47b81055fd
PEP8 formatting
2017-05-18 15:46:02 +02:00
19d9684a67
Raise ConfigurationMissingError instead of SystemExit
2017-05-18 15:46:02 +02:00
091c70e735
Project homepage responsive tweak
...
Full width for latest cards
2017-05-15 11:56:13 +02:00
abcb0c27a0
Remove Agent 327 special content lock
2017-05-15 11:55:43 +02:00
71403e6f28
Tests: Allow specification of user's email address
2017-05-12 14:48:36 +02:00
9a10c86329
Added pillar.auth.current_web_user to easily get the current UserClass.
2017-05-12 13:55:55 +02:00
fdb9154b85
Allow login_user() to load the user from the database
...
This makes it easier to properly log someone in from a unit test.
2017-05-12 13:55:55 +02:00
2703617179
Added 'groups' property to UserClass
...
This property was created by _load_user(), but never had a default
value set in UserClass.__init__().
2017-05-12 13:55:55 +02:00
9f752e2584
Made AnonymousUser a subclass of UserClass
2017-05-12 13:55:55 +02:00
82437724cc
Added some type annotation
...
The web layer uses string IDs, whereas the API layer uses ObjectIDs.
Those annotations make it a bit more explicit what is used where.
2017-05-12 13:55:55 +02:00
080d98f57c
Removed unused imports
2017-05-12 13:55:55 +02:00
ad9a981cda
Added p.a.users.add_user_to_group() function
2017-05-12 13:55:55 +02:00
7c5aef033d
Some more checks on p.a.project.utils.get_admin_group_id()
2017-05-12 13:55:55 +02:00
d2f548faf9
Proper type annotations for PillarServer.db()
2017-05-12 13:55:55 +02:00
203c6418fd
Added pillar.flask_extra.vary_xhr() decorator
...
This produces a 'Vary: X-Requested-With' header on the response of
decorated view functions, which indicates to the browser (or intermediate
proxy servers) that the response may/will will be different for XHR and
non-XHR requests.
2017-05-12 13:55:55 +02:00
736686390f
Move activities styling to Pillar
...
Since activities is a core part of Pillar
2017-05-10 15:58:56 +02:00
c66a6e67c8
Added p.a.project.utils.user_rights_in_project()
...
This returns the allowed HTTP method for the current user in the given
project. This is used for access control on Flamenco, for example.
2017-05-10 12:09:48 +02:00
a139e8c41a
Added p.a.projects.utils.get_admin_group_id()
2017-05-10 12:09:09 +02:00
ee7af393a0
Use annotations to declare types (instead of docstring)
2017-05-10 12:08:45 +02:00
a6617cae68
Allow current_app.db('collections-name')
...
This mimics the use in Flamenco (current_flamenco.db('collection_name')),
and makes calling code a bit nicer (db('coll') instead of db()['coll'])
2017-05-10 12:08:11 +02:00
319f815985
Some more logging in pillar.api.blender_cloud.subscription.update_subscription
2017-05-10 12:04:34 +02:00
c77a6b9d21
More logging in pillar.api.service.do_badger()
2017-05-10 11:15:29 +02:00
c854ccbb4b
Generic PATCH handler class.
...
A class-based approach is easier to extend than the function-based approach
used in the nodes. That one is still there, though -- might look at it
at a later time. This handler is primarily for Flamenco.
2017-05-09 14:08:35 +02:00
fdaf4af31a
Modernised some unit tests
2017-05-05 14:40:37 +02:00
69d7c5c5ce
Allow service accounts to be email-less
...
This removes the ability of updating service accounts through the CLI
(something we never used anyway), now that service accounts cannot be
uniquely identified by their email address.
2017-05-05 14:34:18 +02:00
095f1cda0c
Added "Switch user" functionality.
...
The user isn't logged out until the new user logs in. This allows you to
click on "Log in as different user", hit the back button, and still be
logged in.
2017-05-05 12:56:19 +02:00
c3eb97e24c
Log redirect URL for users after logging in with Blender ID.
2017-05-05 12:55:29 +02:00
b1b91a7b29
Timeout (10s) on store API calls + better exception handling
...
We now log connection errors, timeouts, and other Requests errors, and
return None so that the login flow of the user can continue.
2017-05-05 12:55:05 +02:00
870800e8d2
Stop flashing 'Please log in to access this page.'
...
This message was "flashed" (http://flask.pocoo.org/docs/0.12/patterns/flashing/ )
by Flask-Login. This happens on every unauthorised request, so also on
AJAX requests (like for the notifications). As a result, a user could be
spammed by a screen full of these messages if they left their window open
and their session timed out.
2017-05-05 10:40:08 +02:00
379d40837b
Fixed issues logging in.
...
The API call to /api/bcloud/update-subscription is now performed via the
SDK, to ensure proper authentication. Also streamlined some other code.
2017-05-05 10:29:16 +02:00
10a40ddabd
Make Blender ID URL work with live URL too
2017-05-04 18:29:11 +02:00
118de12712
Always return a HTTP response
2017-05-04 18:24:08 +02:00
cfa31ab542
JS mistake
2017-05-04 18:23:55 +02:00
47ba5e18a3
Give users a "Re-check my subscription" button.
2017-05-04 18:15:35 +02:00
1a54b723aa
Reworked subscription/demo role management from web to API level.
...
In the old situation, users had to be able to change their own roles. This
is inherently insecure.
2017-05-04 17:49:18 +02:00
d0557445cd
Fix privilege escalation leak
...
A PUT request on /api/user/{user-id} by the user themselves would allow
too much, and would allow self-granting of roles (including admin),
group membership (so join any arbitrary project) and pretend to be
service accounts.
2017-05-04 12:48:30 +02:00
1ad3e7910c
Upgrade algoliasearch
2017-04-11 12:08:57 +02:00
49895805e3
Display project description in instead of summary
2017-04-07 09:02:08 +02:00
bd3f8d597a
Allow upload of videos > 1080p
...
Videos that are larger than 1920x1080 pixels are scaled down so that they
fit that size. Care is taken to keep the width a multiple of 16 pixels and
the height a multiple of 8.
2017-03-31 14:52:58 +02:00
c711a04e6c
Added some type annotations (no functional differences)
2017-03-31 13:14:07 +02:00
1cb7a92e40
Removed old mock-EncoderJob and replaced it with a dict
...
The real value is a dict too, anyway.
2017-03-31 13:12:08 +02:00
d8640df115
Made markdown jinja filter None-safe
2017-03-30 09:37:48 +02:00
4c704c8cda
Pipe description & content of featured nodes through markdown
2017-03-30 09:23:59 +02:00
6f9feea8a9
Locally hosting jstree, instead of linking to cloudflare.
...
Should speed up the site, and remove a possible point of failure.
This also upgrades JSTree to the latest version (3.3.3).
2017-03-29 16:57:26 +02:00
dde5526022
Updated HDRi specifics in the "join" page
2017-03-29 16:46:49 +02:00
34a6fb064c
Removed illegal 'home_project' tag
2017-03-29 16:43:08 +02:00
cecc9bc7fb
Added "Copy yaw" button to HDRIs
...
The button is only shown to people with the right to edit the current
node. I've also simplified some CSS, with the help of @venomgfx.
2017-03-28 18:11:08 +02:00
9ccf4474bc
Fix for missing tag in Markdown validator
2017-03-28 17:54:10 +02:00
3622fad9c2
Merge remote-tracking branch 'origin/master'
2017-03-28 16:43:22 +02:00
c846ee9823
Add support for video tag
2017-03-28 16:43:12 +02:00
