yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-08-01 05:17:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,077 Commits 106 Branches 487 Tags
Commit Graph

48 Commits

Author SHA1 Message Date
Alexandre Bodin
a22f2cefef Remove x-forwarded-host. 
- set security defaults for development mode that are standard
- refactor error messages to work without ctx.request.admin
- remove mask middleware and add a sanitization layer to the core-api to
hide private fileds
 2019-09-06 14:33:24 +02:00
Alexandre Bodin
2a780ea10a Clear _id now that queries return an id everytime 2019-08-13 17:40:31 +02:00
Alexandre Bodin
1658b48aa0 Refactor users-permissions to use the new strapi.query 2019-07-16 17:23:38 +02:00
Alexandre Bodin
2b3c8d6628 Fix permission policy mixing users jwt and admin jwt 2019-06-07 15:44:06 +02:00
Alexandre Bodin
a41641bfe4 Add a queries interface to the plugins 2019-04-26 13:40:23 +02:00
Alexandre Bodin
ab0fa1f5de Init build bin 2019-04-26 13:40:16 +02:00
Alexandre Bodin
9e9ff9907d Refactor strapi load 2019-04-16 08:50:22 +02:00
soupette
e56e46e030 Split admin and users. 
Co-authored-by: lauriejim
 2019-04-09 12:09:03 +02:00
EpicUsaMan
32361e2949
Fix for SQLite 2019-02-28 19:22:01 +02:00
soupette
d9ee893c8f Merge branch 'master' of github.com:strapi/strapi into add-cypress 2018-11-14 18:20:40 +01:00
Aurelsicoko
f5eda8df3c Improve permissions policy to avoid security breach with GraphQL 2018-11-06 18:58:40 +01:00
Jim LAURIE
02d935188d Fix test launch 2018-10-31 17:20:09 +01:00
Jim LAURIE
f27b2ae2f6
Merge branch 'master' into email-validation 2018-08-21 11:54:22 +02:00
Jim LAURIE
9c17701163
Merge branch 'master' into block-user 2018-08-10 10:02:52 +02:00
Jim LAURIE
eec423a2cd Add confirmation email 2018-08-08 17:57:02 +02:00
Jim LAURIE
012cb0332b
Merge branch 'master' into rate-limit 2018-08-08 14:36:42 +02:00
Jim LAURIE
0afe2eceac Add rate limit configs 2018-08-08 14:29:10 +02:00
Jim LAURIE
3f2576cb68 Can block a user 2018-08-06 17:46:58 +02:00
Jim LAURIE
70e9523ba8 Fix policy error 2018-08-06 16:59:14 +02:00
Jim LAURIE
738cbf656a Add rate limit on auth routes 2018-08-01 14:56:31 +02:00
Aurelsicoko
c111aaba13 Fixes #1247 2018-05-24 17:20:32 +02:00
Konstantin Tsabolov
9e897bcfda Return HTTP 403 if user is not allowed to perform an operation 2018-05-10 19:36:15 +02:00
Aurelsicoko
3daf7523c8 Apply policy for each query and use generated API business logic 2018-04-10 11:47:01 +02:00
Jim Laurie
72877c3074 Rename Guest to Public role 2018-03-12 16:37:20 +01:00
Aurelsicoko
d7aa3eef7e Resolve conflicts 2018-03-02 14:21:51 +01:00
Aurelsicoko
85fb0f5919 Fix non-polymorphic relations in strapi-bookshelf 2018-02-28 18:10:30 +01:00
Adrien Lepoutre
1110fe7df2 ISSUE 689 - Fix /user/me and ctx.state.user doesn't return OneToMany relations properly 2018-02-28 10:35:28 -05:00
Kristian Frølund
28cd762009 Rephrased error-text 2018-01-29 19:30:56 +01:00
Kristian Frølund
280109c034 Moved user validation logic from JWT service to permissions policy 2018-01-29 19:26:28 +01:00
Aurelsicoko
cc1e8e20aa Don't execute the action again if there is a policy 2018-01-24 19:00:12 +01:00
Aurelsicoko
cf1cb7050b Resolve conflicts and disallow to edit and remove default roles 2018-01-24 11:52:09 +01:00
Aurelsicoko
f2bff7f17d Return an error if a non-admin user try to connect to the admin 2018-01-24 11:38:42 +01:00
Jim Laurie
5accaf30e3 Hot fix permission detection 2018-01-19 07:38:30 +01:00
Aurelsicoko
fa8976c98f Fix infinite login 2018-01-18 11:13:44 +01:00
Aurelsicoko
b84976fbbd Improve init action to check if there is an administrator 2018-01-17 19:22:35 +01:00
Aurelsicoko
4aa28a196e [WIP] Read and update roles & permissions using database 2018-01-17 18:50:12 +01:00
Jim LAURIE
502b101598
Fix PR feedback 2018-01-10 13:39:42 +01:00
Jim Laurie
ff46faf306 Execute controller action out of authorization try 2018-01-09 13:53:52 +01:00
Jim Laurie
2715f2693f Check if token user still exist 2017-12-14 16:12:39 +01:00
cyril lopez
3da6faac05 Fix feedback PR 2017-12-08 14:40:42 +01:00
cyril lopez
1d64d827be Add roles key to permissions 2017-12-08 12:03:37 +01:00
Jim Laurie
5b4f91dcff Fix some PR feedback 2017-12-07 18:16:15 +01:00
Jim Laurie
ddcf48d7c4 Merge branch 'user-permissions' of https://github.com/strapi/strapi into user-permissions 2017-11-28 09:20:07 +01:00
Aurelsicoko
311862dbb1 Handle delete plugin entry using Content Manager 2017-11-27 17:45:21 +01:00
Jim Laurie
f0a766388f By pass permissions for app owner 2017-11-27 16:59:53 +01:00
Jim Laurie
ee1ece28d8 Use request route to detect current action 2017-11-27 16:47:16 +01:00
Jim Laurie
5e2748f81f Send 401 if action is not enabled 2017-11-27 12:05:18 +01:00
Jim Laurie
9a801e4ac1 Inject authentication policy 2017-11-27 10:59:24 +01:00