agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-28 11:31:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
26,271 Commits 3 Branches 19 Tags
8dc5f4e7c69ea194aebf8cb570afb3262e1111fe
Commit Graph

1463 Commits

Author SHA1 Message Date
Antoine Clausse
1b0b99e12e [web] Add unlinking third-party logins ability from the admin-panel (#28201) 
* Add `clearThirdPartyLogins`

Co-authored-by: Brian Gough <brian.gough@overleaf.com>

* Add a confirmation modal

* Show provider name from settings

* Replace "logins" by "identifiers" for consistency with current terminology

* Hide button if user has no third-party identifiers

* Update tests

* Add test "unlinks Google account"

---------

Co-authored-by: Brian Gough <brian.gough@overleaf.com>
GitOrigin-RevId: 45b9b5ce6fa2cbeba9d4daeda97cd6e500c8266c
 2025-09-05 08:05:12 +00:00
Antoine Clausse
86e74b9228 [web] Update admin permissions to view/modify project contents (#28162) 
* Split capability definitions `modify-project`/`view-project` into `modify-project-content`/`modify-project-setting`/`view-project-content`/`view-project-setting`

* Add admin capabilities check in AuthorizationManager

* Update checks in router

* Update frontend checks

* Remove UI elements for admins without `view-project-content`

* Update tests

* Remove `modify-project-content` from the roles' capabilities

* Update tests

* Add "with admin roles" tests in AuthorizationTests.mjs

GitOrigin-RevId: 3311bcb2da792968927b5b3703b24e069d0baf5b
 2025-09-05 08:05:08 +00:00
Jakob Ackermann
16422f972b Merge pull request #28265 from overleaf/jpa-double-compile 
[web] add c2d -> c4d double compile test

GitOrigin-RevId: 186cfa867d3db5786c6d4888dfe1ca2f46a5bb0c
 2025-09-04 08:05:10 +00:00
Jakob Ackermann
03320bb377 Merge pull request #28264 from overleaf/jpa-synctex 
[web] use standard request handling for SyncTeX requests

GitOrigin-RevId: ad5ba1834241d5939675f2533940ade741fc5abf
 2025-09-04 08:05:06 +00:00
Jakob Ackermann
a85b2b34f5 Merge pull request #28233 from overleaf/jpa-clsi-lb-clear 
[web] clear clsi server id/output files in both clsi-lb backends

GitOrigin-RevId: b73ccc2017800d9abbb8f571efeb34f51c9f96c1
 2025-09-04 08:04:58 +00:00
Andrew Rumble
875c458a6c Fix tests 
GitOrigin-RevId: db5505ce356a88cb572c86affebebdd7b9e68ba9
 2025-09-03 08:07:11 +00:00
Eric Mc Sween
4eeefbeaaf Migrate pauseSubscription to zod 
GitOrigin-RevId: 9c5237f151c84e37dc744c61cc4fa10762cf9ed1
 2025-09-03 08:07:06 +00:00
Domagoj Kriskovic
c984134142 Open selected file on project restore (#28145) 
* Open selected file on project restore

* check if restorationState is "restoring" before opening a file

GitOrigin-RevId: c6f4cf69ecbe55b1d1949e4524fe7e39737c5487
 2025-09-03 08:05:30 +00:00
roo hutton
3a7a7c8281 Merge pull request #28200 from overleaf/rh-trial-extension-fix 
Fix calculation of extended trial renewal date

GitOrigin-RevId: 3a73b4bba37ebcccfc80d123a1a6e6c286320571
 2025-09-02 08:05:21 +00:00
Jakob Ackermann
bd4130c147 [filestore] remove user files endpoints (#28125) 
* [filestore] remove user files endpoints

* [web] remove user files integration for filestore

GitOrigin-RevId: 565fa68a659c07420ee6141d0f276b4e4d2972e0
 2025-09-02 08:04:52 +00:00
roo hutton
467102fd1b Merge pull request #27643 from overleaf/rh-pause-cancel 
Terminate Recurly subscription when cancelling during final month of pause

GitOrigin-RevId: 39e4c9534621f57b3e2783599ebe521959d7401f
 2025-08-29 08:06:17 +00:00
Andrew Rumble
42f3bd208b Log error on web service start when hashedEmailSalt not set 
GitOrigin-RevId: 67473de85d869b56aa1321391b03ddcceb95346b
 2025-08-29 08:05:25 +00:00
Andrew Rumble
cfbfcbc5db Add helper functions for creating change events 
GitOrigin-RevId: 26a4cbc8e322c52e12cd3eb7f891d9914cefc70d
 2025-08-29 08:05:17 +00:00
Andrew Rumble
ae504e8af5 Add AnalyticsManager function for registering email changes 
GitOrigin-RevId: ad42703fdc186936866b44c47492e3f653658f4f
 2025-08-29 08:05:12 +00:00
Andrew Rumble
4779b17ad1 Add email-change queue 
GitOrigin-RevId: a5bbb4682223ee00db0c9a4070b8178a60eef83f
 2025-08-29 08:05:08 +00:00
Liangjun Song
9a7bc564c1 Merge pull request #28110 from overleaf/ls-handle-manual-subscription-on-add-on-purchase-page 
Handle manual subscription on AddOn purchase page

