- ROS will no longer initialize new projects with the latest version of ROS by default.
Instead, it will use the version of the globally installed package. If you want to initialize
a project with the latest version of ROS, you can use
ros init my-project --latest.
- Allow
ros initto be run without an argument from an empty folder. In this case, it will initialize the project in the current folder.
- None
- None
- None
- Added two parameters -
shouldCompactRealmsAtStartandshouldPerformPartialSyncAtStartthat control whether the server will compact the Realms and do a complete partial sync during initialization. Compacting the Realms may reduce the disk space they use, while performing partial sync will detect inconsistencies in the partial Realms and correct them at the cost of incurring a client reset for the clients that used to synchronize against an inconsistent Realm. It is recommended that they are set tofalse(or left undefined) unless you are experiencing Bad Changeset errors or excessive disk usage.
RealmDirectoryServicewill initialize the Default Realm only once. This prevents extensively long ROS startup times when the default Realm contains a lot of data.
- None
- None
- None
-
Added an optional
allowAnonymousargument to route decorators. If not specified on the route level, the service-level value will be used. To specify it for individual route, use the following syntax:@Get("/some-path", /* allowAnonymous */ true) public unauthorizedFunction() {}
The route-level value, if specified, will override the service-level value. To specify it at the service level, use the following syntax:
@BaseRoute("/my-service", /* allowAnonymous */ false) export class MyUnauthorizedService {}
The default value for the service decorator is
true, meaning ROS will not enforce authorization requirements by default.
- None
- None
- None
- None
- None
- None
- None
-
Added an optional
allowAnonymousargument to route decorators. If not specified on the route level, the service-level value will be used. To specify it for individual route, use the following syntax:@Get("/some-path", /* allowAnonymous */ true) public unauthorizedFunction() {}
The route-level value, if specified, will override the service-level value. To specify it at the service level, use the following syntax:
@BaseRoute("/my-service", /* allowAnonymous */ false) export class MyUnauthorizedService {}
The default value for the service decorator is
true, meaning ROS will not enforce authorization requirements by default.
- The PermissionsService will wait for the wildcard permissions Realms to be created.
- Exclude internal traffic (e.g. ROS-to-ROS or health checks on Cloud) from traffic metrics.
- None
- None
- Fixed a bug that could result in a crash with the message "bad changeset error".
- None
- Fixes an unhandled promise rejection in kubernetes/ResourceWatcher
- Adds delay to reconnection attempts in kubernetes/ResourceWatcher
- None
- The server will now proactively crash on client reset rather than go into a non-deterministic state.
- None
- Fix
404 Not Found: realm-sync-servererrors when installing.
- None
- Not supplying
baseUrlin theBasicEmailHandlerConfigwill no longer result in an exception being thrown. - Fixed a problem which would sometimes cause
bad permission objectandbad changeset errors.
- None
- Fixed an issue that would cause the
@Nextannotation to pass in an invalid argument.
- None
- None
- Exposed history log compaction configuration options. The BasicServer config object now has
historyTtlproperty to configure the time after which history entries will expire and be eligible for compaction (default is infinite). TheSyncServiceconfiguration object has that as well ashistoryCompactionInterval(to control at what intervals the compaction algorithm will be run, default 3600) andenableLogCompaction(to disable the algorithm altogether, default is enabled).
RealmDirectoryServicewill initialize the Default Realm only once. This prevents extensively long ROS startup times when the default Realm contains a lot of data.
- None
- KubernetesSyncWorker: add delay between endpoints updates to work around an issue in kube-router
- None
- None
- None
- None
- None
- None
- None
- Don't keep the default Realm open for the duration of running the server.
- The SyncService will always emit sync worker stats to the server's stats sink now.
- Expose
PrometheusStatsSinkon thestatsexport for easier importing. - If
BasicServerdoesn't finish starting in a set time crash the process.
- Fixes an error being reported about WildcardPermissionsRealm missing on bootup.
- Fixes an issue that could make the server unresponsive after deleting Realms or users.
- Added option for enableDownloadLogCompaction in KubernetesSyncWorker
- Exposed API for setting the feature token.
- None
- None
- The developer edition has been disabled. A feature token must be supplied to use the server.
- Backup has been enabled for partial sync.
- Ensures that all system realms use the "default" sync label in order to avoid race conditions on startup
- None
- KubernetesSyncWorker: Adds a workaround for a bug in kube-router, which can cause intermittent connection failures to sync workers.
- None
- Fixed a bug that caused Realm files created with legacy ROS versions to be inaccessible for non-admin users.
- Kubernetes API requests will be retried when they receive HTTP status code 429 (Too many requests)
- None
- None
- KubernetesSyncWorker can now operate without synchronous backup when run with a single replica
- None
- None
- Make sure node.js server addresses have type AddressInfo.
- None
- None
- Expose API to enable admin users to convert between Realm types (
PATCH realms/files/:path). - Throw a more meaningful error when attempting to open a Realm with the incorrect type.
- Include the ROS version in the
/healthresponse. - Uses realm-sync-server 3.3.0
- Uses realm-sync-server 3.2.2, which should fix statsd
- None
- None
- None
- Uses realm-sync 3.1.1, which fixes statsd output
- None
- None
- None
- None
- None
- RealmFactory will now force close Realms on user deletion.
- None
- None
- None
- Fixed a bug that caused an invalid provider configuration to prevent ROS from initializing.
- None
- None
- None
- None
- The server periodically logs the number of open files and their file type.
- The proxy logs the number of open connections to the sync server.
- Added the ability to specify a custom Authorization header name for incoming HTTP requests.
- Add retry logic when internally accessing services in case some services are behind a proprietary HTTP proxy that doesn't start proxying incoming requests right away.
- Added an overwrite option for the backup to specify that the destination directory may be overwritten
- None
- None
- Proper HTTP responses after Upgrade failures.
- npm will no longer try to download dependencies that are already bundled when installing
realm-object-server.
- Improvements to Winston-based loggers:
WinstonLoggernow exposes its internal winston logger instance, allowing for customization such as adding more transports.ConsoleLogger,FileLogger, andFileConsoleLoggergained new parameters on their constructors for the winston transport options.
- Each incoming request gets a UUID for tracking.
- Trace level logging of HTTP requests and responses.
- Added
forceCodeConfigon theIAuthProviderConfiginterface to allow marking certain providers as protected, ensuring that their configuration is reset upon ROS restart. ros init-created apps get file logging enabled by default.- The
%BASE_URL%template variable will no longer contain trailing slashes.
- Using realm-sync 3.0 with protocol breaking changes. This release is protocol backwards compatible
with existing SDKs when syncing "full-realm" Realms, but requires the following versions when using partial sync:
- Java: 5.0.0
- Cocoa: 3.2.0
- Javascript: 2.3.0
- .NET: 2.2.0 - will be released soon.
SyncService'sdataPathconfiguration property is now deprecated and will be removed in a future version. The current default value of './sync' (relative to the server'sdataPath) will be used after the removal.- A new default realm is created by the server and given the sync path "/default". The default Realm only contains a schema version right now. Later it will contain the data currently in the admin Realm and other internal Realms.
- Server Realms are grouped into three types: "full-realm", "reference-realm", and "partial-realm". The realm type is stored in a new column in the admin Realm. "full-realm" realms can be used for full sync. "reference-realm" realms are used for partial sync. Queries are made in "reference-realm" realms. "partial-realm" realms are used by clients that connect to partial sync and have urls containing "__partial".
- A permission system is made for the three types of Realms.
- Full realms have the standard permission system and a non-admin user only has access to its own Realms or Reams with explicit permissions.
- Reference Realms are freely accessible by everybody. Object level permissions will take care of restricting access.
- Partial Realms are individual and can only be used by the owner.
- A Reference Realm is made automatically when partial sync is started with a new url. A user can only create a new reference Realm in its own directory. An admin user can create arbitrary reference Realms.
- A realm can never switch type. It is not allowed to perform partial sync with a "full-realm" Realm. It is allowed for an admin user to perform full sync with a reference realm.
- The default Realm has type "reference-realm" and can be used for partial sync by everybody out of the box.
- The JWT auth provider error messages will now correctly serialize the rejection reason.
- Added
emailHandlerConfigto thePasswordAuthProviderConfigto use a nodemailer to send password reset and email confirmation emails. - Added UI for email confirmation and password reset on /confirm-email and /reset-password respectively.
- A new default realm is created by the server and given the sync path "/default". The default Realm only contains a schema version right now. Later it will contain the data currently in the admin Realm and other internal Realms.
- None
- None
- The build script now copies the password reset assets to the dist folder.
