9e2664fe20
Ignore google_app.json, as it should never be committed.
2016-05-02 11:13:19 +02:00
0652762d3a
Disable order and notes visibility for asset and group
2016-04-29 15:44:08 +02:00
cffe678ca3
Default settings for basic node_types
2016-04-29 15:22:11 +02:00
aebbe019b5
Limit default node_types to group, asset and comment
2016-04-29 15:17:38 +02:00
a919792f5a
Fix for extension and filename storage
...
Previously it was saved without quotes, which resulted in incorrect
filename display in Firefox. Also, file extension was deduced from the
file_format, while now we deduce it from the original filename (if not
already specified in the asset name).
2016-04-29 14:37:57 +02:00
6673e31675
Skip indexing of nodes of a private project
2016-04-29 13:37:01 +02:00
fbbe54d374
New add_group_to_projects in manage.py
...
Prototype to add a specific group, in read-only mode, to all standard
node_types for all projects.
2016-04-27 10:43:31 +02:00
cf203b04f8
Be less secretive about users; allow limited anonymous /users/id access.
...
Anonymous users can now obtain full_name and email fields from any
user. Authenticated users can also obtain those fields from other
users, and all info about themselves.
2016-04-26 17:27:56 +02:00
d5c2df371a
Small test change: do as little as possible in an app test context.
2016-04-26 12:38:44 +02:00
e600d87592
Secure write access to /users endpoint
...
- Admins can PUT everything
- Users can only PUT themselves
- The 'auth' field is always taken from the original, and never overwritten
by the PUT. It can be missing from the request, so you can GET and then
PUT the same data.
- Nobody can POST or DELETE users
2016-04-26 12:38:44 +02:00
5c04cdbd6e
Secure read access to /users endpoint.
...
- auth field is never returned
- unauthenticated access is rejected
- non-admin users can only access themselves
2016-04-26 12:38:44 +02:00
410cd1fd4c
Moved user-related code from application to modules/users.py
2016-04-26 12:38:44 +02:00
c45ac153e2
Added bcrypt to requirements.txt
2016-04-26 12:38:44 +02:00
2a2d35827c
Added local accounts
2016-04-26 12:34:16 +02:00
aa47c2b4a6
Allow overriding Eve settings from env in test
...
Environment variables for Eve settings are now used in unit tests.
2016-04-26 12:34:16 +02:00
974f135e63
Measure unit test coverage.
...
Coverage is reported with py.test, and also "Run unit tests in ... with
coverage" is now supported in PyCharm.
2016-04-25 16:43:09 +02:00
c83f64d36f
Allow deletion of projects by members of its admin group.
2016-04-25 16:41:57 +02:00
31e802619e
Support soft-deleting projects.
...
See http://python-eve.org/features.html#soft-delete for more info.
2016-04-25 16:14:05 +02:00
5116b74d1d
Updated Eve to 0.6.3
...
This also updates Cerberus to 0.9.2 and simplejson to 3.8.2.
I've also changed the way we get to the application object, by replacing
from application import app
with
from flask import current_app
2016-04-25 16:14:05 +02:00
a6258f5193
Limit project editing for subscribers.
...
Certain fields are limited for subscribers. Also, subscribers are checked
against the project permissions.
Users with the 'admin' role can edit all fields, on any project.
2016-04-25 16:14:05 +02:00
4edb8cfd39
Ensure that the returned project contains the correct etag.
...
The etag of the post_internal response was used, which is NOT the
same as the etag of the project document itself.
2016-04-25 16:14:05 +02:00
5c590c4dc4
Put Eve in debug mode when unittesting.
...
This gives us much more concrete information when a test fails.
Note that this info is generally put into the HTTP response data,
and not logged to any logger.
2016-04-25 16:14:05 +02:00
9083a31812
Renamed variable to something more sensible.
2016-04-25 16:14:05 +02:00
48b1bda545
Merge remote-tracking branch 'origin/master'
2016-04-25 11:58:41 +02:00
34b95116dc
Tweak comment ownership
2016-04-22 18:48:28 +02:00
728a900e68
Remove unused imports
2016-04-22 16:09:49 +02:00
9a400d5414
Use the new /p/create function from manage.py too.
2016-04-19 16:50:51 +02:00
4b9dd29ad5
Added /p/create entry point to create new projects.
...
This requires the user to be logged in. The project will be owned by that
user.
2016-04-19 16:50:46 +02:00
c3f0882a10
changed default scheme to HTTPS
2016-04-18 12:05:17 +02:00
7df278ef1f
Added manage.py cmd to refresh all file links of a certain backend.
2016-04-18 11:03:21 +02:00
d808b76d65
Store is_subclient_token bool in token collection.
2016-04-15 16:27:24 +02:00
15dffa3d28
Attract node type permissions: from project & allow DELETE by default.
...
Instead of using default permissions (with only write access by admin
group), we now copy the project permissions. Then, for everyone who
has PUT access, DELETE on the node is also allowed.
2016-04-15 14:30:12 +02:00
222b2e95e2
Simplified effective permission computation.
2016-04-15 14:28:44 +02:00
4e9182ef38
Missed BlenderID API change in unittest
2016-04-15 14:27:54 +02:00
36b31fee7c
Missed one BlenderID API change
2016-04-15 12:33:26 +02:00
0bdd3b0a31
Updated for changes in BlenderID validate_token URL and response.
...
See BlenderID change 432034f858fbfd695f3ce0a0b3724524de7a05bb
2016-04-15 12:19:43 +02:00
66eeb25529
Unify tokens and subclient tokens
...
SCST tokens are now stored in the 'tokens' table.
This unifies old token handling and new subclient-specific tokens.
Also ensures the BlenderID expiry of the token is taken into account.
Removes use of httpretty, in favour of responses.
2016-04-13 15:33:54 +02:00
0f6eeef32b
Upgraded to gcloud-0.12.0
...
This removes the need to use a Git checkout, and allows us to use an
actual version number again, with a package from PyPi.
2016-04-13 10:50:49 +02:00
e898fe0315
Use Blender ID subclient-specific token to find the user.
...
TODO: also store expiry timestamp
TODO: allow multiple subclient-specific tokens per user
2016-04-12 16:53:27 +02:00
bd8e0e56a4
Security: don't log subclient token.
2016-04-12 16:05:37 +02:00
aeee165ad8
subclient tokens: bugfix & return proper data.
...
Also introduces responses, as an alternative to httpretty (it works
better).
2016-04-12 15:24:50 +02:00
e0460f8518
Don't crash when Algolia is unavailable, when updating user.
2016-04-12 15:21:37 +02:00
3d9fe76271
Added subclient token verification & storage.
2016-04-08 18:45:35 +02:00
771b091626
Use config when running devserver
2016-04-05 17:38:11 +02:00
5e74120c3f
Use put_internal instead.
2016-04-05 12:32:05 +02:00
1120a59e30
Added management command for adding Attract node types to a project.
...
./manage.py setup_for_attract {project UUID} [--replace]
2016-04-05 12:25:41 +02:00
6f8afbbdc0
Replaced print statement with print function
2016-04-04 17:32:48 +02:00
e433e90dd8
Bugfix
2016-04-04 17:31:06 +02:00
669aea7436
Testing should have debug mode disabled.
2016-04-04 16:10:55 +02:00
7a171f471c
Renamed package 'manage' to 'manage_extra'
...
There already is a Flask-default 'manage.py', and with a subdir 'manage'
in the same directory, 'import manage' is ambiguous.
2016-04-04 15:40:46 +02:00
