77431d6371f95d7f55bedcc499dd7caa2
      3e76e38e
  6. 07 Aug, 2018 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1784781: adding peer & manager roles for user access to a view · 2ad167e5
      Cecilia Vela Gurovic authored
      - creating the role table
      - selecting the role when editing view access
      - fix: for already saved user and group access rules, show all roles
      in the dropdown to make it possible to change the value
      
      to do: display content depending on role
      
      behatnotneeded : will be added later
      
      Change-Id: Ie83e0ca84704182b40bcc2fa4a678da099a1793d
      2ad167e5
  7. 19 Jun, 2018 1 commit
  8. 17 Jun, 2018 1 commit
  9. 20 May, 2018 1 commit
    • Robert Lyon's avatar
      Bug 1763163: record who has been given what page for one time copy · 1dcaef85
      Robert Lyon authored
      
      
      This changes the parent patch a bit. Instead of recording on the view
      table if a page is able to be copied to existing group members we
      insetad record in a new existing copy table if a group page/collection
      has been copied to a member and if not make the copy.
      
      We've also made the switch a slide switch, eg when switching it to
      'Yes' it does the task on save and then switches back to 'No'.
      
      This means at a later time if set to 'Yes' again it will do the copying
      again and give any newer members a copy of all pages/collections as
      well as give older members copies of any newer pages / collections /
      collection pages since the previous switching to 'No'
      
      Note: Currently adding new collection pages to older members will only
      add the pages as singular pages to their portfolio.
      
      behatnotneeded
      
      Change-Id: Ia22d8138d80ec5fdb5a401de7289b256f9e5fc69
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      1dcaef85
  10. 16 May, 2018 1 commit
    • Robert Scally's avatar
      Bug 1763163: Copy group portfolios automatically to existing group members · 01af3dab
      Robert Scally authored and Robert Lyon's avatar Robert Lyon committed
      A portfolio shall be copied automatically to existing regular group 
      members, i.e. excluding group tutors and administrators, when
      setting up the sharing permissions for the portfolio and selecting the
      copying option in "Advanced options".
      
      When new people are added to the group, the portfolio is not automatically
      copied to their accounts as they were not in the group when the copying
      was turned on.
      
      behatnotneeded
      
      Change-Id: I5f706056e3c53f1edc8bcb86cfd41bad1df0185b
      01af3dab
  11. 02 Mar, 2018 1 commit
    • Robert Lyon's avatar
      Bug 1443284: Allow an unsubscribe link for watchlist emails · 17131a35
      Robert Lyon authored
      
      
      This patch:
      - adds an 'unsubscribetoken' column to usr_watchlist_view table
       (if we want to unsubscribe other messages we'd need to add an
      'unsubscribetoken' to the relevant table)
      - records the token when one watches the view
      - sends email with unsubscribe link with message type and token to
      avoid exposing any user data
      - link goes to unsubscribe.php page and either unsubscribes user or
      gives generic warning
      
      Currently only working for watchlist notifications being sent via
      email/email digest
      
      Change-Id: I823249108f521faaefe3435f03b84ddf73e2d360
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      17131a35
  12. 16 Feb, 2018 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1734178: allow user to delete own account · 9837f182
      Cecilia Vela Gurovic authored and Robert Lyon's avatar Robert Lyon committed
      added settings
      
      - institution level: reviewselfdeletion
          0 if the institution does not require approval
            from an admin to delete an account
          1 if the institution requires an admin to approve
            account deletion requests from users
          if not set, it takes the value from the site's
          default
      
      - site level: defaultreviewselfdeletion
        (Site options->User Settings -> Review account before self-deletion)
          1 if the site's default is requiring approval
          null otherwise
      
      Account deletion by a user
      
      when a user accesses to the account settings, a
      'Delete account' button is displayed.
      
      This will:
      - If the user belongs to an institution that requires
        approval (or does not have the settings but the site
        requires approval by default)
          then a notification will be sent to the admins
          of the institutions that require approval that
          the user belongs to
      - if the user belongs to institutions and none of them
        require approval (or does not have the setting
        but the site does not require approval by default)
          then the account is deleted
      - if the user does not belong to any institution
          then the action will depend on the setting of
          the 'mahara' institution or sites default if
          'mahara' doesn't have the setting
      
      Approval by institution admins
      
      An institution admin can see the pending deletion
      requests in Admin menu-> Institution -> Pending deletions
      After approving/denying a request, the user
      that requested the account deletion will receive
      a notification
      
      behatnotneeded
      Change-Id: I4ccd9c798cab065ec557eaddf7dfc3a51920b6d0
      9837f182
  13. 24 Jan, 2018 1 commit
  14. 09 Jan, 2018 2 commits
  15. 14 Dec, 2017 1 commit
  16. 29 Oct, 2017 1 commit
  17. 27 Oct, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Security Bug 1701978: fix session cookie issues · d02855fc
      Cecilia Vela Gurovic authored
      1. when a user logs in it clears any obsolete
         usr_session cookies for the user
      2. recording the user-agent of the session
         and if it changes to prompt the user to
         login again
      3. when self adding / editing email address(es)
         send 2 emails
      	- one to the new email address asking user to confirm address
      	- and one to the primary email address to alert user
      	that a new email is being added to their account and
      	if this is bad how to contact their admin about the problem.
      
