Still need to resolve an issue where if the slave filter has values set when the master filter updates, thus triggering a change of the available options to the slave, the original values are still set on the slave but not actually visible in the popup as options because they're no longer valid options. To fix this we'll need the ability to get the browser to refresh the slave filter's selected values (count icon basically since it already forces the options popup to refresh) when its masters update; while at the same rechecking the slave's scope values set on the server to ensure that they're all valid and there aren't values left over from the previous request that are no longer valid but are still being applied to the query.
Reverts f73d8e6d49. While there are other ways to achieve some of the same end results, this code existed in the code base for 8 months without issues and is included in the official docs. This means that there could be devs that are depending on this behavior. Additionally, while this may make the internal logic to the BackendController class more complex, it simplifies the developer experience by bringing the Backend\Classes\Controller base class more in line with the standard Laravel controller class.
This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else.
Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.
runInternal has been removed because we do not want to blanket our response logic over every single response, only the happy path. This is because it is impossible to remove. So it is better to take the inverted approach, where if you want the CMS' headers in your custom response, add them yourself. This becomes easy via the new makeResponse() method
For some reason it was decided to allow October controllers to support Laravel middleware, this has been reverted because it is a convoluted solution that doesn't respect the original architecture. There are other ways to handle middleware requirements
The original use case appeared to be to simply allow backend controllers to inject headers. This is something easily solvable whilst keeping the simple and original workflow
You can now specify an array of "availablePermissions" to the PermissionEditor FormWidget that it will use to further down the list of permissions that are up for managment by the current user.
Handle child FormWidgets making AJAX requests outside of the repeater's form container. Note that this won't pass on the state of the repeater item as it exists on the webpage because that information won't be sent to the server in an AJAX request sent from outside of the repeater's form container unless the FormWidget sending the orphaned request specifically includes that data in their request, in which case the regular handling will kick in and initialize the widget properly. A discussion should be had whether this fix makes sense to be done in the Repeater FormWidget or if we should force FormWidgets to have the responsibility of initializing their parent repeaters if they're going to be making orphaned AJAX requests.
Should fix#3415, #4672.
Related: octoberrain/test-plugin#78
Credit to @SaifurRahmanMohsin
Added getConfig to make it easier for developers to fetch the config data from a list column while overriding the list items through extension. This also makes the class more compatible with [FormField](https://github.com/octobercms/october/blob/master/modules/backend/classes/FormField.php) which already has the same helper function.
Also had to revert the 100vw improvement on tabs because it causes unnecessary scroll/drag activation. Also reverted change in form.base.less that had no reasoning.
