jjkiers/cloudron-box - cloudron-box - Gitea

jjkiers/cloudron-box

Author	SHA1	Message	Date
Girish Ramakrishnan	6907475f7a	Add app management scope This splits the apps API into those who have just 'read' access and those who have 'manage' access.	2018-06-26 08:56:30 -07:00
Girish Ramakrishnan	f932f8b3d3	Add user management scope This splits the user and groups API into those who have just 'read' access and those who have 'manage' access.	2018-06-25 16:10:00 -07:00
Girish Ramakrishnan	7ab5d5e50d	Add domain management scope This splits the domains API into those who have just 'read' access (i.e without configuration details) and those who have 'manage' access.	2018-06-25 15:12:22 -07:00
Girish Ramakrishnan	60ed290179	validate role names against existing roles	2018-06-18 17:32:07 -07:00
Girish Ramakrishnan	6cd0601629	Map group roles to scopes	2018-06-18 14:52:39 -07:00
Girish Ramakrishnan	b6b7d08af3	Rename to accesscontrol.canonicalScopeString	2018-06-17 22:43:42 -07:00
Girish Ramakrishnan	6a2dacb08a	Make intersectScopes take an array	2018-06-17 22:39:33 -07:00
Girish Ramakrishnan	1015b0ad9c	validateScope -> validateScopeString	2018-06-17 22:29:17 -07:00
Girish Ramakrishnan	ad6bc191f9	Make hasScopes take an array	2018-06-17 21:06:17 -07:00
Girish Ramakrishnan	682f7a710c	Add an appstore scope for subscription settings	2018-06-17 18:09:13 -07:00
Girish Ramakrishnan	156ffb40c9	Remove scope from users.get	2018-06-17 16:07:20 -07:00
Girish Ramakrishnan	24b0a96f07	Move passport logic to routes	2018-06-15 17:32:40 -07:00
Girish Ramakrishnan	a1ac7f2ef9	Remove support for authenticating non-oauth2 clients via BasicStrategy This is not used anywhere	2018-06-15 15:38:58 -07:00
Girish Ramakrishnan	6aef9213aa	Add notes on the various strategies	2018-06-15 15:38:53 -07:00
Girish Ramakrishnan	a77d45f5de	Add rolesJson to groups table This will contain the roles ('role definition') of a group of users. We will internally map these to our API scopes.	2018-06-14 22:54:52 -07:00
Girish Ramakrishnan	8795da5d20	Allow subscopes We can now have scopes as apps:read, apps:write etc	2018-06-14 20:56:04 -07:00
Girish Ramakrishnan	dc86b0f319	validateRequestedScopes -> hasScopes	2018-06-14 20:31:48 -07:00
Girish Ramakrishnan	f7089c52ff	normalizeScope -> intersectScope	2018-06-14 20:23:56 -07:00
Girish Ramakrishnan	62793ca7b3	Add accesscontrol.canonicalScope tests	2018-06-14 20:17:59 -07:00
Girish Ramakrishnan	f09e8664d1	Return canonical scope in REST responses The '*' scope is purely an implementation detail. It cannot be requested as such.	2018-05-02 12:36:41 -07:00
Girish Ramakrishnan	f1abb2149d	gravatar url is already generated client side	2018-05-01 14:30:48 -07:00
Girish Ramakrishnan	8c4015851a	merge auth.js into accesscontrol.js	2018-05-01 14:03:10 -07:00
Girish Ramakrishnan	d5b594fade	return the scope as part of the user profile send canonical scope in the profile response	2018-05-01 13:25:47 -07:00
Girish Ramakrishnan	c5ffb65563	Fix usage of normalizeScope	2018-05-01 13:21:53 -07:00
Girish Ramakrishnan	23bc0e8db7	Remove SDK Role Just compare with the token's clientId instead	2018-04-30 23:03:30 -07:00
Girish Ramakrishnan	240ee5f563	Ensure we hand out max user.scope The token.scope was valid at token creation time. The user's scope could since have changed (maybe we got kicked out of a group).	2018-04-30 22:51:57 -07:00
Girish Ramakrishnan	61d803f528	Use SCOPE_ANY everywhere	2018-04-30 21:44:24 -07:00
Girish Ramakrishnan	bc4f9cf596	Remove redundant requireAdmin We already hand out scopes based on the user's access control	2018-04-30 21:38:48 -07:00
Girish Ramakrishnan	9789966017	Set the scope for a token basedon what the user has access to	2018-04-30 21:21:18 -07:00
Girish Ramakrishnan	91e846d976	Add SCOPE_DOMAINS	2018-04-29 18:11:33 -07:00
Girish Ramakrishnan	3b7bcc1f61	refactor scopes into accesscontrol.js this will be our authorization layer for oauth and non-oauth tokens.	2018-04-29 17:50:07 -07:00