Ritchie Martori
5a154072a1
Merge pull request #96 from strongloop/feature/config
...
Make all app config values available from `app.get()`
2013-12-12 16:01:43 -08:00
Ritchie Martori
591ed86444
Merge pull request #97 from strongloop/bug/check-access
...
Dont attempt access checking on models without a check access method
2013-12-12 16:01:33 -08:00
Ritchie Martori
4619a143f5
Dont attempt access checking on models without a check access method
2013-12-11 19:46:56 -08:00
Ritchie Martori
ea7c9216d7
App config settings are now available from app.get()
2013-12-11 19:31:16 -08:00
Ritchie Martori
b62b8fa47d
Fix user not allowed to delete itself if user
...
**Note: the only code required for the fix is in role.js:203**. The
other changes are to help organize debug output.
2013-12-11 19:15:19 -08:00
Ritchie Martori
ad58a8ec13
Only look at cookies if they are available
2013-12-11 16:43:23 -08:00
Raymond Feng
0f86f69880
Remove the empty comment and set default token
2013-12-11 16:21:37 -08:00
Raymond Feng
97dc0aa441
Refactor to the code use wrapper classes
...
Add AccessContext, Principal, and AccessRequest
Add debug information
2013-12-11 16:03:48 -08:00
Raymond Feng
178674ec9a
Enhance getRoles() to support smart roles
2013-12-11 09:06:21 -08:00
Raymond Feng
82eeaeee6b
Fix the algorithm for Role.isInRole and ACL.checkAccess
2013-12-10 23:33:57 -08:00
Ritchie Martori
4560ec0964
Various ACL fixes
2013-12-10 21:49:18 -08:00
Ritchie Martori
b0f51e20f7
Add user default ACLs
2013-12-10 19:43:59 -08:00
Ritchie Martori
dfcb43e613
Allow requests without auth tokens
2013-12-10 15:57:55 -08:00
Ritchie Martori
e7cc30ee03
Fix base class not being actual base class
2013-12-09 17:11:01 -08:00
Raymond Feng
7f51c28539
Fix the ACL resolution against rules by matching score
2013-12-09 15:26:53 -08:00
Ritchie Martori
af2b8dd4ff
Merge feature/password-reset
2013-12-06 17:35:14 -08:00
Ritchie Martori
216fee3015
Add access type checking
2013-12-06 17:04:47 -08:00
Ritchie Martori
bc27f07472
Add Model.requireToken for disabling token requirement
2013-12-06 12:09:52 -08:00
Ritchie Martori
4c69af5ae2
Add Model.requireToken, default swagger to false
2013-12-06 12:00:18 -08:00
Ritchie
68ef03e944
SLA-725 support PORT and HOST environment for PaaS support
2013-12-05 20:00:09 -08:00
Ritchie Martori
0987adfd5f
Merge pull request #64 from strongloop/auth
...
Initial auth implementation
2013-12-02 17:20:42 -08:00
Ritchie Martori
5cd71cee6b
Use loopback.AccessToken as default
2013-12-02 17:16:43 -08:00
Ritchie Martori
2c36935404
Fix missing assert
2013-12-02 16:37:42 -08:00
Ritchie Martori
2f9403016c
Initial auth implementation
2013-11-22 12:26:59 -08:00
Raymond Feng
52b1588152
Merge pull request #74 from strongloop/acl
...
More ACL features
2013-11-20 14:30:40 -08:00
Ritchie Martori
e92c46a4e4
Add password reset
2013-11-20 14:20:47 -08:00
Ritchie Martori
aaa8423257
Fix minor autoWiring bugs
2013-11-20 14:18:54 -08:00
Raymond Feng
344c74297c
Add unauthenticated role
2013-11-20 13:43:02 -08:00
Raymond Feng
bee8a3b022
Add checkAccess for subject and token
2013-11-20 13:43:01 -08:00
Raymond Feng
2c7c5fc7ec
Start to support smart roles such as owner
2013-11-20 13:43:01 -08:00
Ritchie Martori
3753c15b71
Merge pull request #71 from strongloop/feature/status-middleware
...
Add status middleware
2013-11-19 13:15:57 -08:00
Ritchie Martori
e5a55846e8
Merge pull request #69 from strongloop/datasource-auto-wiring
...
Initial auto wiring for model dataSources
2013-11-19 13:11:54 -08:00
Ritchie Martori
fd7dd7e4a2
Add status middleware
2013-11-19 12:54:30 -08:00
Ritchie Martori
9db8a7a25f
Auto attach all models created
2013-11-19 12:23:02 -08:00
Miroslav Bajtos
7d60b2dea6
Add loopback.urlNotFound() middleware.
...
The middleware should be used as the last 3-parameter middleware (regular
request handles) before any 4-parameter middleware (error handlers).
This way a request to an URL not handled by any middleware is converted to
a 404 error that can be handled by whatever error handling strategy is
configured in the application.
See senchalabs/connect#954 for more details.
2013-11-19 20:27:49 +01:00
Ritchie Martori
178e5dab30
Remove .attachTo() from tests
2013-11-19 11:02:43 -08:00
Ritchie Martori
da0545bed6
Initial auto wiring for model dataSources
2013-11-18 16:13:40 -08:00
Ritchie Martori
ec58237f8a
Add public flag checking
2013-11-18 12:52:00 -08:00
Raymond Feng
9fddbc3834
Switch to modelBuilder
2013-11-15 11:16:20 -08:00
Raymond Feng
44dfe34647
Allow ACLs for methods/relations
2013-11-15 10:08:49 -08:00
Raymond Feng
8381b05da1
Allows LDL level ACLs
2013-11-15 09:41:26 -08:00
Raymond Feng
8e679d0927
Fix the permission resolution
2013-11-14 21:19:57 -08:00
Raymond Feng
cc7560b258
Simplify check permission
2013-11-14 21:19:57 -08:00
Raymond Feng
94f12d0fce
Fix the permission check
2013-11-14 21:19:57 -08:00
Raymond Feng
be3c40c3d3
Add oauth2 related models
2013-11-14 21:19:56 -08:00
Raymond Feng
be32341467
Add a stub to register role resolvers
2013-11-14 21:19:56 -08:00
Raymond Feng
660ef89755
Merge ScopeACL into ACL
2013-11-14 21:19:56 -08:00
Raymond Feng
0430cd2ae3
Add tests for isInRole and getRoles
2013-11-14 21:19:56 -08:00
Raymond Feng
c3a1a85159
Add constants and more tests
2013-11-14 21:19:56 -08:00
Raymond Feng
48a0242711
Define the models/relations for ACL
2013-11-14 21:19:56 -08:00