apostrophe 3.11.0 → 3.14.0

package/CHANGELOG.md

@@ -1,5 +1,59 @@
 # Changelog
 
+## 3.14.0 (2022-02-22)
+
+### Adds
+
+* To reduce complications for those implementing caching strategies, the CSRF protection cookie now contains a simple constant string, and is not recorded in `req.session`. This is acceptable because the real purpose of the CSRF check is simply to verify that the browser has sent the cookie at all, which it will not allow a cross-origin script to do.
+* As a result of the above, a session cookie is not generated and sent at all unless `req.session` is actually used or a user logs in. Again, this reduces complications for those implementing caching strategies.
+* When logging out, the session cookie is now cleared in the browser. Formerly the session was destroyed on the server side only, which was sufficient for security purposes but could create caching issues.
+* Uses `express-cache-on-demand` lib to make similar and concurrent requests on pieces and pages faster.
+* Frontend build errors now stop app startup in development, and SCSS and JS/Vue build warnings are visible on the terminal console for the first time.
+
+### Fixes
+
+* Fixed a bug when editing a page more than once if the page has a relationship to itself, whether directly or indirectly. Widget ids were unnecessarily regenerated in this situation, causing in-context edits after the first to fail to save.
+* Pages no longer emit double `beforeUpdate` and `beforeSave` events.
+* When the home page extends `@apostrophecms/piece-page-type`, the "show page" URLs for individual pieces should not contain two slashes before the piece slug. Thanks to [Martí Bravo](https://github.com/martibravo) for the fix.
+* Fixes transitions between login page and `afterPasswordVerified` login steps.
+* Frontend build errors now stop the `@apostrophecms/asset:build` task properly in production.
+* `start` replaced with `flex-start` to address SCSS warnings.
+* Dead code removal, as a result of following up on JS/Vue build warnings.
+
+## 3.13.0 - 2022-02-04
+
+### Adds
+
+* Additional requirements and related UI may be imposed on native ApostropheCMS logins using the new `requirements` feature, which can be extended in modules that `improve` the `@apostrophecms/login` module. These requirements are not imposed for single sign-on logins via `@apostrophecms/passport-bridge`. See the documentation for more information.
+* Adds latest Slovak translation strings to SK.json in `i18n/` folder. Thanks to [Michael Huna](https://github.com/Miselrkba) for the contribution.
+* Verifies `afterPasswordVerified` requirements one by one when emitting done event, allows to manage errors ans success before to go to the next requirement. Stores and validate each requirement in the token. Checks the new `askForConfirmation` requirement option to go to the next step when emitting done event or waiting for the confirm event (in order to manage success messages). Removes support for `afterSubmit` for now.
+
+### Fixes
+
+* Decodes the testReq `param` property in `serveNotFound`. This fixes a problem where page titles using diacritics triggered false 404 errors.
+* Registers the default namespace in the Vue instance of i18n, fixing a lack of support for un-namespaced l10n keys in the UI.
+
+## 3.12.0 - 2022-01-21
+
+### Adds
+
+* It is now best practice to deliver namespaced i18n strings as JSON files in module-level subdirectories of `i18n/` named to match the namespace, e.g. `i18n/ourTeam` if the namespace is `ourTeam`. This allows base class modules to deliver phrases to any namespace without conflicting with those introduced at project level. The `i18n` option is now deprecated in favor of the new `i18n` module format section, which is only needed if `browser: true` must be specified for a namespace.
+* Brought back the `nestedModuleSubdirs` feature from A2, which allows modules to be nested in subdirectories if `nestedModuleSubdirs: true` is set in `app.js`. As in A2, module configuration (including activation) can also be grouped in a `modules.js` file in such subdirectories.
+
+### Fixes
+
+* Fixes minor inline documentation comments.
+* UI strings that are not registered localization keys will now display properly when they contain a colon (`:`). These were previously interpreted as i18next namespace/key pairs and the "namespace" portion was left out.
+* Fixes a bug where changing the page type immediately after clicking "New Page" would produce a console error. In general, areas and checkboxes now correctly handle their value being changed to `null` by the parent schema after initial startup of the `AposInputArea` or `AposInputCheckboxes` component.
+* It is now best practice to deliver namespaced i18n strings as JSON files in module-level subdirectories of `i18n/` named to match the namespace, e.g. `i18n/ourTeam` if the namespace is `ourTeam`. This allows base class modules to deliver phrases to any namespace without conflicting with those introduced at project level. The `i18n` option is now deprecated in favor of the new `i18n` module format section, which is only needed if `browser: true` must be specified for a namespace.
+* Removes the `@apostrophecms/util` module template helper `indexBy`, which was using a lodash method not included in lodash v4.
+* Removes an unimplemented `csrfExceptions` module section cascade. Use the `csrfExceptions` *option* of any module to set an array of URLs excluded from CSRF protection. More information is forthcoming in the documentation.
+* Fix `[Object Object]` in the console when warning `A permission.can() call was made with a type that has no manager` is printed.
+
+### Changes
+
+* Temporarily removes `npm audit` from our automated tests because of a sub-dependency of vue-loader that doesn't actually cause a security vulnerability for apostrophe.
+
 ## 3.11.0 - 2022-01-06
 
