agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-08 00:29:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
28,014 Commits 3 Branches 19 Tags
ab9550190a7e47f31b4fe8daa73ae53ffd0be1bc
Commit Graph

89 Commits

Author SHA1 Message Date
Anna Claire Fields 6113c6c291 Enable TS noImplicitAny in web (#31636) 
GitOrigin-RevId: 18881694770f2476c475f8fef4c6a2678a2a12fe
 2026-03-27 09:05:30 +00:00
Copilot 35906b4018 Deduplicate users in checkUserListPermissions to avoid redundant permission checks (#29461) 
* Fix duplicate permission checks for same user

Deduplicate user list in checkUserListPermissions before running expensive checks.
Handles ObjectId vs string comparison by converting to string.
Adds tests to verify deduplication works correctly.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: thomas- <2176518+thomas-@users.noreply.github.com>
GitOrigin-RevId: 96eede1cbeb18b807deaca7d4c370aef5c48c4bc
 2026-02-05 09:06:17 +00:00
Domagoj Kriskovic c30b348668 For editing/deleting chat messages ensure user is a message author 
GitOrigin-RevId: d7d4f1bb9f004d8fed8644f0aabe621ed863437b
 2025-12-18 09:05:22 +00:00
Andrew Rumble 07c827e9fd Merge pull request #29928 from overleaf/ar-last-infrastructure-conversions 
[web] last infrastructure conversions

GitOrigin-RevId: ad1aff9b7df0610ed0303157d9e2c8032f32c02b
 2025-11-28 09:05:56 +00:00
Andrew Rumble 18f44866e5 Merge pull request #29919 from overleaf/revert-29795-ar-last-infrastructure-conversions 
Revert "[web] last infrastructure conversions"

GitOrigin-RevId: 48dc64553012afb5d2db4b2eb9c9898489b7e5ef
 2025-11-27 09:05:54 +00:00
Andrew Rumble d748d8d606 Merge pull request #29795 from overleaf/ar-last-infrastructure-conversions 
[web] last infrastructure conversions

GitOrigin-RevId: 68aa11625a9bc6d0d5324ecd95bb5ac52af8ee96
 2025-11-27 09:05:30 +00:00
Andrew Rumble beb6f6d484 Merge pull request #29597 from overleaf/ar-last-features-esm-conversion 
[web] last features esm conversion

GitOrigin-RevId: a35ab995bf654f1cdfe0e0062d8806761ecccf2d
 2025-11-21 09:05:36 +00:00
Andrew Rumble 394c60f2cf Merge pull request #29659 from overleaf/revert-29656-revert-29521-ar-models-es-conversion 
Revert "Revert "[web] Convert models and self-referential test files to ESM ""

GitOrigin-RevId: f64000ae31d298b075a8722dfc51f294c71bc021
 2025-11-18 09:04:56 +00:00
Andrew Rumble ae6dec9dcb Merge pull request #29656 from overleaf/revert-29521-ar-models-es-conversion 
Revert "[web] Convert models and self-referential test files to ESM "

GitOrigin-RevId: 5455cccbb513bd9ca36ce526ff1553065f83d233
 2025-11-13 09:06:36 +00:00
Andrew Rumble 7c9fea64ac [web] Convert models and self-referential test files to ESM (#29521) 
from overleaf/ar-models-es-conversion

GitOrigin-RevId: a92ab8342c0f3e23155eacc0570458fc910c3d71
 2025-11-13 09:06:13 +00:00
Andrew Rumble 4f02a85aa4 Update paths 
GitOrigin-RevId: 399c594dd1bbf739d91874df6be3b70e57fe01e3
 2025-11-06 09:05:57 +00:00
Andrew Rumble 912324f560 Convert to ESM 
GitOrigin-RevId: b58b02f9e9c8d47909e95c3ade8e1bf33ed46c80
 2025-11-06 09:05:47 +00:00
Andrew Rumble 0f4d5a7be6 Rename files 
GitOrigin-RevId: 80b975b03ebca16328b84fabf11e71bbea87c8bc
 2025-11-06 09:05:41 +00:00
Andrew Rumble 7bda755d0e Convert to ESM 
GitOrigin-RevId: 572dafeaddea99be28ec1e1116e49aaf203be340
 2025-10-23 08:06:20 +00:00
Andrew Rumble f02f6475ac Update paths 
GitOrigin-RevId: a9474c8f36e8b287de4dd8fda29bc082001444ac
 2025-10-23 08:06:10 +00:00
Andrew Rumble 0d73904c4b Rename files 
GitOrigin-RevId: 7e8fde9258e71ab3649d1d83addeb5164d8b4251
 2025-10-23 08:06:05 +00:00
Antoine Clausse 33e63d79fc Merge pull request #28584 from overleaf/ac-some-web-esm-migration-5 
[web] Convert some Features files to ES modules (part 5)

