1. 11 Apr, 2019 1 commit
  2. 09 Apr, 2019 1 commit
    • Robert Lyon's avatar
      Bug 1823065: Site staff should not see users outside 'no institution' · 279c33c4
      Robert Lyon authored
      When $cfg->isolatedistitutions are turned on because if they can and
      message a user that user can't reply to them
      Also fixed default filter option from throwing error if current user
      is in no institution
      Also fix up online users - consolidate duplicate code and restrict
      non-admins in no institution is isolated institutions is turned on
      Change-Id: I5828147461f513bb392598d62337d417e631e6f2
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
  3. 02 Apr, 2019 1 commit
  4. 30 Mar, 2019 1 commit
    • Gregor Anzelj's avatar
      Bug 717196: Isolated institutions · 258c4744
      Gregor Anzelj authored and Robert Lyon's avatar Robert Lyon committed
      Isolated institutions is a feature that allows locking down
      access for members of institutions so that they are separated
      entirely and disallow contact between members of one
      institution with members of another institution.
      Change-Id: Ib94681aff5543ad26887f24b2eb7fce9d0c8b8d2
  5. 29 Mar, 2019 1 commit
  6. 27 Mar, 2019 1 commit
  7. 14 Mar, 2019 1 commit
  8. 26 Feb, 2019 2 commits
  9. 22 Feb, 2019 1 commit
  10. 07 Feb, 2019 1 commit
  11. 23 Jan, 2019 1 commit
  12. 19 Dec, 2018 1 commit
  13. 20 Nov, 2018 1 commit
  14. 06 Sep, 2018 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1790742: stop deleting user sessions when updating user data · 59e381ef
      Cecilia Vela Gurovic authored
      the user sessionids are removed from the DB
      to prevent users from reseting the user data when they are logged in
      while their user is being updated through CSV file
      this fix deletes the sessionids when uploading CSV files
      and not in the update_user general function
      to prevent logging out of the user when updating through web services
      Change-Id: I3eca84dd10a035c4b9fe3ad180ca8ba32746b3c6
  15. 31 Aug, 2018 1 commit
  16. 14 Aug, 2018 1 commit
    • Rebecca Blundell's avatar
      Bug 1752743: replace php 7.2 deprecated functions · c6c6c295
      Rebecca Blundell authored and Robert Lyon's avatar Robert Lyon committed
      replaced each() with foreach in core code.
      replaced create_function() with anonymous function in core code.
      Also removed some functions that were not used anymore
      Change-Id: I300396a1ec04c75d7882b7ec5c9de76c3763e70d
  17. 01 Aug, 2018 1 commit
  18. 19 Jun, 2018 2 commits
  19. 20 May, 2018 1 commit
    • Robert Lyon's avatar
      Bug 1763163: record who has been given what page for one time copy · 1dcaef85
      Robert Lyon authored
      This changes the parent patch a bit. Instead of recording on the view
      table if a page is able to be copied to existing group members we
      insetad record in a new existing copy table if a group page/collection
      has been copied to a member and if not make the copy.
      We've also made the switch a slide switch, eg when switching it to
      'Yes' it does the task on save and then switches back to 'No'.
      This means at a later time if set to 'Yes' again it will do the copying
      again and give any newer members a copy of all pages/collections as
      well as give older members copies of any newer pages / collections /
      collection pages since the previous switching to 'No'
      Note: Currently adding new collection pages to older members will only
      add the pages as singular pages to their portfolio.
      Change-Id: Ia22d8138d80ec5fdb5a401de7289b256f9e5fc69
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
  20. 02 May, 2018 1 commit
  21. 21 Mar, 2018 1 commit
  22. 06 Mar, 2018 1 commit
    • Ghada El-Zoghbi's avatar
      Bug 1745278: check user is logged in for publicly viewable groups · 65f6e575
      Ghada El-Zoghbi authored
      When a group is public and allows submissions, we need to check
      that the user is logged in before retrieving the list of
      sumibtted pages/collections to the group.
      Sponsored by The Australian National University
      Change-Id: Id8aeffea12aa36f27122069f9372fcb7b9ed95c5
  23. 22 Feb, 2018 1 commit
  24. 16 Feb, 2018 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1734178: allow user to delete own account · 9837f182
      Cecilia Vela Gurovic authored and Robert Lyon's avatar Robert Lyon committed
      added settings
      - institution level: reviewselfdeletion
          0 if the institution does not require approval
            from an admin to delete an account
          1 if the institution requires an admin to approve
            account deletion requests from users
          if not set, it takes the value from the site's
      - site level: defaultreviewselfdeletion
        (Site options->User Settings -> Review account before self-deletion)
          1 if the site's default is requiring approval
          null otherwise
      Account deletion by a user
      when a user accesses to the account settings, a
      'Delete account' button is displayed.
      This will:
      - If the user belongs to an institution that requires
        approval (or does not have the settings but the site
        requires approval by default)
          then a notification will be sent to the admins
          of the institutions that require approval that
          the user belongs to
      - if the user belongs to institutions and none of them
        require approval (or does not have the setting
        but the site does not require approval by default)
          then the account is deleted
      - if the user does not belong to any institution
          then the action will depend on the setting of
          the 'mahara' institution or sites default if
          'mahara' doesn't have the setting
      Approval by institution admins
      An institution admin can see the pending deletion
      requests in Admin menu-> Institution -> Pending deletions
      After approving/denying a request, the user
      that requested the account deletion will receive
      a notification
      Change-Id: I4ccd9c798cab065ec557eaddf7dfc3a51920b6d0
  25. 14 Feb, 2018 4 commits
  26. 12 Feb, 2018 2 commits
  27. 08 Feb, 2018 1 commit
    • Maria Sorica's avatar
      Bug 1734169: Suspend user if privacy statement is refused · 382e5f7e
      Maria Sorica authored
      If a privacy switch has the value 'No', a confirmation
      form will be displayed to make sure this is really the
      users decision.
      If yes, the users account is suspended.
      Change-Id: Ifa7c175569cbad780a449c8431d4d9f981839c21
  28. 05 Feb, 2018 1 commit
    • Maria Sorica's avatar
      Bug 1734174: Add the after login privacy page · 44a6284e
      Maria Sorica authored
      Upon login, if the user has not yet agreed to the most
      recent Privacy statement versions, he will be redirected
      to this page.
      On install admin user accepts default privacy
      Change-Id: I6afc3d4d4db0676782a8b1501a962862108eab6b
  29. 24 Jan, 2018 1 commit
  30. 03 Jan, 2018 1 commit
  31. 22 Nov, 2017 1 commit
  32. 10 Nov, 2017 1 commit
  33. 07 Nov, 2017 1 commit
  34. 30 Oct, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1660237: removed old mobile api · d7018426
      Cecilia Vela Gurovic authored and Robert Lyon's avatar Robert Lyon committed
      removed code from htdocs/api/module/ files and replace it with a json reply error message.
      removed the 'allowmobileuploads' config variable since it is only used by the old mobile api.
      removed the 'mobileuploadtoken' values in usr_account_preferences since they are only used by old mobile api. The new mahara mobile uses external_tokens table to store its access tokens.
      Change-Id: I02e94079fc83aa6a81534b70446f7e8ab2ebd7a4