1. 06 Dec, 2018 7 commits
    • BAIRE Anthony's avatar
    • BAIRE Anthony's avatar
      Manage ToS validation in the user_need_validation page · 5491ff41
      BAIRE Anthony authored
      - remove the HasSignedTosMixin and to the verifications in
        AllgoAccessMixin instead (along with email verification)
      - add Tos.get_latest() and User.has_agreed_tos
      - ignore ToS agreement if the db has no ToS entries
    • BERJON Matthieu's avatar
      Adding a mixin and view for the ToS validation · 5c12d3c5
      BERJON Matthieu authored and BAIRE Anthony's avatar BAIRE Anthony committed
      I added a mixin that checks if the user has accepted the latest ToS
      version. If not the user is redirected to the ToS validation view. Once
      accepted the user is redirected to the page he asked first.
      I updated all the `login required` views by adding this new mixin.
      One major issue of this code that the redirection argument passed to the
      ToS validation view is the url name which is not a good practice I
      think. A better case would to use the path but I wasn't able to write
      the right regex in the url dispatcher.
      Another issue is that the user won't be redirected at login or sign up
      to the ToS validation view. This should be handled in the `adapter.py`
      Signed-off-by: BERJON Matthieu's avatarMatthieu Berjon <matthieu.berjon@inria.fr>
    • BERJON Matthieu's avatar
      Adding the ToS view · f1425cc9
      BERJON Matthieu authored and BAIRE Anthony's avatar BAIRE Anthony committed
      I added a view to display the latest version of the ToS. This include a
      specific url, its related view and template. I edited the footer as well
      to add a link to the ToS.
      Signed-off-by: BERJON Matthieu's avatarMatthieu Berjon <matthieu.berjon@inria.fr>
    • BAIRE Anthony's avatar
      add an intermediate 'user_need_validation' page for email validation · 4e2e61d1
      BAIRE Anthony authored
      There are multiple reasons:
      - we can use the same page for validating the 'Terms of Use'
      - the user may already have received the message
      - we should do the same validation on the API too (but API should not
        send any email but just display the error message)
    • BAIRE Anthony's avatar
      replace User.provider_addresses with User.email_addresses · 3778463e
      BAIRE Anthony authored
      email.addresses lists all email addresses belonging to the user
      thus we can make more generic queries
      also adds EmailAddress.is_provider
    • BAIRE Anthony's avatar
      refactor the permission mixins · 0f544778
      BAIRE Anthony authored
      remove the IsProviderMixin and introduce 3 new mixins:
      - UserAccessMixin     -> must be a registered user
      - ProviderAccessMixin -> user must be a provider
      - AllAccessMixin      -> may or may not be a registered user
      All these 3 mixins will also ensure that the user email is validated.
      The purpose of the AllAccessMixin is to force the validation of the
      email when the user is registered, thus the validation will be
      requested when landing on the webapp_detail page rather than when
      submitting the first job (which would be discarded)
  2. 23 Oct, 2018 1 commit
    • BAIRE Anthony's avatar
      fix privacy issues in TagList and TagWebappList · aedd3283
      BAIRE Anthony authored
      webapp lists should never display apps not visible by the request.user
      TagWebappList did not implement such a filter. I added the
      query_webapps_for_user() helper and use it for TagWebappList, TagList
      and WebappList (the list returned by this function is the superset of
      webapps that these views are allowed to display).
  3. 22 Oct, 2018 1 commit
  4. 18 Oct, 2018 2 commits
  5. 27 Sep, 2018 3 commits
  6. 26 Sep, 2018 1 commit
    • BAIRE Anthony's avatar
      Allow importing a webapp from a legacy allgo instance · 51f51d9c
      BAIRE Anthony authored
      This adds two views:
      - WebappImport for importing the webapp (but without the versions).
        The import is allowed if the requesting user has the same email
        as the owner of the imported app. The webapp is created with
        imported=True, which enables the WebappVersionImport view
      - WebappVersionImport for requisting the import of webapp version.
        This only creates the WebappVersion entry with state=IMPORT
        (the actual import is performed by the controller)
      A version may be imported multiple times. In that case, the newly
      imported version overwrite the local version with the same number.