GitOrigin-RevId: 0cad67f9afe0095e2b066bf2f4d3717c00540dab
 2025-10-08 08:06:15 +00:00
Antoine Clausse 71f0b28a84 [web] Convert some Features files to ES modules (part 3) (#28494) 
* Rename files to mjs

* Rename test files to mjs

* Update CODEOWNERS

* Update files to ESM

* Update test files to ESM

* Update RestoreManager.test.mjs

* Remove unused `AdminAuthorizationHelper` mock and stub

* Remove unnecessary return

GitOrigin-RevId: 2b9ef126de1d8964afbc6e5641cca36712655866
 2025-09-17 08:05:02 +00:00
Tim Down 36cbe840dd Merge pull request #28246 from overleaf/td-ts-project-dashboard-jsdoc 
Working JSDoc type annotations on project list controller

GitOrigin-RevId: b26833affb0fc2ecd38e869c2523e914eabe6548
 2025-09-09 08:06:26 +00:00
Antoine Clausse 86e74b9228 [web] Update admin permissions to view/modify project contents (#28162) 
* Split capability definitions `modify-project`/`view-project` into `modify-project-content`/`modify-project-setting`/`view-project-content`/`view-project-setting`

* Add admin capabilities check in AuthorizationManager

* Update checks in router

* Update frontend checks

* Remove UI elements for admins without `view-project-content`

* Update tests

* Remove `modify-project-content` from the roles' capabilities

* Update tests

* Add "with admin roles" tests in AuthorizationTests.mjs

GitOrigin-RevId: 3311bcb2da792968927b5b3703b24e069d0baf5b
 2025-09-05 08:05:08 +00:00
Eric Mc Sween e14d56ddb2 Merge pull request #28089 from overleaf/dk-dsmp-post-chat-message 
Add support for posting chat messages

GitOrigin-RevId: 817d723abf6309716c4cfa61e2c260cb7ace0bda
 2025-08-26 08:05:32 +00:00
Domagoj Kriskovic f65f567380 Add getThread in Chat service and use it in AuthorizationMiddleware (#28041) 
* Add getThread in Chat service and use it in AuthorizationMiddleware

* ensure user_id is a string, not ObjectId

* fix tests

GitOrigin-RevId: 42d63366b9b9350d7cdbcbc3b9f4761d9f55b49a
 2025-08-25 08:05:25 +00:00
Brian Gough f5dbbadf79 add option to disable link sharing (#27626) 
* add option to remove link-sharing from backend

* restrict make link-sharing in the frontend based on capability

* extend e2e project-sharing tests to cover OVERLEAF_DISABLE_LINK_SHARING=true

* throw an error when link sharing is disabled in TokenAccessHandler

* throw errors when attempting to add users to projects with link sharing disabled

* Update server-ce/test/project-sharing.spec.ts

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* add tests for existing access when link sharing is disabled

* update tests to specify access restrictions for read-only and read-write link shared projects

* [web] block access to legacy public project with link-sharing disabled

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 5f194dbcb790e973e427c58a3a4a738a5dd74cb4
 2025-08-20 08:05:33 +00:00
Antoine Clausse 422e892231 [web] Map admin capabilities to project PrivilegeLevels (#27488) 
* Add capability `copy-project`

* Check `copy-project` (frontend)

* Update tests

* Suggestion: map `modify-project`-`PrivilegeLevels.OWNER` and `view-project`-`PrivilegeLevels.READ_ONLY`

