Fixes#3412
Previously the only way to restrict the domains for a Team were with the ALLOWED_DOMAINS environment variable for self hosted instances.
This PR migrates this to be a database backed setting on the Team object. This is done through the creation of a TeamDomain model that is associated with the Team and contains the domain name
This settings is updated on the Security Tab. Here domains can be added or removed from the Team.
On the server side, we take the code paths that previously were using ALLOWED_DOMAINS and switched them to use the Team allowed domains instead
* feat: Add user flags concept, for tracking bits on a user
* feat: Example flag usage for user invite resend abuse
* wip
* test
* fix: Set correct flag
This PR moves the entire project to Typescript. Due to the ~1000 ignores this will lead to a messy codebase for a while, but the churn is worth it – all of those ignore comments are places that were never type-safe previously.
closes#1282
* fix: Add application/octet-stream as a valid mimetype for docx uploads
* fix: Include application/octet-stream in frontend filter
fix: Add file size and file type guards
* Validate .docx extension in files with application/octet-stream mimetype
* refactor: Move MAXIMUM_IMPORT_SIZE to an optional environment config
fix: Add file size check on server too
Co-authored-by: Saumya Pandey <sp160899@gmail.com>
* fix: Enforce single team when self hosting
* test: positive case
* refactor
* fix: Visible error message on login screen for max teams scenario
* Update Notices.js
* lint
- Added `accountProvisioner`
- Move authentication to use passport strategies
- Make authentication more pluggable
- Change language of services -> providers
closes#1120
* Support importing .docx as new documents
* Add html file support, build types and interface for easily adding file types to importer
* fix: Upload embedded images in docx to storage
* refactor: Bulk of logic to command
* refactor: Do all importing on server, so we're not splitting logic for import into two places
* test: Add documentImporter tests
Co-authored-by: Lance Whatley <whatl3y@gmail.com>
* Upgrade pg and sequelize to support node 14+
When Node 14 came out the app was incompatible, we should always have a maximum version defined here until the server code has been tested to prove compatibility
Co-authored-by: Lance Whatley <whatl3y@gmail.com>
* add migrations
* first pass at API
* feat: Updated share dialog UI
* tests
* test
* styling tweaks
* feat: Show share state on document
* fix: Allow publishing share links for draft docs
* test: shares.info
* WIP - got one API test to pass yay
* adds group update endpoint
* added group policies
* adds groups.list API
* adds groups.info
* remove comment
* WIP
* tests for delete
* adds group membership list
* adds tests for groups list
* add and remove user endpoints for group
* ask some questions
* fix up some issues around primary keys
* remove export from group permissions
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* remove random file
* only create events on actual updates, add tests to ensure
* adds uniqueness validation to group name
* throw validation errors on model and let it pass through the controller
* fix linting
* WIP
* WIP
* WIP
* WIP
* WIP basic edit and delete
* basic CRUD for groups and memberships in place
* got member counts working
* add member count and limit the number of users sent over teh wire to 6
* factor avatar with AvatarWithPresence into its own class
* wip
* WIP avatars in group lists
* WIP collection groups
* add and remove group endpoints
* wip add collection groups
* wip get group adding to collections to work
* wip get updating collection group memberships to work
* wip get new group modal working
* add tests for collection index
* include collection groups in the withmemberships scope
* tie permissions to group memberships
* remove unused import
* Update app/components/GroupListItem.js
update title copy
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update server/migrations/20191211044318-create-groups.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update server/api/groups.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update server/api/groups.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/menus/CollectionMenu.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update server/models/Group.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* minor fixes
* Update app/scenes/CollectionMembers/AddGroupsToCollection.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/menus/GroupMenu.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/menus/GroupMenu.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/menus/GroupMenu.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/scenes/Collection.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/scenes/CollectionMembers/CollectionMembers.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/scenes/GroupNew.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/scenes/GroupNew.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/scenes/Settings/Groups.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update server/api/documents.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* Update app/scenes/CollectionMembers/components/CollectionGroupMemberListItem.js
Co-Authored-By: Tom Moor <tom.moor@gmail.com>
* address comments
* WIP - getting websocket stuff up and running
* socket event for group deletion
* wrapped up cascading deletes
* lint
* flow
* fix: UI feedback
* fix: Facepile size
* fix: Lots of missing await's
* Allow clicking facepile on group list item to open members
* remove unused route push, grammar
* fix: Remove bad analytics events
feat: Add group events to audit log
* collection. -> collections.
* Add groups to entity websocket events (sync create/update/delete) between clients
* fix: Users should not be able to see groups they are not a member of
* fix: Not caching errors in UI when changing group memberships
* fix: Hide unusable UI
* test
* fix: Tweak language
* feat: Automatically open 'add member' modal after creating group
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* save images as private and serve via signed url from images.info api
* download private images to directory on export
* fix lint errors
* private s3 default, AWS.s3 module level scope, default s3 url expiry
* combine regex to one, and only replace when there are matches
* fix lint
* code not needed anymore, remove
* updates after pulling master
* revert the uploadToS3FromUrl url return
* use model gettr to compact code, rename to attachments api
* basic checking of document read permission to allow attachment viewing
* fix: Continue to upload avatars as public
fix: Allow redirect for non-private attachments
* add support for publicly shared documents
* catch errors which crash the app during zip export and user creation
* add tests
* enable AWS signature v4 for s3
* switch to use factories to build models for testing
* add isDocker flag for local serving of attachment redirect url
* fix redirect tests
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* feat: Record events in DB
* feat: events API
* First pass, hacky activity feed
* WIP
* Reset dashboard
* feat: audit log UI
feat: store ip address
* chore: Document events.list api
* fix: command specs
* await event create
* fix: backlinks service
* tidy
* fix: Hide audit log menu item if not admin
* feat: New onboarding documents
* Images -> blocks
* Add tips
* test: removes assumptions of welcome documents
this actually results in the tests being much more understandable too
* add db flag when document was created from welcome flow
