agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-25 02:00:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
26,222 Commits 3 Branches 19 Tags
319a542e8d873ba7e9fdfd35e82e856e4a9cf941
Commit Graph

2839 Commits

Author SHA1 Message Date
Jakob Ackermann
319a542e8d [filestore] remove user files endpoints (#28125) 
* [filestore] remove user files endpoints

* [web] remove user files integration for filestore

GitOrigin-RevId: 565fa68a659c07420ee6141d0f276b4e4d2972e0
 2025-09-02 08:04:52 +00:00
Antoine Clausse
b58e951e45 [web] Fix metrics pages membership middleware (#28194) 
GitOrigin-RevId: c41c117e6999ee5ea202516e72f4d22c32a07668
 2025-09-01 08:05:08 +00:00
Eric Mc Sween
88d39a3868 Merge pull request #28163 from overleaf/em-dsmp-event-names 
Make DSMP event names consistent

GitOrigin-RevId: 5a98b00fb9c1049259291f1abb6ff74eac337ef4
 2025-08-29 08:06:51 +00:00
Simon Gardner
ae54594882 Improve display of generic SAML errors 
GitOrigin-RevId: 60096874480c268be52faddd96ebdf870bdf0a64
 2025-08-29 08:06:32 +00:00
roo hutton
f36d986292 Merge pull request #27643 from overleaf/rh-pause-cancel 
Terminate Recurly subscription when cancelling during final month of pause

GitOrigin-RevId: 39e4c9534621f57b3e2783599ebe521959d7401f
 2025-08-29 08:06:17 +00:00
Andrew Rumble
28213e99d3 Add zod helpers to Validation module 
Co-authored-by: Eric Mc Sween
<5454374+emcsween@users.noreply.github.com>

Borrowed from a different commit in em-zod

GitOrigin-RevId: bb6ba6f3db35964e95d0b7f44454c4aa19d15b28
 2025-08-29 08:06:05 +00:00
Eric Mc Sween
f22e157d5f Add zod request validation helper 
GitOrigin-RevId: de82d54176a98ff52e95564f1e42fb9314e68912
 2025-08-29 08:05:38 +00:00
Eric Mc Sween
a22bde5d5d Handle zod errors in global error handler 
GitOrigin-RevId: 2e23067b3af3178864064bc595c97a18e901ea60
 2025-08-29 08:05:34 +00:00
Andrew Rumble
bcb3a9012e Log error on web service start when hashedEmailSalt not set 
GitOrigin-RevId: 67473de85d869b56aa1321391b03ddcceb95346b
 2025-08-29 08:05:25 +00:00
Andrew Rumble
9bda769b9e Register email changes with analytics when appropriate 
GitOrigin-RevId: 3261df7f1fd4a2c032967731bcc2a61ffb89f094
 2025-08-29 08:05:21 +00:00
Andrew Rumble
83ea72c08d Add helper functions for creating change events 
GitOrigin-RevId: 26a4cbc8e322c52e12cd3eb7f891d9914cefc70d
 2025-08-29 08:05:17 +00:00
Andrew Rumble
54b85f3381 Add AnalyticsManager function for registering email changes 
GitOrigin-RevId: ad42703fdc186936866b44c47492e3f653658f4f
 2025-08-29 08:05:12 +00:00
Andrew Rumble
10bda506c2 Add email-change queue 
GitOrigin-RevId: a5bbb4682223ee00db0c9a4070b8178a60eef83f
 2025-08-29 08:05:08 +00:00
Liangjun Song
b823c878fe Merge pull request #28110 from overleaf/ls-handle-manual-subscription-on-add-on-purchase-page 
Handle manual subscription on AddOn purchase page

GitOrigin-RevId: 54281d3471d7c2b60d333e6264904b3744156138
 2025-08-28 08:06:42 +00:00
Liangjun Song
bb2d47e568 Merge pull request #28071 from overleaf/ls-add-logic-to-sync-ol-to-stripe-subscription-mapping 
Add logic to sync INT_account_mapping and backfill script

GitOrigin-RevId: 585a3945e6f238ca345c639218ef8bd3d588a31f
 2025-08-28 08:06:37 +00:00
Miguel Serrano
208b7ccde9 Revert "Merge pull request #27679 from overleaf/msm-aws-sdk-upgrade" (#28151) 
This reverts commit 4989ae920d8b7fd9e79623947b7c40bcc2e56d92.

