* [AI] Enforce file access authorization on sync API endpoints
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor file deletion authorization to return error message as text
* Refactor file upload validation to improve error handling
* Add tests to allow admin users to retrieve encryption keys and sync files for other users
- Implemented a test for admin access to retrieve encryption keys for another user's file in the /user-get-key endpoint.
- Added a test for admin users to sync another user's file in the /sync endpoint, ensuring proper response and headers.
These changes enhance the authorization checks for admin actions on user files.
* Refactor file cleanup in tests to use onTestFinished for better error handling
* Enhance admin capabilities in file management tests
* Add migration to backfill file owners with admin ID
* Enhance file access authorization in sync API
* Update migration to backfill file owners with admin ID to ensure consistent ordering in the query
* Refactor access control tests for file downloads in sync API
* Add test for non-owner file download access via user_access in sync API
This test verifies that users with appropriate access can download files owned by others, utilizing the requireFileAccess logic and UserService.countUserAccess. It ensures correct response headers and content delivery for shared files.
* Refactor file cleanup in upload and download tests to utilize onTestFinished for improved error handling
This update consolidates file cleanup logic in the test suite, ensuring that temporary files are removed after each test execution. The changes enhance the reliability of tests by consistently managing file state across various scenarios.
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Added Global Synced Prefs
* [autofix.ci] apply automated fixes
* Add release notes for PR #6234
* typecheck
* lint fix
* Refactor global synced preferences to server preferences
- Removed global synced preferences implementation and related files.
- Introduced server preferences with a new slice and hooks for managing user settings.
- Updated components and hooks to utilize server preferences instead of global synced preferences.
- Adjusted Redux store and mock configurations to reflect the changes.
- Enhanced user settings consistency across devices with the new server preferences structure.
* Implement server preferences for feature flags and enhance admin permissions
- Updated the Experimental component to conditionally display based on user permissions and login method.
- Refactored feature flag handling to use 'flags.plugins' instead of 'plugins'.
- Introduced server-side checks to restrict access to server preferences for admin users only.
- Added comprehensive tests for server preferences management, ensuring proper handling of user roles and preferences.
* Enhance error handling in saveServerPrefs thunk
- Updated the saveServerPrefs async thunk to handle potential errors from the server response.
- Added a check for the presence of an error in the result and return it accordingly.
- Ensured that preferences are still dispatched to the store upon successful save.
* Feedback: strict "flags.plugins" typing
* Feedback: move state slice
* Feedback: localstorage pref
* Feedback: move serverPrefsSlide into prefsSlice
* Refactor: Remove duplicate import of PostError in app.ts
* Rename serverPrefs state slice property to server (#6596)
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Matiss Janis Aboltins <matiss@mja.lv>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
* Add ESM loader support and update sync-server modules
* Update TypeScript configuration and fix bank file import filter in sync-server
* Remove deprecated loader and register files, update TypeScript configuration to use ES2021, and add a new script for automatically adding import extensions to JavaScript files.
* Update test script in package.json to include a custom loader and clean up import extensions script by removing unused 'stat' import.
* feat: Add warning for unresolved imports
Co-authored-by: matiss <matiss@mja.lv>
* [autofix.ci] apply automated fixes
* Remove unused 'import/extensions' rule from ESLint configuration
* Refactor import statements in sync-server
- Updated import path for migrations to remove file extension.
- Added ESLint directive to ignore import extension rule for reset-password script.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
