From 643c9e3746c527c45f2ae61e2fe7dd6ffa8601ed Mon Sep 17 00:00:00 2001 From: Old Grandpa Date: Fri, 17 Jan 2020 04:17:25 +0300 Subject: [PATCH 01/37] [WIP] Class Level Permissions parse-community/parse-server#6351 parse-community/parse-server#6352 --- .../parse-server/class-level-permissions.md | 187 +++++++++++++++++- 1 file changed, 186 insertions(+), 1 deletion(-) diff --git a/_includes/parse-server/class-level-permissions.md b/_includes/parse-server/class-level-permissions.md index e9ce95bf3..cc2aaedec 100644 --- a/_includes/parse-server/class-level-permissions.md +++ b/_includes/parse-server/class-level-permissions.md @@ -2,7 +2,61 @@ Class level permissions are a security feature from that allows one to restrict access on a broader way than the [ACL based permissions]({{ site.baseUrl }}/rest/guide/#security). -## `requiresAuthentication` +## CRUD operations + +You can set permissions per operation per class. + +Operations: + +- `get` +- `find` +- `count` +- `create` +- `update` +- `delete` +- `addField` + + +Allowed entities are: + +- `*` (Public) +- `[objectId]` (User) +- `role:[role_name]` (Role) +- `requiredAuthentication` (Authenticated Users) +- `pointerFields` + +And any combinations of the above. + +The syntax is: + +```js +// PUT http://localhost:1337/schemas/:className +// Set the X-Parse-Application-Id and X-Parse-Master-Key header +// body: +{ + classLevelPermissions: + { + "get": { + "*": true, // means Public access + "s0meUs3r1d": true, // key must be an id of `_User` + "role:admin": true, // key must be `role:${role_name}` + "requiresAuthentication": true, // any authenticated users + "pointerFields": ["onwer", "followers"] // field names in this class referring to _User(s) + } + ... + } +} +``` + +### `*` - Public access + +Allows anyone despite authentication status to execute operation. + +### Users, Roles + +This works exactly as ACL's + +### `requiresAuthentication` If you want to restrict access to a full class to only authenticated users, you can use the `requiresAuthentication` class level permission. For example, you want to allow your **authenticated users** to `find` and `get` objects from your application and your admin users to have all privileges, you would set the CLP: @@ -29,3 +83,134 @@ If you want to restrict access to a full class to only authenticated users, you ``` Note that this is in no way securing your content. If you allow anyone to log in to your server, any client will be able to query this object. + +### `pointerFields` + +This lets you dynamically enforce permissions based on particular object's fields value. +Must be an array of field names already existing in this class. Supports only fields of types: `Pointer<_User>` or `Array` (containing Pointers to `_User`s). When evaluating the permission Parse Server will also assume user pointers stored in these fields and allow such users an operation. You can think of it as a virtual ACL or a dynamic role defined per-object in its own field. + +```js +// Given some users +const author = await new Parse.User('author', 'password').save(); +const friend = await new Parse.User('friend', 'password').save(); +const buddy = await new Parse.User('buddy', 'password').save(); +const editor = await new Parse.User('editor', 'password').save(); + +// and an object +const post = new Parse.Object('Post', { + owner: author, + followers: [ friend, buddy ], + moderators: [ editor ] + title: 'Hello World', + }); +``` + +Your CLP might look like: + +```js +{ + ..., + "classLevelPermissions": + { + "get": { + "pointerFields": ["onwer", "followers", "moderators"] + }, + "find": { + "pointerFields": ["onwer", "followers", "moderators"] + }, + "update": { + "pointerFields": ["owner", "moderators"] + }, + "delete": { + "pointerFields": ["owner"] + } + ... + } +} +``` + +### If CLP setup for an operation: + +```js +{ + "classLevelPermissions":{ + [operation]: { + pointerFields: [‘field’] + // default * Public removed + // no other rules set + } + } +} +``` + +|Operation | user not pointed by field | user is pointed by field | +| - | - | - | +|get| 101: Object not found | ok | +|find| Limited results | ok | +|count| Limited count | ok | +|create| Permission denied | Permission denied | +|update| 101: Object not found | ok | +|delete| 101: Object not found | ok | +|addField| Permission denied | ok | + +### Given CLP setup for an operation: + +```js +{ + "classLevelPermissions":{ + [operation]: { + // default * Public removed + // pointer fields not set + // no other rules set + } + } +} +``` + +Expected result is: + +|Operation | result| +| --- | ---| +|get| Permission denied | +|find| Permission denied | +|count| Permission denied | +|create |Permission denied | +|update |Permission denied | +|delete |Permission denied | +|addField |Permission denied | + +## `readUserFields` / `writeUserFields` + +These are similar to `pointerFields`, but cover multiple operations at once: + +**`readUserFields`**: + +- `get`, +- `find`, +- `count` + +**`writeUserFields`**: + +- `update`, +- `delete`, +- `addField` + +```js +// And schema +{ + classLevelPermissions: + { + "update": { + "pointerFields": ["moderators"], + }, + "readUserFields": ["owner", "foollowers", "moderators"], + "writeUserFields": ["owner"] + ... + } +} +``` + +Notes: + +- `create` operation can't be allowed by pointer, because there is literally no object to check it's field before it is created); +- `addField` by pointer will only work when you update an object with a new field, but it is advised to control addField permission using other means instead (e.g. restrict to a role or particular admin user by id). From 06d331d43cc63c5b6b9d18c2a1af1fa1082d389f Mon Sep 17 00:00:00 2001 From: Old Grandpa Date: Fri, 17 Jan 2020 04:21:37 +0300 Subject: [PATCH 02/37] updated --- _includes/parse-server/class-level-permissions.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/_includes/parse-server/class-level-permissions.md b/_includes/parse-server/class-level-permissions.md index cc2aaedec..f495c7acf 100644 --- a/_includes/parse-server/class-level-permissions.md +++ b/_includes/parse-server/class-level-permissions.md @@ -195,15 +195,16 @@ These are similar to `pointerFields`, but cover multiple operations at once: - `delete`, - `addField` +Equivalnt scheme can be defined shorter: + ```js -// And schema { classLevelPermissions: { "update": { "pointerFields": ["moderators"], }, - "readUserFields": ["owner", "foollowers", "moderators"], + "readUserFields": ["owner", "followers", "moderators"], "writeUserFields": ["owner"] ... } From 32963729691d2f420bf5032ec893b504a5196271 Mon Sep 17 00:00:00 2001 From: Yuri Komlev Date: Tue, 21 Jan 2020 02:49:53 +0300 Subject: [PATCH 03/37] updates common security section --- _includes/common/security.md | 481 +++++++++++++++--- .../parse-server/class-level-permissions.md | 265 ++++++---- assets/js/bundle.js | 23 +- 3 files changed, 594 insertions(+), 175 deletions(-) diff --git a/_includes/common/security.md b/_includes/common/security.md index 676fcdff8..74b649e32 100644 --- a/_includes/common/security.md +++ b/_includes/common/security.md @@ -58,6 +58,428 @@ You can configure the client's ability to perform each of the following operatio For each of the above actions, you can grant permission to all users (which is the default), or lock permissions down to a list of roles and users. For example, a class that should be available to all users would be set to read-only by only enabling get and find. A logging class could be set to write-only by only allowing creates. You could enable moderation of user-generated content by providing update and delete access to a particular set of users or roles. + +Allowed entries for operations are: + +- `*` - [Public](#public-access) +- `objectId` - [User's ID](#users-roles) +- `role:role_name` - [Role](#users-roles) +- `requiredAuthentication` - [Authenticated Users](#requires-authentication-permission-requires-parse-server--230) +- `pointerFields` - [Pointer Permissions](#pointer-permissions) + +And any combinations of the above: + +```js +// PUT http://localhost:1337/schemas/:className +// Set the X-Parse-Application-Id and X-Parse-Master-Key header +// body: +{ + classLevelPermissions: + { + "get": { + "*": true, // means Public access + "s0meUs3r1d": true, // key must be an id of `_User` + "role:admin": true, // key must be `role:${role_name}` + "requiresAuthentication": true, // any authenticated users + "pointerFields": ["onwer", "followers"] // pointer permissions + }, + "find": {...}, // ... create, update, delete, addField + "readUserFields": ["followers", "owner"], // grouped pointer permissions + "writeUserFields": ["owner"], // grouped pointer permissions + "protectedFields": { + "*": ["password","email"], + "userField:owner":[] + } + } +} +``` + +### Public access + +`*` - Allows anyone despite authentication status to execute operation. + +```js +{ + classLevelPermissions: + { + "get": { + "*": true, // Public access + } + } +} +``` + +### Users, Roles + +This works exactly as ACL's + +```js +{ + classLevelPermissions: + { + "find": { + "s0meUs3r1d": true, // key must be an id of `_User` + "role:admin": true, // key must be `role:${role_name}` + } + } +} +``` + +### Requires Authentication permission (requires parse-server >= 2.3.0) + +Starting version 2.3.0, parse-server introduces a new Class Level Permission `requiresAuthentication`. +This CLP prevents any non authenticated user from performing the action protected by the CLP. + +If you want to restrict access to a full class to only authenticated users, you can use the `requiresAuthentication` class level permission. For example, you want to allow your **authenticated users** to `find` and `get` objects from your application and your admin users to have all privileges, you would set the CLP: + +```js +{ + classLevelPermissions: + { + "get": { + "requiresAuthentication": true, + "role:admin": true + }, + "find": { + "requiresAuthentication": true, + "role:admin": true + }, + "create": { "role:admin": true }, + "update": { "role:admin": true }, + "delete": { "role:admin": true }, + } +} +``` + +Effects: + +* Non authenticated users won't be able to do anything. +* Authenticated users (any user with a valid sessionToken) will be able to read all the objects in that class +* Users belonging to the admin role, will be able to perform all operations. + +:warning: Note that this is in no way securing your content, if you allow anyone to login to your server, every client will still be able to query this object. + +## Pointer Permissions + +While permissions discussed before let you explicitly target a user by id or a role, Pointer Permissions let you dynamically enforce permissions without knowing the id or assigning roles in advance. Instead you define one or more field names of this class, and any users pointed by such fields of a particular object are granted the permission. + +Pointer permissions are a special type of class-level permission that create a virtual ACL on every object in a class, based on users stored in pointer fields on those objects. For example, given a class with an `owner` field, setting a read pointer permission on `owner` will make each object in the class only readable by the user in that object's `owner` field. For a class with a `sender` and a `reciever` field, a read pointer permission on the `receiver` field and a read and write pointer permission on the `sender` field will make each object in the class readable by the user in the `sender` and `receiver` field, and writable only by the user in the `sender` field. + +Given that objects often already have pointers to the user(s) that should have permissions on the object, pointer permissions provide a simple and fast solution for securing your app using data which is already there, that doesn't require writing any client code or cloud code. + +Pointer permissions are like virtual ACLs. They don't appear in the ACL column, but if you are familiar with how ACLs work, you can think of them like ACLs. In the above example with the `sender` and `receiver`, each object will act as if it has an ACL of: + +```json +{ + "": { + "read": true, + "write": true + }, + "": { + "read": true + } +} +``` + +Note that this ACL is not actually created on each object. Any existing ACLs will not be modified when you add or remove pointer permissions, and any user attempting to interact with an object can only interact with the object if both the virtual ACL created by the pointer permissions, and the real ACL already on the object allow the interaction. For this reason, it can sometimes be confusing to combine pointer permissions and ACLs, so we recommend using pointer permissions for classes that don't have many ACLs set. Fortunately, it's easy to remove pointer permissions if you later decide to use Cloud Code or ACLs to secure your app. + +To use this feature, a field must: + +* already exist in this collection's schema +* be of either `Pointer<_User>` or `Array` type + +In case of `Array`, only items that are of `Pointer<_User>` type are evaluated, other items silently ignored. + +You can think of it as a virtual ACL or a dynamic role defined per-object in its own field. + +There are two ways you can set Pointer Permission in schema: + +* [Using granular permissions](#granular-pointer-permissions) - `pointerFields` *requires Parse-Server v3.11 and above* +* [Using grouped permissions](#grouped-pointer-permissions) - `readUserFields`/`writeUserFields` + +:warning: `create` operation can't be allowed by pointer permissions, because there is literally no object to check it's field untill it is created; +:warning: `addField` grants permission to only update an object with a new field, but it is advised to set addField permission using other means (e.g. restrict to a role or particular admin user by id). + +### Granular Pointer Permissions + +Given an example setup: + +{% if page.language == "objective_c-swift" %} +
+ +```objective_c +// see swift example +``` + +```swift +// two users: +let alice = ... // PFUser +let bob = ... // PFUser + +// and two objects: +let feed1 = PFObject(className:"Feed") +feed1["owner"] = alice +feed1["subscribers"] = [] // notice subscribers empty + +let feed2 = PFObject(className:"Feed") +feed1["owner"] = bob +feed1["subscribers"] = [alice] // notice Alice in subscribers + +} +``` + +
