From 0a5981fd5416c60858c3e460f943692d1c62629d Mon Sep 17 00:00:00 2001 From: tilly-Q Date: Fri, 29 Nov 2013 14:29:56 -0500 Subject: [PATCH 1/4] In this commit I made it so that each deployment can have custom settings for which privileges are given to users when they are intiated. These settings are modified in mediagoblin.ini. --- mediagoblin.ini | 1 + mediagoblin/auth/__init__.py | 1 - mediagoblin/auth/tools.py | 14 +++++++++----- mediagoblin/config_spec.ini | 3 +++ 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/mediagoblin.ini b/mediagoblin.ini index 934858a2..19c3e4b0 100644 --- a/mediagoblin.ini +++ b/mediagoblin.ini @@ -35,6 +35,7 @@ allow_reporting = true ## If you want the terms of service displayed, you can uncomment this # show_tos = true +user_privilege_scheme= "uploader,commenter,reporter" [storage:queuestore] base_dir = %(here)s/user_dev/media/queue diff --git a/mediagoblin/auth/__init__.py b/mediagoblin/auth/__init__.py index be5d0eed..f518a09d 100644 --- a/mediagoblin/auth/__init__.py +++ b/mediagoblin/auth/__init__.py @@ -25,7 +25,6 @@ def create_user(register_form): results = hook_runall("auth_create_user", register_form) return results[0] - def extra_validation(register_form): from mediagoblin.auth.tools import basic_extra_validation diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py index 88716e1c..191a2b9d 100644 --- a/mediagoblin/auth/tools.py +++ b/mediagoblin/auth/tools.py @@ -132,11 +132,7 @@ def register_user(request, register_form): user = auth.create_user(register_form) # give the user the default privileges - default_privileges = [ - Privilege.query.filter(Privilege.privilege_name==u'commenter').first(), - Privilege.query.filter(Privilege.privilege_name==u'uploader').first(), - Privilege.query.filter(Privilege.privilege_name==u'reporter').first()] - user.all_privileges += default_privileges + user.all_privileges += get_default_privileges(user) user.save() # log the user in @@ -151,6 +147,14 @@ def register_user(request, register_form): return None +def get_default_privileges(user): + instance_privilege_scheme = mg_globals.app_config['user_privilege_scheme'] + default_privileges = [Privilege.query.filter( + Privilege.privilege_name==privilege_name).first() + for privilege_name in instance_privilege_scheme.split(',')] + default_privileges = [privilege for privilege in default_privileges if not privilege == None] + + return default_privileges def check_login_simple(username, password): user = auth.get_user(username=username) diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini index cc1ac637..a29b481e 100644 --- a/mediagoblin/config_spec.ini +++ b/mediagoblin/config_spec.ini @@ -89,6 +89,9 @@ upload_limit = integer(default=None) # Max file size (in Mb) max_file_size = integer(default=None) +# Privilege scheme +user_privilege_scheme = string(default="") + [jinja2] # Jinja2 supports more directives than the minimum required by mediagoblin. # This setting allows users creating custom templates to specify a list of From 1c7875a18dfdde208f964e82f410edf33b89132b Mon Sep 17 00:00:00 2001 From: tilly-Q Date: Fri, 29 Nov 2013 14:29:56 -0500 Subject: [PATCH 2/4] In this commit I made it so that each deployment can have custom settings for which privileges are given to users when they are intiated. These settings are modified in mediagoblin.ini. --- mediagoblin.ini | 1 + mediagoblin/auth/__init__.py | 1 - mediagoblin/auth/tools.py | 14 +++++++++----- mediagoblin/config_spec.ini | 3 +++ 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/mediagoblin.ini b/mediagoblin.ini index fe9d5cd2..216cfc43 100644 --- a/mediagoblin.ini +++ b/mediagoblin.ini @@ -35,6 +35,7 @@ allow_reporting = true ## If you want the terms of service displayed, you can uncomment this # show_tos = true +user_privilege_scheme= "uploader,commenter,reporter" [storage:queuestore] base_dir = %(here)s/user_dev/media/queue diff --git a/mediagoblin/auth/__init__.py b/mediagoblin/auth/__init__.py index be5d0eed..f518a09d 100644 --- a/mediagoblin/auth/__init__.py +++ b/mediagoblin/auth/__init__.py @@ -25,7 +25,6 @@ def