fb0629dcb0
Make logging less verbose for blender_id in production
2016-05-03 15:19:29 +02:00
80919dacb3
New add_license_props in manage.py
2016-05-03 14:47:33 +02:00
d0d8b7d11d
Added missing unit test for content type overrides.
2016-05-03 11:23:26 +02:00
0389b05b14
Save temporary files in STORAGE_DIR
...
This makes it trivial to save uploaded files to STORAGE_DIR, as the
temporary files Flask saves them in are already there.
2016-05-03 11:22:54 +02:00
0580d3fa65
Removed some whitespace
2016-05-03 11:11:36 +02:00
54a2176d7c
Override browser-given content type for certain types.
...
If the browser gives us audio/xxx, video/xxx or image/xxx, we just use
it. Otherwise the mimetypes package is used to guess the mime type
based on the file's extension.
Also ensures the content type of the file is updated in MongoDB. Does
NOT update any nodes that link to this file.
2016-05-03 10:57:56 +02:00
950a12048b
More and more and more projections and embeddings
2016-05-02 19:46:05 +02:00
d4e5fab087
Moar projections!
2016-05-02 19:42:35 +02:00
eaa67d1271
Embed comment parents
2016-05-02 19:17:26 +02:00
b18675e746
New projects are marked private by default.
2016-05-02 19:07:31 +02:00
a216e5c00d
Special entry points for getting latest assets etc. from public projects.
2016-05-02 19:07:21 +02:00
3e8494e3bf
Use soft-delete for nodes
2016-05-02 17:06:59 +02:00
b9367f9944
Removed node_types Eve collection
2016-05-02 17:05:21 +02:00
445bf601dc
Don't double-x mime types
2016-05-02 17:04:18 +02:00
6394d83da2
Prevent video processing for non-admin users.
2016-05-02 16:21:06 +02:00
b4327f22e8
Disallow node status 'deleted' for node type asset
2016-05-02 15:57:26 +02:00
6c7ad6f6f0
Marked Flask as primary requirement.
2016-05-02 15:38:02 +02:00
24c5936751
Fetch the new etag after updating file links.
...
It's stupid and goes to MongoDB again, but it works for now.
2016-05-02 15:38:02 +02:00
42ff638b48
Allow cross-site requests
...
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
2016-05-02 15:37:58 +02:00
57375bd0c4
Gracefully handle bad ObjectId passed on URL
2016-05-02 13:23:52 +02:00
53aa0dae3b
Deducting asset node content type from file content type.
2016-05-02 12:30:52 +02:00
32ad39aeb1
Moved node management to modules/node.py
...
No semantic changes, all should work identically as before.
2016-05-02 11:35:17 +02:00
681754eade
Removed some obsolete unit tests.
2016-05-02 11:13:19 +02:00
20ed580e21
Renaming hash-mp4.mp4 to hash-720p-mp4 (and similar things)
...
This requires an additional rename step after Zencoder does its thing,
as before that we don't know the frame size of the video.
2016-05-02 11:13:19 +02:00
92970d5b6a
Filename hashing on GCS
2016-05-02 11:13:19 +02:00
401bfeea98
File streaming to Google Cloud Storage
...
Also simplifies some code since we're only going to support GCS.
2016-05-02 11:13:19 +02:00
7aefed22d4
Using unused parameter
2016-05-02 11:13:19 +02:00
060590213e
Made GCLOUD_PROJECT a 'secret' config key.
...
This prevents developers (like me) from accidentally using the production
GCS project.
2016-05-02 11:13:19 +02:00
9e2664fe20
Ignore google_app.json, as it should never be committed.
2016-05-02 11:13:19 +02:00
0652762d3a
Disable order and notes visibility for asset and group
2016-04-29 15:44:08 +02:00
cffe678ca3
Default settings for basic node_types
2016-04-29 15:22:11 +02:00
aebbe019b5
Limit default node_types to group, asset and comment
2016-04-29 15:17:38 +02:00
a919792f5a
Fix for extension and filename storage
...
Previously it was saved without quotes, which resulted in incorrect
filename display in Firefox. Also, file extension was deduced from the
file_format, while now we deduce it from the original filename (if not
already specified in the asset name).
2016-04-29 14:37:57 +02:00
6673e31675
Skip indexing of nodes of a private project
2016-04-29 13:37:01 +02:00
fbbe54d374
New add_group_to_projects in manage.py
...
Prototype to add a specific group, in read-only mode, to all standard
node_types for all projects.
2016-04-27 10:43:31 +02:00
cf203b04f8
Be less secretive about users; allow limited anonymous /users/id access.
...
Anonymous users can now obtain full_name and email fields from any
user. Authenticated users can also obtain those fields from other
users, and all info about themselves.
2016-04-26 17:27:56 +02:00
d5c2df371a
Small test change: do as little as possible in an app test context.
2016-04-26 12:38:44 +02:00
e600d87592
Secure write access to /users endpoint
...
- Admins can PUT everything
- Users can only PUT themselves
- The 'auth' field is always taken from the original, and never overwritten
by the PUT. It can be missing from the request, so you can GET and then
PUT the same data.
- Nobody can POST or DELETE users
2016-04-26 12:38:44 +02:00
5c04cdbd6e
Secure read access to /users endpoint.
...
- auth field is never returned
- unauthenticated access is rejected
- non-admin users can only access themselves
2016-04-26 12:38:44 +02:00
410cd1fd4c
Moved user-related code from application to modules/users.py
2016-04-26 12:38:44 +02:00
c45ac153e2
Added bcrypt to requirements.txt
2016-04-26 12:38:44 +02:00
2a2d35827c
Added local accounts
2016-04-26 12:34:16 +02:00
aa47c2b4a6
Allow overriding Eve settings from env in test
...
Environment variables for Eve settings are now used in unit tests.
2016-04-26 12:34:16 +02:00
974f135e63
Measure unit test coverage.
...
Coverage is reported with py.test, and also "Run unit tests in ... with
coverage" is now supported in PyCharm.
2016-04-25 16:43:09 +02:00
c83f64d36f
Allow deletion of projects by members of its admin group.
2016-04-25 16:41:57 +02:00
31e802619e
Support soft-deleting projects.
...
See http://python-eve.org/features.html#soft-delete for more info.
2016-04-25 16:14:05 +02:00
5116b74d1d
Updated Eve to 0.6.3
...
This also updates Cerberus to 0.9.2 and simplejson to 3.8.2.
I've also changed the way we get to the application object, by replacing
from application import app
with
from flask import current_app
2016-04-25 16:14:05 +02:00
a6258f5193
Limit project editing for subscribers.
...
Certain fields are limited for subscribers. Also, subscribers are checked
against the project permissions.
Users with the 'admin' role can edit all fields, on any project.
2016-04-25 16:14:05 +02:00
4edb8cfd39
Ensure that the returned project contains the correct etag.
...
The etag of the post_internal response was used, which is NOT the
same as the etag of the project document itself.
2016-04-25 16:14:05 +02:00
5c590c4dc4
Put Eve in debug mode when unittesting.
...
This gives us much more concrete information when a test fails.
Note that this info is generally put into the HTTP response data,
and not logged to any logger.
2016-04-25 16:14:05 +02:00
