Roles and Permissions: Deactivate, Restore, Delete and send invitations to users #957
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add docker production environment * fix typos * Version bump * Remove old compose file * Add hCaptcha (Attendize#793) * Add hcaptcha * Add hcaptcha to contact form * remove some duplicate code * fix use * add hcaptcha Co-authored-by: Johanna Cherry <johanna@johannacherry.com> * Add reCAPTCHA (Attendize#585) * Add optional google recaptcha on login * use recaptcha domain and added recaptcha to signup * fix recapture on signup * fix Undefined property: stdClass error * fix bool operation * Fix optional captcha * env -> config (recaptcha) fix php artisan config:cache Co-authored-by: Johanna Cherry <johanna@johannacherry.com> * Update Fees.php (Attendize#810) * Allow use of both reCaptcha hCaptcha or no capture based on config (Attendize#808) * WIP: add config for captcha and allow user to choose between them * add captha on sign up * clean up * read captcha switch from env * Add min reqs to the readme file * Add commands to makefile for clearing laravel cache and recompiling autoloaders * Add artisan migrate to the setup scripts in case there's database migrations that need to be run * Last name is required by the database schema so needs to be required by the signup form too * Fix redirect on the signup page - the import was missing, but also the redirect was being ignored all togeher because you can only do a redirect in a route itself, if it's in the constructor you have to explicitly call send. * Change the use of Utils::isAttendize() to Utils::isCloud() during the signup process - this is used to hide the signup form in cloud environments, this way it will show in dev. * Remove dupe translation * Refactor a bit of the captcha logic for the signup page - move services to subdirectory - create recaptcha service - create factory for captcha services - create partial views for each captcha service and include in the main view - standardize config options * Refactor login page to use captcha services * Refactor contact form page to use captcha services * Use promises to initialise camera for check-in (Attendize#712) * Update QRCode Reader to use navigator.mediaDevices Update to use navigator.mediaDevices for Safari and Chrome Desktop to enable using camera * Update public/assets/javascript/check_in.js Co-authored-by: Etienne Marais <etiennemarais@users.noreply.github.com> * Remove old docker config files that got readded during rebase * Bump version number for new release Co-authored-by: Luca <luca@smartdomotik.com> Co-authored-by: Sebastian Schmidt <publicarray@users.noreply.github.com> Co-authored-by: Samy <mail@samynitsche.de> Co-authored-by: Melvin Thoabala <melvin.t@superbalist.com> Co-authored-by: scottyeung <micold@gmail.com> Co-authored-by: Etienne Marais <etiennemarais@users.noreply.github.com>
# Conflicts: # resources/lang/de/Affiliates.php # resources/lang/de/Attendee.php # resources/lang/de/Controllers.php # resources/lang/de/Dashboard.php # resources/lang/de/Design.php # resources/lang/de/Email.php # resources/lang/de/Event.php # resources/lang/de/Fees.php # resources/lang/de/Installer.php # resources/lang/de/Javascript.php # resources/lang/de/ManageAccount.php # resources/lang/de/ManageEvent.php # resources/lang/de/Order.php # resources/lang/de/Organiser.php # resources/lang/de/Public_ViewEvent.php # resources/lang/de/Ticket.php # resources/lang/de/basic.php # resources/lang/de/error.php # resources/views/de/Emails/Auth/Reminder.blade.php # resources/views/de/Emails/ConfirmEmail.blade.php # resources/views/de/Emails/Layouts/Master.blade.php # resources/views/de/Emails/OrderConfirmation.blade.php # resources/views/de/Emails/OrderNotification.blade.php # resources/views/de/Emails/attendeeTicket.blade.php # resources/views/de/Emails/inviteUser.blade.php # resources/views/de/Emails/messageReceived.blade.php # resources/views/de/Emails/notifyCancelledAttendee.blade.php # resources/views/de/Emails/notifyRefundedAttendee.blade.php # resources/views/de/Installer/Partials/Footer.blade.php # resources/views/de/Mailers/TicketMailer/SendAttendeeInvite.blade.php # resources/views/de/Mailers/TicketMailer/SendAttendeeTicket.blade.php # resources/views/de/Mailers/TicketMailer/SendOrderTickets.blade.php
This reverts commit 0fcc205
* Add docker production environment * fix typos * Version bump * Remove old compose file * Add hCaptcha (Attendize#793) * Add hcaptcha * Add hcaptcha to contact form * remove some duplicate code * fix use * add hcaptcha Co-authored-by: Johanna Cherry <johanna@johannacherry.com> * Add reCAPTCHA (Attendize#585) * Add optional google recaptcha on login * use recaptcha domain and added recaptcha to signup * fix recapture on signup * fix Undefined property: stdClass error * fix bool operation * Fix optional captcha * env -> config (recaptcha) fix php artisan config:cache Co-authored-by: Johanna Cherry <johanna@johannacherry.com> * Update Fees.php (Attendize#810) * Allow use of both reCaptcha hCaptcha or no capture based on config (Attendize#808) * WIP: add config for captcha and allow user to choose between them * add captha on sign up * clean up * read captcha switch from env * Add min reqs to the readme file * Add commands to makefile for clearing laravel cache and recompiling autoloaders * Add artisan migrate to the setup scripts in case there's database migrations that need to be run * Last name is required by the database schema so needs to be required by the signup form too * Fix redirect on the signup page - the import was missing, but also the redirect was being ignored all togeher because you can only do a redirect in a route itself, if it's in the constructor you have to explicitly call send. * Change the use of Utils::isAttendize() to Utils::isCloud() during the signup process - this is used to hide the signup form in cloud environments, this way it will show in dev. * Remove dupe translation * Refactor a bit of the captcha logic for the signup page - move services to subdirectory - create recaptcha service - create factory for captcha services - create partial views for each captcha service and include in the main view - standardize config options * Refactor login page to use captcha services * Refactor contact form page to use captcha services * Use promises to initialise camera for check-in (Attendize#712) * Update QRCode Reader to use navigator.mediaDevices Update to use navigator.mediaDevices for Safari and Chrome Desktop to enable using camera * Update public/assets/javascript/check_in.js Co-authored-by: Etienne Marais <etiennemarais@users.noreply.github.com> * Remove old docker config files that got readded during rebase * Bump version number for new release * Fixes Attendize#822 Remove database migration from Dockerfile and move to the Makefile only, in the Dockerfile we only want to build what's needed for the web server image, so actions like database migrations that interact with multiple services should be in a scrip or in the Makefile. Also added wait-for-it to wait for the db container to be fully started before tryin to run migrations. * Add composer update to github build workflow * Pin composer to version 1 in github workflow Co-authored-by: Luca <luca@smartdomotik.com> Co-authored-by: Sebastian Schmidt <publicarray@users.noreply.github.com> Co-authored-by: Samy <mail@samynitsche.de> Co-authored-by: Melvin Thoabala <melvin.t@superbalist.com> Co-authored-by: scottyeung <micold@gmail.com> Co-authored-by: Etienne Marais <etiennemarais@users.noreply.github.com>
…e to the Makefile only, in the Dockerfile we only want to build what's needed for the web server image, so actions like database migrations that interact with multiple services should be in a scrip or in the Makefile. Also added wait-for-it to wait for the db container to be fully started before tryin to run migrations.
Fixed type error in the account controller Turned off tls in the mail server settings to prevent ssl error Updated the mail server image to point at the active repo
* Fixes Attendize#854 Error when creating new user Fixed type error in the account controller Turned off tls in the mail server settings to prevent ssl error Updated the mail server image to point at the active repo
* Add docker production environment * fix typos * Version bump * Remove old compose file * Add hCaptcha (Attendize#793) * Add hcaptcha * Add hcaptcha to contact form * remove some duplicate code * fix use * add hcaptcha Co-authored-by: Johanna Cherry <johanna@johannacherry.com> * Add reCAPTCHA (Attendize#585) * Add optional google recaptcha on login * use recaptcha domain and added recaptcha to signup * fix recapture on signup * fix Undefined property: stdClass error * fix bool operation * Fix optional captcha * env -> config (recaptcha) fix php artisan config:cache Co-authored-by: Johanna Cherry <johanna@johannacherry.com> * Update Fees.php (Attendize#810) * Allow use of both reCaptcha hCaptcha or no capture based on config (Attendize#808) * WIP: add config for captcha and allow user to choose between them * add captha on sign up * clean up * read captcha switch from env * Add min reqs to the readme file * Add commands to makefile for clearing laravel cache and recompiling autoloaders * Add artisan migrate to the setup scripts in case there's database migrations that need to be run * Last name is required by the database schema so needs to be required by the signup form too * Fix redirect on the signup page - the import was missing, but also the redirect was being ignored all togeher because you can only do a redirect in a route itself, if it's in the constructor you have to explicitly call send. * Change the use of Utils::isAttendize() to Utils::isCloud() during the signup process - this is used to hide the signup form in cloud environments, this way it will show in dev. * Remove dupe translation * Refactor a bit of the captcha logic for the signup page - move services to subdirectory - create recaptcha service - create factory for captcha services - create partial views for each captcha service and include in the main view - standardize config options * Refactor login page to use captcha services * Refactor contact form page to use captcha services * Use promises to initialise camera for check-in (Attendize#712) * Update QRCode Reader to use navigator.mediaDevices Update to use navigator.mediaDevices for Safari and Chrome Desktop to enable using camera * Update public/assets/javascript/check_in.js Co-authored-by: Etienne Marais <etiennemarais@users.noreply.github.com> * Remove old docker config files that got readded during rebase * Bump version number for new release * Add missing CAPTCHA_KEY to example Co-authored-by: Luca <luca@smartdomotik.com> Co-authored-by: Johanna Cherry <johanna@johannacherry.com> Co-authored-by: Samy <mail@samynitsche.de> Co-authored-by: Melvin Thoabala <melvin.t@superbalist.com> Co-authored-by: scottyeung <micold@gmail.com> Co-authored-by: Etienne Marais <etiennemarais@users.noreply.github.com>
…endize#882) * Fix XSS reported by @jrckmcsb * fix 'The maximum number of tickets you can register' validation message Thanks @jrckmcsb for the report It was displaying the total remaining tickets rather than the max per booking It could still be used to leak ticket availability information if tickets are close to selling out when quantity_remaining is less than max_per_person. I did not fix this because the error message would be confusing to end users and it looks like this was intended as a feature. * Fix XSS followup thanks @jrckmcsb Made organiser description markdown * More consistent XSS protection Remove the strip_tags() function > The PHP function striptags() is the classic solution for attempting to > clean up HTML. It is also the worst solution, and should be avoided > like the plague. The fact that it doesn't validate attributes at all > means that anyone can insert an onmouseover='xss();' and exploit your > application. While this can be bandaided with a series of regular > expressions that strip out on[event] (you're still vulnerable to XSS > and at the mercy of quirky browser behavior), striptags() is > fundamentally flawed and should not be used. source http://htmlpurifier.org/comparison#striptags * Fix "must be of the type string, null given" for Markdown::convertToHtml Fix "must be of the type string, null given" for Markdown::convertToHtml
… for queuing the mail to make things simpler, moved all the translations into the lang files and made one standard blade template, pass the locale to the mail while sending it so the message will be translated.
