Sybren A. Stüvel
dda0e2c868
When creating user from BlenderID, full_name defaults to username.
2016-07-05 12:36:32 +02:00
Sybren A. Stüvel
27d6289f17
Fixed KeyError in user_has_role()
2016-06-30 18:10:11 +02:00
Sybren A. Stüvel
387cee227a
Set default picture on image asset and texture nodes.
2016-06-30 11:55:36 +02:00
Sybren A. Stüvel
3bb0e588d8
Fixed unittests for disabled AB-testing
2016-06-29 16:43:41 +02:00
Sybren A. Stüvel
57cf9a3547
Prevent home project without URL.
2016-06-28 15:01:02 +02:00
Sybren A. Stüvel
18c7ca17e9
Allow Blender Sync access to non-subscribers.
2016-06-28 14:25:13 +02:00
Sybren A. Stüvel
5e506abac9
AB-testing for home project
...
Only allows access to the home project to user with role 'homeproject'.
2016-06-28 14:12:29 +02:00
Sybren A. Stüvel
83618a5639
Home project: allow comment nodes
2016-06-28 14:12:29 +02:00
Sybren A. Stüvel
1a48c37bd6
Allow resuscitation of deleted home projects.
2016-06-28 14:12:29 +02:00
Sybren A. Stüvel
a104f54fb0
Force URL of home projects to 'home'
2016-06-28 14:12:29 +02:00
Sybren A. Stüvel
9ed73eb7dd
Home project: allow projections.
2016-06-28 14:12:29 +02:00
Sybren A. Stüvel
b4faf2245e
Home project: create it when user tries to GET it.
2016-06-28 14:12:29 +02:00
Sybren A. Stüvel
3980133100
Moved creation of standard groups in unittests
2016-06-28 14:12:29 +02:00
Sybren A. Stüvel
36a2e028d4
Added sync_role_groups management command.
...
This ensures that group membership is consistent with the user's roles.
The roles are leading in this.
2016-06-14 16:41:37 +02:00
Sybren A. Stüvel
ba1f8a4101
Badger service: also manage group membership
...
For the subscriber, demo and admin roles, the badger service now also
manages group membership for the role-specific groups.
2016-06-14 15:39:22 +02:00
Sybren A. Stüvel
222d9efc89
Implemented badger service endpoint
...
Also added manage.py command to create badger service accounts.
2016-06-06 16:34:50 +02:00
Sybren A. Stüvel
fb020ae4b4
Added unit test for refreshing links upon fetching a file document.
2016-05-31 17:56:24 +02:00
Sybren A. Stüvel
9775c821af
Fixed unit test
2016-05-30 14:32:53 +02:00
Sybren A. Stüvel
f98b2a09ca
Allow a user to remove themselves from any project they're in.
2016-05-24 11:18:56 +02:00
Sybren A. Stüvel
fc4dfd3964
Prevent creation of superfluous user while testing
2016-05-24 11:18:28 +02:00
Sybren A. Stüvel
f1e58d7285
Fixed unittest
2016-05-23 15:21:56 +02:00
Sybren A. Stüvel
858a7b4bfb
Delete expired authentication tokens from MongoDB.
...
For debugging, we keep expired tokens around for a few days, so that we
can determine that a token was expired rather than not created in the
first place. It also grants some leeway in clock synchronisation.
2016-05-23 11:42:35 +02:00
Francesco Siddi
c44a1d870b
Update MIME type for .blend to application/x-blender
2016-05-13 11:52:06 +02:00
Sybren A. Stüvel
5b2d7447e6
Projects: limit returned projects to allowable projects.
...
Before this, if there was any project returned by a query on /projects
that the user did not have access to, a 403 would be returned. Now we
just don't include that project in the result.
2016-05-11 11:41:19 +02:00
Sybren A. Stüvel
d3b3e0ff4f
Commented out strip_link_and_variations(), to wait until we have is_public on files.
2016-05-10 13:38:07 +02:00
Sybren A. Stüvel
9362f9b539
Remove links from returned file docs when user is not subscriber/demo/admin.
...
For unauthenticated/non-subscriber users, image file documents retain
their variations. All other documents have ther variations stripped.
Also the links + expiry info to the original file are removed for all
file types.
2016-05-10 12:35:21 +02:00
Sybren A. Stüvel
0dcb972e76
Project: Don't revert the is_private field.
...
This also reverts the changes of override_is_private_field().
2016-05-10 10:47:26 +02:00
Sybren A. Stüvel
a90f13486a
Fixed typo call to check_permissions()
...
