cecf81a07d
Initial tests for OAuthSignIn
2017-08-25 10:55:35 +02:00
45275c3831
Switch to class-based OAuthUserResponse
...
Instead of returning an arbirary number of items, we provide a standardized and better documented response.
2017-08-25 10:55:35 +02:00
99866542a1
Style Google oauth login
2017-08-25 10:53:30 +02:00
6b3e523036
Remove Flask-OAuthlib and oauth_blender_id from Pillar
...
We switch completely to a rauth-based approach, allowing multiple providers for authentication.
2017-08-25 10:53:22 +02:00
6e9a539d61
Fix typo
2017-08-25 10:52:52 +02:00
c9b2eb25b2
Add default OAUTH_CREDENTIALS in config
2017-08-25 10:51:45 +02:00
23b856b073
Move Blender ID to extensible OAuth
...
Also, added support for Google OAuth.
2017-08-25 10:51:45 +02:00
e0520e265d
Style login page
2017-08-25 10:51:45 +02:00
9b9e0488d3
New login page
...
Exposes all available login providers
2017-08-25 10:51:45 +02:00
c827dc4ed2
Initial work to support multiple OAuth clients
2017-08-25 10:51:45 +02:00
d48a308cc6
Renamed pillar.auth.current_web_user to pillar.auth.current_user
...
This is an in-between change. In the future, we want to always set
g.current_user so that it's never None (but rather an AnonymousUser
instance). However, there is still some code that assumes that when
g.current_user is not None the user is logged in. This should be
addressed first.
2017-08-24 14:28:18 +02:00
b9ae4396e5
Orgs: show "My Organizations" in the user's menu
...
This is shown only when the user is member of or administrator for one or
more organizations, otherwise it's hidden.
2017-08-24 14:28:18 +02:00
95dc799692
Orgs: made org properties for non-admins a bit nicer
2017-08-24 14:28:18 +02:00
be12bd7d99
Orgs: allow users to leave an organization
2017-08-24 14:28:18 +02:00
0445c3bd86
Orgs: assign capabilities to org-subscriber role
2017-08-24 14:28:18 +02:00
694e04cc50
Orgs: UI tweak
2017-08-24 14:28:18 +02:00
598b59c0c6
Orgs: gracefully handle 'not enough seats' error
2017-08-24 14:28:18 +02:00
1e1bd83baf
Orgs: refresh all members' roles after org changed roles
2017-08-24 14:28:18 +02:00
d41e2bbce4
Orgs: fixed "Create New Organization" button
...
It now actually creates the new org and shows it.
2017-08-24 14:28:18 +02:00
5f607fa2cf
Orgs: Moved some JS around, no real semantic changes
2017-08-24 14:28:18 +02:00
cd417bb9db
Orgs: styling tweaks to make member list a bit nicer
2017-08-24 14:28:18 +02:00
65518f2208
Spaces to tabs
2017-08-24 14:28:18 +02:00
30902bc9cd
Orgs: made the admin picker a bit nicer to work with
...
Also it now asks for a confirmation before transferring admin-ship to
the new admin user.
2017-08-24 14:28:18 +02:00
37b1a6e0c1
Orgs: added labels to organization form
2017-08-24 14:28:18 +02:00
f1edb901d1
Orgs: allow setting org admin via web interface / PATCH request
2017-08-24 14:28:18 +02:00
a5d11ec31b
Refactored user search as JQuery plugin
2017-08-24 14:28:18 +02:00
2bf95223b7
Orgs: layout tweaks
2017-08-24 14:28:18 +02:00
08294e2f14
Orgs: allow admins to set seat count and org_roles
2017-08-24 14:28:18 +02:00
1c9f425a40
Orgs: use flask_login.current_user to avoid calling current_user() all the time
2017-08-24 14:28:18 +02:00
4116357447
Orgs: some small fixes, mostly for stability / corner cases
2017-08-24 14:28:18 +02:00
e9cb235640
Added web interface for organizations.
