1. 30 Apr, 2019 1 commit
  2. 25 Oct, 2018 2 commits
  3. 13 Aug, 2018 1 commit
  4. 11 Jun, 2018 2 commits
  5. 30 May, 2018 2 commits
  6. 05 Apr, 2018 2 commits
  7. 23 Mar, 2018 2 commits
  8. 22 Mar, 2018 1 commit
  9. 08 Mar, 2018 3 commits
  10. 07 Mar, 2018 1 commit
  11. 02 Mar, 2018 1 commit
    • Robert Lyon's avatar
      Bug 1443284: Allow an unsubscribe link for watchlist emails · 17131a35
      Robert Lyon authored
      
      
      This patch:
      - adds an 'unsubscribetoken' column to usr_watchlist_view table
       (if we want to unsubscribe other messages we'd need to add an
      'unsubscribetoken' to the relevant table)
      - records the token when one watches the view
      - sends email with unsubscribe link with message type and token to
      avoid exposing any user data
      - link goes to unsubscribe.php page and either unsubscribes user or
      gives generic warning
      
      Currently only working for watchlist notifications being sent via
      email/email digest
      
      Change-Id: I823249108f521faaefe3435f03b84ddf73e2d360
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      17131a35
  12. 23 Feb, 2018 1 commit
    • Glenn Walbran's avatar
      Bug 1729079: Create a mechanism to build manual links · dbf1ef2b
      Glenn Walbran authored and Robert Lyon's avatar Robert Lyon committed
      This commits adds a mechanism that will build links to the manual pages
      such that:
      
      - user's language is used if manual exists in that language, else en
      - the manual for this mahara/series is used
      
      The key -> manual page map will need to be populated and these links added to
      pages.
      
      Change-Id: Id7871395821dce660841341dda200f231e75de16
      dbf1ef2b
  13. 22 Feb, 2018 3 commits
  14. 16 Feb, 2018 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1734178: allow user to delete own account · 9837f182
      Cecilia Vela Gurovic authored and Robert Lyon's avatar Robert Lyon committed
      added settings
      
      - institution level: reviewselfdeletion
          0 if the institution does not require approval
            from an admin to delete an account
          1 if the institution requires an admin to approve
            account deletion requests from users
          if not set, it takes the value from the site's
          default
      
      - site level: defaultreviewselfdeletion
        (Site options->User Settings -> Review account before self-deletion)
          1 if the site's default is requiring approval
          null otherwise
      
      Account deletion by a user
      
      when a user accesses to the account settings, a
      'Delete account' button is displayed.
      
      This will:
      - If the user belongs to an institution that requires
        approval (or does not have the settings but the site
        requires approval by default)
          then a notification will be sent to the admins
          of the institutions that require approval that
          the user belongs to
      - if the user belongs to institutions and none of them
        require approval (or does not have the setting
        but the site does not require approval by default)
          then the account is deleted
      - if the user does not belong to any institution
          then the action will depend on the setting of
          the 'mahara' institution or sites default if
          'mahara' doesn't have the setting
      
      Approval by institution admins
      
      An institution admin can see the pending deletion
      requests in Admin menu-> Institution -> Pending deletions
      After approving/denying a request, the user
      that requested the account deletion will receive
      a notification
      
      behatnotneeded
      Change-Id: I4ccd9c798cab065ec557eaddf7dfc3a51920b6d0
      9837f182
  15. 15 Feb, 2018 1 commit
  16. 12 Feb, 2018 1 commit
  17. 05 Feb, 2018 1 commit
    • Maria Sorica's avatar
      Bug 1734174: Add the after login privacy page · 44a6284e
      Maria Sorica authored
      Upon login, if the user has not yet agreed to the most
      recent Privacy statement versions, he will be redirected
      to this page.
      
      On install admin user accepts default privacy
      
      behatnotneeded
      
      Change-Id: I6afc3d4d4db0676782a8b1501a962862108eab6b
      44a6284e
  18. 24 Jan, 2018 2 commits
  19. 19 Jan, 2018 2 commits
  20. 09 Jan, 2018 3 commits
  21. 03 Jan, 2018 1 commit
  22. 16 Nov, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1572825: added Voki html filter for embed code · 207889a5
      Cecilia Vela Gurovic authored and Robert Lyon's avatar Robert Lyon committed
      Added new html custom filter to allow
      voki embed code with javascript tags.
      
      issue with the creation/edition of blocks:
      
      Voki embed code its a javascript code that loads
      js functions from a remote file and makes a call to a
      AC_Voki_Embed() function
      
      parameters:
      
      function AC_Voki_Embed (width, height, chsm, sc,
      transparent, bgcolor, returnFlag, playerType)
      
      The number of parameter makes the difference between
      old and new voki code. The old one will have only 7,
      the new one will have one more.
      
      The new embed code will have playerType = 1
      The function uses an XMLHttpRequest to obtain the
      new embed code. When we are loading the page,
      there is no problem. But when we are editing or
      creating the block, the the connection with the object
      gets lost and the embed code is never loaded.
      Solution found: reload the page after editing or adding
      a block with new voki code.
      
      The old voki code can have
      returnFlag = 1 will return a string with the code
      returnFlag = 0 will load the embed code in the page (by default)
      In this last case, after the function creates the embed code,
      it will call document.write('embed code')
      if we are loading a page with the embed code, we have no problem
      but if we have the page already loaded and we are editing the block
      or creating it, the document.write will replace all the html
      with the embed code.
      Solution found: change parameter of the function so it returns
      the code instead, then manually add it in the correct place
      of the html.
      
      behatnotneeded
      
      Change-Id: Ieed00b6c6887715b707b8123082a1312f3db1d9c
      207889a5
  23. 30 Oct, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1660237: removed old mobile api · d7018426
      Cecilia Vela Gurovic authored and Robert Lyon's avatar Robert Lyon committed
      removed code from htdocs/api/module/ files and replace it with a json reply error message.
      removed the 'allowmobileuploads' config variable since it is only used by the old mobile api.
      removed the 'mobileuploadtoken' values in usr_account_preferences since they are only used by old mobile api. The new mahara mobile uses external_tokens table to store its access tokens.
      
      behatnotneeded
      
      Change-Id: I02e94079fc83aa6a81534b70446f7e8ab2ebd7a4
      d7018426
  24. 27 Oct, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Security Bug 1701978: fix session cookie issues · d02855fc
      Cecilia Vela Gurovic authored
      1. when a user logs in it clears any obsolete
         usr_session cookies for the user
      2. recording the user-agent of the session
         and if it changes to prompt the user to
         login again
      3. when self adding / editing email address(es)
         send 2 emails
      	- one to the new email address asking user to confirm address
      	- and one to the primary email address to alert user
      	that a new email is being added to their account and
      	if this is bad how to contact their admin about the problem.
      
      behatnotneeded
      Change-Id: Ia44b66cf831abd553b72aa8b1d58d2a2634863b8
      d02855fc
  25. 29 Sep, 2017 1 commit
  26. 26 Sep, 2017 1 commit
  27. 24 Sep, 2017 1 commit