Conflicts:
	.gitignore

XNAT-4550 XNAT-4603 Added derived data as a type that can be handled by simple experiment archive path. Changed special handling for image assessors to correctly resolve path relative to parent experiment.

references are now base64-encoded. ReplaceUrlPathsWithBase64.groovy
makes it easier to replace the file references with base64 text. Added
extra logging to QuickSearchAction to capture values submitted for
search. Moved org.nrg.xnat.turbine packages to use the turbine logger.

XNAT-4374: site event scripts menu is now updated upon opening the dialog; minor refactoring and cleanup.

XNAT-4548 Added insertResources() and createAndInsertResourceCatalog() methods to provide shortcuts for associating files with XNAT data objects.

XNAT-4558 Improved handling of updated provider preference settings in the handler method. Removed redundant setReceivedFileUser() method from API implementation.

XNAT-4596: Changed Development Utilities to a regular "panel" rather than a "panel.form" (which uses an unnecessary <form> element)

XNAT-4557, XNAT-4596: Added 'info' note for Security Channel setting; split up panels in "Miscellaneous" tab (Scan Type Mapping still needs a description).

Normalized .js and .css urls and fixed some instances of ${SITE_ROOT} or ${versionString} not being defined; also removed unnecessary XNAT_CSRF query string in themes rest calls.

XNAT-4593: Password validation when editing users now uses the regex specified in site admin; fixed validation of custom regex (using 'pattern' or 'regex' property); added ability to specify error messages for failed validation (example, for siteUrl: data-message="Site Url must be the full URL, including domain and protocol.")

insertResourceCatalog() methods that accept ItemI instead of just URIs.
Added data object service to provide shortcuts for managing XFT data
objects.

XNAT-4548 Fixed check for parent object type that only worked from security item, moved check to URI interface type.

Primarily isolated resource catalog management. Added functionality to create archive URIs from XFT objects. A few minor fixes (SQL error in UpdateConfigurationService, added JSESSIONID to response entity for auth restlet.

XNAT-4557 Added matchSecurityProtocol flag that defaults to false. Only compares http/https on request/referer when true.

XNAT-4586 Made welcome emails get sent when admins edit existing users to make them both enabled and verified.

XNAT-4044, XNAT-4399: added ID column to user table, added filter menus for 'verified', 'enabled', and 'active' columns; added ability to use a function to create a custom filter for a 'table.dataTable' column.

groups from a user. Added code advice comments to VM file.

XNAT-4578, XNAT-4582: Changed REST calls to set user roles to use XAPI; normalized the user 'edit' links to open the basic account info dialog first with a link to edit 'advanced' settings; changed validation type from 'email' to 'emails' (plural) to allow a comma-separated list of email addresses in a single input to be validated.

remove hit from icon request that's botching the session ID.

XNAT-4577 Fixed bug in changing user passwords through the new AdminUI section. The UsersApi class was trying to duplicate code from the save method, but incompletely. Removed code from UsersApi that hashes password since the save is already doing that.

XNAT-4044, XNAT-4242: Refactoring of user management page using XAPI services and Spawner UI elements; fixed some lingering validation issues along the way.

URL list for an Assessor XAR Import now contains the assessor id

attribute when principal isn't found.

.gradletasknamecache.

XNAT-4554, XNAT-4428, XNAT-4242, XNAT-4400: Moved Pipeline processing URL setting to its own tab under the "Advanced" group; fixed a few different issues with the passwords section of the Site Admin; improved handling of validation and blocking of form submission; attempts to prevent username and password fields from being auto-filled.

path filtering to remove split pattern matching. Added extra path
handling for the /setup URI to handle redirect to slash-terminated
version.

Fixed failed login lockout bugs by storing lockout time. Removed unused email verification expiration from admin UI.