- None
- The build script now copies the email templates to the dist folder, avoiding a crash
- The JWT auth provider error messages will now correctly serialize the rejection reason.
- None
- None
-
UI for email confirmation and password reset on /confirm-email and /reset-password respectively
-
Added
emailHandlerConfigto thePasswordAuthProviderConfigto use a nodemailer to send password reset and email confirmation emails. -
A new default realm is created by the server and given the sync path "/default". The default Realm only contains a schema version right now. Later it will contain the data currently in the admin Realm and other internal Realms.
-
Server Realms are grouped into three types: "full-realm", "reference-realm", and "partial-realm". The realm type is stored in a new column in the admin Realm. "full-realm" realms can be used for full sync. "reference-realm" realms are used for partial sync. Queries are made in "reference-realm" realms. "partial-realm" realms are used by clients that connect to partial sync and have urls containing "__partial".
-
A permission system is made for the three types of Realms.
-
Full realms have the standard permission system and a non-admin user only has access to its own Realms or Reams with explicit permissions.
-
Reference Realms are freely accessible by everybody. Object level permissions will take care of restricting access.
-
Partial Realms are individual and can only be used by the owner.
-
A Reference Realm is made automatically when partial sync is started with a new url. A user can only create a new reference Realm in its own directory. An admin user can create arbitrary reference Realms.
-
A realm can never switch type. It is not allowed to perform partial sync with a "full-realm" Realm. It is allowed for an admin user to perform full sync with a reference realm.
-
The default Realm has type "reference-realm" and can be used for partial sync by everybody out of the box.
- None
- None
- None
- None
- None
- None
- Added the ability to specify a custom Authorization header name for incoming HTTP requests.
- Add retry logic when internally accessing services in case some services are behind a proprietary HTTP proxy that doesn't start proxying incoming requests right away.
- None
- None
- None
- None
- None
- None
- None
- None
- None
- None
- None
- Fixing signatures and comments for index.ts and index.js files
- None
- None
- In order not to be opinionated. The package-lock.json will not be generated with
ros initcommands
- None
- None
- None
- None
- None
- None
- The /health endpoint now responds correctly to an OPTIONS / CORS-preflight request
- None
- None
Discovery.prototype.waitForServicenow unsubscribes from the service watch when it resolves. Not unsubscribing could cause some service discovery implementations to leak.
- None
- None
- None
- None
- None
- None
- None
- None
- None
- None
- Using realm-sync 3.0 with protocol breaking changes.
- None
- None
- Moved the dependency on @types/cors from dev to actual dependency. This fixes issues when using ROS in a TypeScript project.
- None
- None
- None
- None
- Added
emailHandlerproperty on thePasswordAuthProviderconfig object. Set that to receive callbacks whenever a user requests a password reset. - A new token, called UserToken, that will be used by partial sync. The user token has this form { "app_id":"io.realm.Auth", "identity":"ecd6649d80c7ad8d0e2d29fa94268d06", "salt":"bb4522fa", "expires":1516373219, "is_admin":false } A user token is obtained by sending a refresh token to /auth without "path" in the body of the request.
- A new API has been exposed to enable, disable, and configure authentication providers at runtime. It is currently limited to the built-in providers.
- None
- None
- Added
charactersToEscapeto the JwtAuthProvider config. If the user ids, generated by your custom provider contain characters that need to be url encoded, use this to replace invalid characters with_and generate auserIdthat is valid for ROS purposes.
- None
- Fixed an issue with
ros initnot installing the typescript dependency and subsequently,npm startfailing.
- None
- The
DELETE auth/user/:userIdendpoint is now deprecated and will be removed at a later version. Instead useDELETE auth/users/:userId(useris now plural -usersto align with the other endpoints mounted onauth).
- In clustered scenarios,
/healthshould report the overall health of the cluster. If interested in the health of a single instance, pass?thisInstance=trueas query string.
- Expose configuration options for the JWT Auth Provider to allow customizing the names of the
userIdandisAdminfields. - Adds an optional
requiredAttributesoption to the JWT Auth Provider, allowing filtering of JWT tokens. - Adds an optional
providerNameoption to the JWT Auth Provider, allowing the provider to be enabled under different names. - Added Anonymous and Nickname auth providers.
- None
- Fixed an issue in Server when using PrometheusStatsSink where the metrics were bring created on each connection.