 ### Adds
@@ -9,6 +63,7 @@
 ### Fixes
 
 * Apostrophe's extension of `req.login` now accounts for the `req.logIn` alias and the skippable `options` parameter, which is relied upon in some `passport` strategies.
+* Apostrophe now warns if a nonexistent widget type is configured for an area field, with special attention to when `-widget` has been erroneously included in the name. For backwards compatibility this is a startup warning rather than a fatal error, as sites generally did operate successfully otherwise with this type of bug present.
 
 ### Changes
 
@@ -16,6 +71,7 @@
 * Adds deprecation note to `__testDefaults` option. It is not in use, but removing would be a minor BC break we don't need to make.
 * Allows test modules to use a custom port as an option on the `@apostrophecms/express` module.
 * Removes the code base pull request template to instead inherit the organization-level template.
+* Adds `npm audit` back to the test scripts.
 
 ## 3.10.0 - 2021-12-22
 

package/index.js

@@ -7,6 +7,7 @@ const cluster = require('cluster');
 const { cpus } = require('os');
 const process = require('process');
 const npmResolve = require('resolve');
+const glob = require('glob');
 
 let defaults = require('./defaults.js');
 
@@ -273,6 +274,33 @@ module.exports = async function(options) {
     return _module;
   }
 
+  function nestedModuleSubdirs() {
+    if (!options.nestedModuleSubdirs) {
+      return;
+    }
+    const configs = glob.sync(self.localModules + '/**/modules.js');
+    _.each(configs, function(config) {
+      try {
+        _.merge(self.options.modules, require(config));
+      } catch (e) {
+        console.error(stripIndent`
+          When nestedModuleSubdirs is active, any modules.js file beneath:
+
+          ${self.localModules}
+
+          must export an object containing configuration for Apostrophe modules.
+          
+          The file:
+          
+          ${config}
+          
+          did not parse.
+        `);
+        throw e;
+      }
+    });
+  }
+
   function autodetectBundles() {
     const modules = _.keys(self.options.modules);
     _.each(modules, function(name) {
@@ -406,7 +434,13 @@ module.exports = async function(options) {
       localModules: self.localModules,
       defaultBaseClass: '@apostrophecms/module',
       sections: [ 'helpers', 'handlers', 'routes', 'apiRoutes', 'restApiRoutes', 'renderRoutes', 'middleware', 'customTags', 'components', 'tasks' ],
-      unparsedSections: [ 'queries', 'extendQueries', 'icons' ]
+      nestedModuleSubdirs: self.options.nestedModuleSubdirs,
+      unparsedSections: [
+        'queries',
+        'extendQueries',
+        'icons',
+        'i18n'
+      ]
     });
 
     self.synth = synth;
@@ -417,6 +451,8 @@ module.exports = async function(options) {
     self.redefine = self.synth.redefine;
     self.create = self.synth.create;
 
