unleash.unleash

mirror of https://github.com/Unleash/unleash.git synced 2024-11-01 19:07:38 +01:00

History

Nuno Góis 7e9069e390 refactor: token permissions, drop admin-like permissions (#4050 ) https://linear.app/unleash/issue/2-1155/refactor-permissions - Our `rbac-middleware` now supports multiple OR permissions; - Drops non-specific permissions (e.g. CRUD API token permissions without specifying the token type); - Makes our permission descriptions consistent; - Drops our higher-level permissions that basically mean ADMIN (e.g. ADMIN token permissions) in favor of `ADMIN` permission in order to avoid privilege escalations; This PR may help with https://linear.app/unleash/issue/2-1144/discover-potential-privilege-escalations as it may prevent privilege escalations altogether. There's some UI permission logic around this, but in the future https://linear.app/unleash/issue/2-1156/adapt-api-tokens-creation-ui-to-new-permissions could take it a bit further by adapting the creation of tokens as well. --------- Co-authored-by: Gastón Fournier <gaston@getunleash.io>		2023-06-22 08:35:54 +01:00
..
api-token-middleware.test.ts	chore: deprecate username on api-tokens (#3616 )	2023-05-04 09:56:00 +02:00
api-token-middleware.ts	fix: reject unauthorized client requests (#3881 )	2023-05-27 16:29:54 +02:00
authorization-middleware.ts	Clean up old errors (#3633 )	2023-05-11 11:10:57 +02:00
catch-all-error-handler.ts
conditional-middleware.ts
content_type_checker.test.ts	feat: unify error responses (#3607 )	2023-04-25 13:40:46 +00:00
content_type_checker.ts
cors-origin-middleware.test.ts	Fix/remove settings cache (#2694 )	2022-12-14 17:35:22 +01:00
cors-origin-middleware.ts
demo-authentication.ts	chore: deprecate username on api-tokens (#3616 )	2023-05-04 09:56:00 +02:00
index.ts
maintenance-middleware.ts	Maintenance mode for users (#2716 )	2022-12-21 13:23:44 +02:00
no-authentication.test.ts
no-authentication.ts
oss-authentication.test.ts
oss-authentication.ts	feat: authorization middleware (#3464 )	2023-04-06 11:46:54 +02:00
pat-middleware.test.ts	fix: log missing user at warn level (#3735 )	2023-05-10 13:31:42 +02:00
pat-middleware.ts	fix: log missing user at warn level (#3735 )	2023-05-10 13:31:42 +02:00
rbac-middleware.test.ts	refactor: token permissions, drop admin-like permissions (#4050 )	2023-06-22 08:35:54 +01:00
rbac-middleware.ts
request-logger.ts
response-time-metrics.ts	chore: GA responseTimeWithAppNames (#3178 )	2023-02-22 09:10:06 +00:00
secure-headers.ts	feat: add plausible as connect src (#3619 )	2023-04-25 14:24:54 +03:00
session-db.ts
unless-middleware.ts