diff --git a/.github/workflows/lint-and-analyse-php.yml b/.github/workflows/lint-and-analyse-php.yml index aaf141fe4..637511862 100644 --- a/.github/workflows/lint-and-analyse-php.yml +++ b/.github/workflows/lint-and-analyse-php.yml @@ -1,4 +1,4 @@ -name: Lint and analyse php files +name: Linters # If a pull-request is pushed then cancel all previously running jobs related # to that pull-request @@ -17,6 +17,20 @@ permissions: contents: read jobs: + markdownlint: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: markdownlint-cli2-action + uses: DavidAnson/markdownlint-cli2-action@v20 + with: + config: 'doc/.markdownlint.yml' + globs: | + *.md + doc/*.md + phpunit: runs-on: ubuntu-latest strategy: diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 000000000..b2c802035 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,678 @@ +# CHANGELOG + +## 2.8.6.2 - 2024-08-18 + +See all the changes at + +## 2.8.6.1 - 2023-09-26 + +Mainly Bug fixes, special mention for the ldap plugin, more details at + +## 2.8.6 - 2023-04-18 + +Librebooking now has PHP8 support +Many bugs, updates and even new features were added but the list is a bit long so for further details please check the commit history + +## 2.8.5.5 - 2022-02-11 + +**This version is no longer developed by Twinkle Toes Software ()** +Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app](https://github.com/LibreBooking/app) +Fork this repo, contribute and help keep it alive + +Small update to fix a security issue + +## 2.8.5.4 - 2021-09-03 + +**This version is no longer developed by Twinkle Toes Software ()** +Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app](https://github.com/LibreBooking/app) +Fork this repo, contribute and help keep it alive + +Way too many changes, bugfixes and improvements to list them all here, so please take a look at: [https://github.com/LibreBooking/app/commits/master](https://github.com/LibreBooking/app/commits/master) + +## 2.8.5.3 - 2021-03-10 + +**This version is no longer developed by Twinkle Toes Software ()** +Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app](https://github.com/LibreBooking/app) +Fork this repo, contribute and help keep it alive + +- Added translation: Greek +- Updated jsPDF +- Bugfixes + +## 2.8.5.2 - 2021-01-25 + +**This version is no longer developed by Twinkle Toes Software ()** +Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app]() +Fork this repo, contribute and help keep it alive - Bugfixes + +## 2.8.5.1 - 2020-11-11 + +**This version is no longer developed by Twinkle Toes Software ()** +Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app]() + +Fork this repo, contribute and help keep it alive - Added intial support for generating pdf's on the reservation page + +- Added two plugins (Moodle Advanced Authentication and Admin Check-in/out Only) +- Updated portuguese translation +- Bugfixes + +## 2.8.5 + +- Added import and export of groups +- Updated Danish translation +- Allow lower level administrators edit in-progress reservations +- Added optional email to be sent to users when changing resource status +- Added setting to show week numbers on calendars +- Added settings to require phone, position, and organization during registration +- Bugfixes + +## 2.8.4 + +- Allow reservations on the schedule to be filtered by owner or participant +- Include participant list in reports output +- Add resource concurrency to resource import and export +- Bugfixes + +## 2.8.3 + +- Do not require logging in to set up resource tablet display +- Bugfixes + +## 2.8.2 + +- Added the ability to set a limit on the number of concurrent reservations per resource +- Removed the ability to set a schedule as allowing unlimited concurrent reservations per resource +- Bugfixes + +## 2.8.1 + +- Added ability to limit the total number of concurrent reservations for a schedule +- Added ability to limit the number of resources per reservation for a schedule + +## 2.7.8 + +- Added ability to repeat a reservation on non-sequential dates +- Updated PayPal API to version 2 +- Added option to sync group membership when logging in via SAML +- Updated Portuguese, German, and Spanish translations +- Updated PhpCAS to 1.3.8 +- MySQL 8+ compatibility +- Bugfixes + +## 2.7.7 + +- Added a configuration option to show whether a reservation is new or updated for a period of time +- Added Hungarian translation +- Bugfixes + +## 2.7.6 + +- Added email notifications when participants of a reservation accept or decline invites +- Added reservation waitlist signup on view reservation page +- Added ability to restrict guests from using tablet view +- Notify users if the creation of a blackout time deletes their reservation +- Updated Portuguese and Finnish translations +- Bugfixes + +## 2.7.5 + +- Added utilization reports +- Added ability to find a specific time +- Added recurring reservation series ending emails +- Added credits to reservation emails +- Added link to add to Google Calendar to reservation emails +- Bugfixes + +## 2.7.4 + +- Added availability view to reservation page +- Added participant list to reservation emails +- Redesign of resource tablet display +- Added ability to search for reservations that missed checkin/checkout +- Bugfixes + +## 2.7.3 + +- Added ability to set user status on CSV import +- Added ability to share reservation details via email +- Added ability set the resources, groups, and schedules a group can administer from Groups tool +- Bugfixes + +## 2.7.2 + +- Added monitor display view +- Resolved accessibility issues +- Added Serbian +- Bugfixes + +## 2.7.1 + +- Added ability to purchase credits +- Added credit usage to the reservation page +- Added ability to set comma or semicolon delimited admin.email configuration setting to allow multiple admin emails +- Added ability to send a reservation to Google Calendar +- Added ability to select a resource image while adding +- Added ability to begin a reservation directly from Slack +- Added ability to set default group membership +- Added ability to require terms of service acknowledgment +- Added ability to set login page announcements +- Added ability to set schedule availability dates +- Added ability to configure different minimum notice rules for reservation add, edit and delete +- Added ability to allow multiple reservations on the same resource at the same time for a schedule +- Added ability to set multiple resource images +- Added ability to set view-only resource permissions +- Added ability to sync group membership from LDAP and CAS +- Added ability to set fully custom layout slots +- Added blackouts to schedule and resource calendar view +- Added view calendar page +- Added ability to embed a Booked calendar view on an external website +- Added ability to require reservation title and description +- Added user groups to report output +- Added ability to set custom favicon +- Added ability to customize email messages +- Added ability to bulk delete resources +- Resource QR code will open ongoing reservation if it requires check in +- Added ability to find an open recurring time +- Upgraded jQuery to latest +- Bugfixes + +## 2.6.8 + +- Added ability to see real time availability when selecting additional resources +- Added the ability to set a delete/reject reason +- Added the ability to update users and resources on import from CSV +- Allow setting phone, organization and position when creating a user from the admin section +- Better highlight pending reservations on Dashboard and popups +- Optimize JavaScript file loading for better page rendering times +- Bugfixes + +## 2.6.7 + +- Added real-time indication of additional resource availability in reservation screen +- Added ability to search for reservations +- Added ability to send user an email when an account is created for them +- Added option to show captcha on login +- Updated reCaptcha to use nocaptcha +- If recurring start and end dates are not the same, then include both in the emails +- Added Basque language +- Added Thai language +- Bugfixes + +## 2.6.6 + +- Added ability to set default start and end reminders +- Added ability to import resources from CSV +- Added ability to export resources to CSV +- Added ability to export users to CSV +- Added ability to include custom attributes in user CSV import +- Added ability to import reservations from CSV +- Added ability to bulk delete users +- Added ability to bulk delete reservations +- Added ability to bulk delete blackouts +- Added ability to drag and drop reservations from calendar views +- Added ability to select multiple options for most report filters +- Added password update API +- Added ability to set number of past and future days to include for Atom and iCalendar subscriptions +- Added ability to apply configured default homepage to existing users +- Saved reports and exported reports will use same columns +- Added credits to manage reservations and reports +- Show if a reservation is pending approval on popups and edit page +- Added config option to notify users if they missed their reservation check in time +- Numerous security fixes +- Bugfixes + +## 2.6.5 + +- Ensure only one reminder email is sent per reservation when multiple resources are booked +- Added Vietnamese +- Added ability to automatically fill in blocked time slots based on gaps in available slots +- Added ability to update a reservation before approving it +- Added resource type filter to reports +- Bugfixes + +## 2.6.4 + +- Use resource color on availability dashboard +- Display reservations for multiple resources as one item on dashboard +- Better handling of dates on the reservation page when an entire day is unavailable +- Allow view schedule to be changed to alternate schedule views +- Upgrade PHPMailer +- Bugfixes + +## 2.6.3 + +- Include resource name in all email subjects +- Added 'Today' link to schedule navigation +- Added real time accessory quantity availability +- Added ability to include email and phone in reservation popup +- Added support for MySQL 5.7+ +- Added use sso flag for Active Directory authentication +- Added user available credits to the reservation page +- Added ability to copy a resource +- Added Russian +- Bugfixes and security updates + +## 2.6.2 + +- Added ability to invite users to join Booked +- Added ability to repeat multi-day reservations +- Added additional columns to reports +- Bugfixes +- Updated French language pack + +## 2.6.1 + +- Bugfixes + +## 2.6 + +- Mobile first, fully responsive user interface +- Allow guests to book and be invited to reservations +- Allow users to join wait list if requested time not available +- Control resource usage with credits +- Ability to request that users check in and out of reservations, optionally auto-releasing the reservation +- Allow users to sign in using Facebook or Google +- Require users to register with an email address from a known domain +- Set specific days and hours which quotas are enforced +- Allow quotas to exclude completed reservations +- Added ability to search for an available time rather than browsing schedule +- Require minimum and maximum number of accessories when specific resources are booked +- Ability to restrict announcements to certain groups or users with access to certain resources +- Added ability to book around conflicting reservations +- Added ability to set reservation color by user, resource, or custom attribute value +- Added tablet view that can be used to display resource schedule and allow sign ups +- Added private custom attributes +- Added admin-only custom attributes +- Added resource-aware custom reservation attributes +- Invites are attached to reservation emails as .ics file +- On mobile, allow a picture to be taken for resource image +- The first user to register will automatically be setup as the primary admin +- Numerous minor enhancements and bug fixes + +## 2.5.21 + +- Added ability to duplicate a reservation +- Added ability to move reservations by dragging to new slot +- Added ability to blackout around existing reservations +- Added delete confirmation to reservation window +- Fix API bugs +- Fix bug not showing custom user attributes on manage user page +- Fix for account deleted email + +## 2.5.20 + +- Added multi-date selection to bookings page +- Added ability to send announcements as emails +- Added ability to send email to all users when reservation is cancelled +- Added ability to filter on multiple resources on bookings page +- Added ability to