agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-02 13:49:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
27,955 Commits 3 Branches 19 Tags
0637de80393f8a5cdca4d39fa1ea77b829f20a0d
Commit Graph

60 Commits

Author SHA1 Message Date
Copilot 35906b4018 Deduplicate users in checkUserListPermissions to avoid redundant permission checks (#29461) 
* Fix duplicate permission checks for same user

Deduplicate user list in checkUserListPermissions before running expensive checks.
Handles ObjectId vs string comparison by converting to string.
Adds tests to verify deduplication works correctly.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: thomas- <2176518+thomas-@users.noreply.github.com>
GitOrigin-RevId: 96eede1cbeb18b807deaca7d4c370aef5c48c4bc
 2026-02-05 09:06:17 +00:00
Andrew Rumble beb6f6d484 Merge pull request #29597 from overleaf/ar-last-features-esm-conversion 
[web] last features esm conversion

GitOrigin-RevId: a35ab995bf654f1cdfe0e0062d8806761ecccf2d
 2025-11-21 09:05:36 +00:00
Andrew Rumble 4f02a85aa4 Update paths 
GitOrigin-RevId: 399c594dd1bbf739d91874df6be3b70e57fe01e3
 2025-11-06 09:05:57 +00:00
Andrew Rumble b7c883ac38 Convert tests to ESM 
GitOrigin-RevId: 20585e01dee90e691476a0d47fd5c63b0412e4a6
 2025-10-23 08:06:15 +00:00
Andrew Rumble 0d73904c4b Rename files 
GitOrigin-RevId: 7e8fde9258e71ab3649d1d83addeb5164d8b4251
 2025-10-23 08:06:05 +00:00
Antoine Clausse 33e63d79fc Merge pull request #28584 from overleaf/ac-some-web-esm-migration-5 
[web] Convert some Features files to ES modules (part 5)

GitOrigin-RevId: 0cad67f9afe0095e2b066bf2f4d3717c00540dab
 2025-10-08 08:06:15 +00:00
Antoine Clausse 71f0b28a84 [web] Convert some Features files to ES modules (part 3) (#28494) 
* Rename files to mjs

* Rename test files to mjs

* Update CODEOWNERS

* Update files to ESM

* Update test files to ESM

* Update RestoreManager.test.mjs

* Remove unused `AdminAuthorizationHelper` mock and stub

* Remove unnecessary return

GitOrigin-RevId: 2b9ef126de1d8964afbc6e5641cca36712655866
 2025-09-17 08:05:02 +00:00
Antoine Clausse 86e74b9228 [web] Update admin permissions to view/modify project contents (#28162) 
* Split capability definitions `modify-project`/`view-project` into `modify-project-content`/`modify-project-setting`/`view-project-content`/`view-project-setting`

* Add admin capabilities check in AuthorizationManager

* Update checks in router

* Update frontend checks

* Remove UI elements for admins without `view-project-content`

* Update tests

* Remove `modify-project-content` from the roles' capabilities

* Update tests

* Add "with admin roles" tests in AuthorizationTests.mjs

GitOrigin-RevId: 3311bcb2da792968927b5b3703b24e069d0baf5b
 2025-09-05 08:05:08 +00:00
Domagoj Kriskovic f65f567380 Add getThread in Chat service and use it in AuthorizationMiddleware (#28041) 
* Add getThread in Chat service and use it in AuthorizationMiddleware

* ensure user_id is a string, not ObjectId

* fix tests

GitOrigin-RevId: 42d63366b9b9350d7cdbcbc3b9f4761d9f55b49a
 2025-08-25 08:05:25 +00:00
Brian Gough f5dbbadf79 add option to disable link sharing (#27626) 
* add option to remove link-sharing from backend

* restrict make link-sharing in the frontend based on capability

* extend e2e project-sharing tests to cover OVERLEAF_DISABLE_LINK_SHARING=true

* throw an error when link sharing is disabled in TokenAccessHandler

* throw errors when attempting to add users to projects with link sharing disabled

* Update server-ce/test/project-sharing.spec.ts

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* add tests for existing access when link sharing is disabled

* update tests to specify access restrictions for read-only and read-write link shared projects