* Suggestion: remove capability `copy-project`. Use `view-project` instead

* Revert unrelated changes

* Add tests on AuthorizationManager when `adminRolesEnabled`

* Update `Modules.promises.hooks.fire` stubs with `.withArgs('getAdminCapabilities')`

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

* Use `getAdminCapabilities` from AdminAuthorizationHelper.js

---------

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: 61167509c4a035c99831a5b0346347c2e6b5fae0
 2025-08-08 08:07:59 +00:00
Antoine Clausse 4c03ebe4ee [web] Add some types for existing capabilities and PermissionController (#27048) 
* Add types on existing Capabilities code

* Add ts-expect-error comments

* Minor code changes to satisfy types

* Remove ts-check because of unrelated errors

* Remove some ts-expect-error comments

* Revert "Remove some ts-expect-error comments"

This reverts commit 76cc0a073710eecf4f8b88f8579405838607f4d5.

* Remove the `@ts-check`s for now

It looks like typescript is somewhat flaky. We can re-enable this later

* Remove the `@ts-expect-error`s

* Remove return type

GitOrigin-RevId: 57bbd370654592c0662047e72e61f91bf38e0949
 2025-07-15 08:05:29 +00:00
Jakob Ackermann 6cbacc8cb7 [web] fetch project once for joinProject (#25667) 
* [web] fetch project once for joinProject

* [web] await all the nested helpers for getting privilege levels

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>

---------

Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com>
GitOrigin-RevId: f0280c36ef995b417ccdab15014f05954e18c5f0
 2025-06-03 08:06:13 +00:00
Miguel Serrano 8ff8e7a4bf Merge pull request #23006 from overleaf/msm-chat-capabilities-poc-2 
[web] Add option to disable chat for subscription

GitOrigin-RevId: 0052d060c74c39400496f7f9f54c820398d60012
 2025-01-31 09:05:18 +00:00
Domagoj Kriskovic ff9ee2f5a9 Use "can write or review project content" authorization middleware (#23111) 
GitOrigin-RevId: c5d1cb955e5833347f7e0c3610c5b8d768026478
 2025-01-29 09:05:33 +00:00
Domagoj Kriskovic 09195a9b5d Allow reviewers to reopen comment threads (#23075) 
GitOrigin-RevId: 065acf5931213c288dbdcb3bc06da988b094a1f4
 2025-01-27 09:05:10 +00:00
Domagoj Kriskovic 7e5a0a9bea Delete unused canUserReviewProjectContent function (#23073) 
GitOrigin-RevId: 5c2e17a44623916e494a24bf18dbff4e846734d3
 2025-01-27 09:05:02 +00:00
Domagoj Kriskovic 48d08f5b28 Allow reviewers to delete their own comment threads (#23044) 
GitOrigin-RevId: 2165e0f549c9df923fb1c124a7622a49d579c2e3
 2025-01-24 09:05:35 +00:00
Domagoj Kriskovic 741b65d0eb Add ensureUserCanSendComment authorization middleware (#22959) 
* Add ensureUserCanSendComment authorization middleware

* added tests

GitOrigin-RevId: d1f58bd6bc63275456e5280ccb8c99aaa02c4e5f
 2025-01-21 09:05:53 +00:00
Domagoj Kriskovic 30ebad91b7 Allow reviewers to resolve their own comments (#22582) 
* Allow reviewers to resolve their own comments

* check if reviewer is comment author

* add missing translation

* add CommentsController tests

* added DocumentManagerTests

* added HttpControllerTests

* Add AuthorizationManagerTests

* added AuthorizationMiddlewareTests

* added DocumentUpdaterHandler test

* fix test descriptions

* remove returns from CommentsControllerTests

* use ensureUserCanResolveThread in authorizationMiddleware

* move canResolveThread to AuthorizationManager

* commentId as param in NotFoundError

* refactor canUserResolveThread

GitOrigin-RevId: 131c3d1eb9ac916eaaa9221d351a92bc07b80cdc
 2025-01-14 09:05:11 +00:00
Domagoj Kriskovic f39ca200b9 Support for adding reviewer role (#22314) 
* Support for adding reviewer role

* added collaboratorsGetter tests

* emit toggle-track-changes when reviewer is added

GitOrigin-RevId: 5b831102d561f5dbc4b23ab9f6dc63e3a87ea103
 2024-12-10 09:04:47 +00:00
Domagoj Kriskovic 511fe60a9c Revert "Support for adding reviewer role (#22137)" (#22293) 
This reverts commit 54064a7f961fe06f188ab449cd469cdaaf01b20a.

