jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
6,826 Commits 33 Branches 583 Tags
9bf93b026ba20f73e4eb754371637843f3cc15e6
Commit Graph

30 Commits

Author SHA1 Message Date
Girish Ramakrishnan f932f8b3d3 Add user management scope 
This splits the user and groups API into those who have just 'read' access
and those who have 'manage' access.
 2018-06-25 16:10:00 -07:00
Girish Ramakrishnan 7ab5d5e50d Add domain management scope 
This splits the domains API into those who have just 'read' access
(i.e without configuration details) and those who have 'manage' access.
 2018-06-25 15:12:22 -07:00
Girish Ramakrishnan 60ed290179 validate role names against existing roles 2018-06-18 17:32:07 -07:00
Girish Ramakrishnan 6cd0601629 Map group roles to scopes 2018-06-18 14:52:39 -07:00
Girish Ramakrishnan b6b7d08af3 Rename to accesscontrol.canonicalScopeString 2018-06-17 22:43:42 -07:00
Girish Ramakrishnan 6a2dacb08a Make intersectScopes take an array 2018-06-17 22:39:33 -07:00
Girish Ramakrishnan 1015b0ad9c validateScope -> validateScopeString 2018-06-17 22:29:17 -07:00
Girish Ramakrishnan ad6bc191f9 Make hasScopes take an array 2018-06-17 21:06:17 -07:00
Girish Ramakrishnan 682f7a710c Add an appstore scope for subscription settings 2018-06-17 18:09:13 -07:00
Girish Ramakrishnan 156ffb40c9 Remove scope from users.get 2018-06-17 16:07:20 -07:00
Girish Ramakrishnan 24b0a96f07 Move passport logic to routes 2018-06-15 17:32:40 -07:00
Girish Ramakrishnan a1ac7f2ef9 Remove support for authenticating non-oauth2 clients via BasicStrategy 
This is not used anywhere
 2018-06-15 15:38:58 -07:00
Girish Ramakrishnan 6aef9213aa Add notes on the various strategies 2018-06-15 15:38:53 -07:00
Girish Ramakrishnan a77d45f5de Add rolesJson to groups table 
This will contain the roles ('role definition') of a group of
users. We will internally map these to our API scopes.
 2018-06-14 22:54:52 -07:00
Girish Ramakrishnan 8795da5d20 Allow subscopes 
We can now have scopes as apps:read, apps:write etc
 2018-06-14 20:56:04 -07:00
Girish Ramakrishnan dc86b0f319 validateRequestedScopes -> hasScopes 2018-06-14 20:31:48 -07:00
Girish Ramakrishnan f7089c52ff normalizeScope -> intersectScope 2018-06-14 20:23:56 -07:00
Girish Ramakrishnan 62793ca7b3 Add accesscontrol.canonicalScope tests 2018-06-14 20:17:59 -07:00
Girish Ramakrishnan f09e8664d1 Return canonical scope in REST responses 
The '*' scope is purely an implementation detail. It cannot
be requested as such.
 2018-05-02 12:36:41 -07:00
Girish Ramakrishnan f1abb2149d gravatar url is already generated client side 2018-05-01 14:30:48 -07:00
Girish Ramakrishnan 8c4015851a merge auth.js into accesscontrol.js 2018-05-01 14:03:10 -07:00
Girish Ramakrishnan d5b594fade return the scope as part of the user profile 
send canonical scope in the profile response
 2018-05-01 13:25:47 -07:00
Girish Ramakrishnan c5ffb65563 Fix usage of normalizeScope 2018-05-01 13:21:53 -07:00
Girish Ramakrishnan 23bc0e8db7 Remove SDK Role 
Just compare with the token's clientId instead
 2018-04-30 23:03:30 -07:00
Girish Ramakrishnan 240ee5f563 Ensure we hand out max user.scope 
The token.scope was valid at token creation time. The user's scope
could since have changed (maybe we got kicked out of a group).
 2018-04-30 22:51:57 -07:00
Girish Ramakrishnan 61d803f528 Use SCOPE_ANY everywhere 2018-04-30 21:44:24 -07:00
Girish Ramakrishnan bc4f9cf596 Remove redundant requireAdmin 
We already hand out scopes based on the user's access control
 2018-04-30 21:38:48 -07:00
Girish Ramakrishnan 9789966017 Set the scope for a token basedon what the user has access to 2018-04-30 21:21:18 -07:00
Girish Ramakrishnan 91e846d976 Add SCOPE_DOMAINS 2018-04-29 18:11:33 -07:00
Girish Ramakrishnan 3b7bcc1f61 refactor scopes into accesscontrol.js 
this will be our authorization layer for oauth and non-oauth tokens.
 2018-04-29 17:50:07 -07:00