* Create AdminCapabilities in admin-panel module
* Add `adminRolesEnabled` setting
* Use `PermissionsController.requirePermission` in admin-panel routes
* Update `adminCapabilities` to be an array
* Update frontend tests
* Rename `defaultAdminCapabilities` to `fullAdminCapabilities`
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Add tests to PermissionsManagerTests.js
* Get admin roles and capabilities from the database
* Add tests to admin-panel
* Fixup PermissionsManagerTests.js without admin-panel module
* Revert "Use `PermissionsController.requirePermission` in admin-panel routes"
This reverts commit ccbf3e3e3bca9239b786c662cba2ac6bd2f4117a.
* Revert "Fixup PermissionsManagerTests.js without admin-panel module"
This reverts commit 6d7ad207bb17c5ca4c12c489d4636a02c608926d.
* Revert "Add tests to PermissionsManagerTests.js"
This reverts commit 8f9cc911750911e1c4b74b631d8c8a1b1ca86630.
* Fix tests after the reverts
* Replace capabilities to more sensible examples ('modify-user-email' and 'view-project')
* Set `adminRolesEnabled: false` for now
* Return `[]` capabilities for non-admins
* Misc: types, test description, settings ordering
* Small refactor of AdminPermissions.mjs:
Reuse code with `getMissingCapabilities`
Throw when `requiredCapabilities` is empty
* Update tests after update
* Rename `checkAdminPermissions` to `hasAdminPermissions`
* Change role permissions to array instead of object
* Remove admin capabilities when `!Settings.adminPrivilegeAvailable`
* Return `[]` if there is no user id
* Throw if `user?._id` is missing
* Update services/web/modules/admin-panel/app/src/AdminPermissions.mjs
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Adjust to ForbiddenError constructor syntax
* Give empty capabilities for unknown role, update tests
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
GitOrigin-RevId: 1eec4f6a45e1cc3ae76a3a4603cec1ceba1c2322
* [clsi-cache] initial revision of the clsi-cache service
* [clsi] send output files to clsi-cache and import from clsi-cache
* [web] pass editorId to clsi
* [web] clear clsi-cache when clearing clsi cache
* [web] add split-tests for controlling clsi-cache rollout
* [web] populate clsi-cache when cloning/creating project from template
* [clsi-cache] produce less noise when populating cache hits 404
* [clsi-cache] push docker image to AR
* [clsi-cache] push docker image to AR
* [clsi-cache] allow compileGroup in job payload
* [clsi-cache] set X-Zone header from latest endpoint
* [clsi-cache] use method POST for /enqueue endpoint
* [web] populate clsi-cache in zone b with template data
* [clsi-cache] limit number of editors per project/user folder to 10
* [web] clone: populate the clsi-cache unless the TeXLive release changed
* [clsi-cache] keep user folder when clearing cache as anonymous user
* [clsi] download old output.tar.gz when synctex finds empty compile dir
* [web] fix lint
* [clsi-cache] multi-zonal lookup of single build output
* [clsi-cache] add more validation and limits
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
* [clsi] do not include clsi-cache tar-ball in output.zip
* [clsi-cache] fix reference after remaining constant
Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
* [web] consolidate validation of filename into ClsiCacheHandler
* [clsi-cache] extend metrics and event tracking
- break down most of the clsi metrics by label
- compile=initial - new compile dir without previous output files
- compile=recompile - recompile in existing compile dir
- compile=from-cache - compile using previous clsi-cache
- extend segmentation on compile-result-backend event
- isInitialCompile=true - found new compile dir at start of request
- restoredClsiCache=true - restored compile dir from clsi-cache
* [clsi] rename metrics labels for download of clsi-cache
This is in preparation for synctex changes.
* [clsi] use constant for limit of entries in output.tar.gz
Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
* [clsi-cache] fix cloning of project cache
---------
Co-authored-by: Brian Gough <brian.gough@overleaf.com>
Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: 4901a65497af13be1549af7f38ceee3188fcf881
* [web] double down on validating email addresses
* [web] normalize emails in captcha middleware
* [web] add support for regex based allow-list for skipping captcha
* [web] skip captcha for trusted users on all actions
GitOrigin-RevId: a994ebf6b74e80f462d2dab1fe5113bbffa676a9
* Add overleaf assist paywall modal component in storybook
* update img alt
* remove data-action
* rename assistant -> assist
* use css var for blue color
* Open Overleaf assist paywall if in "overleaf-assist-bundle" split-test
* dont use optional planCode
* Open overleaf assist paywal via event listener
* rename to mainEditorLayoutModals
* call setAssistantUpgraded when modal is shown
* fix merge mistake
* fix lint error
* fix merge differences
GitOrigin-RevId: 0b3162a5c241d4dbe2773ae773c3e35f02c5c492
* Reapply "Remove spell check languages that are only available on the server (#21056)"
This reverts commit a2273a5ff2eeb5660ae992c41e67b7b936dc4e26.
GitOrigin-RevId: 2dfdf87acdf17db894e921fe754c1520df6f01c1
* add option to remove chat from backend
* make chat default to enabled
* Check chat is enabled in chat context
---------
Co-authored-by: mserranom <mserranom@gmail.com>
GitOrigin-RevId: 7dda09df4bb74007eb4b1272d4918155b5cddaf6
* Replace `LoginRateLimiter.processLoginRequest` call by use of `RateLimiterMiddleware`
* Lowercase the email to avoid rate-limit bypass
* Remove unit test "when the users rate limit"
* Use `EmailHelper.parseEmail` to normalize email in `processLoginRequest`
This should address the `trim()` bypass
* Use `.trim().toLowerCase()` instead of `EmailHelper.parseEmail`
We can't use `EmailHelper.parseEmail`, else it breaks the test (and feature): "with username that does not look like an email"
* Add acceptance test for rate limit
* Add comment on rate limits
* Rename `rateLimiter` to `rateLimiterLoginEmail` for clarity
* Make the login rate limits configurable from the settings
GitOrigin-RevId: cf1c3a416745f2b007c85014a5084570d4a049a7
