e4e558c0e6
Hide access tokens if user is not the project owner.
...
This prevents sneaky read-only users from sniffing out the read-write
link via the browser console.
2017-10-05 13:18:30 +01:00
6482cd7dd8
Generate tokens on old projects if they're not present
2017-10-04 16:31:24 +01:00
b6c2a8f7f7
Tidy up callbacks
2017-10-03 14:14:22 +01:00
7b33f8b4c2
Unit test TokenAccessController
2017-10-03 14:04:59 +01:00
ede497f4b3
Unit test TokenAccessHandler
2017-10-03 10:02:26 +01:00
9f24f696a5
Use custom header, send anonToken in payload to joinProject
2017-09-29 16:32:07 +01:00
34d4d1360f
Anon read-token: add an Authorization header to $http
2017-09-29 15:54:55 +01:00
e04d10d11f
Styling of link-share, and fix read-only link
2017-09-29 10:59:30 +01:00
df338ebd6d
Show tokens in share modal
2017-09-29 10:11:23 +01:00
9810f63245
Render editor for token access, stub out ui changes
2017-09-28 16:06:08 +01:00
4552f3be67
Move the getPublicAccessLevel helper to top-level of module
2017-09-28 10:53:35 +01:00
27dcf6c4c5
Fix a typo causing double-callbacks
2017-09-28 10:37:57 +01:00
574b115022
Working token-based access
2017-09-27 14:01:52 +01:00
ee32648bf4
Order privileges by highest-to-lowest
2017-09-22 15:55:38 +01:00
81170d472d
Add token-access routes
2017-09-22 14:54:35 +01:00
95292a2e55
Add unique index to token properties
2017-09-21 15:06:42 +01:00
441c207953
Generate tokens by default
2017-09-21 15:04:15 +01:00
abe41b6948
Fix projection in project query
2017-09-21 13:37:10 +01:00
863d327743
Change logic to exclude token users
2017-09-21 11:02:55 +01:00
931ba56e33
Add an 'owner' source tag, for the project owner
2017-09-21 09:35:25 +01:00
ef7e1ceabf
Rename functions to make distinction between invited/token members
2017-09-21 09:30:38 +01:00
91ec0da239
Use the invitedMembers function for sending tpds updates
2017-09-20 15:48:20 +01:00
574baf386e
Alter getProjectsUserIsMemberOf to include token-access projects.
...
Also change the api to produce an object with the different project lists
attached, rather than a pair of lists.
2017-09-20 15:26:03 +01:00
ceb7c509d0
Rename getProjectsUserIsCollaboratorOf to ...IsMemberOf
...
This brings the naming more in line with current conventions.
2017-09-20 13:16:50 +01:00
069f49d5a6
Change getCollaboratorCount to getInvitedCollaboratorCount.
...
And update the one call-site in LimitationsManager. This function
is used to limit invites, so it makes sense to explicitely limit
this to Invited members of the project.
2017-09-20 10:29:47 +01:00
8460160076
Add a getInvitedMembersWithPrivilegeLevels function.
...
Then use it to build the loadProject view-model.
2017-09-20 10:02:43 +01:00
cf54989e6a
Add a getInvitedMemberIds function
...
Limited to only members who were invited to the project, not users
who have access via a token.
2017-09-20 09:36:56 +01:00
fc202439ab
Read-only privelege for anonymous access
2017-09-20 09:36:06 +01:00
06966f67db
Differentiate project members by source, include token members
2017-09-20 09:35:19 +01:00
a06f4b6b28
Remove remaining traces of UserStub
2017-09-19 16:16:39 +01:00
7919d5342b
Remove obsolete add-email-to-project workflow
2017-09-19 15:57:19 +01:00
c87df7be79
Add token-access user refs to Project
2017-09-19 09:27:22 +01:00
8fece2d5f0
Add tokenBased access level
2017-09-18 10:58:13 +01:00
2011432120
Add tokens property to Project model
2017-09-18 10:27:28 +01:00
adf211a226
Merge pull request #594 from sharelatex/ja-include-token-in-project-schema
...
Include OL tokens in project schema
2017-09-15 11:41:24 +02:00
9f9c15f6f5
Merge pull request #599 from sharelatex/bg-reset-project-state
...
clear docupdater project state in deleteAuxFiles
2017-09-15 09:09:29 +01:00
28a80cf23d
Merge pull request #604 from sharelatex/bg-fix-root-doc-in-incremental-compile
...
fix root doc in incremental compile
2017-09-13 13:47:22 +01:00
a04adbf132
remove extra security headers
2017-09-13 11:53:11 +02:00
51eb94a493
handle incremental compile without root doc
2017-09-13 10:10:44 +01:00
0e87b8950e
update clearProjectState endpoint
2017-09-12 11:40:00 +01:00
d6834ff417
add security headers using Helmet
...
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
- a user is logged in, OR
- a project is displayed
2017-09-12 11:17:59 +02:00
5430c8a3c2
Merge pull request #593 from sharelatex/bg-fix-inactive-projects-request
...
avoid error when passing as limit in mongo query
2017-09-11 08:16:28 +01:00
6d73c48c36
Merge pull request #596 from sharelatex/bg-suppress-incremental-compile-after-errors
...
suppress incremental compile after errors
2017-09-11 08:15:50 +01:00
2b4c8bd846
clear docupdater project state in deleteAuxFiles
2017-09-08 15:57:29 +01:00
e8435e3eae
make condition clearer for incremental compile
2017-09-08 13:39:24 +01:00
1b144ed183
Merge pull request #595 from sharelatex/as-fix-share-emails
...
Fix UX issues in email autocompletion in share modal
2017-09-08 11:25:16 +01:00
03a5ff2e43
skip incremental compile after docupdater error
2017-09-07 15:06:09 +01:00
586d1f1599
Merge pull request #531 from sharelatex/sk-allow-explicit-ses-email-config
...
Instantiate the ses client if explicitly specified.
2017-09-07 10:21:01 +01:00
320466a4f7
Catch invalid email address and show specific error message
2017-09-06 13:47:45 +01:00
79566a9214
Prevent autocomplete on suggestions that don't match
...
The behaviour of the ngTagsInput directive is somewhat counter-intuitive -
typing part of a suggested email will appear as though it matches but pressing
enter will not input the suggestion, but the current typed value.
Disabling add on enter will still allow enter to select the selection, but
prevents selection of the partially typed email/name.
2017-09-06 11:39:30 +01:00
Shane Kilkelly