+    nestedModuleSubdirs();
+
     _.each(self.options.modules, function(options, name) {
       synth.define(name, options);
     });

package/lib/moog.js

@@ -369,9 +369,9 @@ module.exports = function(options) {
     }
 
     function capture(section) {
-      that[section] = {};
+      that.__meta[section] = {};
       for (const step of steps) {
-        that[section][step.__meta.name] = step[section];
+        that.__meta[section][step.__meta.name] = step[section];
       }
     }
 

package/modules/@apostrophecms/asset/index.js

@@ -249,15 +249,23 @@ module.exports = {
               fs.removeSync(`${bundleDir}/${outputFilename}`);
               const cssPath = `${bundleDir}/${outputFilename}`.replace(/\.js$/, '.css');
               fs.removeSync(cssPath);
-              await Promise.promisify(webpackModule)(require(`./lib/webpack/${name}/webpack.config`)(
-                {
-                  importFile,
-                  modulesDir,
-                  outputPath: bundleDir,
-                  outputFilename
-                },
-                self.apos
-              ));
+              const webpack = Promise.promisify(webpackModule);
+              const webpackBaseConfig = require(`./lib/webpack/${name}/webpack.config`);
+              const webpackInstanceConfig = webpackBaseConfig({
+                importFile,
+                modulesDir,
+                outputPath: bundleDir,
+                outputFilename
+              }, self.apos);
+              const result = await webpack(webpackInstanceConfig);
+              if (result.compilation.errors.length) {
+                // Throwing a string is appropriate in a command line task
+                throw cleanErrors(result.toString('errors'));
+              } else if (result.compilation.warnings.length) {
+                self.apos.util.warn(result.toString('errors-warnings'));
+              } else if (process.env.APOS_WEBPACK_VERBOSE) {
+                self.apos.util.info(result.toString('verbose'));
+              }
               if (fs.existsSync(cssPath)) {
                 fs.writeFileSync(cssPath, self.filterCss(fs.readFileSync(cssPath, 'utf8'), {
                   modulesPrefix: `${self.getAssetBaseUrl()}/modules`
@@ -518,6 +526,13 @@ module.exports = {
           function getComponentName(component, options, i) {
             return require('path').basename(component).replace(/\.\w+/, '') + (options.enumerateImports ? `_${i}` : '');
           }
+
+          function cleanErrors(errors) {
+            // Dev experience: remove confusing and inaccurate webpack warning about module loaders
+            // when straightforward JS parse errors occur, stackoverflow is full of people
+            // confused by this
+            return errors.replace(/(ERROR in[\s\S]*?Module parse failed[\s\S]*)You may need an appropriate loader.*/, '$1');
+          }
         }
       }
     };

package/modules/@apostrophecms/asset/lib/globalIcons.js

@@ -12,6 +12,8 @@ module.exports = {
   'checkbox-blank-icon': 'CheckboxBlankOutline',
   'check-all-icon': 'CheckAll',
   'check-bold-icon': 'CheckBold',
+  'check-circle-icon': 'CheckCircle',
+  'check-decagram-icon': 'CheckDecagram',
   'checkbox-marked-icon': 'CheckboxMarked',
   'chevron-down-icon': 'ChevronDown',
   'chevron-left-icon': 'ChevronLeft',

package/modules/@apostrophecms/attachment/index.js

@@ -1114,7 +1114,7 @@ module.exports = {
               await copyOut(uploadfsPath, tempFile);
               await self.sanitizeSvg(tempFile);
               await copyIn(tempFile, uploadfsPath);
-              await self.db.update({
+              await self.db.updateOne({
                 _id: attachment._id
               }, {
                 $set: {

