2bdfbaea13
Test tearDown: remove all 'application.xxx' submodules from sys.modules
...
This ensures that the modules are reloaded for every test, for better
test separation.
2016-07-07 14:59:22 +02:00
c871089eab
Added AbstractPillarTest.{get,post,put,post,delete} utility functions.
...
These functions set the correct Content-Type header when JSON is given,
add a resp.json() function that also checks the response mime type,
and adds the correct Authorization header.
2016-07-07 14:58:34 +02:00
251f5ac86a
Added app.utils.str2id() to convert IDs on URLs to ObjectId.
...
Raises a BadRequest exception when the ID is malformed.
2016-07-07 14:56:30 +02:00
d95004e62e
Node 'user' property now defaults to the current user ID.
2016-07-06 15:19:28 +02:00
57e2f01153
Bug fix: users loose their project groups after getting role.
...
The badger service erased the user's groups when assigning subscriber
group membership.
2016-07-06 12:35:16 +02:00
91238aacb7
Managing home project permissions when granting/revoking subscriber/demo role.
...
This is hooked into the badger service using a Blinker signal. This signal
also needs to be sent from a PUT on the user document.
2016-07-06 11:05:24 +02:00
dda0e2c868
When creating user from BlenderID, full_name defaults to username.
2016-07-05 12:36:32 +02:00
27d6289f17
Fixed KeyError in user_has_role()
2016-06-30 18:10:11 +02:00
387cee227a
Set default picture on image asset and texture nodes.
2016-06-30 11:55:36 +02:00
3bb0e588d8
Fixed unittests for disabled AB-testing
2016-06-29 16:43:41 +02:00
57cf9a3547
Prevent home project without URL.
2016-06-28 15:01:02 +02:00
18c7ca17e9
Allow Blender Sync access to non-subscribers.
2016-06-28 14:25:13 +02:00
5e506abac9
AB-testing for home project
...
Only allows access to the home project to user with role 'homeproject'.
2016-06-28 14:12:29 +02:00
83618a5639
Home project: allow comment nodes
2016-06-28 14:12:29 +02:00
1a48c37bd6
Allow resuscitation of deleted home projects.
2016-06-28 14:12:29 +02:00
a104f54fb0
Force URL of home projects to 'home'
2016-06-28 14:12:29 +02:00
9ed73eb7dd
Home project: allow projections.
2016-06-28 14:12:29 +02:00
b4faf2245e
Home project: create it when user tries to GET it.
2016-06-28 14:12:29 +02:00
3980133100
Moved creation of standard groups in unittests
2016-06-28 14:12:29 +02:00
36a2e028d4
Added sync_role_groups management command.
...
This ensures that group membership is consistent with the user's roles.
The roles are leading in this.
2016-06-14 16:41:37 +02:00
ba1f8a4101
Badger service: also manage group membership
...
For the subscriber, demo and admin roles, the badger service now also
manages group membership for the role-specific groups.
2016-06-14 15:39:22 +02:00
222d9efc89
Implemented badger service endpoint
...
Also added manage.py command to create badger service accounts.
2016-06-06 16:34:50 +02:00
fb020ae4b4
Added unit test for refreshing links upon fetching a file document.
2016-05-31 17:56:24 +02:00
9775c821af
Fixed unit test
2016-05-30 14:32:53 +02:00
f98b2a09ca
Allow a user to remove themselves from any project they're in.
2016-05-24 11:18:56 +02:00
fc4dfd3964
Prevent creation of superfluous user while testing
2016-05-24 11:18:28 +02:00
f1e58d7285
Fixed unittest
2016-05-23 15:21:56 +02:00
858a7b4bfb
Delete expired authentication tokens from MongoDB.
...
For debugging, we keep expired tokens around for a few days, so that we
can determine that a token was expired rather than not created in the
first place. It also grants some leeway in clock synchronisation.
2016-05-23 11:42:35 +02:00
c44a1d870b
Update MIME type for .blend to application/x-blender
2016-05-13 11:52:06 +02:00
5b2d7447e6
Projects: limit returned projects to allowable projects.
...
Before this, if there was any project returned by a query on /projects
that the user did not have access to, a 403 would be returned. Now we
just don't include that project in the result.
2016-05-11 11:41:19 +02:00
d3b3e0ff4f
Commented out strip_link_and_variations(), to wait until we have is_public on files.
2016-05-10 13:38:07 +02:00
9362f9b539
Remove links from returned file docs when user is not subscriber/demo/admin.
...
For unauthenticated/non-subscriber users, image file documents retain
their variations. All other documents have ther variations stripped.
Also the links + expiry info to the original file are removed for all
file types.
2016-05-10 12:35:21 +02:00
0dcb972e76
Project: Don't revert the is_private field.
...
This also reverts the changes of override_is_private_field().
2016-05-10 10:47:26 +02:00
a90f13486a
Fixed typo call to check_permissions()
...
Also added unit test to cover the function containing the typo.
2016-05-09 12:52:44 +02:00
899497b3b1
Implemented merging of permissions.
...
Permissions are now merged between project, node type and node, instead
of having the lower-level permissions override the higher-level
permissions.
2016-05-06 18:15:50 +02:00
1bb2979428
Slight improvement to project group mgmnt tests
2016-05-06 12:43:45 +02:00
a2ce18196a
Simplified permissions for projects.
...
Instead of the additional 'is_private' field, we now just use
the permission system and set/remove world GET permissions.
'is_private' is still kept for backward compatibility and possibly
easy querying for public projects, and is always set based on
world GET permissions.
2016-05-06 12:42:16 +02:00
2580466469
User management for projects
...
Support for retrieving user of a project.
2016-05-06 10:30:05 +02:00
0b1664a83c
Add project_manage_users endpoint
...
Manage users of a project. In this initial implementation, we handle
addition and removal of a user to the admin group of a project. No
changes are done on the project itself.
2016-05-04 17:04:10 +02:00
d0d8b7d11d
Added missing unit test for content type overrides.
2016-05-03 11:23:26 +02:00
0389b05b14
Save temporary files in STORAGE_DIR
...
This makes it trivial to save uploaded files to STORAGE_DIR, as the
temporary files Flask saves them in are already there.
2016-05-03 11:22:54 +02:00
3e8494e3bf
Use soft-delete for nodes
2016-05-02 17:06:59 +02:00
53aa0dae3b
Deducting asset node content type from file content type.
2016-05-02 12:30:52 +02:00
681754eade
Removed some obsolete unit tests.
2016-05-02 11:13:19 +02:00
401bfeea98
File streaming to Google Cloud Storage
...
Also simplifies some code since we're only going to support GCS.
2016-05-02 11:13:19 +02:00
cf203b04f8
Be less secretive about users; allow limited anonymous /users/id access.
...
Anonymous users can now obtain full_name and email fields from any
user. Authenticated users can also obtain those fields from other
users, and all info about themselves.
2016-04-26 17:27:56 +02:00
d5c2df371a
Small test change: do as little as possible in an app test context.
2016-04-26 12:38:44 +02:00
e600d87592
Secure write access to /users endpoint
...
- Admins can PUT everything
- Users can only PUT themselves
- The 'auth' field is always taken from the original, and never overwritten
by the PUT. It can be missing from the request, so you can GET and then
PUT the same data.
- Nobody can POST or DELETE users
2016-04-26 12:38:44 +02:00
5c04cdbd6e
Secure read access to /users endpoint.
...
- auth field is never returned
- unauthenticated access is rejected
- non-admin users can only access themselves
2016-04-26 12:38:44 +02:00
2a2d35827c
Added local accounts
2016-04-26 12:34:16 +02:00
