Key Developments: Updates to Client, Security, and Deployment
What developments have taken place today?
Today’s commits introduce several key additions and improvements across various parts of the project. A new Dart client submodule is added for a remote daemon client, mirroring existing TypeScript functionality. This includes initializing a Git connection and updating configuration files. A WebsiteURLAddForm class has been introduced to provide a modal dialog for adding website URLs with validation and API integration via the websiteUrlApi. Significantly, a major overhaul of access control was implemented, shifting from an ad-hoc system to a structured approach using the new acl package. This involved defining roles, resources, actions, and implementing functions like isLoggedIn, ownsDevice, and allowAll. The access control logic was then refactored in several controller methods, leveraging these definitions for authorization checks. Furthermore, unit tests were updated to reflect these changes. A new endpoint for deleting domains (DELETE /api/v1/domain/{id}) has been added with comprehensive error handling and security features utilizing the XAuthorization mechanism. Finally, a script was implemented to tag multiple client projects with specified version numbers, streamlining the process of deploying updates across different projects.
Summary: These changes represent important steps towards improving code maintainability, enhancing API functionality, bolstering security, and simplifying deployment processes. The addition of the Dart submodule expands client support, while the access control overhaul provides a more robust and scalable system for managing user permissions. The new endpoint and related improvements add to the API’s capabilities, and the tagging script streamlines project updates.