GitOrigin-RevId: 541d95bfeaa7ce820e8af67f646f013fe4fe5d21
 2025-08-28 08:05:52 +00:00
Miguel Serrano
0fa25c54dd Merge pull request #27679 from overleaf/msm-aws-sdk-upgrade 
Upgrade `aws-sdk` to v3

GitOrigin-RevId: 4989ae920d8b7fd9e79623947b7c40bcc2e56d92
 2025-08-28 08:05:36 +00:00
Antoine Clausse
0dae38bb55 [web] Update UserMembershipMiddleware with flexible requireEntityAccess (#28018) 
* Update `requireGroupSettingsReadAccess` to be available to all admins when adminRolesEnabled is true

* Update `UserMembershipMiddleware` with a flexible `requireEntityAccess` method

* Update `UserMembershipMiddleware` further

Update endpoints permissions when admin roles are enabled:

`GET /manage/groups/:id/audit-logs` -> view-audit-log
`GET /manage/groups/:id/audit-logs/zip` -> view-audit-log
`GET /manage/groups/:id/settings` -> all admins
`GET /subscription/:id/sso_configuration_test` -> all admins
`GET /manage/groups/:id/members` -> all admins
`DELETE /manage/groups/:id/user/:user_id` -> `modify-group-member`/`modify-managed-group-member`
`GET /manage/groups/:id/members/export` -> all admins

* Update `requireEntityAccess` to parameters to an object

* Rename `hasAdminAccess` to `hasAnyAdminRole`

GitOrigin-RevId: 740ea5148edc50987fbc86607b1aaa7b7523ffcb
 2025-08-28 08:05:31 +00:00
Domagoj Kriskovic
a43ca75a79 Handle undefined rootDoc when restoring a file (#28118) 
GitOrigin-RevId: f3aa32d2443f3fffbda8a10cc35d5dec3db71143
 2025-08-27 08:05:43 +00:00
Domagoj Kriskovic
02dd2a511c [dsmp] Add resolve and reopen comment endpoints (#28093) 
* [dsmp] Add resolve and reopen comment endpoints

* remove try/catch

GitOrigin-RevId: b2982de064e81a8fd7c19edbe114ae397e5f51d5
 2025-08-27 08:05:35 +00:00
Domagoj Kriskovic
511d2d104b Add support for handling deleted root document in RestoreManager (#28008) 
* Skip opening root document if delete originated from a file-restore

* handle project-restore origin

* Refactor isFileRestore logic

* Add support for handling deleted root document in RestoreManager

GitOrigin-RevId: 837144aa6e269cbffebf82624f58e8219fe654c4
 2025-08-27 08:05:30 +00:00
Eric Mc Sween
b2df393bbb Merge pull request #28098 from overleaf/em-dsmp-chat-event 
Send a DSMP event when a chat message is sent

GitOrigin-RevId: 062476676c91a4edf3d6f837d60ad16c7f912771
 2025-08-26 08:05:36 +00:00
Eric Mc Sween
aa8bef1e8d Merge pull request #28089 from overleaf/dk-dsmp-post-chat-message 
Add support for posting chat messages

GitOrigin-RevId: 817d723abf6309716c4cfa61e2c260cb7ace0bda
 2025-08-26 08:05:32 +00:00
Domagoj Kriskovic
4308881738 [web] change the order when creating a memebers list in permissions checks (#28063) 
GitOrigin-RevId: 73fd9218841d189dc95edec86f09d451005e6189
 2025-08-26 08:05:13 +00:00
Eric Mc Sween
7c811fef11 Merge pull request #28077 from overleaf/em-promisify-chat-controller 
Promisify ChatController

GitOrigin-RevId: c2af5f7bc24b1e6c682bb1dfd1146c3dcc90ae25
 2025-08-25 08:05:42 +00:00
Domagoj Kriskovic
13d5c40cde Add getThread in Chat service and use it in AuthorizationMiddleware (#28041) 
* Add getThread in Chat service and use it in AuthorizationMiddleware

* ensure user_id is a string, not ObjectId

* fix tests

GitOrigin-RevId: 42d63366b9b9350d7cdbcbc3b9f4761d9f55b49a
 2025-08-25 08:05:25 +00:00
Eric Mc Sween
df1be93ec3 Merge pull request #27936 from overleaf/em-unit-tests-mongo 
Make Mongo available to unit tests in all services

GitOrigin-RevId: b65bbb69883d5bba31d09802b89f35bdc523fe4d
 2025-08-25 08:05:19 +00:00
Jessica Lawshe
d06b4d2bcc Merge pull request #27859 from overleaf/jel-domain-capture-create-new-user 
[web] Create new group user via domain capture