package/modules/@apostrophecms/doc/index.js

@@ -675,10 +675,10 @@ module.exports = {
       },
 
       // Insert the given document. Called by `.insert()`. You will usually want to
-      // call the update method of the appropriate doc type manager instead:
+      // call the insert method of the appropriate doc type manager instead:
       //
       // ```javascript
-      // self.apos.doc.getManager(doc.type).update(...)
+      // self.apos.doc.getManager(doc.type).insert(...)
       // ```
       //
       // However you can override this method to alter the
@@ -1075,7 +1075,13 @@ module.exports = {
       },
       deduplicateWidgetIds(doc) {
         const seen = new Set();
-        self.apos.area.walk(doc, area => {
+        self.apos.area.walk(doc, (area, dotPath) => {
+          if (dotPath.includes('_')) {
+            // Ignore relationships so recursive references from a
+            // doc to itself can't result in random regeneration of
+            // widget ids in the doc proper
+            return;
+          }
           for (const widget of area.items || []) {
             if ((!widget._id) || seen.has(widget._id)) {
               widget._id = cuid();

package/modules/@apostrophecms/doc-type/index.js

@@ -194,11 +194,11 @@ module.exports = {
             _id: doc._id.replace(':draft', ':previous')
           });
           if (published) {
-            await self.apos.doc.db.remove({ _id: published._id });
+            await self.apos.doc.db.removeOne({ _id: published._id });
             await self.emit('afterDelete', req, published, { checkForChildren: false });
           }
           if (previous) {
-            await self.apos.doc.db.remove({ _id: previous._id });
+            await self.apos.doc.db.removeOne({ _id: previous._id });
             await self.emit('afterDelete', req, previous, { checkForChildren: false });
           }
         },

package/modules/@apostrophecms/doc-type/ui/apos/components/AposDocContextMenu.vue

@@ -23,7 +23,6 @@ import { detectDocChange } from 'Modules/@apostrophecms/schema/lib/detectChange'
 import AposPublishMixin from 'Modules/@apostrophecms/ui/mixins/AposPublishMixin';
 import AposArchiveMixin from 'Modules/@apostrophecms/ui/mixins/AposArchiveMixin';
 import AposModifiedMixin from 'Modules/@apostrophecms/ui/mixins/AposModifiedMixin';
-import klona from 'klona';
 
 export default {
   name: 'AposDocContextMenu',
@@ -263,12 +262,6 @@ export default {
       // moduleOptions gives us the action, etc. but here we need the schema
       // which is always type specific, even for pages so get it ourselves
       let schema = (apos.modules[this.context.type].schema || []).filter(field => apos.schema.components.fields[field.type]);
-      if (this.restoreOnly) {
-        schema = klona(schema);
-        for (const field of schema) {
-          field.readOnly = true;
-        }
-      }
       // Archive UI is handled via action buttons
       schema = schema.filter(field => field.name !== 'archived');
       return schema;

