1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-11 00:08:30 +01:00
Commit Graph

43 Commits

Author SHA1 Message Date
Fredrik Strand Oseberg
e1b7cfd8dd
Fix/project role permission grant ()
## Background

In  we fixed a privilege escalation bug that allowed members of a
project that had permission to add users to the project with roles that
had a higher permission set than themselves. The PR linked essentially
constricts you only be able to assign users to roles that you possess
yourself if you are not an Admin or Project owner.

This fix broke expectations for another customer who needed to have a
project owner without the DELETE_PROJECT permission. The fix above made
it so that their custom project owner role only was able to assign users
to the project with the role that they posessed.

## Fix

Instead of looking directly at which role the role granter has, this PR
addresses the issue by making the assessment based on the permission
sets of the user and the roles to be granted. If the granter has all the
permissions of the role being granted, the granter is permitted to
assign the role.

## Other considerations

The endpoint to get roles was changed in this PR. It previously only
retrieved the roles that the user had in the project. This no-longer
makes sense because the user should be able to see other project roles
than the one they themselves hold when assigning users to the project.

The drawback of returning all project roles is that there may be a
project role in the list that the user does not have access to assign,
because they do not hold all the permissions required of the role. This
was discussed internally and we decided that it's an acceptable
trade-off for now because the complexities of returning a role list
based on comparing permissions set is not trivial. We would have to
retrieve each project role with permissions from the database, and run
the same in-memory check against the users permission to determine which
roles to return from this endpoint. Instead we opted for returning all
project roles and display an error if you try to assign a role that you
do not have access to.

## Follow up
When this is merged, there's no longer need for the frontend logic that
filters out roles in the role assignment form. I deliberately left this
out of the scope for this PR because I couldn't wrap my head around
everything that was going on there and I thought it was better to pair
on this with @chriswk or @nunogois in order to make sure we get this
right as the logic for this filtering seemed quite complex and was
touching multiple different components.

---------

Co-authored-by: Fredrik Strand Oseberg <fredrikstrandoseberg@Fredrik-sin-MacBook-Pro.local>
2024-09-10 20:35:45 +02:00
Christopher Kolstad
f4e3388606
task: Yarn v4 ()
Moves to Yarn v4

---------

Co-authored-by: Alvin Bryan <107407814+alvinometric@users.noreply.github.com>
2024-06-27 12:52:43 +02:00
Gastón Fournier
a0fce0ec12
Revert "fix: yarn v4 requires prepack instead of prepare script when building…" ()
Reverts 
2024-06-12 13:25:51 +02:00
Christopher Kolstad
a971c770e9
task: Yarn v4 ()
Trying again, this time with correct .gitignore already setup, and a
workflow configured to try what was failing prior to our revert.
2024-06-12 11:18:21 +02:00
Thomas Heartman
544613245f
ignore .yarn changes and delete existing tracked files ()
This PR follows Yarn's official suggestion on [which files should be
gitignored](https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored)
and also deletes the `install-state.gz` files that are already
committed.

I've used the gitignore option that isn't for "zero-installs" because
I'm not sure whether we're using them or not. I'm guessing we're not,
but we can always update that later if we are.

The doc says that the install-state file "is an optimization file that
you shouldn't ever have to commit. It simply stores the exact state of
your project so that the next commands can boot without having to
resolve your workspaces all over again."
2024-06-10 11:41:11 +00:00
andreas-unleash
c5914a077f
chore: generate types ()
Generate orval types

---------

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2023-10-18 09:55:07 +03:00
Nuno Góis
4167a60588
feat: biome lint frontend ()
Follows up on https://github.com/Unleash/unleash/pull/4853 to add Biome
to the frontend as well.


![image](https://github.com/Unleash/unleash/assets/14320932/1906faf1-fc29-4172-a4d4-b2716d72cd65)

Added a few `biome-ignore` to speed up the process but we may want to
check and fix them in the future.
2023-10-02 13:25:46 +01:00
Mateusz Kwasniewski
751bc465d6
feat: generate orval types with dependent features () 2023-10-02 12:35:20 +02:00
Thomas Heartman
ec2978b133
chore: add auto-generated doc index to gitignore ()
I've seen this one pop up a couple times. It's part of our openapi
docusaurus integration and should be ignored.
2023-07-10 14:28:34 +00:00
Christopher Kolstad
3409b0c5a0
task: Add Unit test result check task ()
After a Team Retro, one of our squads felt like we needed more data on
our test suites. This is the first effort to make our test results
easier to grab. It uses the test-reporter action to add a github check
to our main build and PR builds with our test results.