allow cross origin requests for API +- Added ability to import ICS files +- Fixed click and drag on condensed week view +- Fixed problem showing hidden resources on dashboard + +## 2.5.19 + +- Fixed some packaging issues from 2.5.18 +- Added ability to filter multiple resources on the schedule +- Updated Japanese language files + +## 2.5.18 + +- Fixed bugs with CSRF checks +- Changed the manage reservation search filter to be inclusive of reservations spanning filtered time +- Fixed issue that didn't maintain selected date in schedule calendar popup +- Fixed double html encode issue for custom attributes +- Fixed issue filtering on custom attributes on manage reservations page +- Added fix to allow larger datasets returned when using group_concat +- Fixed the 'deleted by' name in the account deletion email + +## 2.5.17 + +- Fixed bug preventing schedule view switching on Chrome and IE +- Fixed bug with reports showing no results when searching on accessories +- Fixed issue displaying schedule dates even when no slots are defined +- If register or forgot password urls open in external site, open in new window +- Include total hours in reports +- Changed reservation email message to come from whoever made the reservation +- Added ability to override language strings +- Fixed missing homepageid upon registration +- Fixed missing email address in reservation reminders +- Properly custom attribute regex format if user supplied version is incorrect +- Added ability to remove all assigned permissions for resource +- Added ability to include all reservation attributes in display labels +- Save calendar expand/collapse on schedule page +- Fixed bug determining when to send notification emails +- Fixed bug with PR language +- Changed resource availability web service to use same logic as dashboard +- Fixed issue displaying reservations when date had no slots +- Fixed bug that prevented cookies from being written properly in IE +- Fixed warning when path property is not found in the url +- Removed CSRF check on registration page +- Ensure session is started when rendering captcha +- Fixed syntax issue on PHP 5.3 and lower + +## 2.5.16 + +- Added datetime custom attribute type +- Added ability to import a list of users +- Added ability to manage custom attributes through the API +- Added ability to customize report columns +- Added a yearly quota +- Added API for getting resource types and ability to set resource type in add/update +- Added ability to restrict showing user details to simply on/off or past/future reservations +- Added user deleted email notification +- When a reservation is created on behalf of another user, the user taking action is included in the email notifications +- When a user is created on behalf of another user, the user taking action is included in the email notification +- Improved rendering of schedule when being printed +- Resource details are now shown even if user does not have permission +- Added ability to include Google Analytics +- Fixed bug which prevented joining or canceling a recurring reservation instance if it violated a notice rule +- Fixed resource availability dashboard timeout issues +- Fixed bug with creating and updating reservations through the API +- Fixed bug which over-counted accessories when reservation contained multiple resources +- Fixed bug loading resource type attributes when managing custom attributes +- Fixed bug requiring user to uncheck removed resources from all groups +- Fixed bug for resource groups when they are returned from the db sorted incorrectly +- Fixed bug with upcoming reservations dashboard +- Changed cookies to be scoped to Booked root path +- Implemented CSRF checks (thank you Netsparker) +- Updated French language pack +- Updated Croatian language pack + +## 2.5.15 + +- Added ability for users to join reservations without being invited +- Upgraded CAS library to 1.3.3 +- Added Active Directory option to sync group membership into Booked +- Added user details popup +- Added ability to manage user and group permissions from resource management page +- Fixed bug preventing recurring reservations from being deleted in management page +- Fixed bug incorrectly grouping recurring reservations on calendar views +- Updated Italian language +- Updated Spanish language + +## 2.5.14 + +- Added notice to schedule when no resources have been added +- Added emails to participants and invitees when a reservation is updated +- Added resource image to reservation email +- Added ability to set default homepage for new users +- Added dashboard item for current resource availability +- Fixed bug displaying wrong reservation dates on reservation save confirmation message +- Fixed bug on view schedule page when using daily layouts +- Fixed bug preventing individual reservations from being added to external calendars +- Fixed bug which did not check Sunday checkbox on recurring reservations +- Fixed bug on dst change preventing all reservations on that day +- Fixed bug causing permission updates performed by schedule admins to wipe out certain permissions +- Updated Italian language pack +- Updated Spanish language pack + +## 2.5.13 + +- Fixed bug preventing reservations from being added to Outlook +- Fixed bug preventing accessories from showing in reservation popup +- Fixed bug preventing resource filter from working on view schedule +- Added Drupal authentication plugin (Drupal 7.x with MySQL only) +- Added ability to display participant and invitee lists in the reservation label +- Applied patch for HTTP security headers +- Updated Italian language + +## 2.5.12 + +- Fixed English admin help page + +## 2.5.11 + +- Fixed issue that was sending approval request emails on every reservation create/update if approval emails were enabled + +## 2.5.10 + +- Fixed issue sending email from \*nix servers + +## 2.5.9 + +- Added custom attributes to reports +- Added resource groups to calendar views +- Added ability to enter maintenance mode +- Added ability manage user groups through API +- Added more options for customizing the reservation slot label, including using custom attributes +- Added ability to customize reservation label for My Calendar, Resource Calendar, ICS feeds, RSS feeds and the reservation popup +- Added list of dates and resources to reservation confirmation message +- Added ability to receive reservation approval request emails +- Added API to get schedule slots +- Added finer-grained control over what profile values can be managed through Booked when using an authentication plugin +- Reduced the size of the bookings page +- Fixed bug graying out resources and dates when user and schedule timezone don't match +- Fixed bug handling non-UTC dates in API +- Fixed bug performing case sensitive match when checking if user is admin +- Fixed bug for GetAvailability API +- Updated German language files +- Updated Portuguese language files + +## 2.5.8 + +- Added schedule and resource filter to My Calendar +- Fixed bug displaying week in calendar views +- Reduced the size of the bookings page by \~35% +- Updated German language files +- Updated Japanese language files +- Updated Portuguese language files + +## 2.5.7 + +- Fixed potential XSS vulnerability on login page + +## 2.5.6 + +- Fixed problem navigating to reservation details from tall schedule view +- Fixed problem rendering resource group management page + +## 2.5.5 + +- Fixed problem updating plugin config files through UI +- Fixed date parsing in web services + +## 2.5.4 + +- Fixed error updating resources + +## 2.5.3 + +- Fixed manage reservations/resources custom attribute filter when multiple attributes are provided +- Fixed javascript error when recaptcha is disabled during registration +- Fixed error updating usage configuration of resources +- Fixed installer to handle the case when the database exists but no tables have been created +- Changed installer to use mysqli +- Fixed error filtering blackouts by resource +- Fixed error creating recurring reservation which sometimes picked the wrong week of the month + +## 2.5.2 + +- Added ability for admins to filter reservations by custom attributes +- Added ability for admins update reservation custom attributes inline on manage reservations page +- Added paging and filtering on Manage Resources +- Added bulk update on Manage Resources +- Added admin dashboard for all upcoming reservations +- Added ability to leave protocol off script.url setting to auto-detect http vs https +- Fixed bug failing to display error message when invalid daily layout is being created +- Fixed missing HTML tags on print report page +- Added Croatian translation +- Updated Czech translation +- Fixed overly restrictive password validator +- Changed reservation confirmation screen to notify when the reservation requires approval +- Updates to Italian language pack + +## 2.5.1 + +- Updated German language files +- Changed reservations web service to not default to current user if no user is provided +- Added resource availability web service +- Added reservation approval web service +- Fixed bug creating a opening new reservation window without a selected resource id +- Fixed bug where reservations ending at midnight would show on the next day for condensed view +- Fixed bug where role restricted pages could not be opened up to everyone +- Fixed bug when a hidden resource belongs to a group +- Fixed bug with schedule admin being able to see reservation list and see blackout list +- Fixed bug where readonly schedule page failed to render +- Fixed bug adding/removing resource images +- Fixed sample data import +- Cleaned up sample post-reservation plugin example + +## 2.5 + +- Application renamed from phpScheduleIt to Booked Scheduler [(why?)](http://www.bookedscheduler.com/phpscheduleit) +- Added ability to reserve resource groups +- Added ability to filter schedule resources +- Added ability to specify resource type +- Added enhanced resource status management +- Added ability to specify buffer time between reservations (per resource) +- Custom attributes now appear on all reservation emails and balloons +- Added ability set custom attributes for an individual resource, user or resource type +- Added ability manage config files for all plugins through the UI +- Added ability to set reservation colors per user +- Added ability to subscribe to reservation Atom feeds +- Added ability update blackouts +- Added ability attach multiple items to a reservation +- Added Shibboleth authentication plugin (thank you to the folks at UCSF) +- Added ability to email admin for all new account creations +- Updates and cleanup on the API +- Removed password regex setting in favor of password complexity settings +- Changed schedule drop downs to exclude schedules if the user does not have permission to any of the resources belonging to it +- Added wide and condensed booking page views +- Added option to allow all users access to reports +- Added setting for default 'from' email address +- Changed the reservation page to default to the minimum resource reservation time +- Changed reservation update to grant permissions to all users if auto-assign permissions is being turned on +- Fixed showing 'Private' when the current user is the reservation owner +- Fixed bug where recurring reservations across daylight savings time boundaries were not being updated to the correct time +- Fixed bug where schedule would freeze on certain daylight savings boundaries +- Fixed pagination bug on manage reservations page +- Fixed bug allowing invitees to join a reservation that was already at capacity +- Fixed bug not enforcing resource cross day reservation constraint +- Fixed bug where quota rules were being enforced cumulatively for resources on a schedule +- Fixed bug where reminders were being sent for deleted reservations +- Updated all mysql_\* calls to mysqli_\* +- Numerous other minor fixes and updates + +## 2.4.2 + +- Added ability to click and drag to create reservations +- Added ability hide blocked slots on schedule +- Added ability to view reservation participation on schedule +- Changed migration process to be asynchronous +- Fixed bug preventing reminders from running on some servers +- Fixed bug hiding labels for periods less than 1 hour +- Fixed bug in configuration management escaping special characters +- Fixed bug when changing start date/end date on reservation page +- Fixed bug selecting wrong start time when user and schedule timezones are