181e2ef05c
Swag: Fix swag (aka a whole bunch of code style issues..)
2017-01-27 14:48:59 +01:00
2b060d9bd4
Challenge API requests only if the controller requires auth
...
fixes #12580
2016-11-07 10:40:38 +01:00
c8b1693fdc
Fix Controller::assertPermission() allowing everything for unauthenticated requests
...
fixes #12108
2016-09-12 08:18:36 +02:00
7cef06f981
Disable benchmark only if the layout is disabled
...
Benchmark should be disabled if the response is not HTML. This is most likely the case when the layout is disabled.
If Web 2 or Zend sends JSON for example, the layout is disabled.
The follwing code inside an action disables the layout (and view):
$this->_helper->layout()->disableLayout();
The following code inside an action disables the action's view script:
$this->_helper->viewRenderer->setNoRender(true);
Note that an action's view script is also disabled via setNoRender() when rendering another view script via
render() or renderScript().
Another appraoch is to check the content-type. If explicitly set to not HTML, disable benchmark:
$renderBenchmark = true;
$response = $this->getResponse();
$headers = $response->getHeaders();
foreach ($headers as $header) {
if (strtolower($header['name']) === 'content-type'
&& stristr($header['value'], 'text/html') === false
) {
$renderBenchmark = false;
break;
}
}
if ($renderBenchmark) {
$layout->benchmark = $this->renderBenchmark();
}
Maybe we should also provide a action method for disabling benchmark, regardless of the user's setting.
refs #10856
2016-02-27 20:14:02 +01:00
474803fee4
Change all license headers to only reflect a file's year of creation
...
refs #11000
2016-02-08 15:41:00 +01:00
53f29131af
ActionController: Use a controller's inner layout script instead of "body"
...
"body" is still the default inner layout script.
2015-10-02 10:18:37 +02:00
c5f444efe8
lib: Don't alias Zend classes in the ActionController
2015-08-20 16:10:39 +02:00
6ca02a519b
lib: Fix type hint of Controller::getResponse()
2015-08-20 16:07:24 +02:00
62f0281a62
lib: Fix type hint of Controller::getRequest()
2015-08-20 16:00:24 +02:00
63e639caf0
Handle module identification directly in the ActionController
...
Fixes some issues with more complex customisations in a
module's controller.
Obsoletes: 93f8297344
2015-08-19 13:39:46 +02:00
036da072c5
Revert "ActionController: Give modules a chance to dynamically require auth"
...
This reverts commit 93f8297344
2015-08-19 13:39:46 +02:00
93f8297344
ActionController: Give modules a chance to dynamically require auth
2015-08-18 11:28:02 +02:00
fa1e3a763d
Do not show the full layout on the login page
...
...
refs #9892
2015-08-13 08:12:30 +02:00
81aad9d6a6
Rename Notifiation::getMessages() to popMessages()
...
Because the call to popMessages()--before getMessages()--automatically resets the notification messages on the instance, popMessages() is a much better name for the method.
refs #9660
2015-07-30 13:45:39 +02:00
07849e0fea
lib: Rename Authentication/Manager to Authentication/Auth
...
refs #9660
2015-07-28 17:08:55 +02:00
7cfc78558d
Merge branch 'master' into feature/secure-modules-9644
...
Conflicts:
library/Icinga/Exception/IcingaException.php
2015-07-28 13:42:02 +02:00
b000ae3a37
Do not require permissions if authentication is not required
...
refs #9644
2015-07-23 12:50:02 +02:00
13d954a956
Fix rawurlencode call
2015-07-22 13:36:25 +02:00
ab8e775188
Fix duplicate headers on forward() inside a controller
...
This avoids that the JS loader flattening arrays.
refs #9349
2015-07-22 13:34:44 +02:00
d192410435
Introduce GET parameter _disableLayout to ... disable the entire layout
...
refs #8758
2015-07-16 11:23:48 +02:00
2e375dd57c
Do not bypass the view renderer when rendering benchmarks
...
fixes #9402
2015-06-22 13:56:41 +02:00
1f5db2f8c1
ActionController: introduce showCompact
...
