Skip to content

v1.5.0 Update (04/29/2019)
Compare
Choose a tag to compare
@RobAndrewHurst RobAndrewHurst released this 29 Apr 15:45
v1.5.0
7ebec48

Release Update v1.5.0 - April 29 2019

Fixes

Gazetteer search for numbers only

  • A valid lat long position will now cancel the search to backend / 3rd party service.

Changes

Workspaces

The workspace editor is now nested in the desktop. Workspace methods are in the XYZ control library. The json editor library has been removed from the repo. The code mirror library has been added and should be used to edit json.

Workspace routes are:

/workspace/get

Get the workspace from XYZ host.

/workspace/set

Post a workspace to the XYZ host. Will run checks, load workspace into memory and store the workspace as a new record in the workspace table.

The workspace is stored in global.workspace.current

Views

Scripts which only apply to a single view are stored with the html template in the public /views folder. Styles which only apply to a single view are in the head of that view. Only shared SCSS stylesheets are in the public /css folder.

Scripts sources should not be defined after the body. All sources should be defined in the head and user the defer / async declaration in order to prevent the page locking while loading the script.

/register

Small print has been added to the register view. The submit button should only be active if the checkbox in regard to the small print is checked.

Google recaptcha has been added to Login and Register forms. This is enabled if a captcha key and secret are provided in the environment key GOOGLE_CAPTCHA.

A mask has been added to the desktop view. This mask shades the view to prevent user input. e.g. While waiting for a response to workspace checks / load.

Log rocket

Log rocket has been added to the repo. A confirmation dialog will ask whether a session should be recorded. The log rocket button will be visible if a log rocket key is provided in the environment key LOG_ROCKET.

Authentication

Token authentication is now happening pre route validation.

Token

The /token endpoint will return an API key and store the key in the ACL database in the api field for the user. Token do not timeout but can never be used to login or for administrative tasks. An API token will always be checked against the database to create a signed token with the user roles.

Validation

All params must be provided on the querystring. The querystring params must be validated in route schema.

Additional checks are run in an array of pre-handler methods.

User routes

Routes for the management of users are:

/user/admin The admin view for the ACL.

/user/approve The endroute to approve a user with an approval token.

/user/verify The endroute to approve a user with an verification token.

/user/log Returns the access log for a user.

/user/list Returns a list of all users.

/user/update Updates a user field in the ACL.

/user/delete Endpoint to delete a user from the ACL.

/user/block Endpoint to block a user.

User schema

create table users
(
	"_id" serial not null,
	email text not null,
	password text not null,
	verified boolean default false,
	approved boolean default false,
	verificationtoken text,
	approvaltoken text,
	failedattempts integer default 0,
	password_reset text,
	api text,
	approved_by text,
	access_log text[] default '{}'::text[],
	blocked boolean default false,
	roles text[] default '{}'::text[],
	admin_workspace boolean default false,
	admin_user boolean default false
);

Roles

Roles are set on the layer.

"roles": {
  "boo" : null,
  "foo" : {
    "retailer": {
      "in": [
        "Tesco",
        "Sainsburys"
      ]
    }
  }
}

If a roles are set means that the layer is not available to anybody who doesn't have a role from the layer. If a filter is set on the role means that the user has access to the layer but the filter will be applied to any query.

Error Codes

The 406 error code has been retired in favour of the more common 400 error code. Error code should return a new Error('msg').

Swagger

The fastify swagger plugin has been added to respond with a json to describe the API on the /swagger/json route.

Checkbox

  • Boolean data type is displayed as a checkbox element in the location view and can be also set up as editable. Boolean data type is stored in the database as boolean.

  • "type": "boolean"

  • Checkbox will show when they are not editable.

image

  • Boolean module has been moved from /edit to /view for locations.
  • The method will return with the input disabled if not editable otherwise the onchange event will be attached to the checkbox.
  • Check box filtering enabled.
Assets 2
Loading