different +- Updated German, Portuguese and Hebrew languages + +## 2.4.1 + +- Changed periods spanning less than an hour to display tick marks instead of times +- Fixed bug when displaying vertical schedule when reservation title contained special characters +- Fixed bug in migration script not copying legacy password correctly +- Fixed bugs generating API documentation + +## 2.4 + +- Added restful API +- Added ability to set different layouts for each day of the week +- Added ability to set reminders for reservation beginning and end +- Added UI management page for changing configuration +- Added ability for users to set default schedule +- Added ability to display schedules vertically +- Text for slot labels is now tokenized +- Added WordPress authentication plugin +- Added ability to use reCAPTCHA instead of built in captcha +- Added ability to set logo and custom css files +- Added configurable home page and logout urls +- Added ability to manage user groups from user management page +- Added Bulgarian and Flemisch language packs +- Localized the installation and configuration pages +- Fixed issues with accessory and reservation migration +- Added ability to disable password reset +- Numerous bug fixes and minor enhancements + +## 2.3 + +- Added ability for administrators of all levels to create reports +- Added ability to create a reservation from the schedule and resource calendar views +- Added ability to create recurring blackout dates +- Added schedule admin role +- Added setting to disable recurring reservations for non-admins +- Added setting to automatically subscribe users to all emails +- Added setting to prevent reservation invitations and participation +- Added setting to load jQuery from CDN +- Added setting to return reservation to pending when updated +- Added Swedish translation +- Added full resource and accessory list to reservation emails +- Added ability to set resource order +- Added email address to user autocomplete +- Numerous minor enhancements added and defects fixed + +## 2.2 + +- Breaking change: For Active Directory authentication, please set your authentication plugin to ActiveDirectory. Ldap plugin is now targeted at non-Active Directory. +- Added ability to create custom attributes +- Rewrote CAPTCHA functionality +- Added account activation emails +- Added ability to upload reservation attachments +- Made post-registration action pluggable +- Added Saml SSO Authentication plugin +- Made configuring resource image directories easier +- Added ability to start schedules on Today +- Numerous minor enhancements added and defects fixed + +## 2.1 + +- Added resource administrator role +- Added configurable ability for application admins, resource admins and group admins to recieve reservation activity emails +- Added configuration options for user name formatting, resource editing rules, privacy settings and CSS extension file +- Added ability to subscribe to schedule, resource and personal calendars +- Added option for owner to receive emails when reservations are deleted +- Added participant email notifications when reservations are deleted +- Added ability use full HTML in announcements and resource descriptions/notes +- Many bug fixes, including: reservation approval, reservation admin delete, resource configuration, admin user creation, group user management, registration CAPTCHA +- Added Dutch, Spanish, Italian, Japanese, Polish, Catalan languages + +## 2.0.2 + +- Fix and additional logging for migration +- Minor UI cleanup of validation group error div +- Fixed defect with captcha +- Fixed defect not translating full day names properly when using date formatting +- Fixed some IE7 display problems +- Updated install instructions to be more clear for cPanel users +- Dashboard now shows upcoming reservations for owned/invited/participating +- Fixed defect on quotas which was not working for non English +- Fixed defect where accessories with unlimited quantities were being rejected +- Fixed defect on manage blackouts +- Added pre-reservation plugin example +- Ajax reservation now displays errors +- Fixed defect selecting first period instead of last period when reservation ends at start time of first period +- Fixed defect displaying reservation on first period of the day if it ends at the first period's start time +- Fixed bug adding users from the admin tool +- Fixed javascript single quote bugs + +## 2.0.1 + +- Perfomance improvements on bookings page +- Added Spanish and Dutch translations +- Added ability to view reservation details from view schedule page +- Fixed defect loading translated emails +- Fixed defect approving reservations +- Fixed defects when using IE +- Fixed defect showing an error during log out when using LDAP + +## 2.0 + +- Fully rewritten from scratch with a focus on testability, extensibility and maintainability +- All new, more intuitive and friendly user interface +- Pluggable authentication, authorization, permissions, pre/post reservation actions +- Ability to reserve multiple resources at one time +- Flexible layout configuration and time slot labeling +- Quotas +- Roles +- Better Microsoft Outlook integration +- Easier installation process diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 232acdd50..55695feaa 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -1,61 +1,64 @@ # Contributors of LibreBooking + - [Nick Korbel, Twinkle Toes Software, LLC](https://www.twinkletoessoftware.com/services/) Original Developer of Booked Scheduler -- [Alois Schloegl](#) -- [Paul Menchini](#) +- Alois Schloegl +- Paul Menchini - [Bart Verheyde](mailto:bart.verheyde@ugent.be) - [effgarces](https://github.com/effgarces) fork maintainer - [attero](https://github.com/apfelchips) ## Translators -- [Boris Vatin](#) (French) -- [Dariusz Kliszewski](#), Grzegorz Bis (Polish) -- [Tadafumi Kouzato](#) (Japanese) -- [Jonne Olie](#) (Dutch) -- [Julio Guedimin](#), [Manuel J. Morgado Morano](#), [Laura Arjona](#) (Spanish) -- [Jordi Divins](#) (Catalan) -- [Nicola Ruggero](#), [Daniele Cordella](), [Marco Ponti]() (Italian) -- [Olli Räisänen](#), [Afaf Fafa]() (Finnish) -- [Jakub Baláš](#), [Leoš Jedlička]() (Czech) -- [Maik Standtke](#), [Sven de Vries, Jonas Endersch]() (German) -- [Stephen Höglund](#) (Swedish) -- [Vladislav Zhivkov](#) (Bulgarian) -- [Bart Verheyde](#) (Flemisch) -- [William Oliveira](#), [Fábio Luiz Barbosa (Portuguese Brazil) -- [Yosef Branse](#) (Hebrew) -- [Vladislav Zhivkov](#) (Bulgarian) -- [Linas Redeckis](#) (Lithuanian) -- [Davor Tomasevic](#) (Croatian) + +- Boris Vatin (French) +- Dariusz Kliszewski, Grzegorz Bis (Polish) +- Tadafumi Kouzato (Japanese) +- Jonne Olie (Dutch) +- Julio Guedimin, Manuel J. Morgado Morano, Laura Arjona (Spanish) +- Jordi Divins (Catalan) +- Nicola Ruggero, Daniele Cordella, Marco Ponti (Italian) +- Olli Räisänen, Afaf Fafa (Finnish) +- Jakub Baláš, Leoš Jedlička (Czech) +- Maik Standtke, Sven de Vries, Jonas Endersch (German) +- Stephen Höglund (Swedish) +- Vladislav Zhivkov (Bulgarian) +- Bart Verheyde (Flemisch) +- William Oliveira, [Fábio Luiz Barbosa (Portuguese Brazil) +- Yosef Branse (Hebrew) +- Vladislav Zhivkov (Bulgarian) +- Linas Redeckis (Lithuanian) +- Davor Tomasevic (Croatian) - [Alenka Kavčič](mailto:alenka.kavcic@fri.uni-lj.si) (Slovenian) -- [Tage Jørgensen](#) (Danish) -- [Tran Dai Nghia](#) (Vietnamese) -- [Karl Jaani](#) (Estonian) -- [Erhan Harmankaya](#) (Turkish) -- [Txeli Sanchez](#) (Basque) -- [Razvan Mihaila](#) (Romanian) -- [Veliša Bujić](#) (Serbian) -- [Róbert Bere](#) (Hungarian) +- Tage Jørgensen (Danish) +- Tran Dai Nghia (Vietnamese) +- Karl Jaani (Estonian) +- Erhan Harmankaya (Turkish) +- Txeli Sanchez (Basque) +- Razvan Mihaila (Romanian) +- Veliša Bujić (Serbian) +- Róbert Bere (Hungarian) -If you want your information to be updated or mentioned here, please make a pull request, or contact us via chat. +If you want your information to be updated or mentioned here, please make a pull request, or contact us via chat. ## Libraries Thank you to the following projects and libraries -- [Smarty](#) -- [PEAR](#) -- [adLDAP](#) -- [jQuery](#) -- [FullCalendar](#) -- [log4php](#) -- [securimage](#) -- [SimpleImage](#) -- [PHPMailer](#) -- [jsTimezoneDetect](#) -- [jqplot](#) -- [FeedWriter](#) -- [Slim](#) -- [Bootstrap](#) -- [Select2](#) -- [Owl](#) -- [Font Awesome](#) -- [Gregwar/captcha](#) -- [Monolog](#) \ No newline at end of file + +- [Smarty](https://www.smarty.net/) +- [PEAR](https://pear.php.net/) +- [adLDAP](https://github.com/adldap/adLDAP) +- [jQuery](https://jquery.com/) +- FullCalendar +- log4php +- securimage +- SimpleImage +- PHPMailer +- jsTimezoneDetect +- jqplot +- FeedWriter +- Slim +- Bootstrap +- Select2 +- Owl +- Font Awesome +- Gregwar/captcha +- Monolog diff --git a/LICENSE.md b/LICENSE.md index 1110e8987..b3fe4f11e 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,5 +1,4 @@ -GNU General Public License -========================== +# GNU General Public License _Version 3, 29 June 2007_ _Copyright © 2007 Free Software Foundation, Inc. <>_ diff --git a/README.md b/README.md index 06f448435..bf4729080 100644 --- a/README.md +++ b/README.md @@ -8,25 +8,27 @@ Second, if you found a bug submit an issue. Third, if you managed to fix or trace the problem update the issue, even you can't code, others might be able to quickly provide a fix and maybe even submit a pr. Finally if you can code, please contribute to the project even if it's something simple, like fixing grammatical errors all the help is appreciated. -# Community discussion channel on Discord +## Community discussion channel on Discord There is a community discussion channel on Discord at -https://discord.gg/AEvcebqB (If this link doesn't work please file an Issue. + (If this link doesn't work please file an Issue. We set the link to never expire but for some reason it still keeps becoming invalid) ## TODO list + Because LibreBooking is an opensource project, there are some things we have to do to make it better. Here is a list of things you can do if you're interested in helping out -- -# Welcome to LibreBooking +## Welcome to LibreBooking This is a community effort to keep the OpenSource [GPLv3](./LICENSE.md) LibreBooking alive, see [History](./doc/HISTORY.md) -# Note: -## The update project is currently in the beta phase; testing and participation from all users and administrators are required. +### Note + +The update project is currently in the beta phase; testing and participation from all users and administrators are required. ## What's new? + - Update to Bootstrap 5 and migration of icons to Bootstrap Icons. ![Update to Bootstrap 5 and migration of icons to Bootstrap Icons](./Web/img/readme/01.png) @@ -47,7 +49,7 @@ This is a community effort to keep the OpenSource [GPLv3](./LICENSE.md) LibreBoo - Rename Web/booked.css to Web/librebooking.css (this is no longer Booked Schedule ;-) ). -- Ability to change the color scheme in config.php $conf['settings']['css.theme'] = 'default' and/or customize an existing one in Web/css/librebooking.css +- Ability to change the color scheme in `config.php $conf['settings']['css.theme'] = 'default'` and/or customize an existing one in `Web/css/librebooking.css` ![color scheme](./Web/img/readme/10.png) ![color scheme](./Web/img/readme/11.png) @@ -76,9 +78,11 @@ This is a community effort to keep the OpenSource [GPLv3](./LICENSE.md) LibreBoo [developer documentation](./doc/README.md) ## Help + Please consult the wiki for more help ## REPO + ## ReCaptcha @@ -89,682 +93,3 @@ Please consult the wiki for more help For information on how to use LibreBooking in a Docker container see: - -## Release Notes - -#### 2.8.6.2 - 2024-08-18 -See all the changes at - -#### 2.8.6.1 - 2023-09-26 -Mainly Bug fixes, special mention for the ldap plugin, more details at - -#### 2.8.6 - 2023-04-18 - -Librebooking now has PHP8 support -Many bugs, updates and even new features were added but the list is a bit long so for further details please check the commit history - - -#### 2.8.5.5 - 2022-02-11 - -**This version is no longer developed by Twinkle Toes Software ()** -Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app](https://github.com/LibreBooking/app) -Fork this repo, contribute and help keep it alive - -Small update to fix a security issue - - -#### 2.8.5.4 - 2021-09-03 - -**This version is no longer developed by Twinkle Toes Software ()** -Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app](https://github.com/LibreBooking/app) -Fork this repo, contribute and help keep it alive - -Way too many changes, bugfixes and improvements to list them all here, so please take a look at: https://github.com/LibreBooking/app/commits/master - -#### 2.8.5.3 - 2021-03-10 - -**This version is no longer developed by Twinkle Toes Software ()** -Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app](https://github.com/LibreBooking/app) -Fork this repo, contribute and help keep it alive - -- Added translation: Greek -- Updated jsPDF -- Bugfixes - -#### 2.8.5.2 - 2021-01-25 - -**This version is no longer developed by Twinkle Toes Software ()** -Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app]() -Fork this repo, contribute and help keep it alive - Bugfixes - -#### 2.8.5.1 - 2020-11-11 - -**This version is no longer developed by Twinkle Toes Software ()** -Based on the original open source version of Booked, now available at: [https://github.com/LibreBooking/app]()
