Instead of the additional 'is_private' field, we now just use
the permission system and set/remove world GET permissions.
'is_private' is still kept for backward compatibility and possibly
easy querying for public projects, and is always set based on
world GET permissions.
Manage users of a project. In this initial implementation, we handle
addition and removal of a user to the admin group of a project. No
changes are done on the project itself.
If the browser gives us audio/xxx, video/xxx or image/xxx, we just use
it. Otherwise the mimetypes package is used to guess the mime type
based on the file's extension.
Also ensures the content type of the file is updated in MongoDB. Does
NOT update any nodes that link to this file.
Previously it was saved without quotes, which resulted in incorrect
filename display in Firefox. Also, file extension was deduced from the
file_format, while now we deduce it from the original filename (if not
already specified in the asset name).
Anonymous users can now obtain full_name and email fields from any
user. Authenticated users can also obtain those fields from other
users, and all info about themselves.
- Admins can PUT everything
- Users can only PUT themselves
- The 'auth' field is always taken from the original, and never overwritten
by the PUT. It can be missing from the request, so you can GET and then
PUT the same data.
- Nobody can POST or DELETE users
This also updates Cerberus to 0.9.2 and simplejson to 3.8.2.
I've also changed the way we get to the application object, by replacing
from application import app
with
from flask import current_app
Certain fields are limited for subscribers. Also, subscribers are checked
against the project permissions.
Users with the 'admin' role can edit all fields, on any project.
