Shane Kilkelly
|
8561b69ee9
|
Remove tokenMembers sync to clients
|
2017-10-25 11:29:05 +01:00 |
|
Shane Kilkelly
|
eab77aba91
|
Abstract away the token-protection logic
|
2017-10-19 16:26:01 +01:00 |
|
Shane Kilkelly
|
d8717a06a2
|
Fix track-changes with token-access
|
2017-10-19 14:42:17 +01:00 |
|
Shane Kilkelly
|
ac513a1355
|
Refactor to not pass req down into Auth modules
|
2017-10-13 11:20:57 +01:00 |
|
Shane Kilkelly
|
bb0dad3353
|
Safe access to potentially-null project
|
2017-10-05 14:19:21 +01:00 |
|
Shane Kilkelly
|
e4e558c0e6
|
Hide access tokens if user is not the project owner.
This prevents sneaky read-only users from sniffing out the read-write
link via the browser console.
|
2017-10-05 13:18:30 +01:00 |
|
Shane Kilkelly
|
6482cd7dd8
|
Generate tokens on old projects if they're not present
|
2017-10-04 16:31:24 +01:00 |
|
Shane Kilkelly
|
574b115022
|
Working token-based access
|
2017-09-27 14:01:52 +01:00 |
|
Shane Kilkelly
|
8460160076
|
Add a getInvitedMembersWithPrivilegeLevels function.
Then use it to build the loadProject view-model.
|
2017-09-20 10:02:43 +01:00 |
|
James Allen
|
ba62206b91
|
Refactor project name validation into one place and restrict /s
|
2017-05-19 17:42:24 +01:00 |
|
James Allen
|
8449b0417c
|
Move all redis end points to be cluster compatible
|
2017-05-04 15:22:54 +01:00 |
|
Shane Kilkelly
|
0555154a24
|
Merge branch 'sk-fix-folder-creation'
|
2017-04-04 11:01:07 +01:00 |
|
Shane Kilkelly
|
043520fc28
|
Remove the Metrics module, use metrics-sharelatex
|
2017-04-03 16:18:30 +01:00 |
|
Shane Kilkelly
|
cc81eca902
|
Account for error being null
|
2017-03-31 10:46:13 +01:00 |
|
Shane Kilkelly
|
2c62acee0b
|
Cleaner error reporting for addFolder endpoint
|
2017-03-31 10:31:03 +01:00 |
|
James Allen
|
293ba1fc4c
|
Fetch all ranges from docstore when viewing overview panel
|
2016-12-09 15:43:08 +00:00 |
|
Shane Kilkelly
|
ce78b855a3
|
Add counts to log message
|
2016-08-16 11:33:14 +01:00 |
|
Shane Kilkelly
|
da40f54d55
|
Improve logging, add acceptance tests for joinProject json
|
2016-08-16 11:17:45 +01:00 |
|
Shane Kilkelly
|
b68af254ff
|
Correct logic for bailing out with no privileges
|
2016-08-16 09:59:42 +01:00 |
|
Shane Kilkelly
|
dca1c9be5d
|
Load invites on project load, rather than asynchronously.
|
2016-08-01 17:05:37 +01:00 |
|
James Allen
|
f182fbf396
|
Convert 'anonymous-user' from real-time api in 'null' internally
|
2016-03-22 09:53:47 +00:00 |
|
James Allen
|
de02928454
|
Merge branch 'master' into ja_email_tokens
|
2016-03-17 17:01:26 +00:00 |
|
James Allen
|
b7d226f434
|
Make privilege level check in EditorHttpController more explicit
|
2016-03-15 14:39:27 +00:00 |
|
Henry Oswald
|
76b3a78988
|
added lock around move element
|
2016-03-15 12:29:41 +00:00 |
|
James Allen
|
71ef045728
|
Implement authorization guards in Authorization{Manager,Controller}
|
2016-03-14 17:06:57 +00:00 |
|
James Allen
|
1bd8b8d1a3
|
Delete SecurityManager and replace with (unwritten) AuthorizationManager
|
2016-03-10 17:17:26 +00:00 |
|
James Allen
|
bedc8a0492
|
Remove ProjectGetter.populateProjectWithUsers
|
2016-03-07 15:25:10 +00:00 |
|
Henry Oswald
|
76591ebb23
|
made ProjectGetter.getProject more robust
it can deal with multiple types of query better, including mongoose ids which are not being matched like mongojs ids.
