archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity
403 Commits 12 Branches 2 Tags
Commit Graph

12 Commits

Author SHA1 Message Date
Sybren A. Stüvel
899497b3b1 Implemented merging of permissions. 
Permissions are now merged between project, node type and node, instead
of having the lower-level permissions override the higher-level
permissions.
 2016-05-06 18:15:50 +02:00
Sybren A. Stüvel
cf203b04f8 Be less secretive about users; allow limited anonymous /users/id access. 
Anonymous users can now obtain full_name and email fields from any
user. Authenticated users can also obtain those fields from other
users, and all info about themselves.
 2016-04-26 17:27:56 +02:00
Sybren A. Stüvel
e600d87592 Secure write access to /users endpoint 
- Admins can PUT everything
- Users can only PUT themselves
- The 'auth' field is always taken from the original, and never overwritten
  by the PUT. It can be missing from the request, so you can GET and then
  PUT the same data.
- Nobody can POST or DELETE users
 2016-04-26 12:38:44 +02:00
Sybren A. Stüvel
5c04cdbd6e Secure read access to /users endpoint. 
- auth field is never returned
- unauthenticated access is rejected
- non-admin users can only access themselves
 2016-04-26 12:38:44 +02:00
Sybren A. Stüvel
4b9dd29ad5 Added /p/create entry point to create new projects. 
This requires the user to be logged in. The project will be owned by that
user.
 2016-04-19 16:50:46 +02:00
Sybren A. Stüvel
d808b76d65 Store is_subclient_token bool in token collection. 2016-04-15 16:27:24 +02:00
Sybren A. Stüvel
66eeb25529 Unify tokens and subclient tokens 
SCST tokens are now stored in the 'tokens' table.
This unifies old token handling and new subclient-specific tokens.
Also ensures the BlenderID expiry of the token is taken into account.

Removes use of httpretty, in favour of responses.
 2016-04-13 15:33:54 +02:00
Sybren A. Stüvel
aeee165ad8 subclient tokens: bugfix & return proper data. 
Also introduces responses, as an alternative to httpretty (it works
better).
 2016-04-12 15:24:50 +02:00
Sybren A. Stüvel
d7ee2121d9 Renamed some test_xxx files to common_test_xxx.py 
Those files contain stuff for tests, but don't contain tests themselves.
 2016-03-25 16:05:36 +01:00
Sybren A. Stüvel
adb4f5b39e Added unittests for caching of file links. 
Also converted test_auth.py to use the new AbstractPillarTest class.
This class ensures that we test against the testing database, which
is dropped at every setUp()/tearDown().
 2016-03-25 15:57:17 +01:00
Sybren A. Stüvel
d4ed335273 Overriding app.config in unittest. 
We may need something better structured in the future to handle
test configuration, but at least this gets the one test we have
running.
 2016-03-25 12:22:31 +01:00
Sybren A. Stüvel
ebcb6bc5f8 Added setup.py to allow automated testing. 
Also moved the tests directory to top-level, as they shouldn't be part
of the pillar directory.
 2016-03-25 11:46:01 +01:00