GitOrigin-RevId: 1dabc635756aff465d2fe9aa0d18121b081df3b0
 2024-12-04 09:05:12 +00:00
Domagoj Kriskovic f676eca2b8 Support for adding reviewer role (#22137) 
* Support for adding reviewer role

* show reviewer in track changes user list

* added "review" in assertClientCanViewProject

* test if reviewer can read project

* added collaboratorsGetter tests

* eit toggle-track-changes when track changes changes

* Support for changing privilege to reviewers for invited users (#22159)

* Add reviewer in change privilege level handler

* added reviewer translation

* added acceptance tests

* fix tests

* Set track changes state permissions for reviewer role (#22167)

* Add reviewer in change privilege level handler

* added reviewer translation

* added acceptance tests

* fix tests

* Set track changes state permissions for reviewer role

* added authorization helper tests

* added ensureUserCanReviewProjectContent middleware

* allow changing track changes only with write permissions

* removed canUserReviewProjectContent

* List projects where user is added as a reviewer (#22249)

* List projects where user is added as reviewer

* list projects in /user/projects

* fix tests

GitOrigin-RevId: 54064a7f961fe06f188ab449cd469cdaaf01b20a
 2024-12-04 09:05:00 +00:00
andrew rumble 032deaf05c Switch to mongodb-legacy 
GitOrigin-RevId: 11e09528c153de6b7766d18c3c90d94962190371
 2024-08-21 08:04:24 +00:00
Jimmy Domagala-Tang 918c3e7e33 Merge pull request #19301 from overleaf/jdt-collaborator-ai-usage 
Prevent AI usage on projects where collaborators have a blocking policy

GitOrigin-RevId: 93bdd9c5accff51a14f0585249e13ed7f1fa4e53
 2024-07-26 08:04:35 +00:00
Liangjun Song f4a7b1f298 bypass linking sharing admin redirect for internal projects (#19314) 
* disable linking sharing admin redirect

* address comments

* remove ignoreSiteAdmin

* load admin domains from settings

* add acceptance test

* more tests

* fix tests and restore admin domain

* use adminDomains as array

GitOrigin-RevId: 5acb62e1b6ada0aaeceab6db6a6635f82e30833f
 2024-07-16 08:04:35 +00:00
Jimmy Domagala-Tang f77894c427 Merge pull request #19238 from overleaf/jdt-use-ai-project-fix 
feat: matching rename to checkPermissions within projectController
GitOrigin-RevId: ea05800c145858237fb0b236f9a19837c6c4a9a2
 2024-07-03 08:04:36 +00:00
Jimmy Domagala-Tang 007cc42477 Merge pull request #19152 from overleaf/jdt-project-permissions 
Allow checking permissions for all users on a project and rename checkPermissions -> AssertPermissions

GitOrigin-RevId: 511356cf2fe68367e284347e68e59f6116bd0f80
 2024-07-03 08:04:19 +00:00
Jimmy Domagala-Tang 271700893a Merge pull request #18784 from overleaf/bg-allow-combined-group-policies 
allow combined group policies

GitOrigin-RevId: b23fb0454f794e9094e8e15e732b4322a48ac1ee
 2024-06-24 12:04:13 +00:00
Antoine Clausse 36f0a3e01a [web] Promisify ProjectController (#18477) 
* Create `promiseAuto` util to replace `async.auto`

* Promisify `BrandVariationsHandler.getBrandVariationById`

* Promisify `updateProjectSettings`

* Promisify `updateProjectAdminSettings`

* Promisify `newProject`

* Promisify `deleteProject`

* Promisify `loadEditor`

* Fix brandVariation loading in promise auto

* Promisify `_refreshFeatures`

* Promisify `_injectProjectUsers`

* Fix `no-inner-declarations`

* Promisify `cloneProject`

* Promisify `userProjectsJson`

* Promisify `projectEntitiesJson`

* Promisify `restoreProject`

* Promisify `renameProject`

* Additional warning fix

* Update unit tests

* Fixup `updateProjectSettings`: call jobs inside the Promise.all

* Use `expressify(...)` instead of manually call `next(err)`

https://github.com/overleaf/internal/pull/18477#discussion_r1613611987
https://github.com/overleaf/internal/pull/18477#discussion_r1613621146
https://github.com/overleaf/internal/pull/18477#discussion_r1613634000
...