GitOrigin-RevId: 54281d3471d7c2b60d333e6264904b3744156138
 2025-08-28 08:06:42 +00:00
Miguel Serrano
8948e40b22 Revert "Merge pull request #27679 from overleaf/msm-aws-sdk-upgrade" (#28151) 
This reverts commit 4989ae920d8b7fd9e79623947b7c40bcc2e56d92.

GitOrigin-RevId: 541d95bfeaa7ce820e8af67f646f013fe4fe5d21
 2025-08-28 08:05:52 +00:00
Miguel Serrano
39381d808a Merge pull request #27679 from overleaf/msm-aws-sdk-upgrade 
Upgrade `aws-sdk` to v3

GitOrigin-RevId: 4989ae920d8b7fd9e79623947b7c40bcc2e56d92
 2025-08-28 08:05:36 +00:00
Domagoj Kriskovic
cffad44264 Add support for handling deleted root document in RestoreManager (#28008) 
* Skip opening root document if delete originated from a file-restore

* handle project-restore origin

* Refactor isFileRestore logic

* Add support for handling deleted root document in RestoreManager

GitOrigin-RevId: 837144aa6e269cbffebf82624f58e8219fe654c4
 2025-08-27 08:05:30 +00:00
Eric Mc Sween
fa9cea9f1d Merge pull request #28098 from overleaf/em-dsmp-chat-event 
Send a DSMP event when a chat message is sent

GitOrigin-RevId: 062476676c91a4edf3d6f837d60ad16c7f912771
 2025-08-26 08:05:36 +00:00
Domagoj Kriskovic
8c3fe3bd31 [web] change the order when creating a memebers list in permissions checks (#28063) 
GitOrigin-RevId: 73fd9218841d189dc95edec86f09d451005e6189
 2025-08-26 08:05:13 +00:00
Eric Mc Sween
bae0a88dcb Merge pull request #28077 from overleaf/em-promisify-chat-controller 
Promisify ChatController

GitOrigin-RevId: c2af5f7bc24b1e6c682bb1dfd1146c3dcc90ae25
 2025-08-25 08:05:42 +00:00
Domagoj Kriskovic
f65f567380 Add getThread in Chat service and use it in AuthorizationMiddleware (#28041) 
* Add getThread in Chat service and use it in AuthorizationMiddleware

* ensure user_id is a string, not ObjectId

* fix tests

GitOrigin-RevId: 42d63366b9b9350d7cdbcbc3b9f4761d9f55b49a
 2025-08-25 08:05:25 +00:00
Antoine Clausse
af44f478b9 [web] Add admin permission modify-group-manager (#27642) 
* Add capacity `modify-group-manager`

* Check `modify-group-manager` (backend)

* Check `modify-group-manager` (frontend)

* Update tests

* Rename AdminPermissions to mjs

* Add `ol-adminCapabilities` in frontend tests

* Allow modifying group managers if `adminRolesEnabled` is false

* Add `adminPrivilegeAvailable` check

* Update: set `ol-canModify` boolean instead of `ol-adminCapabilities`

* Mock `hasAnyAccess`

* Use `hasAdminCapability` helper

* Add `ol-canModify` to types

* Remove `isAdminMiddleware` as we don't want to relax the permissions for now

* Fix: pass `res` to `hasAnyAccess` (!!)

* * Check `hasWriteAccess` (`hasAdminCapability('modify-group-manager')` or `staffAccess.groupManagement`) in the Pug file
* Fix: Check `hasWriteAccess` in the publisher and institution pug files (!)
* Revert `hasAnyAccess` changes
* Rename `ol-canModify` to `ol-hasWriteAccess` for consistency with other variables

* Remove redundant file AdminPermissions.mjs

* Update unit test

* Revert changes to UserMembershipController.test.mjs

* Rename to `requireGroupManagersWriteAccess`

GitOrigin-RevId: f3f0b1b17abd1d2f0c363688e87d9063de886e3c
 2025-08-21 08:05:07 +00:00
Jessica Lawshe
2389674cca Merge pull request #27894 from overleaf/ii-domain-capture-join-button 
[web] Domain capture join button

GitOrigin-RevId: aec6033f6776e9384c77fe0ef609c65b13a90f87
 2025-08-20 08:06:21 +00:00
Jessica Lawshe
1aef3acca9 Merge pull request #27834 from overleaf/ii-domain-capture-not-in-group-redirect 
[web] Redirect to domain capture page

