- Admins can PUT everything
- Users can only PUT themselves
- The 'auth' field is always taken from the original, and never overwritten
by the PUT. It can be missing from the request, so you can GET and then
PUT the same data.
- Nobody can POST or DELETE users
This also updates Cerberus to 0.9.2 and simplejson to 3.8.2.
I've also changed the way we get to the application object, by replacing
from application import app
with
from flask import current_app
Links are only regenerated after they have expired. For backward
compatibility the links are also generated when there is no expiry
or link. Every file has only one expiry timestamp for all its links.
In the future we might want to inspect the used projection, to see
whether the client needs those links at all (prevents unnecessary
regeneration), and to force inclusion of the expiry timestamp when
links are requested.
It is now possible to specify an encoding backend (at the moment only
zencoder) to take care of video variations encoding. Files transfer
happens directly on CGS (although any storage backend can be
supported). New requirements is the Zencoder Python library.
We are now using a more document-based approach to define projects. In
the new projects collection we store the definition of a project and
embed the node_types. This allows for custom node_types for every
single project. This change has a certain impact on the custom
validators, as well as the permission computation.
Further, Cerberus 0.9.1 is required in order to properly support the
allow_unknown statements in the projects_schema definition.
We are ditching the excessively normalised data structure for files.
Now file variations are embedded in the original file document for
improved performance.
This property can be combined to the backend for locating the file
within the backed. Originally introduced to support Google Cloud
Storage (where every project is store in its own bucket, named after
the project id).
We are replacing the existing mixed BaseAuth TokenAuth authentication
logic and permissions system with a more streamlined solution, based on
user id and groups checking against node_type stored permissions. Such
permissions can be overridden on the node level (and complement the
public GET operations on the node entry point).
Introducing the asset of type file creation. This involves making a
node collection entry of type asset, as well as a file collection
entry, plus all the needed variations if such file is an image or a
video. Further, depending on the storage backend (pillar or other) we
synchronise the files there using rsync. Currently this functionality
is available only via pillar-web, since a web interface is needed to
upload the file in a storage folder, which is shared between the two
applications.
We updated the way files are stored in the files collection. Any
derived variation of a file (different encoding or size) is stored as
new record, referencing the original as a parent.
We also added a generate_link method, which is in charge of providing
the client API with the actual link to the backend specified by the
file.