This at least should make it easier to parse which tests are failing.
However, it does not give us trends. So it does not yet make it easier
to decide which tests are flaky just from a quick view.

---------

Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-05-25 11:03:54 +00:00
Gastón Fournier
201c86838f
Test npm publish ()
## About the changes

https://github.blog/changelog/2022-10-24-npm-v9-0-0-released/ introduced
a breaking change in the way they handle files inside package.json which
caused some issues with the way we pack and distribute Unleash:

> npm pack now follows a strict order of operations when applying ignore
rules. If a files array is present in the package.json, then rules in
.gitignore and .npmignore files from the root will be ignored.

What we discovered is that when having a nested .gitignore (the one we
have inside frontend), `npm publish` was taking that nested .gitignore
into account (despite the fact that we also have a package.json with
files inside the same folder). We tricked this by removing the `build`
folder from `frontend/.gitignore` and instead adding it into the root
`.gitignore` which is being ignored by `npm publish` following what's
stated in the release note above.

-----------------

Co-authored-by: Gard Rimestad <gard@getunleash.io>
2023-04-18 15:44:19 +02:00
Thomas Heartman
14e052b9ac
docs: auto-generate remaining server-side SDK docs ()
This PR builds on the preceding doc auto-generation PRs and generates
documentation for the remaining server-side SDKs.

## Why

Refer to https://github.com/Unleash/unleash/pull/2809 for more context
about generating SDK docs.

## What

-   Adds generation for the remaining server-side SDKs
- Moves generated docs from the `/reference/sdks` directory to
`/generated` directory.
- Makes sure that the URLs do not change because of the move by using
the `slug` frontmatter property.
- replaces relative github links in the markdown documents so that they
become absolute github links. (refer to the next section)
- Updates some image styling so that it doesn't apply to readme badges
(we don't need them using `display: block`)

### On link replacing:

This PR adds handling of links in the generated documentation.
Specifically, it changes links in one case:

Relative links to github. Links to code and other files in the
repository. These are prefixed with the repository's URL.

While this should work in most cases, it will fail in cases where the
links to the files are not on the repository's primary branch.
(typically main, but could also be "v3", for instance). In these cases,
the links will get a double branch in the URL and will fail. However, I
see no easy way around this (though suggestions are definitely
accepted!), and think it's a fair tradeoff. It takes the links from
"definitely failing" to "will work in the vast majority of cases".

Note: I originally also wanted to handle the case where the link is an
absolute link to docs.getunleash.io. We could turn these into relative
urls to avoid full page reloads and enjoy a smoother experience.
However, the client-side redirects don't work correctly if the relative
URL goes to a redirect page, so you end up with a 404 page. As such, I
think it's better to leave the links as absolute for now.
2023-01-13 12:40:28 +01:00
Simon Hornby
b1a877e56c
docs: adds documentation for personal api tokens ()
* docs: adds documentation for personal api tokens

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2022-10-13 11:02:04 +02:00
sjaanus
a1ce89bedc
Merge frontend with backend ()
* fix: use the frontend dir from the backend

* Build is now working

* Fix workflows

* Fix workflows

* Fix build PRs

* Test coverage workflow

* Test coverage

* Test coverage run

* Fix jest report

* refactor: add missing frontend build

* refactor: ignore frontend dir for coverage

* refactor: run frontend build in PRs

* refactor: run backend tests in PRs

* Revert "refactor: run backend tests in PRs"

This reverts commit 22cabddfd1.

* refactor: remove unused frontend build file

* refactor: test workflows in PR

* refactor: use a prepare script for the frontend

* refactor: simplify yarn build scripts

* refactor: fix check-release script

* Revert "refactor: test workflows in PR"

This reverts commit 496ae19404.

* refactor: remove unused gitignore lines

* refactor: remove renovate config from the frontend repo

* refactor: remove frontend repo license

* refactor: remove frontend repo changelog

* refactor: update frontend repo readme

* refactor: add frontend node_modules to dockerignore

* refactor: update the docker yarn.lock snapshot

Co-authored-by: olav <mail@olav.io>
2022-08-26 07:25:31 +00:00
Thomas Heartman
9448461aaa
docs: prep to add OpenAPI spec to Unleash docs ()
* Docs: start experimenting with OpenAPI and docusaurus

* Docs: add docusaurus-theme-openapi-docs pkg

* Wip: current status

* Docs: Add 'docusaurus-plugin-api-docs'

* Move openapi into own sidebar; generate from localhost

* Chore: Update docusaurus plugin for OpenAPI

* Add website/yarn.lock to git

* Fix: fix CSS warning by using flex-end instead of end

* docs: make openapi generated code work again

* docs: make tags work properly with openapi sidebar

* Docs/chore: update OpenAPI tag scheme.

