Previously it was saved without quotes, which resulted in incorrect
filename display in Firefox. Also, file extension was deduced from the
file_format, while now we deduce it from the original filename (if not
already specified in the asset name).
Anonymous users can now obtain full_name and email fields from any
user. Authenticated users can also obtain those fields from other
users, and all info about themselves.
- Admins can PUT everything
- Users can only PUT themselves
- The 'auth' field is always taken from the original, and never overwritten
by the PUT. It can be missing from the request, so you can GET and then
PUT the same data.
- Nobody can POST or DELETE users
This also updates Cerberus to 0.9.2 and simplejson to 3.8.2.
I've also changed the way we get to the application object, by replacing
from application import app
with
from flask import current_app
Certain fields are limited for subscribers. Also, subscribers are checked
against the project permissions.
Users with the 'admin' role can edit all fields, on any project.
This gives us much more concrete information when a test fails.
Note that this info is generally put into the HTTP response data,
and not logged to any logger.
Instead of using default permissions (with only write access by admin
group), we now copy the project permissions. Then, for everyone who
has PUT access, DELETE on the node is also allowed.
SCST tokens are now stored in the 'tokens' table.
This unifies old token handling and new subclient-specific tokens.
Also ensures the BlenderID expiry of the token is taken into account.
Removes use of httpretty, in favour of responses.
WARNING: make a backup copy of your local config.py before pulling
this change, as Git will overwrite it without warning.
The configuration defaults to deployment settings, allowing overrides.
Overrides are read from config_local.py and from the file pointed to
by the PILLAR_CONFIG env var.
