entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity
2,852 Commits 190 Branches 448 Tags 29 MiB
Commit Graph

2852 Commits

Author SHA1 Message Date
Benjamin Dauvergne 863ff010d4 update minimum dependencies versions 2015-08-06 09:53:55 +02:00
Benjamin Dauvergne 6e9de8148c a2_rbac: expose more fields of the OrganizationalUnit model in admin (fixes #7886) 2015-08-06 09:53:55 +02:00
Benjamin Dauvergne 0bb88003fb use a special logger to make DEBUG log activation dynamic (fixes #8028) 
Adds a new logger called DjangoLogger which check if the level is a
SettingsLogLevel object, in this case it checks a Django setting to
known if it should return DEBUG intead of the default log level.

The authentic2.logger module must be imported before using the logging
module so that all created logger use our new class. To achieve that
import is done in authentic2-ctl and wsgi.py which are the entrypoints
for authentic2.
 2015-08-06 09:49:04 +02:00
Benjamin Dauvergne dd35877002 manager: improve test on user creations (#7861) 2015-07-19 00:54:31 +02:00
Benjamin Dauvergne 7cd1455acf manager: remove disabledness of the entity field in user creation form for superusers (fixes #7861) 
It also fixes usability problems for administrator of one or many entities.
 2015-07-19 00:53:42 +02:00
Benjamin Dauvergne 1b5a1d28d1 authentic2_idp_cas: accept URL without the trailing slashes to conform to the specification (fixes #7822) 2015-07-15 13:16:41 +02:00
Benjamin Dauvergne 8d6b0aacd3 Move check of SAML2 settings in the a2.idp.saml package 2015-07-15 12:39:20 +02:00
Benjamin Dauvergne a166dc3d8f make tox run tests of new application authentic2_provisionning_ldap (#6596) 2015-07-15 12:39:09 +02:00
Benjamin Dauvergne 1f087fb930 add new application authentic2_provisionning_ldap (fixes #6596) 
Goal is to allow synchronizing users from the authentic2 db to an LDAP
directory. The application also contain helper class to do unittest
against an OpenLDAP server, for this OpenLDAP must be installed on your
computer.
 2015-07-15 12:39:03 +02:00
Benjamin Dauvergne deac10b152 utils: add a helper function to convert a dictionnary of list into a dictionnary of sets (#6596) 
It helps for comparing dictionnaries of values, for example with LDAP.
 2015-07-15 12:39:01 +02:00
Benjamin Dauvergne ea1b2969d2 utils: add helper function to lowercase the keys of a dictionnary (#6596) 2015-07-15 12:38:59 +02:00
Benjamin Dauvergne a0068d2331 utils: add an helper function to cut an iterable as batch iterable of fixed sizes (#6596) 2015-07-15 12:38:58 +02:00
Benjamin Dauvergne 9d85cf59b6 attributes_ng: lower level of log to debug when topological sort fails (#6596) 
When a dependency is absent the topological sort cannot succeed.
 2015-07-15 12:38:44 +02:00
Benjamin Dauvergne 66629fa7e9 django_rbac: augment timeout for massive role parenting test 2015-07-13 10:57:56 +02:00
Benjamin Dauvergne 3d4e76c5a4 manager: do not clobber the json module with the json decorator 2015-07-08 13:43:43 +02:00
Benjamin Dauvergne 63de63e97b add missing migrations 2015-07-08 13:38:00 +02:00
Benjamin Dauvergne 0d7af4c8ce templates: test if add_to_blocks exist in the renderblock templatetag (fixes #7809) 
It makes the renderblock template tag not fail when addtoblock has never been
called.
 2015-07-08 12:36:05 +02:00
Benjamin Dauvergne 5ed1397b91 api_views: add a user API endpoint (fixes #7806) 
The endpoint supports JSON with CORS or JSONP with Referer validation.
Browser or proxy not sending Referer headers will be forbidden to access
the view. Cross-origin check are disabled when DEBUG=True. It also means
that just viewing it in you browser is forbidden (as the browser will
not send the Referer or Origin header).
 2015-07-08 12:36:05 +02:00
Benjamin Dauvergne a5a58a1551 manager: use new json decorator on menu_json (#7805) 2015-07-08 12:36:05 +02:00
Benjamin Dauvergne fdbb3eb878 add support for CORS request by JSON or JSONP (fixes #7805) 
JSONP is checked against the Referer header and JSON against the Origin
header.
 2015-07-08 12:36:05 +02:00
Benjamin Dauvergne 1fd9f509e7 decorators: add SessionCache decorator to cache function's values in session (fixes #7808) 2015-07-08 12:32:27 +02:00
Benjamin Dauvergne e82c73f8ea decorators: allow cache decorators to vary the key on a subset of args or kwargs (fixes #7807) 2015-07-08 11:56:54 +02:00
Benjamin Dauvergne 6e5d15e354 update translations 2015-07-07 17:28:52 +02:00
Benjamin Dauvergne 9899d2a765 a2_rbac: do not create management roles for the Service content type (fixes #7803) 
The service management does not provide any functionnality not already
provided by the role management views, so we will hide for now.
 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 31a9ac2fca a2_rbac: move connection of post_migrate_update_rbac in the management module (fixes #7802) 
django.contrib.contenttypes post migrate handler is connected in its
management module, which make it run always after the
post_migrate_update_rbac which need ContentType objects to have been
initialized.
 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne e3a7b20241 django_rbac: use assertLess to compare timings (#7747) 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 3536904a67 a2_rbac: initialize management roles with their translated name (fixes #7801) 
Currently content type related management roles are not translated (they
used gettext instead of ugettext_lazy in the dictionnary defining
content types and their role names).
 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 37148ef6db manager: improve stylesheet for dialog boxes (fixes #7800) 
- new rule to set width of input and select widget in dialog boxes
- reset font-family and font-size to pass over jquery-ui theme
 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne ff649b5839 manager: improve user's experience when there is 1 OU (fixes #7788) 
- hide the OU column
- select the first OU (it also improves the case of OU administrators)
- set the OU selector to readonly and disabled
- remove OU selectors from search forms
 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 22dff1dd9f update translations (#7787) 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 910dfdee41 a2_rbac: do not create OU management roles when there is less than 2 OUs (fixes #7793) 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 553887fd61 a2_rbac: allow limiting permissions of OU managers (fixes #7787) 
A new setting is added named A2_RBAC_MANAGED_CONTENT_TYPES, it
is a list of pairs of (app, model_name) which specify which object
permissions should be created and associated to the super-user role.