- -Fork this repo, contribute and help keep it alive - Added intial support for generating pdf's on the reservation page - -- Added two plugins (Moodle Advanced Authentication and Admin Check-in/out Only) -- Updated portuguese translation -- Bugfixes - -#### 2.8.5 - -- Added import and export of groups -- Updated Danish translation -- Allow lower level administrators edit in-progress reservations -- Added optional email to be sent to users when changing resource status -- Added setting to show week numbers on calendars -- Added settings to require phone, position, and organization during registration -- Bugfixes - -#### 2.8.4 - -- Allow reservations on the schedule to be filtered by owner or participant -- Include participant list in reports output -- Add resource concurrency to resource import and export -- Bugfixes - -#### 2.8.3 - -- Do not require logging in to set up resource tablet display -- Bugfixes - -#### 2.8.2 - -- Added the ability to set a limit on the number of concurrent reservations per resource -- Removed the ability to set a schedule as allowing unlimited concurrent reservations per resource -- Bugfixes - -#### 2.8.1 - -- Added ability to limit the total number of concurrent reservations for a schedule -- Added ability to limit the number of resources per reservation for a schedule - -#### 2.7.8 - -- Added ability to repeat a reservation on non-sequential dates -- Updated PayPal API to version 2 -- Added option to sync group membership when logging in via SAML -- Updated Portuguese, German, and Spanish translations -- Updated PhpCAS to 1.3.8 -- MySQL 8+ compatibility -- Bugfixes - -#### 2.7.7 - -- Added a configuration option to show whether a reservation is new or updated for a period of time -- Added Hungarian translation -- Bugfixes - -#### 2.7.6 - -- Added email notifications when participants of a reservation accept or decline invites -- Added reservation waitlist signup on view reservation page -- Added ability to restrict guests from using tablet view -- Notify users if the creation of a blackout time deletes their reservation -- Updated Portuguese and Finnish translations -- Bugfixes - -#### 2.7.5 - -- Added utilization reports -- Added ability to find a specific time -- Added recurring reservation series ending emails -- Added credits to reservation emails -- Added link to add to Google Calendar to reservation emails -- Bugfixes - -#### 2.7.4 - -- Added availability view to reservation page -- Added participant list to reservation emails -- Redesign of resource tablet display -- Added ability to search for reservations that missed checkin/checkout -- Bugfixes - -#### 2.7.3 - -- Added ability to set user status on CSV import -- Added ability to share reservation details via email -- Added ability set the resources, groups, and schedules a group can administer from Groups tool -- Bugfixes - -#### 2.7.2 - -- Added monitor display view -- Resolved accessibility issues -- Added Serbian -- Bugfixes - -#### 2.7.1 - -- Added ability to purchase credits -- Added credit usage to the reservation page -- Added ability to set comma or semicolon delimited admin.email configuration setting to allow multiple admin emails -- Added ability to send a reservation to Google Calendar -- Added ability to select a resource image while adding -- Added ability to begin a reservation directly from Slack -- Added ability to set default group membership -- Added ability to require terms of service acknowledgment -- Added ability to set login page announcements -- Added ability to set schedule availability dates -- Added ability to configure different minimum notice rules for reservation add, edit and delete -- Added ability to allow multiple reservations on the same resource at the same time for a schedule -- Added ability to set multiple resource images -- Added ability to set view-only resource permissions -- Added ability to sync group membership from LDAP and CAS -- Added ability to set fully custom layout slots -- Added blackouts to schedule and resource calendar view -- Added view calendar page -- Added ability to embed a Booked calendar view on an external website -- Added ability to require reservation title and description -- Added user groups to report output -- Added ability to set custom favicon -- Added ability to customize email messages -- Added ability to bulk delete resources -- Resource QR code will open ongoing reservation if it requires check in -- Added ability to find an open recurring time -- Upgraded jQuery to latest -- Bugfixes - -#### 2.6.8 - -- Added ability to see real time availability when selecting additional resources -- Added the ability to set a delete/reject reason -- Added the ability to update users and resources on import from CSV -- Allow setting phone, organization and position when creating a user from the admin section -- Better highlight pending reservations on Dashboard and popups -- Optimize JavaScript file loading for better page rendering times -- Bugfixes - -#### 2.6.7 - -- Added real-time indication of additional resource availability in reservation screen -- Added ability to search for reservations -- Added ability to send user an email when an account is created for them -- Added option to show captcha on login -- Updated reCaptcha to use nocaptcha -- If recurring start and end dates are not the same, then include both in the emails -- Added Basque language -- Added Thai language -- Bugfixes - -#### 2.6.6 - -- Added ability to set default start and end reminders -- Added ability to import resources from CSV -- Added ability to export resources to CSV -- Added ability to export users to CSV -- Added ability to include custom attributes in user CSV import -- Added ability to import reservations from CSV -- Added ability to bulk delete users -- Added ability to bulk delete reservations -- Added ability to bulk delete blackouts -- Added ability to drag and drop reservations from calendar views -- Added ability to select multiple options for most report filters -- Added password update API -- Added ability to set number of past and future days to include for Atom and iCalendar subscriptions -- Added ability to apply configured default homepage to existing users -- Saved reports and exported reports will use same columns -- Added credits to manage reservations and reports -- Show if a reservation is pending approval on popups and edit page -- Added config option to notify users if they missed their reservation check in time -- Numerous security fixes -- Bugfixes - -#### 2.6.5 - -- Ensure only one reminder email is sent per reservation when multiple resources are booked -- Added Vietnamese -- Added ability to automatically fill in blocked time slots based on gaps in available slots -- Added ability to update a reservation before approving it -- Added resource type filter to reports -- Bugfixes - -#### 2.6.4 - -- Use resource color on availability dashboard -- Display reservations for multiple resources as one item on dashboard -- Better handling of dates on the reservation page when an entire day is unavailable -- Allow view schedule to be changed to alternate schedule views -- Upgrade PHPMailer -- Bugfixes - -#### 2.6.3 - -- Include resource name in all email subjects -- Added 'Today' link to schedule navigation -- Added real time accessory quantity availability -- Added ability to include email and phone in reservation popup -- Added support for MySQL 5.7+ -- Added use sso flag for Active Directory authentication -- Added user available credits to the reservation page -- Added ability to copy a resource -- Added Russian -- Bugfixes and security updates - -#### 2.6.2 - -- Added ability to invite users to join Booked -- Added ability to repeat multi-day reservations -- Added additional columns to reports -- Bugfixes -- Updated French language pack - -#### 2.6.1 - -- Bugfixes - -#### 2.6 - -- Mobile first, fully responsive user interface -- Allow guests to book and be invited to reservations -- Allow users to join wait list if requested time not available -- Control resource usage with credits -- Ability to request that users check in and out of reservations, optionally auto-releasing the reservation -- Allow users to sign in using Facebook or Google -- Require users to register with an email address from a known domain -- Set specific days and hours which quotas are enforced -- Allow quotas to exclude completed reservations -- Added ability to search for an available time rather than browsing schedule -- Require minimum and maximum number of accessories when specific resources are booked -- Ability to restrict announcements to certain groups or users with access to certain resources -- Added ability to book around conflicting reservations -- Added ability to set reservation color by user, resource, or custom attribute value -- Added tablet view that can be used to display resource schedule and allow sign ups -- Added private custom attributes -- Added admin-only custom attributes -- Added resource-aware custom reservation attributes -- Invites are attached to reservation emails as .ics file -- On mobile, allow a picture to be taken for resource image -- The first user to register will automatically be setup as the primary admin -- Numerous minor enhancements and bug fixes - -#### 2.5.21 - -- Added ability to duplicate a reservation -- Added ability to move reservations by dragging to new slot -- Added ability to blackout around existing reservations -- Added delete confirmation to reservation window -- Fix API bugs -- Fix bug not showing custom user attributes on manage user page -- Fix for account deleted email - -#### 2.5.20 - -- Added multi-date selection to bookings page -- Added ability to send announcements as emails -- Added ability to send email to all users when reservation is cancelled -- Added ability to filter on multiple resources on bookings page -- Added ability to allow cross origin requests for API -- Added ability to import ICS files -- Fixed click and drag on condensed week view -- Fixed problem showing hidden resources on dashboard - -#### 2.5.19 - -- Fixed some packaging issues from 2.5.18 -- Added ability to filter multiple resources on the schedule -- Updated Japanese language files - -#### 2.5.18 - -- Fixed bugs with CSRF checks -- Changed the manage reservation search filter to be inclusive of reservations spanning filtered time -- Fixed issue that didn't maintain selected date in schedule calendar popup -- Fixed double html encode issue for custom attributes -- Fixed issue filtering on custom attributes on manage reservations page -- Added fix to allow larger datasets returned when using group_concat -- Fixed the 'deleted by' name in the account deletion email - -#### 2.5.17 - -- Fixed bug preventing schedule view switching on Chrome and IE -- Fixed bug with reports showing no results when searching on accessories -- Fixed issue displaying schedule dates even when no slots are defined -- If register or forgot password urls open in external site, open in new window -- Include total hours in reports -- Changed reservation email message to come from whoever made the reservation -- Added ability to override language strings -- Fixed missing homepageid upon registration -- Fixed missing email address in reservation reminders -- Properly custom attribute regex format if user supplied version is incorrect -- Added ability to remove all assigned permissions for resource -- Added ability to include all reservation attributes in display labels -- Save