GitOrigin-RevId: 2b8740edcfde05cf065564e87f50a9f84d14950a
 2025-08-21 08:06:00 +00:00
Antoine Clausse
2853e7762e [web] Add admin permission modify-group-manager (#27642) 
* Add capacity `modify-group-manager`

* Check `modify-group-manager` (backend)

* Check `modify-group-manager` (frontend)

* Update tests

* Rename AdminPermissions to mjs

* Add `ol-adminCapabilities` in frontend tests

* Allow modifying group managers if `adminRolesEnabled` is false

* Add `adminPrivilegeAvailable` check

* Update: set `ol-canModify` boolean instead of `ol-adminCapabilities`

* Mock `hasAnyAccess`

* Use `hasAdminCapability` helper

* Add `ol-canModify` to types

* Remove `isAdminMiddleware` as we don't want to relax the permissions for now

* Fix: pass `res` to `hasAnyAccess` (!!)

* * Check `hasWriteAccess` (`hasAdminCapability('modify-group-manager')` or `staffAccess.groupManagement`) in the Pug file
* Fix: Check `hasWriteAccess` in the publisher and institution pug files (!)
* Revert `hasAnyAccess` changes
* Rename `ol-canModify` to `ol-hasWriteAccess` for consistency with other variables

* Remove redundant file AdminPermissions.mjs

* Update unit test

* Revert changes to UserMembershipController.test.mjs

* Rename to `requireGroupManagersWriteAccess`

GitOrigin-RevId: f3f0b1b17abd1d2f0c363688e87d9063de886e3c
 2025-08-21 08:05:07 +00:00
M Fahru
949eb9745c Merge pull request #27998 from overleaf/mf-improve-plan-not-found-error-stripe 
[web] Return user-readable error message if user visits stripe-based payment page with invalid plan code

GitOrigin-RevId: ad88a7d6698227867874fa0a724142e563d1377c
 2025-08-20 08:06:29 +00:00
Jessica Lawshe
a3a7b0ea18 Merge pull request #27894 from overleaf/ii-domain-capture-join-button 
[web] Domain capture join button

GitOrigin-RevId: aec6033f6776e9384c77fe0ef609c65b13a90f87
 2025-08-20 08:06:21 +00:00
Jessica Lawshe
c1c5b0d0ce Merge pull request #27834 from overleaf/ii-domain-capture-not-in-group-redirect 
[web] Redirect to domain capture page

GitOrigin-RevId: 15d2b8046beb5a40fc4937c337ee9655abaed8fd
 2025-08-20 08:06:16 +00:00
MoxAmber
8e1c2d27d7 Merge pull request #27677 from overleaf/as-compile-timeout-enforcement 
[web] 10s Compile Timeout - Enforcement Phase

GitOrigin-RevId: 3930eb376cc1293409259e073032218e09d5270e
 2025-08-20 08:06:01 +00:00
MoxAmber
8647424f14 Merge pull request #27848 from overleaf/as-compile-warning-teardown 
[web] Tear down 10s-timeout-warning split test

GitOrigin-RevId: ca8faf77bc73073e9fc126d9d722fe568921c1c3
 2025-08-20 08:05:57 +00:00
Antoine Clausse
2c44d65785 [web] Add requireAdminRoles param to hasAdminCapability (#28006) 
* Add `requireAdminRoles` param to `hasAdminCapability`

https://github.com/overleaf/internal/pull/27965#discussion_r2284808889

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

* Update test

---------

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: 83f8af84debc70c7a2e294638747369c786be22f
 2025-08-20 08:05:52 +00:00
Brian Gough
f183a1dfbc add option to disable link sharing (#27626) 
* add option to remove link-sharing from backend

* restrict make link-sharing in the frontend based on capability

* extend e2e project-sharing tests to cover OVERLEAF_DISABLE_LINK_SHARING=true

* throw an error when link sharing is disabled in TokenAccessHandler

* throw errors when attempting to add users to projects with link sharing disabled

* Update server-ce/test/project-sharing.spec.ts

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* add tests for existing access when link sharing is disabled

* update tests to specify access restrictions for read-only and read-write link shared projects

* [web] block access to legacy public project with link-sharing disabled

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 5f194dbcb790e973e427c58a3a4a738a5dd74cb4
 2025-08-20 08:05:33 +00:00
Domagoj Kriskovic
4edf4b2d42 Show Recurly's line items breakdown in subscription change preview (#27809) 
* Show Recurly's line items breakdown in subscription change preview

