agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-27 02:51:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
26,315 Commits 3 Branches 19 Tags
f295bbc3beef75276cb6ab86970bf9bbc19e01b9
Commit Graph

318 Commits

Author SHA1 Message Date
David
75030aa410 Merge pull request #27928 from overleaf/dp-pdf-caching-typescript-2 
Convert pdf-caching file to typescript

GitOrigin-RevId: 9acd2fc0697490008d82abfad0994df362814bad
 2025-09-09 08:06:57 +00:00
Liangjun Song
b678b545f7 Merge pull request #28202 from overleaf/ls-remove-user-features-for-past-due-stripe-subscriptions 
Remove paid user features for past due Stripe subscriptions

GitOrigin-RevId: 07a97f90312db7f6e91cbf15201f71cbdeb2e33c
 2025-09-09 08:06:52 +00:00
Tim Down
36cbe840dd Merge pull request #28246 from overleaf/td-ts-project-dashboard-jsdoc 
Working JSDoc type annotations on project list controller

GitOrigin-RevId: b26833affb0fc2ecd38e869c2523e914eabe6548
 2025-09-09 08:06:26 +00:00
Antoine Clausse
86e74b9228 [web] Update admin permissions to view/modify project contents (#28162) 
* Split capability definitions `modify-project`/`view-project` into `modify-project-content`/`modify-project-setting`/`view-project-content`/`view-project-setting`

* Add admin capabilities check in AuthorizationManager

* Update checks in router

* Update frontend checks

* Remove UI elements for admins without `view-project-content`

* Update tests

* Remove `modify-project-content` from the roles' capabilities

* Update tests

* Add "with admin roles" tests in AuthorizationTests.mjs

GitOrigin-RevId: 3311bcb2da792968927b5b3703b24e069d0baf5b
 2025-09-05 08:05:08 +00:00
Andrew Rumble
065cabb2be Add view-group-manager capability 
GitOrigin-RevId: 107519e790bb4bb58ce39a4475a6e380826f2d87
 2025-09-02 08:05:09 +00:00
roo hutton
4ec437db9e Merge pull request #28003 from overleaf/rh-b2c-js-ts 
Migrate B2C js to typescript: contact form, form helpers, and algolia

GitOrigin-RevId: b9ec423cdc551123a5b471e4a4c1a482b6a02e16
 2025-08-29 08:06:21 +00:00
Antoine Clausse
6a53fedb36 [web] Add modify-user-account-status admin permission check on critical user operations (#27976) 
* Require `modify-login-status` on `DELETE /admin/user/:user_id`

* Require `modify-login-status` on `DELETE /admin/user/:user_id/overleaf` (V1)

* Require `modify-login-status` on `DELETE /admin/user/:user_id/generate_password_reset_url`

* Require `modify-login-status` on `DELETE /admin/deleted-user/recover/:user_id`

* Update tests

* Add `ol-adminCapabilities` to deleted-user-show.pug

* Remove user-list checkboxes for admins without `modify-login-status`

* Update tests

* Rename 'modify-login-status' to 'modify-user-account-status'

GitOrigin-RevId: d3c2d0d96b79150f32cb58bfdf65042d7d447636
 2025-08-28 08:05:26 +00:00
Antoine Clausse
af44f478b9 [web] Add admin permission modify-group-manager (#27642) 
* Add capacity `modify-group-manager`

* Check `modify-group-manager` (backend)

* Check `modify-group-manager` (frontend)

* Update tests

* Rename AdminPermissions to mjs

* Add `ol-adminCapabilities` in frontend tests

* Allow modifying group managers if `adminRolesEnabled` is false

* Add `adminPrivilegeAvailable` check

* Update: set `ol-canModify` boolean instead of `ol-adminCapabilities`

* Mock `hasAnyAccess`

* Use `hasAdminCapability` helper

* Add `ol-canModify` to types

* Remove `isAdminMiddleware` as we don't want to relax the permissions for now

* Fix: pass `res` to `hasAnyAccess` (!!)

