Commit graph

92 commits

Author SHA1 Message Date
Philip Molares
0a8945d934 feat(backend): handle username always in lowercase
This should make all usernames of new users into lowercase. Usernames are also searched in the DB as lowercase.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-04 21:55:19 +02:00
Tilman Vatteroth
753c6e593f refactor: remove isomorphic-ws
The package caused some issues while working on other features.
Mostly because bundlers have been unable to determine the correct
websocket constructor.
So I replaced it with a more object-oriented approach.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-02 17:40:25 +02:00
Tilman Vatteroth
d1ce1cb3e4 refactor: turn random word list source from json to ts
This prevents future import issues

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-30 09:17:05 +02:00
Tilman Vatteroth
11ccd678de test: add test for permissions guard
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
a852c79947 refactor: replace permission check methods with ordered permission enum
This commit replaces the "mayWrite", "mayRead" and "checkPermissionOnNote"
functions with one that returns a sortable permission value.
This is done because many places in the code need to do actions based on the fact if
the user has no, read or write access. If done with the may-functions then the permission
data need to be looked through multiple times.

Also, the whole check code is split into more functions that are tested separately and make it easier
to understand the process.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
4e298cccfb refactor: make class fields of permissions guard read-only
They're only read and never written after the construction

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
6e0e63688b refactor: allow only one required permission in require-permission decorator
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
9ca6485219 refactor: extract permission metadata key
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
488238d854 refactor: rename "Permissions" enum to "RequiredPermission"
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
6b73016583 refactor: rename "Permissions" decorator to "RequirePermission"
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
4c384cc8de test: add test for get note interceptor
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
b1dc383a7a refactor: use "extractNoteFromRequest" in permission guard
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
ab5aebc9c4 refactor: extract "extract note from request" logic into separate function
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
65fb110a1e refactor: move permissions decorator and guard into permissions directory
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
22f0abbfbe fix: remove redundant permission guard annotations
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Avinash
e73d28dba1 feat(backend): added test realtime note service
Signed-off-by: Avinash <avinash.kumar.cs92@gmail.com>
2023-05-15 20:49:59 +02:00
Avinash
d15a8b18d9 fix(backend): updated realtime connection's acceptEdit, close connection based on permission
Signed-off-by: Avinash <avinash.kumar.cs92@gmail.com>
2023-05-15 20:49:59 +02:00
Tilman Vatteroth
e3a3690b58 refactor(realtime): solve circle dependencies in realtime-user-status-adapter.ts
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-15 17:59:28 +02:00
Tilman Vatteroth
39fff87f52 fix: migrate import code
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-12 19:14:34 +02:00
Tilman Vatteroth
d29e840bc6 fix(realtime): allow realtime user status updates from users that have read-only access
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 20:33:23 +02:00
Tilman Vatteroth
b199cdba67 test: increase coverage of constructor tests
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
2f59869e12 fix: retrieve read-only state for realtime user status adapter from connection
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
f012282a41 fix: restore of test state
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
02a3b7f07b refactor: make displayName readonly
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
3c1ea7bda9 fix: allow change of accept edits in realtime connection
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
eebbb79d08 fix: retrieve read-only state for y-doc-sync-server-adapter from connection
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Yannick Bungers
ed3c688e8b refactor: extract mocking in permissions.service.spec.ts
Signed-off-by: Yannick Bungers <git@innay.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
d73bbcaeff fix: increase test coverage
Signed-off-by: Yannick Bungers <git@innay.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
dad60a25ea fix: change logging from id to publicId in media upload
Signed-off-by: Yannick Bungers <git@innay.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
c20e20b30a refactor: exclude create permission from note permission check
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
fad5e1e22e test: add private api tests for checkPermissionOnNote and checkMediaDeletePermission
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
001a49329c refactor: extract permission checking from controllers and guard
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
485f7cd338 feat: Add guest file uploads and add deletion for note owners
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
0f464dedfe fix: clean up decorators in the public notes.controller.ts
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
d369132519 fix: add CompleteRequest type to have better type checks for HTTP-Request attribute injection.
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Tilman Vatteroth
0263c09ce1 fix(deps): migrate zxcvbn
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 19:37:41 +02:00
Tilman Vatteroth
e02221acd2 fix: don't create user permissions for owner
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-04 22:34:24 +02:00
Tilman Vatteroth
a5e12b9ad0 fix(backend): fix extraction body values in permission controllers
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-04 14:54:37 +02:00
Avinash
bb7a6a74f7 refactor(backend): create mock function for noteRepo and eventemiter
Signed-off-by: Avinash <avinash.kumar.cs92@gmail.com>
2023-04-16 20:55:26 +02:00
Tilman Vatteroth
0950e036b0 refactor(s3-backend): use URL object to construct complete URL instead of string template
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
b6db47a9c2 test(s3-backend): add unit test
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
e8d4fc692d fix(s3-backend): remove redundant parameter
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
baaa41b1e5 fix(media config): expect HD_MEDIA_BACKEND_S3_ENDPOINT to be an uri
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
3c2f59c382 fix(s3-backend): force endpoint to be a uri
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
2016874a3d fix(s3-backend): let minio lib handle the port fallback
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
a72f695124 fix(s3-backend): correct endpoint
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Philip Molares
2fc89a7de5 feat: don't let read-only users send their cursors or selections
This was done as it may be used to distract or annoy other users either intentionally or unintentionally.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-06 22:54:50 +02:00
Philip Molares
c2f41118b6 feat: check permissions in realtime code and frontend
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-06 22:54:50 +02:00
Tilman Vatteroth
6fb58d56c2 fix: add missing tests for realtime-user-status-adapter
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-04 18:29:20 +02:00
Tilman Vatteroth
2a2d3756ad refactor: test code of realtime
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-04 18:29:20 +02:00