* Replace Promise.all by sequencial awaits

https://github.com/overleaf/internal/pull/18477#discussion_r1613852746
https://github.com/overleaf/internal/pull/18477#discussion_r1613611987

* Remove manual throws of 500. Let the generic error handler catch them.

https://github.com/overleaf/internal/pull/18477#discussion_r1613623446
https://github.com/overleaf/internal/pull/18477#discussion_r1613628955

* Promisify `untrashProject`

https://github.com/overleaf/internal/pull/18477#discussion_r1613627783

* Promisify `expireDeletedProjectsAfterDuration`

* Promisify `archiveProject`

* Promisify `unarchiveProject`

* Promisify `trashProject`

* Promisify `expireDeletedProject`

* Use async `setTimeout` from `timers/promise`

https://github.com/overleaf/internal/pull/18477#discussion_r1613843085

* Remove unused `_injectProjectUsers`

https://github.com/overleaf/internal/pull/18477#discussion_r1613855766

* Add missing exec in queries (?)

Not sure if that makes a real difference but it's more consistent with the rest of the code

* Catch floating promises

https://github.com/overleaf/internal/pull/18477#discussion_r1613868876

* Replace custom `promiseAuto` by `p-props` from NPM

https://github.com/overleaf/internal/pull/18477#discussion_r1613393294

* Downgrade `p-props` to v4. Later versions require ESM

* Simplify code around `splitTestAssignments`

GitOrigin-RevId: 84d37f7aa9227b5b9acf9eeb5db1b78afc01b6ee
 2024-05-30 08:04:36 +00:00
Miguel Serrano 02d890ef18 Merge pull request #17426 from overleaf/msm-expressify-controllers 
[web] Expressify controller methods

GitOrigin-RevId: 9784176b53a89beed09f9b38915872a6e7fae465
 2024-03-12 09:03:26 +00:00
Jessica Lawshe cb3f70f7ab Merge pull request #17289 from overleaf/jel-permissions-controller 
[web] Move user permissions check to manager

GitOrigin-RevId: 8c59d053da3d8d452cd424b04baa05f5d7d9057a
 2024-02-29 09:04:37 +00:00
Brian Gough ec923c2144 Merge pull request #16194 from overleaf/bg-group-sso-fix-default-permission-check 
fix default permission check for group sso

GitOrigin-RevId: b78c3dd26d852822f06c44c2aef79daea36fc2bd
 2023-12-14 09:03:16 +00:00
Brian Gough 1ff830027f Merge pull request #15726 from overleaf/ab-managed-users-module-cleanup 
[web] Managed users / Group SSO module cleanup

GitOrigin-RevId: a24d3278667059248d9563afe44cafca5f87a7c0
 2023-11-21 09:03:54 +00:00
Alexandre Bourdin e322f4a31f Merge pull request #15418 from overleaf/ds-managedUsersEnabled 
Managed users - Adding a managedUsersEnabled flag on subscription model

GitOrigin-RevId: a03dd169ba71255dd1bec5f7bee8ce9609d95a2f
 2023-11-03 09:00:26 +00:00
Eric Mc Sween 680ebae30b Merge pull request #15172 from overleaf/em-promise-utils 
Move util/promises from web into a shared library

GitOrigin-RevId: fe1980dc57b9dc8ce86fa1fad6a8a817e9505b3d
 2023-10-20 08:04:05 +00:00
Brian Gough d2f470450e Merge pull request #13933 from overleaf/bg-managed-users-add-missing-jsdoc-param 
refactor getUserValidationStatus in PermissionsManager

GitOrigin-RevId: 80ef8142d3556e47e1d6cb323148f1f1042057aa
 2023-07-21 08:04:40 +00:00