jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
8,003 Commits 33 Branches 583 Tags
4fc6f5a0949f3b40971f12d703a0745cee017f1c
Commit Graph

42 Commits

Author SHA1 Message Date
Girish Ramakrishnan 3246edd5a8 rework cloudron registration flow 
we now route all the registration, login etc via the backend

subscription management are also in a separate scope now
 2019-05-03 19:47:20 -07:00
Girish Ramakrishnan c15449492a settings: remove appstore scope 2019-02-22 09:43:26 -08:00
Girish Ramakrishnan 08bb8e3df9 Make token API id based 
we don't return the accessToken anymore
 2019-02-15 14:31:43 -08:00
Girish Ramakrishnan e0cd7999eb Make spaces an edition instead of setting 2018-08-28 18:31:48 -07:00
Girish Ramakrishnan a0a523ae71 spaces: verify app ownership in app management routes 2018-08-03 17:35:58 -07:00
Girish Ramakrishnan 47c8700d42 make scopesForUser async 2018-08-03 09:34:19 -07:00
Girish Ramakrishnan 78a2176d1d Make admin simply a boolean instead of group 
This simplifies a lot of logic. Keeping an admin group has no benefit
 2018-07-26 22:29:57 -07:00
Girish Ramakrishnan b4d5def56d Revert role support 2018-07-26 13:23:06 -07:00
Girish Ramakrishnan 38977858aa When issuing token intersect with the existing user roles 
Also:
* Move token validation to accesscontrol.js
* Use clients.addTokenByUserId everywhere
 2018-06-28 00:07:43 -07:00
Girish Ramakrishnan 6510240c0a Fix accesscontrol.intersectScopes 2018-06-27 18:08:38 -07:00
Girish Ramakrishnan d66dc11f01 Make canonicalScopeString return sorted array 2018-06-27 14:07:25 -07:00
Girish Ramakrishnan 6907475f7a Add app management scope 
This splits the apps API into those who have just 'read' access
and those who have 'manage' access.
 2018-06-26 08:56:30 -07:00
Girish Ramakrishnan f932f8b3d3 Add user management scope 
This splits the user and groups API into those who have just 'read' access
and those who have 'manage' access.
 2018-06-25 16:10:00 -07:00
Girish Ramakrishnan 7ab5d5e50d Add domain management scope 
This splits the domains API into those who have just 'read' access
(i.e without configuration details) and those who have 'manage' access.
 2018-06-25 15:12:22 -07:00
Girish Ramakrishnan 60ed290179 validate role names against existing roles 2018-06-18 17:32:07 -07:00
Girish Ramakrishnan 6cd0601629 Map group roles to scopes 2018-06-18 14:52:39 -07:00
Girish Ramakrishnan b6b7d08af3 Rename to accesscontrol.canonicalScopeString 2018-06-17 22:43:42 -07:00
Girish Ramakrishnan 6a2dacb08a Make intersectScopes take an array 2018-06-17 22:39:33 -07:00
Girish Ramakrishnan 1015b0ad9c validateScope -> validateScopeString 2018-06-17 22:29:17 -07:00
Girish Ramakrishnan ad6bc191f9 Make hasScopes take an array 2018-06-17 21:06:17 -07:00
Girish Ramakrishnan 682f7a710c Add an appstore scope for subscription settings 2018-06-17 18:09:13 -07:00
Girish Ramakrishnan 156ffb40c9 Remove scope from users.get 2018-06-17 16:07:20 -07:00
Girish Ramakrishnan 24b0a96f07 Move passport logic to routes 2018-06-15 17:32:40 -07:00
Girish Ramakrishnan a1ac7f2ef9 Remove support for authenticating non-oauth2 clients via BasicStrategy 
This is not used anywhere
 2018-06-15 15:38:58 -07:00
Girish Ramakrishnan 6aef9213aa Add notes on the various strategies 2018-06-15 15:38:53 -07:00
Girish Ramakrishnan a77d45f5de Add rolesJson to groups table 
This will contain the roles ('role definition') of a group of
users. We will internally map these to our API scopes.
 2018-06-14 22:54:52 -07:00
Girish Ramakrishnan 8795da5d20 Allow subscopes 
We can now have scopes as apps:read, apps:write etc
 2018-06-14 20:56:04 -07:00
Girish Ramakrishnan dc86b0f319 validateRequestedScopes -> hasScopes 2018-06-14 20:31:48 -07:00
Girish Ramakrishnan f7089c52ff normalizeScope -> intersectScope 2018-06-14 20:23:56 -07:00
Girish Ramakrishnan 62793ca7b3 Add accesscontrol.canonicalScope tests 2018-06-14 20:17:59 -07:00
Girish Ramakrishnan f09e8664d1 Return canonical scope in REST responses 
The '*' scope is purely an implementation detail. It cannot
be requested as such.
 2018-05-02 12:36:41 -07:00
Girish Ramakrishnan f1abb2149d gravatar url is already generated client side 2018-05-01 14:30:48 -07:00
Girish Ramakrishnan 8c4015851a merge auth.js into accesscontrol.js 2018-05-01 14:03:10 -07:00
Girish Ramakrishnan d5b594fade return the scope as part of the user profile 
send canonical scope in the profile response
 2018-05-01 13:25:47 -07:00
Girish Ramakrishnan c5ffb65563 Fix usage of normalizeScope 2018-05-01 13:21:53 -07:00
Girish Ramakrishnan 23bc0e8db7 Remove SDK Role 
Just compare with the token's clientId instead
 2018-04-30 23:03:30 -07:00
Girish Ramakrishnan 240ee5f563 Ensure we hand out max user.scope 
The token.scope was valid at token creation time. The user's scope
could since have changed (maybe we got kicked out of a group).
 2018-04-30 22:51:57 -07:00
Girish Ramakrishnan 61d803f528 Use SCOPE_ANY everywhere 2018-04-30 21:44:24 -07:00
Girish Ramakrishnan bc4f9cf596 Remove redundant requireAdmin 
We already hand out scopes based on the user's access control
 2018-04-30 21:38:48 -07:00
Girish Ramakrishnan 9789966017 Set the scope for a token basedon what the user has access to 2018-04-30 21:21:18 -07:00
Girish Ramakrishnan 91e846d976 Add SCOPE_DOMAINS 2018-04-29 18:11:33 -07:00
Girish Ramakrishnan 3b7bcc1f61 refactor scopes into accesscontrol.js 
this will be our authorization layer for oauth and non-oauth tokens.
 2018-04-29 17:50:07 -07:00