1. 02 Oct, 2013 1 commit
  2. 01 Oct, 2013 1 commit
    • Hugh Davenport's avatar
      Fix permissions of group area (Bug #1034180) · f5cebdef
      Hugh Davenport authored
      A user should not be able to view/publish an artefact if
      - they don't have view/publish permission of that artefact
      - they don't have view permission of all parents of that artefact
      
      A user should not be able to edit an artefact if
      - they don't have edit permission of that artefact
      - they don't have edit permission of the immediate parent of that artefact
      - they don't have view permission of any parents below the immediate
      
      This is similar to the UNIX permissions, you shouldn't be able to view
      a directory unless all directories below have read (r) and executeable (x)
      bits set. The same for editing, you need write (w) permissions of the
      immediate parent, and rx for all parents.
      
      In Mahara, there are no executeable bits, but it can be assumed
      that view is basically the same as rw for container artefacts, and the same
      as r for non container artefacts.
      
      Change-Id: I4f84aca05dd08d02b05fbe084e4724f78c8681a0
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      f5cebdef
  3. 10 Sep, 2012 1 commit
    • Son Nguyen's avatar
      Allow users to choose institution themes for browsing if in multiple · 19d6788e
      Son Nguyen authored
      institutions (Bug #793308)
      
      - Add a help file to explain the user setting: 'Theme'
      - By default, users can choose one of their institution's themes as
      their prefered theme.
      - if site admins set $cfg->sitethemeprefs = true in config.php,
      users can ALSO choose standard site's themes as preferred theme for
      browsing the site.
      - remove the option 'No theme selected'
      - sort the themes in alphabetical order
      
      Change-Id: I6f144747338e88eb1f90c79f0f7934449fe0ab63
      Signed-off-by: default avatarSon Nguyen <son.nguyen@catalyst.net.nz>
      19d6788e
  4. 12 Aug, 2012 1 commit
  5. 06 Aug, 2012 1 commit
  6. 03 Aug, 2012 1 commit
  7. 01 Aug, 2012 1 commit
  8. 04 Jul, 2012 1 commit
  9. 03 Jul, 2012 3 commits
  10. 01 Jun, 2012 1 commit
  11. 31 May, 2012 2 commits
    • Richard Mansfield's avatar
      Add support in User for theme preference · c1fda6fe
      Richard Mansfield authored
      Part of bug #793308
      
      If a user has the 'theme' property set in their account preferences,
      this is used instead of the site or institution's theme.
      
      The LiveUser::reset_institutions() function, which recalculates the
      institution theme, is now called in place of LiveUser::update_theme()
      whenever a user's institutions have changed.  reset_institutions() now
      calls update_theme() if the user is a LiveUser.
      
      Change-Id: I75b36da85a5aa249c3098078b8588b8a20ac9b48
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      c1fda6fe
    • Richard Mansfield's avatar
      Gather themename, logo & stylesheets together in User object · a9e7ef47
      Richard Mansfield authored
      The Theme constructor expects a triple (basename, logo, stylesheet),
      which is passed by the User::get_themedata function.  But the three
      properties are stored separately in the User object.  If they are
      grouped together, then it will be easier to switch themes in and out
      at a later date.
      
      The three properties are combined under the 'institutiontheme' name,
      to make it clear that they are defined by the user's institutions, and
      to distinguish them from the user's own theme preference.
      
      This requires a slight change to code for setting a view theme on view
      creation, where only the basename property is allowed, because custom
      themes with logos & stylesheets are not yet available as view themes.
      
      Change-Id: Ie400a0f1c4a2172382dfaba14139f1b0b27f2120
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      a9e7ef47
  12. 18 May, 2012 1 commit
  13. 13 Feb, 2012 1 commit
    • Richard Mansfield's avatar
      Get unread message count from user table (bug #854403) · 60167828
      Richard Mansfield authored
      Also keeps the count in the $USER object up to date whenever the
      user deletes or reads a notification.
      
      When new notifications are generated for a live user by another user,
      or on cron, the logged-in user's unread count is reloaded from the
      database into the session either on hitting the inbox, or whenever
      $USER is committed for some other reason.
      
      The code to reload the background fields on commit of the LiveUser
      object has been changed to ensure that it still works at upgrade time,
      where the 'reload' column doesn't exist in the user table yet, but
      *does* exist in the User object.
      
      Change-Id: I9c9a81bf77d0927352902dee0d989d6122757b47
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      60167828
  14. 06 Feb, 2012 1 commit
  15. 10 Jan, 2012 2 commits
  16. 16 Dec, 2011 1 commit
  17. 31 Oct, 2011 1 commit
  18. 27 Oct, 2011 1 commit
  19. 06 Oct, 2011 1 commit
  20. 04 Oct, 2011 2 commits
  21. 28 Sep, 2011 1 commit
    • Richard Mansfield's avatar
      Create all profiles with logged-in access by default (bug #807278) · f820ea6c
      Richard Mansfield authored
      There is currently only a site-wide setting for logged-in profile view
      access.  This means that when two institutions share a site, and one
      wants open profiles and another only wants institution-visible profiles,
      new users in the open-profile institution must be asked to manually add
      logged-in access on their profile.  Because we expect many more
      open-profile institutions than closed-profile institutions on a site, it
      makes more sense to put the onus on the closed-profile institutions to
      ensure their members remove logged-in access manually.
      
      This change ensures logged-in access is added to all new profiles, but
      only locks that access when the loggedinprofileviewaccess setting is on.
      
      Change-Id: I3375d7b2f8eb635a11879bf7758267f48f74c508
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      f820ea6c
  22. 12 Sep, 2011 1 commit
  23. 07 Sep, 2011 1 commit
  24. 02 Sep, 2011 1 commit
  25. 01 Sep, 2011 1 commit
  26. 25 Aug, 2011 1 commit
  27. 24 Aug, 2011 2 commits
  28. 19 Aug, 2011 1 commit
    • Hugh Davenport's avatar
      Allow group members to view their own files · 7d9b3749
      Hugh Davenport authored
      If a file is in the groups area that doesn't have member access
      then the group member that initially uploaded it can't view it
      
      This patch allows the author (uploader) of a file to still have access
      no matter what the access is set to for the group role they belong to
      
      Bug #812673
      
      Change-Id: I1d5bbccb41d34af15617ac5abc673b1265ac9f3e
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      7d9b3749
  29. 16 Aug, 2011 1 commit
    • Richard Mansfield's avatar
      Preserve admin/system user fields when committing LiveUser instance · 725ba929
      Richard Mansfield authored
      The $USER object is saved to the usr table in the db whenever it
      changes, and also periodically when the lastaccess property is updated.
      However, for some fields, it's not appropriate to overwrite the db
      value with the $USER property, because these fields are generally only
      modifiable by an admin (e.g. quota, suspended) or the system (e.g.
      active).  Previously we have tried to deal with this by removing the
      sessions of users whose properties are modified by an admin.  This is
      okay when suspending or deleting a user, because the user should be
      forced to log out anyway.  But for other properties like the user file
      quota, it shouldn't be necessary to force the user to log out because
      the value was modified by an admin.  It makes more sense to specify a
      list of fields (including quota) that should be reloaded into $USER on
      every commit.
      
      Change-Id: Id0268a29be976a506b09d81aeb6a5b80a26e72fa
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      725ba929
  30. 03 Aug, 2011 1 commit
  31. 27 Jul, 2011 1 commit
  32. 12 Jul, 2011 2 commits
  33. 05 Jul, 2011 1 commit