* * Check `hasWriteAccess` (`hasAdminCapability('modify-group-manager')` or `staffAccess.groupManagement`) in the Pug file
* Fix: Check `hasWriteAccess` in the publisher and institution pug files (!)
* Revert `hasAnyAccess` changes
* Rename `ol-canModify` to `ol-hasWriteAccess` for consistency with other variables

* Remove redundant file AdminPermissions.mjs

* Update unit test

* Revert changes to UserMembershipController.test.mjs

* Rename to `requireGroupManagersWriteAccess`

GitOrigin-RevId: f3f0b1b17abd1d2f0c363688e87d9063de886e3c
 2025-08-21 08:05:07 +00:00
David
0b76174936 Merge pull request #27989 from overleaf/dp-pdf-caching-transport 
Re-convert pdf-caching-transport to typescript

GitOrigin-RevId: f0033afd5d46bc1da00a0d815b946225a804ca19
 2025-08-20 08:05:38 +00:00
David
016fcffd56 Merge pull request #27987 from overleaf/dp-pdf-caching-revert 
Revert "Merge pull request #27892 from overleaf/dp-pdf-caching-typescript"

GitOrigin-RevId: 036a05cfe5db754d1f1050bd58d2cd605550bc18
 2025-08-19 08:05:42 +00:00
David
9f7c1f7a69 Merge pull request #27892 from overleaf/dp-pdf-caching-typescript 
Convert pdf-caching-transport to typescript

GitOrigin-RevId: 161cac41eebd9d92804fad6bce85a863573b133e
 2025-08-19 08:05:31 +00:00
Simon Gardner
ccd770f433 Merge pull request #27851 from overleaf/slg-group-member-pricing-js-to-ts 
[web] Migrate group-member-pricing.jsx to tsx

GitOrigin-RevId: f5fd95939f6af5dfaedb1fafeecec04ceb6612f6
 2025-08-19 08:05:18 +00:00
Domagoj Kriskovic
eac4a5cb13 Show Recurly's line items breakdown in subscription change preview (#27809) 
* Show Recurly's line items breakdown in subscription change preview

* fix rounding, filter items that cancel each other out

GitOrigin-RevId: 0f5d71b3917ce8a52ff36608a6ec6280fe7d38ce
 2025-08-19 08:05:02 +00:00
Rebeka Dekany
532f9b6549 Remove Bootstrap 3 related types (#27959) 
* Remove bootstrap-5 folder and move tokens to foundations

* Remove unused `BsStyle` and `BsSize`

* Fix the size prop of the reference search modal

GitOrigin-RevId: 566ee519c50a39dd80bda475af40383ef8154a2c
 2025-08-19 08:04:54 +00:00
Antoine Clausse
40772ef819 [web] Add admin permissions modify-group-member and modify-managed-group-member (#27665) 
* Add capability `modify-managed-group-member` & `modify-group-member`

* Check `modify-managed-group-member` & `modify-group-member` (backend)

* Check `modify-managed-group-member` & `modify-group-member` (frontend)

* Update tests

* Update with `ol-hasWriteAccess` flag

* Update tests

* Move functions to AdminAuthorizationHelper.js

* Update import to fix build error

* Add `ol-hasWriteAccess` to types

* Use `hasAdminAccess()` instead of `req?.user?.isAdmin`

* Add tests on `/manage/groups/:id/invites` depending on admin roles

* Reuse `UserMembershipAuthorization.hasAdminCapability`

* Fix: Add entityAccess check

* Update unit test

* Rename `hasAdminGroupMemberCapability` to `hasModifyGroupMemberCapability`

* Remove useless and redundant `hasWriteAccess` check

* Restore stub in afterEach

GitOrigin-RevId: 4b6d83751121b43d4c19d0dbd82a4833cf7a6f24
 2025-08-15 08:05:57 +00:00
Antoine Clausse
d49f0e28e3 [web] Add admin permission modify-group-setting (#27657) 
* Add capacity `modify-group-setting`

* Check `modify-group-setting` (backend)

* Check `modify-group-setting` (frontend)

* Update tests

* Fix: Add entityAccess check

* Update unit test

GitOrigin-RevId: 7702fe34762ecb8bd050c2fa2b6e95a9baf90be3
 2025-08-15 08:05:52 +00:00
Antoine Clausse
f4d8d29f5b [web] Add admin permission modify-project (#27491) 
* Add capability `modify-project`

* Check `modify-project` (frontend)

* Check `modify-project` (backend)

* Update tests

* Allow admin to open project regardless of `modify-project`

* Hide `CurrentHistoryDebug` for admins without `modify-project`

GitOrigin-RevId: 92b9b59a2cafff26ea943209b60cda4e95bd58b0
 2025-08-15 08:05:47 +00:00
Liangjun Song
b9fc80f503 Merge pull request #27800 from overleaf/ls-support-create-stripe-customer-from-admin-panel 
Support creating Stripe customer from admin panel

