* add option to remove link-sharing from backend
* restrict make link-sharing in the frontend based on capability
* extend e2e project-sharing tests to cover OVERLEAF_DISABLE_LINK_SHARING=true
* throw an error when link sharing is disabled in TokenAccessHandler
* throw errors when attempting to add users to projects with link sharing disabled
* Update server-ce/test/project-sharing.spec.ts
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* add tests for existing access when link sharing is disabled
* update tests to specify access restrictions for read-only and read-write link shared projects
* [web] block access to legacy public project with link-sharing disabled
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 5f194dbcb790e973e427c58a3a4a738a5dd74cb4
* [web] Group settings: audit Log
User facing audit logs, available to Group Admins.
- `/audit-logs` page
- `/audit-logs/csv` to download all logs
GitOrigin-RevId: 4938c49fdd8e62f5ea278b6c80ed2bd544455b92
* Create AdminCapabilities in admin-panel module
* Add `adminRolesEnabled` setting
* Use `PermissionsController.requirePermission` in admin-panel routes
* Update `adminCapabilities` to be an array
* Update frontend tests
* Rename `defaultAdminCapabilities` to `fullAdminCapabilities`
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Add tests to PermissionsManagerTests.js
* Get admin roles and capabilities from the database
* Add tests to admin-panel
* Fixup PermissionsManagerTests.js without admin-panel module
* Revert "Use `PermissionsController.requirePermission` in admin-panel routes"
This reverts commit ccbf3e3e3bca9239b786c662cba2ac6bd2f4117a.
* Revert "Fixup PermissionsManagerTests.js without admin-panel module"
This reverts commit 6d7ad207bb17c5ca4c12c489d4636a02c608926d.
* Revert "Add tests to PermissionsManagerTests.js"
This reverts commit 8f9cc911750911e1c4b74b631d8c8a1b1ca86630.
* Fix tests after the reverts
* Replace capabilities to more sensible examples ('modify-user-email' and 'view-project')
* Set `adminRolesEnabled: false` for now
* Return `[]` capabilities for non-admins
* Misc: types, test description, settings ordering
* Small refactor of AdminPermissions.mjs:
Reuse code with `getMissingCapabilities`
Throw when `requiredCapabilities` is empty
* Update tests after update
* Rename `checkAdminPermissions` to `hasAdminPermissions`
* Change role permissions to array instead of object
* Remove admin capabilities when `!Settings.adminPrivilegeAvailable`
* Return `[]` if there is no user id
* Throw if `user?._id` is missing
* Update services/web/modules/admin-panel/app/src/AdminPermissions.mjs
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Adjust to ForbiddenError constructor syntax
* Give empty capabilities for unknown role, update tests
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 1eec4f6a45e1cc3ae76a3a4603cec1ceba1c2322
* [web] Feature disablement status on user's admin panel
Adds a visual hint on the end user's admin panel when
dropbox/chat/ai features are disabled
GitOrigin-RevId: ded7a80120821ff606cc2c3b61bc2d82615c6026
* [web] link to correct Stripe dashboard from admin panel
* [web] be more careful about constructing the base URL
* [web] be extra careful about accessing values in the subscription
* [web] switch to plain text environment variables
GitOrigin-RevId: 5fa802fce11967f56289b11476f39e2e1d5a9c74
* handle 3DS challenges on the subscription dashboard
* add `/user/subscription/sync` endpoint
* upgrade `stripe-js` & rm `react-stripe-js`
* group related unit tests together
* add modules `SubscriptionController` unit tests and convert to async/await
* add `StripeClient` unit tests for 3DS failure
GitOrigin-RevId: 9da4758703f6ef4ec08248b328abddbbdd8e44ad
* [web] stopOnFirstError=true does not conflict with =false locally
Allow stopOnFirstError to be enabled in the compile from cache and
disabled locally.
Compiles that passed with stopOnFirstError=true will also pass with
stopOnFirstError=false. The inverse does not hold, and we need to
recompile.
* [web] record event when using compile from cache
* [web] record event when falling back to clsi-cache
* [web] make clsi-cache a premium feature
* [k8s] clsi-cache: increase disk size for beta rollout
NOTE: As this is a premium feature and paid servers run in zones c+d, we
do not need to scale up clsi-cache in zone b for now.
* [web] enable full sampling of compile-result-backend events
* [web] fix frontend tests
* [web] be more verbose when determining access to clsi-cache feature
GitOrigin-RevId: 6fd663e16085187876eb225f7f33eeeaf69d2b2a