Works like view=compact, it will allow us to "free" the "view" parameter
2015-06-18 13:41:12 +02:00
2f62a4383a
Layout: add showFullscreen parameter
...
refs #6729
2015-06-18 13:41:12 +02:00
71a2324cb9
lib: Let Controller::assertHttpMethod() throw a HttpMethodNotAllowedException
...
refs #6281
2015-05-22 09:12:42 +02:00
675d070b86
Set the view property `compact' exactly once
...
refs #7876
2015-04-15 15:33:00 +02:00
d882ea11b4
Avoid to set an empty redirect url parameter when accessing icinga web 2
2015-04-15 11:00:47 +02:00
dfd8c91827
Add PHPDoc to ActionController::$params
2015-04-07 12:25:46 +02:00
29d5fd351b
Merge branch 'bugfix/logout-external-8626'
...
fixes #8626
2015-03-12 16:47:49 +01:00
8563d5ed3f
PHPDoc: Use @var instead of @type
...
Becasue of too many kittens PSR-5 backed off of deprecating @var.
So that's the way we go too.
2015-03-12 16:08:47 +01:00
749957c3b4
Fix too greedy __SELF__ login redirect on XHR
...
I introduced this bug some commits earlier. We only must redirect to __SELF__ on XHR
if a redirect URL was set.
refs #8626
2015-03-12 00:57:03 +01:00
2f752ed1ac
Respond with HTTP status code 403 when an XHR requires authentication
...
refs #8626
2015-03-11 22:32:04 +01:00
bc1336b6f9
Fix stupid code in ActionController::redirectToLogin()
...
refs #8626
2015-03-11 21:49:20 +01:00
4ebfbf83ab
Leave note about __SELF__ in our action controller
...
refs #8626
2015-03-11 21:40:14 +01:00
2112676594
Implement hidden accessible control for auto refresh on the page
...
refs #7945
2015-02-13 14:34:29 +01:00
b9c9f564ec
Add editable auto_refresh parameter to the user preferences
...
refs #7945
2015-02-12 15:12:10 +01:00
97261cd8bd
lib: Do not setLayout('pdf') twice
2015-02-11 15:15:18 +01:00
6bae2e0a53
Note that our license is GPL v2 or any later version in our license header instead of pointing to the license's URL
2015-02-04 10:52:27 +01:00
5b4fab0750
Add license header
...
This time without syntax errors hopefully :)
2015-02-03 16:27:59 +01:00
5fa2e3cfdc
Revert "Add license header"
...
This reverts commit 338d067aba
2015-02-03 16:16:26 +01:00
338d067aba
Add license header
...
fixes #7788
2015-02-03 15:51:04 +01:00
2faf5f0ca1
Throw SecurityException in ActionController::assertPermission()
2015-01-30 09:34:19 +01:00
6da3cb8403
lib: Reorder auth related functions in the ActionController
2015-01-23 09:36:05 +01:00
ef0a7c0e77
Revert "Security: Temporary grant all permissions"
...
This reverts commit 9b7e75a616
2015-01-22 17:11:53 +01:00
0f13c0428c
Controller: Introduce method assertHttpMethod()
...
We have actions where only certain HTTP methods, e.g. POST are allowed but they are not restricted yet.
Controller::assertHttpMethod() takes a number of allowed HTTP methods and responds with HTTP 405 in case
the current request's method is not one of the given methods.
2015-01-22 15:47:16 +01:00
9b7e75a616
Security: Temporary grant all permissions
...
We'll introduce permissions and restrictions in the next hours. Because our web setup
does not configure permissions yet, all permissions are granted for all users from now on.
2015-01-22 15:20:38 +01:00
a1950aabba
Fix some obsolete or wrong docstrings
2014-12-29 16:27:28 +01:00
cddb68bffb
ActionController: shift global parameters globally
2014-12-03 10:40:48 +01:00
9a79cd58e9
Re-enable auto-refresh
2014-11-18 10:48:33 +01:00
ac8cc0613c
Merge branch 'master' into feature/redesign-7144
...
Conflicts:
application/views/scripts/authentication/login.phtml
public/css/icinga/login.less
2014-11-12 17:21:54 +01:00
f9e8cc84b9
Design: headline and main menu
2014-11-06 00:09:14 +01:00
Johannes Meyer
Eric Lippmann
Alexander A. Klimov
Eric Lippmann
Johannes Meyer
Markus Frosch
Thomas Gelf
Alexander Fuhr
Matthias Jentsch
Gunnar Beutner
Bernd Erk