GitOrigin-RevId: 15d2b8046beb5a40fc4937c337ee9655abaed8fd
 2025-08-20 08:06:16 +00:00
MoxAmber
fc5ae92be1 Merge pull request #27677 from overleaf/as-compile-timeout-enforcement 
[web] 10s Compile Timeout - Enforcement Phase

GitOrigin-RevId: 3930eb376cc1293409259e073032218e09d5270e
 2025-08-20 08:06:01 +00:00
Antoine Clausse
5373c84d9f [web] Add requireAdminRoles param to hasAdminCapability (#28006) 
* Add `requireAdminRoles` param to `hasAdminCapability`

https://github.com/overleaf/internal/pull/27965#discussion_r2284808889

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

* Update test

---------

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: 83f8af84debc70c7a2e294638747369c786be22f
 2025-08-20 08:05:52 +00:00
Brian Gough
f5dbbadf79 add option to disable link sharing (#27626) 
* add option to remove link-sharing from backend

* restrict make link-sharing in the frontend based on capability

* extend e2e project-sharing tests to cover OVERLEAF_DISABLE_LINK_SHARING=true

* throw an error when link sharing is disabled in TokenAccessHandler

* throw errors when attempting to add users to projects with link sharing disabled

* Update server-ce/test/project-sharing.spec.ts

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* add tests for existing access when link sharing is disabled

* update tests to specify access restrictions for read-only and read-write link shared projects

* [web] block access to legacy public project with link-sharing disabled

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 5f194dbcb790e973e427c58a3a4a738a5dd74cb4
 2025-08-20 08:05:33 +00:00
Antoine Clausse
0e6d5dc368 Add utility for converting CIDR ranges to IP ranges (#26904) 
* Add utility for converting CIDR ranges to IP ranges

* Add CLI support for IP matcher ranges script

GitOrigin-RevId: 1432bf3efa269c0e8e9d58fce1575bb01d694b2f
 2025-08-19 08:05:22 +00:00
Eric Mc Sween
cd64720abe Merge pull request #27903 from overleaf/em-unit-tests-redis 
Make Redis available to unit tests

GitOrigin-RevId: 7bd403d9ad4be504a87bc9108d60686e6c2a9fb1
 2025-08-18 08:05:40 +00:00
Antoine Clausse
40772ef819 [web] Add admin permissions modify-group-member and modify-managed-group-member (#27665) 
* Add capability `modify-managed-group-member` & `modify-group-member`

* Check `modify-managed-group-member` & `modify-group-member` (backend)

* Check `modify-managed-group-member` & `modify-group-member` (frontend)

* Update tests

* Update with `ol-hasWriteAccess` flag

* Update tests

* Move functions to AdminAuthorizationHelper.js

* Update import to fix build error

* Add `ol-hasWriteAccess` to types

* Use `hasAdminAccess()` instead of `req?.user?.isAdmin`

* Add tests on `/manage/groups/:id/invites` depending on admin roles

* Reuse `UserMembershipAuthorization.hasAdminCapability`

* Fix: Add entityAccess check

* Update unit test

* Rename `hasAdminGroupMemberCapability` to `hasModifyGroupMemberCapability`

* Remove useless and redundant `hasWriteAccess` check

* Restore stub in afterEach

GitOrigin-RevId: 4b6d83751121b43d4c19d0dbd82a4833cf7a6f24
 2025-08-15 08:05:57 +00:00
Liangjun Song
b9fc80f503 Merge pull request #27800 from overleaf/ls-support-create-stripe-customer-from-admin-panel 
Support creating Stripe customer from admin panel

GitOrigin-RevId: 3e23008e1f4690e6f3737b5689e20958bf468f82
 2025-08-15 08:05:34 +00:00
John Lees-Miller
aa10bc92af Merge pull request #27890 from overleaf/jlm-spam-safe-email 
Apply new spam check to email address

GitOrigin-RevId: 9e204ea75e930455971769a73843d015fc4a9033
 2025-08-14 08:06:28 +00:00
Christopher Hoskin
ae602208f1 Merge pull request #27860 from overleaf/lg-spam-safe 
Add spam check for incident

GitOrigin-RevId: 752180f7507e32219cc5faaef5d48fdc0003e889
 2025-08-13 08:07:10 +00:00
Andrew Rumble
160e82a732 Combine implementations of hasAdminCapability 
GitOrigin-RevId: a847c9182c018524c96726fe30e501763904b82e
 2025-08-13 08:06:58 +00:00
Andrew Rumble
cce55cf3d8 Add authorization helper for admin capabilities 
GitOrigin-RevId: fbf28c89500481e379db6c49512876d867478eb7
 2025-08-13 08:06:39 +00:00
roo hutton
6c185cd700 Merge pull request #27670 from overleaf/rh-stripe-pause-addons 
Prevent buying add-on while subscription is paused

