- 05 Aug, 2015 1 commit
-
-
Randall Leeds authored
It turns out IE10 doesn't have the URL constructor and somehow I misinterpreted the MDN docs. The bind polyfill still isn't needed, except by PhantomJS. It also seems silly not to just include wgxpath without npm. Save the browserify-ing step.
-
- 04 Aug, 2015 2 commits
-
-
-
Randall Leeds authored
Function.prototype.bind is supported in every browser for a long time. It's only needed because, oddly, PhantomJS 1.8 doesn't support it. The window.URL constructor is supported in IE10+ and every other major browser for a while now. It's also not supported in PhantomJS 1.8, though. The application currently doesn't work on IE < 10 anyway so let's just remove this for now.
-
- 03 Aug, 2015 11 commits
-
-
Randall Leeds authored
-
Randall Leeds authored
-
Randall Leeds authored
-
Randall Leeds authored
-
Randall Leeds authored
-
Randall Leeds authored
This should make sure that baseURI works completely even in IE.
-
Randall Leeds authored
-
Randall Leeds authored
I had started to implement the JWT Authorization Grant here but forgot to back out those changes before I committed to just refactoring the existing method. This was premature and also plain wrong in the sense that the parameters were not being passed ('params' is the key for sending GET parameters, not 'data' -- 'data' would be a separate argument for POST).
-
Nick Stenning authored
Switch out jschannel for frame-rpc
-
Nick Stenning authored
Simplify handling of admin permissions
-
Nick Stenning authored
Refactor auth in the client
-
- 31 Jul, 2015 12 commits
-
-
Randall Leeds authored
-
Randall Leeds authored
Start to take better control over the authentication and authorization systems of the front end. - Remove dependency on Annotator Auth plugin. With this change, Annotator is completely gone from the Angular application. - Use angular-jwt and its http interceptor to ensure that auth tokens are up-to-date and auth token requests block store requests. - With the interceptor in place, it's no longer necessary to resolve auth before the ng-view controllers. - Use the session directly for getting the current user. This is in line with what is likely to happen for groups, too, soon.
-
Randall Leeds authored
The frame-rpc module is a proper CommonJS module and it's footprint is really tiny. Its protocol is simpler. It doesn't handle connection and buffering, but with our onConnect callback we don't need buffering. The connection handshake that jschannel did was so trivial it's been re-implemented here (each side tries to connect to the other once). We have to handle timeouts ourselves, but that's all hidden in the bridge code. In exchange, we get a simpler API, we get rid of the call/notify distinction in favor of just passing a callback or not and we avoid the excess overhead of the recursion guard in the serialization code that was giving us false positive issues with the document title. This is one step toward removing all the browserify-shim requiring libraries from the injected bundle, which will eventually fix #2397.
-
Randall Leeds authored
Remove vendored assets: install from NPM
-
Nick Stenning authored
Replaces our vendored dependencies with dependencies on packages installed from NPM. This makes it substantially easier to find out what versions of 3rd-party packages are installed, and substantially easier to upgrade them as and when necessary. Libraries have been installed pinned at the version available on NPM nearest that installed in the repository. This means: - angular remains v1.2.28 - angular-animate was upgraded from v1.2.25 -> v1.2.28 - angular-resource was upgraded from v1.2.25 -> v1.2.28 - angular-route was upgraded from v1.2.25 -> v1.2.28 - angulartics remains v0.17.2 - bootstrap remains v3.3.5 - jquery remains v1.11.1 - jstimezonedetect remains v1.0.5 - moment remains v2.5.0 - moment-timezone remains v0.0.1 - ng-tags-input remains v2.2.0 Unfortunately, the following modules don't appear to be available on NPM and so remain in the repository: - angular-bootstrap - angular-sanitize - angular-toastr (at a version early enough)
-
Randall Leeds authored
Enable users to create groups
-
Nick Stenning authored
This commit adds a list of groups to the "topbar" when the groups feature flag is enabled.
-
Randall Leeds authored
Limit what admins can do
-
Randall Leeds authored
Use browserify-ngannotate to provide injection annotations
-
Sean Hammond authored
Only update stream filter when we have >0 URIs
-
Nick Stenning authored
Rather than trying to keep injection annotations up-to-date manually, we can use the computer to do it for us. [browserify-ngannotate][1] is a browserify transform plugin that uses [ng-annotate][2] to automatically generate injection annotations for the Angular injector. [1]: https://github.com/omsmith/browserify-ngannotate [2]: https://github.com/olov/ng-annotate
-
Nick Stenning authored
The backend code in `h.streamer` assumes that the arguments to "one_of" are either a non-empty list or a single value. Passing an empty list causes the generation of a bogus query. So, don't update the stream filter until we have at least one URI to stream from. Fixes #2257.
-
- 30 Jul, 2015 7 commits
-
-
Randall Leeds authored
-
Randall Leeds authored
-
Randall Leeds authored
Update to the latest packaging changes of the anchoring helper modules that now specify a browser field and browserify transforms in their package.json files. This bypasses the UMD wrapper of these modules, saving bytes and avoiding the need to wrap them with browserify-shim.
-
Randall Leeds authored
-
Randall Leeds authored
Even when used as a CommonJS module, angular installs itself globally. Rather than fight this in our tests, just leverage it. The mocks module also installs itself under angular.mock. Therefore, none of the require statements for angular or angular-mocks are necessary.
-
Randall Leeds authored
It turns out we don't need Sinon-Chai because we only use the assert interface. According to the Sinon-Chai docs: For assert interface there is no need for this library. Instead, we just install the assertions into the assert object.
-
Randall Leeds authored
There's no reason to have these methods have a different name in the guest as the host. The implementation should be opaque.
-
- 29 Jul, 2015 5 commits
-
-
Nick Stenning authored
Reload annotations on auth change
-
Randall Leeds authored
Just because the user has permission to read an annotation does not imply that it should still be visible under the current search after the authentication change. An example of this is when a NIPSA flagged user logs out but has public annotations visible.
-
Randall Leeds authored
Two front-end fixes
-
Jake Hartnell authored
- Collapsed threads don't show tags - Collapsed threads should have space between user and reply count - "Sign in required" card should have symmetric vertical margins
-
Randall Leeds authored
-
- 28 Jul, 2015 1 commit
-
-
Sean Hammond authored
Consolidate and style the admin interface
-
- 27 Jul, 2015 1 commit
-
-
Randall Leeds authored
While the URL object stringifies nicely, meaning this does work, it is liable to confuse request interceptors that expect a string.
-