create_user(register_form): results = hook_runall("auth_create_user", register_form) return results[0] - def extra_validation(register_form): from mediagoblin.auth.tools import basic_extra_validation diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py index 88716e1c..191a2b9d 100644 --- a/mediagoblin/auth/tools.py +++ b/mediagoblin/auth/tools.py @@ -132,11 +132,7 @@ def register_user(request, register_form): user = auth.create_user(register_form) # give the user the default privileges - default_privileges = [ - Privilege.query.filter(Privilege.privilege_name==u'commenter').first(), - Privilege.query.filter(Privilege.privilege_name==u'uploader').first(), - Privilege.query.filter(Privilege.privilege_name==u'reporter').first()] - user.all_privileges += default_privileges + user.all_privileges += get_default_privileges(user) user.save() # log the user in @@ -151,6 +147,14 @@ def register_user(request, register_form): return None +def get_default_privileges(user): + instance_privilege_scheme = mg_globals.app_config['user_privilege_scheme'] + default_privileges = [Privilege.query.filter( + Privilege.privilege_name==privilege_name).first() + for privilege_name in instance_privilege_scheme.split(',')] + default_privileges = [privilege for privilege in default_privileges if not privilege == None] + + return default_privileges def check_login_simple(username, password): user = auth.get_user(username=username) diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini index cc1ac637..a29b481e 100644 --- a/mediagoblin/config_spec.ini +++ b/mediagoblin/config_spec.ini @@ -89,6 +89,9 @@ upload_limit = integer(default=None) # Max file size (in Mb) max_file_size = integer(default=None) +# Privilege scheme +user_privilege_scheme = string(default="") + [jinja2] # Jinja2 supports more directives than the minimum required by mediagoblin. # This setting allows users creating custom templates to specify a list of From f59d8bbef1d5ea492ae9898c0f7b5fdd94662f15 Mon Sep 17 00:00:00 2001 From: tilly-Q Date: Mon, 28 Apr 2014 16:40:02 -0400 Subject: [PATCH 3/4] Fixed some minor whitespace issues --- mediagoblin.ini | 2 +- mediagoblin/auth/tools.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mediagoblin.ini b/mediagoblin.ini index 216cfc43..4f94b6e4 100644 --- a/mediagoblin.ini +++ b/mediagoblin.ini @@ -35,7 +35,7 @@ allow_reporting = true ## If you want the terms of service displayed, you can uncomment this # show_tos = true -user_privilege_scheme= "uploader,commenter,reporter" +user_privilege_scheme = "uploader,commenter,reporter" [storage:queuestore] base_dir = %(here)s/user_dev/media/queue diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py index 191a2b9d..39df85af 100644 --- a/mediagoblin/auth/tools.py +++ b/mediagoblin/auth/tools.py @@ -150,7 +150,7 @@ def register_user(request, register_form): def get_default_privileges(user): instance_privilege_scheme = mg_globals.app_config['user_privilege_scheme'] default_privileges = [Privilege.query.filter( - Privilege.privilege_name==privilege_name).first() + Privilege.privilege_name==privilege_name).first() for privilege_name in instance_privilege_scheme.split(',')] default_privileges = [privilege for privilege in default_privileges if not privilege == None] From ce26346a4c17a6e0b81ddd12046f67c4beaa8143 Mon Sep 17 00:00:00 2001 From: tilly-Q Date: Thu, 1 May 2014 14:21:25 -0400 Subject: [PATCH 4/4] Changed the default permission scheme to be the same as the scheme we use in master so that if admins have not set their mediagoblin_local.ini to include this new option, they will notice no difference in use. --- mediagoblin/config_spec.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini index a29b481e..ba2b4519 100644 --- a/mediagoblin/config_spec.ini +++ b/mediagoblin/config_spec.ini @@ -90,7 +90,7 @@ upload_limit = integer(default=None) max_file_size = integer(default=None) # Privilege scheme -user_privilege_scheme = string(default="") +user_privilege_scheme = string(default="uploader,commenter,reporter") [jinja2] # Jinja2 supports more directives than the minimum required by mediagoblin.