package/modules/@apostrophecms/express/index.js

@@ -77,7 +77,15 @@
 //   rolling: true,
 //   secret: 'you should have a secret',
 //   name: self.apos.shortName + '.sid',
-//   cookie: {}
+//   cookie: {
+//     path: '/',
+//     httpOnly: true,
+//     secure: false,
+//     // using 'strict' will confuse users if you link to your site
+//     // with the expectation that the user is still logged in on arrival.
+//     // 'lax' still protects against CSRF attacks
+//     sameSite: 'lax'
+//   }
 // }
 // ```
 //
@@ -98,17 +106,16 @@
 //
 // ### `csrf`
 //
-// By default, Apostrophe implements Angular-compatible [CSRF protection](https://en.wikipedia.org/wiki/Cross-site_request_forgery)
-// via an `XSRF-TOKEN` cookie. The `@apostrophecms/asset` module pushes
-// a call to the browser to set a jQuery `ajaxPrefilter` which
-// adds an `X-XSRF-TOKEN` header to all requests, which must
-// match the cookie. This is effective because code running from
-// other sites or iframes will not be able to read the cookie and
-// send the header.
+// By default, Apostrophe implements [CSRF protection](https://en.wikipedia.org/wiki/Cross-site_request_forgery)
+// by setting a cookie with the value `csrf`, which all legitimate requests originating fromt he page will send
+// back (see the [same-origin policy](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy)).
+// All modern browsers will refuse to allow a CSRF attacker, such as a malicious `POST`-method `form` tag on a third
+// party site pointing to an Apostrophe site, to send cookies to the Apostrophe site.
 //
 // All non-safe HTTP requests (not `GET`, `HEAD`, `OPTIONS` or `TRACE`)
-// automatically receive this proection via the csrf middleware, which
-// rejects requests in which the CSRF token does not match the header.
+// automatically receive this protection via the csrf middleware, which
+// rejects requests in which the cookie is not present.
+//
 // If the request was made with a valid api key or bearer token it
 // bypasses this check.
 //
@@ -124,12 +131,6 @@
 // You may need to use this feature when implementing POST form
 // submissions that do not use AJAX and thus don't send the header.
 //
-// There is also a `minimumExceptions` option, which defaults
-// to `[ /login ]`. The login form is the only non-AJAX form
-// that ships with Apostrophe. XSRF protection for login forms
-// is unnecessary because the password itself is unknown to the
-// third party site; it effectively serves as an XSRF token.
-//
 // ### Adding your own middleware
 //
 // Use the `middleware` section in your module. That function should
@@ -307,7 +308,13 @@ module.exports = {
           // "expires" ourselves too
           const bearer = await self.apos.login.bearerTokens.findOne({
             _id: req.token,
-            expires: { $gte: new Date() }
+            expires: { $gte: new Date() },
+            // requirementsToVerify array should be empty or inexistant
+            // for the token to be usable to log in.
+            $or: [
+              { requirementsToVerify: { $exists: false } },
+              { requirementsToVerify: { $ne: [] } }
+            ]
           });
           return bearer && bearer.userId;
         }
@@ -317,12 +324,11 @@ module.exports = {
       },
       ...((self.options.csrf === false) ? {} : {
         // Angular-compatible CSRF protection middleware. On safe requests (GET, HEAD, OPTIONS, TRACE),
-        // set the XSRF-TOKEN cookie if missing. On unsafe requests (everything else),
-        // make sure our jQuery `ajaxPrefilter` set the X-XSRF-TOKEN header to match the
-        // cookie.
+        // set the csrf cookie if missing.
         //
-        // This works because if we're running via a script tag or iframe, we won't
-        // be able to read the cookie.
+        // This works because requests not meeting the expectations of the same-origin policy
+        // won't be able to send cookies to the origin at all, even though the value is
+        // well-known.
         csrf(req, res, next) {
           if (req.csrfExempt) {
             return next();
@@ -420,7 +426,11 @@ module.exports = {
         _.defaults(sessionOptions.cookie, {
           path: '/',
           httpOnly: true,
-          secure: false
+          secure: false,
+          // Ensure that Safari follows the same policy as other modern browsers
+          // to prevent CSRF attacks. "lax" just means that navigation links
+          // leading to the site will receive the cookie, it is not insecure
+          sameSite: 'lax'
           // maxAge is set for us by connect-mongo,
           // and defaults to 2 weeks
         });
@@ -500,28 +510,30 @@ module.exports = {
       // that this URL should be subject to CSRF.
 
