- Modify jira_open_project_references unique constrant
It must include jira_id, because multiple jira configuration can refer same op entities.
- Add finalization modal
- Add finalization job
The job activates all imported users. Checks that user_limit has not been exceeded with specific contact.
Destroys jira_* objects.
- Destroy jira object on revert as well.
- Use EmptyContract when creating Attachements, WorkPackages, Members
- Import only users fetched in the current jira_import. It was a bug.
The decision on which fields are writable has been moved into
the user's contract. Previously the fields in the My Account form were only
disabled in the frontend, but when changing the browser form, the user could
still update values. Now the contract has been updated to check the
authentication method as well, denying changes to the own name and email address.
Similarly when the contract prevents edits, this is also reflected in the admin
UI for users. It's not pretty, because there seems to be no formatting for disabled
text boxes in our old forms, but it still gives faster feedback than the
old forms, where you had to submit to see that a change to your own login
was rejected.
In the My Accounts form, this change leads to the curious case, where
an admin CAN change their own name in the My Account view, because admins
could do it in other forms as well. It's surprising, but consistent.
Additionally the behaviour has been harmonized across LDAP and other auth providers.
Editing the email address is now also forbidden in all cases for the user themselves.
Important changes:
1. Use ignored_columns to try to avoid downtime.
2. Add unique constraint for auth_provider_id+external_id.
Co-authored-by: Jan Sandbrink <453584+username@users.noreply.github.com>
* Create rake task to fix missing notification settings
* fixup! Create rake task to fix missing notification settings
* Test whether users being created without settings
* Add Users form endpoints
* Avoid cache_if as it caches properties for new_record? as well
* Add specs
* Add missing custom_field_values method
* Fix missing firstname lastname api conversions
* Disable cached_representer on user payload
* Add patch to allow using our custom setter in case of nil values
https://github.com/trailblazer/representable/issues/234
* Add test for changing status
* Fix expectation with changed attribute mapping
* Disable rendering name property for users
The name property is not accessible directly for users
* Fix attribute names for first and lastname for writable
* Ensure password is marked writable even though its not an attribute
* Avoid explicitly setting to_ar_name conversion
* Reuse AssignableCustomFieldValues concern
* Fix structure of users.apib to be flat
* Extend requests with custom fields
* Output name, but dont mark as writable attribute
* Fix id indentation
* Rename schema email property
* Fix param for user update form
* Fix schema docs
* Refactoring: Create shared examples for user contracts
* Users::UpdateContract spec added
* Add spec for updating the login of a user
* Add spec for permitted params when global permission to :manage_user
* Remove spec for :login updates for user UpdateContractSpec
The writability of the login attribute is not part of the contract
(yet).
* Use user contract for checking writability of user attributes
* Fixing user contract specs.
* use persisted user in spec
Co-authored-by: ulferts <jens.ulferts@googlemail.com>
* Refactoring: Rename permission :add_user and :add_placholder_user
to :manage_user and :manage_placeholder_user
* Add deletion to :manage_placeholder_user permission label
* WIP: Check :manage_placeholder_user permission before deletion
Specs still missing
* In controller rely on authorize_global for deleting placeholder users
* Add deletion_info for placeholder users
* Extend specs
* Set placeholder users to locked when deleting
* Review feedback
Co-authored-by: Oliver Günther <mail@oliverguenther.de>
* Adding placeholder user contracts
* Adding create, update, and delete services for placeholder users
* WIP: Adding Placeholder User contract specs [ci skip]
* Extract contract validation into common helper
* Add common validation in BaseContract + common example for admin checks
* Introduce common ModelContract shared context for validations
* WIP: PlaceholderUser controller, i18n, and routes [ci skip]
* Placeholder users index page and query
- moved all group related scopes from User to Principal to make them also available in PlaceholderUser.
* end
* Create PlaceholderUser
* Feature spec for editing a placeholder user
* Manage PlaceholderUser memberships
The managment of memberships is pretty similar for User and PlaceholderUser. This commit extacts the similarities and uses them for both.