      behatnotneeded
      Change-Id: Ia44b66cf831abd553b72aa8b1d58d2a2634863b8
      d02855fc
  18. 26 Sep, 2017 1 commit
  19. 21 Sep, 2017 1 commit
  20. 14 Sep, 2017 1 commit
    • Robert Lyon's avatar
      Bug 1692385: Adjusting the handle event for 'updateviewaccess' · a3d904e1
      Robert Lyon authored
      
      
      We want to record things like so:
      
      resourceid = view_access.id
      resourcetype = what type the view_access row is for, eg 'token',
      'user', 'loggedin' etc
      parentresourceid = the id if the view the access is for
      parentresourcetype = 'view';
      ownerid = the id of the owning resource, eg usr.id / group.id / institution.name
      ownertype = what owns the resource, eg user / group / institution
      
      Also this patch adjusts how we index things into elasticsearch
      
      behatnotneeded
      
      Change-Id: I079a42ded2fefaab64a6e49fc26e8aad303c9e8a
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      a3d904e1
  21. 09 Sep, 2017 1 commit
    • Robert Lyon's avatar
      Bug 1692385: Adjusting the event_log table · ebd928b1
      Robert Lyon authored
      
      
      Add 5 new new columns to event_log table make searching over the
      data easier and also record the id of any parent/related info as well
      
      Eg, if one deletes an image block from a page we now record:
      id - the event id
      resourceid - the block id
      resourcetype - the blocktype, eg image
      parentresourceid - the id of the parent, eg view id
      parentresourcetype - the type of parent, eg 'view'
      
      Because we would not be able to find related view info from just the
      block id anymore.
      
      Also added the ability to index and search over event information in
      elasticsearch search type event_log
      
      Change-Id: I280c1c75c35a6c58f42d8acb36cf5c24c70b902d
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      ebd928b1
  22. 29 Jun, 2017 1 commit
  23. 01 Sep, 2016 1 commit
  24. 23 Aug, 2016 1 commit
  25. 24 Jul, 2016 1 commit
  26. 22 Jul, 2016 1 commit
  27. 08 Jul, 2016 1 commit
  28. 05 Jul, 2016 1 commit
  29. 08 Jun, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1590293: Correcting inconsistencies in session expiration · 4bed19a1
      Aaron Wells authored
      1. Add some documentation to session.php explaining what
      the session.gc_maxlifetime ini setting does.
      
      2. If we can't access $CFG->session_timeout, use a timeout of
      an hour instead of the PHP default of 24 minutes.
      
      3. Limit $CFG->session_timeout to 30 days, because we're already
      enforcing that limit in session.php
      
      4. Add "usr_session.mtime" column so that we can delete old sessions
      based on inactivity instead of creation date.
      
      5. Make the cron delete old session files as soon as they've expired,
      rather than padding that an additional two days.
      
      Change-Id: I9da2b26217774566b1131e997724359715edb2fe
      behatnotneeded: Covered by existing tests
      4bed19a1
  30. 28 Mar, 2016 1 commit
  31. 16 Mar, 2016 1 commit
  32. 24 Feb, 2016 1 commit
    • Jean-Philippe Gaudreau's avatar
      Bug 1514273: Increase to longtext col holding serialized data · 4f400da4
      Jean-Philippe Gaudreau authored and Robert Lyon's avatar Robert Lyon committed
      In MySQL, the default "text" column size is 65kB. Because this column
      can hold the serialized text from several other columns, it needs to
      be larger than that. Setting it to "big" generates a "longtext", which
      is 4GB.
      
      This change has no effect in Postgres. Postgres has only one text
      size (unlimited). The XMLDB generator is smart enough that it
      recognizes this and doesn't run any SQL in this case.
      
      behatnotneeded: Changes on database columns types only.
      
      Change-Id: I2b72e840676cb7345561ef81d51846509bc04049
      4f400da4
  33. 06 Nov, 2015 1 commit
    • Jean-Philippe Gaudreau's avatar
      Increase the size of the activity queue data column (Bug 1513851) · fcbb3ad1
      Jean-Philippe Gaudreau authored
      In MySQL, the default "text" column size is 65kB. Because this column
      can hold the serialized text from several other columns, it needs to
      be larger than that. Setting it to "big" generates a "longtext", which
      is 4GB.
      
