12a8a34bdc
Fixed JS injection vulnerability.
...
JavaScript in the user's full name or username was executed when adding
that user to a project.
2017-05-24 16:32:05 +02:00
85b6ff2d7f
Use str2id(x) instead of ObjectId(x)
...
The latter produces an internal server error if 'x' is not a valid ObjectId,
whereas the fromer produces a 400 Bad Request.
2017-05-24 16:31:15 +02:00
4edbcd6a98
PEP8 formatting
2017-05-24 15:48:27 +02:00
2ba52e2467
Allow extensions to have a project settings page.
2017-05-24 15:48:27 +02:00
b7bccfeee3
Annotate sidebar_links(project) param + return type
2017-05-24 15:48:27 +02:00
43a04880e0
Allow extensions to declare their icon.
...
The PillarExtension.icon() property returns the icon HTML class,
for use like i.pi-{{ext.icon}}
2017-05-24 15:48:27 +02:00
0cf96e47e8
Added @project_view() decorator to reduce duplicated code.
2017-05-24 15:48:27 +02:00
7fbe648d99
Import current_app from pillar instead of flask
2017-05-24 15:48:27 +02:00
1ce13b71a3
Add type annotation to app.pillar_extensions
2017-05-24 15:48:27 +02:00
4e268510f2
Declare pillar.current_app before importing other Pillar modules.
...
This makes it easier/possible to just do "from pillar import current_app"
in submodules.
2017-05-24 15:48:27 +02:00
1f2dd34683
No longer using deprecated @abc.abstractproperty
...
See https://docs.python.org/3/library/abc.html#abc.abstractproperty for
more info.
2017-05-24 15:48:27 +02:00
c50f745744
Bottom sitemap: Fix URLs
2017-05-24 14:51:20 +02:00
5e721c61b9
Added function to easily remove someone from a group.
2017-05-24 10:56:53 +02:00
8c1dbf984b
Homepage update for Blender Cloud
...
Now with more Agent!
2017-05-22 15:59:43 +02:00
38df6e873b
Extracted function to generate authentication tokens for service accounts.
2017-05-19 12:02:00 +02:00
ef2d8d14a0
Added PillarServer.validator_for_resource()
...
This makes it possible to perform Cerberus validation on documents.
2017-05-18 16:32:05 +02:00
1f0a855510
Added pillar.current_app local proxy
...
This proxy is annotated as PillarServer instance, so using it in an IDE
will give you much better autocompletion.
2017-05-18 16:31:43 +02:00
50d62f17b8
Allow specification of full name when creating service account
2017-05-18 15:46:02 +02:00
c12b646b09
More logging in PATCH handler
2017-05-18 15:46:02 +02:00
cbe182a298
Gravatar: support None email addresses
2017-05-18 15:46:02 +02:00
59a95450e5
Updated Eve, Flask, and Werkzeug. Adjusted code to make Pillar work again.
...
Eve : 0.6.3 → 0.7.3
Flask : 0.10.1 → 0.12.2
Werkzeug: 0.11.10 → 0.11.15
Also updated some secondary requirements.
2017-05-18 15:46:02 +02:00
e4f221ab13
Take default crappy secret key from config.py
...
This forces anyone installing Pillar to actually generate a proper secret.
2017-05-18 15:46:02 +02:00
4ad82a1eb3
Updated algoliasearch requirement in setup.py
2017-05-18 15:46:02 +02:00
47b81055fd
PEP8 formatting
2017-05-18 15:46:02 +02:00
19d9684a67
Raise ConfigurationMissingError instead of SystemExit
2017-05-18 15:46:02 +02:00
091c70e735
Project homepage responsive tweak
...
Full width for latest cards
2017-05-15 11:56:13 +02:00
abcb0c27a0
Remove Agent 327 special content lock
2017-05-15 11:55:43 +02:00
71403e6f28
Tests: Allow specification of user's email address
2017-05-12 14:48:36 +02:00
9a10c86329
Added pillar.auth.current_web_user to easily get the current UserClass.
2017-05-12 13:55:55 +02:00
fdb9154b85
Allow login_user() to load the user from the database
...
This makes it easier to properly log someone in from a unit test.
2017-05-12 13:55:55 +02:00
2703617179
Added 'groups' property to UserClass
...
This property was created by _load_user(), but never had a default
value set in UserClass.__init__().
2017-05-12 13:55:55 +02:00
9f752e2584
Made AnonymousUser a subclass of UserClass
2017-05-12 13:55:55 +02:00
82437724cc
Added some type annotation
...
The web layer uses string IDs, whereas the API layer uses ObjectIDs.
Those annotations make it a bit more explicit what is used where.
2017-05-12 13:55:55 +02:00
080d98f57c
Removed unused imports
2017-05-12 13:55:55 +02:00
ad9a981cda
Added p.a.users.add_user_to_group() function
2017-05-12 13:55:55 +02:00
7c5aef033d
Some more checks on p.a.project.utils.get_admin_group_id()
2017-05-12 13:55:55 +02:00
d2f548faf9
Proper type annotations for PillarServer.db()
2017-05-12 13:55:55 +02:00
203c6418fd
Added pillar.flask_extra.vary_xhr() decorator
...
This produces a 'Vary: X-Requested-With' header on the response of
decorated view functions, which indicates to the browser (or intermediate
proxy servers) that the response may/will will be different for XHR and
non-XHR requests.
2017-05-12 13:55:55 +02:00
736686390f
Move activities styling to Pillar
...
Since activities is a core part of Pillar
2017-05-10 15:58:56 +02:00
c66a6e67c8
Added p.a.project.utils.user_rights_in_project()
...
This returns the allowed HTTP method for the current user in the given
project. This is used for access control on Flamenco, for example.
2017-05-10 12:09:48 +02:00
a139e8c41a
Added p.a.projects.utils.get_admin_group_id()
2017-05-10 12:09:09 +02:00
ee7af393a0
Use annotations to declare types (instead of docstring)
2017-05-10 12:08:45 +02:00
a6617cae68
Allow current_app.db('collections-name')
...
This mimics the use in Flamenco (current_flamenco.db('collection_name')),
and makes calling code a bit nicer (db('coll') instead of db()['coll'])
2017-05-10 12:08:11 +02:00
319f815985
Some more logging in pillar.api.blender_cloud.subscription.update_subscription
2017-05-10 12:04:34 +02:00
c77a6b9d21
More logging in pillar.api.service.do_badger()
2017-05-10 11:15:29 +02:00
c854ccbb4b
Generic PATCH handler class.
...
A class-based approach is easier to extend than the function-based approach
used in the nodes. That one is still there, though -- might look at it
at a later time. This handler is primarily for Flamenco.
2017-05-09 14:08:35 +02:00
fdaf4af31a
Modernised some unit tests
2017-05-05 14:40:37 +02:00
69d7c5c5ce
Allow service accounts to be email-less
...
This removes the ability of updating service accounts through the CLI
(something we never used anyway), now that service accounts cannot be
uniquely identified by their email address.
2017-05-05 14:34:18 +02:00
095f1cda0c
Added "Switch user" functionality.
...
The user isn't logged out until the new user logs in. This allows you to
click on "Log in as different user", hit the back button, and still be
logged in.
2017-05-05 12:56:19 +02:00
c3eb97e24c
Log redirect URL for users after logging in with Blender ID.
2017-05-05 12:55:29 +02:00