       csrfWithoutExceptions(req, res, next) {
-        let token;
         // OPTIONS request cannot set a cookie, so manipulating the session here
         // is not helpful. Do not attempt to set XSRF-TOKEN for OPTIONS
         if (req.method === 'OPTIONS') {
           return next();
         }
-        // Safe request establishes XSRF-TOKEN in session if not set already
+        // Safe request establishes CSRF cookie, whose purpose is only to check
+        // that the same-origin policy is followed, not to be unique and secure
+        // in itself
         if (req.method === 'GET' || req.method === 'HEAD' || req.method === 'TRACE') {
-          token = req.session && req.session['XSRF-TOKEN'];
-          if (!token) {
-            token = self.apos.util.generateId();
-            req.session['XSRF-TOKEN'] = token;
-          }
-          // Reset the cookie so that if its lifetime somehow detaches from
-          // that of the session cookie we're still OK
-          res.cookie(self.apos.csrfCookieName, token);
+          // Use the same standard for the session and CSRF cookies
+          res.cookie(self.apos.csrfCookieName, 'csrf', {
+            // Will inherit sameSite: 'lax', which is important for
+            // CSRF protection in Safari
+            ...self.sessionOptions.cookie,
+            // 1 year (the limit). The value is known, we are relying
+            // on SameSite (modern browsers)
+            maxAge: 31536000
+          });
         } else {
-          // All non-safe requests must be preceded by a safe request that establishes
-          // the CSRF token, both as a cookie and in the session. Otherwise a user who is logged
-          // in but doesn't currently have a CSRF token is still vulnerable.
-          // See options.csrfExceptions
-          if (!req.cookies[self.apos.csrfCookieName] || req.get('X-XSRF-TOKEN') !== req.cookies[self.apos.csrfCookieName] || req.session['XSRF-TOKEN'] !== req.cookies[self.apos.csrfCookieName]) {
+          // Check that the request arrived with the CSRF cookie.
+          // This isn't meant to be a unique code that no one could guess,
+          // but rather a check that the request from the same origin,
+          // as cross-origin requests cannot set cookies on our origin at all.
+          if (req.cookies[self.apos.csrfCookieName] !== 'csrf') {
             res.statusCode = 403;
             return res.send({
               name: 'forbidden',

package/modules/@apostrophecms/http/index.js

@@ -86,9 +86,6 @@ module.exports = {
       // `parse` (can be 'json` to always parse the response body as JSON, otherwise the response body is
       // parsed as JSON only if the content-type is application/json)
       // `headers` (an object containing header names and values)
-      // `csrf` (if true, which is the default, and the `jar` contains the CSRF cookie for this Apostrophe site
-      // due to a previous GET request, send it as the X-XSRF-TOKEN header; if a string, send the current value of the cookie of that name
-      // in the `jar` as the X-XSRF-TOKEN header; if false, disable this feature)
       // `fullResponse` (if true, return an object with `status`, `headers` and `body`
       // properties, rather than returning the body directly; the individual `headers` are canonicalized
       // to lowercase names. If a header appears multiple times an array is returned for it)
@@ -113,9 +110,6 @@ module.exports = {
       // `parse` (can be 'json` to always parse the response body as JSON, otherwise the response body is
       // parsed as JSON only if the content-type is application/json)
       // `headers` (an object containing header names and values)
-      // `csrf` (if true, which is the default, and the `jar` contains the CSRF cookie for this Apostrophe site
-      // due to a previous GET request, send it as the X-XSRF-TOKEN header; if a string, send the current value of the cookie of that name
-      // in the `jar` as the X-XSRF-TOKEN header; if false, disable this feature)
       // `fullResponse` (if true, return an object with `status`, `headers` and `body`
       // properties, rather than returning the body directly; the individual `headers` are canonicalized
       // to lowercase names. If a header appears multiple times an array is returned for it)
@@ -140,9 +134,6 @@ module.exports = {
       // `parse` (can be 'json` to always parse the response body as JSON, otherwise the response body is
       // parsed as JSON only if the content-type is application/json)
       // `headers` (an object containing header names and values)
-      // `csrf` (if true, which is the default, and the `jar` contains the CSRF cookie for this Apostrophe site
-      // due to a previous GET request, send it as the X-XSRF-TOKEN header; if a string, send the current value of the cookie of that name
-      // in the `jar` as the X-XSRF-TOKEN header; if false, disable this feature)
       // `fullResponse` (if true, return an object with `status`, `headers` and `body`
       // properties, rather than returning the body directly; the individual `headers` are canonicalized
       // to lowercase names. If a header appears multiple times an array is returned for it)
@@ -167,9 +158,6 @@ module.exports = {
       // `parse` (can be 'json` to always parse the response body as JSON, otherwise the response body is
       // parsed as JSON only if the content-type is application/json)
       // `headers` (an object containing header names and values)
-      // `csrf` (if true, which is the default, and the `jar` contains the CSRF cookie for this Apostrophe site
-      // due to a previous GET request, send it as the X-XSRF-TOKEN header; if a string, send the current value of the cookie of that name
-      // in the `jar` as the X-XSRF-TOKEN header; if false, disable this feature)
       // `fullResponse` (if true, return an object with `status`, `headers` and `body`
       // properties, rather than returning the body directly; the individual `headers` are canonicalized
       // to lowercase names. If a header appears multiple times an array is returned for it)
@@ -228,14 +216,6 @@ module.exports = {
           options.headers = options.headers || {};
           options.headers['Content-Type'] = 'application/x-www-form-urlencoded';
         }
-        if ((options.csrf !== false) && options.jar) {
-          options.headers = options.headers || {};
-          const cookieName = ((typeof options.csrf) === 'string') ? options.csrf : self.apos.csrfCookieName;
-          const cookieValue = self.getCookie(options.jar, url, cookieName);
-          if (cookieValue != null) {
-            options.headers['x-xsrf-token'] = cookieValue;
-          }
-        }
         const res = await fetch(url, options);
         let body;
         if (options.jar) {

