arona/PyRIGS
1
0
Fork 0
mirror of https://github.com/nottinghamtec/PyRIGS.git synced 2026-01-17 13:32:15 +00:00
Code Issues Projects Releases Wiki Activity

Add authorisation process for sign ups and allow access to EventDetail for basic users (#399)

Browse Source 
* CHANGE: First pass at opening up RIGS #233

Whilst it makes it something of a misnomer, the intent is to make the 'view_event' perm a permission to view event details like client/price. I don't see the point in giving everyone 'view_event' and adding a new 'view_event_detail'...Open to arguments the other way.

* CHANGE: New user signups now require admin approval

Given that I intend to reveal much more data to new users this seems necessary...

* CHORE: Fix CI

* FIX: Legacy Profiles are now auto-approved correctly

* Add testing of approval mechanism

This fixes the other functional tests failing because the user cannot login without being approved.

* Superusers bypass approval check

This should fix the remainder of the tests

* Prevent unapproved users logging in through embeds

Test suite doing its job...!

* FIX: Require login on events and event embeds again

Little too far to the open side there Arona... Whooooooops!

* FIX: Use has_oembed decorator for events

* FIX: Re-prevent basic seeing reversion

This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future.

* FIX: Remove mitigation for #264

Someone quietly fixed it, it appears

* FEAT: Add admin email notif when an account is activated and awaiting approval

No async or time-since shenanigans yet!

* FIX: Whoops, undo accidental whitespace change

* FEAT: Add a fifteen min cooldown between emails to admins

Probably not the right way to go about it...but it does work!

TODO: How to handle cooldown-emailing shared mailbox addresses?

* FIX: Remove event modal history deadlink for basic users

Also removes some links on the RIGS homepage that will deadlink for them

* FIX: Wrong perms syntax for history pages

* CHORE: Squash migrations

* FIX: Use a setting for cooldown

* FIX: Minor code improvements
This commit is contained in:
FreneticScribbler
2020-02-29 11:34:50 +00:00
committed by GitHub
parent ae151ed45e
commit 4a4d4a5cf3
19 changed files with 196 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
PyRIGS/settings.py
View File

@@ -12,6 +12,7 @@ https://docs.djangoproject.com/en/1.7/ref/settings/
import os
import raven
import secrets
import datetime
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
@@ -44,9 +45,9 @@ if not DEBUG:
INTERNAL_IPS = ['127.0.0.1']
ADMINS = (
('Tom Price', 'tomtom5152@gmail.com')
)
ADMINS = [('Tom Price', 'tomtom5152@gmail.com'), ('IT Manager', 'it@nottinghamtec.co.uk'), ('Arona Jones', 'arona.jones@nottinghamtec.co.uk')]
if DEBUG:
ADMINS.append(('Testing Superuser', 'superuser@example.com'))
# Application definition
@@ -182,6 +183,8 @@ if not DEBUG or EMAILER_TEST:
else:
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
EMAIL_COOLDOWN = datetime.timedelta(minutes=15)
# Internationalization
# https://docs.djangoproject.com/en/1.7/topics/i18n/