GitOrigin-RevId: 3e23008e1f4690e6f3737b5689e20958bf468f82
 2025-08-15 08:05:34 +00:00
David
671059fdfc Merge pull request #27878 from overleaf/dp-share-project-modal-utils-typescript 
Convert remaining share-project-modal utils to typescript

GitOrigin-RevId: fc3fc7fbf7c8057c57f0aab261e4cedc3f7c602e
 2025-08-14 08:06:24 +00:00
David
3c1e14b04a Merge pull request #27871 from overleaf/dp-pdf-preview-typescript-3 
Convert pdf-preview metrics to typescript

GitOrigin-RevId: be8f9f97915e0681f9db4f047ed7af27afa080cf
 2025-08-14 08:06:16 +00:00
Antoine Clausse
9774d9048c [web] Add admin permissions modify-group & modify-managed-group (#27456) 
* Add capabilities `modify-group` and `modify-managed-group`

* Fix: Warning: validateDOMNesting(...): <span> cannot appear as a child of <option>

* Add `form-control` to select (fix styles)

* Check if admin can modify the group (frontend)

* Check if admin can modify the group (backend)

* Update tests

* Fix: Set `useSettingsUKAMF` state from `data?.useSettingsUKAMF`

* Add tests: Subscriptions update with adminRolesEnabled

* Use `getAdminCapabilities` helper

* Update `requireModifyGroupPermission` to array

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

* Rename `canModify` to `canModifySubscription`

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

* Refactor `requireModifyGroupPermission` stub

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

* Test with `adminRolesEnabled` in SubscriptionDeletionTests.mjs

* Update test description with `adminRoles`

---------

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: 37b9a2e838fd566a33aa3a70631cebfd01b520ef
 2025-08-14 08:05:00 +00:00
Andrew Rumble
a85aff5668 Add new admin capabilities 
GitOrigin-RevId: 36cb9da879883a25fe3214e15e4ebb3044137d22
 2025-08-13 08:06:43 +00:00
Andrew Rumble
161e9d4362 Add manage-survey capability 
GitOrigin-RevId: abc8af69e51009957d644e2aec3c31ba2646c0dc
 2025-08-13 08:05:56 +00:00
Antoine Clausse
d145d309be [web] Add admin permission view-script-log (#27463) 
* Add capability `view-script-log`

* Check `view-script-log` (frontend)

* Check `view-script-log` (backend)

* Update tests

GitOrigin-RevId: 70fdb94875c9db69772b1450f03802917c4c52d4
 2025-08-08 08:07:54 +00:00
Simon Gardner
203e2e914b Merge pull request #27464 from overleaf/slg-filter-group-member-list 
add user filter to group member list

GitOrigin-RevId: 0a65ca377979de706e2e43ee024d2cee9261a121
 2025-08-06 08:05:05 +00:00
roo hutton
58b8e36739 Merge pull request #27215 from overleaf/rh-stripe-pause-status 
Update features and subscription state when Stripe pause starts and ends

GitOrigin-RevId: 368f5d9b046cfe26e996be336189081b96926713
 2025-08-06 08:04:57 +00:00
M Fahru
34a47c7767 Merge pull request #27551 from overleaf/kh-fix-failing-webhook-event 
[web] prefer metadata over email for invoice.paid events

GitOrigin-RevId: cfb06333b62dfb5018bcdee0f153a812d19ff328
 2025-08-01 08:07:10 +00:00
Antoine Clausse
fdef2b2395 [web] Add admin permission view-audit-log (#27402) 
* Add capability `view-audit-log`

* Fix: Don't fetch `user.auditLog` twice

* Check `view-audit-log` (frontend)

* Check `view-audit-log` (backend)

* Update tests

GitOrigin-RevId: 7e20f2bdc6387144503490f6aba234d967f84913
 2025-08-01 08:06:43 +00:00
Antoine Clausse
8166acf612 [web] Add admin permission modify-feature-override (#27395) 
* Add capability `modify-feature-overrides`

* Check `modify-feature-overrides` for create endpoint (frontend)

* Check `modify-feature-overrides` for create endpoint (backend)

* Update tests

* Check `modify-feature-override` for delete endpoint (frontend)

* Check `modify-feature-override` for delete endpoint (backend)

* Update tests

* Fixup test name

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

---------

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: ebf37e48fed1dd6fda23ca8c7a5baf55af1cde38
 2025-08-01 08:06:39 +00:00
Antoine Clausse
084f6becb3 [web] Add admin permission create-recurly-account (#27376) 
* Add capability `create-recurly-account`

* Check `create-recurly-account` (frontend)

* Check `create-recurly-account` (backend)

