diff --git a/Dockerfile b/Dockerfile index 516a77540..315e894ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM ubuntu:14.04 MAINTAINER arthur@caranta.com -RUN apt-get update && apt-get install -y git apache2 php5 libapache2-mod-php5 php5-mcrypt php5-mysqlnd php5-ldap +RUN apt-get update && apt-get install -y git apache2 php5 libapache2-mod-php5 php5-mcrypt php5-mysqlnd php5-ldap php5-gd ENV APACHE_RUN_USER www-data ENV APACHE_RUN_GROUP www-data ENV APACHE_LOG_DIR /var/log/apache2 diff --git a/api/functions.php b/api/functions.php index ed3c39d25..c531e640b 100644 --- a/api/functions.php +++ b/api/functions.php @@ -515,12 +515,12 @@ function rest_get () { /* * Case where a new user has to be added * - * Expected call format: .../api/index.php/add/user/;;;;;;;;;;?apikey= + * Expected call format: .../api/index.php/add/user/;;;;;;;;;;?apikey= * with: * for READ_ONLY, IS_ADMIN, IS_MANAGER, PERSONAL_FOLDER, accepted value is 1 for TRUE and 0 for FALSE * for ADMINISTRATEDBY and ROLE1, accepted value is the real label (not the IDs) * - * Example: /api/index.php/add/user/U4;Nils;Laumaille;test;nils@laumaille.fr;Users;0;Managers|Users;0;1;1?apikey=sae6iekahxiseL3viShoo0chahc1ievei8aequi + * Example: /api/index.php/add/user/U4;Nils;Laumaille;test;nils@laumaille.fr;Users;0;Managers,Users;0;1;1?apikey=sae6iekahxiseL3viShoo0chahc1ievei8aequi * */ elseif($GLOBALS['request'][1] == "user") { @@ -573,7 +573,7 @@ function rest_get () { // prepare roles list $rolesList = ""; - foreach (explode('|', $roles) as $role) {//echo $role."-"; + foreach (explode(',', $roles) as $role) {//echo $role."-"; $tmp = DB::queryFirstRow( "SELECT `id` FROM ".prefix_table("roles_title")." WHERE title = %s", $role diff --git a/changelog.md b/changelog.md index 89dfdaae5..2a5cea5bd 100644 --- a/changelog.md +++ b/changelog.md @@ -1,13 +1,17 @@ Last changes 2.1.26 + #1332 API not allowing roles separation of pipe '|' + #1325 updated Dockerfile #1310 Addes Estonian language #1308 Teampass hangs when a folder is create with option "New sub-folder inherits rights from parent folder" enabled + #1301 add ldap_search_base record for db init #1300 After 3 bad login attempts, user needs to wait 10s before new try #1299 Export to pdf or csv shows htmlencoded #1298 Backup-filename on 2.1.26 contains / #1284 fix for can_manage_all_users update during upgrade #1279 SyntaxError: Unexpected token î in JSON at position 0 #1276 MySQL 5.7 query error + #1269 Typo error #1263 Error at line 75 in suggestion page #1251 Improving CSRFP configuration #1240 Security fixes on some missed queries and on non-protected text fields @@ -43,6 +47,8 @@ Last changes FIX: Display inconsistancies in User log results Fix: Inconsistency in Delete & Restore process Fix: Errors in CSV import process + Fix: Impossible to proceed with 'password lost' process + Fix: OTV item not reachable 2.1.25 #1169 sending Google Authenticator code through index page diff --git a/includes/language/datatables.estonian.txt b/includes/language/datatables.estonian.txt new file mode 100644 index 000000000..cf3a1b5d5 --- /dev/null +++ b/includes/language/datatables.estonian.txt @@ -0,0 +1,17 @@ +{ + "sProcessing": "Processing...", + "sLengthMenu": "Show _MENU_ entries", + "sZeroRecords": "No matching records found", + "sInfo": "Showing _START_ to _END_ of _TOTAL_ entries", + "sInfoEmpty": "Showing 0 to 0 of 0 entries", + "sInfoFiltered": "(filtered from _MAX_ total entries)", + "sInfoPostFix": "", + "sSearch": "Search:", + "sUrl": "", + "oPaginate": { + "sFirst": "First", + "sPrevious": "Previous", + "sNext": "Next", + "sLast": "Last" + } +} \ No newline at end of file diff --git a/includes/language/estonian_admin_help.php b/includes/language/estonian_admin_help.php new file mode 100644 index 000000000..3f025eb99 --- /dev/null +++ b/includes/language/estonian_admin_help.php @@ -0,0 +1,162 @@ + +This page is used in order to create and manage FOLDERS.
+A folder is needed to organize your items. It is similare to windows file directories.
+ Lowest level of folder is called ROOT.
+ All folders and subfolders create the tree structure.
+ Each folder is associated to a depth level in the tree structure. + +
+

