72404d0fd9
Handle registration of previously unknown organization members.
...
When a new user is created, two things happen:
- before inserting into MongoDB, the organizational roles are given
- after inserting, the organizations are updated to move the user from
`unknown_members` to `members`.
2017-08-24 14:26:19 +02:00
b53d485960
Added access control to organizations Eve endpoints
2017-08-24 14:26:19 +02:00
cf51d1a280
Added utility function current_user() that acts like flask_login.current_user
...
This actually returns an AnonymousUser object, instead of None, when the
user is not logged in.
For compatibility with existing code, this function doesn't set
g.current_user to that AnonymousUser instance. We may decide to do this
later.
2017-08-24 14:26:19 +02:00
efc1890871
Added PATCH support for organizations
...
With a PATCH request you can now:
- assign users,
- remove a user,
- edit the name, description, and website fields.
Only the organization admin user can do this.
2017-08-24 14:26:19 +02:00
93d534fe94
Added Organization Manager.
...
This is a Flamenco/Attract-style Manager object that's instantiated by
the PillarApplication. It can create Organizations and assign/remove
users.
Also I updated the Organization schema to reflect the currently desired
design.
NOTA BENE: this does not include any security/authorisation checks on Eve's
organizations collection.
2017-08-24 14:25:52 +02:00
87afbc52f6
Updated do_badger to take an optional set of roles.
...
The 'role' parameter now must be passed as keyword arg instead of
positional arg. Either 'role' or 'roles' must be given.
2017-08-23 08:59:23 +02:00
15de24214a
Decouple upload_and_process from stream_to_storage
...
The stream_to_storage function is still quite large, and this is a first step at refactoring it. stream_to_storage can be used for files that are uploaded on the server without the /stream endpoint (for example downloaded from a link).
2017-08-22 13:26:12 +02:00
2b09711eb0
Load user capabilities from Pillar config and allow extensions to extend.
...
Default caps can be overridden using the USER_CAPABILITIES name in
config_local.py. These can be extended by Pillar Extensions.
2017-08-22 11:31:17 +02:00
566f2a4835
Late-initialise CLI user & late-import UserClass class
...
This may fix some unit tests issues.
2017-08-22 09:41:38 +02:00
575a7ed1a7
Introduced role-based capability system.
...
It's still rather limited and hard-coded, but it works.
2017-08-18 14:47:42 +02:00
566a23d3b6
Unified user representation for web and API calls
...
Both approaches now use a pillar.auth.UserClass instance. g.current_user
is now always set to that instance, even for web entry points.
This UserClass instance can still be keyed like the old dict, but this is
for temporary compatibility and shouldn't be relied on in new or touched
code.
2017-08-18 13:19:34 +02:00
b3aee6c8bc
Introducing new types of projects
...
We reorganized training projects into courses and workshops. Project types should be expandable by extensions to avoid this kind of changes.
2017-07-26 16:55:02 +02:00
502e494083
Clean up local login
...
Use generate_and_store_token and get_local_user directly instead of the /make-token endpoint.
2017-07-14 21:41:40 +02:00
e752a5dc87
On new project creation, use the backend storage set in config
2017-07-14 12:04:24 +02:00
bd13d89817
Added permission check to DELETE of nodes.
2017-07-13 17:29:46 +02:00
f3e79bcfb5
Formatting
2017-07-11 12:56:40 +02:00
b04abef20f
Also push user to Algolia when its role changes through the badger
...
This may cause some superfluous pushes, though.
2017-07-11 12:56:32 +02:00
73d4a77881
Role change blinker: make comparison set-based
...
This makes it impervious to changes in order and duplicate roles.
2017-07-11 12:17:06 +02:00
6e6ea6082d
Renamed _attachments_embedded_schema to attachments_embedded_schema
...
It's used in multiple files, and thus shouldn't be marked as 'private'.
2017-06-16 12:39:51 +02:00
50108201cf
Removed 'content' property from page node type
...
... because it doesn't work when it's there.
2017-06-16 12:38:51 +02:00
964526924d
Save thumbnails with explicit quality setting.
...
This should have been the default value anyway, but T49477 looks like it
may not be. This should solve that.