* Update tests

GitOrigin-RevId: f4a66937333fbd101cbf0562d768f185f41c88cf
 2025-08-01 08:06:31 +00:00
Antoine Clausse
371ddd286d [web] Add admin permission view-user-additional-info (#27335) 
* Add capability `view-user-additional-info`

* Check `view-user-additional-info` (frontend)

* Check `view-user-additional-info` (backend)

* Update tests

* Fix prop type

* Add missing `view-user-additional-info` in `product` role

GitOrigin-RevId: b912b98eac1325b74d42079feaf94d0ec99825c1
 2025-08-01 08:06:27 +00:00
ilkin-overleaf
1c5ed10bbb Merge pull request #27276 from overleaf/ii-domain-capture-anaylze-saml-response 
[web] Domain capture analyze saml response

GitOrigin-RevId: 5a970968bdf14ab6f52d883a390d420b00cb4d8d
 2025-07-30 08:07:30 +00:00
ilkin-overleaf
ca7a8f417f Merge pull request #26902 from overleaf/ii-group-sso-config-email-attribute 
[web] Add email attribute to ssoConfig

GitOrigin-RevId: 313ad45987fb408c62ef30575dacaea1041471da
 2025-07-30 08:07:16 +00:00
Antoine Clausse
7eb4d1140f [web] Add admin permission create-subscription (#27382) 
* Add capability `create-subscription`

* Check `create-subscription` (frontend)

* Check `create-subscription` (backend)

* Update tests

GitOrigin-RevId: bc75b99f74573f50d5b1cb003244658040c76064
 2025-07-28 08:05:04 +00:00
Antoine Clausse
5a8d267fa8 [web] Add admin permission modify-login-status (#27331) 
* Add capability `modify-login-status`

* Check `modify-login-status` (backend)

* Check `modify-login-status` (frontend)

* Prevent the side-effects to `suspended` changes

* Update tests

GitOrigin-RevId: e01b276ada1e938e549e31aaa92fe7a75e33eba1
 2025-07-28 08:04:59 +00:00
Liangjun Song
ec591c4f7b Merge pull request #27150 from overleaf/ls-flexible-licensing-for-stripe-manually-billed-users 
Support Stripe manually billed users in flexible licensing

GitOrigin-RevId: b3211577a313f3a241320bfe3910cf648ee49319
 2025-07-25 08:05:32 +00:00
Andrew Rumble
6daf877c90 Add view-session, clear-session capabilities 
GitOrigin-RevId: 10134ab400939c388c5e563ac216af122bffaeb6
 2025-07-25 08:05:16 +00:00
Antoine Clausse
26dde244a1 [web] Add admin permission modify-user-name (#27284) 
* Add capabilitiy `modify-user-name`

* Check `modify-user-name` (backend)

* Check `modify-user-name` (frontend)

* Add `isAdmin: true` in UserAdminController.test.mjs

* Disable the name inputs instead of hidding them, so admins can still see them

* Update tests

* Update services/web/modules/admin-panel/test/unit/src/UserAdminController.test.mjs

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

---------

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: 8731a57aaea8960606ecb4ecd5094eef4fb86f89
 2025-07-24 08:05:39 +00:00
Andrew Rumble
2fcccb2d3a Block clearing saml data without relevant capability 
GitOrigin-RevId: d556b9fc1f5fd3f52beb472181779430f9d8d1fe
 2025-07-23 08:05:42 +00:00
Tim Down
0778bab910 Merge pull request #27254 from overleaf/td-project-dashboard-cookie-banner 
Implement React cookie banner on project dashboard

GitOrigin-RevId: 95d2778d7ce7cb3054a06b06486b815a3453a623
 2025-07-22 08:06:05 +00:00
Domagoj Kriskovic
d5b5710d01 Add docModified hook in ds-mobile-app module (#27196) 
* Add docModified hook in ds-mobile-app module

* use Object.entries when iterating over promises

* avoid project lookup

* update tests

GitOrigin-RevId: 88676746f56558a97ce31010b57f5eeb254fefef
 2025-07-22 08:05:56 +00:00
Andrew Rumble
5d79cf18c0 Define all initial roles 
GitOrigin-RevId: ad613bad4d8a47e327281e90b5475e989a3ccec4
 2025-07-22 08:05:42 +00:00
Antoine Clausse
cf668d897d [web] Create middleware and functions for checks on admin permissions (#27107) 
* Create AdminCapabilities in admin-panel module

* Add `adminRolesEnabled` setting

* Use `PermissionsController.requirePermission` in admin-panel routes

* Update `adminCapabilities` to be an array

* Update frontend tests

* Rename `defaultAdminCapabilities` to `fullAdminCapabilities`

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* Add tests to PermissionsManagerTests.js

* Get admin roles and capabilities from the database

* Add tests to admin-panel

* Fixup PermissionsManagerTests.js without admin-panel module

* Revert "Use `PermissionsController.requirePermission` in admin-panel routes"

This reverts commit ccbf3e3e3bca9239b786c662cba2ac6bd2f4117a.

