archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity
1,386 Commits 12 Branches 2 Tags
62542f032921ba8dcbabcd9f4e8f222467bd0953
Commit Graph

172 Commits

Author SHA1 Message Date
Sybren A. Stüvel
62542f0329 Rolled back some flask_login and g.current_user integration 
Setting flask_login.current_user ourselves was a bad idea, and messed up
flask_login's internal administration. Our code now just manages
g.current_user in these specific instances, which works fine.
 2017-08-30 12:39:46 +02:00
Sybren A. Stüvel
bdd603fb17 Using new UserClass instances everywhere: 
- No more direct access to g.current_user, unless unavoidable.
  - Using pillar.auth.current_user instead of g.current_user or
    flask_login.current_user.
  - p.a.current_user is never checked against None.
  - p.a.current_user.is_authenticated or is_anonymous is used, and never
    together with a negation (instead of 'not is_anon' use 'is_auth').
  - No more accessing current_user a a dict.
  - No more checks for admin role, use capability check instead.
 2017-08-29 11:34:48 +02:00
Francesco Siddi
6b3e523036 Remove Flask-OAuthlib and oauth_blender_id from Pillar 
We switch completely to a rauth-based approach, allowing multiple providers for authentication.
 2017-08-25 10:53:22 +02:00
Francesco Siddi
6e9a539d61 Fix typo 2017-08-25 10:52:52 +02:00
Francesco Siddi
23b856b073 Move Blender ID to extensible OAuth 
Also, added support for Google OAuth.
 2017-08-25 10:51:45 +02:00
Francesco Siddi
c827dc4ed2 Initial work to support multiple OAuth clients 2017-08-25 10:51:45 +02:00
Sybren A. Stüvel
b9ae4396e5 Orgs: show "My Organizations" in the user's menu 
This is shown only when the user is member of or administrator for one or
more organizations, otherwise it's hidden.
 2017-08-24 14:28:18 +02:00
Sybren A. Stüvel
be12bd7d99 Orgs: allow users to leave an organization 2017-08-24 14:28:18 +02:00
Sybren A. Stüvel
598b59c0c6 Orgs: gracefully handle 'not enough seats' error 2017-08-24 14:28:18 +02:00
Sybren A. Stüvel
1e1bd83baf Orgs: refresh all members' roles after org changed roles 2017-08-24 14:28:18 +02:00
Sybren A. Stüvel
f1edb901d1 Orgs: allow setting org admin via web interface / PATCH request 2017-08-24 14:28:18 +02:00
Sybren A. Stüvel
08294e2f14 Orgs: allow admins to set seat count and org_roles 2017-08-24 14:28:18 +02:00
Sybren A. Stüvel
4116357447 Orgs: some small fixes, mostly for stability / corner cases 2017-08-24 14:28:18 +02:00
Sybren A. Stüvel
e9cb235640 Added web interface for organizations. 
It looks like crap, but it allows you to edit the details and the members.
 2017-08-24 14:28:18 +02:00
Sybren A. Stüvel
64eab850c5 Orgs: pillar admins can always edit an organization 2017-08-24 14:28:17 +02:00
Sybren A. Stüvel
c6eebc4eae Orgs: allow setting location field by PATCH 2017-08-24 14:28:17 +02:00
Sybren A. Stüvel
1bd6e07fe2 Orgs: Allow adding individual known users by user ID. 
This is used for the selection by user search.
 2017-08-24 14:28:17 +02:00
Sybren A. Stüvel
1ad13d048f Some extra type safety checks 2017-08-24 14:28:17 +02:00
Sybren A. Stüvel
cfde720b1d Orgs: PATCH op to batch-add emails as members now strip()s emails 
It also refuses to add empty emails.
 2017-08-24 14:28:11 +02:00
Sybren A. Stüvel
5d17d892a4 Orgs: Use current_user() in PATCH handler 2017-08-24 14:28:02 +02:00
Sybren A. Stüvel
40172bf8b5 Orgs: Use create-organization capability to control access 
This is more explicit and future-proof than checking for admin cap.
 2017-08-24 14:27:52 +02:00
Sybren A. Stüvel
72404d0fd9 Handle registration of previously unknown organization members. 
When a new user is created, two things happen:
  - before inserting into MongoDB, the organizational roles are given
  - after inserting, the organizations are updated to move the user from
    `unknown_members` to `members`.
 2017-08-24 14:26:19 +02:00
Sybren A. Stüvel
b53d485960 Added access control to organizations Eve endpoints 2017-08-24 14:26:19 +02:00
Sybren A. Stüvel
cf51d1a280 Added utility function current_user() that acts like flask_login.current_user 
This actually returns an AnonymousUser object, instead of None, when the
user is not logged in.

For compatibility with existing code, this function doesn't set
g.current_user to that AnonymousUser instance. We may decide to do this
later.
 2017-08-24 14:26:19 +02:00
Sybren A. Stüvel
efc1890871 Added PATCH support for organizations 
With a PATCH request you can now:
  - assign users,
  - remove a user,
  - edit the name, description, and website fields.