…inheritance across all the job classes, remove the order completed listener to simplify/standardize processing across different components
…instead of calling the mail manually
…erface, standardized, etc.
…ermissions-deleting-users
|
I did spend some time trying to build js myself and I know that it is not that easy I figured I push prebuild js to make your life easier. |
@quentincaffeino Perfect! Huge thanks on this. I have been able to test and it works very well. My only issue, and it was there before your work, is concerning the Super Admin user in a multi organization setup. For example: Organisation 1 has Super User 1 and Organisation 2 has Super User 2. If I login as Super User 2, I get to see the users for Organization 1 as well as being able to switch to the Organization 1 events & profile. Naturally the same is possible if I login as Super User 1, I get to see the users for Organization 2, as well as being able to switch to the Organization 2 events & profile. A work around is to manually only setup one Super Admin, who then sets up a user to manage events for each organisation. The limitation of this is that each organisation isn't able setup and manage their own users. A few options:
Next to your new buttons a 'Resend Invite' button would be amazing for those who delete the invite! |
|
I get your concerns but I don't consider them an issue and here is why:
But I also see how what you are talking about would be useful for many users in the future. I agree with the third option you've brought, where there need to be a global level admin and an organization admin. If @johannac or @etiennemarais do not disagree with those changes I can try make them. I think I can add |
|
Thanks for the helpful feedback. It is definitely a challenging finding something that can work for a number of different use cases. Option 3 was definitely my preferred choice! I hope @johannac and @etiennemarais are happy for these developments and for it to be finally merged in. If you are able to do the Resend Invite, I think it would complete the general functions that a normal setup would require. Should the resend only be visible until the user has logged in for the first time? Don't want to over complicate, but also good to simplify the number of buttons on view... |
quentincaffeino
changed the title
|
@justynpride added Ready for review. @johannac what do you think, can we merge this into |
|
@quentincaffeino That's great. I think that invite resend it very helpful. As you note it is a shame the buttons where taking up too mach space. A lot of space is taken by the Can Manage Events checkbox column. Could that be reduced to be Manage Events with each word on a separate line, thereby giving more space for your original buttons? I really liked how those delete buttons where displayed.
|
|
@justynpride Although I also don't like how dropdown looks this solution is better because of these two things:
But I'm all for more discussion if there are some reasonable arguments for this matter. |
|
@quentincaffeino That all makes sense, thanks for taking the time to explain. It is much appreciated. |
|
@quentincaffeino Just to say that I am finding the additions to this feature so helpful. Thank you! @etiennemarais thanks for your original work on this. I really hope it can be merged in to the main branch soon. @johannac can I ask what the latest thinking is? |
|
Hi all - I'm going to be reviewing and testing this branch over the coming weeks. My current plan is to have it fully released by the end of October as our first of the every-two-months feature releases. |
Remove googleplus
…they were duplicates of validation.php and aren't strictly necessary for the language translations to work
… variable names when sending a message to an attendee
|
Ok, I'm starting the process now to work on this and get it merged and released over the next few weeks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I called Deactivate as Delete cause I use soft delete functionality. So essentially by deleting user you only mark him as deleted and this makes him unable to use the system. To completely delete user there is a Force Delete button which appears after deleting user.
For user it might be more understandable if Delete will be called Deactivate but I worry that that would cause misunderstanding in code (Deactivate would call delete function). So I'd like to hear some opinions on that matter.
Also I wasn't sure If I had to push built js to repo.Addresses issues mentioned by @justynpride in #803