This commit changes the deletion mechanism for forms. Currently, it sets the wanted deletion ID to the session, and redirects the user to the previous page, to open a confirmation dialog for deletion.
Gate Auth arguments were missing for TeamFile and Team controllers.
This means that Gate has no idea where to look for policies, meaning that
the ability passed is perceived literally, causing an Unauthorized error.
Adding the Model with which to authorize the request solved the error since
Gate now knows which policy to look in for permission logic.
This commit adds a password strength requirement for new users using
regular expressions.
Also adds a dismissable alert so users know how to create passwords
properly.
This commit fixes some superficial instances of Broken Access Control
(https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control).
There may be some more instances of this, as authorization was only done
after most of the controllers were done (big mistake).
Some refactoring was also performed, where Route Model Binding with DI
(dependency injection) was used whenever possible, to increase
testability of the codebase.
Some reused code was also moved to Helper classes as to enforce DRY;
There may be some lines of code that are still copy-pasted from other
parts of the codebase for reuse.
Non-breaking refactoring changes were made, but the app as a whole still
needs full manual testing, and customised responses to HTTP 500
responses. Some errors are also not handled gracefully and this wasn't
checked in this commit.
This commit fixes the appointment policy being called at the wrong time, with the wrong arguments.
It also fixes wrong references on the auth service provider, also fixing other issues with poliy usage.
Fixes#3 and SPACEJEWEL-HOSTING-59.
This commit adds the ability to edit and modify existing forms.
On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code.