Update the XWiki auth screen: added client secret, aligned the UI with the storage UI.
Auth now supports only registered clients on the XWiki side.
---------
Co-authored-by: Jan Sandbrink <j.sandbrink@openproject.com>
* Create the section component
* Create the form configuration component
* Create a controller
* change form template
* Use primer dialog for reset to defaults button
* show WP configuration modal while creating a related WPs table
* Fix the drag and drop functionality without save button
* Fix renaming functionality
* Use generic drag and drop in form configuration and move all client side action handling to server side
* Fix embedded query form configuration regressions
* Add data test selectors to all elements that we used for test
* update the current tests with the new implementations and design
* Add new tests for new controller of sections and rows
* WP quesry row should only have edit quesry action
* Update transformer spec regarding the new changes
* Fix the failing test in reset form configuration and some tests for actions
* Fix rubocop errors
* Fix eslint errors
* Add spec for removing a section
* Use condensed border boxes
* fix failing specs
* fix failing specs
* Switch the buttons in form configuration component
* Create the section at the top of the list
* Instead of using UUID, use the name of the group as the key
* Add missing check for EE for section actions
* Remove angular components
* Use action list instead of a border box for left side panel
* Reduce the margin between the right side panel and sub header, add some space to the query table left side, span to the whole available space
* Show validation errors while updating and creating a section
* Use a danger dialog for reset to default
* Add a confirmation for removing the section
* Align items in the row
* Use test_selector instead of data-test-selector
* Create move_action in rb file
* Create move_action in rb file
* Simplify section component
* Simplify form configuration component
* Remove dialog for rename and delete section on missing EE
* Create a component for inactive attribute list
* Create a separate component for reset dialog
* Remove EE feedback dialog
* Remove form partial which is not needed anymore
* Remove unused js strings
* Update using update_via_turbo
* Remove form configuration rows controller
* Create a blanksalte component
* Fix failing specs
* Fix failing specs
* Fix failing specs
* Remove unused translation strings
* Align form configuration section routes with actual create flow
* Change section to group
* Change section to group in services and controllers
* Change section to group in en.yml
* Fix rubocop errors
* Move the query group persistence assertion from the JS feature spec
to the synchronous form configuration groups controller spec.
* Reuse query service result in embedded query build
* Keep inactive attribute filter after turbo list refresh
* Extract form configuration group edit state into form model
* Fix the failing test
* Potential fix for pull request finding 'CodeQL / Potentially uninitialized local variable'
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* Rename inactive attribute component inputs
* Refine reset dialog wording for form configuration
* Use direct Turbo action for adding attribute groups
* Reuse generic filter-list controller for inactive attributes
* Remove focus impelementation in ts
* Group form configuration Stimulus controllers under one namespace
* Use turbo request service in form configuration controller
* Clarify legacy group key normalization in form config contract
* Replace inactive attribute list wrapper via turbo stream
* Extract duplicate untitled group key generation into Type::FormGroup.next_untitled_key
* Auto-generate untitled group name on create instead of returning an error
* Avoid mixed return types in form config group create service
* Extract shared form configuration group service behavior into concern
* Fix spacing for the last group and italic font for the placeholder rows
* Replace Angular no-results component with Primer Banner on form configuration page
* Hide dropped element immediately to prevent flickering before Turbo Stream response
* Reload type before rendering create error to prevent duplicate groups
* Await service initialization before use to prevent potential race condition
* Replace sleep calls with deterministic waits in form configuration spec
* Handle malformed JSON and invalid query errors gracefully in form configuration update
* Make query group label a clickable button and empty group hint italic
---------
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Update the OAuth section for the XWiki provider. Since XWiki provides only public clients, there are no client secrets passed in between OP and XWiki. Thus, the UI is, for now, just a mock with a client ID.
This error is intended for cases when a method is
intentionally not implemented, because the module/class defining
it expects a subclass (or class including the module) to implement
the method.
This is intended to distinguish it from other cases, such as:
* feature not implemented yet
* edge case of a method call not yet supported
Notably it avoids the misuse of the Ruby-defined NotImplementedError,
which is only intended for much more specific scenarios:
> Raised when a feature is not implemented on the current platform. For example, methods depending on the fsync or fork system calls may raise this exception [...]
Also see https://docs.ruby-lang.org/en/master/NotImplementedError.html
When the BCF API receives a request to change the project id
(e.g. `{ project_id: 0 }`), the SetAttributesService sets
`model.id = 0` in memory before the contract validates.
The contract's `validate_user_allowed_to_manage` correctly uses
`with_unchanged_id` to restore the original id before checking
permissions. However, `writable_attributes` was not protected the
same way — it checked permissions against the model with the
user-modified id (0), which doesn't exist.
This caused the UserPermissibleService's permission cache to be
populated with an entry for the model keyed at hash(0) with empty
permissions. When `validate_user_allowed_to_manage` later restored
the id and queried the cache at hash(original_id), Ruby's Hash could
exhibit undefined behavior due to the mutable key — during rehash
operations, the stale entry (empty permissions) could shadow the
correct one, causing the authorization check to intermittently fail
with 403 instead of the expected 422 (id not writable).
Wrap `writable_attributes` in `with_unchanged_id` so permission
checks always run against the original project, consistent with
`validate_user_allowed_to_manage`.
- Modify jira_open_project_references unique constrant
It must include jira_id, because multiple jira configuration can refer same op entities.
- Add finalization modal
- Add finalization job
The job activates all imported users. Checks that user_limit has not been exceeded with specific contact.
Destroys jira_* objects.
- Destroy jira object on revert as well.
- Use EmptyContract when creating Attachements, WorkPackages, Members
- Import only users fetched in the current jira_import. It was a bug.
Tomas Hykel