This removes the ability of updating service accounts through the CLI
(something we never used anyway), now that service accounts cannot be
uniquely identified by their email address.
The user isn't logged out until the new user logs in. This allows you to
click on "Log in as different user", hit the back button, and still be
logged in.
This message was "flashed" (http://flask.pocoo.org/docs/0.12/patterns/flashing/)
by Flask-Login. This happens on every unauthorised request, so also on
AJAX requests (like for the notifications). As a result, a user could be
spammed by a screen full of these messages if they left their window open
and their session timed out.
A PUT request on /api/user/{user-id} by the user themselves would allow
too much, and would allow self-granting of roles (including admin),
group membership (so join any arbitrary project) and pretend to be
service accounts.
Videos that are larger than 1920x1080 pixels are scaled down so that they
fit that size. Care is taken to keep the width a multiple of 16 pixels and
the height a multiple of 8.
- upgraded vrviewer to latest master (ffbc9ff4bf0c550cc79003ec188ca16e9e83c31e)
- added some notes on how to upgrade to the readme
- added support for setting default yaw angle
- added support for float properties
- Moved pillar.api.utils.{gcs,storage} to pillar.api.file_storage_backends
- Implemented GCS and local storage using abstract Bucket and Blob classes
- Removed file processing from the Blob class, and kept it in the
file_storage/__init__.py class. That way storage and processing are
kept separate.
Hashing of string object doesn't work. Also added a deprecation warning
that pillar.api.utils.gravatar should be used; pillar.web.utils.gravatar
is just a copy.
Switched from Sybren's RSA library to the new stdlib module 'secrets' to
generate secret tokens. This also means that the rsa library was demoted
to secondary requirement.
These changes mostly revolve around the change in ObjectId constructor
when running on Python 3.6. Where on 2.7 the constructor would accept
12- and 24-byte strings, now only 12-byte bytes and 24-character strings
are accepted. Good thing, but required some changes in our code.
Other changes include hashing of strings, which isn't supported, so they
are converted to bytes first, and sometimes converted back afterwards.
Python 3 supports 'namespace packages', and thus can see a directory
without __init__.py as something importable. This caused a name conflict,
since there were both the file static.py and the dir static.
The 'manual fixups' are:
- incorrect use of dict.items() where dict.iteritems() was meant; this
results in list(dict.items()), which I changed to dict.items().
- removal of 'from __future__ import' lines, which 2to3 changes into
empty lines; I removed the empty lines.
Hashing of string object doesn't work. Also added a deprecation warning
that pillar.api.utils.gravatar should be used; pillar.web.utils.gravatar
is just a copy.
Switched from Sybren's RSA library to the new stdlib module 'secrets' to
generate secret tokens. This also means that the rsa library was demoted
to secondary requirement.
These changes mostly revolve around the change in ObjectId constructor
when running on Python 3.6. Where on 2.7 the constructor would accept
12- and 24-byte strings, now only 12-byte bytes and 24-character strings
are accepted. Good thing, but required some changes in our code.
Other changes include hashing of strings, which isn't supported, so they
are converted to bytes first, and sometimes converted back afterwards.
Python 3 supports 'namespace packages', and thus can see a directory
without __init__.py as something importable. This caused a name conflict,
since there were both the file static.py and the dir static.