+{% endif %} + +{% if page.language == "java" %} +```java + +// Two users: +ParseUser alice = ... // new ParseUser(); +ParseUser bob = ... //new ParseUser(); + + +// and two objects +ParseObject feed1 = new ParseObject("Feed"); +feed1.put("title", "'Posts by Alice'"); +feed1.put("owner", alice); +feed1.put("subscribers", + new ArrayList() // notice no subscribers here +); + + +ParseObject feed2 = new ParseObject("Feed"); +feed2.put("title", "Posts by Bob"); +feed2.put("owner", bob); +feed2.put("subscribers", + new ArrayList( + Arrays.asList( bob, alice ) // notice Alice here + ) +); + +``` +{% endif %} + +{% if page.language == "js" %} +```js +// Two users +const alice = ... // new Parse.User +const bob = ... // new Parse.User + +// and two objects +const feed1 = new Parse.Object('Feed', { + title: 'Posts by Alice', + owner: alice, + subscribers: [], // notice no subscribers here + }); + +const feed2 = new Parse.Object('Feed', { + title: 'Posts by Bob', + owner: bob, + subscribers: [ alice ], // notice Alice in subscribers + }); +``` +{% endif %} + +{% if page.language == "cs" %} +```cs +// given two users: +var Alice = ...; // new ParseUser() +var Bob = ...; // ParseUser() + +// and two objects: +var Feed1 = new ParseObject("Feed"); +Feed1["title"] = "Posts by Alice"; +Feed1["owner"] = Alice; +Feed1["subscribers"] = new List{}; // notice no subscribers here + + +var Feed2 = new ParseObject("Feed"); +Feed2["title"] = "Posts by Alice"; +Feed2["owner"] = Bob; +Feed2["subscribers"] = new List { Alice }; // notice Alice in subscribers + +``` +{% endif %} + +{% if page.language == "php" %} +```php + +// given two users +$alice = ... // ParseUser; +$bob = ... // ParseUser; + +... +// and two objects +$feed1 = ParseObject::create("Feed"); +$feed1->set("title", "Posts by Alice"); +$feed1->set("owner", $alice); +$feed1->set("subscribers", []); // notice no subscribers here + + +$feed2 = ParseObject::create("Feed"); +$feed2->set("title", "Posts by Bob"); +$feed2->set("owner", $bob); +$feed2->set("subscribers", [ $alice ]); // notice alice in subscribers + +``` +{% endif %} + +{% if page.language == "bash" %} +```bash +# given two users Alice and Bob + +# and two objects: + +# 1. owned by Alice +# notice subscribers empty +{ + "title": "Alice's feed" + "owner": { + "__type":"Pointer", + "className":"_User", + "objectId":"A1ice0id" + }, + "subscribers": [] +} + +# 2. owned by Bob +# notice Alice in subscribers array +{ + "title": "Bob's feed" + "owner": { + "__type":"Pointer", + "className":"_User", + "objectId":"B0Bs0id" + }, + "subscribers": [ + { + "__type":"Pointer", + "className":"_User", + "objectId":"A1ice0id" + } + ] +} + +``` +{% endif %} + +{% if page.language == "cpp" %} +```cpp +// No C++ example + +// two users +alice, bob; + +// two objects +{ + title: 'Posts by Alice', + owner: alice, + subscribers: [], // notice no subscribers here +} + +{ + title: 'Posts by Bob', + owner: bob, + subscribers: [ alice ], // notice Alice in subscribers +} +``` +{% endif %} + + +and Class Level Permissions: + +```js +{ + "classLevelPermissions": + { + "get": { + "pointerFields": ["owner", "subscribers"] + }, + "find": { + "pointerFields": ["owner", "subscribers"] + }, + "create":{ + "*": true + }, + "update": { + "pointerFields": ["owner"] + }, + "delete": { + "pointerFields": ["owner"] + } + } +} +``` + +In the above example: + +- anyone is allowed to `create` objects. +- `feed1` can be viewed (`get`,`find`) only by **Alice**. +- `feed2` can be viewed (`get`,`find`) both by **Bob** and **Alice**. +- only owners are allowed to `update` and `delete`. + +### Grouped Pointer Permissions + +These are similar to [`pointerFields`](#granular-pointer-permissions), but cover multiple operations at once: + +**`readUserFields`**: + +- `get`, +- `find`, +- `count` + +**`writeUserFields`**: + +- `update`, +- `delete`, +- `addField` + +Same scheme as for previous example can be defined shorter: + +```js +{ + ..., + "classLevelPermissions": + { + "create":{ + "*": true + }, + // notice these are root level properties: + "readUserFields": ["owner", "subscribers"], + "writeUserFields": ["owner"] + }, +} +``` + +### Pointer Permissions behavior + +Given this permission setup for an operation: + +```js +{ + "classLevelPermissions":{ + [operation]: { + // default * Public removed + pointerFields: ["editors"] + // no other rules set + } + } +} +``` + +You can expect following behavior: + +|Operation | User not in "editors" | User is in "editors" | +| - | - | - | +|get| 101: Object not found | ok | +|find| Limited results | ok | +|count| Limited count | ok | +|create| Permission denied | Permission denied | +|update| 101: Object not found | ok | +|delete| 101: Object not found | ok | +|addField| Permission denied | ok | + ## Object-Level Access Control Once you've locked down your schema and class-level permissions, it's time to think about how data is accessed by your users. Object-level access control enables one user's data to be kept separate from another's, because sometimes different objects in a class need to be accessible by different people. For example, a user’s private personal data should be accessible only to them. @@ -405,65 +827,6 @@ And here's another example of the format of an ACL that uses a Role: } ``` -### Pointer Permissions - -Pointer permissions are a special type of class-level permission that create a virtual ACL on every object in a class, based on users stored in pointer fields on those objects. For example, given a class with an `owner` field, setting a read pointer permission on `owner` will make each object in the class only readable by the user in that object's `owner` field. For a class with a `sender` and a `reciever` field, a read pointer permission on the `receiver` field and a read and write pointer permission on the `sender` field will make each object in the class readable by the user in the `sender` and `receiver` field, and writable only by the user in the `sender` field. - -Given that objects often already have pointers to the user(s) that should have permissions on the object, pointer permissions provide a simple and fast solution for securing your app using data which is already there, that doesn't require writing any client code or cloud code. - -Pointer permissions are like virtual ACLs. They don't appear in the ACL column, but if you are familiar with how ACLs work, you can think of them like ACLs. In the above example with the `sender` and `receiver`, each object will act as if it has an ACL of: - -```json -{ - "": { - "read": true, - "write": true - }, - "": { - "read": true - } -} -``` - -Note that this ACL is not actually created on each object. Any existing ACLs will not be modified when you add or remove pointer permissions, and any user attempting to interact with an object can only interact with the object if both the virtual ACL created by the pointer permissions, and the real ACL already on the object allow the interaction. For this reason, it can sometimes be confusing to combine pointer permissions and ACLs, so we recommend using pointer permissions for classes that don't have many ACLs set. Fortunately, it's easy to remove pointer permissions if you later decide to use Cloud Code or ACLs to secure your app. - -### Requires Authentication permission (requires parse-server >= 2.3.0) - -Starting version 2.3.0, parse-server introduces a new Class Level Permission `requiresAuthentication`. -This CLP prevents any non authenticated user from performing the action protected by the CLP. - -For example, you want to allow your **authenticated users** to `find` and `get` `Announcement`'s from your application and your **admin role** to have all privileged, you would set the CLP: - -```js -// POST http://my-parse-server.com/schemas/Announcement -// Set the X-Parse-Application-Id and X-Parse-Master-Key header -// body: -{ - classLevelPermissions: - { - "find": { - "requiresAuthentication": true, - "role:admin": true - }, - "get": { - "requiresAuthentication": true, - "role:admin": true - }, - "create": { "role:admin": true }, - "update": { "role:admin": true }, - "delete": { "role:admin": true } - } -} -``` - -Effects: - -- Non authenticated users won't be able to do anything. -- Authenticated users (any user with a valid sessionToken) will be able to read all the objects in that class -- Users belonging to the admin role, will be able to perform all operations. - -:warning: Note that this is in no way securing your content, if you allow anyone to login to your server, every client will still be able to query this object. - ### CLP and ACL interaction Class-Level Permissions (CLPs) and Access Control Lists (ACLs) are both powerful tools for securing your app, but they don't always interact exactly how you might expect. They actually represent two separate layers of security that each request has to pass through to return the correct information or make the intended change. These layers, one at the class level, and one at the object level, are shown below. A request must pass through BOTH layers of checks in order to be authorized. Note that despite acting similarly to ACLs, [Pointer Permissions](#pointer-permissions) are a type of class level permission, so a request must pass the pointer permission check in order to pass the CLP check. diff --git a/_includes/parse-server/class-level-permissions.md b/_includes/parse-server/class-level-permissions.md index f495c7acf..15d35206e 100644 --- a/_includes/parse-server/class-level-permissions.md +++ b/_includes/parse-server/class-level-permissions.md @@ -1,33 +1,40 @@ # Class Level Permissions -Class level permissions are a security feature from that allows one to restrict access on a broader way than the [ACL based permissions]({{ site.baseUrl }}/rest/guide/#security). +Class Level Permissions are a security feature from that allows one to restrict access on a broader way than the [ACL based permissions]({{ site.baseUrl }}/rest/guide/#security). -## CRUD operations +Parse lets you specify what operations are allowed per class. This lets you restrict the ways in which clients can access or modify your classes. To change these settings, go to the Data Browser, select a class, and click the "Security" button. -You can set permissions per operation per class. +You can configure the client's ability to perform each of the following operations for the selected class: -Operations: +* **Read**: -- `get` -- `find` -- `count` -- `create` -- `update` -- `delete` -- `addField` + * **Get**: With Get permission, users can fetch objects in this table if they know their objectIds. + + * **Find**: Anyone with Find permission can query all of the objects in the table, even if they don’t know their objectIds. Any table with public Find permission will be completely readable by the public, unless you put an ACL on each object. + +* **Write**: + + * **Update**: Anyone with Update permission can modify the fields of any object in the table that doesn't have an ACL. For publicly readable data, such as game levels or assets, you should disable this permission. + + * **Create**: Like Update, anyone with Create permission can create new objects of a class. As with the Update permission, you'll probably want to turn this off for publicly readable data. + + * **Delete**: With this permission, people can delete any object in the table that doesn't have an ACL. All they need is its objectId. +* **Add fields**: Parse classes have schemas that are inferred when objects are created. While you're developing your app, this is great, because you can add a new field to your object without having to make any changes on the backend. But once you ship your app, it's very rare to need to add new fields to your classes automatically. You should pretty much always turn off this permission for all of your classes when you submit your app to the public. -Allowed entities are: +For each of the above actions, you can grant permission to all users (which is the default), or lock permissions down to a list of roles and users. For example, a class that should be available to all users would be set to read-only by only enabling get and find. A logging class could be set to write-only by only allowing creates. You could enable moderation of user-generated content by providing update and delete access to a particular set of users or roles. -- `*` (Public) -- `[objectId]` (User) -- `role:[role_name]` (Role) -- `requiredAuthentication` (Authenticated Users) -- `pointerFields` +You can set permissions for class [per operation](#configure-clp-operations) and/or per [group of operations](#grouped-pointer-permissions). -And any combinations of the above. +Allowed entries for operations are: -The syntax is: +- `*` - [Public](#public-access) +- `objectId` - [User's ID](#users-roles) +- `role:role_name` - [Role](#users-roles) +- `requiredAuthentication` - [Authenticated Users](#requires-authentication-permission-requires-parse-server--230) +- `pointerFields` - [Pointer Permissions](#pointer-permissions) + +And any combinations of the above: ```js // PUT http://localhost:1337/schemas/:className @@ -41,22 +48,53 @@ The syntax is: "s0meUs3r1d": true, // key must be an id of `_User` "role:admin": true, // key must be `role:${role_name}` "requiresAuthentication": true, // any authenticated users - "pointerFields": ["onwer", "followers"] // field names in this class referring to _User(s) + "pointerFields": ["onwer", "followers"] // pointer permissions + }, + "find": {...