Skip to content

ABAC enforcement, resource tags, and tag-based sharing#79

Merged
blinkerbit merged 12 commits into
mainfrom
abac
May 16, 2026
Merged

ABAC enforcement, resource tags, and tag-based sharing#79
blinkerbit merged 12 commits into
mainfrom
abac

Conversation

@blinkerbit

Copy link
Copy Markdown
Owner

This PR merges the \�bac\ branch into \main.

Highlights

  • Attribute-based access control wired through handlers (PEP) with policy seeds and admin UX improvements.
  • Resource tags (glob patterns) for files and directories, including **\ pattern support and directory-scoped patterns (e.g. \docs/**).
  • Tag-based shares, /tagged/\ browse, profile shared-with-me, and tag chips on the file browser.
  • Local static assets and CSP-friendly setup; removal of client-side Markdown/PDF preview in favor of plain text view and download elsewhere.

Note: Additional local edits may exist that are not yet committed or pushed.

Made with Cursor

blinkerbit and others added 12 commits May 8, 2026 21:41
…ty (#80)

* feat: modernize login UI, fix auth error messages, and improve security

- Redesigned login and admin-login pages with animated background (themed
  orbs per DaisyUI theme), icon inputs, show/hide password toggle, gradient
  sign-in button, and P2P card section
- Added _bg_canvas.html: colorful animated gradient orb background that
  auto-syncs colors to the active DaisyUI theme via MutationObserver
- Rewrote theme selector dropdown with pure JS (fixes DaisyUI v5 conflict)
- Tab switcher now correctly restores active tab after a failed form submit
- Fixed error messages: token failures show "Invalid access token." /
  "Invalid admin token.", credential failures show "Invalid credentials."
- Token auth now takes priority over credentials to prevent autofill shadowing
- Profile handler: require current password before allowing password change,
  and gracefully handle token-authenticated sessions
- Fixed admin_handlers missing settings= kwarg in template renders
- Fixed UnicodeEncodeError on banner print in main.py
- Removed unsupported cloud provider config paths (credentials_file, client_id)
- Fixed tooltip and dropdown colors for DaisyUI v5 variable names
- Added tests for current-password verification and updated existing tests

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: resolve SonarCloud issues — security, duplication, code smells

- Rename INVALID_USERNAME_OR_PASSWORD_MSG → INVALID_CREDENTIALS_MSG to
  eliminate S2068 false-positive hardcoded credential detection
- Extract shared tab-switcher, paste-button, and eye-toggle JS into
  login-ui.js to bring duplication below 3% threshold
- Replace empty catch blocks with console.debug logging (fixes S2486)
- Fix _bg_canvas.html: use role="presentation" instead of aria-hidden
  (S6825), add NOSONAR on Math.random animation calls (S2245), replace
  | 0 with Math.trunc() (S7767), use for-of loops (S4138)
- Fix _theme_login_corner.html: change <ul role="menu"> to <div role="menu">
  (S6842), use .dataset.setTheme instead of getAttribute (S7761)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: resolve remaining SonarCloud issues on login UI

- S6843/S6819: replace role="presentation" tabindex="-1" with aria-hidden="true" on canvas
- S7761: replace getAttribute('data-theme') with .dataset.theme in _bg_canvas and _theme_login_corner
- S7748: remove trailing zeros from numeric literals (0.80→0.8, 0.40→0.4, 0.90→0.9, 0.60→0.6, 0.70→0.7)
- S2068: rename password input IDs (local-password→local-pwd, adm-password→adm-pwd) and config keys (pwdInput→eyeInput, pwdEye→eyeBtn, pwdIcon→eyeIcon)
- S7764: replace window with globalThis in login templates and login-ui.js

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: move canvas animation to static JS to resolve S2245 hotspots

Extracted inline script from _bg_canvas.html into bg-canvas.js so that
NOSONAR suppressions on Math.random() calls are recognized by SonarCloud.
Also replaced for-of loops with indexed loops (S4138) and window with
globalThis (S7764).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: theme-aware action button tooltips and missing ds-* CSS variables

- Tooltip now uses --color-base-200/base-content/base-300 so it renders
  in each theme's own palette instead of the jarring neutral dark box
- Define missing --ds-warning, --ds-warning-soft, --ds-gold-soft,
  --ds-danger-soft, --ds-success-soft, --ds-border-strong, --ds-shadow-lg
  etc. so action button tinted backgrounds work across all themes
- Fix browse handler: pass file_tags_map to template (was causing 500 error)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
@blinkerbit blinkerbit merged commit 744d40c into main May 16, 2026
1 check passed
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants