All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Global Variable:
- DefaultMediaPermission [0644]: The default permission for files uploaded through uAdmin
- Delete(): Checks for ID == 0 where it doesn't delete all records when ID = 0 is passed
- Global Variable:
- Settings model which can be used system wide to keep application settings.
- GetSetting function to read settings from the settings model.
- User.GetAccess function can evaluate the user's permission to a model using user level and group level and return a UserPermission instance.
- ErrorHandleFunc: A function that can be passed for handling errors system wide that gets called when Trail is called.
- AllowedIPs: is a list of allowed IPs to access uAdmin interfrace
- BlockedIPs: is a list of blocked IPs from accessing uAdmin interfrace
- RestrictSessionIP: restricts access to the system if the IP of the user changes after login
- RetainMediaVersions: is to allow the system to keep files uploaded even after they are changed
- Forgot password now sends HTML emails.
- GetString function can return the name of a static list item.
- Bug fix for read only fields for new and edit.
- Model names in dashboard are generated using proper plural function instead of just adding "s"
- Approval System: By adding `approval` tag to any field, the field will required a special permission to edit. If the user does not have this permission, the edit will generate an Approval record that can be approved by a user with access to the new Approval model.
- Upload files using drag and drop into the field.
- Image and File fields now allow a new tag called `webcam` which adds web can access directly from the field.
- Model specific themes: You can use `ModelSchema.FormTheme` and `ModelSchema.ListTheme` to choose a theme for a model.
- Settings automatically adds all uAdmin global variables as settings.
- Added .gitignore which should have been there all along!!
- cropImageHandler now returns JSON with a status letting the for success and failure.
- Improved performance for saving settings page.
- Fixed filters for list view. Now you can apply multiple filters. Also now you can filter by foreign key.
- Removed all `fmt.Println` and `log.Println` for printing errors and replaced it with `Trail`.
- Export to excel date time type now takes time zone into account.
- Fixed bug with method fields names rendering with missing letters.
- Settings URL takes into account `RootURL`
- Edit logs will only be saved if the form didn't have errors.
- Fixed bug with `required` file and image fields where you had to choose a file everytime you save even if there was a files saved in the record.
- Fixed bug with `required` foreign key and list type where it was not working before.
- revertLogHandler required the requires to be authenticated and the user to have access to edit the model and have read access to logs.
- Implemented request rate limits to protect from DDoS
- Implemented AB/Testing system
- Implemented dAPI which is an API to access model data
- Implemented CacheSessions and CachePermissions for direct in memory access to sessions and permissions
- Implemented a Metrics system using the following function:
SetMetric,IncrementMetric,TimeMetricandNewMetric - Trail can log to syslog
- HTTP requests can be logged to syslog
- Added
uadmin.Handler(func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request)to enable syslog for HTTP requests - Add OptimizeSQLQuery mode
- Handle ctrl+F in Home and List view to focus on the search field instead of the native search
- Added
stringermeta tag - Added two API end points
/api/get_modelsand/api/get_fields?m={MODEL_NAME}
- Changed
Login(*http.Request, string, string) (*User, bool)toLogin(*http.Request, string, string) (*Session, bool) - Changed
Login2FA(*http.Request, string, string, string) *UsertoLogin2FA(*http.Request, string, string, string) *Session - Changed
HTMLContexttoRenderHTMLthat has support for templates functions - URL filter place holders are capital letters
{USERNAME},{USERID}and{NOW} - Search is allowed for
list_excludefields. - Changed the search API path to
/api/search/ - Make static handler a public function
uadmin.StaticHandler(http.ResponseWriter, *http.Request) - Added three new level to
Trailfor compatibility with syslog which areCritical,AlertandEmergency - If database doesn't exist for mysql, uAdmin will try to create a new database.