calendar expand/collapse on schedule page -- Fixed bug determining when to send notification emails -- Fixed bug with PR language -- Changed resource availability web service to use same logic as dashboard -- Fixed issue displaying reservations when date had no slots -- Fixed bug that prevented cookies from being written properly in IE -- Fixed warning when path property is not found in the url -- Removed CSRF check on registration page -- Ensure session is started when rendering captcha -- Fixed syntax issue on PHP 5.3 and lower - -#### 2.5.16 - -- Added datetime custom attribute type -- Added ability to import a list of users -- Added ability to manage custom attributes through the API -- Added ability to customize report columns -- Added a yearly quota -- Added API for getting resource types and ability to set resource type in add/update -- Added ability to restrict showing user details to simply on/off or past/future reservations -- Added user deleted email notification -- When a reservation is created on behalf of another user, the user taking action is included in the email notifications -- When a user is created on behalf of another user, the user taking action is included in the email notification -- Improved rendering of schedule when being printed -- Resource details are now shown even if user does not have permission -- Added ability to include Google Analytics -- Fixed bug which prevented joining or canceling a recurring reservation instance if it violated a notice rule -- Fixed resource availability dashboard timeout issues -- Fixed bug with creating and updating reservations through the API -- Fixed bug which over-counted accessories when reservation contained multiple resources -- Fixed bug loading resource type attributes when managing custom attributes -- Fixed bug requiring user to uncheck removed resources from all groups -- Fixed bug for resource groups when they are returned from the db sorted incorrectly -- Fixed bug with upcoming reservations dashboard -- Changed cookies to be scoped to Booked root path -- Implemented CSRF checks (thank you Netsparker) -- Updated French language pack -- Updated Croatian language pack - -#### 2.5.15 - -- Added ability for users to join reservations without being invited -- Upgraded CAS library to 1.3.3 -- Added Active Directory option to sync group membership into Booked -- Added user details popup -- Added ability to manage user and group permissions from resource management page -- Fixed bug preventing recurring reservations from being deleted in management page -- Fixed bug incorrectly grouping recurring reservations on calendar views -- Updated Italian language -- Updated Spanish language - -#### 2.5.14 - -- Added notice to schedule when no resources have been added -- Added emails to participants and invitees when a reservation is updated -- Added resource image to reservation email -- Added ability to set default homepage for new users -- Added dashboard item for current resource availability -- Fixed bug displaying wrong reservation dates on reservation save confirmation message -- Fixed bug on view schedule page when using daily layouts -- Fixed bug preventing individual reservations from being added to external calendars -- Fixed bug which did not check Sunday checkbox on recurring reservations -- Fixed bug on dst change preventing all reservations on that day -- Fixed bug causing permission updates performed by schedule admins to wipe out certain permissions -- Updated Italian language pack -- Updated Spanish language pack - -#### 2.5.13 - -- Fixed bug preventing reservations from being added to Outlook -- Fixed bug preventing accessories from showing in reservation popup -- Fixed bug preventing resource filter from working on view schedule -- Added Drupal authentication plugin (Drupal 7.x with MySQL only) -- Added ability to display participant and invitee lists in the reservation label -- Applied patch for HTTP security headers -- Updated Italian language - -#### 2.5.12 - -- Fixed English admin help page - -#### 2.5.11 - -- Fixed issue that was sending approval request emails on every reservation create/update if approval emails were enabled - -#### 2.5.10 - -- Fixed issue sending email from \*nix servers - -#### 2.5.9 - -- Added custom attributes to reports -- Added resource groups to calendar views -- Added ability to enter maintenance mode -- Added ability manage user groups through API -- Added more options for customizing the reservation slot label, including using custom attributes -- Added ability to customize reservation label for My Calendar, Resource Calendar, ICS feeds, RSS feeds and the reservation popup -- Added list of dates and resources to reservation confirmation message -- Added ability to receive reservation approval request emails -- Added API to get schedule slots -- Added finer-grained control over what profile values can be managed through Booked when using an authentication plugin -- Reduced the size of the bookings page -- Fixed bug graying out resources and dates when user and schedule timezone don't match -- Fixed bug handling non-UTC dates in API -- Fixed bug performing case sensitive match when checking if user is admin -- Fixed bug for GetAvailability API -- Updated German language files -- Updated Portuguese language files - -#### 2.5.8 - -- Added schedule and resource filter to My Calendar -- Fixed bug displaying week in calendar views -- Reduced the size of the bookings page by \~35% -- Updated German language files -- Updated Japanese language files -- Updated Portuguese language files - -#### 2.5.7 - -- Fixed potential XSS vulnerability on login page - -#### 2.5.6 - -- Fixed problem navigating to reservation details from tall schedule view -- Fixed problem rendering resource group management page - -#### 2.5.5 - -- Fixed problem updating plugin config files through UI -- Fixed date parsing in web services - -#### 2.5.4 - -- Fixed error updating resources - -#### 2.5.3 - -- Fixed manage reservations/resources custom attribute filter when multiple attributes are provided -- Fixed javascript error when recaptcha is disabled during registration -- Fixed error updating usage configuration of resources -- Fixed installer to handle the case when the database exists but no tables have been created -- Changed installer to use mysqli -- Fixed error filtering blackouts by resource -- Fixed error creating recurring reservation which sometimes picked the wrong week of the month - -#### 2.5.2 - -- Added ability for admins to filter reservations by custom attributes -- Added ability for admins update reservation custom attributes inline on manage reservations page -- Added paging and filtering on Manage Resources -- Added bulk update on Manage Resources -- Added admin dashboard for all upcoming reservations -- Added ability to leave protocol off script.url setting to auto-detect http vs https -- Fixed bug failing to display error message when invalid daily layout is being created -- Fixed missing HTML tags on print report page -- Added Croatian translation -- Updated Czech translation -- Fixed overly restrictive password validator -- Changed reservation confirmation screen to notify when the reservation requires approval -- Updates to Italian language pack - -#### 2.5.1 - -- Updated German language files -- Changed reservations web service to not default to current user if no user is provided -- Added resource availability web service -- Added reservation approval web service -- Fixed bug creating a opening new reservation window without a selected resource id -- Fixed bug where reservations ending at midnight would show on the next day for condensed view -- Fixed bug where role restricted pages could not be opened up to everyone -- Fixed bug when a hidden resource belongs to a group -- Fixed bug with schedule admin being able to see reservation list and see blackout list -- Fixed bug where readonly schedule page failed to render -- Fixed bug adding/removing resource images -- Fixed sample data import -- Cleaned up sample post-reservation plugin example - -#### 2.5 - -- Application renamed from phpScheduleIt to Booked Scheduler [(why?)](http://www.bookedscheduler.com/phpscheduleit) -- Added ability to reserve resource groups -- Added ability to filter schedule resources -- Added ability to specify resource type -- Added enhanced resource status management -- Added ability to specify buffer time between reservations (per resource) -- Custom attributes now appear on all reservation emails and balloons -- Added ability set custom attributes for an individual resource, user or resource type -- Added ability manage config files for all plugins through the UI -- Added ability to set reservation colors per user -- Added ability to subscribe to reservation Atom feeds -- Added ability update blackouts -- Added ability attach multiple items to a reservation -- Added Shibboleth authentication plugin (thank you to the folks at UCSF) -- Added ability to email admin for all new account creations -- Updates and cleanup on the API -- Removed password regex setting in favor of password complexity settings -- Changed schedule drop downs to exclude schedules if the user does not have permission to any of the resources belonging to it -- Added wide and condensed booking page views -- Added option to allow all users access to reports -- Added setting for default 'from' email address -- Changed the reservation page to default to the minimum resource reservation time -- Changed reservation update to grant permissions to all users if auto-assign permissions is being turned on -- Fixed showing 'Private' when the current user is the reservation owner -- Fixed bug where recurring reservations across daylight savings time boundaries were not being updated to the correct time -- Fixed bug where schedule would freeze on certain daylight savings boundaries -- Fixed pagination bug on manage reservations page -- Fixed bug allowing invitees to join a reservation that was already at capacity -- Fixed bug not enforcing resource cross day reservation constraint -- Fixed bug where quota rules were being enforced cumulatively for resources on a schedule -- Fixed bug where reminders were being sent for deleted reservations -- Updated all mysql_\* calls to mysqli_\* -- Numerous other minor fixes and updates - -#### 2.4.2 - -- Added ability to click and drag to create reservations -- Added ability hide blocked slots on schedule -- Added ability to view reservation participation on schedule -- Changed migration process to be asynchronous -- Fixed bug preventing reminders from running on some servers -- Fixed bug hiding labels for periods less than 1 hour -- Fixed bug in configuration management escaping special characters -- Fixed bug when changing start date/end date on reservation page -- Fixed bug selecting wrong start time when user and schedule timezones are different -- Updated German, Portuguese and Hebrew languages - -#### 2.4.1 - -- Changed periods spanning less than an hour to display tick marks instead of times -- Fixed bug when displaying vertical schedule when reservation title contained special characters -- Fixed bug in migration script not copying legacy password correctly -- Fixed bugs generating API documentation - -#### 2.4 - -- Added restful API -- Added ability to set different layouts for each day of the week -- Added ability to set reminders for reservation beginning and end -- Added UI management page for changing configuration -- Added ability for users to set default schedule -- Added ability to display schedules vertically -- Text for slot labels is now tokenized -- Added WordPress authentication plugin -- Added ability to use reCAPTCHA instead of built in captcha -- Added ability to set logo and custom css files -- Added configurable home page and logout urls -- Added ability to manage user groups from user management page -- Added Bulgarian and Flemisch language packs -- Localized the installation and configuration pages -- Fixed issues with accessory and reservation migration -- Added ability to disable password reset -- Numerous bug fixes and minor enhancements - -#### 2.3 - -- Added ability for administrators of all levels to create reports -- Added ability to create a reservation from the schedule and resource calendar views -- Added ability to create recurring blackout dates -- Added schedule admin role -- Added setting to disable recurring reservations for non-admins -- Added