* Update `requireGroupSettingsReadAccess` to be available to all admins when adminRolesEnabled is true
* Update `UserMembershipMiddleware` with a flexible `requireEntityAccess` method
* Update `UserMembershipMiddleware` further
Update endpoints permissions when admin roles are enabled:
`GET /manage/groups/:id/audit-logs` -> view-audit-log
`GET /manage/groups/:id/audit-logs/zip` -> view-audit-log
`GET /manage/groups/:id/settings` -> all admins
`GET /subscription/:id/sso_configuration_test` -> all admins
`GET /manage/groups/:id/members` -> all admins
`DELETE /manage/groups/:id/user/:user_id` -> `modify-group-member`/`modify-managed-group-member`
`GET /manage/groups/:id/members/export` -> all admins
* Update `requireEntityAccess` to parameters to an object
* Rename `hasAdminAccess` to `hasAnyAdminRole`
GitOrigin-RevId: 740ea5148edc50987fbc86607b1aaa7b7523ffcb
* Replace placeholders for labels
* Remove redundant aria-label and update labels with `.visually-hidden`
* Change "Invite more members" to a label
* Fix helper text for group members and fix responsiveness
* Change error message to an error notification
* Use label and helper text instead of a placeholder
* Remove redundant label and use the placeholder text instead for the admin user searchbar
* Extract translations
GitOrigin-RevId: a504fda9779da82920b57c7b8aad38a8b027d09a
* Add getThread in Chat service and use it in AuthorizationMiddleware
* ensure user_id is a string, not ObjectId
* fix tests
GitOrigin-RevId: 42d63366b9b9350d7cdbcbc3b9f4761d9f55b49a
* Update notification story with the `offer` type
* Remove `.btn-sm` as buttons should be medium sized
GitOrigin-RevId: ec0cd09fda0126bce185265fdf1f05ca7ae414c9
* Add capacity `modify-group-manager`
* Check `modify-group-manager` (backend)
* Check `modify-group-manager` (frontend)
* Update tests
* Rename AdminPermissions to mjs
* Add `ol-adminCapabilities` in frontend tests
* Allow modifying group managers if `adminRolesEnabled` is false
* Add `adminPrivilegeAvailable` check
* Update: set `ol-canModify` boolean instead of `ol-adminCapabilities`
* Mock `hasAnyAccess`
* Use `hasAdminCapability` helper
* Add `ol-canModify` to types
* Remove `isAdminMiddleware` as we don't want to relax the permissions for now
* Fix: pass `res` to `hasAnyAccess` (!!)
* * Check `hasWriteAccess` (`hasAdminCapability('modify-group-manager')` or `staffAccess.groupManagement`) in the Pug file
* Fix: Check `hasWriteAccess` in the publisher and institution pug files (!)
* Revert `hasAnyAccess` changes
* Rename `ol-canModify` to `ol-hasWriteAccess` for consistency with other variables
* Remove redundant file AdminPermissions.mjs
* Update unit test
* Revert changes to UserMembershipController.test.mjs
* Rename to `requireGroupManagersWriteAccess`
GitOrigin-RevId: f3f0b1b17abd1d2f0c363688e87d9063de886e3c
[web] Return user-readable error message if user visits stripe-based payment page with invalid plan code
GitOrigin-RevId: ad88a7d6698227867874fa0a724142e563d1377c
* add option to remove link-sharing from backend
* restrict make link-sharing in the frontend based on capability
* extend e2e project-sharing tests to cover OVERLEAF_DISABLE_LINK_SHARING=true
* throw an error when link sharing is disabled in TokenAccessHandler
* throw errors when attempting to add users to projects with link sharing disabled
* Update server-ce/test/project-sharing.spec.ts
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* add tests for existing access when link sharing is disabled
* update tests to specify access restrictions for read-only and read-write link shared projects
* [web] block access to legacy public project with link-sharing disabled
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 5f194dbcb790e973e427c58a3a4a738a5dd74cb4
* [history-v1] add migrations record after full binary file migration
* [server-pro] add hotfix 5.5.5
* [server-ce] test: build hotfix 5.5.5 and use it in tests
GitOrigin-RevId: fb84e5710c59f466a3305de5f32f78e0ac9ce15d