* Revert "Fixup PermissionsManagerTests.js without admin-panel module"

This reverts commit 6d7ad207bb17c5ca4c12c489d4636a02c608926d.

* Revert "Add tests to PermissionsManagerTests.js"

This reverts commit 8f9cc911750911e1c4b74b631d8c8a1b1ca86630.

* Fix tests after the reverts

* Replace capabilities to more sensible examples ('modify-user-email' and 'view-project')

* Set `adminRolesEnabled: false` for now

* Return `[]` capabilities for non-admins

* Misc: types, test description, settings ordering

* Small refactor of AdminPermissions.mjs:

Reuse code with `getMissingCapabilities`
Throw when `requiredCapabilities` is empty

* Update tests after update

* Rename `checkAdminPermissions` to `hasAdminPermissions`

* Change role permissions to array instead of object

* Remove admin capabilities when `!Settings.adminPrivilegeAvailable`

* Return `[]` if there is no user id

* Throw if `user?._id` is missing

* Update services/web/modules/admin-panel/app/src/AdminPermissions.mjs

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>

* Adjust to ForbiddenError constructor syntax

* Give empty capabilities for unknown role, update tests

---------

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 1eec4f6a45e1cc3ae76a3a4603cec1ceba1c2322
 2025-07-18 08:06:40 +00:00
Jessica Lawshe
524402e817 Merge pull request #26603 from overleaf/jel-domainCaptureEnabled 
[web] Add admin toggle for setting `domainCaptureEnabled` feature for groups

GitOrigin-RevId: d116a493402f39c06b3267bf5294ed90ed3e762d
 2025-07-15 08:06:23 +00:00
Antoine Clausse
10f4722641 [web] Add some types to web module (#27051) 
* Update `WebModule` types

* Add `if (module.middleware)` so types are satisfied

GitOrigin-RevId: 875fa2710a65d557037771c3eb76ff3cb0e73429
 2025-07-15 08:05:34 +00:00
Antoine Clausse
4c03ebe4ee [web] Add some types for existing capabilities and PermissionController (#27048) 
* Add types on existing Capabilities code

* Add ts-expect-error comments

* Minor code changes to satisfy types

* Remove ts-check because of unrelated errors

* Remove some ts-expect-error comments

* Revert "Remove some ts-expect-error comments"

This reverts commit 76cc0a073710eecf4f8b88f8579405838607f4d5.

* Remove the `@ts-check`s for now

It looks like typescript is somewhat flaky. We can re-enable this later

* Remove the `@ts-expect-error`s

* Remove return type

GitOrigin-RevId: 57bbd370654592c0662047e72e61f91bf38e0949
 2025-07-15 08:05:29 +00:00
M Fahru
028d4b481f Merge pull request #26965 from overleaf/mf-trials-convert-to-regular-should-not-send-subscription-renewed 
[web] Stop sending any event when trial changes to active for Stripe subscription on `customer.subscription.updated` stripe webhook event type

GitOrigin-RevId: 11256878cd2828036aad3130a05ad36d95466199
 2025-07-11 08:06:50 +00:00
M Fahru
16f3795c3e Merge pull request #25962 from overleaf/mf-stripe-payment-page-form-success-event 
[web] Simulate sending `payment-page-form-success` event when user successfully subscribe using Stripe

GitOrigin-RevId: 82243fc16d3410670e4e6e9c0ccd487a5f2253a3
 2025-07-08 08:07:20 +00:00
M Fahru
b3c339464e Merge pull request #25911 from overleaf/mf-stripe-payment-page-form-submit-event 
[web] Simulate `payment-page-form-submit` event for Stripe subscription

GitOrigin-RevId: 8cfa1a2d91aaea4314a4a40f3256bade50507084
 2025-07-08 08:07:16 +00:00
Mathias Jakobsen
913caca379 Merge pull request #26850 from overleaf/mj-chat-deleted-user 
[web] Handle deleted users in chat threads

GitOrigin-RevId: 6593bf37e4f2339b40069b7cf4198166660852fb
 2025-07-08 08:06:17 +00:00