- None
- Some methods and properties that are considered internal API have been marked private. This will show
up as compilation errors for typescript projects where they are accessed. While their usage is discouraged,
you can temporarily silence the errors by using the bracket notation. For example,
server.realmFactory.opencan now be invoked by replacing it withserver['realmFactory'].open(). Ultimately, you should move your project to use only the public API. - The following classes have been renamed:
Console->ConsoleLoggerFile->FileLoggerFileConsole->FileConsoleLoggerAzureAuthServiceConfig->AzureAuthProviderConfigCloudkitAuthProviderParams->CloudkitAuthProviderConfigGoogleAuthServiceConfig->GoogleAuthProviderConfigPasswordAuthParams->PasswordAuthProviderConfigMute->MuteLoggerServerStartParams->ServerConfig
- Tokens without expiration date can now be revoked.
- Admin.json will now correctly be written, even if you provide custom private and public keys.
-
Expected HTTP access log entries are now logged on the "debug" level to avoid flooding the "info" log level. HTTP responses with status code 400 or above are now logged on "detail" level. This silence the verbose "GET /healthz HTTP/1.1 200" entries.
-
Expose a configuration option -
writeAdminTokenToJsononServerConfigthat controls whether the admin token will be written todata/keys/admin.json. -
Expose
jsonBodyLimitin theServerConfiginterface to allow increasing the maximum request size.
- Sometimes (and usuallly when starting ROS), an unnecessary warning was logged: 'warn: TokenValidator couldn't check if token was revoked: The TokenRevocationRealm wasn't opened.' It no longer is.
- Fixed a bug in RealmFactory where nonfatal errors would reject opening a Realm.
- None
- 'ros start' now works again. (Regression was introduced in 2.4.0)
- None
- Fixed an issue that allowed non-admin users to create Realms in other users' home folders.
- Fixed a bug causing the failover logic in SyncProxyService to trigger for no good reason. This would manifest itself in "End of input" error messages on the client in enterprise/cloud deployments.
- Added
server.ensureRealmExistsAPI to create a Realm if it doesn't exist already.
- None
- Indicate the version of ROS using
X-Powered-ByHeader. - Added
Server.applyPermissionsmethod to allow changing permissions without having to log in with an admin user.
- Export the JWT provider
- Export stats classes and interfaces
- Fixed an import statement to make it work on case-sensitive file systems (Linux).
- Fixed a bug rendering
ros backupuseless because of incomplete path resolution forrealm-backup.
- None
- The LogService will now respect token revocations (#735)
- Revoked tokens will now never be assigned to the req.authToken.
- TypeScript and JavaScript templates now have .gitignore.
- The manual backup command is now available as
ros backup.
- Fixes MixpanelService issue for Enterprise where some stats might not be available until the sync proxy is fully running.
- Added JWT authentication provider. It allows you to create a custom
authentication service that issues signed Json Web Tokens that contain a
userIdand optionalisAdminfields. The app then transmits the token to ROS which verifies the signature and authenticates a user with the provideduserId.
- The health service no longer responds with 200 OK unless the server has fully started. It is 503 in case the server is still loading.
- The admin token user can now apply permission changes successfully.
- The early log messages do not get skipped in Studio any more.
- Users now have read-write access to their
/~/__permissionrealms (again). The recent switch to read-only was an unintended breaking change. - Fixed a potential race in the permission service. It reported itself started before setting up all the listeners and granting default permissions.
- [Object Server] Fixed a bug where deleted-then-recreated objects with identical primary keys become empty.
- [Object Server] Fixed a bug in outward partial sync to ensure convergence of partial sync in the case where the client creates a primary key object, that is already present on the server, and subscribes to it in the same transaction.
- Added error handling to the internal requests to the load balancer. This should fix some unhandled promise rejections.
- TypeScript and JavaScript templates now have .gitignore
- Close all Permission Realm files used to avoid running out of file handles.
- None
- Realms with invalid paths are now rejected. Previously ROS would just create unsyncable realms.
- Realms with invalid paths are now skipped during 1-to-2 migration. This is required because ROS-1 has the same behavior creating unsyncable realms, which we are not going to fix.
- Non-existent data files are not copied during 1-to-2 migration.
- The default port for BasicServer's https is now properly set to 9443
- HTTPS key and cert are now validated before attempting to start
- server.shutdown() is now more forgiving in failed state scenarios
- Server now has a simple method called
openRealmthat takes a remote path, like/__adminfor example. This is always opened up with the internal server admin user. The schema is optional.