|
2016-02-29 19:01:46 +00:00 |
|
Henry Oswald
|
1e8523c227
|
don't emmit to room new entities if they errored.
|
2016-02-29 13:05:37 +00:00 |
|
Henry Oswald
|
8f0d1dc73e
|
add in the calls to block large projects
|
2016-02-29 13:05:17 +00:00 |
|
James Allen
|
6143b2218c
|
Send user_id on Dropbox requests through to doc updater
|
2016-02-04 14:27:00 +00:00 |
|
James Allen
|
d11d536994
|
Refactor adding and removing collaborators to not go through EditorController
|
2015-10-08 14:15:36 +01:00 |
|
Henry Oswald
|
3ecf201eda
|
send -> sendStatus
|
2015-07-08 16:56:38 +01:00 |
|
Henry Oswald
|
1cc0cbe8fc
|
split site into 2 routers, webRouter and apiRouter
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
|
2015-07-01 15:23:18 +01:00 |
|
James Allen
|
5c30a7de67
|
Add in option for global login requirement (defaults to on)
|
2015-04-15 11:14:53 +01:00 |
|
Henry Oswald
|
fe3b9bf07a
|
clients can not rename docs/files/folders to blank name.
Client and server side checks added
|
2015-03-04 11:10:59 +00:00 |
|
James Allen
|
6c387edbe2
|
Remove Dropbox front end logic from main sharelatex repo
|
2015-02-05 18:20:34 +00:00 |
|
James Allen
|
d7afb4e513
|
Clean up unused real-time code in web
|
2015-02-05 16:37:37 +00:00 |
|
Henry Oswald
|
bd77d0e020
|
add null check in on project
|
2014-12-12 10:27:14 +00:00 |
|
Henry Oswald
|
857d867191
|
added locks into editor controller for new/move/deletes
filesystem import manager uses the unlocked version
|
2014-11-26 15:32:23 +00:00 |
|
James Allen
|
970125b7a8
|
Check for null project in joinProject
|
2014-11-24 13:43:08 +00:00 |
|
Henry Oswald
|
cd8c233c05
|
Revert robust redis connection code
|
2014-11-19 15:06:05 +00:00 |
|
James Allen
|
8b9a26d6f3
|
Add in http health check end points for redis subscription channels
|
2014-11-19 14:12:37 +00:00 |
|
James Allen
|
d6532c63f8
|
Use new robust subscription model
|
2014-11-19 11:09:42 +00:00 |
|
Henry Oswald
|
ae897cb41d
|
try catch encodeURIComponent
|
2014-11-10 16:30:02 +00:00 |
|
James Allen
|
84c08edcf3
|
Factor out common joinProject logic to provide and HTTP end point for the real-time API
|
2014-11-07 12:31:47 +00:00 |
|
James Allen
|
9c5ae5adf4
|
Remove unused old update method
|
2014-11-07 09:39:17 +00:00 |
|
James Allen
|
e596b60af0
|
Move collaborator HTTP end points into the Collaborators feature
|
2014-11-06 14:39:40 +00:00 |
|
James Allen
|
5c3e8e6d88
|
Add and remove collaborators with HTTP requests, not websockets
|
2014-11-06 14:39:40 +00:00 |
|
Henry Oswald
|
30100f2a07
|
fixed badly called flushProjectToThirdPartyDataStore causing issues with initial drobox sync
|
2014-10-31 12:41:06 +00:00 |
|