Abstract logic that requires the user to be an owner
Make username use stronger type
Use stronger type for user IDs.
Add stronger type for CSRF tokens
Improve vertical whitespace and fix schema comment indentation
Hide "share" link from users with the "editor" role
The share page is already inaccessible to these users, so why give them
a link to access it? Note that this is not client-side validation, since
we are already requiring them to be logged in to see the roles. This
change just makes the site less confusing by not presenting the user
with links to pages they can't visit.
Add roles management page with tests
This includes a share link on each document page, a share page which
allows adding, removing, and editing roles, and lastly some tests.
Use table on main index page rather than list
This allows metadata to be displayed in a better looking format than
just a concatenated string.
Make test use separate environment from default config
This way, the webpad.db file doesn't get blown away on every test run,
which means I can actually start using the software for real things.
Update README with description of access rules
Add publishing functionality
This includes the server functionality to update the publicity of a document,
the UI for how to publish and unpublish a document, and a couple tests for the
publishing functionality. A public document page appears as a couple <pre> tags,
so it looks pretty bare-bones.
Add document deletion functionality
Includes the server endpoint, with client and server-rendered UI, and passing tests.
Abstract getting a users role associated with a document
Ensure that a user is authorized to update a document
If they attempt to update both the title (or body) and the publicity,
but they are only and editor (and thus cannot update the publicity),
then neither the title nor the publicity will update, even though the
user has permission to update the title.
Add several tests, including autosave tests
Order documents with the most recently created at the top