package/modules/@apostrophecms/i18n/i18n/en.json

@@ -167,6 +167,7 @@
   "localizeNewRelated": "Localize new related documents",
   "localizingBusy": "Localizing Content",
   "login": "Login",
+  "loginErrorGeneric": "An error occurred. Please try again.",
   "loginDisabled": "Login Disabled",
   "loginPageBothRequired": "Both the username and the password are required.",
   "loginPageBadCredentials": "Your credentials are incorrect, or there is no such user",

package/modules/@apostrophecms/i18n/i18n/sk.json

@@ -3,6 +3,7 @@
   "addItem": "Pridať položku",
   "addWidgetType": "Pridať {{ label }}",
   "admin": "Admin",
+  "affirmativeLabel": "Áno, pokračovať.",
   "altText": "Alternatívny text",
   "altTextHelp": "Alternatívny popis obrázkov pre zlepšenú prístupnosť",
   "any": "ľubovoľný",
@@ -10,6 +11,8 @@
   "applyToSubpages": "Aplikovať na podstánky",
   "arrayCancelDescription": "Chcete zahodiť zmeny v tomto zozname?",
   "archive": "Archív",
+  "archivingBatchConfirmation": "Naozaj chcete archivovať {{ count }} {{ type }}?",
+  "archivingBatchConfirmationButton": "Áno, archivovať obsah.",
   "archiveImage": "Archivovať obrázok",
   "archiveOnlyThisPage": "Archivovať len túto stránku",
   "archivePageAndSubpages": "Archivovať túto stránku a všetky podradené stránky",
@@ -121,6 +124,7 @@
   "errorPageMessage": "Došlo k chybe",
   "errorPageStatusCode": "500",
   "errorPageTitle": "Došlo k chybe v nadpise stánky",
+  "errorBatchOperationNoti": "Skupinová operácia {{ operation }} zlyhala.",
   "everythingElse": "Všetko ostatné",
   "exit": "Odísť",
   "fetchPublishedVersionFailed": "Pri načítaní zverejnenej verzie dokumentu sa vyskytla chyba.",
@@ -173,6 +177,8 @@
   "manageDocType": "Spravovať {{ type }}",
   "manageDraftSubmissions": "Spravujte návrhy príspevkov",
   "managePages": "Spravovať stránky",
+  "maxLabel": "Max:",
+  "maxUi": "Max: {{ number }}",
   "mediaCreatedDate": "Nahraté: {{ createdDate }}",
   "mediaDimensions": "Rozmery: {{ width }} 𝗑 {{ height }}",
   "mediaFileSize": "Veľkosť súboru: {{ fileSize }}",
@@ -180,6 +186,10 @@
   "mediaMB": "{{ size }}MB",
   "mediaUploadViaDrop": "Presuňte ich sem, keď budete pripravení",
   "mediaUploadViaExplorer": "Alebo kliknutím otvorte adresárovú štruktúru",
+  "minLabel": "Min:",
+  "minUi": "Min: {{ number }}",
+  "modify": "Zmeniť",
+  "modifyOrDelete": "Zmeniť / Vymazať",
   "moreOptions": "Viac možností",
   "moreOperations": "Viac úprav",
   "multipleEditors": "Viaceré editory",
@@ -202,17 +212,19 @@
   "notFoundPageStatusCode": "404",
   "notFoundPageTitle": "404 - Stránka nenájdená",
   "notInLocale": "Aktuálna stránka v {{ label }} neexistuje. Preložte verziu z {{ currentLocale }}?",