Only the organization admin user can do this.
 2017-08-24 14:26:19 +02:00
Sybren A. Stüvel
93d534fe94 Added Organization Manager. 
This is a Flamenco/Attract-style Manager object that's instantiated by
the PillarApplication. It can create Organizations and assign/remove
users.

Also I updated the Organization schema to reflect the currently desired
design.

NOTA BENE: this does not include any security/authorisation checks on Eve's
organizations collection.
 2017-08-24 14:25:52 +02:00
Sybren A. Stüvel
87afbc52f6 Updated do_badger to take an optional set of roles. 
The 'role' parameter now must be passed as keyword arg instead of
positional arg. Either 'role' or 'roles' must be given.
 2017-08-23 08:59:23 +02:00
Francesco Siddi
15de24214a Decouple upload_and_process from stream_to_storage 
The stream_to_storage function is still quite large, and this is a first step at refactoring it. stream_to_storage can be used for files that are uploaded on the server without the /stream endpoint (for example downloaded from a link).
 2017-08-22 13:26:12 +02:00
Sybren A. Stüvel
2b09711eb0 Load user capabilities from Pillar config and allow extensions to extend. 
Default caps can be overridden using the USER_CAPABILITIES name in
config_local.py. These can be extended by Pillar Extensions.
 2017-08-22 11:31:17 +02:00
Sybren A. Stüvel
566f2a4835 Late-initialise CLI user & late-import UserClass class 
This may fix some unit tests issues.
 2017-08-22 09:41:38 +02:00
Sybren A. Stüvel
575a7ed1a7 Introduced role-based capability system. 
It's still rather limited and hard-coded, but it works.
 2017-08-18 14:47:42 +02:00
Sybren A. Stüvel
566a23d3b6 Unified user representation for web and API calls 
Both approaches now use a pillar.auth.UserClass instance. g.current_user
is now always set to that instance, even for web entry points.

This UserClass instance can still be keyed like the old dict, but this is
for temporary compatibility and shouldn't be relied on in new or touched
code.
 2017-08-18 13:19:34 +02:00
Francesco Siddi
b3aee6c8bc Introducing new types of projects 
We reorganized training projects into courses and workshops. Project types should be expandable by extensions to avoid this kind of changes.
 2017-07-26 16:55:02 +02:00
Francesco Siddi
502e494083 Clean up local login 
Use generate_and_store_token and get_local_user directly instead of the /make-token endpoint.
 2017-07-14 21:41:40 +02:00
Francesco Siddi
e752a5dc87 On new project creation, use the backend storage set in config 2017-07-14 12:04:24 +02:00
Sybren A. Stüvel
bd13d89817 Added permission check to DELETE of nodes. 2017-07-13 17:29:46 +02:00
Sybren A. Stüvel
f3e79bcfb5 Formatting 2017-07-11 12:56:40 +02:00
Sybren A. Stüvel
b04abef20f Also push user to Algolia when its role changes through the badger 
This may cause some superfluous pushes, though.
 2017-07-11 12:56:32 +02:00
Sybren A. Stüvel
73d4a77881 Role change blinker: make comparison set-based 
This makes it impervious to changes in order and duplicate roles.
 2017-07-11 12:17:06 +02:00
Sybren A. Stüvel
6e6ea6082d Renamed _attachments_embedded_schema to attachments_embedded_schema 
It's used in multiple files, and thus shouldn't be marked as 'private'.
 2017-06-16 12:39:51 +02:00
Sybren A. Stüvel
50108201cf Removed 'content' property from page node type 
... because it doesn't work when it's there.
 2017-06-16 12:38:51 +02:00
Sybren A. Stüvel
964526924d Save thumbnails with explicit quality setting. 
This should have been the default value anyway, but T49477 looks like it
may not be. This should solve that.
 2017-06-15 16:56:23 +02:00
Sybren A. Stüvel
8e02de32ab Pillar Extensions can now determine which user roles to index in Algola 2017-06-15 11:31:48 +02:00
Sybren A. Stüvel
73c5032a48 Convert timezone, not replace it 2017-06-14 12:06:20 +02:00
Sybren A. Stüvel
263c274774 Allow indexing of flamenco-user role. 
Role handling should be refactored so that extensions can also declare
roles, and whether they should be pushed to Algolia or not.
 2017-06-08 11:34:53 +02:00
Sybren A. Stüvel
1ce4654673 Autodetect timestamp format in Blender ID token expiry. 
The new Blender ID uses a different timestamp format than the old one.
We can alter Blender ID, but using the ISO 8601 is a good idea anyway.
 2017-06-07 09:00:51 +02:00
Sybren A. Stüvel
c2bc52718a Fixed string formatting in exception raising 2017-06-06 17:35:56 +02:00
Sybren A. Stüvel
1c566c6259 Fixed bug in GoogleCloudStorageBlob.exists() 2017-06-06 16:35:14 +02:00
Sybren A. Stüvel
2ad8c5186c Storage backends: added exists() method 
This method returns whether the file exists on the backend.
 2017-06-06 15:33:05 +02:00
Sybren A. Stüvel
878bf22695 Migrated Algolia push/delete of nodes to Celery background tasks. 2017-06-02 10:44:37 +02:00