Commit Graph

159 Commits

Author SHA1 Message Date
Ritchie Martori 5a154072a1 Merge pull request #96 from strongloop/feature/config
Make all app config values available from `app.get()`
2013-12-12 16:01:43 -08:00
Ritchie Martori 591ed86444 Merge pull request #97 from strongloop/bug/check-access
Dont attempt access checking on models without a check access method
2013-12-12 16:01:33 -08:00
Ritchie Martori 4619a143f5 Dont attempt access checking on models without a check access method 2013-12-11 19:46:56 -08:00
Ritchie Martori ea7c9216d7 App config settings are now available from app.get() 2013-12-11 19:31:16 -08:00
Ritchie Martori b62b8fa47d Fix user not allowed to delete itself if user
**Note: the only code required for the fix is in role.js:203**. The
other changes are to help organize debug output.
2013-12-11 19:15:19 -08:00
Ritchie Martori ad58a8ec13 Only look at cookies if they are available 2013-12-11 16:43:23 -08:00
Raymond Feng 0f86f69880 Remove the empty comment and set default token 2013-12-11 16:21:37 -08:00
Raymond Feng 97dc0aa441 Refactor to the code use wrapper classes
Add AccessContext, Principal, and AccessRequest
Add debug information
2013-12-11 16:03:48 -08:00
Raymond Feng 178674ec9a Enhance getRoles() to support smart roles 2013-12-11 09:06:21 -08:00
Raymond Feng 82eeaeee6b Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-10 23:33:57 -08:00
Ritchie Martori 4560ec0964 Various ACL fixes 2013-12-10 21:49:18 -08:00
Ritchie Martori b0f51e20f7 Add user default ACLs 2013-12-10 19:43:59 -08:00
Ritchie Martori dfcb43e613 Allow requests without auth tokens 2013-12-10 15:57:55 -08:00
Ritchie Martori e7cc30ee03 Fix base class not being actual base class 2013-12-09 17:11:01 -08:00
Raymond Feng 7f51c28539 Fix the ACL resolution against rules by matching score 2013-12-09 15:26:53 -08:00
Ritchie Martori af2b8dd4ff Merge feature/password-reset 2013-12-06 17:35:14 -08:00
Ritchie Martori 216fee3015 Add access type checking 2013-12-06 17:04:47 -08:00
Ritchie Martori bc27f07472 Add Model.requireToken for disabling token requirement 2013-12-06 12:09:52 -08:00
Ritchie Martori 4c69af5ae2 Add Model.requireToken, default swagger to false 2013-12-06 12:00:18 -08:00
Ritchie 68ef03e944 SLA-725 support PORT and HOST environment for PaaS support 2013-12-05 20:00:09 -08:00
Ritchie Martori 0987adfd5f Merge pull request #64 from strongloop/auth
Initial auth implementation
2013-12-02 17:20:42 -08:00
Ritchie Martori 5cd71cee6b Use loopback.AccessToken as default 2013-12-02 17:16:43 -08:00
Ritchie Martori 2c36935404 Fix missing assert 2013-12-02 16:37:42 -08:00
Ritchie Martori 2f9403016c Initial auth implementation 2013-11-22 12:26:59 -08:00
Raymond Feng 52b1588152 Merge pull request #74 from strongloop/acl
More ACL features
2013-11-20 14:30:40 -08:00
Ritchie Martori e92c46a4e4 Add password reset 2013-11-20 14:20:47 -08:00
Ritchie Martori aaa8423257 Fix minor autoWiring bugs 2013-11-20 14:18:54 -08:00
Raymond Feng 344c74297c Add unauthenticated role 2013-11-20 13:43:02 -08:00
Raymond Feng bee8a3b022 Add checkAccess for subject and token 2013-11-20 13:43:01 -08:00
Raymond Feng 2c7c5fc7ec Start to support smart roles such as owner 2013-11-20 13:43:01 -08:00
Ritchie Martori 3753c15b71 Merge pull request #71 from strongloop/feature/status-middleware
Add status middleware
2013-11-19 13:15:57 -08:00
Ritchie Martori e5a55846e8 Merge pull request #69 from strongloop/datasource-auto-wiring
Initial auto wiring for model dataSources
2013-11-19 13:11:54 -08:00
Ritchie Martori fd7dd7e4a2 Add status middleware 2013-11-19 12:54:30 -08:00
Ritchie Martori 9db8a7a25f Auto attach all models created 2013-11-19 12:23:02 -08:00
Miroslav Bajtos 7d60b2dea6 Add loopback.urlNotFound() middleware.
The middleware should be used as the last 3-parameter middleware (regular
request handles) before any 4-parameter middleware (error handlers).

This way a request to an URL not handled by any middleware is converted to
a 404 error that can be handled by whatever error handling strategy is
configured in the application.

See senchalabs/connect#954 for more details.
2013-11-19 20:27:49 +01:00
Ritchie Martori 178e5dab30 Remove .attachTo() from tests 2013-11-19 11:02:43 -08:00
Ritchie Martori da0545bed6 Initial auto wiring for model dataSources 2013-11-18 16:13:40 -08:00
Ritchie Martori ec58237f8a Add public flag checking 2013-11-18 12:52:00 -08:00
Raymond Feng 9fddbc3834 Switch to modelBuilder 2013-11-15 11:16:20 -08:00
Raymond Feng 44dfe34647 Allow ACLs for methods/relations 2013-11-15 10:08:49 -08:00
Raymond Feng 8381b05da1 Allows LDL level ACLs 2013-11-15 09:41:26 -08:00
Raymond Feng 8e679d0927 Fix the permission resolution 2013-11-14 21:19:57 -08:00
Raymond Feng cc7560b258 Simplify check permission 2013-11-14 21:19:57 -08:00
Raymond Feng 94f12d0fce Fix the permission check 2013-11-14 21:19:57 -08:00
Raymond Feng be3c40c3d3 Add oauth2 related models 2013-11-14 21:19:56 -08:00
Raymond Feng be32341467 Add a stub to register role resolvers 2013-11-14 21:19:56 -08:00
Raymond Feng 660ef89755 Merge ScopeACL into ACL 2013-11-14 21:19:56 -08:00
Raymond Feng 0430cd2ae3 Add tests for isInRole and getRoles 2013-11-14 21:19:56 -08:00
Raymond Feng c3a1a85159 Add constants and more tests 2013-11-14 21:19:56 -08:00
Raymond Feng 48a0242711 Define the models/relations for ACL 2013-11-14 21:19:56 -08:00