14 Commits

Author	SHA1	Message	Date
Aina Sitraka	b6a5f90fd3	PHRAS-3857 Check CSRF token on Prod and Admin forms (#4361) ... * csrf token form * add csrf token * add csrf * add csrf * add csrf * test * test * test * add form token in report * csrf token upload * lazaret csrf form * upload test * lazaret test * add csrf token * fix test * fix set cover publication --------- Co-authored-by: jygaulier <gaulier@alchemy.fr>	2023-10-03 16:28:33 +02:00
jygaulier	e7027c7220	PHRAS-3800_xss (#4219) ... * add encode option to record::get_title ; render preview.record_title in twig * html-escape facet values	2023-03-15 11:05:34 +01:00
jygaulier	fbccec009e	PHRAS-3602_shared-baskets-step1 WIP DO NOT MERGE (#3929) ... * PHRAS-3602 : migrate validations to baskets WIP [skip ci] * PHRAS-3602 : migrate validations code to baskets code (wip) WIP [skip ci] * PHRAS-3602 : migrate validations to baskets WIP [skip ci] * PHRAS-3602 : migrate validations to baskets WIP [skip ci] * PHRAS-3602 : fake commit to run tests * PHRAS-3602 : migrate validations to baskets fix typo * PHRAS-3602 : migrate validations to baskets fixed (some) tests * PHRAS-3602 : migrate validations to baskets fixed (some) tests * PHRAS-3602 : migrate validations to baskets fixed (some) tests. need to remove method():return_type signature because of old phpunit which does not mock it * PHRAS-3602 : migrate validations to baskets fix * PHRAS-3602 : migrate validations to baskets fix err 500 when a "vote" (feedback) is deployed in wz * PHRAS-3602 : migrate validations to baskets fix missing votes for element+participant fix update vote dates on basket * PHRAS-3602 : ux bump production-client to 34 WIP [skip ci] * PHRAS-3602 : rebase (bump production-client to 37) WIP [skip ci] * PHRAS-3602 : refacto css/twig/templates/... ; replace many png's by fonts WIP [skip ci] * PHRAS-3602 : fix icon / css WIP * PHRAS-3602 : better icon align ; back button color fix : save button after adding a user WIP [skip ci] * PHRAS-3602 : restore sharebasket controller todo : implement modification right ; owner is participant ? WIP [skip ci] * PHRAS-3602 : set "canModifiy" ; cleanup WIP [skip ci] * PHRAS-3602 : respect "can_modify" on shared basket WIP [skip ci] * PHRAS-3602 : fix badge icon bg ; fix button css WIP [skip ci] * PHRAS-3602 : fix css & cleanup WIP [skip ci] * PHRAS-3602 : fix 500 on preview/feedback tab WIP [skip ci] * PHRAS-3602 : fix allow to display dlg without selection * PHRAS-3602 : bump version to 4.1.6-rc1 ; prodclient=38 WIP [skip ci] * PHRAS-3602 : factorize baskets menu (wip) WIP [skip ci] * PHRAS-3602 : modify already shared or feedback basket (general menu) 4th icon on badges (vote != modify) quitshare option (todo back) allow fa-icons in toolbar WIP [skip ci] * PHRAS-3602 : add share end-date (todo:db write) add 4th general toggle button fix badge selection bug fix css badges zone (form position) WIP [skip ci] * PHRAS-3602 : big refacto to use "sharebasket" vocab. fusion "feedback/sharebasket" removed "feedback" adaptative ux: 1 "can_agree" ==> feedback display bump production-client to v50 todo: save shr/fbk end-dates todo: rename "pushXXX" to pushAndShare ? WIP [skip ci] * PHRAS-3602 : share / feedback expiration dates are saved in db date pickers with delta menu better adaptive ux todo: move select general togglers WIP [skip ci] * PHRAS-3602 : revert validation* tables (remove "dead" rename) drop all foreign keys from validation* WIP [skip ci] * PHRAS-3602 : restore deleted fields in validation, regenerate proxies WIP [skip ci] * PHRAS-3602 : fix initiator_id WIP [skip ci] * fix initiator_id-bis * PHRAS-3602 : css for input-text with glued button dynamic load of users-lists (left zone) = less duplicated code fix : users-lists works after refresh WIP [skip ci] * PHRAS-3602 : fix users-lists manager (orange) : go flex ! * PHRAS-3602 : empty dist to ease rebase WIP [skip ci] * PHRAS-3602 : rebase WIP [skip ci] * PHRAS-3602 : new ux for "owner" feedback mode is an independent toggle fix "missing mandatory parameter" WIP [skip ci] * PHRAS-3602 : fix css of owner badge WIP [skip ci] * PHRAS-3602 : fix handling of feedback initiator WIP [skip ci] * PHRAS-3602 : better wss to follow "skins" full roboto removed useless class "with-button" WIP [skip ci] * PHRAS-3602 : fix "a token require a validation" temporary fix 500 due to send email to (null) vote-initiator for simple share todo: send a specific email for simple share WIP [skip ci] * PHRAS-3602 : different emails depending if user can vote or not WIP [skip ci] * PHRAS-3602 : expired shared baskets removed from wz WIP [skip ci] * PHRAS-3602 : fix logic error on last sql WIP [skip ci] * PHRAS-3602 : fix missing shared baskets on wz WIP [skip ci] * PHRAS-3602 : fix blinking of wz/basket detail now only the title:hover displays detail WIP [skip ci] * PHRAS-3602 : rebase WIP [skip ci] * PHRAS-3602 : update basket proxy WIP [skip ci] * PHRAS-3602 : fix forever "unread" basket WIP [skip ci] * PHRAS-3602 : fix display of unread basket ; sync "eye" icon with css change WIP [skip ci] * PHRAS-3602 : "quitshare" action works WIP [skip ci] * PHRAS-3602 : missing dist files WIP [skip ci] * PHRAS-3602 : cleanup & run ci * PHRAS-3602 : disable failing unit test ; remove blue on onread basket * PHRAS-3602 : separate "vote" & "share" emails templates & u-tests * PHRAS-3602 : add 2 icons "stack" to icomoon set WIP [skip ci] * PHRAS-3602 : fix test * PHRAS-3602 : fix test ; add test for simple share email notification * PHRAS-3602 : changed proxy * PHRAS-3602 : colored basket icons WIP [skip ci] * PHRAS-3602 : circle basket icons WIP [skip ci] * PHRAS-3602 : fix wz filters, add "share" filter. todo: fix fr writing (new string) WIP [skip ci] * PHRAS-3602 : fix "share" dichotomy : use "shared" for wz filter WIP [skip ci] * PHRAS-3602 : fix PHRAS-3624 ; PHRAS-3623 ; now adding/removing a user from user list is immediate (no more save button) WIP [skip ci] * PHRAS-3602 : fix PHRAS-3647 ; shared basket are listed in api (for list and related record) * PHRAS-3602 : fix due to failing test * PHRAS-3602 : fix: can load a 1000 users list todo : move slow code to worker * PHRAS-3602 : fix due to failing test * PHRAS-3468 : (fixed in 3602) fix basket content still visible when baskets are hidden (wz-filter) * PHRAS-3602 : add "wip" baskets with notification & lock todo : move slow code from message to worker * PHRAS-3602 : fix tests due to accidental rename * PHRAS-3602 : fix : menu closes when mouse out : bump to 4.1.6-rc3 todo : fast move to another basket makes the menu appear on top ? * add shareBasket worker * fix test * PHRAS-3602 : fix : rights buttons on badges now works for users added from search (did work only from loading list) * PHRAS-3590 Co-authored-by: aynsix <asr@esokia-webagency.com> Co-authored-by: Nicolas Maillat <maillat@alchemy.fr>	2022-04-07 17:07:43 +02:00
jygaulier	7205df082d	- fix : the "validate" token of the initiator should always have be non-expiring (so the initiator can see results after expiration)	2020-09-14 19:39:51 +02:00
Jean-Yves Gaulier	a8c19de4d3	PHRAS-2927_optimize-feedback-process_4.1 ... add route "lightbox/ajax/GET_ELEMENTS/{{basket_id}}/" to get counts of elements validated as "yes", "no" or "nul". Will allow front to display alert before submitting	2020-02-13 18:22:54 +01:00
mike-esokia	b07f5aa07f	add functionality to navigate between records in mobile version of lightbox	2018-05-10 11:57:08 +04:00
Florian BLOUET	203521d991	remove lightbox IE6 version	2016-03-18 10:08:07 +01:00
Benoît Burnichon	51023c5533	bump copyright year	2016-01-05 13:38:14 +01:00
Benoît Burnichon	00d0ea66bb	Change getIsRead to isRead	2015-12-22 14:25:13 +01:00
Benoît Burnichon	38ae7bc2ac	Rename get_number/set_number to getNumber/setNumber	2015-07-13 17:50:20 +02:00
Benoît Burnichon	634f5366ae	use DispatcherAware wherever possible	2015-05-12 17:15:11 +02:00
Benoît Burnichon	5f8dab86fd	Use BaseController	2015-04-02 13:35:44 +02:00
Benoît Burnichon	054195d3c0	Finish Lightbox Controller	2015-03-30 14:41:15 +02:00
Benoît Burnichon	bcf59c560d	Partial LightboxController refactor	2015-03-27 19:13:07 +01:00