2017-06-15 16:56:23 +02:00
8e02de32ab
Pillar Extensions can now determine which user roles to index in Algola
2017-06-15 11:31:48 +02:00
73c5032a48
Convert timezone, not replace it
2017-06-14 12:06:20 +02:00
263c274774
Allow indexing of flamenco-user role.
...
Role handling should be refactored so that extensions can also declare
roles, and whether they should be pushed to Algolia or not.
2017-06-08 11:34:53 +02:00
1ce4654673
Autodetect timestamp format in Blender ID token expiry.
...
The new Blender ID uses a different timestamp format than the old one.
We can alter Blender ID, but using the ISO 8601 is a good idea anyway.
2017-06-07 09:00:51 +02:00
c2bc52718a
Fixed string formatting in exception raising
2017-06-06 17:35:56 +02:00
1c566c6259
Fixed bug in GoogleCloudStorageBlob.exists()
2017-06-06 16:35:14 +02:00
2ad8c5186c
Storage backends: added exists() method
...
This method returns whether the file exists on the backend.
2017-06-06 15:33:05 +02:00
878bf22695
Migrated Algolia push/delete of nodes to Celery background tasks.
2017-06-02 10:44:37 +02:00
e7d268bde6
Algolia: Use Celery to push user updates in a background task.
2017-06-02 10:44:37 +02:00
f152521041
Algolia user push: simplified & streamlined the code a bit.
2017-06-02 10:44:37 +02:00
2c78697e80
Pass extension pages to all extensions' "project settings" pages.
2017-05-31 10:35:49 +02:00
add1c8b9b3
Make ROLES_FOR_COMMENT_VOTING a config value
...
This way we can override it when extending Pillar for other projects that might not require the 'subscriber' or 'demo' roles.
2017-05-28 19:04:11 +02:00
85922f4493
Fix to support missing roles key in user
2017-05-24 19:42:44 +02:00
10c584daab
Skip user indexing if user has service group
2017-05-24 18:11:36 +02:00
85b6ff2d7f
Use str2id(x) instead of ObjectId(x)
...
The latter produces an internal server error if 'x' is not a valid ObjectId,
whereas the fromer produces a 400 Bad Request.
2017-05-24 16:31:15 +02:00
5e721c61b9
Added function to easily remove someone from a group.
2017-05-24 10:56:53 +02:00
38df6e873b
Extracted function to generate authentication tokens for service accounts.
2017-05-19 12:02:00 +02:00
50d62f17b8
Allow specification of full name when creating service account
2017-05-18 15:46:02 +02:00
c12b646b09
More logging in PATCH handler
2017-05-18 15:46:02 +02:00
cbe182a298
Gravatar: support None email addresses
2017-05-18 15:46:02 +02:00
59a95450e5
Updated Eve, Flask, and Werkzeug. Adjusted code to make Pillar work again.
...
Eve : 0.6.3 → 0.7.3
Flask : 0.10.1 → 0.12.2
Werkzeug: 0.11.10 → 0.11.15
Also updated some secondary requirements.
2017-05-18 15:46:02 +02:00
ad9a981cda
Added p.a.users.add_user_to_group() function
2017-05-12 13:55:55 +02:00
7c5aef033d
Some more checks on p.a.project.utils.get_admin_group_id()
2017-05-12 13:55:55 +02:00
c66a6e67c8
Added p.a.project.utils.user_rights_in_project()
...
This returns the allowed HTTP method for the current user in the given
project. This is used for access control on Flamenco, for example.
2017-05-10 12:09:48 +02:00
a139e8c41a
Added p.a.projects.utils.get_admin_group_id()
2017-05-10 12:09:09 +02:00
ee7af393a0
Use annotations to declare types (instead of docstring)
2017-05-10 12:08:45 +02:00
319f815985
Some more logging in pillar.api.blender_cloud.subscription.update_subscription
2017-05-10 12:04:34 +02:00
c77a6b9d21
More logging in pillar.api.service.do_badger()
2017-05-10 11:15:29 +02:00
c854ccbb4b
Generic PATCH handler class.
...
A class-based approach is easier to extend than the function-based approach
used in the nodes. That one is still there, though -- might look at it
at a later time. This handler is primarily for Flamenco.
2017-05-09 14:08:35 +02:00
