5 Commits

Author	SHA1	Message	Date
Jellyfrog	b361710148	Device group based access (#10568) ... * Device group based access * Use Permissions class to resolve permissions Also give port access based on device access * Convert more pages to use Permissions class * shorten config setting name use Eloquent relationships in several places alphabetize config_definitions.json * Change Models and Permissions * Clean up ajax_search LIMIT sql * Convert more pages to use Permissions class Co-authored-by: Tony Murray <murraytony@gmail.com>	2019-12-30 12:11:26 +01:00
Tony Murray	e99f421511	Remove legacy auth usage of $_SESSION (#10491) ... * Remove auth use of $_SESSION Will break plugins that depend on $_SESSION, Weathermap was already fixed. Port them to use Auth::check()/Auth::user()/Auth:id() * revert accidental replacement	2019-08-05 14:16:05 -05:00
Tony Murray	3ead462549	Enable CSRF protection (#10447) ... * Enable CSRF protection * fix style issues	2019-07-17 07:20:26 -05:00
Tony Murray	e9ae08d5db	Use Laravel url helpers to improve functionality without dns name (#10227) ... * Use Laravel url helpers to improve functionality without dns name Not exhaustive... * Fix Url generated urls * Bump js version	2019-05-20 11:47:34 -05:00
Tony Murray	36431dd296	Security fix: unauthorized access (#10091) ... * Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/	2019-04-11 23:26:42 -05:00