}, // ... create, update, delete, addField + "readUserFields": ["followers", "owner"], // grouped pointer permissions + "writeUserFields": ["owner"], // grouped pointer permissions + "protectedFields": { + "*": ["password","email"], + "userField:owner":[] } - ... } } ``` -### `*` - Public access +## Configure CLP Operations + +### Public access + +`*` - Allows anyone despite authentication status to execute operation. -Allows anyone despite authentication status to execute operation. +```js +{ + classLevelPermissions: + { + "get": { + "*": true, // Public access + } + } +} +``` ### Users, Roles This works exactly as ACL's -### `requiresAuthentication` +```js +{ + classLevelPermissions: + { + "find": { + "s0meUs3r1d": true, // key must be an id of `_User` + "role:admin": true, // key must be `role:${role_name}` + } + } +} +``` + +### requiresAuthentication If you want to restrict access to a full class to only authenticated users, you can use the `requiresAuthentication` class level permission. For example, you want to allow your **authenticated users** to `find` and `get` objects from your application and your admin users to have all privileges, you would set the CLP: @@ -66,12 +104,12 @@ If you want to restrict access to a full class to only authenticated users, you // body: { classLevelPermissions: - { - "find": { + { + "get": { "requiresAuthentication": true, "role:admin": true }, - "get": { + "find": { "requiresAuthentication": true, "role:admin": true }, @@ -82,106 +120,89 @@ If you want to restrict access to a full class to only authenticated users, you } ``` -Note that this is in no way securing your content. If you allow anyone to log in to your server, any client will be able to query this object. +:warning: Note that this is in no way securing your content. If you allow anyone to log in to your server, any client will be able to query this object. + +## Pointer Permissions + +While permissions discussed before let you explicitly target a user by id or a role, +Pointer Permissions let you dynamically enforce permissions without knowing the id or assigning roles in advance. Instead you define one or more field names of this class, and any users pointed by such fields of a particular object are granted the permission. + +To use this feature, a field must: + +- already exist in this collection's schema +- be of either `Pointer<_User>` or `Array` type + +In case of `Array`, only items that are of `Pointer<_User>` type are evaluated, other items silently ignored. -### `pointerFields` +You can think of it as a virtual ACL or a dynamic role defined per-object in its own field. -This lets you dynamically enforce permissions based on particular object's fields value. -Must be an array of field names already existing in this class. Supports only fields of types: `Pointer<_User>` or `Array` (containing Pointers to `_User`s). When evaluating the permission Parse Server will also assume user pointers stored in these fields and allow such users an operation. You can think of it as a virtual ACL or a dynamic role defined per-object in its own field. +There are two ways you can set Pointer Permission in schema: + +- [Using granular permissions](#granular-pointer-permissions) - `pointerFields` *requires Parse-Server v3.11 and above* +- [Using grouped permissions](#grouped-pointer-permissions) - `readUserFields`/`writeUserFields` + + +:warning: `create` operation can't be allowed by pointer permissions, because there is literally no object to check it's field untill it is created; +:warning: `addField` grants permission to only update an object with a new field, but it is advised to set addField permission using other means (e.g. restrict to a role or particular admin user by id). + +### Granular Pointer Permissions + +Given an example setup: ```js -// Given some users -const author = await new Parse.User('author', 'password').save(); -const friend = await new Parse.User('friend', 'password').save(); -const buddy = await new Parse.User('buddy', 'password').save(); -const editor = await new Parse.User('editor', 'password').save(); - -// and an object -const post = new Parse.Object('Post', { - owner: author, - followers: [ friend, buddy ], - moderators: [ editor ] - title: 'Hello World', - }); +// Two users: +let alice = ... // Parse.User +let bob = ... // Parse.User + +// and two objects: +{ + title: 'Posts by Alice', + owner: alice, + subscribers: [], // notice no subscribers here +}; + +{ + title: 'Posts by Bob', + owner: bob, + subscribers: [alice], // notice Alice in subscribers +}; ``` -Your CLP might look like: +and Class Level Permissions: ```js { - ..., "classLevelPermissions": { "get": { - "pointerFields": ["onwer", "followers", "moderators"] + "pointerFields": ["owner", "subscribers"] }, "find": { - "pointerFields": ["onwer", "followers", "moderators"] + "pointerFields": ["owner", "subscribers"] + }, + "create":{ + "*": true }, "update": { - "pointerFields": ["owner", "moderators"] + "pointerFields": ["owner"] }, "delete": { - "pointerFields": ["owner"] + "pointerFields": ["owner"] } - ... } } ``` -### If CLP setup for an operation: +In the above example: -```js -{ - "classLevelPermissions":{ - [operation]: { - pointerFields: [‘field’] - // default * Public removed - // no other rules set - } - } -} -``` - -|Operation | user not pointed by field | user is pointed by field | -| - | - | - | -|get| 101: Object not found | ok | -|find| Limited results | ok | -|count| Limited count | ok | -|create| Permission denied | Permission denied | -|update| 101: Object not found | ok | -|delete| 101: Object not found | ok | -|addField| Permission denied | ok | - -### Given CLP setup for an operation: - -```js -{ - "classLevelPermissions":{ - [operation]: { - // default * Public removed - // pointer fields not set - // no other rules set - } - } -} -``` - -Expected result is: +- anyone is allowed to `create` objects. +- `feed1` can be viewed (`get`,`find`) only by **Alice**. +- `feed2` can be viewed (`get`,`find`) both by **Bob** and **Alice**. +- only owners are allowed to `update` and `delete`. -|Operation | result| -| --- | ---| -|get| Permission denied | -|find| Permission denied | -|count| Permission denied | -|create |Permission denied | -|update |Permission denied | -|delete |Permission denied | -|addField |Permission denied | +### Grouped Pointer Permissions -## `readUserFields` / `writeUserFields` - -These are similar to `pointerFields`, but cover multiple operations at once: +These are similar to [`pointerFields`](#granular-pointer-permissions), but cover multiple operations at once: **`readUserFields`**: @@ -195,23 +216,47 @@ These are similar to `pointerFields`, but cover multiple operations at once: - `delete`, - `addField` -Equivalnt scheme can be defined shorter: +Same scheme as for previous example can be defined shorter: ```js { - classLevelPermissions: + ..., + "classLevelPermissions": { - "update": { - "pointerFields": ["moderators"], + "create":{ + "*": true }, - "readUserFields": ["owner", "followers", "moderators"], + // notice these are root level properties: + "readUserFields": ["owner", "subscribers"], "writeUserFields": ["owner"] - ... + }, +} +``` + +### Pointer Permissions behavior + +Given this permission setup for an operation: + +```js +{ + "classLevelPermissions":{ + [operation]: { + // default * Public removed + pointerFields: ["editors"] + // no other rules set + } } } ``` -Notes: +You can expect following behavior: -- `create` operation can't be allowed by pointer, because there is literally no object to check it's field before it is created); -- `addField` by pointer will only work when you update an object with a new field, but it is advised to control addField permission using other means instead (e.g. restrict to a role or particular admin user by id). +|Operation | User not in "editors" | User is in "editors" | +| - | - | - | +|get| 101: Object not found | ok | +|find| Limited results | ok | +|count| Limited count | ok | +|create| Permission denied | Permission denied | +|update| 101: Object not found | ok | +|delete| 101: Object not found | ok | +|addField| Permission denied | ok | diff --git a/assets/js/bundle.js b/assets/js/bundle.js index 7595463b3..19e79ad1c 100644 --- a/assets/js/bundle.js +++ b/assets/js/bundle.js @@ -1,11 +1,22 @@ -!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=68)}([function(e,t,n){(function(r){var o,i;o=[n(15),n(2),n(70),n(19),n(39),n(40),n(24),n(20),n(41),n(25),n(42),n(71),n(7),n(1),n(16),n(43),n(10)],void 0===(i=function(e,t,n,r,o,i,a,s,u,c,l,f,p,d,h,v,g){"use strict";var m=function(e,t){return new m.fn.init(e,t)},y=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;function x(e){var t=!!e&&"length"in e&&e.length,n=g(e);return!d(e)&&!h(e)&&("array"===n||0===t||"number"==typeof t&&t>0&&t-1 in e)}return m.fn=m.prototype={jquery:"3.4.1",constructor:m,length:0,toArray:function(){return r.call(this)},get:function(e){return null==e?r.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=m.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return m.each(this,e)},map:function(e){return this.pushStack(m.map(this,(function(t,n){return e.call(t,n,t)})))},slice:function(){return this.pushStack(r.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(n>=0&&n)[^>]*|#([\w-]+))$/,a=e.fn.init=function(a,s,u){var c,l;if(!a)return this;if(u=u||o,"string"==typeof a){if(!(c="<"===a[0]&&">"===a[a.length-1]&&a.length>=3?[null,a,null]:i.exec(a))||!c[1]&&s)return!s||s.jquery?(s||u).find(a):this.constructor(s).find(a);if(c[1]){if(s=s instanceof e?s[0]:s,e.merge(this,e.parseHTML(c[1],s&&s.nodeType?s.ownerDocument||s:t,!0)),r.test(c[1])&&e.isPlainObject(s))for(c in s)n(this[c])?this[c](s[c]):this.attr(c,s[c]);return this}return(l=t.getElementById(c[2]))&&(this[0]=l,this.length=1),this}return a.nodeType?(this[0]=a,this.length=1,this):n(a)?void 0!==u.ready?u.ready(a):a(e):e.makeArray(a,this)};return a.prototype=e.fn,o=e(t),a}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(48)],void 0===(o=function(e){"use strict";return new e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/[^\x20\t\r\n\f]+/g}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";return{}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";return function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(10),n(1)],void 0===(o=function(e,t,n){"use strict";var r=function(o,i,a,s,u,c,l){var f=0,p=o.length,d=null==a;if("object"===t(a))for(f in u=!0,a)r(o,i,f,a[f],!0,c,l);else if(void 0!==s&&(u=!0,n(s)||(l=!0),d&&(l?(i.call(o,s),i=null):(d=i,i=function(t,n,r){return d.call(e(t),r)})),i))for(;f-1:1===r.nodeType&&e.find.matchesSelector(r,t))){s.push(r);break}return this.pushStack(s.length>1?e.uniqueSort(s):s)},index:function(n){return n?"string"==typeof n?t.call(e(n),this[0]):t.call(this,n.jquery?n[0]:n):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(t,n){return this.pushStack(e.uniqueSort(e.merge(this.get(),e(t,n))))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}}),e.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return n(e,"parentNode")},parentsUntil:function(e,t,r){return n(e,"parentNode",r)},next:function(e){return u(e,"nextSibling")},prev:function(e){return u(e,"previousSibling")},nextAll:function(e){return n(e,"nextSibling")},prevAll:function(e){return n(e,"previousSibling")},nextUntil:function(e,t,r){return n(e,"nextSibling",r)},prevUntil:function(e,t,r){return n(e,"previousSibling",r)},siblings:function(e){return r((e.parentNode||{}).firstChild,e)},children:function(e){return r(e.firstChild)},contents:function(t){return void 0!==t.contentDocument?t.contentDocument:(i(t,"template")&&(t=t.content||t),e.merge([],t.childNodes))}},(function(t,n){e.fn[t]=function(r,o){var i=e.map(this,n,r);return"Until"!==t.slice(-5)&&(o=r),o&&"string"==typeof o&&(i=e.filter(o,i)),this.length>1&&(s[t]||e.uniqueSort(i),a.test(t)&&i.reverse()),this.pushStack(i)}})),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(1),n(19),n(26)],void 0===(o=function(e,t,n){"use strict";function r(e){return e}function o(e){throw e}function i(e,n,r,o){var i;try{e&&t(i=e.promise)?i.call(e).done(n).fail(r):e&&t(i=e.then)?i.call(e,n,r):n.apply(void 0,[e].slice(o))}catch(e){r.apply(void 0,[e])}}return e.extend({Deferred:function(n){var i=[["notify","progress",e.Callbacks("memory"),e.Callbacks("memory"),2],["resolve","done",e.Callbacks("once memory"),e.Callbacks("once memory"),0,"resolved"],["reject","fail",e.Callbacks("once memory"),e.Callbacks("once memory"),1,"rejected"]],a="pending",s={state:function(){return a},always:function(){return u.done(arguments).fail(arguments),this},catch:function(e){return s.then(null,e)},pipe:function(){var n=arguments;return e.Deferred((function(r){e.each(i,(function(e,o){var i=t(n[o[4]])&&n[o[4]];u[o[1]]((function(){var e=i&&i.apply(this,arguments);e&&t(e.promise)?e.promise().progress(r.notify).done(r.resolve).fail(r.reject):r[o[0]+"With"](this,i?[e]:arguments)}))})),n=null})).promise()},then:function(n,a,s){var u=0;function c(n,i,a,s){return function(){var l=this,f=arguments,p=function(){var e,p;if(!(n=u&&(a!==o&&(l=void 0,f=[t]),i.rejectWith(l,f))}};n?d():(e.Deferred.getStackHook&&(d.stackTrace=e.Deferred.getStackHook()),window.setTimeout(d))}}return e.Deferred((function(e){i[0][3].add(c(0,e,t(s)?s:r,e.notifyWith)),i[1][3].add(c(0,e,t(n)?n:r)),i[2][3].add(c(0,e,t(a)?a:o))})).promise()},promise:function(t){return null!=t?e.extend(t,s):s}},u={};return e.each(i,(function(e,t){var n=t[2],r=t[5];s[t[1]]=n.add,r&&n.add((function(){a=r}),i[3-e][2].disable,i[3-e][3].disable,i[0][2].lock,i[0][3].lock),n.add(t[3].fire),u[t[0]]=function(){return u[t[0]+"With"](this===u?void 0:this,arguments),this},u[t[0]+"With"]=n.fireWith})),s.promise(u),n&&n.call(u,u),u},when:function(r){var o=arguments.length,a=o,s=Array(a),u=n.call(arguments),c=e.Deferred(),l=function(e){return function(t){s[e]=this,u[e]=arguments.length>1?n.call(arguments):t,--o||c.resolveWith(s,u)}};if(o<=1&&(i(r,c.done(l(a)).resolve,c.reject,!o),"pending"===c.state()||t(u[a]&&u[a].then)))return c.then();for(;a--;)i(u[a],l(a),c.reject);return c.promise()}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(2),n(22),n(1),n(6),n(32),n(19),n(5),n(8),n(4),n(3)],void 0===(o=function(e,t,n,r,o,i,a,s,u){"use strict";var c=/^key/,l=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,f=/^([^.]*)(?:\.(.+)|)/;function p(){return!0}function d(){return!1}function h(e,n){return e===function(){try{return t.activeElement}catch(e){}}()==("focus"===n)}function v(t,n,r,o,i,a){var s,u;if("object"==typeof n){for(u in"string"!=typeof r&&(o=o||r,r=void 0),n)v(t,u,r,o,n[u],a);return t}if(null==o&&null==i?(i=r,o=r=void 0):null==i&&("string"==typeof r?(i=o,o=void 0):(i=o,o=r,r=void 0)),!1===i)i=d;else if(!i)return t;return 1===a&&(s=i,(i=function(t){return e().off(t),s.apply(this,arguments)}).guid=s.guid||(s.guid=e.guid++)),t.each((function(){e.event.add(this,n,i,o,r)}))}function g(t,n,r){r?(s.set(t,n,!1),e.event.add(t,n,{namespace:!1,handler:function(t){var o,i,u=s.get(this,n);if(1&t.isTrigger&&this[n]){if(u.length)(e.event.special[n]||{}).delegateType&&t.stopPropagation();else if(u=a.call(arguments),s.set(this,n,u),o=r(this,n),this[n](),u!==(i=s.get(this,n))||o?s.set(this,n,!1):i={},u!==i)return t.stopImmediatePropagation(),t.preventDefault(),i.value}else u.length&&(s.set(this,n,{value:e.event.trigger(e.extend(u[0],e.Event.prototype),u.slice(1),this)}),t.stopImmediatePropagation())}})):void 0===s.get(t,n)&&e.event.add(t,n,p)}return e.event={global:{},add:function(t,r,i,a,u){var c,l,p,d,h,v,g,m,y,x,b,w=s.get(t);if(w)for(i.handler&&(i=(c=i).handler,u=c.selector),u&&e.find.matchesSelector(n,u),i.guid||(i.guid=e.guid++),(d=w.events)||(d=w.events={}),(l=w.handle)||(l=w.handle=function(n){return void 0!==e&&e.event.triggered!==n.type?e.event.dispatch.apply(t,arguments):void 0}),h=(r=(r||"").match(o)||[""]).length;h--;)y=b=(p=f.exec(r[h])||[])[1],x=(p[2]||"").split(".").sort(),y&&(g=e.event.special[y]||{},y=(u?g.delegateType:g.bindType)||y,g=e.event.special[y]||{},v=e.extend({type:y,origType:b,data:a,handler:i,guid:i.guid,selector:u,needsContext:u&&e.expr.match.needsContext.test(u),namespace:x.join(".")