GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 11:25:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
5a4db980af036822e61660d7cd71311bcd2436fb
outline/server
T
History
Tom Moor 5a4db980af Fix authorization gaps for restricted documents 
- Tighten Document.findByIds so isPrivate filtering fails closed when
  the attribute is not loaded, and include isPrivate in the projection
  used by Relationship.findSourceDocumentIdsForUser so backlinks from
  restricted docs are no longer leaked to collection-only members.
- Add !isPrivate gate to the unpublish policy so collection writers
  without direct membership cannot unpublish restricted documents.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-09 09:00:31 -04:00
..
__mocks__
chore: Migrate to vitest (#12272)
2026-05-06 21:10:51 -04:00
collaboration
chore: Migrate to vitest (#12272)
2026-05-06 21:10:51 -04:00
commands
Merge remote-tracking branch 'origin/main' into tommoor/new-permissions
2026-05-08 23:21:29 -04:00
config
fix: Allow new DATABASE_ env variables to work with migrations/creation (#10216)
2025-09-22 20:43:27 -04:00
editor
chore: promote no-explicit-any from warn to error (#12244)
2026-05-02 12:14:23 -04:00
emails
chore: Migrate to vitest (#12272)
2026-05-06 21:10:51 -04:00
logging
chore: Replace lodash with es-toolkit (#12281)
2026-05-06 21:03:47 -04:00
middlewares
chore: Migrate to vitest (#12272)
2026-05-06 21:10:51 -04:00
migrations
Merge remote-tracking branch 'origin/main' into tommoor/new-permissions
2026-05-08 23:21:29 -04:00
models
Fix authorization gaps for restricted documents
2026-05-09 09:00:31 -04:00
onboarding
Separate Prettier and ESLint according to best practices (#9565)
2025-07-08 18:01:48 -04:00
policies
Fix authorization gaps for restricted documents
2026-05-09 09:00:31 -04:00
presenters
Merge remote-tracking branch 'origin/main' into tommoor/new-permissions
2026-05-08 23:21:29 -04:00
queues
Merge remote-tracking branch 'origin/main' into tommoor/new-permissions
2026-05-08 23:21:29 -04:00
routes
Fix authorization gaps for restricted documents
2026-05-09 09:00:31 -04:00
scripts
feat: Document insight rollups (#12086)
2026-04-18 08:11:15 -04:00
services
chore: promote no-explicit-any from warn to error (#12244)
2026-05-02 12:14:23 -04:00
static
fix: Address various a11y findings (#11977)
2026-04-06 18:59:53 -04:00
storage
chore: Remove stale Jest references from docs and comments (#12285)
2026-05-06 21:55:07 -04:00
test
Auto-subscribe mentioned users to document (#12235)
2026-05-07 21:33:55 -04:00
tools
fix: Relative path returned from MCP (#12255)
2026-05-04 07:52:32 -04:00
typings
perf: Remove turndown (#11331)
2026-01-31 20:56:36 -05:00
utils
Only preconnect to S3 if it's being used (#12298)
2026-05-08 14:41:32 -04:00
.oxlintrc.json
chore(deps-dev): bump oxlint and tsgolint (#12127)
2026-04-28 13:50:42 -04:00
context.ts
perf: Move image download out of transaction (#11528)
2026-02-23 22:14:03 -05:00
env.ts
chore: Replace lodash with es-toolkit (#12281)
2026-05-06 21:03:47 -04:00
errors.test.ts
chore: resolve no-explicit-any lint warnings in plugins (#12237)
2026-05-01 08:29:58 -04:00
errors.ts
Separate user input errors from internal errors for Sentry reporting (#11308)
2026-01-30 05:55:28 -05:00
index.ts
chore: Replace lodash with es-toolkit (#12281)
2026-05-06 21:03:47 -04:00
onerror.test.ts
chore: Migrate to vitest (#12272)
2026-05-06 21:10:51 -04:00
onerror.ts
chore: Catch other types of client aborted error (#12303)
2026-05-08 22:32:54 -04:00
types.ts
chore: Move welcome email to processor (#11939)
2026-04-02 20:16:47 -04:00
validation.test.ts
chore: clear mechanical lint warnings (Phase 1) (#12198)
2026-04-28 20:00:03 -04:00
validation.ts
chore: Replace lodash with es-toolkit (#12281)
2026-05-06 21:03:47 -04:00