- The migration tool now also migrates global realms.
- The default port for BasicServer's https is now properly set to 9443
- There are two new special realms where permissions are reflected.
/<userid>/__permcontains user-specific permissions and/__permcontains wildcard permissions. The old special realms are still available and reflect the same permissions, but they might contain duplicates. They are only there for compatibility and will be removed in the future. ros migratewill copy realm files by default. Specify--norealmsto disable that.- Added notice to users about the long time 'ros init' can take.
- Updated realm-js to version 2.0.5
- None
- Fixed a problem in the install script where nvm is installed by homebrew.
- Added note to install script reminding the user to use the correct Node.js version.
- Fixed an issue with exporting all custom realm symbols
- Added support Visual Studio Code debugging and running when generating a server setup with
ros init - Opening a partially synced Realm before the master Realm was created now works correctly
- Terms of service is now persisted under the user's home directory. Fixes #550
- None
- Updated the TS and JS templates to be easier to modify.
- Terms of service now generates a distinctId as a UUID and uses that in all mixpanel events. Fixes #600
- Adding Mixpanel Usage Stats with Incremental timer
- Adds simple stats collection interfaces, loosely matching that of prom-client, a Prometheus stats emitter. In developer edition, metrics are stored in-memory, allowing mixpanel to access them.
- Adds ROS usage by emitting to mixpanel data about the connections that go through the SyncProxyService
- Exposes mix panel interface by gating it behind setting a distinctId. This is typically loaded from the agreement file.
- Created a MixpanelService which handles emitting stats periodically to mixpanel.
- None
- Fixed a bug preventing from migrating from ROS1 when
cluster_node_idis - Fixed a bug in SingleProcessDiscovery where find by tag returned unexpected results
- Fixed a bug in PermissionService where the listeners could potentially operate on missing or invalidated objects
- Return a proper error when using the admin token to make permission changes where the userId might not exist.
- Made sure that all symbols in
./realms/**/*.tsare now exported
- None
- Extended RealmDirectoryService unit tests
- Created exception class for ServiceUnavailable
- None
- None
- Update Node in the Docker image to 6.11.5
- None
- None
- None
- The 1-to-2 migration now checks that the source directory is a valid root dir and makes some suggestions if it is not.
- THe 1-to-2 migration now checks that the destination directory is empty and fails with a message about that if it is not an empty dir.
- Expose the ROS port on the Docker container, to work with
docker run -Pfor exposing on a random port.
- None
- None
- The LogService WebSocket endpoints now needs an authentication message with a valid access or refresh token, within the first second of connecting to them. Realm Studio sends this message starting from v1.3.0.
- Added comments to the
ros inittemplate files to describe available configs - A welcome page is now available to the user when visiting http://localhost:9080/ in a web-browser.
- Added install script
- Added acceptance testing against the install script for multiple platforms.
- None
- Fix installation issue (ursa) on various platforms
- Fix's middlewares not being registered to services
- None
- Use node-rsa in favor of ursa.
- None
- Fixes a circular dependency in built package
- None
- None
- None
- Removes "del" as a dependency, fixing startup
- Exports RealmFactory and RealmDefinition classes
- None
- Publishing releases now automatically makes a release in the public reposutory
- CHANGELOG.md is now maintained automatically from RELEASENOTES.md
- Release notes should now be updated in RELEASENOTES.md
- None
- Make sync client logs less verbose (Fixes #433)
- Render the service metadata into the message (Fixes #233, #250)
- Information about the feature token is now logged upon startup.
- Silences migration tests (Fixes #486)
- Fixed bug in CloudKit auth provider: realm#282
- Make releases on public repo
- Update private repository name
- New changelog workflow
- None
- Fixed several possible race conditions during server start and stop.
- None
- Introduces a timeout function which will race a regular promise. This is crucial for avoiding deadlocks in service requests.
- SyncProxyService now uses a shared cache of backend promises, creating less work when multiple connections for the same realm happen at the same time. Also avoids race conditions in this case.
- Introduced a RealmFactory class which can provide access to Realms on backend sync workers. This is now separated from the Server class.
- Introduced ServerState, which is used to prohibit request processing when a service is not completely ready. This avoids some race conditions, mostly during shutdown. Possible fix for #327.
- discovery.watchService will now fire an available event if the service is available when called. This simplifies a lot of situations where this is done by the caller.