},c),(m=d[y])||((m=d[y]=[]).delegateCount=0,g.setup&&!1!==g.setup.call(t,a,x,l)||t.addEventListener&&t.addEventListener(y,l)),g.add&&(g.add.call(t,v),v.handler.guid||(v.handler.guid=i.guid)),u?m.splice(m.delegateCount++,0,v):m.push(v),e.event.global[y]=!0)},remove:function(t,n,r,i,a){var u,c,l,p,d,h,v,g,m,y,x,b=s.hasData(t)&&s.get(t);if(b&&(p=b.events)){for(d=(n=(n||"").match(o)||[""]).length;d--;)if(m=x=(l=f.exec(n[d])||[])[1],y=(l[2]||"").split(".").sort(),m){for(v=e.event.special[m]||{},g=p[m=(i?v.delegateType:v.bindType)||m]||[],l=l[2]&&new RegExp("(^|\\.)"+y.join("\\.(?:.*\\.|)")+"(\\.|$)"),c=u=g.length;u--;)h=g[u],!a&&x!==h.origType||r&&r.guid!==h.guid||l&&!l.test(h.namespace)||i&&i!==h.selector&&("**"!==i||!h.selector)||(g.splice(u,1),h.selector&&g.delegateCount--,v.remove&&v.remove.call(t,h));c&&!g.length&&(v.teardown&&!1!==v.teardown.call(t,y,b.handle)||e.removeEvent(t,m,b.handle),delete p[m])}else for(m in p)e.event.remove(t,m+n[d],r,i,!0);e.isEmptyObject(p)&&s.remove(t,"handle events")}},dispatch:function(t){var n,r,o,i,a,u,c=e.event.fix(t),l=new Array(arguments.length),f=(s.get(this,"events")||{})[c.type]||[],p=e.event.special[c.type]||{};for(l[0]=c,n=1;n=1))for(;l!==this;l=l.parentNode||this)if(1===l.nodeType&&("click"!==t.type||!0!==l.disabled)){for(a=[],s={},r=0;r-1:e.find(i,this,null,[l]).length),s[i]&&a.push(o);a.length&&u.push({elem:l,handlers:a})}return l=this,c0&&(T=window.setTimeout((function(){P.abort("timeout")}),j.timeout));try{S=!1,x.send(I,R)}catch(e){if(S)throw e;R(-1,e)}}else R(-1,"No Transport");function R(t,n,r,o){var i,a,s,u,c,l=n;S||(S=!0,T&&window.clearTimeout(T),x=void 0,w=o||"",P.readyState=t>0?4:0,i=t>=200&&t<300||304===t,r&&(u=function(e,t,n){for(var r,o,i,a,s=e.contents,u=e.dataTypes;"*"===u[0];)u.shift(),void 0===r&&(r=e.mimeType||t.getResponseHeader("Content-Type"));if(r)for(o in s)if(s[o]&&s[o].test(r)){u.unshift(o);break}if(u[0]in n)i=u[0];else{for(o in n){if(!u[0]||e.converters[o+" "+u[0]]){i=o;break}a||(a=o)}i=i||a}if(i)return i!==u[0]&&u.unshift(i),n[i]}(j,P,r)),u=function(e,t,n,r){var o,i,a,s,u,c={},l=e.dataTypes.slice();if(l[1])for(a in e.converters)c[a.toLowerCase()]=e.converters[a];for(i=l.shift();i;)if(e.responseFields[i]&&(n[e.responseFields[i]]=t),!u&&r&&e.dataFilter&&(t=e.dataFilter(t,e.dataType)),u=i,i=l.shift())if("*"===i)i=u;else if("*"!==u&&u!==i){if(!(a=c[u+" "+i]||c["* "+i]))for(o in c)if((s=o.split(" "))[1]===i&&(a=c[u+" "+s[0]]||c["* "+s[0]])){!0===a?a=c[o]:!0!==c[o]&&(i=s[0],l.unshift(s[1]));break}if(!0!==a)if(a&&e.throws)t=a(t);else try{t=a(t)}catch(e){return{state:"parsererror",error:a?e:"No conversion from "+u+" to "+i}}}return{state:"success",data:t}}(j,u,P,i),i?(j.ifModified&&((c=P.getResponseHeader("Last-Modified"))&&(e.lastModified[b]=c),(c=P.getResponseHeader("etag"))&&(e.etag[b]=c)),204===t||"HEAD"===j.type?l="nocontent":304===t?l="notmodified":(l=u.state,a=u.data,i=!(s=u.error))):(s=l,!t&&l||(l="error",t<0&&(t=0))),P.status=t,P.statusText=(n||l)+"",i?O.resolveWith(D,[a,l,P]):O.rejectWith(D,[P,l,s]),P.statusCode(q),q=void 0,E&&L.trigger(i?"ajaxSuccess":"ajaxError",[P,j,i?a:s]),_.fireWith(D,[P,l]),E&&(L.trigger("ajaxComplete",[P,j]),--e.active||e.event.trigger("ajaxStop")))}return P},getJSON:function(t,n,r){return e.get(t,n,r,"json")},getScript:function(t,n){return e.get(t,void 0,n,"script")}}),e.each(["get","post"],(function(t,r){e[r]=function(t,o,i,a){return n(o)&&(a=a||i,i=o,o=void 0),e.ajax(e.extend({url:t,type:r,dataType:a,data:o,success:i},e.isPlainObject(t)&&t))}})),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return[]}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";return function(e){return null!=e&&e===e.window}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";var e=/^-ms-/,t=/-([a-z])/g;function n(e,t){return t.toUpperCase()}return function(r){return r.replace(e,"ms-").replace(t,n)}}.apply(t,[]))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(9),n(17),n(30),n(33),n(31),n(60),n(52),n(61),n(53),n(62),n(34),n(63),n(4),n(47),n(3)],void 0===(o=function(e,t,n,r,o,i,a,s,u,c,l,f,p){"use strict";var d=/^(none|table(?!-c[ea]).+)/,h=/^--/,v={position:"absolute",visibility:"hidden",display:"block"},g={letterSpacing:"0",fontWeight:"400"};function m(e,t,n){var o=r.exec(t);return o?Math.max(0,o[2]-(n||0))+(o[3]||"px"):t}function y(t,n,r,o,a,s){var u="width"===n?1:0,c=0,l=0;if(r===(o?"border":"content"))return 0;for(;u<4;u+=2)"margin"===r&&(l+=e.css(t,r+i[u],!0,a)),o?("content"===r&&(l-=e.css(t,"padding"+i[u],!0,a)),"margin"!==r&&(l-=e.css(t,"border"+i[u]+"Width",!0,a))):(l+=e.css(t,"padding"+i[u],!0,a),"padding"!==r?l+=e.css(t,"border"+i[u]+"Width",!0,a):c+=e.css(t,"border"+i[u]+"Width",!0,a));return!o&&s>=0&&(l+=Math.max(0,Math.ceil(t["offset"+n[0].toUpperCase()+n.slice(1)]-s-l-c-.5))||0),l}function x(t,n,r){var i=a(t),s=(!f.boxSizingReliable()||r)&&"border-box"===e.css(t,"boxSizing",!1,i),c=s,l=u(t,n,i),p="offset"+n[0].toUpperCase()+n.slice(1);if(o.test(l)){if(!r)return l;l="auto"}return(!f.boxSizingReliable()&&s||"auto"===l||!parseFloat(l)&&"inline"===e.css(t,"display",!1,i))&&t.getClientRects().length&&(s="border-box"===e.css(t,"boxSizing",!1,i),(c=p in t)&&(l=t[p])),(l=parseFloat(l)||0)+y(t,n,r||(s?"border":"content"),c,i,l)+"px"}return e.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=u(e,"opacity");return""===n?"1":n}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,gridArea:!0,gridColumn:!0,gridColumnEnd:!0,gridColumnStart:!0,gridRow:!0,gridRowEnd:!0,gridRowStart:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{},style:function(t,o,i,a){if(t&&3!==t.nodeType&&8!==t.nodeType&&t.style){var s,u,l,d=n(o),v=h.test(o),g=t.style;if(v||(o=p(d)),l=e.cssHooks[o]||e.cssHooks[d],void 0===i)return l&&"get"in l&&void 0!==(s=l.get(t,!1,a))?s:g[o];"string"===(u=typeof i)&&(s=r.exec(i))&&s[1]&&(i=c(t,o,s),u="number"),null!=i&&i==i&&("number"!==u||v||(i+=s&&s[3]||(e.cssNumber[d]?"":"px")),f.clearCloneStyle||""!==i||0!==o.indexOf("background")||(g[o]="inherit"),l&&"set"in l&&void 0===(i=l.set(t,i,a))||(v?g.setProperty(o,i):g[o]=i))}},css:function(t,r,o,i){var a,s,c,l=n(r);return h.test(r)||(r=p(l)),(c=e.cssHooks[r]||e.cssHooks[l])&&"get"in c&&(a=c.get(t,!0,o)),void 0===a&&(a=u(t,r,i)),"normal"===a&&r in g&&(a=g[r]),""===o||o?(s=parseFloat(a),!0===o||isFinite(s)?s||0:a):a}}),e.each(["height","width"],(function(t,n){e.cssHooks[n]={get:function(t,r,o){if(r)return!d.test(e.css(t,"display"))||t.getClientRects().length&&t.getBoundingClientRect().width?x(t,n,o):s(t,v,(function(){return x(t,n,o)}))},set:function(t,o,i){var s,u=a(t),c=!f.scrollboxSize()&&"absolute"===u.position,l=(c||i)&&"border-box"===e.css(t,"boxSizing",!1,u),p=i?y(t,n,i,l,u):0;return l&&c&&(p-=Math.ceil(t["offset"+n[0].toUpperCase()+n.slice(1)]-parseFloat(u[n])-y(t,n,"border",!1,u)-.5)),p&&(s=r.exec(o))&&"px"!==(s[3]||"px")&&(t.style[n]=o,o=e.css(t,n)),m(0,o,p)}}})),e.cssHooks.marginLeft=l(f.reliableMarginLeft,(function(e,t){if(t)return(parseFloat(u(e,"marginLeft"))||e.getBoundingClientRect().left-s(e,{marginLeft:0},(function(){return e.getBoundingClientRect().left})))+"px"})),e.each({margin:"",padding:"",border:"Width"},(function(t,n){e.cssHooks[t+n]={expand:function(e){for(var r=0,o={},a="string"==typeof e?e.split(" "):[e];r<4;r++)o[t+i[r]+n]=a[r]||a[r-2]||a[0];return o}},"margin"!==t&&(e.cssHooks[t+n].set=m)})),e.fn.extend({css:function(n,r){return t(this,(function(t,n,r){var o,i,s={},u=0;if(Array.isArray(n)){for(o=a(t),i=n.length;u1)}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(15)],void 0===(o=function(e){"use strict";return e.slice}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return{}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(22),n(3)],void 0===(o=function(e,t){"use strict";var n=function(t){return e.contains(t.ownerDocument,t)},r={composed:!0};return t.getRootNode&&(n=function(t){return e.contains(t.ownerDocument,t)||t.getRootNode(r)===t.ownerDocument}),n}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(2)],void 0===(o=function(e){"use strict";return e.documentElement}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(21),n(39),n(1),n(40),n(32),n(9),n(54),n(55),n(56),n(57),n(58),n(59),n(81),n(5),n(49),n(27),n(43),n(8),n(4),n(11),n(3),n(13)],void 0===(o=function(e,t,n,r,o,i,a,s,u,c,l,f,p,d,h,v,g,m,y){"use strict";var x=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,b=/\s*$/g;function T(t,n){return y(t,"table")&&y(11!==n.nodeType?n:n.firstChild,"tr")&&e(t).children("tbody")[0]||t}function k(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function S(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function E(t,n){var r,o,i,a,s,u,c,l;if(1===n.nodeType){if(h.hasData(t)&&(a=h.access(t),s=h.set(n,a),l=a.events))for(i in delete s.handle,s.events={},l)for(r=0,o=l[i].length;r1&&"string"==typeof E&&!d.checkClone&&w.test(E))return t.each((function(e){var n=t.eq(e);N&&(o[0]=E.call(this,e,n.html())),A(n,o,i,a)}));if(b&&(c=(s=p(o,t[0].ownerDocument,!1,t,a)).firstChild,1===s.childNodes.length&&(s=c),c||a)){for(v=(f=e.map(l(s,"script"),k)).length;x")},clone:function(n,r,o){var i,a,s,u,c=n.cloneNode(!0),p=t(n);if(!(d.noCloneChecked||1!==n.nodeType&&11!==n.nodeType||e.isXMLDoc(n)))for(u=l(c),i=0,a=(s=l(n)).length;i0&&f(u,!p&&l(n,"script")),c},cleanData:function(t){for(var n,r,o,i=e.event.special,a=0;void 0!==(r=t[a]);a++)if(g(r)){if(n=r[h.expando]){if(n.events)for(o in n.events)i[o]?e.event.remove(r,o):e.removeEvent(r,o,n.handle);r[h.expando]=void 0}r[v.expando]&&(r[v.expando]=void 0)}}}),e.fn.extend({detach:function(e){return j(this,e,!0)},remove:function(e){return j(this,e)},text:function(t){return a(this,(function(t){return void 0===t?e.text(this):this.empty().each((function(){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||(this.textContent=t)}))}),null,t,arguments.length)},append:function(){return A(this,arguments,(function(e){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||T(this,e).appendChild(e)}))},prepend:function(){return A(this,arguments,(function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=T(this,e);t.insertBefore(e,t.firstChild)}}))},before:function(){return A(this,arguments,(function(e){this.parentNode&&this.parentNode.insertBefore(e,this)}))},after:function(){return A(this,arguments,(function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)}))},empty:function(){for(var t,n=0;null!=(t=this[n]);n++)1===t.nodeType&&(e.cleanData(l(t,!1)),t.textContent="");return this},clone:function(t,n){return t=null!=t&&t,n=null==n?t:n,this.map((function(){return e.clone(this,t,n)}))},html:function(t){return a(this,(function(t){var n=this[0]||{},r=0,o=this.length;if(void 0===t&&1===n.nodeType)return n.innerHTML;if("string"==typeof t&&!b.test(t)&&!c[(s.exec(t)||["",""])[1].toLowerCase()]){t=e.htmlPrefilter(t);try{for(;r-1;)c.splice(r,1),r<=f&&f--})),this},has:function(t){return t?e.inArray(t,c)>-1:c.length>0},empty:function(){return c&&(c=[]),this},disable:function(){return u=l=[],c=a="",this},disabled:function(){return!c},lock:function(){return u=l=[],a||i||(c=a=""),this},locked:function(){return!!u},fireWith:function(e,t){return u||(t=[e,(t=t||[]).slice?t.slice():t],l.push(t),i||p()),this},fire:function(){return d.fireWith(this,arguments),this},fired:function(){return!!s}};return d},e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return function(e){return 1===e.nodeType||9===e.nodeType||!+e.nodeType}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(5),n(12),n(26)],void 0===(o=function(e,t){"use strict";return e.extend({queue:function(n,r,o){var i;if(n)return r=(r||"fx")+"queue",i=t.get(n,r),o&&(!i||Array.isArray(o)?i=t.access(n,r,e.makeArray(o)):i.push(o)),i||[]},dequeue:function(t,n){n=n||"fx";var r=e.queue(t,n),o=r.length,i=r.shift(),a=e._queueHooks(t,n);"inprogress"===i&&(i=r.shift(),o--),i&&("fx"===n&&r.unshift("inprogress"),delete a.stop,i.call(t,(function(){e.dequeue(t,n)}),a)),!o&&a&&a.empty.fire()},_queueHooks:function(n,r){var o=r+"queueHooks";return t.get(n,o)||t.access(n,o,{empty:e.Callbacks("once memory").add((function(){t.remove(n,[r+"queue",o])}))})}}),e.fn.extend({queue:function(t,n){var r=2;return"string"!=typeof t&&(n=t,t="fx",r--),arguments.length-1&&(T=C.split("."),C=T.shift(),T.sort()),m=C.indexOf(":")<0&&"on"+C,(c=c[e.expando]?c:new e.Event(C,"object"==typeof c&&c)).isTrigger=p?2:3,c.namespace=T.join("."),c.rnamespace=c.namespace?new RegExp("(^|\\.)"+T.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,c.result=void 0,c.target||(c.target=f),l=null==l?[c]:e.makeArray(l,[c]),x=e.event.special[C]||{},p||!x.trigger||!1!==x.trigger.apply(f,l))){if(!p&&!x.noBubble&&!a(f)){for(g=x.delegateType||C,s.test(g+C)||(h=h.parentNode);h;h=h.parentNode)w.push(h),v=h;v===(f.ownerDocument||t)&&w.push(v.defaultView||v.parentWindow||window)}for(d=0;(h=w[d++])&&!c.isPropagationStopped();)b=h,c.type=d>1?g:x.bindType||C,(y=(n.get(h,"events")||{})[c.type]&&n.get(h,"handle"))&&y.apply(h,l),(y=m&&h[m])&&y.apply&&r(h)&&(c.result=y.apply(h,l),!1===c.result&&c.preventDefault());return c.type=C,p||c.isDefaultPrevented()||x._default&&!1!==x._default.apply(w.pop(),l)||!r(f)||m&&i(f[C])&&!a(f)&&((v=f[m])&&(f[m]=null),e.event.triggered=C,c.isPropagationStopped()&&b.addEventListener(C,u),f[C](),c.isPropagationStopped()&&b.removeEventListener(C,u),e.event.triggered=void 0,v&&(f[m]=v)),c.result}},simulate:function(t,n,r){var o=e.extend(new e.Event,r,{type:t,isSimulated:!0});e.event.trigger(o,null,n)}}),e.fn.extend({trigger:function(t,n){return this.each((function(){e.event.trigger(t,n,this)}))},triggerHandler:function(t,n){var r=this[0];if(r)return e.event.trigger(t,n,r,!0)}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(3),n(11),n(26),n(12),n(76),n(47),n(78),n(28),n(79),n(84),n(13),n(88),n(23),n(90),n(93),n(18),n(94),n(67),n(14),n(95),n(96),n(97),n(98),n(101),n(29),n(102),n(103),n(104),n(105),n(107),n(108)],void 0===(o=function(e){"use strict";return e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(15)],void 0===(o=function(e){"use strict";return e.concat}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(15)],void 0===(o=function(e){"use strict";return e.push}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(20)],void 0===(o=function(e){"use strict";return e.toString}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(25)],void 0===(o=function(e){"use strict";return e.toString}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(2)],void 0===(o=function(e){"use strict";var t={type:!0,src:!0,nonce:!0,noModule:!0};return function(n,r,o){var i,a,s=(o=o||e).createElement("script");if(s.text=n,r)for(i in t)(a=r[i]||r.getAttribute&&r.getAttribute(i))&&s.setAttribute(i,a);o.head.appendChild(s).parentNode.removeChild(s)}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(3)],void 0===(o=function(e){"use strict";return e.expr.match.needsContext}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(24),n(1),n(44),n(3)],void 0===(o=function(e,t,n,r){"use strict";function o(r,o,i){return n(o)?e.grep(r,(function(e,t){return!!o.call(e,t,e)!