setting to automatically subscribe users to all emails -- Added setting to prevent reservation invitations and participation -- Added setting to load jQuery from CDN -- Added setting to return reservation to pending when updated -- Added Swedish translation -- Added full resource and accessory list to reservation emails -- Added ability to set resource order -- Added email address to user autocomplete -- Numerous minor enhancements added and defects fixed - -#### 2.2 - -- Breaking change: For Active Directory authentication, please set your authentication plugin to ActiveDirectory. Ldap plugin is now targeted at non-Active Directory. -- Added ability to create custom attributes -- Rewrote CAPTCHA functionality -- Added account activation emails -- Added ability to upload reservation attachments -- Made post-registration action pluggable -- Added Saml SSO Authentication plugin -- Made configuring resource image directories easier -- Added ability to start schedules on Today -- Numerous minor enhancements added and defects fixed - -#### 2.1 - -- Added resource administrator role -- Added configurable ability for application admins, resource admins and group admins to recieve reservation activity emails -- Added configuration options for user name formatting, resource editing rules, privacy settings and CSS extension file -- Added ability to subscribe to schedule, resource and personal calendars -- Added option for owner to receive emails when reservations are deleted -- Added participant email notifications when reservations are deleted -- Added ability use full HTML in announcements and resource descriptions/notes -- Many bug fixes, including: reservation approval, reservation admin delete, resource configuration, admin user creation, group user management, registration CAPTCHA -- Added Dutch, Spanish, Italian, Japanese, Polish, Catalan languages - -#### 2.0.2 - -- Fix and additional logging for migration -- Minor UI cleanup of validation group error div -- Fixed defect with captcha -- Fixed defect not translating full day names properly when using date formatting -- Fixed some IE7 display problems -- Updated install instructions to be more clear for cPanel users -- Dashboard now shows upcoming reservations for owned/invited/participating -- Fixed defect on quotas which was not working for non English -- Fixed defect where accessories with unlimited quantities were being rejected -- Fixed defect on manage blackouts -- Added pre-reservation plugin example -- Ajax reservation now displays errors -- Fixed defect selecting first period instead of last period when reservation ends at start time of first period -- Fixed defect displaying reservation on first period of the day if it ends at the first period's start time -- Fixed bug adding users from the admin tool -- Fixed javascript single quote bugs - -#### 2.0.1 - -- Perfomance improvements on bookings page -- Added Spanish and Dutch translations -- Added ability to view reservation details from view schedule page -- Fixed defect loading translated emails -- Fixed defect approving reservations -- Fixed defects when using IE -- Fixed defect showing an error during log out when using LDAP - -#### 2.0 - -- Fully rewritten from scratch with a focus on testability, extensibility and maintainability -- All new, more intuitive and friendly user interface -- Pluggable authentication, authorization, permissions, pre/post reservation actions -- Ability to reserve multiple resources at one time -- Flexible layout configuration and time slot labeling -- Quotas -- Roles -- Better Microsoft Outlook integration -- Easier installation process diff --git a/SECURITY.md b/SECURITY.md index cfce2fbd3..8aa05fab3 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,6 +8,5 @@ Only the most current stable version will receive patches for security vulnerabi | ------- | ------------------ | | 2.8.6.2 | :white_check_mark: | - Please report (suspected) security vulnerabilities to **[librebooking@outlook.com](mailto:librebooking@outlook.com)**. I will try to answer as soon as possible (please allow for 2 -5 days). If the issue is confirmed, a patch will be released as soon as possible depending on the complexity. diff --git a/doc/.markdownlint.yml b/doc/.markdownlint.yml new file mode 100644 index 000000000..8bbeade77 --- /dev/null +++ b/doc/.markdownlint.yml @@ -0,0 +1,7 @@ +--- +# .markdownlint.yml +default: true +MD013: false # Disable: maximum line length, for now. +MD024: + siblings_only: true # Multiple headings with the same context +MD036: false # Disable: Emphasis used instead of a heading diff --git a/doc/API.md b/doc/API.md index e02c3a636..66c64b055 100644 --- a/doc/API.md +++ b/doc/API.md @@ -2,48 +2,48 @@ A dynamically generated API documentation Page can be found by opening `/Web/Services/index.php` (API has to be enabled in config) -- [Getting Started With The API](#Getting-Started-With-The-API) -- [Accessories](#Accessories) -- [Accounts](#Accounts) -- [Attributes](#Attributes) -- [Authentication](#Authentication) -- [Groups](#Groups) -- [Reservations](#Reservations) -- [Resources](#Resources) -- [Schedules](#Schedules) -- [Users](#Users) - +- [Getting Started With The API](#getting-started-with-the-api) +- [Accessories](#accessories) +- [Accounts](#accounts) +- [Attributes](#attributes) +- [Authentication](#authentication) +- [Groups](#groups) +- [Reservations](#reservations) +- [Resources](#resources) +- [Schedules](#schedules) +- [Users](#users) ## Getting Started With the API ### Authenticating to LibreBooking For all of the secure service calls it is required to be -[Authenticated](#Authenticate). The basic steps are: +[Authenticated](#authenticate). The basic steps are: -1. Make a request to the [Authenticate](#Authenticate) POST API endpoint. The +1. Make a request to the [Authenticate](#authenticate) POST API endpoint. The POST data must be sent as JSON -1. The result from the [Authenticate](#Authenticate) POST API call, if +1. The result from the [Authenticate](#authenticate) POST API call, if successful, will contain the two values: `sessionToken` and `userId` 1. When making secure service calls the following headers must be set: - 1. `X-Booked-SessionToken` set to the value of `sessionToken` - returned by the [Authenticate](#Authenticate) API call. - 1. `X-Booked-UserId` set to the value of `userId` returned by the - [Authenticate](#Authenticate) API call. + 1. `X-Booked-SessionToken` set to the value of `sessionToken` + returned by the [Authenticate](#authenticate) API call. + 1. `X-Booked-UserId` set to the value of `userId` returned by the + [Authenticate](#authenticate) API call. ### POST Requests When making POST API requests it is required to send the POST data as JSON - ## Accessories ### POST Services + na. ### GET Services #### GetAllAccessories + __Description:__ Loads all accessories. CreditApplicability of 1 is per slot, 2 is per reservation @@ -74,8 +74,8 @@ __Response:__ } ``` - #### GetAccessory + __Description:__ Loads a specific accessory by id. CreditApplicability of 1 is per slot, 2 is per reservation @@ -146,6 +146,7 @@ __Request:__ ``` #### UpdateAccount + __Description:__ Updates an existing user account @@ -309,7 +310,6 @@ __Request:__ } ``` - #### UpdateCustomAttribute __Description:__ @@ -508,7 +508,6 @@ __Request:__ } ``` - #### Authenticate __Description:__ @@ -541,6 +540,7 @@ __Request:__ ``` ### GET Services + na. ## Groups @@ -584,7 +584,6 @@ __Request:__ {"name":"group name","isDefault":true} ``` - #### UpdateGroup __Description:__ @@ -629,7 +628,6 @@ __Request:__ } ``` - ### ChangeGroupRoles __Description:__ @@ -670,7 +668,6 @@ __Request:__ No request - ### ChangeGroupPermissions __Description:__ @@ -709,7 +706,6 @@ __Request:__ No request - ### ChangeGroupUsers __Description:__ @@ -779,7 +775,6 @@ __Response:__ } ``` - #### GetGroup __Description:__ @@ -816,7 +811,6 @@ __Response:__ } ``` - #### DeleteGroup __Description:__ @@ -944,7 +938,6 @@ __Request:__ } ``` - #### UpdateReservation __Description:__ @@ -1048,7 +1041,6 @@ __Request:__ } ``` - #### ApproveReservation __Description:__ @@ -1078,12 +1070,11 @@ __Response:__ "message": null } ``` + __Request:__ No request - - #### CheckinReservation __Description:__ @@ -1113,12 +1104,11 @@ __Response:__ "message": null } ``` + __Request:__ No request - - #### CheckoutReservation __Description:__ @@ -1153,7 +1143,6 @@ __Request:__ No request - ### GET Services #### GetReservations @@ -1222,7 +1211,6 @@ __Response:__ } ``` - #### GetReservation __Description:__ @@ -1343,7 +1331,6 @@ __Response:__ } ``` - #### DeleteReservation __Description:__ @@ -1364,7 +1351,6 @@ __Response:__ } ``` - ## Resources ### POST Services @@ -1438,7 +1424,6 @@ __Request:__ } ``` - #### UpdateResource __Description:__ @@ -1508,7 +1493,6 @@ __Request:__ } ``` - ### GET Services #### GetStatuses @@ -1606,7 +1590,6 @@ __Response:__ } ``` - #### GetStatusReasons __Description:__ @@ -1689,7 +1672,6 @@ __Response:__ } ``` - #### GetGroups __Description:__ @@ -1779,7 +1761,6 @@ __Response:__ } ``` - #### GetResource __Description:__ @@ -1838,7 +1819,6 @@ __Response:__ } ``` - GetAvailability __Description:__ @@ -1919,6 +1899,7 @@ __Response:__ ## Schedules ### POST Services + na. ### GET Services @@ -1958,7 +1939,6 @@ __Response:__ } ``` - #### GetSchedule __Description:__ @@ -2061,7 +2041,6 @@ __Response:__ } ``` - #### GetSlots __Description:__ @@ -2215,7 +2194,6 @@ __Request:__ } ``` - #### UpdateUser __Description:__ @@ -2273,7 +2251,6 @@ __Request:__ } ``` - #### UpdatePassword __Description:__ @@ -2367,7 +2344,6 @@ __Response:__ } ``` - #### GetUser __Description:__ diff --git a/doc/HISTORY.md b/doc/HISTORY.md index 5f98e06fa..4e9a47252 100644 --- a/doc/HISTORY.md +++ b/doc/HISTORY.md @@ -1,6 +1,8 @@ -Unfortunately the source code for Booked Scheduler is no longer being distributed and version 2.8.5 seems to have been the last open source release, see https://www.bookedscheduler.com/the-future-of-booked/ and https://sourceforge.net/projects/phpscheduleit/files/ "Booked Scheduler will become a ful SaaS offering on November 1, 2020. This open source project will be discontinued. " +# History -This repo is a copy of the https://sourceforge.net/projects/phpscheduleit git repo, it also contains several branches where I'm hoping to fix bugs, add features, etc. +Unfortunately the source code for Booked Scheduler is no longer being distributed and version 2.8.5 seems to have been the last open source release, see and "Booked Scheduler will become a full SaaS offering on November 1, 2020. This open source project will be discontinued. " + +This repo is a copy of the git repo, it also contains several branches where I'm hoping to fix bugs, add features, etc. Sadly I don't have the time to dedicate myself to this project, but I'm hoping to at least fix whatever bug may appear, with the limited understanding of the source code that I have. If you can help, or better yet, do you want go on with this project please fork it and keep developing it. Forks, help, bug reports are all welcome. diff --git a/doc/INSTALLATION.md b/doc/INSTALLATION.md index 074c6e310..8052e621a 100644 --- a/doc/INSTALLATION.md +++ b/doc/INSTALLATION.md @@ -1,40 +1,50 @@ -# LibreBooking Installation +# LibreBooking + +## LibreBooking Installation Note: for users without web hosting service or existing environment, packages like [XAMMP](http://www.apachefriends.org/en/index.html) or [WampServer](http://www.wampserver.com/en/) can help you get set up quickly. -# Fresh Installation +### Fresh Installation + +#### Server Configuration -## Server Configuration In an **Apache** or similar server environment, some required modules for LibreBooking may not be enabled by default. The following modules (or their equivalents) are often not enabled as part of a standard installation but should be enabled for the proper operation of the LibreBooking application: + * headers * rewrite -The enabled modules in an **Apache2** environment can be verified as follows:
-```$ apachectl -M```
+The enabled modules in an **Apache2** environment can be verified as follows: -If required modules are not present in the enabled list, modules can be enabled in an **Apache2** environment as follows:
-```$ sudo a2enmod headers```
-```$ sudo a2enmod rewrite```