A new global super-user role is also added by this patch.

If A2_RBAC_MANAGED_CONTENT_TYPES is None (the default value), roles
sub-roles are created for each registered contents (currently user,
roles, organizational units, and services). If
A2_RBAC_MANAGED_CONTENT_TYPES is the empty tuple, no role is created
at all.

To limit permissionsto users and roles, set:

    A2_RBAC_MANAGED_CONTENT_TYPES = (
        ('custom_user', 'user'),
        ('a2_rbac', 'role')
    )
 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 58c5fec447 manager: override the authorize() method in BaseDeleteView (fixes #7792) 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne c22f34cca4 manager: add permission restriction to all service's roles view and all role members and administrators views (fixes #7758) 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 5b4a23f7c6 a2_rbac: pep8ness 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne ff6ca45868 a2_rbac: give view user permissions to role administrators (fixes #7759) 
The permission is scoped if the role is scoped.
 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne e7ceeecf89 a2_rbac: allow specifying extra permissions when building an admin role (#7759) 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 113d6457cb manager: show role's service in the role search field (fixes #7761) 
We could also show the organizational unit, but for now we will just
show the service.
 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 078b4a72b3 Add a warning when using default SAML certificates (fixes #6976) 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne e24e8e1265 a2_rbac: fix missing definition of Permission (fixes #7791) 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne 99940156c4 django_rbac: add scope to Permission unicode value (fixes #7799) 
It helps debugging.
 2015-07-07 17:28:41 +02:00
Benjamin Dauvergne f43b75476f django_rbac: rename Permission.role related manager to .roles (#7799) 2015-07-07 17:28:38 +02:00
Benjamin Dauvergne 3617c3b446 django_rbac: add a proper hierarchy between operations (#7799) 
admin imply all other operations, add, change and delete imply view.
 2015-07-07 17:28:35 +02:00
Benjamin Dauvergne c482c50757 django_rbac: fix hiding of exceptions by decorator defer_update_transitive_closure (fixes #7790) 2015-07-07 17:16:07 +02:00
Benjamin Dauvergne 0b89a8e609 Fix wrong count in tests update in 918c5d19d 2015-07-03 15:08:28 +02:00
Benjamin Dauvergne 634635d93d Add missing template (#7741) 2015-07-03 15:07:51 +02:00
Benjamin Dauvergne 918c5d19d4 tests: fix to comply with a9233953 and cd6b32295 
- GlobalCache decorator with vary by hostname is inactive in non request
  context
- password reset now show an intermediate page when redirecting to
  another domain, with a message for the user
 2015-07-03 13:33:05 +02:00
Benjamin Dauvergne 2a59a7b1a0 update translations 2015-07-03 12:01:17 +02:00
Benjamin Dauvergne 5b01578256 update translation (fixes #7750) 2015-07-03 11:53:46 +02:00
Benjamin Dauvergne 7db3c07704 utils: in login() store the user last login in session (#7750) 
We have to store it in the session before auth_login() overwrite it if
we want to show it in the template.
 2015-07-03 11:53:46 +02:00