==i})):o.nodeType?e.grep(r,(function(e){return e===o!==i})):"string"!=typeof o?e.grep(r,(function(e){return t.call(o,e)>-1!==i})):e.filter(o,r,i)}e.filter=function(t,n,r){var o=n[0];return r&&(t=":not("+t+")"),1===n.length&&1===o.nodeType?e.find.matchesSelector(o,t)?[o]:[]:e.find.matches(t,e.grep(n,(function(e){return 1===e.nodeType})))},e.fn.extend({find:function(t){var n,r,o=this.length,i=this;if("string"!=typeof t)return this.pushStack(e(t).filter((function(){for(n=0;n1?e.uniqueSort(r):r},filter:function(e){return this.pushStack(o(this,e||[],!1))},not:function(e){return this.pushStack(o(this,e||[],!0))},is:function(t){return!!o(this,"string"==typeof t&&r.test(t)?e(t):t||[],!1).length}})}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(2),n(77),n(12)],void 0===(o=function(e,t){"use strict";var n=e.Deferred();function r(){t.removeEventListener("DOMContentLoaded",r),window.removeEventListener("load",r),e.ready()}e.fn.ready=function(t){return n.then(t).catch((function(t){e.readyException(t)})),this},e.extend({isReady:!1,readyWait:1,ready:function(r){(!0===r?--e.readyWait:e.isReady)||(e.isReady=!0,!0!==r&&--e.readyWait>0||n.resolveWith(t,[e]))}}),e.ready.then=n.then,"complete"===t.readyState||"loading"!==t.readyState&&!t.documentElement.doScroll?window.setTimeout(e.ready):(t.addEventListener("DOMContentLoaded",r),window.addEventListener("load",r))}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(17),n(6),n(27)],void 0===(o=function(e,t,n,r){"use strict";function o(){this.expando=e.expando+o.uid++}return o.uid=1,o.prototype={cache:function(e){var t=e[this.expando];return t||(t={},r(e)&&(e.nodeType?e[this.expando]=t:Object.defineProperty(e,this.expando,{value:t,configurable:!0}))),t},set:function(e,n,r){var o,i=this.cache(e);if("string"==typeof n)i[t(n)]=r;else for(o in n)i[t(o)]=n[o];return i},get:function(e,n){return void 0===n?this.cache(e):e[this.expando]&&e[this.expando][t(n)]},access:function(e,t,n){return void 0===t||t&&"string"==typeof t&&void 0===n?this.get(e,t):(this.set(e,t,n),void 0!==n?n:t)},remove:function(r,o){var i,a=r[this.expando];if(void 0!==a){if(void 0!==o){i=(o=Array.isArray(o)?o.map(t):(o=t(o))in a?[o]:o.match(n)||[]).length;for(;i--;)delete a[o[i]]}(void 0===o||e.isEmptyObject(a))&&(r.nodeType?r[this.expando]=void 0:delete r[this.expando])}},hasData:function(t){var n=t[this.expando];return void 0!==n&&!e.isEmptyObject(n)}},o}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(48)],void 0===(o=function(e){"use strict";return new e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(21)],void 0===(o=function(e,t){"use strict";return function(n,r){return"none"===(n=r||n).style.display||""===n.style.display&&t(n)&&"none"===e.css(n,"display")}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return function(e,t,n,r){var o,i,a={};for(i in t)a[i]=e.style[i],e.style[i]=t[i];for(i in o=n.apply(e,r||[]),t)e.style[i]=a[i];return o}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(30)],void 0===(o=function(e,t){"use strict";return function(n,r,o,i){var a,s,u=20,c=i?function(){return i.cur()}:function(){return e.css(n,r,"")},l=c(),f=o&&o[3]||(e.cssNumber[r]?"":"px"),p=n.nodeType&&(e.cssNumber[r]||"px"!==f&&+l)&&t.exec(e.css(n,r));if(p&&p[3]!==f){for(l/=2,f=f||p[3],p=+l||1;u--;)e.style(n,r,p+f),(1-s)*(1-(s=c()/l||.5))<=0&&(u=0),p/=s;p*=2,e.style(n,r,p+f),o=o||[]}return o&&(p=+p||+l||0,a=o[1]?p+(o[1]+1)*o[2]:+o[2],i&&(i.unit=f,i.start=p,i.end=a)),a}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/<([a-z][^\/\0>\x20\t\r\n\f]*)/i}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/^$|^module$|\/(?:java|ecma)script/i}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";var e={option:[1,""],thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};return e.optgroup=e.option,e.tbody=e.tfoot=e.colgroup=e.caption=e.thead,e.th=e.td,e}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(8)],void 0===(o=function(e,t){"use strict";return function(n,r){var o;return o=void 0!==n.getElementsByTagName?n.getElementsByTagName(r||"*"):void 0!==n.querySelectorAll?n.querySelectorAll(r||"*"):[],void 0===r||r&&t(n,r)?e.merge([n],o):o}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(5)],void 0===(o=function(e){"use strict";return function(t,n){for(var r=0,o=t.length;r-1)d&&d.push(h);else if(y=n(h),v=a(b.appendChild(h),"script"),y&&s(v),f)for(x=0;h=v[x++];)o.test(h.type||"")&&f.push(h);return b}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return function(e){var t=e.ownerDocument.defaultView;return t&&t.opener||(t=window),t.getComputedStyle(e)}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(21),n(82),n(33),n(60),n(34)],void 0===(o=function(e,t,n,r,o,i){"use strict";return function(a,s,u){var c,l,f,p,d=a.style;return(u=u||o(a))&&(""!==(p=u.getPropertyValue(s)||u[s])||t(a)||(p=e.style(a,s)),!i.pixelBoxStyles()&&r.test(p)&&n.test(s)&&(c=d.width,l=d.minWidth,f=d.maxWidth,d.minWidth=d.maxWidth=d.width=p,p=u.width,d.width=c,d.minWidth=l,d.maxWidth=f)),void 0!==p?p+"":p}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return function(e,t){return{get:function(){if(!e())return(this.get=t).apply(this,arguments);delete this.get}}}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(2),n(0)],void 0===(o=function(e,t){"use strict";var n=["Webkit","Moz","ms"],r=e.createElement("div").style,o={};return function(e){var i=t.cssProps[e]||o[e];return i||(e in r?e:o[e]=function(e){for(var t=e[0].toUpperCase()+e.slice(1),o=n.length;o--;)if((e=n[o]+t)in r)return e}(e)||e)}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(9),n(35),n(3)],void 0===(o=function(e,t,n){"use strict";var r=/^(?:input|select|textarea|button)$/i,o=/^(?:a|area)$/i;e.fn.extend({prop:function(n,r){return t(this,e.prop,n,r,arguments.length>1)},removeProp:function(t){return this.each((function(){delete this[e.propFix[t]||t]}))}}),e.extend({prop:function(t,n,r){var o,i,a=t.nodeType;if(3!==a&&8!==a&&2!==a)return 1===a&&e.isXMLDoc(t)||(n=e.propFix[n]||n,i=e.propHooks[n]),void 0!==r?i&&"set"in i&&void 0!==(o=i.set(t,r,n))?o:t[n]=r:i&&"get"in i&&null!==(o=i.get(t,n))?o:t[n]},propHooks:{tabIndex:{get:function(t){var n=e.find.attr(t,"tabindex");return n?parseInt(n,10):r.test(t.nodeName)||o.test(t.nodeName)&&t.href?0:-1}}},propFix:{for:"htmlFor",class:"className"}}),n.optSelected||(e.propHooks.selected={get:function(e){var t=e.parentNode;return t&&t.parentNode&&t.parentNode.selectedIndex,null},set:function(e){var t=e.parentNode;t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex)}}),e.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],(function(){e.propFix[this.toLowerCase()]=this}))}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return Date.now()}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/\?/}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(10),n(32),n(1),n(4),n(11),n(64)],void 0===(o=function(e,t,n,r){"use strict";var o=/\[\]$/,i=/\r?\n/g,a=/^(?:submit|button|image|reset|file)$/i,s=/^(?:input|select|textarea|keygen)/i;function u(n,r,i,a){var s;if(Array.isArray(r))e.each(r,(function(e,t){i||o.test(n)?a(n,t):u(n+"["+("object"==typeof t&&null!=t?e:"")+"]",t,i,a)}));else if(i||"object"!==t(r))a(n,r);else for(s in r)u(n+"["+s+"]",r[s],i,a)}return e.param=function(t,n){var o,i=[],a=function(e,t){var n=r(t)?t():t;i[i.length]=encodeURIComponent(e)+"="+encodeURIComponent(null==n?"":n)};if(null==t)return"";if(Array.isArray(t)||t.jquery&&!e.isPlainObject(t))e.each(t,(function(){a(this.name,this.value)}));else for(o in t)u(o,t[o],n,a);return i.join("&")},e.fn.extend({serialize:function(){return e.param(this.serializeArray())},serializeArray:function(){return this.map((function(){var t=e.prop(this,"elements");return t?e.makeArray(t):this})).filter((function(){var t=this.type;return this.name&&!e(this).is(":disabled")&&s.test(this.nodeName)&&!a.test(t)&&(this.checked||!n.test(t))})).map((function(t,n){var r=e(this).val();return null==r?null:Array.isArray(r)?e.map(r,(function(e){return{name:n.name,value:e.replace(i,"\r\n")}})):{name:n.name,value:r.replace(i,"\r\n")}})).get()}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){"use strict";(function(e,t){var r=n(109),o=n(110);!function(){function e(){var e=window.pageYOffset||document.documentElement.scrollTop,t=window.innerWidth||document.body.clientWidth,n=document.getElementById("toc");e>250?t>1104?(n.style.position="fixed",n.style.left=document.getElementById("getting-started").getBoundingClientRect().left-230+"px"):t>760&&(n.style.position="fixed",n.style.left=document.getElementById("getting-started").getBoundingClientRect().left-210+"px"):(n.style.position="absolute",n.style.left="0")}window.onscroll=window.onresize=e,e()}();var i={Models:{}};i.Models.Docs={},i.Models.Apps={},i.Collections={},i.Views={},function(e,n){if(e){var r=e.LiveTOC=function(e){this.parent=e.parent,this.content=e.content,this.scrollContent=e.scrollContent||e.content,this.throttleInterval=e.throttleInterval||300,this.alignment=e.alignment||"center",this.onSelect=e.onSelect||null,this.currentItem=null,this._headerHeights={},this._sortedHeights=[],this.render(),e.parent&&this.attach(e.parent),this.initializeEventHandlers()};r.prototype={initializeEventHandlers:function(){var e=n.throttle(this.handleScroll.bind(this),this.throttleInterval);this.scrollContent===document.getElementsByTagName("body")[0]?document.addEventListener("scroll",e):this.scrollContent.addEventListener("scroll",e)},render:function(){this.scrollContent.style.position="relative",this.node=document.getElementsByClassName("ui_live_toc")[0],t(document).ready(function(e){this.updateHeights(),window.location.hash&&(this.hashChanged=!0),this.handleScroll()}.bind(this)),t(window).on("hashchange",function(){this.hashChanged=!0}.bind(this))},updateHeights:function(){for(var e={},t=[],n=this.content.querySelectorAll("h1, h2, h3"),r=0;rn);i++)o=this._sortedHeights[i];return this._headerHeights[o]},handleScroll:function(){var t;if(this.hashChanged?(this.hashChanged=!1,t=window.location.hash.replace("#","")):t=this.findBestLink(),null===this.currentItem||this.currentItem.getAttribute("data-name")!==t){for(var n=this.node.getElementsByTagName("li"),r=0;r=0,s=o.firstChild.className.indexOf(n.opt2)>=0,a&&t(o).addClass("language-"+n.opt1),s&&t(o).addClass("language-"+n.opt2),i=o):(a=o.className.indexOf(n.opt1)>=0,s=o.className.indexOf(n.opt2)>=0,i=t(o).find("pre.highlight").first()),a?i.append(n.renderToggle(!0)):s&&i.append(n.renderToggle(!1)),e.addClass(o,"has_toggles")}))})),t("."+this.opt2+"-toggle").on("click",this.showOpt2.bind(this)),t("."+this.opt1+"-toggle").on("click",this.showOpt1.bind(this)),this.toggleOpt(!0)},renderToggle:function(t){var n=e.tag("div",{className:"toggles"},[e.tag("div",{className:"toggle-item"},[e.tag("a",{className:this.opt1+"-toggle",href:"#"},this.label1)]),e.tag("div",{className:"toggle-item"},[e.tag("a",{className:this.opt2+"-toggle",href:"#"},this.label2)])]);return!0===t?e.addClass(n.childNodes[0],"selected"):e.addClass(n.childNodes[1],"selected"),n},showOpt1:function(e){e&&e.preventDefault(),t(".language-toggle .language-"+this.opt2).hide(),t(".language-toggle .language-"+this.opt1).show()},showOpt2:function(e){e&&e.preventDefault(),t(".language-toggle .language-"+this.opt2).show(),t(".language-toggle .language-"+this.opt1).hide()},toggleOpt:function(e){!0===e?(t(".language-toggle .language-"+this.opt2).hide(),t(".language-toggle .language-"+this.opt1).show()):(t(".language-toggle .language-"+this.opt2).show(),t(".language-toggle .language-"+this.opt1).hide()),this.onChange()}},n.extend(r.prototype,e.ComponentProto)}}(o,e),function(e,n){if(e){i.Views.Docs||(i.Views.Docs={});var r=i.Views.Docs.Main=function(e){this.platform=e.platform,this.language=e.language,this.render()};r.prototype={render:function(){this.scrollContent=document.getElementsByTagName("body")[0],"ios"===this.platform||"osx"===this.platform||"macos"===this.platform?new i.Views.Docs.Toggle({parent:this.scrollContent,opt1:"objective_c",opt2:"swift",label1:"Objective-C",label2:"Swift",onChange:this.handleToggleChange.bind(this)}):"rest"===this.platform&&new i.Views.Docs.Toggle({parent:this.scrollContent,opt1:"bash",opt2:"python",label1:"cURL",label2:"Python",onChange:this.handleToggleChange.bind(this)}),t(window).on("resize",n.throttle(this.handleWindowResize.bind(this),300)),t(window).on("load",function(){this.toc&&this.toc.updateHeights()}.bind(this)),t(function(){this.toc=new e.LiveTOC({parent:document.getElementById("toc"),scrollContent:this.scrollContent,content:document.getElementsByClassName("guide_content")[0]}),this.setupServerFieldCustomization(),this.mobileToc=document.getElementById("mobile_toc").getElementsByTagName("select")[0],this.renderMobileTOC(),this.handleWindowResize()}.bind(this))},renderMobileTOC:function(){for(var t=this.scrollContent.getElementsByTagName("h1"),n=document.createDocumentFragment(),r=0;r/g,">").replace(/"/g,"""),t(".custom-parse-server-appid").html(e),"undefined"!=typeof Storage&&localStorage.setItem("parse-server-custom-appid",e))})),t("#parse-server-custom-masterkey").keyup((function(){var e=t("#parse-server-custom-masterkey").val();e.match(/^[^\s]+$/i)&&(e=e.replace(/&/g,"&").replace(//g,">").replace(/"/g,"""),t(".custom-parse-server-masterkey").html(e),"undefined"!=typeof Storage&&localStorage.setItem("parse-server-custom-masterkey",e))})),t("#parse-server-custom-clientkey").keyup((function(){var e=t("#parse-server-custom-clientkey").val();e.match(/^[^\s]+$/i)&&(e=e.replace(/&/g,"&").replace(//g,">").replace(/"/g,"""),t(".custom-parse-server-clientkey").html(e),"undefined"!=typeof Storage&&localStorage.setItem("parse-server-custom-clientkey",e))})),t("#parse-server-custom-restapikey").keyup((function(){var e=t("#parse-server-custom-restapikey").val();e.match(/^[^\s]+$/i)&&(e=e.replace(/&/g,"&").replace(//g,">").replace(/"/g,"""),t(".custom-parse-server-restapikey").html(e),"undefined"!