Commit graph

108 commits

Author SHA1 Message Date
Hayden Faulds
ca15fdb6eb pass userId to EditorHttpController.deleteEntity 2017-12-18 15:15:36 +00:00
Hayden Faulds
5f6686ed3b pass userId to ProjectEntityHandler.deleteEntity 2017-12-18 15:15:36 +00:00
Hayden Faulds
feee582368 pass user_id into EditorController.replaceFile 2017-12-04 09:42:09 +00:00
Hayden Faulds
08891c7a7f pass userId into ProjectEntityHandler.replaceFile 2017-12-04 09:42:09 +00:00
Hayden Faulds
980e43e478 pass user_id into EditorController.addDoc 2017-12-04 09:42:09 +00:00
Hayden Faulds
e4ca3bc5ad pass user_id into EditorController.addDocWithoutLock 2017-12-04 09:42:09 +00:00
Hayden Faulds
300f76bc5c pass user_id into ProjectEntityHandler.addDoc / addDocWithProject 2017-12-04 09:42:09 +00:00
Hayden Faulds
953dba0ede pass userId into Editorcontroller.addFile / addFileWithoutLock 2017-12-04 09:42:09 +00:00
Hayden Faulds
42a1deaaca pass userId into ProjectEntityHandler.addFile 2017-12-04 09:42:09 +00:00
Hayden Faulds
06116dc956 version moving entities 2017-11-08 13:11:17 +00:00
Hayden Faulds
929b9996d3 version doc renames 2017-11-08 13:11:17 +00:00
Shane Kilkelly
8561b69ee9 Remove tokenMembers sync to clients 2017-10-25 11:29:05 +01:00
Shane Kilkelly
eab77aba91 Abstract away the token-protection logic 2017-10-19 16:26:01 +01:00
Shane Kilkelly
d8717a06a2 Fix track-changes with token-access 2017-10-19 14:42:17 +01:00
Shane Kilkelly
ac513a1355 Refactor to not pass req down into Auth modules 2017-10-13 11:20:57 +01:00
Shane Kilkelly
bb0dad3353 Safe access to potentially-null project 2017-10-05 14:19:21 +01:00
Shane Kilkelly
e4e558c0e6 Hide access tokens if user is not the project owner.
This prevents sneaky read-only users from sniffing out the read-write
link via the browser console.
2017-10-05 13:18:30 +01:00
Shane Kilkelly
6482cd7dd8 Generate tokens on old projects if they're not present 2017-10-04 16:31:24 +01:00
Shane Kilkelly
574b115022 Working token-based access 2017-09-27 14:01:52 +01:00
Shane Kilkelly
8460160076 Add a getInvitedMembersWithPrivilegeLevels function.
Then use it to build the loadProject view-model.
2017-09-20 10:02:43 +01:00
James Allen
ba62206b91 Refactor project name validation into one place and restrict /s 2017-05-19 17:42:24 +01:00
James Allen
8449b0417c Move all redis end points to be cluster compatible 2017-05-04 15:22:54 +01:00
Shane Kilkelly
0555154a24 Merge branch 'sk-fix-folder-creation' 2017-04-04 11:01:07 +01:00
Shane Kilkelly
043520fc28 Remove the Metrics module, use metrics-sharelatex 2017-04-03 16:18:30 +01:00
Shane Kilkelly
cc81eca902 Account for error being null 2017-03-31 10:46:13 +01:00
Shane Kilkelly
2c62acee0b Cleaner error reporting for addFolder endpoint 2017-03-31 10:31:03 +01:00
James Allen
293ba1fc4c Fetch all ranges from docstore when viewing overview panel 2016-12-09 15:43:08 +00:00
Shane Kilkelly
ce78b855a3 Add counts to log message 2016-08-16 11:33:14 +01:00
Shane Kilkelly
da40f54d55 Improve logging, add acceptance tests for joinProject json 2016-08-16 11:17:45 +01:00
Shane Kilkelly
b68af254ff Correct logic for bailing out with no privileges 2016-08-16 09:59:42 +01:00
Shane Kilkelly
dca1c9be5d Load invites on project load, rather than asynchronously. 2016-08-01 17:05:37 +01:00
James Allen
f182fbf396 Convert 'anonymous-user' from real-time api in 'null' internally 2016-03-22 09:53:47 +00:00
James Allen
de02928454 Merge branch 'master' into ja_email_tokens 2016-03-17 17:01:26 +00:00
James Allen
b7d226f434 Make privilege level check in EditorHttpController more explicit 2016-03-15 14:39:27 +00:00
Henry Oswald
76b3a78988 added lock around move element 2016-03-15 12:29:41 +00:00
James Allen
71ef045728 Implement authorization guards in Authorization{Manager,Controller} 2016-03-14 17:06:57 +00:00
James Allen
1bd8b8d1a3 Delete SecurityManager and replace with (unwritten) AuthorizationManager 2016-03-10 17:17:26 +00:00
James Allen
bedc8a0492 Remove ProjectGetter.populateProjectWithUsers 2016-03-07 15:25:10 +00:00
Henry Oswald
76591ebb23 made ProjectGetter.getProject more robust
it can deal with multiple types of query better, including mongoose ids which are not being matched like mongojs ids.
2016-02-29 19:01:46 +00:00
Henry Oswald
1e8523c227 don't emmit to room new entities if they errored. 2016-02-29 13:05:37 +00:00
Henry Oswald
8f0d1dc73e add in the calls to block large projects 2016-02-29 13:05:17 +00:00
James Allen
6143b2218c Send user_id on Dropbox requests through to doc updater 2016-02-04 14:27:00 +00:00
James Allen
d11d536994 Refactor adding and removing collaborators to not go through EditorController 2015-10-08 14:15:36 +01:00
Henry Oswald
3ecf201eda send -> sendStatus 2015-07-08 16:56:38 +01:00
Henry Oswald
1cc0cbe8fc split site into 2 routers, webRouter and apiRouter
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
2015-07-01 15:23:18 +01:00
James Allen
5c30a7de67 Add in option for global login requirement (defaults to on) 2015-04-15 11:14:53 +01:00
Henry Oswald
fe3b9bf07a clients can not rename docs/files/folders to blank name.
Client and server side checks added
2015-03-04 11:10:59 +00:00
James Allen
6c387edbe2 Remove Dropbox front end logic from main sharelatex repo 2015-02-05 18:20:34 +00:00
James Allen
d7afb4e513 Clean up unused real-time code in web 2015-02-05 16:37:37 +00:00
Henry Oswald
bd77d0e020 add null check in on project 2014-12-12 10:27:14 +00:00