* Add web authorization permission based on groups
* Access and parts of website are limited by permissions
* Add group management in /manage page
* Higher level permissions grant lower level permissions similar to Sponge
* Add command /plan setgroup, which uses plan.setgroup.other permission
* Add command /plan groups, which uses plan.setgroup.other permission
* Add more navigation based on permissions
* API modifications
* User#hasPermission now returns true if user has parent permission in the tree
* ResolverService#registerPermissions and ResolverService#registerPermission methods for adding new permissions
* Update locale with new lines
* Various unrelated fixes to CSS and code
Affects issues:
- Close#1623
- Fixed SQL-injection vulnerability in an endpoint
- Fixed XSS on Whitelist deny 403 page
- Fixed XSS on Internal Error 500 page if untrusted data ends up in exception message
* Adds swagger dependencies and annotations for json endpoints for documentation
* Add swagger ui to react project
* Access control to swagger endpoints
* Include swagger.json in jars using custom configuration
Also:
* Reworked project shadow configurations to avoid shadowing shadow versions of modules
Why: Extra dependencies were being included when using shadow scope
What:
- modules no longer depend on shadow configurations,
which speeds up IDEA indexing after build considerably
(No need to index *-all.jars)
- 'shadow' scope is now used for artifacts that need to be included
- 'shadow' scope is also 'api' so that modules that depend on common
can import the libraries. This may cause issues in projects
depending on Plan so this may need to be reconsidered
- Relocations and exclusions were moved to plugin module
org.slf4j is now included in 2 locations which may cause issues.
Needs testing with servers
- Found out that all Extension dependencies include junit as compile
scope which caused it to be included.
Affects issues:
- Close#1890
* Fixed disk medium threshold not showing color
* Added 'serverName' and 'serverUUID' to optimizedPerformance endpoint
* Added /v1/network/listServers endpoint
* Added /v1/network/performanceOverview?servers endpoint
* Hide negative values from performance graphs
* Allow json cache bypass by not providing timestamp parameter in URIQuery
* Ignore negative values in low tps spike count
* Added (Unavailable with Export) to exported network html performance tab title
Affects issues:
- Close#1693
Aurora Lahtela
Emilia Dreamer