      This features requires:
      - that the rails server implements !138
      - that the docker daemon hosting the sandboxes is configured with
        credentials for pulling from the legacy registry
  7. 20 Sep, 2018 2 commits
  8. 19 Sep, 2018 3 commits
  9. 18 Sep, 2018 4 commits
  10. 17 Sep, 2018 4 commits
    • BAIRE Anthony's avatar
      remove WebappVersion.url · ade74d2d
      BAIRE Anthony authored
      (was not used at all)
    • BAIRE Anthony's avatar
      fix integrity issue · 914e9efc
      BAIRE Anthony authored
      because django sets a foreign key constraint on sandbox_version_id
      we may have issues if it refers to a version we want to delete
    • BAIRE Anthony's avatar
      derive docker tags names from WebappVersion.id · b7b30d3e
      BAIRE Anthony authored
      With this change docker images are no longer
      named as: <Webapp.docker_name>:<WebappVersion.number>
      but       <Webapp.docker_name>:id</WebappVersion.id>
      This is only for storage, for the user we still present the image as
      There are multiple reasons to do that:
      - this simplifies the controller design, because docker images are no
        longer replaced (once an image is committed with tag, 'id<SOMETHING>'
        it won't be modified anymore) -> thus it is no longer necessary to
        track the image state carefully (when pushing/pulling from/to the
      - this prevent reusing dangling images from a removed webapp (because we
        now have a strong guarantee that the image tags are unique)
      - this will avoid nasty race conditions when we implement direct 'push'
        to the registry (because we then assign the new image id before the
        manifest is actually pushed, if a push and commit are done in the same
        time we will keep the latest one, i.e. with the highest id)
      - this will make easy to implement image recovery: we can keep removed
        images in the registry for some time (eg: 1 month) before they are
        really deleted
      Note: the REPLACED state is no longer transient (since we now keep the
      replaced images in the db and since we may still have remaining
      job/sandboxes using them). Maybe we can rename it as DELETED when we
      implement #265.
    • BERJON Matthieu's avatar
      Creating a JobAuthorization mixin · 2f6ffa5f
      BERJON Matthieu authored
      I created a `JobAuthorizationMixin` that overrides the `dispatch` method
      to check of a user can access a given job. It sends a 403 error if he
      Signed-off-by: BERJON Matthieu's avatarMatthieu Berjon <matthieu.berjon@inria.fr>
  11. 12 Sep, 2018 4 commits
  12. 10 Sep, 2018 1 commit
  13. 06 Sep, 2018 2 commits
  14. 20 Aug, 2018 1 commit
    • BERJON Matthieu's avatar
      Updating the tag views · 9f60450c
      BERJON Matthieu authored
      I updated the tag views by importing the `Tag` model provided by the
      Taggit plugin, deleted the `WebappTag` model and `TagForm` form that are
      I updated the `WebappUpdate` view to follow the recommendation given by
      the Taggit plugin documentation. The `TagList` now uses directly the
      `Tag` model and send both the tag fields and a count of each tag
      I removed the `TagAdd` list that is obsolete. I updated the
      `TagWebappList` that returns simply a list of all `Webapp`objects for a
      given tag.
      Signed-off-by: BERJON Matthieu's avatarMatthieu Berjon <matthieu.berjon@inria.fr>
  15. 16 Aug, 2018 1 commit
  16. 08 Aug, 2018 1 commit
  17. 07 Aug, 2018 2 commits
    • BAIRE Anthony's avatar
      controller: always update the redis db after processing a job · dbb92573
      BAIRE Anthony authored
      This way we get redis updates when a job is deleted and this also
      prevents inserting a 'DONE' state when the job is not done
      Note: we never update the redis job state key from the django server to
      avoid race conditions
    • BAIRE Anthony's avatar
      Add the job_list events channel · 56ae85bf
      BAIRE Anthony authored
      This updates the job_list page in real time when the state of any
      displayed job changes:
      - update the status icon
      - show/hide the abort button
      - enable/disable the delete button
      - remove job from the list when destroyed