08294e2f14
Orgs: allow admins to set seat count and org_roles
2017-08-24 14:28:18 +02:00
4116357447
Orgs: some small fixes, mostly for stability / corner cases
2017-08-24 14:28:18 +02:00
e9cb235640
Added web interface for organizations.
...
It looks like crap, but it allows you to edit the details and the members.
2017-08-24 14:28:18 +02:00
64eab850c5
Orgs: pillar admins can always edit an organization
2017-08-24 14:28:17 +02:00
c6eebc4eae
Orgs: allow setting location field by PATCH
2017-08-24 14:28:17 +02:00
1bd6e07fe2
Orgs: Allow adding individual known users by user ID.
...
This is used for the selection by user search.
2017-08-24 14:28:17 +02:00
1ad13d048f
Some extra type safety checks
2017-08-24 14:28:17 +02:00
cfde720b1d
Orgs: PATCH op to batch-add emails as members now strip()s emails
...
It also refuses to add empty emails.
2017-08-24 14:28:11 +02:00
5d17d892a4
Orgs: Use current_user() in PATCH handler
2017-08-24 14:28:02 +02:00
40172bf8b5
Orgs: Use create-organization capability to control access
...
This is more explicit and future-proof than checking for admin cap.
2017-08-24 14:27:52 +02:00
72404d0fd9
Handle registration of previously unknown organization members.
...
When a new user is created, two things happen:
- before inserting into MongoDB, the organizational roles are given
- after inserting, the organizations are updated to move the user from
`unknown_members` to `members`.
2017-08-24 14:26:19 +02:00
b53d485960
Added access control to organizations Eve endpoints
2017-08-24 14:26:19 +02:00
cf51d1a280
Added utility function current_user() that acts like flask_login.current_user
...
This actually returns an AnonymousUser object, instead of None, when the
user is not logged in.
For compatibility with existing code, this function doesn't set
g.current_user to that AnonymousUser instance. We may decide to do this
later.
2017-08-24 14:26:19 +02:00
efc1890871
Added PATCH support for organizations
...
With a PATCH request you can now:
- assign users,
- remove a user,
- edit the name, description, and website fields.
Only the organization admin user can do this.
2017-08-24 14:26:19 +02:00
93d534fe94
Added Organization Manager.
...
This is a Flamenco/Attract-style Manager object that's instantiated by
the PillarApplication. It can create Organizations and assign/remove
users.
Also I updated the Organization schema to reflect the currently desired
design.
NOTA BENE: this does not include any security/authorisation checks on Eve's
organizations collection.
2017-08-24 14:25:52 +02:00
87afbc52f6
Updated do_badger to take an optional set of roles.
...
The 'role' parameter now must be passed as keyword arg instead of
positional arg. Either 'role' or 'roles' must be given.
2017-08-23 08:59:23 +02:00
15de24214a
Decouple upload_and_process from stream_to_storage
...
The stream_to_storage function is still quite large, and this is a first step at refactoring it. stream_to_storage can be used for files that are uploaded on the server without the /stream endpoint (for example downloaded from a link).
2017-08-22 13:26:12 +02:00
2b09711eb0
Load user capabilities from Pillar config and allow extensions to extend.
...
Default caps can be overridden using the USER_CAPABILITIES name in
config_local.py. These can be extended by Pillar Extensions.
2017-08-22 11:31:17 +02:00
566f2a4835
Late-initialise CLI user & late-import UserClass class
...
This may fix some unit tests issues.
2017-08-22 09:41:38 +02:00
575a7ed1a7
Introduced role-based capability system.
...
It's still rather limited and hard-coded, but it works.
2017-08-18 14:47:42 +02:00
566a23d3b6
Unified user representation for web and API calls
...
Both approaches now use a pillar.auth.UserClass instance. g.current_user
is now always set to that instance, even for web entry points.
This UserClass instance can still be keyed like the old dict, but this is
for temporary compatibility and shouldn't be relied on in new or touched
code.
2017-08-18 13:19:34 +02:00
b3aee6c8bc
Introducing new types of projects
...