=typeof Storage&&localStorage.setItem("parse-server-custom-restapikey",e))})),t("#parse-server-custom-values-reset").click((function(){var e=t("#parse-server-custom-url").attr("defaultval");t(".custom-parse-server-url").html(e),t("#parse-server-custom-url").val(e),localStorage.setItem("parse-server-custom-url",e),e=t("#parse-server-custom-mount").attr("defaultval"),t(".custom-parse-server-mount").html("/"+e+"/"),t("#parse-server-custom-mount").val(e),localStorage.setItem("parse-server-custom-mount","/"+e+"/"),e=t("#parse-server-custom-protocol").attr("defaultval"),t(".custom-parse-server-protocol").html(e),t("#parse-server-custom-protocol").val(e),localStorage.setItem("parse-server-custom-protocol",e),e=t("#parse-server-custom-appid").attr("defaultval"),t(".custom-parse-server-appid").html(e),t("#parse-server-custom-appid").val(e),localStorage.setItem("parse-server-custom-appid",e),e=t("#parse-server-custom-masterkey").attr("defaultval"),t(".custom-parse-server-masterkey").html(e),t("#parse-server-custom-masterkey").val(e),localStorage.setItem("parse-server-custom-masterkey",e),e=t("#parse-server-custom-clientkey").attr("defaultval"),t(".custom-parse-server-clientkey").html(e),t("#parse-server-custom-clientkey").val(e),localStorage.setItem("parse-server-custom-clientkey",e),e=t("#parse-server-custom-restapikey").attr("defaultval"),t(".parse-server-custom-restapikey").html(e),t("#parse-server-custom-restapikey").val(e),localStorage.setItem("parse-server-custom-restapikey",e)}))}},handleToggleChange:function(){this.toc&&this.toc.updateHeights()},handleSelectChange:function(e){location.href=this.mobileToc.selectedOptions[0].getAttribute("data-anchor")},handleWindowResize:function(e){this.toc&&this.toc.updateHeights()}},n.extend(r.prototype,e.ComponentProto)}}(o,e);var a=window.location.pathname.split("/")[1];a&&new i.Views.Docs.Main({language:"en",platform:a}),t((function(){r.init({offset:2500,throttle:250,unload:!1,callback:function(e,t){}})}))}).call(this,n(69),n(38))},function(e,t,n){var r;(function(){var n=this,o=n._,i=Array.prototype,a=Object.prototype,s=Function.prototype,u=i.push,c=i.slice,l=a.toString,f=a.hasOwnProperty,p=Array.isArray,d=Object.keys,h=s.bind,v=Object.create,g=function(){},m=function(e){return e instanceof m?e:this instanceof m?void(this._wrapped=e):new m(e)};e.exports&&(t=e.exports=m),t._=m,m.VERSION="1.8.3";var y=function(e,t,n){if(void 0===t)return e;switch(null==n?3:n){case 1:return function(n){return e.call(t,n)};case 2:return function(n,r){return e.call(t,n,r)};case 3:return function(n,r,o){return e.call(t,n,r,o)};case 4:return function(n,r,o,i){return e.call(t,n,r,o,i)}}return function(){return e.apply(t,arguments)}},x=function(e,t,n){return null==e?m.identity:m.isFunction(e)?y(e,t,n):m.isObject(e)?m.matcher(e):m.property(e)};m.iteratee=function(e,t){return x(e,t,1/0)};var b=function(e,t){return function(n){var r=arguments.length;if(r<2||null==n)return n;for(var o=1;o=0&&t<=T};function E(e){function t(t,n,r,o,i,a){for(;i>=0&&i0?0:s-1;return arguments.length<3&&(o=n[a?a[u]:u],u+=e),t(n,r,o,a,u,s)}}m.each=m.forEach=function(e,t,n){var r,o;if(t=y(t,n),S(e))for(r=0,o=e.length;r=0},m.invoke=function(e,t){var n=c.call(arguments,2),r=m.isFunction(t);return m.map(e,(function(e){var o=r?t:e[t];return null==o?o:o.apply(e,n)}))},m.pluck=function(e,t){return m.map(e,m.property(t))},m.where=function(e,t){return m.filter(e,m.matcher(t))},m.findWhere=function(e,t){return m.find(e,m.matcher(t))},m.max=function(e,t,n){var r,o,i=-1/0,a=-1/0;if(null==t&&null!=e)for(var s=0,u=(e=S(e)?e:m.values(e)).length;si&&(i=r);else t=x(t,n),m.each(e,(function(e,n,r){((o=t(e,n,r))>a||o===-1/0&&i===-1/0)&&(i=e,a=o)}));return i},m.min=function(e,t,n){var r,o,i=1/0,a=1/0;if(null==t&&null!=e)for(var s=0,u=(e=S(e)?e:m.values(e)).length;sr||void 0===n)return 1;if(n0?0:o-1;i>=0&&i0?a=i>=0?i:Math.max(i+s,a):s=i>=0?Math.min(i+1,s):i+s+1;else if(n&&i&&s)return r[i=n(r,o)]===o?i:-1;if(o!=o)return(i=t(c.call(r,a,s),m.isNaN))>=0?i+a:-1;for(i=e>0?a:s-1;i>=0&&it?(a&&(clearTimeout(a),a=null),s=c,i=e.apply(r,o),a||(r=o=null)):a||!1===n.trailing||(a=setTimeout(u,l)),i}},m.debounce=function(e,t,n){var r,o,i,a,s,u=function(){var c=m.now()-a;c=0?r=setTimeout(u,t-c):(r=null,n||(s=e.apply(i,o),r||(i=o=null)))};return function(){i=this,o=arguments,a=m.now();var c=n&&!r;return r||(r=setTimeout(u,t)),c&&(s=e.apply(i,o),i=o=null),s}},m.wrap=function(e,t){return m.partial(t,e)},m.negate=function(e){return function(){return!e.apply(this,arguments)}},m.compose=function(){var e=arguments,t=e.length-1;return function(){for(var n=t,r=e[t].apply(this,arguments);n--;)r=e[n].call(this,r);return r}},m.after=function(e,t){return function(){if(--e<1)return t.apply(this,arguments)}},m.before=function(e,t){var n;return function(){return--e>0&&(n=t.apply(this,arguments)),e<=1&&(t=null),n}},m.once=m.partial(m.before,2);var O=!{toString:null}.propertyIsEnumerable("toString"),_=["valueOf","isPrototypeOf","toString","propertyIsEnumerable","hasOwnProperty","toLocaleString"];function q(e,t){var n=_.length,r=e.constructor,o=m.isFunction(r)&&r.prototype||a,i="constructor";for(m.has(e,i)&&!m.contains(t,i)&&t.push(i);n--;)(i=_[n])in e&&e[i]!==o[i]&&!m.contains(t,i)&&t.push(i)}m.keys=function(e){if(!m.isObject(e))return[];if(d)return d(e);var t=[];for(var n in e)m.has(e,n)&&t.push(n);return O&&q(e,t),t},m.allKeys=function(e){if(!m.isObject(e))return[];var t=[];for(var n in e)t.push(n);return O&&q(e,t),t},m.values=function(e){for(var t=m.keys(e),n=t.length,r=Array(n),o=0;o":">",'"':""","'":"'","`":"`"},M=m.invert(H),P=function(e){var t=function(t){return e[t]},n="(?:"+m.keys(e).join("|")+")",r=RegExp(n),o=RegExp(n,"g");return function(e){return e=null==e?"":""+e,r.test(e)?e.replace(o,t):e}};m.escape=P(H),m.unescape=P(M),m.result=function(e,t,n){var r=null==e?void 0:e[t];return void 0===r&&(r=n),m.isFunction(r)?r.call(e):r};var R=0;m.uniqueId=function(e){var t=++R+"";return e?e+t:t},m.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g,escape:/<%-([\s\S]+?)%>/g};var B=/(.)^/,F={"'":"'","\\":"\\","\r":"r","\n":"n","\u2028":"u2028","\u2029":"u2029"},W=/\\|'|\r|\n|\u2028|\u2029/g,$=function(e){return"\\"+F[e]};m.template=function(e,t,n){!t&&n&&(t=n),t=m.defaults({},t,m.templateSettings);var r=RegExp([(t.escape||B).source,(t.interpolate||B).source,(t.evaluate||B).source].join("|")+"|$","g"),o=0,i="__p+='";e.replace(r,(function(t,n,r,a,s){return i+=e.slice(o,s).replace(W,$),o=s+t.length,n?i+="'+\n((__t=("+n+"))==null?'':_.escape(__t))+\n'":r?i+="'+\n((__t=("+r+"))==null?'':__t)+\n'":a&&(i+="';\n"+a+"\n__p+='"),t})),i+="';\n",t.variable||(i="with(obj||{}){\n"+i+"}\n"),i="var __t,__p='',__j=Array.prototype.join,print=function(){__p+=__j.call(arguments,'');};\n"+i+"return __p;\n";try{var a=new Function(t.variable||"obj","_",i)}catch(e){throw e.source=i,e}var s=function(e){return a.call(this,e,m)},u=t.variable||"obj";return s.source="function("+u+"){\n"+i+"}",s},m.chain=function(e){var t=m(e);return t._chain=!0,t};var z=function(e,t){return e._chain?m(t).chain():t};m.mixin=function(e){m.each(m.functions(e),(function(t){var n=m[t]=e[t];m.prototype[t]=function(){var e=[this._wrapped];return u.apply(e,arguments),z(this,n.apply(m,e))}}))},m.mixin(m),m.each(["pop","push","reverse","shift","sort","splice","unshift"],(function(e){var t=i[e];m.prototype[e]=function(){var n=this._wrapped;return t.apply(n,arguments),"shift"!==e&&"splice"!==e||0!==n.length||delete n[0],z(this,n)}})),m.each(["concat","join","slice"],(function(e){var t=i[e];m.prototype[e]=function(){return z(this,t.apply(this._wrapped,arguments))}})),m.prototype.value=function(){return this._wrapped},m.prototype.valueOf=m.prototype.toJSON=m.prototype.value,m.prototype.toString=function(){return""+this._wrapped},void 0===(r=function(){return m}.apply(t,[]))||(e.exports=r)}).call(this)},function(e,t,n){var r;void 0===(r=function(){"use strict";return Object.getPrototypeOf}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(42)],void 0===(o=function(e){"use strict";return e.call(Object)}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(73)],void 0===(o=function(e,t){"use strict";e.find=t,e.expr=t.selectors,e.expr[":"]=e.expr.pseudos,e.uniqueSort=e.unique=t.uniqueSort,e.text=t.getText,e.isXMLDoc=t.isXML,e.contains=t.contains,e.escapeSelector=t.escape}.apply(t,r))||(e.exports=o)},function(e,t,n){var r; +!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=100)}([function(e,t,n){(function(r){var o,i;o=[n(13),n(1),n(98),n(29),n(58),n(57),n(28),n(27),n(97),n(26),n(56),n(96),n(7),n(55)],void 0===(i=function(e,t,n,r,o,i,a,s,u,c,l,f,p,d){"use strict";var h=function(e,t){return new h.fn.init(e,t)},v=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,g=/^-ms-/,m=/-([a-z])/g,y=function(e,t){return t.toUpperCase()};function x(e){var t=!!e&&"length"in e&&e.length,n=h.type(e);return"function"!==n&&!h.isWindow(e)&&("array"===n||0===t||"number"==typeof t&&t>0&&t-1 in e)}return h.fn=h.prototype={jquery:"3.0.0",constructor:h,length:0,toArray:function(){return r.call(this)},get:function(e){return null!=e?e<0?this[e+this.length]:this[e]:r.call(this)},pushStack:function(e){var t=h.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return h.each(this,e)},map:function(e){return this.pushStack(h.map(this,function(t,n){return e.call(t,n,t)}))},slice:function(){return this.pushStack(r.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(n>=0&&n)[^>]*|#([\w-]+))$/,i=e.fn.init=function(i,a,s){var u,c;if(!i)return this;if(s=s||r,"string"==typeof i){if(!(u="<"===i[0]&&">"===i[i.length-1]&&i.length>=3?[null,i,null]:o.exec(i))||!u[1]&&a)return!a||a.jquery?(a||s).find(i):this.constructor(a).find(i);if(u[1]){if(a=a instanceof e?a[0]:a,e.merge(this,e.parseHTML(u[1],a&&a.nodeType?a.ownerDocument||a:t,!0)),n.test(u[1])&&e.isPlainObject(a))for(u in a)e.isFunction(this[u])?this[u](a[u]):this.attr(u,a[u]);return this}return(c=t.getElementById(u[2]))&&(this[0]=c,this.length=1),this}return i.nodeType?(this[0]=i,this.length=1,this):e.isFunction(i)?void 0!==s.ready?s.ready(i):i(e):e.makeArray(i,this)};return i.prototype=e.fn,r=e(t),i}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(50)],void 0===(o=function(e){"use strict";return new e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0)],void 0===(o=function(e){"use strict";var t=function(n,r,o,i,a,s,u){var c=0,l=n.length,f=null==o;if("object"===e.type(o))for(c in a=!0,o)t(n,r,c,o[c],!0,s,u);else if(void 0!==i&&(a=!0,e.isFunction(i)||(u=!0),f&&(u?(r.call(n,i),r=null):(f=r,r=function(t,n,r){return f.call(e(t),r)})),r))for(;c0&&(T=window.setTimeout(function(){M.abort("timeout")},A.timeout));try{S=!1,x.send(I,P)}catch(e){if(S)throw e;P(-1,e)}}else P(-1,"No Transport");function P(t,n,r,o){var i,a,s,u,c,l=n;S||(S=!0,T&&window.clearTimeout(T),x=void 0,w=o||"",M.readyState=t>0?4:0,i=t>=200&&t<300||304===t,r&&(u=function(e,t,n){for(var r,o,i,a,s=e.contents,u=e.dataTypes;"*"===u[0];)u.shift(),void 0===r&&(r=e.mimeType||t.getResponseHeader("Content-Type"));if(r)for(o in s)if(s[o]&&s[o].test(r)){u.unshift(o);break}if(u[0]in n)i=u[0];else{for(o in n){if(!u[0]||e.converters[o+" "+u[0]]){i=o;break}a||(a=o)}i=i||a}if(i)return i!==u[0]&&u.unshift(i),n[i]}(A,M,r)),u=function(e,t,n,r){var o,i,a,s,u,c={},l=e.dataTypes.slice();if(l[1])for(a in e.converters)c[a.toLowerCase()]=e.converters[a];for(i=l.shift();i;)if(e.responseFields[i]&&(n[e.responseFields[i]]=t),!u&&r&&e.dataFilter&&(t=e.dataFilter(t,e.dataType)),u=i,i=l.shift())if("*"===i)i=u;else if("*"!==u&&u!==i){if(!(a=c[u+" "+i]||c["* "+i]))for(o in c)if((s=o.split(" "))[1]===i&&(a=c[u+" "+s[0]]||c["* "+s[0]])){!0===a?a=c[o]:!0!==c[o]&&(i=s[0],l.unshift(s[1]));break}if(!0!==a)if(a&&e.throws)t=a(t);else try{t=a(t)}catch(e){return{state:"parsererror",error:a?e:"No conversion from "+u+" to "+i}}}return{state:"success",data:t}}(A,u,M,i),i?(A.ifModified&&((c=M.getResponseHeader("Last-Modified"))&&(e.lastModified[b]=c),(c=M.getResponseHeader("etag"))&&(e.etag[b]=c)),204===t||"HEAD"===A.type?l="nocontent":304===t?l="notmodified":(l=u.state,a=u.data,i=!(s=u.error))):(s=l,!t&&l||(l="error",t<0&&(t=0))),M.status=t,M.statusText=(n||l)+"",i?L.resolveWith(D,[a,l,M]):L.rejectWith(D,[M,l,s]),M.statusCode(_),_=void 0,E&&O.trigger(i?"ajaxSuccess":"ajaxError",[M,A,i?a:s]),q.fireWith(D,[M,l]),E&&(O.trigger("ajaxComplete",[M,A]),--e.active||e.event.trigger("ajaxStop")))}return M},getJSON:function(t,n,r){return e.get(t,n,r,"json")},getScript:function(t,n){return e.get(t,void 0,n,"script")}}),e.each(["get","post"],function(t,n){e[n]=function(t,r,o,i){return e.isFunction(r)&&(i=i||o,o=r,r=void 0),e.ajax(e.extend({url:t,type:n,dataType:i,data:r,success:o},e.isPlainObject(t)&&t))}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(1),n(19),n(6),n(29),n(4),n(3),n(2)],void 0===(o=function(e,t,n,r,o,i){"use strict";var a=/^key/,s=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,u=/^([^.]*)(?:\.(.+)|)/;function c(){return!0}function l(){return!1}function f(){try{return t.activeElement}catch(e){}}function p(t,n,r,o,i,a){var s,u;if("object"==typeof n){for(u in"string"!=typeof r&&(o=o||r,r=void 0),n)p(t,u,r,o,n[u],a);return t}if(null==o&&null==i?(i=r,o=r=void 0):null==i&&("string"==typeof r?(i=o,o=void 0):(i=o,o=r,r=void 0)),!1===i)i=l;else if(!i)return t;return 1===a&&(s=i,(i=function(t){return e().off(t),s.apply(this,arguments)}).guid=s.guid||(s.guid=e.guid++)),t.each(function(){e.event.add(this,n,i,o,r)})}return e.event={global:{},add:function(t,o,a,s,c){var l,f,p,d,h,v,g,m,y,x,b,w=i.get(t);if(w)for(a.handler&&(a=(l=a).handler,c=l.selector),c&&e.find.matchesSelector(n,c),a.guid||(a.guid=e.guid++),(d=w.events)||(d=w.events={}),(f=w.handle)||(f=w.handle=function(n){return void 0!==e&&e.event.triggered!==n.type?e.event.dispatch.apply(t,arguments):void 0}),h=(o=(o||"").match(r)||[""]).length;h--;)y=b=(p=u.exec(o[h])||[])[1],x=(p[2]||"").split(".").sort(),y&&(g=e.event.special[y]||{},y=(c?g.delegateType:g.bindType)||y,g=e.event.special[y]||{},v=e.extend({type:y,origType:b,data:s,handler:a,guid:a.guid,selector:c,needsContext:c&&e.expr.match.needsContext.test(c),namespace:x.join(".")},l),(m=d[y])||((m=d[y]=[]).delegateCount=0,g.setup&&!1!==g.setup.call(t,s,x,f)||t.addEventListener&&t.addEventListener(y,f)),g.add&&(g.add.call(t,v),v.handler.guid||(v.handler.guid=a.guid)),c?m.splice(m.delegateCount++,0,v):m.push(v),e.event.global[y]=!0)},remove:function(t,n,o,a,s){var c,l,f,p,d,h,v,g,m,y,x,b=i.hasData(t)&&i.get(t);if(b&&(p=b.events)){for(d=(n=(n||"").match(r)||[""]).length;d--;)if(m=x=(f=u.exec(n[d])||[])[1],y=(f[2]||"").split(".").sort(),m){for(v=e.event.special[m]||{},g=p[m=(a?v.delegateType:v.bindType)||m]||[],f=f[2]&&new RegExp("(^|\\.)"+y.join("\\.(?:.*\\.|)")+"(\\.|$)"),l=c=g.length;c--;)h=g[c],!s&&x!==h.origType||o&&o.guid!==h.guid||f&&!f.test(h.namespace)||a&&a!==h.selector&&("**"!==a||!h.selector)||(g.splice(c,1),h.selector&&g.delegateCount--,v.remove&&v.remove.call(t,h));l&&!g.length&&(v.teardown&&!1!