Add a whole bunch of new tags to make it easier to understand
available tags in OpenAPI.

* docs: point to new openapi docs from old api docs

* docs: typo

* Docs:  link restructure

* docs: add operation indicators to openapi docs

* docs: change badge color for operations

* docs: update openapi-docs package

It now sorts tags the same as the schema

* docs: pluralize APIs in slug

* docs: update links to generated api docs

* docs: update openapi snapshot tests with new tags

* docs: conditionally load spec from localhost or from file

* docs: Remove changes relating to immediate switchover

* refactor: rename types; extract into separate file

* docs: fix api doc links
2022-08-12 11:37:57 +02:00
Ivar Conradi Østhus
5460245a67
fix: do not produce report.json in coverage action for now 2022-05-20 19:29:14 +02:00
Ivar Conradi Østhus
3d6cfb6582
fix: do not ignore coverage/report.json 2022-05-20 11:44:53 +02:00
Ivar Conradi Østhus
fbb6a42d0b
fix: include jest coverage files (POC) 2022-05-20 11:14:41 +02:00
andreas-unleash
1a27bffe4d
Complete open api schemas for project features controller ()
* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* bug fix

* bug fix

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* added emptyResponse, patch feature operation schemas and request

* added emptyResponse, patch feature operation schemas and request

* patch strategy

* patch strategy

* update strategy

* update strategy

* fix pr comment

* fix pr comments

* improvements

* added operationId to schema for better generation

* fix pr comment

* fix pr comment

* fix pr comment

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* Update response types to use inferred types

* Update addTag response status to 201

* refactor: move schema ref destructuring into createSchemaObject

* made serialize date handle deep objects

* made serialize date handle deep objects

* add `name` to IFeatureStrategy nad fix tests

* fix pr comments

* fix pr comments

* Add types to IAuthRequest

* Sync StrategySchema for FE and BE - into the rabbit hole

* Sync model with OAS spec

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* bug fix

* bug fix

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* added emptyResponse, patch feature operation schemas and request

* added emptyResponse, patch feature operation schemas and request

* patch strategy

* patch strategy

* update strategy

* update strategy

* fix pr comment

* fix pr comments

* improvements

* added operationId to schema for better generation

* fix pr comment

* fix pr comment

* fix pr comment

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* Update response types to use inferred types

* Update addTag response status to 201

* refactor: move schema ref destructuring into createSchemaObject

* made serialize date handle deep objects

* made serialize date handle deep objects

* add `name` to IFeatureStrategy nad fix tests

* fix pr comments

* fix pr comments

* Add types to IAuthRequest

* Sync StrategySchema for FE and BE - into the rabbit hole

* Sync model with OAS spec

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* bug fix

* bug fix

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* added emptyResponse, patch feature operation schemas and request

* added emptyResponse, patch feature operation schemas and request

* patch strategy

* patch strategy

* update strategy

* update strategy

* fix pr comment

* fix pr comments

* improvements

* added operationId to schema for better generation

* fix pr comment

* fix pr comment

* fix pr comment

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* Update response types to use inferred types

* Update addTag response status to 201

* refactor: move schema ref destructuring into createSchemaObject

* made serialize date handle deep objects

* made serialize date handle deep objects

* add `name` to IFeatureStrategy nad fix tests

* fix pr comments

* fix pr comments

* Add types to IAuthRequest

* Sync StrategySchema for FE and BE - into the rabbit hole

* Sync model with OAS spec

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* Completed OpenAPI Schemas for ProjectFeatures Controller
Completed OpenAPI Schemas for Feature Controller (tags)

* bug fix

* bug fix

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* fix merge conflicts, some refactoring

* added emptyResponse, patch feature operation schemas and request

* added emptyResponse, patch feature operation schemas and request

* patch strategy

* patch strategy

* update strategy

* update strategy

* fix pr comment

* fix pr comments

* improvements

* added operationId to schema for better generation

* fix pr comment

* fix pr comment

* fix pr comment

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* improvements to generated and dynamic types

