[COPN] Loris core base branch based off v25.0.1 #43
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow users to delete their own attachment. If a user does not have Issue Tracker: Close/Edit/Re-assign/Comment on All Issues, they cannot currently delete their own attachment. Resolves aces#8006
This prevents the user from saving a Project configuration with a null Alias in a new project as well as existing projects.
…#8484) This tool tries to run pregmatch on every value pulled from the instrument Data. there is a possibility that values coming from json_decode() are decoded into floats or arrays if that is how they have been saved. if it's the case the script should just skip them and not fail
In the issue tracker module, the reporter dropdown is populated with the assignee users instead of the reporter users. This fills the reporter dropdown with the right reporter values. Fixes aces#8429
…es#7826) Currently, only users with the access_all_profiles permission can see Feedback Threads and Open Thread Summary at the profile level. Even if a user adds a feedback entry, they won't be able to see their own feedback thread unless they have the access_all_profiles permission. This change allows users to see threads and the summary that exists for candidates that they have access to (i.e., if a user is affiliated with MTL, they can now see the feedback threads & summary of MTL candidates). Fixes aces#7190
The keys in the new_profile module were lower case which forces the Sex library class to use a strtolower() function to validate the value and then submits the lowercase value in the SQL insert statement where SQL implicitly converts it to uppercase. This workflow is very risky as different versions of SQL or different databases may not recognise the lowercase and uppercase as the same word and treat it as a truncation. This is also simply bad practice and unnecessary here.
A recent change (aces#7826) to the NDB_BVL_Feedback class causes the following 500 Error to appear when the instrument_list page is loaded. This is because references are made to Timepoint::singleton instead of TimePoint::singleton. Fix casing.
The HTTP spec says the header name is case-insensitive. Some clients send it as "authentication" (lowercase). This makes our check for the header case-insensitive by lower-casing the headers before doing the comparison.
Include checksum in value saved to database.
…' button display (aces#8686) Currently, if the 'InstrumentResetting' config is set to 'No', the 'Delete instrument data' button is displayed and the user is able to clear the instrument. This fixes that by letting the if statement check a true boolean instead of string "true" by calling 'settingEnabled'. The PR also modifies the testing plan so this is tested in the future.
Add a onUserInput prop to the "Update File" ButtonElement Fixes aces#8700
Push 24.1-release branch to 25
A few number values were being passed as Strings in the props to Form elements. Change them to be numbers. Fixes aces#8703
This changes the wording slightly in the TestPlan of user_accounts to indicate that an email is only sent to a new user if the "Send email to user" button is selected. Fixes aces#6971
Combine files in the New_patches into one release file.
Added reference to new feature to support uploading multiple files at once.
The pwned password example was not complex enough to pass the complexity check and trigger the pwned check, so change the example to another one which is more secure but also in a pwned database.
Correct step about clearing filters wording and add step to check the citation policy works. Fixes aces#8736
Transfer the permission test step from instruments module to instrument_manager module, since it is now managed there instead of in the config.xml
Display array values saved in the DQT in a grid layout. It was displayed in a comma separated string before which can be difficult to read.
Add a new status, 'Failed Extraction', in the status enum for the electrophysiology_uploader table.
The button to modify permissions was not well aligned with its column in the data table. Resolves aces#8757.
Fix issue where trying to access an issue assigned to an inactive module leads to a 500 error. Resolves aces#8075
…ces#8833) This updates the documentation that references LORIS 24 to instead reference LORIS 25 in preparation for the release.
Update the RB dataset post release patch and clean up patches
1. RESET FOREIGN KEY CHECKS TO 1 !!!IMPORTANT!!! @laemtl please review asap 2. Fixes 9999 drop tables, adds omitted tables in appropriate order 3. adds editor config setting for YML files 4. recreate release patch in correct chronological order 5. restore publication patch accidentally added to cleanups (publication module should be re-tested) 6. remove instrument permissions from config.xml for RB 7. remove corrupting old subproject files from RB 8. update migration.md
Improve error message when mri_parameter_form doesn't exist Resolves aces#5325
This was made to remove overrides on COPN and CBIGR - removes notices - removes deprecation warning - add filter options to filter with limited set of options
Checkbox elements can not be defined as required like the rest of the elements. This add support for required. A required checkbox must be checked for the form to be submitted. (ie. for questions like "Have you read the terms of service?")
In the feedback panel for an instrument, the only option in 'Field Name' was 'Across all fields'. This changes how the field names for an instrument are fetched so that all of them appear as an option too.
- Fix date imported into DQT to be a real date rather than a unix timestamp. - Fix incorrect order of parameters to `join` in import script
Do not escape data being inserted in the issue tracker, it gets escaped on rendering.
Currently the numeric element type is only being added to the instrument data dictionary if it's on the top page. This fixes it so that the elements are always added to the dictionary regardless of the page.
Fix display of bvl_feedback on mobile devices. - Switched Add Comment button from Pencil to a Comment (Original was confusing) - Set threads to be shown automatically for open threads as having them hidden made the UI confusing. - Added an Edit and Delete button for comments of which the author is the user viewing them - Flipped the order of comments around so that the newer comments show up below. Makes more sense when reading the comments - Made New Comment TextArea section show up below the thread, as that is where the new comment will appear - Changed panel width to work on mobile devices
This change enables the use of project modules for requests that use AjaxHelper. The order in which the directories are defined, when the LorisInstance is instantiated, determines the order of locations where modules are searched for and registered.
Properly handle parsing/auto-populating of visit label when there is a suffix after the visit label in the file name. Fixes aces#8803
Some instruments use hidden fields to pass data to the frontend. This skips over the fields in the dictionary building to prevent a 500 error.
PR#8759 converted the escape module to use unsafeInsert/update to save data and prevent double escaping issues. The usages of the textarea were audited to make sure they were properly escaped, however the value is also displayed in the configuration module itself. Until the module is updated from smarty to react (PR#8471), they need to be escaped in the config module itself. This adds escaping to the config module smarty template.
This fixes 2 problems with the SQL in the media FileUpload?action=getData endpoint 1. There is an obvious SQL injection attack where user input from the request is directly concatenated into a string that's passed to the database. 2. There was an unnecessary sub-select that could have been a join This whole section of the code is a mess that should to be re-written, but this PR just tackles the urgent string concatenation.
Push 24.1.5 bugfixes into the 25.0.x release branch.
Push v24.1.5 bug fixes into v25.0.x release branch
Modified Form.js to no longer use the "selected" attribute in option tags, and rather the "value" attribute of select tags. Resolves aces#8702
zaliqarosli
force-pushed
the
2023-11-02-UpdateCopn25
branch
from
45690eb to
e060275
Compare
zaliqarosli
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request
[DESCRIBE WHAT THIS PULL REQUEST IS TRYING TO ACCOMPLISH HERE]. It[DESCRIBE HOW IT ACCOMPLISHES THE GOAL HERE].See also:
[PROVIDE REFERENCES TO OTHER TICKETS, PULL REQUESTS, OR MAILING LIST THREADS HERE. OPTIONAL.]