Commit Graph

1206 Commits

Author SHA1 Message Date
c9789f46db {iframe} shortcode no longer requires cap=xxx 2018-04-04 15:44:52 +02:00
1ba1da49c3 Pass positional arguments to attachment render functions
This allows handling `{attachment slug link}` as a synonym for
`{attachment slug link=self}`.
2018-04-03 15:42:47 +02:00
a71de3a727 Added link to shortcodes documentation
https://pillarframework.org/shortcodes/
2018-04-03 14:43:47 +02:00
67e8e7c082 Disallow spaces in attachment slugs
Slugs shouldn't have spaces. It also interferes with using slugs in
shortcodes.
2018-04-03 13:59:31 +02:00
cbb5d546ef Fixed CLI cmd upgrade_attachment_schema
It didn't add the {'coerce': 'markdown'}, which caused the
upgrade_attachment_usage CLI command to skip 'upgraded' nodes.
2018-04-03 12:49:34 +02:00
a86920fc73 Disallow spaces in attachment slugs 2018-04-03 12:24:42 +02:00
14b31174dc Fixes to upgrade_attachment_schema() for URL-less projects 2018-04-03 11:47:18 +02:00
3b452d14ce Render attachments with shortcodes rather than slugs
The attachments should now be rendered using `{attachment slug}` instead
of `@[slug]`. The `link` attribute can be specified in the shortcode
(for attachments that support it), rather than in the attachment itself.

The attachment subdocument is now reduced to `{oid: File ObjectID}`, and
nodes without attachments should NOT have an `attachment` property at
all (previously it would be an empty dict). This makes querying for
nodes with/out attachments easier.

The CLI command `upgrade_attachment_schema` can do dry-run and remove
empty attachments:

- Added --go to actually perform the database changes.
- Remove empty attachments, so that a node either has one or more
  attachments or no attachments sub-document at all.

The CLI command `upgrade_attachment_usage` converts `@[slug]` to
`{attachment slug}`. It also takes into account 'link' and 'link_custom'
fields on the attachment. After conversion those fields are removed from
the attachment itself.

Simplified maintentance CLI commands that iterate over all projects:
I've moved the common approach (either run on one project or all of
them, skipping deleted ones, giving a message upon dry-run, and showing
duration of the command) to a new _db_projects() function. The new
function is now used by two recently-touched CLI commands; more of them
could be migrated to use this.
2018-04-03 10:59:20 +02:00
f4e0b9185b Shortcodes for YouTube and iframes
Added shortcodes 2.5.0 as dependency; Earlier versions corrupted
non-ASCII characters, see
https://github.com/dmulholland/shortcodes/issues/6

The rendered elements have a `shortcode` CSS class.

The YouTube shortcode supports various ways to refer to a video:

    - `{youtube VideoID}`
    - `{youtube youtube.com or youtu.be URL}`

URLs containing an '=' should be quoted, or otherwise the shortcodes
library will parse it as "key=value" pair.

The IFrame shortcode supports the `cap` and `nocap` attributes. `cap`
indicates the required capability the user should have in order to
render the tag. If `nocap` is given, its contents are shown as a message
to users who do not have this tag; without it, the iframe is silently
hidden.

`{iframe src='https://source' cap='subscriber' nocap='Subscribe to view'}`

Merged test code + added HTML class for shortcode iframes
2018-04-03 10:49:00 +02:00
0841d52dd1 Removed unused imports 2018-04-03 10:48:40 +02:00
9ee816d366 Ignore _xxx properties in form generation 2018-03-29 10:38:25 +02:00
5b061af3a5 WIP on using the new nodes.preview_markdown for comments 2018-03-28 22:53:27 +02:00
e69f991aa6 Update flask_wtf to 0.14.2 and make CSRFProtect available to current_app
By default CSRF protection is disabled for all views, since most
web endpoints and all API endpoints do not need it.
On the views that require it, we use the 
current_app.csrf.protect() method.
2018-03-28 22:05:54 +02:00
8288455468 Fixed a KeyError when editing a comment. 2018-03-28 12:36:03 +02:00
d3ff88e5cf Also replace node types when key with underscore changed
Previously all keys starting with an underscore were ignored (so changes
to _created wouldn't count as "different"), but this clashes with saving
Markdown output to _xxx_html keys.
2018-03-27 17:56:38 +02:00
f22dc4d92a Fixed PATCHing comments 2018-03-27 17:42:29 +02:00
540dd28861 Short-circuit check_permissions() when logged in as CLI user
The CLI user should just be able to do anything.
2018-03-27 17:42:12 +02:00
dfaac59e20 Cache Markdown'ed HTML in database
This is done via coercion rules. To cache the field 'content' in the
database, include this in your Eve schema:

    {'content': {'type': 'string', 'coerce': 'markdown'},
     '_content_html': {'type': 'string'}}

The `_content_html` field will be filled automatically when saving the
document via Eve.

To display the cached HTML, and fall back to display-time rendering if it
is not there, use `{{ document | markdowned('content') }}` in your template.

Still needs unit testing, a CLI command for regenerating the caches, and
a CLI command for migrating the node type definitions in existing projects.
2018-03-27 16:34:32 +02:00
08ce84fe31 Drop 'template' from blog node type 2018-03-27 15:56:06 +02:00
d2a0a5ae26 Added CLI command 'maintenance purge_home_projects'
This command soft-deletes home projects when their owning user is no longer
there.
2018-03-27 15:45:32 +02:00
bf498b829c @manager.command and @manager.option are sometimes mutually exclusive
@manager.option also registers the function as command, so the double use
is generally unnecessary.