...
It looks like crap, but it allows you to edit the details and the members.
2017-08-24 14:28:18 +02:00
64eab850c5
Orgs: pillar admins can always edit an organization
2017-08-24 14:28:17 +02:00
c6eebc4eae
Orgs: allow setting location field by PATCH
2017-08-24 14:28:17 +02:00
1bd6e07fe2
Orgs: Allow adding individual known users by user ID.
...
This is used for the selection by user search.
2017-08-24 14:28:17 +02:00
1ad13d048f
Some extra type safety checks
2017-08-24 14:28:17 +02:00
cfde720b1d
Orgs: PATCH op to batch-add emails as members now strip()s emails
...
It also refuses to add empty emails.
2017-08-24 14:28:11 +02:00
5d17d892a4
Orgs: Use current_user() in PATCH handler
2017-08-24 14:28:02 +02:00
40172bf8b5
Orgs: Use create-organization capability to control access
...
This is more explicit and future-proof than checking for admin cap.
2017-08-24 14:27:52 +02:00
72404d0fd9
Handle registration of previously unknown organization members.
...
When a new user is created, two things happen:
- before inserting into MongoDB, the organizational roles are given
- after inserting, the organizations are updated to move the user from
`unknown_members` to `members`.
2017-08-24 14:26:19 +02:00
b53d485960
Added access control to organizations Eve endpoints
2017-08-24 14:26:19 +02:00
cf51d1a280
Added utility function current_user() that acts like flask_login.current_user
...
This actually returns an AnonymousUser object, instead of None, when the
user is not logged in.
For compatibility with existing code, this function doesn't set
g.current_user to that AnonymousUser instance. We may decide to do this
later.
2017-08-24 14:26:19 +02:00
efc1890871
Added PATCH support for organizations
...
With a PATCH request you can now:
- assign users,
- remove a user,
- edit the name, description, and website fields.
Only the organization admin user can do this.
2017-08-24 14:26:19 +02:00
93d534fe94
Added Organization Manager.
...
This is a Flamenco/Attract-style Manager object that's instantiated by
the PillarApplication. It can create Organizations and assign/remove
users.
Also I updated the Organization schema to reflect the currently desired
design.
NOTA BENE: this does not include any security/authorisation checks on Eve's
organizations collection.
2017-08-24 14:25:52 +02:00
87afbc52f6
Updated do_badger to take an optional set of roles.
...
The 'role' parameter now must be passed as keyword arg instead of
positional arg. Either 'role' or 'roles' must be given.
2017-08-23 08:59:23 +02:00
15de24214a
Decouple upload_and_process from stream_to_storage
...
The stream_to_storage function is still quite large, and this is a first step at refactoring it. stream_to_storage can be used for files that are uploaded on the server without the /stream endpoint (for example downloaded from a link).
2017-08-22 13:26:12 +02:00
2b09711eb0
Load user capabilities from Pillar config and allow extensions to extend.
...
Default caps can be overridden using the USER_CAPABILITIES name in
config_local.py. These can be extended by Pillar Extensions.
2017-08-22 11:31:17 +02:00
566f2a4835
Late-initialise CLI user & late-import UserClass class
...
This may fix some unit tests issues.
2017-08-22 09:41:38 +02:00
575a7ed1a7
Introduced role-based capability system.
...
It's still rather limited and hard-coded, but it works.
2017-08-18 14:47:42 +02:00
566a23d3b6
Unified user representation for web and API calls
...
Both approaches now use a pillar.auth.UserClass instance. g.current_user
is now always set to that instance, even for web entry points.
This UserClass instance can still be keyed like the old dict, but this is
for temporary compatibility and shouldn't be relied on in new or touched
code.
2017-08-18 13:19:34 +02:00
6473ad3de7
Allow iframes that contain content from our Google Cloud storage.
2017-08-17 12:59:42 +02:00