* [web] block access to legacy public project with link-sharing disabled

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 5f194dbcb790e973e427c58a3a4a738a5dd74cb4
 2025-08-20 08:05:33 +00:00
Antoine Clausse 422e892231 [web] Map admin capabilities to project PrivilegeLevels (#27488) 
* Add capability `copy-project`

* Check `copy-project` (frontend)

* Update tests

* Suggestion: map `modify-project`-`PrivilegeLevels.OWNER` and `view-project`-`PrivilegeLevels.READ_ONLY`

* Suggestion: remove capability `copy-project`. Use `view-project` instead

* Revert unrelated changes

* Add tests on AuthorizationManager when `adminRolesEnabled`

* Update `Modules.promises.hooks.fire` stubs with `.withArgs('getAdminCapabilities')`

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

* Use `getAdminCapabilities` from AdminAuthorizationHelper.js

---------

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: 61167509c4a035c99831a5b0346347c2e6b5fae0
 2025-08-08 08:07:59 +00:00
Jakob Ackermann 6cbacc8cb7 [web] fetch project once for joinProject (#25667) 
* [web] fetch project once for joinProject

* [web] await all the nested helpers for getting privilege levels

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>

---------

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: f0280c36ef995b417ccdab15014f05954e18c5f0
 2025-06-03 08:06:13 +00:00
Andrew Rumble 2ad9f36706 Promisify tests 
GitOrigin-RevId: 6f413f4c5ef8d034b4e94afacdf2d7b43c3a8830
 2025-04-29 08:05:18 +00:00
Miguel Serrano 8ff8e7a4bf Merge pull request #23006 from overleaf/msm-chat-capabilities-poc-2 
[web] Add option to disable chat for subscription

GitOrigin-RevId: 0052d060c74c39400496f7f9f54c820398d60012
 2025-01-31 09:05:18 +00:00
Domagoj Kriskovic ff9ee2f5a9 Use "can write or review project content" authorization middleware (#23111) 
GitOrigin-RevId: c5d1cb955e5833347f7e0c3610c5b8d768026478
 2025-01-29 09:05:33 +00:00
Domagoj Kriskovic 09195a9b5d Allow reviewers to reopen comment threads (#23075) 
GitOrigin-RevId: 065acf5931213c288dbdcb3bc06da988b094a1f4
 2025-01-27 09:05:10 +00:00
Domagoj Kriskovic 7e5a0a9bea Delete unused canUserReviewProjectContent function (#23073) 
GitOrigin-RevId: 5c2e17a44623916e494a24bf18dbff4e846734d3
 2025-01-27 09:05:02 +00:00
Domagoj Kriskovic 48d08f5b28 Allow reviewers to delete their own comment threads (#23044) 
GitOrigin-RevId: 2165e0f549c9df923fb1c124a7622a49d579c2e3
 2025-01-24 09:05:35 +00:00
Domagoj Kriskovic 741b65d0eb Add ensureUserCanSendComment authorization middleware (#22959) 
* Add ensureUserCanSendComment authorization middleware

* added tests

GitOrigin-RevId: d1f58bd6bc63275456e5280ccb8c99aaa02c4e5f
 2025-01-21 09:05:53 +00:00
Domagoj Kriskovic 30ebad91b7 Allow reviewers to resolve their own comments (#22582) 
* Allow reviewers to resolve their own comments

* check if reviewer is comment author

* add missing translation

* add CommentsController tests

* added DocumentManagerTests

* added HttpControllerTests

* Add AuthorizationManagerTests

* added AuthorizationMiddlewareTests

* added DocumentUpdaterHandler test

* fix test descriptions

* remove returns from CommentsControllerTests

* use ensureUserCanResolveThread in authorizationMiddleware

* move canResolveThread to AuthorizationManager

* commentId as param in NotFoundError

* refactor canUserResolveThread

GitOrigin-RevId: 131c3d1eb9ac916eaaa9221d351a92bc07b80cdc
 2025-01-14 09:05:11 +00:00
andrew rumble 032deaf05c Switch to mongodb-legacy 
GitOrigin-RevId: 11e09528c153de6b7766d18c3c90d94962190371
 2024-08-21 08:04:24 +00:00
Jimmy Domagala-Tang 918c3e7e33 Merge pull request #19301 from overleaf/jdt-collaborator-ai-usage 
Prevent AI usage on projects where collaborators have a blocking policy