GitOrigin-RevId: b8cfbbaa05a1031bedf37edf7b1ded2252eb6906
 2025-08-12 08:06:08 +00:00
roo hutton
ec0f719307 Merge pull request #27391 from overleaf/rh-stripe-pause-anchor 
Reset billing cycle when resuming paused Stripe subscription

GitOrigin-RevId: 44f7aa4d3eeaab7622e97b0178fe7d6c7cccae50
 2025-08-12 08:06:04 +00:00
ilkin-overleaf
29249c55a2 Merge pull request #27680 from overleaf/ii-domain-capture-get-user-affiliations 
[web] Get domain capture info when getting user affiliations

GitOrigin-RevId: 475024cda072c45e548407dfdb36a772f845ac2b
 2025-08-11 08:06:26 +00:00
Domagoj Kriskovic
bd8493dba6 [dsmp] Add acceptChanges notification (#27555) 
* [dsmp] moved redis functions to RedisStreamManager

* use getEventStream generator function

* [dsmp] moved redis functions to RedisStreamManager

* [dsmp] Add acceptChanges notification

* rename to acceptedChanges

* cleanup after rebasing parent branch

GitOrigin-RevId: c7e100f55503e52b146bcc07deb3e483250b66f8
 2025-08-11 08:05:37 +00:00
Antoine Clausse
422e892231 [web] Map admin capabilities to project PrivilegeLevels (#27488) 
* Add capability `copy-project`

* Check `copy-project` (frontend)

* Update tests

* Suggestion: map `modify-project`-`PrivilegeLevels.OWNER` and `view-project`-`PrivilegeLevels.READ_ONLY`

* Suggestion: remove capability `copy-project`. Use `view-project` instead

* Revert unrelated changes

* Add tests on AuthorizationManager when `adminRolesEnabled`

* Update `Modules.promises.hooks.fire` stubs with `.withArgs('getAdminCapabilities')`

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

* Use `getAdminCapabilities` from AdminAuthorizationHelper.js

---------

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: 61167509c4a035c99831a5b0346347c2e6b5fae0
 2025-08-08 08:07:59 +00:00
Jessica Lawshe
f1c59be2d2 Merge pull request #27637 from overleaf/jel-remove-unused-group-sso 
[web] Use `providerId` for group SSO and remove unused `universityId`

GitOrigin-RevId: 0928cdfee78cae5cdede57159b9968c15e26f27c
 2025-08-08 08:07:34 +00:00
Andrew Rumble
70e0ca3eb5 Split adminCapabilities middleware into two 
GitOrigin-RevId: 093e455e33459cae2e3da236958cb991f128299e
 2025-08-08 08:05:52 +00:00
Andrew Rumble
0f4534260b Try checking admin access before getting capabilities 
GitOrigin-RevId: 75ff99aa6b6e94c1b84a99d22d65b327f4d40126
 2025-08-08 08:05:47 +00:00
Andrew Rumble
ccfeb59c59 Move hasAdminCapability middleware into helpers 
This is so that we can test it more easily than embedding it would allow

GitOrigin-RevId: be23d945bc7c816d32b18b4990ecd9e0a6592eb5
 2025-08-08 08:05:42 +00:00
Andrew Rumble
192aacbecd Add hasAdminCapabilities function to ExpressLocals 
This will be available in pug to allow admin capabilities to be used.

GitOrigin-RevId: 6bc4e38385b421aa44ee9385e28f3c59b09e3ade
 2025-08-08 08:05:37 +00:00
roo hutton
58b8e36739 Merge pull request #27215 from overleaf/rh-stripe-pause-status 
Update features and subscription state when Stripe pause starts and ends

GitOrigin-RevId: 368f5d9b046cfe26e996be336189081b96926713
 2025-08-06 08:04:57 +00:00
Thomas
7b7b560431 Use AsyncLocalStorage to cache userFullEmails on the request, avoiding duplicated calls to the affiliations endpoint (#27542) 
* Use AsyncLocalStorage to cache userFullEmails

* Rename temporary fakeUser override to avoid conflicts

GitOrigin-RevId: 3a74816f677c1357293b0d46f245b4cfc499f2fa
 2025-08-05 08:06:04 +00:00
Simon Gardner
7b7d03bcc0 Merge pull request #27516 from overleaf/slg-hide-enrolment_ad_html 
hide enrolment_ad_html field from v1 admin form and remove unused usage in web

GitOrigin-RevId: 7cf8eed1a68bbaf2ebbb77069bfd421cd26ef01d
 2025-08-05 08:05:41 +00:00