* Users are only authenticated against their password on login,
and to retrieve a token
* Passwords are wiped from the GUI frontend and cookies
after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option,
the token is stored in the cookie
* Tokens correctly delete themselves on logout
* Tokens can expire at user-specified date
* Tokens have their last usage time
* Tokens can have user defined descriptions
* Users can manage login tokens in their account settings
Print all links through new uri.js component
Refactor the router to use more predictable parsing
Fix linking to entities with weird names (that contain slashes, + etc.)
API responses are cached internally - if they're modified, they're
modified in cache too. This can lead to certain anomalies, that can be
easily solved by making object copies.
The lists in the post model (current state and original state) referred
to the same objects, so that making changes to current state was seen as
if no change has been made. This broke mass tag - it always thought
there were no changes to post tags.
This has important side effect that matters when we check for data
changes using _orig dictionary. Previously, _orig was empty (so its
members fields were undefiend) whereas the real fields were declared as
nulls. This meant that for new entities, the conditions were always
true, which is unintended. Now both _orig and the class itself are
initially populated with _updateFromResponse which syncs the state
between them, removing the problem.
- Hide fields that are uneditable, rather than disabling them
- Support fragmented edit privileges (e.g. roles than can edit only some
aspects of tags) - up until now the client tried to send everything at
once, which resulted in errors for such cases.
