no issue
- updates the `TrailingHistory` locationType so that trailing slashes aren't added to the end of URLs with parameters but instead matches how the server-side redirects to trailing-slash URLs
- before: `/subscribers?order=created_at/`
- after: `/subscribers/?order=created_at`
no issue
- moves the `NavItem` object from the navigation controller to an explicit `NavigationItem` model file
- adds a custom transform `navigation-settings` that transforms the navigation settings JSON string to/from an array of `NavigationItem` objects
- simplifies the `settings/navigation` controller as it no longer has to export it's own internal model and handle serialization and deserialization
This pattern should also help simplify the apps/slack integration code if implemented there.
no issue
- ensure that each validator instance gets it's own `errors` and `hasValidated` objects
- updates some uses of `ValidationEngine` that were relying on side-effects of the unintended reference sharing
- fixes issue with add subscriber modal displaying an error state after opening if it previously had errors when closing
refs #2459
This includes updating handlebars to v4 as well as other fixes which
will introduce breaking changes to the theme API:
From express-hbs:
- partials must now use the `.hbs` extension, the same as templates
From handlebars:
- Depthed paths are now conditionally pushed on to the stack.
If the helper uses the same context, then a new stack is not created.
This leads to behavior that better matches expectations for helpers
like if that do not seem to alter the context. Any instances of ../
in templates will need to be checked for the correct behavior under 4.0.0.
In general templates will either reduce the number of ../ instances
or leave them as is. See #1028.
- The = character is now HTML escaped. This closes a potential exploit
case when using unquoted attributes, i.e. <div foo={{bar}}>. In general
it's recommended that attributes always be quoted when their values are
generated from a mustache to avoid any potential exploit surfaces.
no issue
- returns the promise/result from `loadNextPage` so that it's return value can be utilised in closure actions
- sets the `isLoading` property in `loadFirstPage` to match `loadNextPage` behaviour
- reset the `isLoading` property even if the request fails
- adds a `didReceivePaginationMeta` hook so that consumers of the mixin can use the metadata values without having to rely on observers
- eg. pulling the `total` into a separate property that can be manipulated when items are added/removed but still reset to the sever's total value the next time a page is loaded
- renames the `pagination-route` mixin to simply `pagination` as it's not tied to routes and works equally well in other objects that need to paginate an API resource
closes#6462
- monkey-patch validator.extends() since it was dropped by validator @5.0.0
- coerce input to string prior to validation (custom toString func)
- need to handle boolean validation based on column type not isIn()
- use `lodash.tostring` to convert input values to strings
refs #6589
- add internalAppsPath as a proper config path
- middleware/routes will be setup for any internal apps which have the function
- this should be refactored into some sort of proper hooks system as part of apps
- internal apps get permission to do anything the proxy allows
refs #6301, #4176
Add migration for:
- 5 new client permissions
- 15 relations between the admin, editor & author role and the 5 new permissions
- updates to tests to show that permissions get updated properly