* Update response types to use inferred types

* Update addTag response status to 201

* refactor: move schema ref destructuring into createSchemaObject

* made serialize date handle deep objects

* made serialize date handle deep objects

* add `name` to IFeatureStrategy nad fix tests

* fix pr comments

* fix pr comments

* Add types to IAuthRequest

* Sync StrategySchema for FE and BE - into the rabbit hole

* Sync model with OAS spec

* revert

* revert

* revert

* revert

* revert

* mapper

* revert

* revert

* revert

* remove serialize-dates.ts

* remove serialize-dates.ts

* remove serialize-dates.ts

* remove serialize-dates.ts

* remove serialize-dates.ts

* revert

* revert

* add mappers

* add mappers

* fix pr comments

* ignore report.json

* ignore report.json

* Route permission required

Co-authored-by: olav <mail@olav.io>
2022-05-18 16:17:09 +03:00
Christopher Kolstad
20a4aeff97
Make Appinstance registration include environment () 2021-10-12 10:39:28 +02:00
Fredrik Strand Oseberg
c1aab06798
Feature/setup typescript
This sets up the typescript compiler.

Allowing gradual migration to typescript.

Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
Co-authored-by: Fredrik Oseberg <fredrik.oseberg@getunleash.ai>
Co-authored-by: Clint Checkett <clintchecketts@churchofjesuschrist.org>

fixes: 
2021-02-12 11:42:00 +01:00
ivaosthu
0c2d58b984 chore(documentation): Added Docusaurus with a website
fixes 
2020-02-20 08:34:14 +01:00
ivaosthu
e02a9e095d We should not use package-lock.json 2020-02-20 08:34:03 +01:00
sveisvei
ce056df8b6 use ava as testrunner 2020-02-20 08:30:39 +01:00
sveisvei
99f3eebc5d fix frontend and fix deploy to dev-master with lerna 2020-02-20 08:30:27 +01:00
sveisvei
e5c42f2db6 remove bundle from git 2020-02-20 08:30:26 +01:00
sveisvei
7bacad7b90 use lerna for multipackaging 2020-02-20 08:30:26 +01:00
Ivar Conradi Østhus
77baaa5121 Introduce unleash-docker as a sperate submodule. ()
* Introduce unleash-docker as a sperate submodule.

this is related to  and will solve 

* keep ide-user-settings out of repo

* Introduce unleash-docker as a sperate submodule.

this is related to  and will solve 

* mv unleash-docker to packages/unleash-docker

* made docker work for now, by copying migrations

* minro cleanup

* docker on node:6

* minor cleanup
2020-02-20 08:30:26 +01:00
Ivar
1df6f674fa keep ide-user-settings out of repo 2020-02-20 08:30:26 +01:00
Ivar
3f5226e842 ignored vscode files 2020-02-20 08:30:25 +01:00
haaeriks
e0607f3da1 ignore all idea files with .gitignore 2020-02-20 08:30:24 +01:00
Ivar
13a5ccb61f gitignore: added Visual Stuido Code IDE ignores 2020-02-20 08:30:24 +01:00
audstran
e800ad7a85 added docker container and vagrant 2020-02-20 08:30:23 +01:00
Anders Olsen Sandvik
405234c5a1 Update .gitignore 2020-02-20 08:30:20 +01:00
Ivar Østhus
73909e3a8d updated gitignore 2020-02-20 08:30:15 +01:00
ivaosthu
b2d4cbf5de added server side validation of feature name 2020-02-20 08:30:13 +01:00
Jari Bakken
f06a4a8a51 Move unleash-server to top level. 2020-02-20 08:30:13 +01:00
Jari Bakken
e1f1cfc4d3 Use webpack to build JS/JSX resources. Closes . 2020-02-20 08:30:12 +01:00
andsandv
cfb1cd360a Ignore DS_Store 2020-02-20 08:30:08 +01:00
Jari Bakken
3dddf791e6 Get rid of liquibase 2020-02-20 08:30:06 +01:00
ivaosthu
3e7062227b Initial java-client setup with jdk 1.7. Closes . 2020-02-20 08:30:06 +01:00
ivaosthu
4a84149b63 Closes - Initial express based server setup.
To start server locally:
npm run start-dev

To execute tests:
npm test
2020-02-20 08:30:06 +01:00
Jari Bakken
f80d9a8827 Initial commit 2014-09-29 14:50:46 +02:00