jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
9,305 Commits 33 Branches 583 Tags
77785097c140f85f6b7aa762348e12b3b43a13a2
Commit Graph

47 Commits

Author SHA1 Message Date
Girish Ramakrishnan
7e0ef60305 Fix incorrect role comparison 2020-03-15 16:19:22 -07:00
Johannes Zellner
890b46836b Do not allow lower level roles to edit higher level ones 2020-03-07 13:53:01 -08:00
Johannes Zellner
afa2fe8177 Improve role add/edit error message 2020-03-06 13:16:50 -08:00
Johannes Zellner
de23d1aa03 Do not allow to set active flag for the operating user 2020-03-05 21:00:59 -08:00
Girish Ramakrishnan
0e156b9376 migrate permissions and admin flag to user.role 2020-02-21 16:49:20 -08:00
Girish Ramakrishnan
c537dfabb2 add manage user permission 2020-02-13 22:49:58 -08:00
Girish Ramakrishnan
d1911be28c user: load the resource with middleware 2020-02-13 20:59:17 -08:00
Johannes Zellner
1fbbaa82ab Generate the user invite link only in one location 2020-02-05 15:53:05 +01:00
Girish Ramakrishnan
3427db3983 Add app passwords feature 2020-01-31 22:03:19 -08:00
Johannes Zellner
9151965cd6 Keep user objects in REST api responses more coherent 2020-01-06 11:54:00 +01:00
Girish Ramakrishnan
5c920fd200 never skip password verification 2019-11-07 13:10:12 -08:00
Girish Ramakrishnan
6e57f8cc03 Refactor toHttpError code into BoxError 2019-10-24 18:09:55 -07:00
Girish Ramakrishnan
4793eb9ef5 Finish UsersError removal 2019-10-24 15:19:07 -07:00
Girish Ramakrishnan
bc3169deb3 Move UsersError to BoxError 2019-10-24 15:06:41 -07:00
Girish Ramakrishnan
94b4bf94c0 Merge active flag into update route 2019-08-08 08:17:08 -07:00
Girish Ramakrishnan
0ab6cad048 Add user enable/disable flag 2019-08-08 06:31:46 -07:00
Girish Ramakrishnan
e7127df30d remove app ownerId 
this is unused
 2019-07-02 21:23:51 -07:00
Girish Ramakrishnan
6bbe2613b4 Return 412 for bad password 2019-06-20 16:44:53 -07:00
Johannes Zellner
c2f464ea75 password change api now returns 400 instead of 403 2019-05-13 23:46:38 +02:00
Girish Ramakrishnan
d752c68790 re-factor all the audit source objects 2019-03-25 15:15:39 -07:00
Girish Ramakrishnan
ee76c2c06e Return 403 if totp token is invalid 
the ui redirects to login screen otherwise
 2019-03-23 14:12:46 -07:00
Johannes Zellner
13fac3072d Support username search in user listing api 2019-01-15 17:21:40 +01:00
Johannes Zellner
3470252768 Add user pagination to rest api 2019-01-14 16:39:20 +01:00
Girish Ramakrishnan
eed8f109bc operator check is now directly based on edition type 2018-10-30 20:26:22 -07:00
Girish Ramakrishnan
91a1bc7a01 move verifyOperator to users routes 2018-09-06 00:10:09 -07:00
Girish Ramakrishnan
43055da614 Add route to let admin set user password 2018-08-31 14:35:01 -07:00
Johannes Zellner
f05df7cfef Allow set admin flag on user creation 2018-08-21 17:12:46 +02:00
Girish Ramakrishnan
6a1a697820 Split the invite route into two 2018-08-17 16:27:29 -07:00
Girish Ramakrishnan
554006683e Only unset of admin flag is disallowed 2018-07-26 23:43:44 -07:00
Girish Ramakrishnan
78a2176d1d Make admin simply a boolean instead of group 
This simplifies a lot of logic. Keeping an admin group has no benefit
 2018-07-26 22:29:57 -07:00
Girish Ramakrishnan
6810c61e58 Add audit event for ownership transfer 2018-07-05 13:51:22 -07:00
Girish Ramakrishnan
9978dff627 Add API to set and transfer ownership 2018-06-28 16:48:04 -07:00
Girish Ramakrishnan
ff5bd42bef remove mostly dead comment 2018-06-28 14:19:56 -07:00
Girish Ramakrishnan
f932f8b3d3 Add user management scope 
This splits the user and groups API into those who have just 'read' access
and those who have 'manage' access.
 2018-06-25 16:10:00 -07:00
Girish Ramakrishnan
8a84872704 Wrong password logs out the user 2018-06-18 18:52:35 -07:00
Girish Ramakrishnan
7f3114e67d Rename to get/setMembership (to indicate IDs and not group objects 2018-06-18 13:57:17 -07:00
Girish Ramakrishnan
db8b6838bb Move skip password verification logic to accesscontrol.js 2018-06-17 15:20:27 -07:00
Girish Ramakrishnan
e8d9597345 Fix various error codes 
401 - bad password/wrong password
403 - authenticated but not authorized
409 - conflict
 2018-06-15 23:15:30 -07:00
Girish Ramakrishnan
89b41b11a4 Remove bogus accesscontrol logic 2018-06-15 16:26:14 -07:00
Girish Ramakrishnan
4369b3046e Make options non-optional 2018-06-11 15:14:59 -07:00
Girish Ramakrishnan
d752ef5fad Move password generation logic to model code 2018-06-11 13:06:08 -07:00
Girish Ramakrishnan
23bc0e8db7 Remove SDK Role 
Just compare with the token's clientId instead
 2018-04-30 23:03:30 -07:00
Girish Ramakrishnan
bc4f9cf596 Remove redundant requireAdmin 
We already hand out scopes based on the user's access control
 2018-04-30 21:38:48 -07:00
Girish Ramakrishnan
b5f8ca6c16 Fix nasssty typo 2018-04-29 17:50:12 -07:00
Girish Ramakrishnan
3b7bcc1f61 refactor scopes into accesscontrol.js 
this will be our authorization layer for oauth and non-oauth tokens.
 2018-04-29 17:50:07 -07:00
Girish Ramakrishnan
d8acf92929 UserError -> UsersError 2018-04-29 11:22:15 -07:00
Girish Ramakrishnan
4fd58fb46b Rename user.js to users.js 2018-04-29 11:19:04 -07:00