* Create AdminCapabilities in admin-panel module
* Add `adminRolesEnabled` setting
* Use `PermissionsController.requirePermission` in admin-panel routes
* Update `adminCapabilities` to be an array
* Update frontend tests
* Rename `defaultAdminCapabilities` to `fullAdminCapabilities`
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Add tests to PermissionsManagerTests.js
* Get admin roles and capabilities from the database
* Add tests to admin-panel
* Fixup PermissionsManagerTests.js without admin-panel module
* Revert "Use `PermissionsController.requirePermission` in admin-panel routes"
This reverts commit ccbf3e3e3bca9239b786c662cba2ac6bd2f4117a.
* Revert "Fixup PermissionsManagerTests.js without admin-panel module"
This reverts commit 6d7ad207bb17c5ca4c12c489d4636a02c608926d.
* Revert "Add tests to PermissionsManagerTests.js"
This reverts commit 8f9cc911750911e1c4b74b631d8c8a1b1ca86630.
* Fix tests after the reverts
* Replace capabilities to more sensible examples ('modify-user-email' and 'view-project')
* Set `adminRolesEnabled: false` for now
* Return `[]` capabilities for non-admins
* Misc: types, test description, settings ordering
* Small refactor of AdminPermissions.mjs:
Reuse code with `getMissingCapabilities`
Throw when `requiredCapabilities` is empty
* Update tests after update
* Rename `checkAdminPermissions` to `hasAdminPermissions`
* Change role permissions to array instead of object
* Remove admin capabilities when `!Settings.adminPrivilegeAvailable`
* Return `[]` if there is no user id
* Throw if `user?._id` is missing
* Update services/web/modules/admin-panel/app/src/AdminPermissions.mjs
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Adjust to ForbiddenError constructor syntax
* Give empty capabilities for unknown role, update tests
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 1eec4f6a45e1cc3ae76a3a4603cec1ceba1c2322
* Add types on existing Capabilities code
* Add ts-expect-error comments
* Minor code changes to satisfy types
* Remove ts-check because of unrelated errors
* Remove some ts-expect-error comments
* Revert "Remove some ts-expect-error comments"
This reverts commit 76cc0a073710eecf4f8b88f8579405838607f4d5.
* Remove the `@ts-check`s for now
It looks like typescript is somewhat flaky. We can re-enable this later
* Remove the `@ts-expect-error`s
* Remove return type
GitOrigin-RevId: 57bbd370654592c0662047e72e61f91bf38e0949
[web] Stop sending any event when trial changes to active for Stripe subscription on `customer.subscription.updated` stripe webhook event type
GitOrigin-RevId: 11256878cd2828036aad3130a05ad36d95466199
[web] Simulate sending `payment-page-form-success` event when user successfully subscribe using Stripe
GitOrigin-RevId: 82243fc16d3410670e4e6e9c0ccd487a5f2253a3
* Rename `suppressGoogleAnalytics` to `suppressAnalytics`
* Add Propensity script
* Add LinkedIn Insight Tag script
* Version the cookie to prevent adding unconsented tracking
* Move tracking loaders to Typescript, insert them in foot_scripts.pug
* Show the cookie-banner when tracking other than GA is set
* Revert `oa` cookie versioning
* Remove `async` from propensity script
* Use shared tracking loader for Hotjar, LinkedIn, and Propensity
* Reusable `insertScript`
* Remove tracking-linkedin
* Test the scripts by adding fake ids
* Revert "Test the scripts by adding fake ids"
This reverts commit 50759bb6b40fd2684d1b967d83dd71e8517c3de9.
GitOrigin-RevId: 2a7b36bfc70ac1fc983f837dd4693a19a385cbc6
[web] Send analytics events and user properties when user's subscription is renewed with the same plan
GitOrigin-RevId: c21436d942e8b1a2b8c9fca5827826bf0e8b8bdb
[web] Send analytics events and user properties for cancelled and reactivated event in Stripe subscription
GitOrigin-RevId: 07a4e6395be334c90910b5d421624c4daa703d3b
* [clsi-cache] shard per zone into three instances
Keep the old instance as read fallback. We can remove it in 4 days.
Disk size: 2Ti gives us the maximum write throughput of 240MiB/s on a
N2D instance with fewer than 8 vCPUs.
* [clsi] fix format
* [k8s] clsi-cache: bring back storage-classes
* [k8s] clsi-cache: fix reference to zonal storage-classes
* [k8s] clsi-cache: add logging configs
* [clsi] improve sharding
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
* [clsi] fix sharding
Index needs to be positive.
* [clsi] fix sharding
The random part is static per machine/process.
* [clsi] restrict clsi-cache to user projects
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
* [k8s] clsi-cache: align CLSI_CACHE_NGINX_HOST with service LB
---------
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
GitOrigin-RevId: 1efb1b3245c8194c305420b25e774ea735251fb3