* General partial and show view for PlaceholderUser
* Delete obosolete partial
* Allow RequireAdminGuard to be used as a module function
* Fix I18n for confirmation text
* Smaller code improvements
* Fix: Syntax for accessing status enums was wrong.
* Use UpdateService for updating a placeholder user
* Add spec for PlaceholderUsersController
* First code improvements after code review.
- more improvements to come.
* Further code improvements after review
... still more to come
* Correct namespace of delete service
* Fix: Make placeholder user contract validate
* Remove :type attribute from base contract of User and PlaceholerUser
...and add it to the CreateContracts.
Also add type validations.
Further extract shared examples for placeholder user attribute
validation
* Refactor: Extract membership hook calls to helper
* Fix redirect paths for membership controllers
* Specs already present in shared exampels.
* Fix duplicates routes for users and placeholder users
* Fix user path
* Add attribute name and lastname
We don't need a writeable check as both are equally writable
* Replace more references to tab_edit_user_path
* Skip specs for PlaceholderUsers::DeletionService
We will tackle that service in a separate PR.
* Fix module usage of RequireAdminGuard
* Fix group filter for placeholder users
* Fix invalid reference to expect_valid
* Fix: Fix tabbed edit path for placeholder users
* Fix status filtering on users
* Linting
* Improve generalisation of individual principal filter cell
- Check for presence of groups and statuses in order
to toggle visibility of their UI element.
- Remove groups from placeholder user controller and
cell initialization and options
* Fix selector on groups assign
* Remove using_shared_fixtures
Co-authored-by: Oliver Günther <mail@oliverguenther.de>
* Add global permission for add_user
* Rename fieldset for global roles to "Global"
* Add permission to admin actions
* Add index action to add_user permission
* Redirect to first admin item if only one
* Hide status action for non admins
* Break down user form into partials for easier rendering
* Disable some user form tabs for non-admins
* Make users API and services conformant with endpoints
* Fix references to DeleteService#deletion_allowed?
* Authorize add_user on show as well
* Only show invite user toolbar item with permission
* Fix Delete Service spec
* Fix the way user prefs are handled in service
* Ensure session_id is treated as string
This causes a cast error otherwise as it passes rack session locally
* Fix service call on onboarding controller
* Fix service call on users controller
* Add delete spec for global user
* Hide login attribute again when adding a new user
* Render auth source correctly in simple form
* Fix creating invited users through service
The invitation requires the mail attribute to be present.
Previously, there was a manual error added to the mail.
As the errors are now determined by the contract + model, we now
end up with all missing properties as errors.
* Properly constraint attributes for non-admins
* Add specs for global user
* Start working on how to update password from UsersController
that code is a mess...
* Change permitted_params spec to include non-admin params
* Fix create user service spec
* Remove mail_notification param from users controller
It's not part of the contract/params passed to user
* Remove todos
* Extend docs
* Correct the way backlogs patches into the user settings
* Remove superfluous UpdateUserService
* Rewrite duplicated update service examples into common shared example
* Remove duplicate password writable check
* Base Users::DeleteContract on base delete contract
* Move checks for active users into the UserAllowedService
* Restore password writable check as it is not an attribute
* Fix menus for global user
* Allow global users to add custom fields
* Allow global user add permission to reinvite user
* Fix changed var name in update service spec
* Ensure also invited or registered users can be authroized
This ensure that e.g., invited users can also be set as watchers
* fix typo
Co-authored-by: ulferts <jens.ulferts@googlemail.com>
Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded.
Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
Replaces reform by a simple layer of Disposable +
ActiveModel::Validations for contracts.
Additionally removes the custom error handling where OpenProject added
symbols to keep the ability to identify faulty attributes while having
non standard format (deviates from `%{attribute} %{message}`).
Changes to active record now allow us to define the format of a message
on i18n level, e.g. `%{message}`. Therefore the patching can be removed.
Reform plans to remove support for ActiveModel::Validations in version
4.0 at the latest but even today, support for it is hapazard. As we do
not need the full stack of Reform anyway, we can solely rely on
Disposable.
OpenProject Actions CI