Shane Kilkelly
e4e558c0e6
Hide access tokens if user is not the project owner.
...
This prevents sneaky read-only users from sniffing out the read-write
link via the browser console.
2017-10-05 13:18:30 +01:00
Shane Kilkelly
6482cd7dd8
Generate tokens on old projects if they're not present
2017-10-04 16:31:24 +01:00
Shane Kilkelly
b6c2a8f7f7
Tidy up callbacks
2017-10-03 14:14:22 +01:00
Shane Kilkelly
7b33f8b4c2
Unit test TokenAccessController
2017-10-03 14:04:59 +01:00
Shane Kilkelly
ede497f4b3
Unit test TokenAccessHandler
2017-10-03 10:02:26 +01:00
Shane Kilkelly
11249c070c
Remove commented-out code
2017-10-02 14:50:43 +01:00
Shane Kilkelly
ea7d7c604e
Remove token header from angular $http
2017-10-02 14:44:03 +01:00
Shane Kilkelly
9f24f696a5
Use custom header, send anonToken in payload to joinProject
2017-09-29 16:32:07 +01:00
Shane Kilkelly
34d4d1360f
Anon read-token: add an Authorization header to $http
2017-09-29 15:54:55 +01:00
Shane Kilkelly
a66cb15f48
Use angular $http
service for spellcheck
2017-09-29 14:55:06 +01:00
Shane Kilkelly
f74da0e6cf
Use angular $http
service for references
2017-09-29 14:51:00 +01:00
Shane Kilkelly
e04d10d11f
Styling of link-share, and fix read-only link
2017-09-29 10:59:30 +01:00
Shane Kilkelly
df338ebd6d
Show tokens in share modal
2017-09-29 10:11:23 +01:00
Shane Kilkelly
9810f63245
Render editor for token access, stub out ui changes
2017-09-28 16:06:08 +01:00
Shane Kilkelly
4552f3be67
Move the getPublicAccessLevel
helper to top-level of module
2017-09-28 10:53:35 +01:00
Shane Kilkelly
27dcf6c4c5
Fix a typo causing double-callbacks
2017-09-28 10:37:57 +01:00
Shane Kilkelly
574b115022
Working token-based access
2017-09-27 14:01:52 +01:00
Shane Kilkelly
ee32648bf4
Order privileges by highest-to-lowest
2017-09-22 15:55:38 +01:00
Shane Kilkelly
81170d472d
Add token-access routes
2017-09-22 14:54:35 +01:00
Shane Kilkelly
95292a2e55
Add unique index to token properties
2017-09-21 15:06:42 +01:00
Shane Kilkelly
441c207953
Generate tokens by default
2017-09-21 15:04:15 +01:00
Shane Kilkelly
562b2db600
Fix unit test
2017-09-21 15:01:40 +01:00
Shane Kilkelly
abe41b6948
Fix projection in project query
2017-09-21 13:37:10 +01:00
Shane Kilkelly
7dc759482c
Fix how adding user to project works in acceptance tests
2017-09-21 11:43:16 +01:00
Shane Kilkelly
863d327743
Change logic to exclude token users
2017-09-21 11:02:55 +01:00
Shane Kilkelly
931ba56e33
Add an 'owner' source tag, for the project owner
2017-09-21 09:35:25 +01:00
Shane Kilkelly
ef7e1ceabf
Rename functions to make distinction between invited/token members
2017-09-21 09:30:38 +01:00
Shane Kilkelly
91ec0da239
Use the invitedMembers function for sending tpds updates
2017-09-20 15:48:20 +01:00
Shane Kilkelly
574baf386e
Alter getProjectsUserIsMemberOf
to include token-access projects.
...
Also change the api to produce an object with the different project lists
attached, rather than a pair of lists.
2017-09-20 15:26:03 +01:00
Shane Kilkelly
ceb7c509d0
Rename getProjectsUserIsCollaboratorOf
to ...IsMemberOf
...
This brings the naming more in line with current conventions.
2017-09-20 13:16:50 +01:00
Shane Kilkelly
069f49d5a6
Change getCollaboratorCount
to getInvitedCollaboratorCount
.
...
And update the one call-site in LimitationsManager. This function
is used to limit invites, so it makes sense to explicitely limit
this to Invited members of the project.
2017-09-20 10:29:47 +01:00
Shane Kilkelly
8460160076
Add a getInvitedMembersWithPrivilegeLevels
function.
...
Then use it to build the loadProject view-model.
2017-09-20 10:02:43 +01:00
Shane Kilkelly
cf54989e6a
Add a getInvitedMemberIds
function
...
Limited to only members who were invited to the project, not users
who have access via a token.
2017-09-20 09:36:56 +01:00
Shane Kilkelly
fc202439ab
Read-only privelege for anonymous access
2017-09-20 09:36:06 +01:00
Shane Kilkelly
06966f67db
Differentiate project members by source, include token members
2017-09-20 09:35:19 +01:00
Shane Kilkelly
a06f4b6b28
Remove remaining traces of UserStub
2017-09-19 16:16:39 +01:00
Shane Kilkelly
7919d5342b
Remove obsolete add-email-to-project workflow
2017-09-19 15:57:19 +01:00
Shane Kilkelly
c87df7be79
Add token-access user refs to Project
2017-09-19 09:27:22 +01:00
Shane Kilkelly
8fece2d5f0
Add tokenBased
access level
2017-09-18 10:58:13 +01:00
Shane Kilkelly
2011432120
Add tokens property to Project model
2017-09-18 10:27:28 +01:00
Henry Oswald
a7217f1d37
Merge branch 'ho-csrf-acceptence-tests'
2017-09-15 13:50:17 +01:00
James Allen
adf211a226
Merge pull request #594 from sharelatex/ja-include-token-in-project-schema
...
Include OL tokens in project schema
2017-09-15 11:41:24 +02:00
Brian Gough
1bca1e11a9
fix broken unit test
2017-09-15 09:20:53 +01:00
Brian Gough
9f9c15f6f5
Merge pull request #599 from sharelatex/bg-reset-project-state
...
clear docupdater project state in deleteAuxFiles
2017-09-15 09:09:29 +01:00
Brian Gough
28a80cf23d
Merge pull request #604 from sharelatex/bg-fix-root-doc-in-incremental-compile
...
fix root doc in incremental compile
2017-09-13 13:47:22 +01:00
Tim Alby
a04adbf132
remove extra security headers
2017-09-13 11:53:11 +02:00
Brian Gough
51eb94a493
handle incremental compile without root doc
2017-09-13 10:10:44 +01:00
Brian Gough
0e87b8950e
update clearProjectState endpoint
2017-09-12 11:40:00 +01:00
Shane Kilkelly
54070c7734
pin chai
2017-09-12 11:21:34 +01:00
Tim Alby
d6834ff417
add security headers using Helmet
...
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
- a user is logged in, OR
- a project is displayed
2017-09-12 11:17:59 +02:00