19.6.0 released on 2019-09-23
Posted: 23 Sep 2019, 16:01
19.6.0 released on 2019-09-23
* Updated translations
* Handling case when there is no default SSH settings and device has no own config also
* Fixed trimming OS version for OPNsense.
* Added connectionAddress to DEVICE_MOVED_TO_DEVICE_GROUP log entry - also for bulk group update
* Logs table added to device group details page
* Revert ""Quick actions" dropdown added to devices list"
* Revert ""Quick actions" dropdown added to devices list - permissions"
* Enabled zipping logs after rotation.
* Added connectionAddress DEVICE_MOVED_TO_DEVICE_GROUP internal log event.
* Handling device group related log entries in UI
* Added internal log events related to Device Groups.
* "Quick actions" dropdown added to devices list - permissions
* "Quick actions" dropdown added to devices list
* Changed command to detect updates in OPNsense®.
* Added scheduling version check after detecting a difference in status in boottime.
* Updated access control on user editing pages
* Removed unused code
* Handling case when user has "devices:create" but no "device_groups:read" privileges
* Small UI updates for users with no device group
* Fixed bug with not saved user device groups limitation
* Handling UI for user that has no privileges besides login
* Handling case when user has no "get own information" privilege
* Handling JSON errors in aliases collection import
* Superuser setup form submits on "enter" key
* Saving state of "Display by group" switch - also for scheduled actions table
* Handling device groups assignments in welcome box
* Added tooltip infos to some blocked buttons
* Handling user with no groups assigned
* Separate page for scheduled action details - in other tables
* Separate page for scheduled action details
* Device group details: rename form included directly in the page
* Added removing deleted group from all users who had this group assigned.
* Removed not needed method in DeviceGroups REST API.
* When non-empty device group is deleted - devices can be moved to another group instantly
* Device group details: blocking "move device" button if there is no other groups to move to
* Device group details: added device group info to "add devices" box
* Device group details: added button for moving device to another group
* Device group details: updated management of users
* Added columns manager to scheduled actions list
* Made updating assigning users and devices in device groups more restrictive.
* Tuned endpoints for assigning and removing users to Device Groups, and moving devices between Device Groups.
* Fixed creating super user with device groups.
* Fixed RestTestUtils causing NPE for an empty database.
* Fixed migration to handle missing scheduled actions collection.
* Better scheduled actions table views
* Fixed definition of scheduled_action_request view.
* UI for scheduled action requests
* UI made working with refactored scheduled actions
* Changed removing entities having reference to a Device.
* Added migration to clean orphaned ProxyCredentials.
* Refactored ScheduledActions so now they are properly normalised.
* Moved addSuperUserToDb() in RestTestUtils.initRestAssuredBase() due to java.lang.IllegalStateException
* Implemented resetting privileges and device groups.
* Some Java code improvements
* Added missing files
* User can remove himself from a device group
* Allowed users having role with all ("*") permissions AND access to ALL device group to all alias collections.
* Added blocking unassigned (via Device Groups) devices in Direct View.
* Fixed blocking fetching device-related entities by not allowed used in JSON API.
* Made integrationTest pass - but requires some insight
* Fixed a bug with blindly adding limitation to all allowed devices for entities referencing Device in JSON API.
* User forms: Added radio selectors for device group limitation
* Widgets automatically removed from dashboard when user loses access to them
* Removed not needed debug messages
* Updated integrationTests
* Fixed handling device group details in UI when user has no "users:read" permission
* Fixed filtering entities by device in JSON API
* Updated integrationTests
* Fixed bug with filtering device in DG details view
* Fixed exception: class java.lang.String cannot be cast to class java.util.UUID
* Updated integrationTests
* Added possibility to create/update users with no group in UI
* Fixed handling of renaming and deleting default ALL group, added integrationTests
* Fixed creating and renaming device groups with empty and existing names, added few integrationTests
* UI uses "device_updates" permission instead of "updates"
* System and alias update requests hidden from user if not in "ALL" group
* Implemented returning 403/Forbidded for Device Update Requests and Alias Update Request if the user can't manage ALL devices in the system.
* Fixed filtering by ID in JSONAPI.
* Fixed NEQ operator for IDs in JSON API.
* Fixed accessing forbidden devices using JSON API by providing direct ID.
* Fixed leaking SSH details in JSONAPI's flatDevices if the user wasn't privileged with "device:update".