* fix rounding, filter items that cancel each other out

GitOrigin-RevId: 0f5d71b3917ce8a52ff36608a6ec6280fe7d38ce
 2025-08-19 08:05:02 +00:00
Eric Mc Sween
ca845ad532 Merge pull request #27903 from overleaf/em-unit-tests-redis 
Make Redis available to unit tests

GitOrigin-RevId: 7bd403d9ad4be504a87bc9108d60686e6c2a9fb1
 2025-08-18 08:05:40 +00:00
Antoine Clausse
ba97b96815 [web] Add admin permissions modify-group-member and modify-managed-group-member (#27665) 
* Add capability `modify-managed-group-member` & `modify-group-member`

* Check `modify-managed-group-member` & `modify-group-member` (backend)

* Check `modify-managed-group-member` & `modify-group-member` (frontend)

* Update tests

* Update with `ol-hasWriteAccess` flag

* Update tests

* Move functions to AdminAuthorizationHelper.js

* Update import to fix build error

* Add `ol-hasWriteAccess` to types

* Use `hasAdminAccess()` instead of `req?.user?.isAdmin`

* Add tests on `/manage/groups/:id/invites` depending on admin roles

* Reuse `UserMembershipAuthorization.hasAdminCapability`

* Fix: Add entityAccess check

* Update unit test

* Rename `hasAdminGroupMemberCapability` to `hasModifyGroupMemberCapability`

* Remove useless and redundant `hasWriteAccess` check

* Restore stub in afterEach

GitOrigin-RevId: 4b6d83751121b43d4c19d0dbd82a4833cf7a6f24
 2025-08-15 08:05:57 +00:00
Antoine Clausse
fcd6c44dc3 [web] Add admin permission modify-group-setting (#27657) 
* Add capacity `modify-group-setting`

* Check `modify-group-setting` (backend)

* Check `modify-group-setting` (frontend)

* Update tests

* Fix: Add entityAccess check

* Update unit test

GitOrigin-RevId: 7702fe34762ecb8bd050c2fa2b6e95a9baf90be3
 2025-08-15 08:05:52 +00:00
Liangjun Song
1acb68f41c Merge pull request #27800 from overleaf/ls-support-create-stripe-customer-from-admin-panel 
Support creating Stripe customer from admin panel

GitOrigin-RevId: 3e23008e1f4690e6f3737b5689e20958bf468f82
 2025-08-15 08:05:34 +00:00
Domagoj Kriskovic
fa892b336d Add endpoint to retrieve document with history ranges and use it in dsmp API (#27564) 
GitOrigin-RevId: 3d2ac33cdc903a07b8ec67f7fb6f723ae9c81a26
 2025-08-15 08:05:17 +00:00
John Lees-Miller
a829949fd2 Merge pull request #27890 from overleaf/jlm-spam-safe-email 
Apply new spam check to email address

GitOrigin-RevId: 9e204ea75e930455971769a73843d015fc4a9033
 2025-08-14 08:06:28 +00:00
Christopher Hoskin
ca30fdd95c Merge pull request #27860 from overleaf/lg-spam-safe 
Add spam check for incident

GitOrigin-RevId: 752180f7507e32219cc5faaef5d48fdc0003e889
 2025-08-13 08:07:10 +00:00
Andrew Rumble
447efbd5b1 Combine implementations of hasAdminCapability 
GitOrigin-RevId: a847c9182c018524c96726fe30e501763904b82e
 2025-08-13 08:06:58 +00:00
Andrew Rumble
811b878eaa Add view-split-test and modify-split-test capabilities 
GitOrigin-RevId: 3f0752aec332c386ece72d2447d39126065ddb35
 2025-08-13 08:06:53 +00:00
Andrew Rumble
feac1cb27b Add authorization helper for admin capabilities 
GitOrigin-RevId: fbf28c89500481e379db6c49512876d867478eb7
 2025-08-13 08:06:39 +00:00
roo hutton
cd2fe857ed Merge pull request #27757 from overleaf/rh-secondary-email-alert 
Only send security alert email after successful addEmailAddress call

GitOrigin-RevId: 391e613b0f855a5d2187b1da87355e0dbb10044d
 2025-08-13 08:06:34 +00:00
Jakob Ackermann
9f80a31d85 [web] add config option for project/user hard deletion delay (#27725) 
GitOrigin-RevId: db8030d6c8a3cdf8490edafcfa436cdbcd80fc28
 2025-08-13 08:06:17 +00:00
Jakob Ackermann
e4b42705c3 [web] add config option for custom maintenance message (#27618) 
GitOrigin-RevId: e01eebecce780af6e9e3f8b82321cb7776d414e2
 2025-08-13 08:06:12 +00:00