==v.teardown.call(t,y,b.handle)||e.removeEvent(t,m,b.handle),delete p[m])}else for(m in p)e.event.remove(t,m+n[d],o,a,!0);e.isEmptyObject(p)&&i.remove(t,"handle events")}},dispatch:function(t){var n,r,o,a,s,u,c=e.event.fix(t),l=new Array(arguments.length),f=(i.get(this,"events")||{})[c.type]||[],p=e.event.special[c.type]||{};for(l[0]=c,n=1;n-1:e.find(i,this,null,[c]).length),o[i]&&o.push(a);o.length&&s.push({elem:c,handlers:o})}return u=s&&(i!==r&&(c=void 0,l=[n]),o.rejectWith(c,l))}};t?p():(e.Deferred.getStackHook&&(p.stackTrace=e.Deferred.getStackHook()),window.setTimeout(p))}}return e.Deferred(function(s){o[0][3].add(u(0,s,e.isFunction(a)?a:n,s.notifyWith)),o[1][3].add(u(0,s,e.isFunction(t)?t:n)),o[2][3].add(u(0,s,e.isFunction(i)?i:r))}).promise()},promise:function(t){return null!=t?e.extend(t,a):a}},s={};return e.each(o,function(e,t){var n=t[2],r=t[5];a[t[1]]=n.add,r&&n.add(function(){i=r},o[3-e][2].disable,o[0][2].lock),n.add(t[3].fire),s[t[0]]=function(){return s[t[0]+"With"](this===s?void 0:this,arguments),this},s[t[0]+"With"]=n.fireWith}),a.promise(s),t&&t.call(s,s),s},when:function(n){var r=arguments.length,i=r,a=Array(i),s=t.call(arguments),u=e.Deferred(),c=function(e){return function(n){a[e]=this,s[e]=arguments.length>1?t.call(arguments):n,--r||u.resolveWith(a,s)}};if(r<=1&&(o(n,u.done(c(i)).resolve,u.reject),"pending"===u.state()||e.isFunction(s[i]&&s[i].then)))return u.then();for(;i--;)o(s[i],c(i),u.reject);return u.promise()}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(28),n(93),n(92),n(54),n(3),n(52),n(2)],void 0===(o=function(e,t,n,r,o){"use strict";var i=/^(?:parents|prev(?:Until|All))/,a={children:!0,contents:!0,next:!0,prev:!0};function s(e,t){for(;(e=e[t])&&1!==e.nodeType;);return e}return e.fn.extend({has:function(t){var n=e(t,this),r=n.length;return this.filter(function(){for(var t=0;t-1:1===r.nodeType&&e.find.matchesSelector(r,t))){s.push(r);break}return this.pushStack(s.length>1?e.uniqueSort(s):s)},index:function(n){return n?"string"==typeof n?t.call(e(n),this[0]):t.call(this,n.jquery?n[0]:n):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(t,n){return this.pushStack(e.uniqueSort(e.merge(this.get(),e(t,n))))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}}),e.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return n(e,"parentNode")},parentsUntil:function(e,t,r){return n(e,"parentNode",r)},next:function(e){return s(e,"nextSibling")},prev:function(e){return s(e,"previousSibling")},nextAll:function(e){return n(e,"nextSibling")},prevAll:function(e){return n(e,"previousSibling")},nextUntil:function(e,t,r){return n(e,"nextSibling",r)},prevUntil:function(e,t,r){return n(e,"previousSibling",r)},siblings:function(e){return r((e.parentNode||{}).firstChild,e)},children:function(e){return r(e.firstChild)},contents:function(t){return t.contentDocument||e.merge([],t.childNodes)}},function(t,n){e.fn[t]=function(r,o){var s=e.map(this,n,r);return"Until"!==t.slice(-5)&&(o=r),o&&"string"==typeof o&&(s=e.filter(o,s)),this.length>1&&(a[t]||e.uniqueSort(s),i.test(t)&&s.reverse()),this.pushStack(s)}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(20),n(5),n(37),n(1),n(21),n(18),n(48),n(36),n(46),n(35),n(45),n(34),n(17),n(3),n(51),n(2)],void 0===(o=function(e,t,n,r,o,i,a,s,u,c,l,f,p,d){"use strict";var h=/^(none|table(?!-c[ea]).+)/,v={position:"absolute",visibility:"hidden",display:"block"},g={letterSpacing:"0",fontWeight:"400"},m=["Webkit","Moz","ms"],y=o.createElement("div").style;function x(e){if(e in y)return e;for(var t=e[0].toUpperCase()+e.slice(1),n=m.length;n--;)if((e=m[n]+t)in y)return e}function b(e,t,n){var r=i.exec(t);return r?Math.max(0,r[2]-(n||0))+(r[3]||"px"):t}function w(t,n,r,o,i){for(var a=r===(o?"border":"content")?4:"width"===n?1:0,u=0;a<4;a+=2)"margin"===r&&(u+=e.css(t,r+s[a],!0,i)),o?("content"===r&&(u-=e.css(t,"padding"+s[a],!0,i)),"margin"!==r&&(u-=e.css(t,"border"+s[a]+"Width",!0,i))):(u+=e.css(t,"padding"+s[a],!0,i),"padding"!==r&&(u+=e.css(t,"border"+s[a]+"Width",!0,i)));return u}function C(t,n,r){var o,i=!0,s=u(t),c="border-box"===e.css(t,"boxSizing",!1,s);if(t.getClientRects().length&&(o=t.getBoundingClientRect()[n]),o<=0||null==o){if(((o=l(t,n,s))<0||null==o)&&(o=t.style[n]),a.test(o))return o;i=c&&(d.boxSizingReliable()||o===t.style[n]),o=parseFloat(o)||0}return o+w(t,n,r||(c?"border":"content"),i,s)+"px"}return e.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=l(e,"opacity");return""===n?"1":n}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{float:"cssFloat"},style:function(t,n,r,o){if(t&&3!==t.nodeType&&8!==t.nodeType&&t.style){var a,s,u,c=e.camelCase(n),l=t.style;if(n=e.cssProps[c]||(e.cssProps[c]=x(c)||c),u=e.cssHooks[n]||e.cssHooks[c],void 0===r)return u&&"get"in u&&void 0!==(a=u.get(t,!1,o))?a:l[n];"string"===(s=typeof r)&&(a=i.exec(r))&&a[1]&&(r=f(t,n,a),s="number"),null!=r&&r==r&&("number"===s&&(r+=a&&a[3]||(e.cssNumber[c]?"":"px")),d.clearCloneStyle||""!==r||0!==n.indexOf("background")||(l[n]="inherit"),u&&"set"in u&&void 0===(r=u.set(t,r,o))||(l[n]=r))}},css:function(t,n,r,o){var i,a,s,u=e.camelCase(n);return n=e.cssProps[u]||(e.cssProps[u]=x(u)||u),(s=e.cssHooks[n]||e.cssHooks[u])&&"get"in s&&(i=s.get(t,!0,r)),void 0===i&&(i=l(t,n,o)),"normal"===i&&n in g&&(i=g[n]),""===r||r?(a=parseFloat(i),!0===r||isFinite(a)?a||0:i):i}}),e.each(["height","width"],function(t,n){e.cssHooks[n]={get:function(t,r,o){if(r)return!h.test(e.css(t,"display"))||t.getClientRects().length&&t.getBoundingClientRect().width?C(t,n,o):c(t,v,function(){return C(t,n,o)})},set:function(t,r,o){var a,s=o&&u(t),c=o&&w(t,n,o,"border-box"===e.css(t,"boxSizing",!1,s),s);return c&&(a=i.exec(r))&&"px"!==(a[3]||"px")&&(t.style[n]=r,r=e.css(t,n)),b(0,r,c)}}}),e.cssHooks.marginLeft=p(d.reliableMarginLeft,function(e,t){if(t)return(parseFloat(l(e,"marginLeft"))||e.getBoundingClientRect().left-c(e,{marginLeft:0},function(){return e.getBoundingClientRect().left}))+"px"}),e.each({margin:"",padding:"",border:"Width"},function(t,n){e.cssHooks[t+n]={expand:function(e){for(var r=0,o={},i="string"==typeof e?e.split(" "):[e];r<4;r++)o[t+s[r]+n]=i[r]||i[r-2]||i[0];return o}},r.test(t)||(e.cssHooks[t+n].set=b)}),e.fn.extend({css:function(t,r){return n(this,function(t,n,r){var o,i,a={},s=0;if(e.isArray(n)){for(o=u(t),i=n.length;s1)}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return[]}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(58),n(57),n(5),n(44),n(43),n(42),n(41),n(40),n(39),n(38),n(87),n(4),n(49),n(24),n(55),n(3),n(11),n(2),n(9)],void 0===(o=function(e,t,n,r,o,i,a,s,u,c,l,f,p,d,h,v){"use strict";var g=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,m=/\s*$/g;function w(t,n){return e.nodeName(t,"table")&&e.nodeName(11!==n.nodeType?n:n.firstChild,"tr")&&t.getElementsByTagName("tbody")[0]||t}function C(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function T(e){var t=x.exec(e.type);return t?e.type=t[1]:e.removeAttribute("type"),e}function k(t,n){var r,o,i,a,s,u,c,l;if(1===n.nodeType){if(p.hasData(t)&&(a=p.access(t),s=p.set(n,a),l=a.events))for(i in delete s.handle,s.events={},l)for(r=0,o=l[i].length;r1&&"string"==typeof S&&!f.checkClone&&y.test(S))return n.each(function(e){var t=n.eq(e);N&&(r[0]=S.call(this,e,t.html())),E(t,r,o,i)});if(w&&(c=(s=l(r,n[0].ownerDocument,!1,n,i)).firstChild,1===s.childNodes.length&&(s=c),c||i)){for(h=(d=e.map(u(s,"script"),C)).length;x")},clone:function(t,n,r){var o,i,a,s,l=t.cloneNode(!0),p=e.contains(t.ownerDocument,t);if(!(f.noCloneChecked||1!==t.nodeType&&11!==t.nodeType||e.isXMLDoc(t)))for(s=u(l),o=0,i=(a=u(t)).length;o0&&c(s,!p&&u(t,"script")),l},cleanData:function(t){for(var n,r,o,i=e.event.special,a=0;void 0!==(r=t[a]);a++)if(h(r)){if(n=r[p.expando]){if(n.events)for(o in n.events)i[o]?e.event.remove(r,o):e.removeEvent(r,o,n.handle);r[p.expando]=void 0}r[d.expando]&&(r[d.expando]=void 0)}}}),e.fn.extend({detach:function(e){return N(this,e,!0)},remove:function(e){return N(this,e)},text:function(t){return r(this,function(t){return void 0===t?e.text(this):this.empty().each(function(){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||(this.textContent=t)})},null,t,arguments.length)},append:function(){return E(this,arguments,function(e){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||w(this,e).appendChild(e)})},prepend:function(){return E(this,arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=w(this,e);t.insertBefore(e,t.firstChild)}})},before:function(){return E(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return E(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},empty:function(){for(var t,n=0;null!=(t=this[n]);n++)1===t.nodeType&&(e.cleanData(u(t,!1)),t.textContent="");return this},clone:function(t,n){return t=null!=t&&t,n=null==n?t:n,this.map(function(){return e.clone(this,t,n)})},html:function(t){return r(this,function(t){var n=this[0]||{},r=0,o=this.length;if(void 0===t&&1===n.nodeType)return n.innerHTML;if("string"==typeof t&&!m.test(t)&&!s[(i.exec(t)||["",""])[1].toLowerCase()]){t=e.htmlPrefilter(t);try{for(;r-1&&(y=(x=y.split(".")).shift(),x.sort()),h=y.indexOf(":")<0&&"on"+y,(a=a[e.expando]?a:new e.Event(y,"object"==typeof a&&a)).isTrigger=c?2:3,a.namespace=x.join("."),a.rnamespace=a.namespace?new RegExp("(^|\\.)"+x.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,a.result=void 0,a.target||(a.target=u),s=null==s?[a]:e.makeArray(s,[a]),g=e.event.special[y]||{},c||!g.trigger||!1!==g.trigger.apply(u,s))){if(!c&&!g.noBubble&&!e.isWindow(u)){for(d=g.delegateType||y,i.test(d+y)||(f=f.parentNode);f;f=f.parentNode)m.push(f),p=f;p===(u.ownerDocument||t)&&m.push(p.defaultView||p.parentWindow||window)}for(l=0;(f=m[l++])&&!a.isPropagationStopped();)a.type=l>1?d:g.bindType||y,(v=(n.get(f,"events")||{})[a.type]&&n.get(f,"handle"))&&v.apply(f,s),(v=h&&f[h])&&v.apply&&r(f)&&(a.result=v.apply(f,s),!1===a.result&&a.preventDefault());return a.type=y,c||a.isDefaultPrevented()||g._default&&!1!==g._default.apply(m.pop(),s)||!r(u)||h&&e.isFunction(u[y])&&!e.isWindow(u)&&((p=u[h])&&(u[h]=null),e.event.triggered=y,u[y](),e.event.triggered=void 0,p&&(u[h]=p)),a.result}},simulate:function(t,n,r){var o=e.extend(new e.Event,r,{type:t,isSimulated:!0});e.event.trigger(o,null,n)}}),e.fn.extend({trigger:function(t,n){return this.each(function(){e.event.trigger(t,n,this)})},triggerHandler:function(t,n){var r=this[0];if(r)return e.event.trigger(t,n,r,!0)}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(1),n(7)],void 0===(o=function(e,t){"use strict";return function(){var n=e.createElement("input"),r=e.createElement("select").appendChild(e.createElement("option"));n.type="checkbox",t.checkOn=""!==n.value,t.optSelected=r.selected,(n=e.createElement("input")).value="t",n.type="radio",t.radioValue="t"===n.value}(),t}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(1),n(19),n(7)],void 0===(o=function(e,t,n,r){"use strict";return function(){function o(){if(l){l.style.cssText="box-sizing:border-box;position:relative;display:block;margin:auto;border:1px;padding:1px;top:1%;width:50%",l.innerHTML="",n.appendChild(c);var e=window.getComputedStyle(l);i="1%"!==e.top,u="2px"===e.marginLeft,a="4px"===e.width,l.style.marginRight="50%",s="4px"===e.marginRight,n.removeChild(c),l=null}}var i,a,s,u,c=t.createElement("div"),l=t.createElement("div");l.style&&(l.style.backgroundClip="content-box",l.cloneNode(!0).style.backgroundClip="",r.clearCloneStyle="content-box"===l.style.backgroundClip,c.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",c.appendChild(l),e.extend(r,{pixelPosition:function(){return o(),i},boxSizingReliable:function(){return o(),a},pixelMarginRight:function(){return o(),s},reliableMarginLeft:function(){return o(),u}}))}(),r}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(20)],void 0===(o=function(e){"use strict";return new RegExp("^("+e+")(?!px)[a-z%]+$","i")}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(1)],void 0===(o=function(e){"use strict";return e.documentElement}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(20)],void 0===(o=function(e){"use strict";return new RegExp("^(?:([+-])=|)("+e+")([a-z%]*)$","i")}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(1),n(21),n(6),n(48),n(47),n(46),n(45),n(4),n(88),n(3),n(23),n(10),n(11),n(14),n(12),n(86)],void 0===(o=function(e,t,n,r,o,i,a,s,u,c){"use strict";var l,f,p=/^(?:toggle|show|hide)$/,d=/queueHooks$/;function h(){f&&(window.requestAnimationFrame(h),e.fx.tick())}function v(){return window.setTimeout(function(){l=void 0}),l=e.now()}function g(e,t){var n,r=0,i={height:e};for(t=t?1:0;r<4;r+=2-t)i["margin"+(n=o[r])]=i["padding"+n]=e;return t&&(i.opacity=i.width=e),i}function m(e,t,n){for(var r,o=(y.tweeners[t]||[]).concat(y.tweeners["*"]),i=0,a=o.length;i-1;)s.splice(r,1),r<=c&&c--}),this},has:function(t){return t?e.inArray(t,s)>-1:s.length>0},empty:function(){return s&&(s=[]),this},disable:function(){return a=u=[],s=o="",this},disabled:function(){return!s},lock:function(){return a=u=[],o||r||(s=o=""),this},locked:function(){return!!a},fireWith:function(e,t){return a||(t=[e,(t=t||[]).slice?t.slice():t],u.push(t),r||l()),this},fire:function(){return f.fireWith(this,arguments),this},fired:function(){return!!i}};return f},e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(27)],void 0===(o=function(e){"use strict";return e.hasOwnProperty}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return{}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(13)],void 0===(o=function(e){"use strict";return e.indexOf}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(13)],void 0===(o=function(e){"use strict";return e.slice}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(44),n(3),n(11),n(33)],void 0===(o=function(e,t){"use strict";var n=/\[\]$/,r=/\r?\n/g,o=/^(?:submit|button|image|reset|file)$/i,i=/^(?:input|select|textarea|keygen)/i;function a(t,r,o,i){var s;if(e.isArray(r))e.each(r,function(e,r){o||n.test(t)?i(t,r):a(t+"["+("object"==typeof r&&null!=r?e:"")+"]",r,o,i)});else if(o||"object"!==e.type(r))i(t,r);else for(s in r)a(t+"["+s+"]",r[s],o,i)}return e.param=function(t,n){var r,o=[],i=function(t,n){var r=e.isFunction(n)?n():n;o[o.length]=encodeURIComponent(t)+"="+encodeURIComponent(null==r?"":r)};if(e.isArray(t)||t.jquery&&!e.isPlainObject(t))e.each(t,function(){i(this.name,this.value)});else for(r in t)a(r,t[r],n,i);return o.join("&")},e.fn.extend({serialize:function(){return e.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var t=e.prop(this,"elements");return t?e.makeArray(t):this}).filter(function(){var n=this.type;return this.name&&!e(this).is(":disabled")&&i.test(this.nodeName)&&!o.test(n)&&(this.checked||!t.test(n))}).map(function(t,n){var o=e(this).val();return null==o?null:e.isArray(o)?e.map(o,function(e){return{name:n.name,value:e.replace(r,"\r\n")}}):{name:n.name,value:o.replace(r,"\r\n")}}).get()}}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/\?