+  "notificationClearEventError": "Pri vymazávaní zaregistrovanej notifikačnej udalosti sa vyskytla chyba.",
   "noTypeFound": "Nenašiel sa žiadny {{ type }}",
   "parentNotLocalized": "Najprv preložte nadradenú stránku",
   "notYetPublished": "Tento dokument ešte nebol zverejnený.",
   "nudgeDown": "Posunúť nadol",
   "nudgeUp": "Posunúť nahor",
+  "numberAdded": "{{ count }} Pridané",
   "office": "Kancelária",
   "openGlobal": "Otvorte globálne nastavenia webu",
   "page": "Stránka",
   "pageDoesNotExistYet": "Stránka zatiaľ neexistuje",
   "pageDoesNotExistYetDescription": "Stránka, ktorá poskytuje záznam pre tento diel, ešte nie je k dispozícii ako {{ mode }} v jazykovej mutácii {{ locale }}.",
-  "pageIsParked": "Táto stránka je zaparkovaná a nemožno ju presunúť",
+  "pageIsParked": "Táto stránka je uzamknutá nemožno ju presunúť",
   "pageNumber": "Stránka {{ number }}",
   "pageTitle": "Názov stránky",
   "pages": "Stránky",
@@ -242,6 +254,8 @@
   "richTextUndo": "Vrátiť späť",
   "richTextStyleConfigWarning": "Nesprávne nakonfigurovaný štýl: popiska: {{ label }}, {{ tag }}",
   "password": "Heslo",
+  "passwordErrorMin": "Minimum {{ min }} znakov",
+  "passwordErrorMax": "Maximum {{ max }} znakov",
   "passwordResetRequest": "Vaša žiadosť o obnovenie hesla zo stránky {{ site }}",
   "pasteWidget": "Prilepiť {{ widget }}",
   "pending": "Čaká na spracovanie",
@@ -277,6 +291,8 @@
   "relatedDocsOnly": "Len súvisiace dokumenty",
   "relatedDocsDefinition": "Súvisiace dokumenty sú dokumenty, na ktoré sa odkazuje v tomto dokumente. Obvykle to zahŕňa obrázky, obsah definovaný vzťahmi atď.",
   "restore": "Obnoviť",
+  "restoreBatchConfirmation": "Naozaj chcete obnoviť {{ count }} {{ type }}?",
+  "restoreBatchConfirmationButton": "Áno, obnoviť obsah.",
   "resolveErrorsBeforeSaving": "Pred uložením vyriešte chyby.",
   "resolveErrorsFirst": "Najprv vyriešte chyby.",
   "restoreOnlyThisPage": "Obnovte iba túto stránku",
@@ -305,6 +321,12 @@
   "select": "Vybrať",
   "selectedMenuItem": "✓ {{ label }}",
   "selectAll": "Vybrať všetko",
+  "selectBoxMessage": "{{ num }} {{ label }} vybraté.",
+  "selectBoxMessagePage": "{{ num }} {{ label }} na tejto stránke vybraté.",
+  "selectBoxMessageAllButton": "Vybrať všetko {{ num }} {{ label }}.",
+  "selectBoxMessageButton": "Vybrať {{ num }} {{ label }}.",
+  "selectBoxMessageSelected": "{{ num }} {{ label }} vybraté.",
+  "selectBoxMessageAllSelected": "Všetky {{ num }} {{ label }} vybraté.",
   "deselectAll": "Odznačiť všetko",
   "selectContent": "Vyberte obsah",
   "selectContentToLocalize": "Ktorý obsah chcete lokalizovať?",