We reorganized training projects into courses and workshops. Project types should be expandable by extensions to avoid this kind of changes.
2017-07-26 16:55:02 +02:00
502e494083
Clean up local login
...
Use generate_and_store_token and get_local_user directly instead of the /make-token endpoint.
2017-07-14 21:41:40 +02:00
e752a5dc87
On new project creation, use the backend storage set in config
2017-07-14 12:04:24 +02:00
bd13d89817
Added permission check to DELETE of nodes.
2017-07-13 17:29:46 +02:00
f3e79bcfb5
Formatting
2017-07-11 12:56:40 +02:00
b04abef20f
Also push user to Algolia when its role changes through the badger
...
This may cause some superfluous pushes, though.
2017-07-11 12:56:32 +02:00
73d4a77881
Role change blinker: make comparison set-based
...
This makes it impervious to changes in order and duplicate roles.
2017-07-11 12:17:06 +02:00
6e6ea6082d
Renamed _attachments_embedded_schema to attachments_embedded_schema
...
It's used in multiple files, and thus shouldn't be marked as 'private'.
2017-06-16 12:39:51 +02:00
50108201cf
Removed 'content' property from page node type
...
... because it doesn't work when it's there.
2017-06-16 12:38:51 +02:00
964526924d
Save thumbnails with explicit quality setting.
...
This should have been the default value anyway, but T49477 looks like it
may not be. This should solve that.
2017-06-15 16:56:23 +02:00
8e02de32ab
Pillar Extensions can now determine which user roles to index in Algola
2017-06-15 11:31:48 +02:00
73c5032a48
Convert timezone, not replace it
2017-06-14 12:06:20 +02:00
263c274774
Allow indexing of flamenco-user role.
...
Role handling should be refactored so that extensions can also declare
roles, and whether they should be pushed to Algolia or not.
2017-06-08 11:34:53 +02:00
1ce4654673
Autodetect timestamp format in Blender ID token expiry.
...
The new Blender ID uses a different timestamp format than the old one.
We can alter Blender ID, but using the ISO 8601 is a good idea anyway.
2017-06-07 09:00:51 +02:00
c2bc52718a
Fixed string formatting in exception raising
2017-06-06 17:35:56 +02:00
1c566c6259
Fixed bug in GoogleCloudStorageBlob.exists()
2017-06-06 16:35:14 +02:00
2ad8c5186c
Storage backends: added exists() method
...
This method returns whether the file exists on the backend.
2017-06-06 15:33:05 +02:00
878bf22695
Migrated Algolia push/delete of nodes to Celery background tasks.
2017-06-02 10:44:37 +02:00
e7d268bde6
Algolia: Use Celery to push user updates in a background task.
2017-06-02 10:44:37 +02:00
f152521041
Algolia user push: simplified & streamlined the code a bit.
2017-06-02 10:44:37 +02:00
2c78697e80
Pass extension pages to all extensions' "project settings" pages.
2017-05-31 10:35:49 +02:00
add1c8b9b3
Make ROLES_FOR_COMMENT_VOTING a config value
...
This way we can override it when extending Pillar for other projects that might not require the 'subscriber' or 'demo' roles.
2017-05-28 19:04:11 +02:00
85922f4493
Fix to support missing roles key in user
2017-05-24 19:42:44 +02:00
10c584daab
Skip user indexing if user has service group
2017-05-24 18:11:36 +02:00
85b6ff2d7f
Use str2id(x) instead of ObjectId(x)
...
The latter produces an internal server error if 'x' is not a valid ObjectId,
whereas the fromer produces a 400 Bad Request.
2017-05-24 16:31:15 +02:00
5e721c61b9
Added function to easily remove someone from a group.
2017-05-24 10:56:53 +02:00
38df6e873b
Extracted function to generate authentication tokens for service accounts.
2017-05-19 12:02:00 +02:00
50d62f17b8
Allow specification of full name when creating service account
2017-05-18 15:46:02 +02:00
c12b646b09
More logging in PATCH handler
2017-05-18 15:46:02 +02:00