/}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0)],void 0===(o=function(e){"use strict";return e.now()}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(5),n(16),n(2)],void 0===(o=function(e,t,n){"use strict";var r=/^(?:input|select|textarea|button)$/i,o=/^(?:a|area)$/i;e.fn.extend({prop:function(n,r){return t(this,e.prop,n,r,arguments.length>1)},removeProp:function(t){return this.each(function(){delete this[e.propFix[t]||t]})}}),e.extend({prop:function(t,n,r){var o,i,a=t.nodeType;if(3!==a&&8!==a&&2!==a)return 1===a&&e.isXMLDoc(t)||(n=e.propFix[n]||n,i=e.propHooks[n]),void 0!==r?i&&"set"in i&&void 0!==(o=i.set(t,r,n))?o:t[n]=r:i&&"get"in i&&null!==(o=i.get(t,n))?o:t[n]},propHooks:{tabIndex:{get:function(t){var n=e.find.attr(t,"tabindex");return n?parseInt(n,10):r.test(t.nodeName)||o.test(t.nodeName)&&t.href?0:-1}}},propFix:{for:"htmlFor",class:"className"}}),n.optSelected||(e.propHooks.selected={get:function(e){var t=e.parentNode;return t&&t.parentNode&&t.parentNode.selectedIndex,null},set:function(e){var t=e.parentNode;t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex)}}),e.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){e.propFix[this.toLowerCase()]=this})}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return function(e,t){return{get:function(){if(!e())return(this.get=t).apply(this,arguments);delete this.get}}}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(18),n(37),n(36),n(17),n(2)],void 0===(o=function(e,t,n,r,o){"use strict";return function(i,a,s){var u,c,l,f,p=i.style;return(s=s||r(i))&&(""!==(f=s.getPropertyValue(a)||s[a])||e.contains(i.ownerDocument,i)||(f=e.style(i,a)),!o.pixelMarginRight()&&t.test(f)&&n.test(a)&&(u=p.width,c=p.minWidth,l=p.maxWidth,p.minWidth=p.maxWidth=p.width=f,f=s.width,p.width=u,p.minWidth=c,p.maxWidth=l)),void 0!==f?f+"":f}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return function(e){var t=e.ownerDocument.defaultView;return t&&t.opener||(t=window),t.getComputedStyle(e)}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/^margin/}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(43),n(42),n(41),n(40),n(39)],void 0===(o=function(e,t,n,r,o,i){"use strict";var a=/<|&#?\w+;/;return function(s,u,c,l,f){for(var p,d,h,v,g,m,y=u.createDocumentFragment(),x=[],b=0,w=s.length;b-1)f&&f.push(p);else if(g=e.contains(p.ownerDocument,p),d=o(y.appendChild(p),"script"),g&&i(d),c)for(m=0;p=d[m++];)n.test(p.type||"")&&c.push(p);return y}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(4)],void 0===(o=function(e){"use strict";return function(t,n){for(var r=0,o=t.length;r",""],thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};return e.optgroup=e.option,e.tbody=e.tfoot=e.colgroup=e.caption=e.thead,e.th=e.td,e}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/^$|\/(?:java|ecma)script/i}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/<([a-z][^\/\0>\x20\t\r\n\f]+)/i}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/^(?:checkbox|radio)$/i}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(21)],void 0===(o=function(e,t){"use strict";return function(n,r,o,i){var a,s=1,u=20,c=i?function(){return i.cur()}:function(){return e.css(n,r,"")},l=c(),f=o&&o[3]||(e.cssNumber[r]?"":"px"),p=(e.cssNumber[r]||"px"!==f&&+l)&&t.exec(e.css(n,r));if(p&&p[3]!==f){f=f||p[3],o=o||[],p=+l||1;do{p/=s=s||".5",e.style(n,r,p+f)}while(s!==(s=c()/l)&&1!==s&&--u)}return o&&(p=+p||+l||0,a=o[1]?p+(o[1]+1)*o[2]:+o[2],i&&(i.unit=f,i.start=p,i.end=a)),a}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return function(e,t,n,r){var o,i,a={};for(i in t)a[i]=e.style[i],e.style[i]=t[i];for(i in o=n.apply(e,r||[]),t)e.style[i]=a[i];return o}}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(2)],void 0===(o=function(e){"use strict";return function(t,n){return"none"===(t=n||t).style.display||""===t.style.display&&e.contains(t.ownerDocument,t)&&"none"===e.css(t,"display")}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return["Top","Right","Bottom","Left"]}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(50)],void 0===(o=function(e){"use strict";return new e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(6),n(24)],void 0===(o=function(e,t,n){"use strict";function r(){this.expando=e.expando+r.uid++}return r.uid=1,r.prototype={cache:function(e){var t=e[this.expando];return t||(t={},n(e)&&(e.nodeType?e[this.expando]=t:Object.defineProperty(e,this.expando,{value:t,configurable:!0}))),t},set:function(t,n,r){var o,i=this.cache(t);if("string"==typeof n)i[e.camelCase(n)]=r;else for(o in n)i[e.camelCase(o)]=n[o];return i},get:function(t,n){return void 0===n?this.cache(t):t[this.expando]&&t[this.expando][e.camelCase(n)]},access:function(e,t,n){return void 0===t||t&&"string"==typeof t&&void 0===n?this.get(e,t):(this.set(e,t,n),void 0!==n?n:t)},remove:function(n,r){var o,i=n[this.expando];if(void 0!==i){if(void 0!==r){o=(r=e.isArray(r)?r.map(e.camelCase):(r=e.camelCase(r))in i?[r]:r.match(t)||[]).length;for(;o--;)delete i[r[o]]}(void 0===r||e.isEmptyObject(i))&&(n.nodeType?n[this.expando]=void 0:delete n[this.expando])}},hasData:function(t){var n=t[this.expando];return void 0!==n&&!e.isEmptyObject(n)}},r}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(1),n(10)],void 0===(o=function(e,t){"use strict";var n=e.Deferred();function r(){t.removeEventListener("DOMContentLoaded",r),window.removeEventListener("load",r),e.ready()}e.fn.ready=function(e){return n.then(e),this},e.extend({isReady:!1,readyWait:1,holdReady:function(t){t?e.readyWait++:e.ready(!0)},ready:function(r){(!0===r?--e.readyWait:e.isReady)||(e.isReady=!0,!0!==r&&--e.readyWait>0||n.resolveWith(t,[e]))}}),e.ready.then=n.then,"complete"===t.readyState||"loading"!==t.readyState&&!t.documentElement.doScroll?window.setTimeout(e.ready):(t.addEventListener("DOMContentLoaded",r),window.addEventListener("load",r))}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(28),n(54),n(2)],void 0===(o=function(e,t,n){"use strict";var r=/^.[^:#\[\.,]*$/;function o(n,o,i){if(e.isFunction(o))return e.grep(n,function(e,t){return!!o.call(e,t,e)!==i});if(o.nodeType)return e.grep(n,function(e){return e===o!==i});if("string"==typeof o){if(r.test(o))return e.filter(o,n,i);o=e.filter(o,n)}return e.grep(n,function(e){return t.call(o,e)>-1!==i&&1===e.nodeType})}e.filter=function(t,n,r){var o=n[0];return r&&(t=":not("+t+")"),1===n.length&&1===o.nodeType?e.find.matchesSelector(o,t)?[o]:[]:e.find.matches(t,e.grep(n,function(e){return 1===e.nodeType}))},e.fn.extend({find:function(t){var n,r,o=this.length,i=this;if("string"!=typeof t)return this.pushStack(e(t).filter(function(){for(n=0;n1?e.uniqueSort(r):r},filter:function(e){return this.pushStack(o(this,e||[],!1))},not:function(e){return this.pushStack(o(this,e||[],!0))},is:function(t){return!!o(this,"string"==typeof t&&n.test(t)?e(t):t||[],!1).length}})}.apply(t,r))||(e.exports=o)},function(e,t,n){var r;void 0===(r=function(){"use strict";return/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i}.call(t,n,t,e))||(e.exports=r)},function(e,t,n){var r,o;r=[n(0),n(2)],void 0===(o=function(e){"use strict";return e.expr.match.needsContext}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(1)],void 0===(o=function(e){"use strict";return function(t,n){var r=(n=n||e).createElement("script");r.text=t,n.head.appendChild(r).parentNode.removeChild(r)}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(26)],void 0===(o=function(e){"use strict";return e.toString}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(13)],void 0===(o=function(e){"use strict";return e.push}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(13)],void 0===(o=function(e){"use strict";return e.concat}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(2),n(11),n(25),n(10),n(91),n(51),n(90),n(23),n(89),n(85),n(9),n(81),n(80),n(14),n(78),n(75),n(12),n(74),n(30),n(8),n(73),n(72),n(71),n(70),n(67),n(22),n(66),n(65),n(64),n(63),n(62)],void 0===(o=function(e){"use strict";return window.jQuery=window.$=e}.apply(t,r))||(e.exports=o)},function(e,t,n){"use strict";var r=function(e,t,n,r){var o;if(o=r?document.createElementNS("http://www.w3.org/2000/svg",e):document.createElement(e),n){Array.isArray(n)||(n=[n]);for(var i=0;i6&&n<10)return(0|(t=e/1e6))===t||0===Math.round(e%1e6/1e5)?(0|t)+"M":(0|t)+"."+Math.round(e%1e6/1e5)+"M";if(n>5)return(0|(t=e/1e3))===t||0===Math.round(e%1e3/100)?(0|t)+"K":(0|t)+"."+Math.round(e%1e3/100)+"K";if(n>3){var r=e%1e3|0;return r<10?r="00"+r:r<100&&(r="0"+r),(e/1e3|0)+","+r}return(0|e)+""},Animate:{show:function(e,t){"undefined"===t&&(t=0),e.style.display="block",e.style.opacity=0,setTimeout(function(){e.style.opacity=1},t)},hide:function(e,t){window.getComputedStyle(e).opacity>0&&(void 0===t&&(t=500),e.style.opacity=0,setTimeout(function(){e.style.display="none"},t))}},ComponentProto:{attach:function(e){return this.node?(e.appendChild(this.node),this):null},remove:function(){return this.node&&this.node.parentNode?(this.node.parentNode.removeChild(this.node),this):null}}};e.exports=o},function(e,t,n){"use strict";var r,o,i,a,s,u=window,c={},l=function(){},f=function(e,t){if(function(e){return null===e.offsetParent}(e))return!1;var n=e.getBoundingClientRect();return n.right>=t.l&&n.bottom>=t.t&&n.left<=t.r&&n.top<=t.b},p=function(){!a&&o||(clearTimeout(o),o=setTimeout(function(){c.render(),o=null},i))};c.init=function(e){var t=(e=e||{}).offset||0,n=e.offsetVertical||t,o=e.offsetHorizontal||t,f=function(e,t){return parseInt(e||t,10)};r={t:f(e.offsetTop,n),b:f(e.offsetBottom,n),l:f(e.offsetLeft,o),r:f(e.offsetRight,o)},i=f(e.throttle,250),a=!1!==e.debounce,s=!!e.unload,l=e.callback||l,c.render(),document.addEventListener?(u.addEventListener("scroll",p,!1),u.addEventListener("load",p,!1)):(u.attachEvent("onscroll",p),u.attachEvent("onload",p))},c.render=function(e){for(var t,n,o=(e||document).querySelectorAll("[data-echo], [data-echo-background]"),i=o.length,a={l:0-r.l,t:0-r.t,b:(u.innerHeight||document.documentElement.clientHeight)+r.b,r:(u.innerWidth||document.documentElement.clientWidth)+r.r},p=0;p-1?(s=(o=f.position()).top,i=o.left):(s=parseFloat(a)||0,i=parseFloat(c)||0),e.isFunction(n)&&(n=n.call(t,r,e.extend({},u))),null!=n.top&&(p.top=n.top-u.top+s),null!=n.left&&(p.left=n.left-u.left+i),"using"in n?n.using.call(t,p):f.css(p)}},e.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(n){e.offset.setOffset(this,t,n)});var n,r,o,i,a=this[0];return a?a.getClientRects().length?(o=a.getBoundingClientRect()).width||o.height?(r=u(i=a.ownerDocument),n=i.documentElement,{top:o.top+r.pageYOffset-n.clientTop,left:o.left+r.pageXOffset-n.clientLeft}):o:{top:0,left:0}:void 0},position:function(){if(this[0]){var t,n,r=this[0],o={top:0,left:0};return"fixed"===e.css(r,"position")?n=r.getBoundingClientRect():(t=this.offsetParent(),n=this.offset(),e.nodeName(t[0],"html")||(o=t.offset()),o={top:o.top+e.css(t[0],"borderTopWidth",!0),left:o.left+e.css(t[0],"borderLeftWidth",!0)}),{top:n.top-o.top-e.css(r,"marginTop",!0),left:n.left-o.left-e.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){for(var t=this.offsetParent;t&&"static"===e.css(t,"position");)t=t.offsetParent;return t||r})}}),e.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(n,r){var o="pageYOffset"===r;e.fn[n]=function(e){return t(this,function(e,t,n){var i=u(e);if(void 0===n)return i?i[r]:e[t];i?i.scrollTo(o?i.pageXOffset:n,o?n:i.pageYOffset):e[t]=n},n,e,arguments.length)}}),e.each(["top","left"],function(t,n){e.cssHooks[n]=a(s.pixelPosition,function(t,r){if(r)return r=i(t,n),o.test(r)?e(t).position()[n]+"px":r})}),e}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(2),n(22)],void 0===(o=function(e){"use strict";e.expr.pseudos.animated=function(t){return e.grep(e.timers,function(e){return t===e.elem}).length}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(9)],void 0===(o=function(e){"use strict";e.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(t,n){e.fn[n]=function(e){return this.on(n,e)}})}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(1),n(7)],void 0===(o=function(e,t){"use strict";return t.createHTMLDocument=function(){var t=e.implementation.createHTMLDocument("").body;return t.innerHTML="
",2===t.childNodes.length}(),t}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(1),n(53),n(38),n(68)],void 0===(o=function(e,t,n,r,o){"use strict";return e.parseHTML=function(i,a,s){return"string"!=typeof i?[]:("boolean"==typeof a&&(s=a,a=!1),a||(o.createHTMLDocument?((u=(a=t.implementation.createHTMLDocument("")).createElement("base")).href=t.location.href,a.head.appendChild(u)):a=t),c=n.exec(i),l=!s&&[],c?[a.createElement(c[1])]:(c=r([i],a,l),l&&l.length&&e(l).remove(),e.merge([],c.childNodes)));var u,c,l},e.parseHTML}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(69),n(8),n(11),n(14),n(2)],void 0===(o=function(e){"use strict";e.fn.load=function(t,n,r){var o,i,a,s=this,u=t.indexOf(" ");return u>-1&&(o=e.trim(t.slice(u)),t=t.slice(0,u)),e.isFunction(n)?(r=n,n=void 0):n&&"object"==typeof n&&(i="POST"),s.length>0&&e.ajax({url:t,type:i||"GET",dataType:"html",data:n}).done(function(t){a=arguments,s.html(o?e("
").append(e.parseHTML(t)).find(o):t)}).always(r&&function(e,t){s.each(function(){r.apply(this,a||[e.responseText,t,e])})}),this}}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(32),n(31),n(8)],void 0===(o=function(e,t,n){"use strict";var r=[],o=/(=)\?(?=&|$)|\?\?/;e.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var n=r.pop()||e.expando+"_"+t++;return this[n]=!0,n}}),e.ajaxPrefilter("json jsonp",function(t,i,a){var s,u,c,l=!1!==t.jsonp&&(o.test(t.url)?"url":"string"==typeof t.data&&0===(t.contentType||"").indexOf("application/x-www-form-urlencoded")&&o.test(t.data)&&"data");if(l||"jsonp"===t.dataTypes[0])return s=t.jsonpCallback=e.isFunction(t.jsonpCallback)?t.jsonpCallback():t.jsonpCallback,l?t[l]=t[l].replace(o,"$1"+s):!1!==t.jsonp&&(t.url+=(n.test(t.url)?"&":"?")+t.jsonp+"="+s),t.converters["script json"]=function(){return c||e.error(s+" was not called"),c[0]},t.dataTypes[0]="json",u=window[s],window[s]=function(){c=arguments},a.always(function(){void 0===u?e(window).removeProp(s):window[s]=u,t[s]&&(t.jsonpCallback=i.jsonpCallback,r.push(s)),c&&e.isFunction(u)&&u(c[0]),c=u=void 0}),"script"})}.apply(t,r))||(e.exports=o)},function(e,t,n){var r,o;r=[n(0),n(1),n(8)],void 0===(o=function(e,t){"use strict";e.ajaxPrefilter(function(e){e.crossDomain&&(e.contents.script=!1)}),e.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(t){return e.globalEval(t),t}}}),e.ajaxPrefilter("script",function(e){void 0===e.cache&&(e.cache=!1),e.crossDomain&&(e.type="GET")}),e.ajaxTransport("script",function(n){var r,o;if(n.crossDomain)return{send:function(i,a){r=e("