- None
- Switch to
realm-sync-2.1.0, which fixes a "use-after-free" crash in realm-sync-server node package.
- None
- Switch to
realm-2.0.1.
- None
- Check Node version and present error message if not up-to-date
- Fixed an issue where revoking a user's permissions to a realm was not reflected back to the owner's permission realm.
- Fixed an issue that causes a refresh token query to fail when the token has already expired #583
- None
- None
- None
- None
- None
- Skip prompt with
ROS_SKIP_PROMPTSenvironment variable
- None
- None
- None
- The default IP when starting ROS is now 0.0.0.0 instead of 127.0.0.1.
- None
- Generating a template with
ros init --template tswill now have the correct@types/*because they have been moved out ofdevDependenciesand intodependencies
- None
@types/*for core runtime modules have been moved out ofdevDependenciesand intodependencies
- None
- Fixed
ros initfailing due to missing template files
- None
- None
realm-object-server-agreement.jsonnow requires 3 keys:email,termsandagreeToLearnAboutUpdatesAndFixes
- Fixed Terms of Service agreement for Docker image
- Added ROS init with a typescript and javascript flag
- Publishes docker image to
realm/realm-object-server(new location). - Update to realm-2.0.0
- None
- Addressed a race condition where Realm.open can be called twice for the same Synced Realm
- Addressed an undefined object error where a Realm is open (but there is no sync session) and discovery issues a service handle change.
- None
- Fix the flaky permission tests
- Log level from command line is propagated to sync server.
- Public and private key from the command line are used by the server.
- Added register argument to server.getSyncedRealm. This ensures that the SyncedRealm is not persisted in the cache.
- Ensure that services that require SyncedRealms have all required data before serving requests
- Fixed a situation where getting a userId could be null in updateOrCreateUserPermissionWithAdminPermission in PermissionsService
- Also skip Email prompts if ROS_SKIP_PROMPTS environment var is set.
- Fixed OnDemand Permissions from Admin Realm now handles wildcard permissions appropriately
- Mocha Test now run with compilers, however will need to remove in future.
- Access tokens now have
sync_labelinstead ofsyncLabelwhen in serialized form.
- Added the agreement to license email step for the BasicServer
- SyncProxyService: Fixed an issue when using sharded sync workers
- Fixed the issue when a synced realm used internally would be undefined or invalidated because of sync worker unavailability.
- Changed the SyncedRealm class to return a Promise. Once it resolves, the Realm is there, with valid syncSession which does not get destroyed when the sync worker fails over. It utilizes the new override_server() API to make the session reconnect to the new sync worker.
- Fixed all the other parts of ROS which use SyncedRealm. Some functions become async because of that.
- Changed the way the server starts and stops. Now there is no barrier between starting services and registering them. This is required, because now some services, in order to start, wait for the Sync service to register.
- Update JS to RC22 and Sync to 2.0.2
- Updated the schema for
/__wildcardpermissionsto match the/~/__permissionRealms, usinguserId = *for thesePermissionobjects.
- Fixed a bug in HTTPS support (sync proxy) #512
- Changed the password provider and PasswordRealm schema. The PasswordRealm now stores iterations, key length, and digest for each row.
- Changed the default digest from sha256 to sha512 in the password provider.
- Add deleteUser to the AuthProvider API as an optional method.
- Implemented deleteUser for the password provider.
- Added provider User deletions to the AuthService.
- "--loglevel all" was rejected. #500
- loglevel passed via CLI was ignored. #509
- Permission change by email now is processed correctly #508 #426
- Changed the default size of the salt length from 10,000 to 32 bytes.
- New unit tests for the password provider.
- Upgraded the migration script to take the new PasswordRealm schema into account.
- Adding name and reason when throwing InvalidParameters.
- Update JS to RC-20
- Added support for HTTPS.
- Documentation for manual backup.
- Permission changes now work properly when reducing privileges #438
- Changed the name of
__starpermissionsRealm to__wildcardpermissions. The object class name in it is now justPermissioninstead ofStarSpecificPermission. - All users now have read-only access to
__wildcardpermissionson startup #431 - Grantor permission are reflected #491 and #427
- If attempting to change permissions with a metadata value matching no users, an error is thrown instead of stalling forever.
- Integration tests for Realm deletion.
- Integration tests for user deletion.
- Lint clean up.
- Moved CLI functionality to BasicServer
- There is now a migration tool integrated into ros cli.
- The API for user and realm deletion has been added.