-```$ sudo service apache2 restart``` +```bash +apachectl -M +``` -## Application Deployment to Server +If required modules are not present in the enabled list, modules can be enabled in an **Apache2** environment as follows: -Move the contents of the directory to your webserver's document root (or subsite). -If you don't have direct access to your document root or use a hosting service, then transfer the directory to your web server's document root using FTP or [WinSCP](https://winscp.net/). +```bash +sudo a2enmod headers +sudo a2enmod rewrite +sudo service apache2 restart +``` + +#### Application Deployment to Server + +Move the contents of the directory to your webserver's document root (or subsite). +If you don't have direct access to your document root or use a hosting service, then transfer the directory to your web server's document root using FTP or [WinSCP](https://winscp.net/). Copy `/config/config.dist.php` to `/config/config.php` and adjust the settings for your environment. Important! The web server must have write access (0755) to `/librebooking/tpl_c` and `/librebooking/tpl` [want to know why?](http://www.smarty.net/docs/en/variable.compile.dir.tpl") -If using an (S)FTP client, check read/write/execute for Owner and Group on `/tpl`, `/tpl_c`, and `/uploads` +If using an (S)FTP client, check read/write/execute for Owner and Group on `/tpl`, `/tpl_c`, and `/uploads` -LibreBooking will not work if PHP [session.autostart](http://www.php.net/manual/en/session.configuration.php#ini.session.auto-start) is enabled. +LibreBooking will not work if PHP [session.autostart](http://www.php.net/manual/en/session.configuration.php#ini.session.auto-start) is enabled. Ensure this setting is disabled. -## Application Configuration +#### Application Configuration -You can configure LibreBooking to fit your environments and needs or use the minimal default settings which should be enough for the application to work. -We recommend you to change according to your specifics. Additional information on all configuration settings can be found in the application help page. +You can configure LibreBooking to fit your environments and needs or use the minimal default settings which should be enough for the application to work. +We recommend you to change according to your specifics. Additional information on all configuration settings can be found in the application help page. To configure the application, you can open `/config/config.php` and alter any settings accordingly. The admin email address can be set in the `librebooking/config/config.php` file of `$conf['settings']['admin.email']` When later register an account with admin email address the user will be given admin privilege. @@ -43,16 +53,17 @@ In addition, to allow resource image uploads, the web server must also have read By default, LibreBooking uses standard username/password for user authentication. Alternatively, you can use LDAP authentication. See the plugins section of the application help page for more details. -Note: If you try to load the application at this time (eg. ), you will probably get a white page. +Note: If you try to load the application at this time (eg. ), you will probably get a white page. This is because there is no backend database configured yet. So continue on ... -## Database Setup +#### Database Setup + +You have 2 ways to set up your database for the application to work. -You have 2 ways to set up your database for the application to work. +##### Automatic Database Setup -### Automatically You must have the application configured correctly before running the automated install. The automated database setup only supports MySQL at this time. @@ -61,7 +72,7 @@ Note: Some may see directory permission issues displayed on the page. The web server must have write access to `/librebooking/tpl_c` and `/librebooking/tpl`. If you cannot provide the required permission. Contact your web server administrator or hosting service to resolve or run the manual install -### Manually +##### Manual Database Setup The packaged database scripts make assumptions about your desired database configuration and set default values. Please edit them to suit your environment before running. The files are located in `librebooking/database_schema/` @@ -75,7 +86,7 @@ Adding the database and user Select the MySQL Databases tool -Add a new user with username and password of your choice. +Add a new user with username and password of your choice. This will be the database user and database password set in your LibreBooking config file. **Please be aware that some hosts will prefix your database user name.** @@ -98,19 +109,19 @@ Open `/database_schema/full-install.sql` and edit the database name and username Run or import `/database_schema/full-install.sql` Optionally - run/import `/database_schema/testdata-utf8.sql` to librebooking (sample application data will be created with 2 users: admin/password and user/password). These users are available for testing your installation. -You are done. Try to load the application at (eg. http://yourhostname/librebooking/Web/). +You are done. Try to load the application at (eg. [http://yourhostname/librebooking/Web/](http://yourhostname/librebooking/Web/)). -## Registering the Administrator Account +#### Registering the Administrator Account -After the database has been set up you will need to register the account for your application administrator. Navigate to register.php register an account with email address set in $conf['settings']['admin.email']. +After the database has been set up you will need to register the account for your application administrator. Navigate to register.php register an account with email address set in `$conf['settings']['admin.email']`. -# Upgrading +## Upgrading -## Upgrading from a previous version of LibreBooking (or Booked 2.x and phpScheduleIt 2.x) +### Upgrading from a previous version of LibreBooking (or Booked 2.x and phpScheduleIt 2.x) The steps for upgrading from a previous version of LibreBooking are very similar to the steps described above in Application Deployment to Server. -### Recommended +#### Recommended The recommended approach is to backup your current LibreBooking files, then upload the new files to the that same location. This prevents any old files from interfering with new ones. @@ -118,24 +129,22 @@ After the new files are uploaded, copy your old `config/config.php` file to the Then run `/Web/install/configure.php` to bring your config file up to date. If you have any uploaded resource images you will need to copy them from their old location to the new one. -### Alternative +#### Alternative An alternative upgrade approach is to overwrite the current LibreBooking files with the new ones. If doing this, you must delete the contents of `/tpl_c`. This approach will not allow you to roll back and will not clear out any obsolete files. - -### Database +#### Database After the application files have been upgraded you will need to upgrade the database. - -#### Automatically +##### Automatical Database Upgrade The automatic database upgrade is exactly the same as the automatic database install. Please follow the instructions in the Automatic Database Setup section above. -#### Manually +##### Manual Database Upgrade The packaged database scripts make assumptions about your desired database configuration and set default values. Please edit them to suit your environment before running. @@ -143,69 +152,66 @@ The files are located in `librebooking/database_schema/upgrades.` Depending on your current version, import the `upgrade.sql` file within each subdirectory to get to the current version (we recommend [adminer](https://www.adminer.org/) for this) For example, if you are running version 2.0 and the current version is 2.2 then you should run `librebooking/database_schema/upgrade/2.1/upgrade.sql` then `librebooking/database_schema/upgrade/2.2/upgrade.sql` -## Migrating from version 1.2 +### Migrating from version 1.2 A migration from 1.2 to 2.0 is supported for MySQL only. This can be run after the 2.0 installation. To run the migration open `/Web/install/migrate.php` directory in a web browser and follow the on-screen instructions. - -# Getting Started +## Getting Started ### The First Login There are 2 main types of accounts, they are admin and user account. -- If you imported a sample application data, you now can use admin/password and user/password to login and make changes or addition via the application. -- If not, **you will need to register an account with your configured admin email address**. The admin email address can be set in the librebooking/config/config.php file of setting $conf['settings']['admin.email'] +* If you imported a sample application data, you now can use admin/password and user/password to login and make changes or addition via the application. +* If not, **you will need to register an account with your configured admin email address**. The admin email address can be set in the `librebooking/config/config.php` file of setting `$conf['settings']['admin.email']` Other self registration accounts are defaulted to normal users. After registration you will be logged in automatically. -At this time, it is recommended to change your password. -- For LDAP authentication please login with your LDAP username/password. - - -## Log Files +At this time, it is recommended to change your password. - LibreBooking logs multiple levels of information categorized into either application or database logs. To do this: -- To allow application logging, the PHP account requires write access (0755) to your configured log directory. -- Logging is configured in /config/config.php -- Levels used by LibreBooking are OFF, DEBUG, ERROR. For normal operation, ERROR is appropriate. If trace logs are needed, DEBUG is appropriate. -- To turn on application logging, change the $conf['settings']['logging']['level'] = to an appropriate level for either the default or sql loggers. For example, $conf['settings']['logging']['level'] = 'debug'; +* For LDAP authentication please login with your LDAP username/password. +#### Log Files -## Enabling LibreBooking API +LibreBooking logs multiple levels of information categorized into either application or database logs. To do this: -LibreBooking has the option to expose a RESTful JSON API. This API can be leveraged for third party integration, automation or to develop client applications. +* To allow application logging, the PHP account requires write access (0755) to your configured log directory. +* Logging is configured in /config/config.php +* Levels used by LibreBooking are OFF, DEBUG, ERROR. For normal operation, ERROR is appropriate. If trace logs are needed, DEBUG is appropriate. +* To turn on application logging, change the `$conf['settings']['logging']['level'] =` to an appropriate level for either the default or sql loggers. For example, `$conf['settings']['logging']['level'] = 'debug';` +### Enabling LibreBooking API -### Prerequisites +LibreBooking has the option to expose a RESTful JSON API. This API can be leveraged for third party integration, automation or to develop client applications. -- PHP 7.0 or greater -- To use 'friendly' URLs, mod_rewrite or URL rewriting must be enabled -- Your web server must accept all verbs: GET, POST, PUT, DELETE +#### Prerequisites +* PHP 7.0 or greater +* To use 'friendly' URLs, mod_rewrite or URL rewriting must be enabled +* Your web server must accept all verbs: GET, POST, PUT, DELETE -## Configuration +#### Configuration -- Set `$conf['settings']['api']['enabled'] = 'true'`; in your config file. -- If you want friendly URL paths, mod_rewrite or URL rewriting must be enabled. Note, this is not required in order to use the API. -- If using mod_rewrite and an Apache alias, ensure RewriteBase in /Web/Services/.htaccess is set to that alias root. +* Set `$conf['settings']['api']['enabled'] = 'true'`; in your config file. +* If you want friendly URL paths, mod_rewrite or URL rewriting must be enabled. Note, this is not required in order to use the API. +* If using mod_rewrite and an Apache alias, ensure RewriteBase in /Web/Services/.htaccess is set to that alias root. +#### API Documentation -## API Documentation - Auto-generated documentation for API usage can be found by browsing http://your_librebooking_url/Web/Services. - This documentation describes each available service, indicates whether or not the service is available to unauthenticated users/administrators, and provides example requests/responses. +Auto-generated documentation for API usage can be found by browsing http://your_librebooking_url/Web/Services. +This