Shane Kilkelly
d8486afe5d
Account for higher-access in the token read-only path too
2017-11-01 14:01:00 +00:00
Shane Kilkelly
9984ab081e
Generalise the higher-access logic for read-write token path
2017-11-01 11:50:04 +00:00
Shane Kilkelly
ec94e59388
Fix error-handling in setPublicAccessLevel
2017-10-26 16:39:24 +01:00
Shane Kilkelly
e16c8aa8be
Add unit tests for userIsTokenMember
2017-10-25 16:09:16 +01:00
Shane Kilkelly
8561b69ee9
Remove tokenMembers sync to clients
2017-10-25 11:29:05 +01:00
Shane Kilkelly
dc39e447b2
Change findAllUsersProjects
, produce and object rather than lists
2017-10-20 11:49:20 +01:00
Shane Kilkelly
0e44b319db
Change anonToken
and such to anonymousAccessToken
2017-10-20 10:10:21 +01:00
Shane Kilkelly
eab77aba91
Abstract away the token-protection logic
2017-10-19 16:26:01 +01:00
Shane Kilkelly
22795981b9
Add tests to check when tokens are never activated
2017-10-19 15:22:44 +01:00
Shane Kilkelly
d8717a06a2
Fix track-changes with token-access
2017-10-19 14:42:17 +01:00
Shane Kilkelly
43f1cb7d64
Add unit test for token-based access, particularly anon-read-write
2017-10-18 15:31:03 +01:00
Shane Kilkelly
7d2bde85ff
Add a setting to enable anonymous read-and-write link sharing
2017-10-18 13:04:37 +01:00
Shane Kilkelly
9c247d5f59
On project list, only show projects once, with max access
2017-10-17 11:10:31 +01:00
Shane Kilkelly
855fe2e143
If user is project owner, don't add them as a token user
2017-10-16 16:44:20 +01:00
Shane Kilkelly
5fb86441f6
Add acceptance tests for private-overleaf-project
...
... when accessed via the read-write token by the owner
2017-10-16 14:15:50 +01:00
Shane Kilkelly
ad999a72b6
If a token-based project not found, check private overleaf project
2017-10-16 13:20:15 +01:00
Shane Kilkelly
ac513a1355
Refactor to not pass req
down into Auth modules
2017-10-13 11:20:57 +01:00
Shane Kilkelly
dcf601fe80
Only show token-based projects if accessLevel is set to token-based
2017-10-12 15:47:29 +01:00
Shane Kilkelly
9a7c8c5842
Revert "Remove remaining traces of UserStub"
...
This reverts commit ab6b4c32254a20b940c489b8b5b56237433cc0f6.
2017-10-12 15:08:48 +01:00
Shane Kilkelly
16416463c6
Update removeUserFromProject
to account for token-access
2017-10-12 11:49:02 +01:00
Shane Kilkelly
1a4ffe7708
Remove un-necessary call to getProject
from archiveProject
path
2017-10-09 11:30:55 +01:00
Shane Kilkelly
29a584996f
Flesh out acceptance tests for token access
2017-10-06 16:26:47 +01:00
Shane Kilkelly
b5bed1837e
Start acceptance tests for token-based access
2017-10-06 15:58:03 +01:00
Shane Kilkelly
91abb6eed6
If project is not tokenBased, don't count members of token arrays
2017-10-06 15:57:22 +01:00
Shane Kilkelly
b8d90a1a99
Show token-access projects on the dashboard
2017-10-05 13:20:06 +01:00
Shane Kilkelly
6482cd7dd8
Generate tokens on old projects if they're not present
2017-10-04 16:31:24 +01:00
Shane Kilkelly
7b33f8b4c2
Unit test TokenAccessController
2017-10-03 14:04:59 +01:00
Shane Kilkelly
ede497f4b3
Unit test TokenAccessHandler
2017-10-03 10:02:26 +01:00
Shane Kilkelly
574b115022
Working token-based access
2017-09-27 14:01:52 +01:00
Shane Kilkelly
ee32648bf4
Order privileges by highest-to-lowest
2017-09-22 15:55:38 +01:00
Shane Kilkelly
562b2db600
Fix unit test
2017-09-21 15:01:40 +01:00
Shane Kilkelly
7dc759482c
Fix how adding user to project works in acceptance tests
2017-09-21 11:43:16 +01:00
Shane Kilkelly
931ba56e33
Add an 'owner' source tag, for the project owner
2017-09-21 09:35:25 +01:00
Shane Kilkelly
ef7e1ceabf
Rename functions to make distinction between invited/token members
2017-09-21 09:30:38 +01:00
Shane Kilkelly
91ec0da239
Use the invitedMembers function for sending tpds updates
2017-09-20 15:48:20 +01:00
Shane Kilkelly
574baf386e
Alter getProjectsUserIsMemberOf
to include token-access projects.
...
Also change the api to produce an object with the different project lists
attached, rather than a pair of lists.
2017-09-20 15:26:03 +01:00
Shane Kilkelly
ceb7c509d0
Rename getProjectsUserIsCollaboratorOf
to ...IsMemberOf
...
This brings the naming more in line with current conventions.
2017-09-20 13:16:50 +01:00
Shane Kilkelly
069f49d5a6
Change getCollaboratorCount
to getInvitedCollaboratorCount
.
...
And update the one call-site in LimitationsManager. This function
is used to limit invites, so it makes sense to explicitely limit
this to Invited members of the project.
2017-09-20 10:29:47 +01:00
Shane Kilkelly
8460160076
Add a getInvitedMembersWithPrivilegeLevels
function.
...
Then use it to build the loadProject view-model.
2017-09-20 10:02:43 +01:00
Shane Kilkelly
cf54989e6a
Add a getInvitedMemberIds
function
...
Limited to only members who were invited to the project, not users
who have access via a token.
2017-09-20 09:36:56 +01:00
Shane Kilkelly
06966f67db
Differentiate project members by source, include token members
2017-09-20 09:35:19 +01:00
Shane Kilkelly
a06f4b6b28
Remove remaining traces of UserStub
2017-09-19 16:16:39 +01:00
Shane Kilkelly
7919d5342b
Remove obsolete add-email-to-project workflow
2017-09-19 15:57:19 +01:00
Henry Oswald
a7217f1d37
Merge branch 'ho-csrf-acceptence-tests'
2017-09-15 13:50:17 +01:00
Brian Gough
1bca1e11a9
fix broken unit test
2017-09-15 09:20:53 +01:00
Brian Gough
9f9c15f6f5
Merge pull request #599 from sharelatex/bg-reset-project-state
...
clear docupdater project state in deleteAuxFiles
2017-09-15 09:09:29 +01:00
Brian Gough
28a80cf23d
Merge pull request #604 from sharelatex/bg-fix-root-doc-in-incremental-compile
...
fix root doc in incremental compile
2017-09-13 13:47:22 +01:00
Tim Alby
a04adbf132
remove extra security headers
2017-09-13 11:53:11 +02:00
Brian Gough
51eb94a493
handle incremental compile without root doc
2017-09-13 10:10:44 +01:00
Tim Alby
d6834ff417
add security headers using Helmet
...
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
- a user is logged in, OR
- a project is displayed
2017-09-12 11:17:59 +02:00