GitOrigin-RevId: 93bdd9c5accff51a14f0585249e13ed7f1fa4e53
 2024-07-26 08:04:35 +00:00
Jimmy Domagala-Tang 007cc42477 Merge pull request #19152 from overleaf/jdt-project-permissions 
Allow checking permissions for all users on a project and rename checkPermissions -> AssertPermissions

GitOrigin-RevId: 511356cf2fe68367e284347e68e59f6116bd0f80
 2024-07-03 08:04:19 +00:00
Jimmy Domagala-Tang 271700893a Merge pull request #18784 from overleaf/bg-allow-combined-group-policies 
allow combined group policies

GitOrigin-RevId: b23fb0454f794e9094e8e15e732b4322a48ac1ee
 2024-06-24 12:04:13 +00:00
Jessica Lawshe cb3f70f7ab Merge pull request #17289 from overleaf/jel-permissions-controller 
[web] Move user permissions check to manager

GitOrigin-RevId: 8c59d053da3d8d452cd424b04baa05f5d7d9057a
 2024-02-29 09:04:37 +00:00
Brian Gough ec923c2144 Merge pull request #16194 from overleaf/bg-group-sso-fix-default-permission-check 
fix default permission check for group sso

GitOrigin-RevId: b78c3dd26d852822f06c44c2aef79daea36fc2bd
 2023-12-14 09:03:16 +00:00
Brian Gough d3adcff0f1 Merge pull request #15544 from overleaf/bg-misc-use-literal-paths 
Replace APP_ROOT and other variables with literal paths in web imports

GitOrigin-RevId: 138f03ad9355c8c6c92a206b0e54573234a6f65d
 2023-11-02 08:53:03 +00:00
Brian Gough d2f470450e Merge pull request #13933 from overleaf/bg-managed-users-add-missing-jsdoc-param 
refactor getUserValidationStatus in PermissionsManager

GitOrigin-RevId: 80ef8142d3556e47e1d6cb323148f1f1042057aa
 2023-07-21 08:04:40 +00:00
Brian Gough f80100fba1 Merge pull request #13662 from overleaf/bg-managed-users-fix-subscription-validator 
fix subscription validator for managed users

GitOrigin-RevId: 765c1c11850090f57327fc8b4255d41a16514472
 2023-07-17 11:01:27 +00:00
Brian Gough 8cca5d3316 Merge pull request #13366 from overleaf/bg-group-policy 
Add permission system for managed users

GitOrigin-RevId: 9d7b38c594cc77204dbee22c92263d002fc8778f
 2023-07-17 10:39:38 +00:00
Mathias Jakobsen b5e2604041 [web] Upgrade restricted user access if they are invited members (#9401) 
* [web] Upgrade restricted user access if they are invited members

Previously, if a user joined a project via a read-only link and later on
joined the project via an invite, we would still treat them as
restricted users, disabling chat and commenting. This patch changes
that, so that we do *not* consider an invited user restricted.

GitOrigin-RevId: e2acdfd29cc0687cb7276310a9c96d697087b21a
 2022-09-28 08:06:44 +00:00
Jakob Ackermann 4d18dcb377 Merge pull request #7210 from overleaf/jpa-switch-to-admin 
[web] add a button for switching to the admin domain from www.

GitOrigin-RevId: 7e14b9c1415ef6cad5f369d77530599bac3148e7
 2022-04-05 12:19:00 +00:00
Jakob Ackermann c8866bbda0 Merge pull request #7094 from overleaf/jpa-redirect-admin-requests 
[web] redirect admin users from admin endpoints to the admin domain

GitOrigin-RevId: a4bd7d4f998615efcb46ae9866868af9489c94f5
 2022-04-05 12:18:51 +00:00
Jakob Ackermann e82a053c85 Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app 
[misc] move admin capability from www. to admin. subdomain

GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459
 2022-04-05 12:18:24 +00:00
Alf Eaton 50df230846 [web] Upgrade Prettier to match version in monorepo root (#6231) 
GitOrigin-RevId: 02f97af1b9704782eee77a0b7dfc477ada23e34d
 2022-01-11 09:03:23 +00:00
Eric Mc Sween a10c042e20 Merge pull request #4947 from overleaf/em-project-rename-for-owners-only 
Prevent collaborators from renaming a project

GitOrigin-RevId: 94d12e25592fea55b84427aeae78f7bb2a544a58
 2021-09-14 08:03:38 +00:00
Alexandre Bourdin 9468e5cb4f Merge pull request #4338 from overleaf/ab-session-manager 
Extract functions from AuthenticationController to SessionManager

GitOrigin-RevId: 86870ce03a762e1a837dcf493759e8851e759883
 2021-07-28 12:36:22 +00:00
Jakob Ackermann 5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module 
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
 2021-07-08 02:08:28 +00:00
Alf Eaton 1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma 
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
 2021-04-28 02:10:01 +00:00
Alf Eaton 1ebc8a79cb Merge pull request #3495 from overleaf/ae-prettier-2 
Upgrade Prettier to v2

GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
 2021-04-15 02:05:22 +00:00
Eric Mc Sween 9ddaa8c9f6 Merge pull request #3830 from overleaf/em-upgrade-node-12 
Upgrade to Node 12

GitOrigin-RevId: 19870922884b7c98e7e5f2c94df21829672d2db5
 2021-04-01 02:05:52 +00:00
Alf Eaton 2ff1cf43d6 Merge pull request #3470 from overleaf/eslint 
Upgrade and configure ESLint

GitOrigin-RevId: ad5aeaf85e72c847a125ff3a9db99a12855e38aa
 2020-12-16 03:08:28 +00:00
Jakob Ackermann 6eeb7857e3 Merge pull request #3390 from overleaf/jpa-faster-unit-tests 
[perf] faster unit tests

GitOrigin-RevId: 188b8f3752638fde7a27a8d83b416bb9a6e3c95e
 2020-11-28 03:04:01 +00:00
Jakob Ackermann b3197b5f12 [misc] back-fill stubbing of mongodb package in sandboxed-module imports (#3209) 
* [misc] back-fill stubbing of mongodb package in sandboxed-module imports

Unit tests are about 10 percent faster: 9m16s vs 10m8s.

* [misc] stubs: app code should have access to the ObjectId only

GitOrigin-RevId: 9a52186e190863c9463b3aeb98c3db68011926e4
 2020-10-06 02:04:22 +00:00
Jakob Ackermann 018a44eeb5 Merge pull request #3185 from overleaf/jpa-normalize-mongo-imports 
[misc] normalize mongo imports

GitOrigin-RevId: ac653d9982e0d36736b90f4c03d4c00be88ea76a
 2020-09-25 02:04:20 +00:00
Jakob Ackermann 1f6499b5ea Merge pull request #3053 from overleaf/jpa-spd-accepts 
[misc] reland 3004: unify detection of json requests and skip issuing of redirects

GitOrigin-RevId: fa43b3b4d23deb581496ed70ae8f28b805555d64
 2020-07-28 02:06:27 +00:00
Miguel Serrano d8d3ac82e9 Replace HTTPErrors.ForbiddenError with calls to forbidden() handler (#2972) 
GitOrigin-RevId: 2a0c8fdaef9ba62b97cebad84603e6f076d770c0
 2020-07-11 02:04:21 +00:00
Shane Kilkelly f4950c21bf Merge pull request #2870 from overleaf/sk-restrict-chat 
Block restricted users from Chat endpoints

GitOrigin-RevId: caec8fe2bc93d567dd57f32dc765bd74ba53e933
 2020-06-05 02:09:58 +00:00
Shane Kilkelly 7cbb00f207 Merge branch 'sk-token-csrf-protection' 
GitOrigin-RevId: e71f7264be45b665502150e9ffbb85b3fc94665e
 2020-02-26 04:24:01 +00:00
Eric Mc Sween 4f9eb281b7 Merge pull request #2356 from overleaf/em-upgrade-test-deps 
Upgrade test dependencies

GitOrigin-RevId: 0bda49dea086f525211836b6008f67bafa2bbe48
 2019-11-18 14:53:42 +00:00