* UI updated to work with new device groups backend
* Made filtering (also negative) work for relationship filtering in JSONAPI.
* Fixed data leak allowing getting devices in JSONAPI by using devices's direct ID.
* Fixed data leak allowing getting entities referencing devices by using entity's direct ID.
* Fixed the meaning of not specified device groups in JSON API requests.
* Fixed bug resulting in configs leak in searching.
* Updated French translations
* Removed the requirement from users to have at least one device group assigned.
* Added Javadoc to DeviceGroupRestTest.
* Added form for editing device groups
* Fixed displaying and editing users when user has no "device_groups:read" or no "roles:read" privilege
* Fixed displaying and editing devices when user has no "device_groups:read" privilege
* Fixed displaying maps when user has no "system_settings:read" privilege
* Added French translations for device groups
* Handling case when logged in user belongs to a group with no devices
* Fixed Java exception in FlatDevicesRep
* Added com.sun.xml.bind to gradle dependencies
* Updated wording: "group" to "device group"
* Fixed bug with user roles not updated after save
* Devices list: fixed not working "i" button on Firefox
* Fixed bug with not displaying configs for non-ALL group members
* Added device groups filtering to FlatDevices
* Fixed bug with java.util.IllegalFormatConversionException
* Fixed bug with not logging in user who is not in parent group
* Removing devices from group directly on details page
* Adding devices to group directly from details page
* Removing users from group directly on group details page
* Adding users to group from group details page
* Secured aliases based on device groups.
* Showing device group in devices list
* Assigning devices to groups
* Added possibility to filter users using limitedToDeviceGroups in JSON API
* List of assigned users in device group details
* Assigning device groups to users
* Limited log entries in case the user is allowed to see only some devices.
* Made Device Updates visible only to users who can access them using Device Groups.
* UI for device groups
* Implemented generic mechanism in JSON API to return only entities referencing devices the user is allowed to manage (by the assigned device groups).
* Added restrictions of device groups to Configs.
* Implemented access restrictions to RRD of devices only from assigned device groups.
* Implemented device groups in User.
* Added DeviceGroupsRepository.
* Added proper relationships for DeviceGroups in Users and Devices in JSONAPI.
* Added DeviceGroup entity along with some changes to Device and User.
* Updated translations
* Handling case when there is no default SSH settings and device has no own config also
* Fixed trimming OS version for OPNsense.
* Added connectionAddress to DEVICE_MOVED_TO_DEVICE_GROUP log entry - also for bulk group update
* Logs table added to device group details page
* Revert ""Quick actions" dropdown added to devices list"
* Revert ""Quick actions" dropdown added to devices list - permissions"
* Enabled zipping logs after rotation.
* Added connectionAddress DEVICE_MOVED_TO_DEVICE_GROUP internal log event.
* Handling device group related log entries in UI
* Added internal log events related to Device Groups.
* "Quick actions" dropdown added to devices list - permissions
* "Quick actions" dropdown added to devices list
* Changed command to detect updates in OPNsense®.
* Added scheduling version check after detecting a difference in status in boottime.
* Updated access control on user editing pages
* Removed unused code
* Handling case when user has "devices:create" but no "device_groups:read" privileges
* Small UI updates for users with no device group
* Fixed bug with not saved user device groups limitation
* Handling UI for user that has no privileges besides login
* Handling case when user has no "get own information" privilege
* Handling JSON errors in aliases collection import
* Superuser setup form submits on "enter" key
* Saving state of "Display by group" switch - also for scheduled actions table
* Handling device groups assignments in welcome box
* Added tooltip infos to some blocked buttons
* Handling user with no groups assigned
* Separate page for scheduled action details - in other tables
* Separate page for scheduled action details
* Device group details: rename form included directly in the page
* Added removing deleted group from all users who had this group assigned.
* Removed not needed method in DeviceGroups REST API.
* When non-empty device group is deleted - devices can be moved to another group instantly
* Device group details: blocking "move device" button if there is no other groups to move to
* Device group details: added device group info to "add devices" box
* Device group details: added button for moving device to another group
* Device group details: updated management of users
* Added columns manager to scheduled actions list
* Made updating assigning users and devices in device groups more restrictive.
* Tuned endpoints for assigning and removing users to Device Groups, and moving devices between Device Groups.
* Fixed creating super user with device groups.
* Fixed RestTestUtils causing NPE for an empty database.
