Before, it was implemented by passing the changed attribut keys over to
the contract to whitelist them.
This lead to:
* The contract interface becoming bloated
* Having to rely on the knowledge of the developer not to falsely
whitelist an attribute. The developer would also have to make sure
to not perform a mass assignment after the attribute has been
whitelisted
The new approach it to integrate the behaviour into the model which is
first altered in the service before it is scrutinized in the contract.
The information about the changed attributes is now stored inside the
model which removes the necessity to flag the whitelisted attribute
separately. Additionally, the exact change is tracked. So if an
attribute is set to one value inside a whitelisted block there is no
risk in later on performing a mass assignment.
This comes at the cost of extending the models which is weird also it is
build into the default SetAttributesService so child classes do not have
to worry. One might include the module into every AR model but currently
we only need it for a very specific use case.
* Add common base service create service examples
* Rewrite user service spec into the common service
* Rewrite CustomFields::CreateService spec into common
* Rewrite Messages::CreateService into common
* Rewrite Projects::CreateService with common example
* Rewrite Grids::CreateService spec with common examples
* Rewrite BIM::IfcModels::CreateService with common examples
* Rewrite Bim::Bcf::Issues::CreateService with new common examples
* Add global permission for add_user
* Rename fieldset for global roles to "Global"
* Add permission to admin actions
* Add index action to add_user permission
* Redirect to first admin item if only one
* Hide status action for non admins
* Break down user form into partials for easier rendering
* Disable some user form tabs for non-admins
* Make users API and services conformant with endpoints
* Fix references to DeleteService#deletion_allowed?
* Authorize add_user on show as well
* Only show invite user toolbar item with permission
* Fix Delete Service spec
* Fix the way user prefs are handled in service
* Ensure session_id is treated as string
This causes a cast error otherwise as it passes rack session locally
* Fix service call on onboarding controller
* Fix service call on users controller
* Add delete spec for global user
* Hide login attribute again when adding a new user
* Render auth source correctly in simple form
* Fix creating invited users through service
The invitation requires the mail attribute to be present.
Previously, there was a manual error added to the mail.
As the errors are now determined by the contract + model, we now
end up with all missing properties as errors.
* Properly constraint attributes for non-admins
* Add specs for global user
* Start working on how to update password from UsersController
that code is a mess...
* Change permitted_params spec to include non-admin params
* Fix create user service spec
* Remove mail_notification param from users controller
It's not part of the contract/params passed to user
* Remove todos
* Extend docs
* Correct the way backlogs patches into the user settings
* Remove superfluous UpdateUserService
* Rewrite duplicated update service examples into common shared example
* Remove duplicate password writable check
* Base Users::DeleteContract on base delete contract
* Move checks for active users into the UserAllowedService
* Restore password writable check as it is not an attribute
* Fix menus for global user
* Allow global users to add custom fields
* Allow global user add permission to reinvite user
* Fix changed var name in update service spec
* Ensure also invited or registered users can be authroized
This ensure that e.g., invited users can also be set as watchers
* fix typo
Co-authored-by: ulferts <jens.ulferts@googlemail.com>
Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded.
Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
Jan Sandbrink