documentation describes each available service, indicates whether or not the service is available to unauthenticated users/administrators, and provides example requests/responses. -## Consuming the API +#### Consuming the API If URL rewriting is being used, all services will be available from http://your_librebooking_url/Web/Services If not using URL rewriting, all services will be available from http://your_librebooking_url/Web/Services/index.php +Certain services are only available to authenticated users or administrators. Secure services will require a session token and userid, which can be obtained from the Authentication service. -Certain services are only available to authenticated users or administrators. Secure services will require a session token and userid, which can be obtained from the Authentication service. +## Support -# Support Please post any questions or issues to the github repo or the gitter chat room. diff --git a/doc/Oauth2-Configuration.md b/doc/Oauth2-Configuration.md index e58db9392..efdf63ea7 100644 --- a/doc/Oauth2-Configuration.md +++ b/doc/Oauth2-Configuration.md @@ -1,11 +1,14 @@ # Oauth2 Configuration + You can use any IdP (Identity Provider) which supports Oauth2 like [authentik](https://goauthentik.io) or [Keycloak](https://www.keycloak.org/) for authentification with LibreBooking ## IdP Configuration + First you need to create a Client in your IdP in Confidential mode (Client ID and Client Secret). The Client need to allow redirects to `/Web/oauth2-auth.php` ex. `https://librebooking.com/Web/oauth2-auth.php` and need the scoopes `openid`, `email` and `profile`. The mapping of Oauth2 attributes to LibreBooking attributes is: + - `email` -> `email` - `given_name` -> `firstName` - `family_name` -> `lastName` @@ -15,7 +18,9 @@ The mapping of Oauth2 attributes to LibreBooking attributes is: - `title` -> `title` ## LibreBooking Config + To connect LibreBooking with your Oauth2 IdP you need to add the following vars to your `config.php`, in this example with authentik as IdP with the url `authentik.io`. + ```php $conf['settings']['authentication']['allow.oauth2.login'] = 'true'; // Enable Oauth2 $conf['settings']['authentication']['oauth2.name'] = 'authentik'; // Display name of Oauth2 IdP @@ -27,6 +32,7 @@ $conf['settings']['authentication']['oauth2.client.secret'] = '13246zgtfd4t456zh ``` To hide the internal LibreBooking Login you can additional add the following variable. + ```php $conf['settings']['authentication']['hide.booked.login.prompt'] = 'true'; ``` diff --git a/doc/README.md b/doc/README.md index 6a38f41ef..77aab0da9 100644 --- a/doc/README.md +++ b/doc/README.md @@ -1,6 +1,7 @@ # Developer Documentation ## Working on the project + The `develop` branch contains the most current working code of the Project and should be considered beta. The `master` branch is the most current stable release of LibreBooking. You can automatically keep your fork up to date with the [pull GitHub App](https://github.com/apps/pull). which will sync the `master` (hardreset) and `develop` (rebase) branches for you. @@ -9,12 +10,13 @@ Please commit bugfixes / features to a new branch prefixed `bugfix-`, `feature-` See what's currently worked on / add your own efforts to this [Active Devlopment pad](https://demo.hedgedoc.org/4MVpNd46TL2LI_IKR9K1EQ?both#). ## Design philosophy + The Model-View-Presenter (MVP) pattern is used to keep a clear separation between application logic and presentation logic. Page objects act as thin abstraction to the template engine and typically have no other logic. Presenter objects orchestrate interactions between underlying application logic objects and the page. This typically includes fetching and transforming data and minimal application logic. -``` +```text [page].php should - define ROOT_DIR - include /Pages/[page]Page.php @@ -29,38 +31,46 @@ Logically related code should be grouped in a directory with a "namespace.php" f This simply makes it easier to include necessary file dependencies. ## API + LibreBooking has a REST-API [API-Documentation](./API.md) ## User interface + [Smarty template engine](https://www.smarty.net/docsv2/en/language.basic.syntax.tpl) is used for all UI presentation. Page templates are located in `/tpl` and, by default, are cached to `/tpl_c` [Fugue Icons](https://p.yusukekamiyamane.com/) are used as the default iconset and when needed saved to `/Web/img/.png` ## Tools + you can easily install these useful php tools needed for development with [phive](https://github.com/phar-io/phive#getting-phive) and [composer](https://getcomposer.org/download/) For phive to work properly you also need to install [gnupgp](https://www.gnupg.org/download/index.html#binary) Simply run `composer install-tools` in the root of the project and all tools will be available inside the `/tools` directory. ### [Phing](https://www.phing.info/#docs) + `composer build` Builds / Packages a distributable relase inside `/build` configured via `/build.xml`. ### [PHPUnit](https://phpunit.readthedocs.io/en/latest/writing-tests-for-phpunit.html) + All classes should have good unit test coverage. The level of coverage is up to the developer and should be done when the code is sufficiently complex. Tests must all succeed for a final release. ### [PHPDocumentor](https://docs.phpdoc.org/latest/guide/guides/running-phpdocumentor.html) + Generates automatic documentation based on code comments. You can customize the output by copying `/phpdoc.dist.xml` to `/phpdoc.xml` which now takes precedence and isn't tracked with git. The documentation will be generated in `/.phpdoc/build`. ### [PHP-CS-Fixer](https://github.com/FriendsOfPhp/PHP-CS-Fixer#usage) + `compser lint` and `composer fix` -lints (just warnings) and fixes (changes files) code formating to [PSR-12] +lints (just warnings) and fixes (changes files) code formating to [PSR-12] ## Application Structure +```text /config Application configuration /Controls All reusable page control objects /database_schema Base and upgrade sql scripts @@ -108,7 +118,9 @@ lints (just warnings) and fixes (changes files) code formating to [PSR-12] /Web All user facing pages /scripts All application related javascript files /WebServices The LibreBooking API +``` ## Database + ![Entity Relationship Diagram](./ERD.svg) you can open `/doc/LibreBooking.mbw` with [MySQL Workbench](https://www.mysql.com/products/workbench/) to edit/update this ERD diff --git a/doc/SAML-Configuration.md b/doc/SAML-Configuration.md index e5f18d5a6..e3f80ade1 100644 --- a/doc/SAML-Configuration.md +++ b/doc/SAML-Configuration.md @@ -1,7 +1,9 @@ +# SAML (Security Assertion Markup Language) Configuration + **It is important to make sure registration.require.email.activation is set to false in Application Configuration. If email activation is enabled users will never be able to log in.** -### LibreBooking SAML Introduction +## LibreBooking SAML Introduction LibreBooking comes with multiple Single Sign On plugins out of the box. There are many benefits to SSO over standard authentication. For administrators, having a single @@ -15,7 +17,7 @@ But SAML is different. SAML requires a 3rd party application called [SimpleSAMLphp](http://web.archive.org/web/20210303172340/https://simplesamlphp.org/) to be running on the same server as LibreBooking. -### Install SimpleSAMLphp +## Install SimpleSAMLphp Our first step is to download the latest version of [SimpleSAMLphp](http://web.archive.org/web/20210303172340/https://simplesamlphp.org/) and install it on your web @@ -25,7 +27,7 @@ www directory. For example, if you install it to `/home/username/simplesamlphp` `/home/username/simplesamlphp/www`. The reason we do this is because the only files which need to be publicly visible in SimpleSAMLphp are located in the www directory. Exposing more than that opens unnecessary security holes. -### Configure SimpleSAMLphp +## Configure SimpleSAMLphp SimpleSAMLphp has a lot of configuration options. If you’re like me and far from an expert in SAML, it’s overwhelming. Luckily, since LibreBooking is a Service Provider it doesn’t need anything special. I’ll go through each of the settings @@ -64,7 +66,7 @@ to work. Alternatively, you can set up any PDO supported database to store session data. Since I use SQLite, I have this set to something like `sqlite:/home/username/tmp/sqlitedatabase.sq3` -### Exchange Metadata +## Exchange Metadata Now that we have the configuration set, we’ll need to exchange metadata. @@ -76,7 +78,7 @@ SimpleSAMLphp has a handy metadata XML conversion tool, which we’ll use to finish up our configuration. * Open the admin page from the subdomain for SimpleSAMLphp in a - browser (https://saml.librebooking.com/admin was what I used). + browser ( was what I used). * You’ll be prompted to enter the _auth.adminpassword_ that you set in your config.php * Click on the _Federation_ tab * then the _XML to SimpleSAMLphp metadata converter_ link. @@ -86,12 +88,12 @@ we’ll use to finish up our configuration. * For each one of those, create a file with that name plus `.php` in the folder `/home/username/simplesamlphp/metadata`. The file should contain ` * Open up `/simplesamlphp/config/authsources.php` * Find the `idp` setting, and paste the value of the remote `entityid` into the `idp` field. * Then set the local `entityid` field to a value of your choice. Usually the URL of the website you are creating SSO for. Remember this value as you will need this value in a later step when you configure the remote single sign on provider. -### Update SAML Configuration in LibreBooking +## Update SAML Configuration in LibreBooking Whew, almost done! The last few settings are in LibreBooking. @@ -111,15 +113,15 @@ Open `Saml.config.php` in an editor: described here, this would be `/home/username/simplesamlphp`. `simplesamlphp.config` - Set this to the config filesystem directory for SimpleSAMLphp. In this case -`/home/username/simplesamlphp/config` +`/home/username/simplesamlphp/config` Most of the remaining settings are attribute maps. SAML will send over user attributes, but often with obscure names. LibreBooking needs to know which attribute maps to the proper user field in -LibreBooking. +LibreBooking. There are only 2 absolutely required fields to map – username/userid and email. For example, if the username is being sent across in the SAML payload as `urn:oid:0.1.2.3` you’d set `simplesamlphp.username` to this value -like `$conf[‘settings][‘simplesamlphp.username’] = ‘urn:oid:0.1.2.3’;` +like `$conf[‘settings][‘simplesamlphp.username’] = ‘urn:oid:0.1.2.3’;` This is the same for all the other attributes. If you don’t know the attributes coming across then you can add the following line to @@ -128,17 +130,17 @@ constructor: `Log::Debug('Saml attributes are: %s', var_export($saml_attributes, and try to log in. We’ll write out the attributes to the log file and you can copy the names into the LibreBooking SAML configuration file. -### Configuring the other end +## Configuring the other end You will need to configure the other end. For example the Azure Application Saml SSO settings. -First of all, you need to set the identifier ID, which is the value you used for your local entityId at the end of the section titled "Exchange Metadata". +First of all, you need to set the identifier ID, which is the value you used for your local entityId at the end of the section titled "Exchange Metadata". -Then you need to tell it the URL to send data back to. This is called the ACS or Assertion Consumer Service URL or Reply URL. Set it to https://your-simplesaml-url/module.php/saml/sp/saml2-acs.php/default-sp +Then you need to tell it the URL to send data back to. This is called the ACS or Assertion Consumer Service URL or Reply URL. Set it to -You probably also want to set a logout URL which should be: https://your-simplesaml-url/module.php/saml/sp/saml2-logout.php/default-sp +You probably also want to set a logout URL which should be: -### Some Restrictions +## Some Restrictions A couple important notes with SAML enabled: @@ -150,7 +152,7 @@ of browser redirects in order to complete the authentication process. When using the API you are not within the context of a browser, so authentication will fail. -### Logging In +## Logging In Once all the mapping is complete, you should be able to log into LibreBooking via your organization’s federated log in page. Your users will no longer have to remember another set of credentials and your account management just got one