1. 06 Dec, 2018 1 commit
    • BAIRE Anthony's avatar
      refactor the permission mixins · 0f544778
      BAIRE Anthony authored
      remove the IsProviderMixin and introduce 3 new mixins:
      - UserAccessMixin     -> must be a registered user
      - ProviderAccessMixin -> user must be a provider
      - AllAccessMixin      -> may or may not be a registered user
      All these 3 mixins will also ensure that the user email is validated.
      The purpose of the AllAccessMixin is to force the validation of the
      email when the user is registered, thus the validation will be
      requested when landing on the webapp_detail page rather than when
      submitting the first job (which would be discarded)
  2. 05 Nov, 2018 1 commit
  3. 24 Oct, 2018 2 commits
  4. 23 Oct, 2018 1 commit
    • BAIRE Anthony's avatar
      fix privacy issues in TagList and TagWebappList · aedd3283
      BAIRE Anthony authored
      webapp lists should never display apps not visible by the request.user
      TagWebappList did not implement such a filter. I added the
      query_webapps_for_user() helper and use it for TagWebappList, TagList
      and WebappList (the list returned by this function is the superset of
      webapps that these views are allowed to display).
  5. 22 Oct, 2018 4 commits
  6. 19 Oct, 2018 2 commits
  7. 18 Oct, 2018 4 commits
    • BAIRE Anthony's avatar
      add links for importing webapp versions on the webapp import page · a2756a09
      BAIRE Anthony authored
      (for convenience)
    • BAIRE Anthony's avatar
    • BAIRE Anthony's avatar
      fix user email validation when importing webapp · 1083d987
      BAIRE Anthony authored
      Checking user.email is not ok because allauth allows multiple
      addresses per user but grants access if any of them is verified.
      -> we need to ensure that the matched address is verified
      Thus a (non-admin) user can import a webapp only if the two
      conditions are met:
      - the user is allowed to create webapps (verified by IsProviderMixin)
      - the user has a verified email address that matches the owner
        address of the imported webapp
    • BAIRE Anthony's avatar
      fix the validation of allauth emails · 6b4fa212
      BAIRE Anthony authored
      Allauth supports multiple email addresses per user. While this is
      not intended in allgo, it is still possible to configure multiple
      addresses using the /accounts/email/ endpoint.
      Problem: even with ACCOUNT_EMAIL_VERIFICATION="mandatory", allauth
      does not ensure that all addresses are verified. It only ensure
      that *any* address is verified.
      --> even if the user is validted by all auth, we still need to ensure
      that the relevant address is verified before granting access
  8. 16 Oct, 2018 2 commits
  9. 15 Oct, 2018 4 commits
  10. 10 Oct, 2018 1 commit
    • BERJON Matthieu's avatar
      Bug fix on job version testing · d9df98f7
      BERJON Matthieu authored
      This patch suggests two bug fixes. The first one return an empty string
      in the case of the user doesn't send any parameters for the application.
      The second bug fix is related to the test of an existing commited app version.
      The test of the existing version wasn't done before requesting the app
      version itself. This patch corrects it.
      Signed-off-by: BERJON Matthieu's avatarMatthieu Berjon <matthieu.berjon@inria.fr>
  11. 09 Oct, 2018 3 commits
  12. 08 Oct, 2018 2 commits
  13. 28 Sep, 2018 3 commits
  14. 27 Sep, 2018 10 commits