* Fixed migration to handle missing scheduled actions collection.
* Better scheduled actions table views
* Fixed definition of scheduled_action_request view.
* UI for scheduled action requests
* UI made working with refactored scheduled actions
* Changed removing entities having reference to a Device.
* Added migration to clean orphaned ProxyCredentials.
* Refactored ScheduledActions so now they are properly normalised.
* Moved addSuperUserToDb() in RestTestUtils.initRestAssuredBase() due to java.lang.IllegalStateException
* Implemented resetting privileges and device groups.
* Some Java code improvements
* Added missing files
* User can remove himself from a device group
* Allowed users having role with all ("*") permissions AND access to ALL device group to all alias collections.
* Added blocking unassigned (via Device Groups) devices in Direct View.
* Fixed blocking fetching device-related entities by not allowed used in JSON API.
* Made integrationTest pass - but requires some insight
* Fixed a bug with blindly adding limitation to all allowed devices for entities referencing Device in JSON API.
* User forms: Added radio selectors for device group limitation
* Widgets automatically removed from dashboard when user loses access to them
* Removed not needed debug messages
* Updated integrationTests
* Fixed handling device group details in UI when user has no "users:read" permission
* Fixed filtering entities by device in JSON API
* Updated integrationTests
* Fixed bug with filtering device in DG details view
* Fixed exception: class java.lang.String cannot be cast to class java.util.UUID
* Updated integrationTests
* Added possibility to create/update users with no group in UI
* Fixed handling of renaming and deleting default ALL group, added integrationTests
* Fixed creating and renaming device groups with empty and existing names, added few integrationTests
* UI uses "device_updates" permission instead of "updates"
* System and alias update requests hidden from user if not in "ALL" group
* Implemented returning 403/Forbidded for Device Update Requests and Alias Update Request if the user can't manage ALL devices in the system.
* Fixed filtering by ID in JSONAPI.
* Fixed NEQ operator for IDs in JSON API.
* Fixed accessing forbidden devices using JSON API by providing direct ID.
* Fixed leaking SSH details in JSONAPI's flatDevices if the user wasn't privileged with "device:update".
* UI updated to work with new device groups backend
* Made filtering (also negative) work for relationship filtering in JSONAPI.
* Fixed data leak allowing getting devices in JSONAPI by using devices's direct ID.
* Fixed data leak allowing getting entities referencing devices by using entity's direct ID.
* Fixed the meaning of not specified device groups in JSON API requests.
* Fixed bug resulting in configs leak in searching.
* Updated French translations
* Removed the requirement from users to have at least one device group assigned.
* Added Javadoc to DeviceGroupRestTest.
* Added form for editing device groups
* Fixed displaying and editing users when user has no "device_groups:read" or no "roles:read" privilege
* Fixed displaying and editing devices when user has no "device_groups:read" privilege
* Fixed displaying maps when user has no "system_settings:read" privilege
* Added French translations for device groups
* Handling case when logged in user belongs to a group with no devices
* Fixed Java exception in FlatDevicesRep
* Added com.sun.xml.bind to gradle dependencies
* Updated wording: "group" to "device group"
* Fixed bug with user roles not updated after save
* Devices list: fixed not working "i" button on Firefox
* Fixed bug with not displaying configs for non-ALL group members
* Added device groups filtering to FlatDevices
* Fixed bug with java.util.IllegalFormatConversionException
* Fixed bug with not logging in user who is not in parent group
* Removing devices from group directly on details page
* Adding devices to group directly from details page
* Removing users from group directly on group details page
* Adding users to group from group details page
* Secured aliases based on device groups.
* Showing device group in devices list
* Assigning devices to groups
* Added possibility to filter users using limitedToDeviceGroups in JSON API
* List of assigned users in device group details
* Assigning device groups to users
* Limited log entries in case the user is allowed to see only some devices.
* Made Device Updates visible only to users who can access them using Device Groups.
* UI for device groups
* Implemented generic mechanism in JSON API to return only entities referencing devices the user is allowed to manage (by the assigned device groups).
* Added restrictions of device groups to Configs.
* Implemented access restrictions to RRD of devices only from assigned device groups.
* Implemented device groups in User.
* Added DeviceGroupsRepository.
* Added proper relationships for DeviceGroups in Users and Devices in JSONAPI.
* Added DeviceGroup entity along with some changes to Device and User.