Commit graph

93 commits

Author SHA1 Message Date
Shane Kilkelly
bb0dad3353 Safe access to potentially-null project 2017-10-05 14:19:21 +01:00
Shane Kilkelly
e4e558c0e6 Hide access tokens if user is not the project owner.
This prevents sneaky read-only users from sniffing out the read-write
link via the browser console.
2017-10-05 13:18:30 +01:00
Shane Kilkelly
6482cd7dd8 Generate tokens on old projects if they're not present 2017-10-04 16:31:24 +01:00
Shane Kilkelly
574b115022 Working token-based access 2017-09-27 14:01:52 +01:00
Shane Kilkelly
8460160076 Add a getInvitedMembersWithPrivilegeLevels function.
Then use it to build the loadProject view-model.
2017-09-20 10:02:43 +01:00
James Allen
ba62206b91 Refactor project name validation into one place and restrict /s 2017-05-19 17:42:24 +01:00
James Allen
8449b0417c Move all redis end points to be cluster compatible 2017-05-04 15:22:54 +01:00
Shane Kilkelly
0555154a24 Merge branch 'sk-fix-folder-creation' 2017-04-04 11:01:07 +01:00
Shane Kilkelly
043520fc28 Remove the Metrics module, use metrics-sharelatex 2017-04-03 16:18:30 +01:00
Shane Kilkelly
cc81eca902 Account for error being null 2017-03-31 10:46:13 +01:00
Shane Kilkelly
2c62acee0b Cleaner error reporting for addFolder endpoint 2017-03-31 10:31:03 +01:00
James Allen
293ba1fc4c Fetch all ranges from docstore when viewing overview panel 2016-12-09 15:43:08 +00:00
Shane Kilkelly
ce78b855a3 Add counts to log message 2016-08-16 11:33:14 +01:00
Shane Kilkelly
da40f54d55 Improve logging, add acceptance tests for joinProject json 2016-08-16 11:17:45 +01:00
Shane Kilkelly
b68af254ff Correct logic for bailing out with no privileges 2016-08-16 09:59:42 +01:00
Shane Kilkelly
dca1c9be5d Load invites on project load, rather than asynchronously. 2016-08-01 17:05:37 +01:00
James Allen
f182fbf396 Convert 'anonymous-user' from real-time api in 'null' internally 2016-03-22 09:53:47 +00:00
James Allen
de02928454 Merge branch 'master' into ja_email_tokens 2016-03-17 17:01:26 +00:00
James Allen
b7d226f434 Make privilege level check in EditorHttpController more explicit 2016-03-15 14:39:27 +00:00
Henry Oswald
76b3a78988 added lock around move element 2016-03-15 12:29:41 +00:00
James Allen
71ef045728 Implement authorization guards in Authorization{Manager,Controller} 2016-03-14 17:06:57 +00:00
James Allen
1bd8b8d1a3 Delete SecurityManager and replace with (unwritten) AuthorizationManager 2016-03-10 17:17:26 +00:00
James Allen
bedc8a0492 Remove ProjectGetter.populateProjectWithUsers 2016-03-07 15:25:10 +00:00
Henry Oswald
76591ebb23 made ProjectGetter.getProject more robust
it can deal with multiple types of query better, including mongoose ids which are not being matched like mongojs ids.
2016-02-29 19:01:46 +00:00
Henry Oswald
1e8523c227 don't emmit to room new entities if they errored. 2016-02-29 13:05:37 +00:00
Henry Oswald
8f0d1dc73e add in the calls to block large projects 2016-02-29 13:05:17 +00:00
James Allen
6143b2218c Send user_id on Dropbox requests through to doc updater 2016-02-04 14:27:00 +00:00
James Allen
d11d536994 Refactor adding and removing collaborators to not go through EditorController 2015-10-08 14:15:36 +01:00
Henry Oswald
3ecf201eda send -> sendStatus 2015-07-08 16:56:38 +01:00
Henry Oswald
1cc0cbe8fc split site into 2 routers, webRouter and apiRouter
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
2015-07-01 15:23:18 +01:00
James Allen
5c30a7de67 Add in option for global login requirement (defaults to on) 2015-04-15 11:14:53 +01:00
Henry Oswald
fe3b9bf07a clients can not rename docs/files/folders to blank name.
Client and server side checks added
2015-03-04 11:10:59 +00:00
James Allen
6c387edbe2 Remove Dropbox front end logic from main sharelatex repo 2015-02-05 18:20:34 +00:00
James Allen
d7afb4e513 Clean up unused real-time code in web 2015-02-05 16:37:37 +00:00
Henry Oswald
bd77d0e020 add null check in on project 2014-12-12 10:27:14 +00:00
Henry Oswald
857d867191 added locks into editor controller for new/move/deletes
filesystem import manager uses the unlocked version
2014-11-26 15:32:23 +00:00
James Allen
970125b7a8 Check for null project in joinProject 2014-11-24 13:43:08 +00:00
Henry Oswald
cd8c233c05 Revert robust redis connection code 2014-11-19 15:06:05 +00:00
James Allen
8b9a26d6f3 Add in http health check end points for redis subscription channels 2014-11-19 14:12:37 +00:00
James Allen
d6532c63f8 Use new robust subscription model 2014-11-19 11:09:42 +00:00
Henry Oswald
ae897cb41d try catch encodeURIComponent 2014-11-10 16:30:02 +00:00
James Allen
84c08edcf3 Factor out common joinProject logic to provide and HTTP end point for the real-time API 2014-11-07 12:31:47 +00:00
James Allen
9c5ae5adf4 Remove unused old update method 2014-11-07 09:39:17 +00:00
James Allen
e596b60af0 Move collaborator HTTP end points into the Collaborators feature 2014-11-06 14:39:40 +00:00
James Allen
5c3e8e6d88 Add and remove collaborators with HTTP requests, not websockets 2014-11-06 14:39:40 +00:00
Henry Oswald
30100f2a07 fixed badly called flushProjectToThirdPartyDataStore causing issues with initial drobox sync 2014-10-31 12:41:06 +00:00
Henry Oswald
011bdc4617 explicitly set the file types to delete
the wild card version can get mixed up with app.del  '/project/:project_id/contents/*', httpAuth, TpdsController.deleteProjectContents
2014-10-24 12:01:52 +01:00
James Allen
46ecaf9f6c Fix broken argument signature of addFolder 2014-10-16 11:27:10 +01:00
James Allen
7e9318814d Send source of update to doc updater on setDocument request 2014-10-15 15:36:08 +01:00
James Allen
6800c1a15e Track the source of updates through the system on adding/updating of docs and files 2014-10-15 15:18:31 +01:00