5. Release History

5.1. Release 1.3.0 (2019-01-24)

  • Added API call for multiple contexts in allowed operations.

5.2. Release 1.2.2 (2019-01-21)

  • Fix conflict on insert of authorisation.
  • Fix database connection errors on timeout.
  • Safer use of user-filled variables in templates.

5.3. Release 1.2.1 (2019-01-14)

  • Fix DUO redirection.

5.4. Release 1.2.0 (2019-01-11)

  • MGRID branding update. Added CONTACT_EMAIL setting.
  • Fix misplaced version footer.
  • Created same look and feel as QueryBuilder.
  • Separate settings for logo in UI and emails: LOGO_UI and LOGO_EMAIL.
  • Added documentation for all settings.

5.5. Release 1.1.6 (2018-12-29)

  • When an approver logs in and has approval rights by membership of a group, the group email address was used in the approval email. Now it uses the personal name and email address.
  • Move to gunicorn for production WSGI container.
  • Disallow simultaneous session logins for the same user.
  • Make session cookies harder to copy.

5.6. Release 1.1.5 (2018-11-20)

  • Create local user if member of group. Previously, the user who was member of a group with approval rights, also needed to be present as an approver with a personal email address.

5.7. Release 1.1.4 (2018-11-08)

  • Allow the approver to be a group email address. At login a users group membership is determined. Then for all groups the email address is retrieved. When approval is concerned, the user’s email addresses associated with his account, and with his groups are considered.
  • More robust handling of permission responses. If the logged in user is not approver of the permission request, a user-friendly error message is shown.

5.8. Release 1.1.3 (2018-10-22)

  • Redirect / to an appropriate URL.
  • Remove constraint on context parameter of permission request to allow contexts such as SQL strings.
  • Add API documentation.
  • Fix user creation task.
  • If a request has been previously been set to accepted, and later to denied, it is now no longer presented in accepted requests in the UI.
  • Allow Javascript for DUO interaction in Content Security Policy (CSP).
  • Fix decision tokens for approvers created after a permission request.
  • Fix permission denied error on flask_session directory.

5.9. Release 1.1.2 (2018-03-29)

  • Autogenerate data model on start on empty database.
  • Add version number to footer in application GUI.
  • At login the form ‘next’ parameter is not always filled.
  • Email markup compatible with Outlook.
  • The permission response email for an approver lacked certain links.
  • Less stringent validation of ‘reason’ in permission request.
  • Switch from Alpine to Ubuntu container to eliminate musl-libc. Musl-libc has been observed to lose directory entries when accessing network filesystems while in docker.
  • Use IMG_LOGO setting also for UI.

5.10. Release 1.1.1 (2018-01-15)

  • Provide context in UI
  • Allow multiple permission_requests as for the same dataset, when context differs.

5.11. Release 1.1.0 (2017-11-28)

  • Add allowed_operations and info resource.
  • Add reason, approved_message and denied_message to permission_request.
  • Add approve_token expiration.
  • Add AD and DUO authentication.
  • Add UI for dataset authorisations.
  • Obfuscate code on production.
  • Fix for deny after approve.
  • JSON response for HTTP codes 404 and 500.
  • Return previously provisioned approver on duplicate approver calls.
  • Allow creation of already existing user, dataset, etc.
  • Provide feedback on wrong login.

5.12. Release 1.0.0 (2017-05-18)

  • First release.