      This change has no effect in Postgres. Postgres has only one text
      size (unlimited). The XMLDB generator is smart enough that it
      recognizes this and doesn't run any SQL in this case.
      
      behatnotneeded
      
      Change-Id: I0311bf9d25dba531ced72e6f74b8d5b2d317e745
      fcbb3ad1
  34. 16 Aug, 2015 1 commit
    • Robert Lyon's avatar
      Bug 1483963 - Better reporting on login activity · 19af23b2
      Robert Lyon authored
      
      
      Added a tab 'Logins' to site statistics page that contains
      how many total logins for an institution and also how many unique
      users have logged in during a certain time period - defaults to
      previous calendar month
      
      One can get different results by adjusting the url like so
      admin/statistics.php?type=logins&start=2014-01-01&end=2015-01-01
      if needing to get a different time period
      
      On upgrade it populates the usr_login_data table with the current
      lastlogin time for non-deleted users
      
      Currently usr_login_data only records user id and ctime (for login
      time) but one could also add more columns tothe table if needing to
      record something that happens once per successful login.
      
      Change-Id: If59b207356894eaced7b9977b80d539a28cb7e56
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      19af23b2
  35. 17 Jul, 2015 1 commit
    • Aaron Wells's avatar
      Increase the size of the Leap2a entrycontent column (Bug 1474659) · 2b5b8da7
      Aaron Wells authored
      In MySQL, the default "text" column size is 65kB. Because this column
      can hold the serialized text from several other columns, it needs to
      be larger than that. Setting it to "big" generates a "longtext", which
      is 4GB.
      
      This change has no effect in Postgres. Postgres has only one text
      size (unlimited). The XMLDB generator is smart enough that it
      recognizes this and doesn't run any SQL in this case.
      
      Change-Id: Ic26f0eb3d3c3181fdcaf8729373ca87b6ecc9c8d
      2b5b8da7
  36. 18 Sep, 2014 1 commit
    • Robert Lyon's avatar
      The archiving of submitted pages/collections from groups (Bug #1335670) · 5c57b565
      Robert Lyon authored
      
      
      This patch contains:
      - The export queue system where pages/collections on release from
      submission are added to the export queue table ready to be archived.
      - The export queue admin page showing what is in the queue to be
      exported. The cron runs every 6 minutes. Queue items failed to export
      are also shown here.
      - The archive list admin page, where one can download the generated
      leap2a files for the archived submissions.
      
      In this patch you should be able to add things to the export queue by
      either releasing a sumbission on a group that has 'archive
      submissions' option ticked. This will add the archive to that archived
      submission page, or you can also run a leap2a export from portfolio
      export which will add the export queue and send you an email once the
      export is done.
      
      Things to note:
      - The is a server busy function that stops the export queue from
      running but I'm not too sure if the threshold is too low/high
      - The export queue tries to export the first 100 items each run but if
      resources are fine in handling that easily then the number could be
      higher but I'm not sure of what will be a good number.
      - Currently there is alsoe infrastructure like table columns for dealing
      with releasing submissions from external systems (eg moodle) but that
      functuionality is yet to be built.
      - The checking of server busy in MS windows untested - may need to
      just let MS ignore server busy check as there doesn't seem to be
      standard way to check this.
      
      Change-Id: If4c1d272e9c5d46fbf16b2ff73ceb2687c06ffd4
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      5c57b565
  37. 16 Sep, 2014 1 commit
    • Nigel Cunningham's avatar
      (Bug548021) Add support for anonymising pages. · 9624d430
      Nigel Cunningham authored
      
      
      This patch adds support for anonymising pages.
      
      It creates a site option in the General Settings section named 'Allow
      anonymous pages' that must be checked for any page to be anonymised.
      
      If the site option is enabled, a new 'Anonymise' setting in the
      'Edit title and description' tab of pages is enabled, allowing the owner
      to request that this page be anonymised.
      
      When both settings are enabled and a user views a page, two things may
      happen to the author's information.
      
      First, if the user is not logged in or does not have admin, staff or
      owner privileges for the page, the author's name is replaced by the
      anonymous text (defaulting to "(Author's name hidden)") in both the
      body of the page and the metadata author field.
      
      If the user does have admin, staff or owner privileges for the page,
      the author's name is anonymised as above except that the text displayed
      is made into a link. When this link is clicked, the anonymous author
      text is replaced by the normal author information for the page.
      
      Anonymous pages displayed in the 'Latest pages' block and shared with
      a group are also anonymised by this patch.
      
      Change-Id: I2e2c92f641329a1a305cf58a5c5d47bf95436a8b
      Signed-off-by: default avatarNigel Cunningham <nigelc@catalyst-au.net>
      9624d430
  38. 01 Jul, 2014 1 commit
    • Robert Lyon's avatar
      Allowing feedback notifications on group pages (Bug #1307247) · 3b0382ef
      Robert Lyon authored
      
      
      In this patch:
      - Changed the Group Edit 'General' section and added the 'Feedback
      notifications' options.
      - Changed the Group Edit 'General' section and altered the 'Shared
      page' option from tickbox to select options.
      - Changed the CommentFeedback to be able to notify multiple users in a
      group
      - Changed the CommentFeedback to be able to send message in the
      institution lang if needed.
      - Adjusted group_get_editroles_options() to allow it to return a non
      associative array
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      
      Change-Id: Ia2e995c51aa08610945788e55c809b3c650dcd17
      3b0382ef
  39. 24 Jun, 2014 1 commit