jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
6,921 Commits 33 Branches 583 Tags
ef5dc7311f790e1da526c5f3836a4a2f024df514
Commit Graph

892 Commits

Author SHA1 Message Date
Girish Ramakrishnan 554006683e Only unset of admin flag is disallowed 2018-07-26 23:43:44 -07:00
Girish Ramakrishnan 78a2176d1d Make admin simply a boolean instead of group 
This simplifies a lot of logic. Keeping an admin group has no benefit
 2018-07-26 22:29:57 -07:00
Girish Ramakrishnan b4d5def56d Revert role support 2018-07-26 13:23:06 -07:00
Girish Ramakrishnan 0cb03e3789 Add REST route for platform config 
Fixes #566
 2018-07-25 14:09:15 -07:00
Girish Ramakrishnan c09ae963e9 merge set/addDnsRecords 
This also makes the update mail domain route redundant
 2018-07-25 10:51:21 -07:00
Girish Ramakrishnan c063267c72 Split setting of dns records from mail config route 
This allows us to enable email server but not setup the dns records
yet. Useful for importing existing mailboxes from another server
without adjusting the DNS.
 2018-07-25 10:29:28 -07:00
Girish Ramakrishnan 6be062f8fd Return empty object for angular 2018-07-24 22:19:34 -07:00
Girish Ramakrishnan 6810c61e58 Add audit event for ownership transfer 2018-07-05 13:51:22 -07:00
Johannes Zellner 8a1de81284 Cleanup sysadmin backup trigger test to only test for backup start event 2018-06-30 14:33:51 +02:00
Johannes Zellner b1b848de21 Support configuring alternateDomains for apps 2018-06-29 23:14:06 +02:00
Girish Ramakrishnan 35c9e99102 Move the update info into separate route (since it is sensitive) 2018-06-28 17:50:27 -07:00
Girish Ramakrishnan cab9bc3a61 Unify the config routes into /api/v1/config 
No more separate config routes for different types of user
 2018-06-28 17:40:57 -07:00
Girish Ramakrishnan 712c920b86 Move caas config to separate route 2018-06-28 17:28:46 -07:00
Girish Ramakrishnan 9978dff627 Add API to set and transfer ownership 2018-06-28 16:48:04 -07:00
Girish Ramakrishnan ff5bd42bef remove mostly dead comment 2018-06-28 14:19:56 -07:00
Girish Ramakrishnan dfa318e898 Add ownerId for apps 
This tracks who installed the app.
 2018-06-28 14:13:12 -07:00
Girish Ramakrishnan 38977858aa When issuing token intersect with the existing user roles 
Also:
* Move token validation to accesscontrol.js
* Use clients.addTokenByUserId everywhere
 2018-06-28 00:07:43 -07:00
Girish Ramakrishnan ce4424d115 debug out the scope 2018-06-27 13:54:10 -07:00
Girish Ramakrishnan 6907475f7a Add app management scope 
This splits the apps API into those who have just 'read' access
and those who have 'manage' access.
 2018-06-26 08:56:30 -07:00
Girish Ramakrishnan 9bf93b026b rename to removeInternalFields 2018-06-25 16:40:16 -07:00
Girish Ramakrishnan f932f8b3d3 Add user management scope 
This splits the user and groups API into those who have just 'read' access
and those who have 'manage' access.
 2018-06-25 16:10:00 -07:00
Girish Ramakrishnan 7ab5d5e50d Add domain management scope 
This splits the domains API into those who have just 'read' access
(i.e without configuration details) and those who have 'manage' access.
 2018-06-25 15:12:22 -07:00
Girish Ramakrishnan 74b1df17c0 Fix groups test and route to make name optional 2018-06-20 09:31:50 -07:00
Girish Ramakrishnan 7880a2f9c3 API returns 403 for incorrect password 2018-06-20 09:27:24 -07:00
Girish Ramakrishnan 8a84872704 Wrong password logs out the user 2018-06-18 18:52:35 -07:00
Girish Ramakrishnan 5d13cc363f Allow group name to be changed 2018-06-18 18:30:40 -07:00
Girish Ramakrishnan ff73bc121f Make tokenScope plural 2018-06-18 15:10:02 -07:00
Girish Ramakrishnan 6cd0601629 Map group roles to scopes 2018-06-18 14:52:39 -07:00
Girish Ramakrishnan 7f3114e67d Rename to get/setMembership (to indicate IDs and not group objects 2018-06-18 13:57:17 -07:00
Girish Ramakrishnan 1dbcf2a46a Rename to groups.update 2018-06-18 13:41:27 -07:00
Girish Ramakrishnan 898cbd01b3 tokens table always has canonical scope 2018-06-17 23:11:36 -07:00
Girish Ramakrishnan b6b7d08af3 Rename to accesscontrol.canonicalScopeString 2018-06-17 22:43:42 -07:00
Girish Ramakrishnan 6a2dacb08a Make intersectScopes take an array 2018-06-17 22:39:33 -07:00
Girish Ramakrishnan ad6bc191f9 Make hasScopes take an array 2018-06-17 21:06:17 -07:00
Girish Ramakrishnan f24a099e79 Remove user.admin property 
The UI will now base itself entirely off the scopes of the token
 2018-06-17 16:49:56 -07:00
Girish Ramakrishnan 156ffb40c9 Remove scope from users.get 2018-06-17 16:07:20 -07:00
Girish Ramakrishnan db8b6838bb Move skip password verification logic to accesscontrol.js 2018-06-17 15:20:27 -07:00
Girish Ramakrishnan c3631350cf We can skip user.scope here since we will intersect at access time anyway 2018-06-17 15:11:10 -07:00
Girish Ramakrishnan 669a1498aa Do not dump token in logs 2018-06-17 15:01:42 -07:00
Girish Ramakrishnan e8d9597345 Fix various error codes 
401 - bad password/wrong password
403 - authenticated but not authorized
409 - conflict
 2018-06-15 23:15:30 -07:00
Girish Ramakrishnan 24b0a96f07 Move passport logic to routes 2018-06-15 17:32:40 -07:00
Girish Ramakrishnan 858ffcec72 Add note 2018-06-15 17:04:18 -07:00
Girish Ramakrishnan 05a8911cca condense the comments 2018-06-15 16:56:35 -07:00
Girish Ramakrishnan 89b41b11a4 Remove bogus accesscontrol logic 2018-06-15 16:26:14 -07:00
Girish Ramakrishnan 0a0884bf93 lint 2018-06-15 16:10:06 -07:00
Girish Ramakrishnan 2e92172794 Do not dump the entire token 2018-06-15 14:56:52 -07:00
Girish Ramakrishnan 042ea081a0 Typo 2018-06-15 14:35:52 -07:00
Girish Ramakrishnan 02d5d2f808 Add API to add and update the group roles 2018-06-15 00:28:27 -07:00
Girish Ramakrishnan a77d45f5de Add rolesJson to groups table 
This will contain the roles ('role definition') of a group of
users. We will internally map these to our API scopes.
 2018-06-14 22:54:52 -07:00
Girish Ramakrishnan dc86b0f319 validateRequestedScopes -> hasScopes 2018-06-14 20:31:48 -07:00