This commit refactors the development tools page to make it look better. Additionally, it makes small adjustments in the notifications and corrects missing strings from the page.
This commit adds several missing "cascade delete" actions to relationships on database tables. This effectively fixes errors while trying to delete user accounts because of pending child records.
Additionally, the observers for applications and vacancies were removed, since they are now obsolete.
The account deletion system was also refactored.
This commit adds a feature that allows users to request periods of inactivity from their managers. This is effectively known as a leave of absence.
The commit also introduces new permissions and migrations, therefore, you'll need to adapt your database according to these changes.
This commit rewrites the previously broken auto ban cleaner. It's now much more efficient and compact, and it removes bans correctly and on the right date.
Fixes#1
This commit fixes some superficial instances of Broken Access Control
(https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control).
There may be some more instances of this, as authorization was only done
after most of the controllers were done (big mistake).
Some refactoring was also performed, where Route Model Binding with DI
(dependency injection) was used whenever possible, to increase
testability of the codebase.
Some reused code was also moved to Helper classes as to enforce DRY;
There may be some lines of code that are still copy-pasted from other
parts of the codebase for reuse.
Non-breaking refactoring changes were made, but the app as a whole still
needs full manual testing, and customised responses to HTTP 500
responses. Some errors are also not handled gracefully and this wasn't
checked in this commit.