User.HasPermissionwill be private starting0.6.0UserGroup.HasPermissionwill be private starting0.6.0
- Fixed image crop modal conflict in list view with delete modal and add it to form and inlines
- Fixed FK in approvals
- Remove required from fields with pending approval
- Support filtering/searching by NULL value for
time.Timepointer - Fixed filtering by FK
- Restrict access to inlines based on user model permissions
- Search API escapes HTML results
- PreQuery and PostQuery handler for dAPI
methodcommand in dAPI to run model's methods- Windows support for syslog
$preloadin dAPI- RenderHTMLMulti to render nested templates
$choicesin schema command in dAPI to preload FK and M2M choices- Support for golang Modules
- Added search in dAPI using
$q - Reset button for ABTest
- Added delete functionality for file and image from UI and dAPI
- dAPI schema now transaltes the model based on your language cookie
- dAPI now supports M2M in add and delete functions
$distinctin dAPI read function
- Droping support for Golang 1.10
- Changed Excel export library to excelize
- GetDefaultLanguage and GetActiveLanguages are public now
- TranslateSchema is public now
- Model method
GetImageSize() (int, int)to customize image size
- Fixed bug with dAPI __ filters
- Fixed last insert ID in MySQL
- Fixed dAPI clearing file and image fields
- Fixed a bug with Aggregate column
- HideInDashboard works for existing models
- DashboardMenu changes icon size to 128X128 pixels
- PasswordAttempts and PasswordTimeout settings to protect limit invalid password attempts
- CheckRateLimit limits whole IP instead of IP and port combination
- CSRF protection in UI and dAPI and public function
CheckCSRF - SQL injection checking in dAPI, export and public function
SQLInjection - Added AllowedHosts setting to limit the domains/IPs for password reset
- Link fields get
x-scrf-tokenadded automatically in UI sessioncookie uses SameSite=SameSiteStrictMode- Prevent navigation attacks in Theme setting and file upload
- dAPI function
methodcan return a value if the method called has a return. Note: if you have a return, you cannot use$nextto redirect.
- Fixed false possitive SQL Injection in dAPI join.
- Fixed false detection in
customGetfor private fields of type[]structas an M2M field. - Typo in uadmin command line tool.
- CSRF protection in dAPI in functions:
add,edit,deleteandmethod. - Tamplate function
CSRFimplemented inuadmin.RenderHTMLanduadmin.RenderHTMLMulti. It returns anti CSRF token. uadmin.IsAuthenticatedrecognizesnousersessions. These sessions are for users who are not authenticated in the system. To set a session cookie, userSetSessionCookieuadmin.SetSessionCookiereceives a pointer to a session and sets the session cookie in a secure way. If you pass anilto the session, the session will be created as anousersession which is still a session but gives the user to access as an authenticated user. These sssions can be used to protect against CSRF attacks in case you have a public API.
- Fixed CSRF token to inlines form for deleting
- Fixed User was overwritten with old user on logout when using cache sessions
- Drop support for GO version 1.11 and 1.12
- Fixed adding more than 10 items in dAPI
- Fixed saving of language not removing the previous default language
- Support for getting static files when runnung
uadmin preparefrom modules instead of source folder uadmin preparenow accepts a new parameter--srcthat allows to overide the default behavior and get the static files from source instead of moduleuadmin preparetakes go.mod into consideration to decide where to get the static files from. This allows developers to develop multiple applications that uses different version of uAdmin. If you use replace directive inside go.mod, the prepare tool will copy the files from the local folder as instructed in the replace directive.- Two new settings "Logo" and "FavIcon" to customize your application even further.
- Added
.DS_Storeand.vscodeto .gitignore
uadmin pubnlishis removed. It used to be an internal development tool and was cool to have it runnig publicly for a while
- dAPI didn't have docs for
methodand fixed some typos - Linting (So much linting)
- The system reads two envirnment variables
UADMIN_USERandUADMIN_PASSfor new deployments to create admin username and password. If these environment variables do not exist, uAdmin will user "admin" and "admin" for username and password.