Also added unit test to cover the function containing the typo.
2016-05-09 12:52:44 +02:00
Sybren A. Stüvel
899497b3b1
Implemented merging of permissions.
...
Permissions are now merged between project, node type and node, instead
of having the lower-level permissions override the higher-level
permissions.
2016-05-06 18:15:50 +02:00
Sybren A. Stüvel
1bb2979428
Slight improvement to project group mgmnt tests
2016-05-06 12:43:45 +02:00
Sybren A. Stüvel
a2ce18196a
Simplified permissions for projects.
...
Instead of the additional 'is_private' field, we now just use
the permission system and set/remove world GET permissions.
'is_private' is still kept for backward compatibility and possibly
easy querying for public projects, and is always set based on
world GET permissions.
2016-05-06 12:42:16 +02:00
Francesco Siddi
2580466469
User management for projects
...
Support for retrieving user of a project.
2016-05-06 10:30:05 +02:00
Francesco Siddi
0b1664a83c
Add project_manage_users endpoint
...
Manage users of a project. In this initial implementation, we handle
addition and removal of a user to the admin group of a project. No
changes are done on the project itself.
2016-05-04 17:04:10 +02:00
Sybren A. Stüvel
d0d8b7d11d
Added missing unit test for content type overrides.
2016-05-03 11:23:26 +02:00
Sybren A. Stüvel
0389b05b14
Save temporary files in STORAGE_DIR
...
This makes it trivial to save uploaded files to STORAGE_DIR, as the
temporary files Flask saves them in are already there.
2016-05-03 11:22:54 +02:00
Sybren A. Stüvel
3e8494e3bf
Use soft-delete for nodes
2016-05-02 17:06:59 +02:00
Sybren A. Stüvel
53aa0dae3b
Deducting asset node content type from file content type.
2016-05-02 12:30:52 +02:00
Sybren A. Stüvel
681754eade
Removed some obsolete unit tests.
2016-05-02 11:13:19 +02:00
Sybren A. Stüvel
401bfeea98
File streaming to Google Cloud Storage
...
Also simplifies some code since we're only going to support GCS.
2016-05-02 11:13:19 +02:00
Sybren A. Stüvel
cf203b04f8
Be less secretive about users; allow limited anonymous /users/id access.
...
Anonymous users can now obtain full_name and email fields from any
user. Authenticated users can also obtain those fields from other
users, and all info about themselves.
2016-04-26 17:27:56 +02:00
Sybren A. Stüvel
d5c2df371a
Small test change: do as little as possible in an app test context.
2016-04-26 12:38:44 +02:00
Sybren A. Stüvel
e600d87592
Secure write access to /users endpoint
...
- Admins can PUT everything
- Users can only PUT themselves
- The 'auth' field is always taken from the original, and never overwritten
by the PUT. It can be missing from the request, so you can GET and then
PUT the same data.
- Nobody can POST or DELETE users
2016-04-26 12:38:44 +02:00
Sybren A. Stüvel
5c04cdbd6e
Secure read access to /users endpoint.
...
- auth field is never returned
- unauthenticated access is rejected
- non-admin users can only access themselves
2016-04-26 12:38:44 +02:00
Francesco Siddi
2a2d35827c
Added local accounts
2016-04-26 12:34:16 +02:00
Francesco Siddi
aa47c2b4a6
Allow overriding Eve settings from env in test
...
Environment variables for Eve settings are now used in unit tests.
2016-04-26 12:34:16 +02:00
Sybren A. Stüvel
c83f64d36f
Allow deletion of projects by members of its admin group.
2016-04-25 16:41:57 +02:00
Sybren A. Stüvel
31e802619e
Support soft-deleting projects.
...
See http://python-eve.org/features.html#soft-delete for more info.
2016-04-25 16:14:05 +02:00
Sybren A. Stüvel
5116b74d1d
Updated Eve to 0.6.3
...
This also updates Cerberus to 0.9.2 and simplejson to 3.8.2.
I've also changed the way we get to the application object, by replacing
from application import app
with
from flask import current_app
2016-04-25 16:14:05 +02:00
Sybren A. Stüvel
a6258f5193
Limit project editing for subscribers.
...
Certain fields are limited for subscribers. Also, subscribers are checked
against the project permissions.
Users with the 'admin' role can edit all fields, on any project.
2016-04-25 16:14:05 +02:00
Sybren A. Stüvel
4edb8cfd39
Ensure that the returned project contains the correct etag.
...
The etag of the post_internal response was used, which is NOT the
same as the etag of the project document itself.
2016-04-25 16:14:05 +02:00