Sometimes dry-validation would overwrite our custom english
messages with its default messages, recognizable by lacking a
dot at the end.
By using our own top_namespace AND ensuring that dry doesn't load
its own translations, this could be fixed. It means that we will have
to define all messages ourselves, we can't rely on default translations.
* Adds FeatureDecision. Initial steps on SharePoint -> Sharepoint rename
* Update I18n keys to use sharepoint over share_point
* Adds handling of the drives on the file picker
* Upload Strategy handling plus FileLink Contract ammendment
* Drafting a draft implementation draft
* Adds missing token exchange scope
* Remove all mention to list constants
* Changes to SharePoint rather than Sharepoint
* Addresses feedback by @kharonus
* Remove PROVIDER_TYPES
Due to STI nature it is required. Otherwise undesired behavior is possible
in dev and test environments(where usually lazy loading is enabled).
The udesired behavior can be like:
Fetching not loaded yet STI model through its parent model
(e.g. `User.find(service_account_id)` raises `ActiveRecord::NotFound`, because
`ServiceAccount` has not been referenced yet.
`SubclassRegistry` has been removed, because:
1. `.register_subclasses` and `.registered_subclasses` produce unexpected results.
```ruby
# e.g.: Principal -> User -> ServiceAccount
Principal.register_subclass(User)
# Then
Principal.registered_subclasses == [User] # true
User.registered_subclasses == [User] # true
ServiceAccount.registered_subclasses == [User] # true
# Having User as a subclass of User and ServiceAccount seems to be weird.
```
2. There seems to be no big win in have the additional list of subclasses that have to be manually filled.
3. Used in commit apprach seems to be simpler.
It is just calling STI classes explicitly in to_prepare block of configuration.
The previous implementation was a deeply nested decision tree for
different error cases or other unexpected states.
Most of this was necessary, because setting up correct permissions is partially
happening asynchronously. Some of the redirects would eventually have rendered a modal
that would periodically check whether user permissions appeared in the background.
All of this was replaced by an approach where we immediately (synchronously) ensure
that the setup is correct.
We will now propagate HTTP errors upwards as failed service results,
top-most they are only logged, but will not raise an error anymore.
We can do this, because a missing remote identity will be shown to
the user as an error anyways. On the other hand raising an error
from the OpenProject::Notifications breaks the code performing
the original token fetching and prevents display of the nice error
message in the UI.
- Use SpecificBearerToken as a name for new auth strategy
- Add scope to filter storages by audience
- Do not emit REMOTE_IDENTITY_CREATED event if there are no changes to the model
- Use TOKEN_OBTAINED_EVENT for event exposed by openid_connect module
- Fix fetching of RemoteIdentity data in all cases to be correct, I hope :)
There is now add_replacements which accepts a hash, allowing to
add multiple replacements in one call. This should make mass-adding
replacements look less bulky.
Also including helpers to ActsAsOpEngine to make adding replacements
from a module nicer.
Instead of expecting modules to selectively overwrite
methods of this class, we offer an explicit extension point
where replacements can be registered explicitly.
Thus patching the implementation is not necessary anymore, instead
it can be configured from initializers.
* Introduce RemoteIndentity to decouple remote user ids from oauth tokens
* Introduce RemoteIndentity to decouple remote user ids from oauth tokens
* Move dependent destroy to DB layer via ON DELETE CASCADE for remote identities
* Appease rubocop on has_many
---------
Co-authored-by: Wieland Lindenthal <w.lindenthal@forkmerge.com>
- manage_storages_in_projects to manage_files_in_projects
- change usage through app
- projects->deactivate_work_package_attachments is now only available
through manage_files_in_projects
Oliver Günther