Furthermore, @manager.command will register CLI options based on the
function parameters, which potentially conflict with the ones registered
with the following @manager.options decorators.

Note that positional arguments should be given in reverse order.
2018-03-27 15:45:32 +02:00
195edf679c Improved replace_pillar_node_type_schemas CLI cmd further 2018-03-27 15:32:36 +02:00
d24715a224 Smarter upgrades of node type definitions
- No changes are applied unless the new --go CLI arg is used.
- Differences to node types are actually shown.
- Dynamic form definitions are kept.
2018-03-27 12:03:18 +02:00
dee0b18429 utils.doc_diff() now also supports list values 2018-03-27 11:50:23 +02:00
de8bff51b5 Added TODO: keep Sentry unconfigured when running CLI commands.
When running CLI stuff the logging is seen by human eyes anyway, so we
don't need to send things to Sentry.
2018-03-27 11:50:23 +02:00
318ccb2d95 Reduce log level
WARNING and higher are sent to Sentry, which isn't necessary here.
2018-03-27 11:50:23 +02:00
12272750c3 T53890: Improving static content serving
Static files are now served with an 8-character hash before the last
extension. For example, `tutti.min.js` is now served as
`tutti.min.abcd1234.js`. When doing a request the hash is removed before
serving the static file.

The hash must be 8 characters long, and is taken from STATIC_FILE_HASH.
It is up to the deployment to change this configuration variable
whenever static files change. This forces browsers that download newly
deployed HTML to also refresh the dependencies (most importantly
JS/CSS).

For this to work, the URL must be built with `url_for('static_xxx',
filename='/path/to/file')`. The 'static' module still returns regular,
hashless URLs.
2018-03-23 17:36:14 +01:00
0cf45c0d78 Use capability check instead of role check in strip_link_and_variations() 2018-03-23 14:23:47 +01:00
e4f229cc70 Fix T51678: 16bit greyscale PNG images thumbnailing fails
generate_local_thumbnails() now uses pathlib and f-string formatting too,
making the code a lot simpler. Furthermore, I removed unused bits of
resize_and_crop() and simplified the rest.
2018-03-22 17:53:14 +01:00
f8ccb8aaaa Follow the convention for error formatting 2018-03-21 20:21:10 +01:00
fb2852acdc Tweak to function docstring 2018-03-21 20:21:10 +01:00
e6edd00e46 Introducing /nodes/preview-markdown
This endpoint receives POST requests and parses the content field
returning it as Markdown. Useful for partially previewing node edits.
2018-03-21 20:21:10 +01:00
d30a11c8f7 Do not index a document if it's empty
The prepare_node_data function returns an empty dict if the node
is not of the INDEX_ALLOWED_NODE_TYPES, or if it's not published, etc.
2018-03-21 02:17:58 +01:00
67a24e9d4e Provide debug log info when nodes are not indexed 2018-03-21 02:15:46 +01:00
2bf0bf1064 Formatting 2018-03-21 02:15:07 +01:00
678f72766e Change elif to if _validate_config
Elif is not needed after a raise.
2018-03-20 10:05:17 +01:00
66e4229b9b Merge branch 'production' 2018-03-18 20:14:17 +01:00
99e0eb7a7a Require SERVER_NAME in the configuration
Since we rely more and more on the presence of SERVER_NAME in the
configuration, we make it a hard requirement, before checking if it is
a FQDN.
2018-03-18 18:53:08 +01:00
6a0e0721e9 Require SERVER_NAME to be a FQDN with TLD
A fully-qualified domain name, including a top-level domain name, is
required for Chrome to accept session cookies. For more info, see
https://stackoverflow.com/questions/27254013/why-does-the-session-cookie-work-when-serving-from-a-domain-but-not-when-using-a#27276450
2018-03-15 11:39:20 +01:00
97091457a8 Check for capabilites instead of roles in allow_link 2018-03-14 22:05:00 +01:00
df6297d40f Fixed project search
The project ID wasn't used at all when searching in a project's context.
2018-03-13 12:24:29 +01:00
257793dcd5 Simplified some code 2018-03-13 12:21:41 +01:00
450dde56b7 Pass our OAuth2 client ID to Blender ID when validating tokens
This is a security measure, as it ensures that valid Blender ID OAuth2
tokens that were not generated for Blender Cloud are rejected.
2018-02-21 10:49:33 +01:00
854bc7cfaf Sentry: include extra user information
We perform authentication of the user while handling the request,
but Sentry calls get_user_info() in a before-request handler. This means
that Sentry would miss user info in many cases. This fixes that.
2018-02-14 13:52:52 +01:00
05187cacea Add comment to config.py to point at SERVER_NAME 2018-02-13 16:51:28 +01:00
f79642d69f Refuse to merge projects when SERVER_NAME is unset 2018-02-13 16:50:37 +01:00
1f2fb774b4 Converted another datetime.utcnow() to utils.utcnow() 2018-02-13 16:50:11 +01:00
de801e41e3 CLI command for moving all nodes+files to another project
`manage.py operations merge_project src_url dst_url` moves all nodes and
files from the project with `src_url` to the project with `dst_url`.
This also moves soft-deleted files/nodes, as it ignores the _deleted
field. The actual files on the storage backend are copied rather than
moved.

Note that this may invalidate the nodes, as their node type definition
may differ between projects. Since we use direct MongoDB queries the
nodes are moved to the new project anyway. This allows for a
move-first-then-fix approach).
2018-02-13 15:52:21 +01:00
cd42ce6cba Moving blobs between nodes now uses storage API
Instead of only being GCS-specific, it now works for all storage
backends.
2018-02-13 15:36:11 +01:00
eb18e5b933 Formatting 2018-02-13 14:36:23 +01:00