This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.
Signed-off-by: David Mehren <git@herrmehren.de>
This is part of an effort to consistently not embed Group objects
in API responses. Names are returned instead.
Signed-off-by: David Mehren <git@herrmehren.de>
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.
Signed-off-by: David Mehren <git@herrmehren.de>
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.
Signed-off-by: David Mehren <git@herrmehren.de>
By checking the "old" password of the user prior to a password change, the
password change function is more secured against abuse.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This change removes the customAuthNames property and redefines the
authProviders property of the frontend-config DTO. Instead of an
map from auth providers to their enabled-state (boolean), there is
now an array that just includes the configured auth providers while
also having the identifier and providerName of custom auth providers.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
express-session always creates an `request.session` object, so only
checking if that exists is not sufficient.
Signed-off-by: David Mehren <git@herrmehren.de>
This extracts the note inserted with the get note interceptor into the request to be used by the controller service.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This is necessary, because of the order of operations in nestjs, the validation pipe is not able to get the note as the noteIdOrAlias will be transformed by the get note pipe after the validation did run.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit removes all previous calls to the permissions service at the beginning of the controller methods to the permissions guard. This should make the code a bit cleaner and remove boilerplate code.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This guard protects resources and let's users only access them if they hold the correct permission
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This enum makes it possible which permissions a user needs to hold to access a specific resource
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The parameters of the permission checking methods were missing a null value for not set user. This is the case if user is not logged in and operating as guest.
Signed-off-by: Yannick Bungers <git@innay.de>
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.
Signed-off-by: David Mehren <git@herrmehren.de>
To make the create method more consistent with the
guidelines,
this commit removes the default value from the `primary` parameter.
Signed-off-by: David Mehren <git@herrmehren.de>
To make the create method more consistent with the
guidelines,
this commit removes the default value from the `syncSource` parameter.
An Identity will be created as sync source,
when the associated account is created using an external provider.
Signed-off-by: David Mehren <git@herrmehren.de>
To make the create method more consistent with the
guidelines, this commit adds the `special` flag to
the parameters.
As this function will only be used to create the two hard-coded groups
and to handle API requests at one or two places, adding the parameter
should not be too problematic.
Signed-off-by: David Mehren <git@herrmehren.de>
