jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
7,126 Commits 33 Branches 583 Tags
de3845226e5ee35667f57f3b360a725ab8ccadba
Commit Graph

39 Commits

Author SHA1 Message Date
Girish Ramakrishnan
e0cd7999eb Make spaces an edition instead of setting 2018-08-28 18:31:48 -07:00
Girish Ramakrishnan
a0a523ae71 spaces: verify app ownership in app management routes 2018-08-03 17:35:58 -07:00
Girish Ramakrishnan
47c8700d42 make scopesForUser async 2018-08-03 09:34:19 -07:00
Girish Ramakrishnan
78a2176d1d Make admin simply a boolean instead of group 
This simplifies a lot of logic. Keeping an admin group has no benefit
 2018-07-26 22:29:57 -07:00
Girish Ramakrishnan
b4d5def56d Revert role support 2018-07-26 13:23:06 -07:00
Girish Ramakrishnan
38977858aa When issuing token intersect with the existing user roles 
Also:
* Move token validation to accesscontrol.js
* Use clients.addTokenByUserId everywhere
 2018-06-28 00:07:43 -07:00
Girish Ramakrishnan
6510240c0a Fix accesscontrol.intersectScopes 2018-06-27 18:08:38 -07:00
Girish Ramakrishnan
d66dc11f01 Make canonicalScopeString return sorted array 2018-06-27 14:07:25 -07:00
Girish Ramakrishnan
6907475f7a Add app management scope 
This splits the apps API into those who have just 'read' access
and those who have 'manage' access.
 2018-06-26 08:56:30 -07:00
Girish Ramakrishnan
f932f8b3d3 Add user management scope 
This splits the user and groups API into those who have just 'read' access
and those who have 'manage' access.
 2018-06-25 16:10:00 -07:00
Girish Ramakrishnan
7ab5d5e50d Add domain management scope 
This splits the domains API into those who have just 'read' access
(i.e without configuration details) and those who have 'manage' access.
 2018-06-25 15:12:22 -07:00
Girish Ramakrishnan
60ed290179 validate role names against existing roles 2018-06-18 17:32:07 -07:00
Girish Ramakrishnan
6cd0601629 Map group roles to scopes 2018-06-18 14:52:39 -07:00
Girish Ramakrishnan
b6b7d08af3 Rename to accesscontrol.canonicalScopeString 2018-06-17 22:43:42 -07:00
Girish Ramakrishnan
6a2dacb08a Make intersectScopes take an array 2018-06-17 22:39:33 -07:00
Girish Ramakrishnan
1015b0ad9c validateScope -> validateScopeString 2018-06-17 22:29:17 -07:00
Girish Ramakrishnan
ad6bc191f9 Make hasScopes take an array 2018-06-17 21:06:17 -07:00
Girish Ramakrishnan
682f7a710c Add an appstore scope for subscription settings 2018-06-17 18:09:13 -07:00
Girish Ramakrishnan
156ffb40c9 Remove scope from users.get 2018-06-17 16:07:20 -07:00
Girish Ramakrishnan
24b0a96f07 Move passport logic to routes 2018-06-15 17:32:40 -07:00
Girish Ramakrishnan
a1ac7f2ef9 Remove support for authenticating non-oauth2 clients via BasicStrategy 
This is not used anywhere
 2018-06-15 15:38:58 -07:00
Girish Ramakrishnan
6aef9213aa Add notes on the various strategies 2018-06-15 15:38:53 -07:00
Girish Ramakrishnan
a77d45f5de Add rolesJson to groups table 
This will contain the roles ('role definition') of a group of
users. We will internally map these to our API scopes.
 2018-06-14 22:54:52 -07:00
Girish Ramakrishnan
8795da5d20 Allow subscopes 
We can now have scopes as apps:read, apps:write etc
 2018-06-14 20:56:04 -07:00
Girish Ramakrishnan
dc86b0f319 validateRequestedScopes -> hasScopes 2018-06-14 20:31:48 -07:00
Girish Ramakrishnan
f7089c52ff normalizeScope -> intersectScope 2018-06-14 20:23:56 -07:00
Girish Ramakrishnan
62793ca7b3 Add accesscontrol.canonicalScope tests 2018-06-14 20:17:59 -07:00
Girish Ramakrishnan
f09e8664d1 Return canonical scope in REST responses 
The '*' scope is purely an implementation detail. It cannot
be requested as such.
 2018-05-02 12:36:41 -07:00
Girish Ramakrishnan
f1abb2149d gravatar url is already generated client side 2018-05-01 14:30:48 -07:00
Girish Ramakrishnan
8c4015851a merge auth.js into accesscontrol.js 2018-05-01 14:03:10 -07:00
Girish Ramakrishnan
d5b594fade return the scope as part of the user profile 
send canonical scope in the profile response
 2018-05-01 13:25:47 -07:00
Girish Ramakrishnan
c5ffb65563 Fix usage of normalizeScope 2018-05-01 13:21:53 -07:00
Girish Ramakrishnan
23bc0e8db7 Remove SDK Role 
Just compare with the token's clientId instead
 2018-04-30 23:03:30 -07:00
Girish Ramakrishnan
240ee5f563 Ensure we hand out max user.scope 
The token.scope was valid at token creation time. The user's scope
could since have changed (maybe we got kicked out of a group).
 2018-04-30 22:51:57 -07:00
Girish Ramakrishnan
61d803f528 Use SCOPE_ANY everywhere 2018-04-30 21:44:24 -07:00
Girish Ramakrishnan
bc4f9cf596 Remove redundant requireAdmin 
We already hand out scopes based on the user's access control
 2018-04-30 21:38:48 -07:00
Girish Ramakrishnan
9789966017 Set the scope for a token basedon what the user has access to 2018-04-30 21:21:18 -07:00
Girish Ramakrishnan
91e846d976 Add SCOPE_DOMAINS 2018-04-29 18:11:33 -07:00
Girish Ramakrishnan
3b7bcc1f61 refactor scopes into accesscontrol.js 
this will be our authorization layer for oauth and non-oauth tokens.
 2018-04-29 17:50:07 -07:00