Add a new FOLDER

+
+ Just click on icon . A dedicated dialogbox will appear in which you will have to enter:
+ - the folder's label or title
+ - its parent's folder (each folder is the subfolder of an other one)
+ - a complexity level (complexity level is used for password complexity. When creating a new item, associated password cannot be less complexe than the level required)
+ - a renewal period expressed in months (is needed in order to force password renewal after a specific period). +
+

Edit an existing folder

+
+ In order to change the label, the complexity, the parent folder or the renewal period, you just have to click in the cell.
+ This will make the cell editable. Change the value and click on icon to save, or on icon to cancel.
+

+ +

+
+ Notice that if you change the parent folder, then all subfolders of the changed folder will be moved. +
+
+

Delete a Folder

+
+ You can decide to give to delete a folder. To do so, just click on icon .
+ This will delete all items inside the folder as all subfolders ... be carefull!!!! +

+ +

+
+

Special tweaks

+
+ Two tweaks exist on folder.
+ The 1st allows item creation without respecting the required complexity level for the password.
+ The 2d allows item modification without respecting the required complexity level for the password.
+ You can also combine both of them.
+ You can also use them temporarly. +

+ +

+
+
"; +$LANG['help_on_roles'] = "
+This page is used in order to create and manage ROLES.
+A role is associated to a set of allowed and forbidden folders.
+Once several roles are defined, you can associate USERS to them. +
+
+

Add a new ROLE

+
+ Just click on icon . A dedicated dialogbox will appear in which you will have to enter a title for this new ROLE. +
+ +

Allow or Forbid a folder

+
+ You can use the matrix 'Roles vs Folders' to define the access rights. If a cell is red, then the role can't access to the folder, and if the cell is gree, then the role can access to the folder.
+ In order to change the access, just click on the cell you want.
+

+ +

+ In previous screen capture, you can see that folder 'Cleaner' is allowed to role 'Dev' but not for role 'Commercial'. +
+ +

Refresh manually the matrix

+
+ Just click on icon . +
+ +

Edit a role

+
+ You can change the title of a role with no impact on the parameters already done.
+ Select the role you want to change, and click on icon .
+ This will popup a dialogbox in which you will be asked to enter a new title. +
+ +

Delete a role

+
+ You can decide to delete an existing role.
+ Select the role you want to delete, and click on icon .
+ This will popup a dialogbox in which you will be asked to confirm the deletion. +
+
"; +$LANG['help_on_users'] = "
+This page is used in order to create and manage USERS.
+A user account is needed for each physical person that will have to use TeamPass.
+ 1st step is to set what ROLES the user has.
+ 2d step is to customize specific folders access or not. +
+
+

Add a new USER

+
+ Just click on icon . A dedicated dialogbox will appear in which you will have to enter:
+ - the user's login
+ - a password (can be generated and will be changed by user at 1st connection)
+ - a valid email
+ - if the user will be an Admin (full access to all functionnalities)
+ - if the user will be a Manager (full rights on Items)
+ - if the user could have Personal Folders +
+

Add a ROLE to a USER

+
+ You can associate a USER to as many ROLES you want. For that, just click on icon .
+ A specific dialogbox will appear in which you will have to tick or not the wanted roles.

+ When a ROLE is added to a USER, then the USER will access to the allowed folders of that ROLE and will have no access to the forbidden ones.

+ Now you can be more precise in the rights given to a USER by using the fields 'Allowed folders' and 'Forbidden folders'. Indeed, you can allowed or not some others folders even them specified in the ROLE. +
+ For example: +

+ - USER1 is associated to ROLE1 and ROLE2.
+ - ROLE1 is set to allow access to folder F1 and F2.
+ - F1 has 4 subfolders S1, S2, S3 and S4.
+ - This means that USER1 has access to F1, F2, S1, S2, S3 and S4.
+ - Now you can customize USER1 by forbidding the access to S4 using this page. +

+
+
+

Is Administrator (GOD)

+
+ You can decide to give the GOD right to a user. To do so, just tick the box.
+ GOD is allowed to anything in TeamPass with absolutely no restriction ... so be carefull!!!! +

+ +

+
+

Is Manager

+
+ You can decide to give the MANAGER right to a user. To do so, just tick the box.
+ A Manager can modify and delete items and folders, even them that he has not created.
+ A manager has only access to the folders he/she is allowed to. So you can create several managers for dedicated departements. +

+ +

+
+

Delete a USER

+
+ You can decide to give to delete a user. To do so, just click on icon . +

+ +

+
+

Change the User's password

+
+ You can decide to give to change the password of a user. To do so, just click on icon .
+ At 1st connection, the user will have to change it. +

+ +

+
+

Change the User's email

+
+ You can decide to give to change the password of a user. To do so, just click on icon .
+

+ +

+
+
"; diff --git a/includes/language/estonian_kb.php b/includes/language/estonian_kb.php new file mode 100644 index 000000000..2f809cc65 --- /dev/null +++ b/includes/language/estonian_kb.php @@ -0,0 +1,6 @@ + Teampass