These permissions concern pages, images, documents and access to the
wagtail admin site. Only appropriate elements can be selected: only the
kfet root page and its descendants, same for the kfet root collection
(for images and documents), and kfet snippets (MemberTeam).
Add django-formset-js as dependency to help manipulate formsets.
K-Fêt groups created from "devdata" commands get suitable permissions
for the CMS.
AccountBackend
- Should now work if used in AUTHENTICATION_BACKENDS settings.
- It does not retieve itself the password, as it should not be used
this way.
GenericBackend
- Delete useless 'username' arg of its 'authenticate()' method.
- Now delete the token in DB.
TemporaryAuthMiddleware
- New name of the middleware is more meaningful.
- Is now responsible to retrieve the password from the request, instead
of the AccountBackend.
GenericTeamToken model
- Add a manager' method to create token, avoiding possible error due to
unicity constraint.
GenericLoginView (authentication with the kfet generic user)
- Replace obscure system with a 100% HTTP handling.
- See comments for more information.
Misc
- More docstrings!
- More tests!
- Add some i18n.
- Add kfet/confirm_form.html template:
Ask user to confirm sth via a form (which will send a POST request).
Context variables:
* title: the page title
* confirm_url: action attribute for <form>
* text: displayed confirmation text
- kfet.js : Add functions allowing to emit POST request from <a> tag.
- Non-link nav items from kfet navbar also get a 'title'.
- A utility has been found for the 'sunglasses' glyphicon!
kfet.open app
- Base data (raw_open, last_update...) is stored and shared through cache system.
- 2 websockets groups: one for team users, one for other users.
- UI is initialized and kept up-to-date with WS.
- raw_open and force_close can be updated with standard HTTP requests.
At this time, there isn't any restriction on raw_open view. Common sense tell us
to change this behavior.
Misc
- Clean channels routing.
- 'PermConsumerMixin': user who sent the message is available as argument in
connection_groups method, which returns groups to which the user should be
appended on websocket connection (and discarded on disconnection).
- New kfet.utils module: should be used for mixins, whatever is useful and not concerns
the kfet app.
- Clean JS dependencies.
K-Fêt
- Integrate wagtail to serve "static" pages of old K-Fêt website
- Fixture "kfetcms/kfet_wagtail_17_05" contains a copy of old website
(as in May 2017).
- Media files can be got until end of June 17 at
http://partage.eleves.ens.fr//files/604e6dea2ceebc66b1936c6b3f911744/kfet_media.tar.gz
Login/logout
- Update package django_cas_ng to last version.
- Clean COFCASBackend.
- Change CAS version to 3 (version used on eleves.ens). This enables
the logout redirection (for CAS ofc).
- Add messages and clean existing ones on login/logout (for both
outsider and cas users).
Misc
- Update settings to bypass an incompability between debug-toolbar and
wagtailmenus packages.
- Better management of dev/test-specific urls (if debug-toolbar wasn't in
INSTALLED_APPS, media files were not served).
- UI improvements.
- Typo
- Removes old comments
- Moves the template debug context processor back to the common file: it
won't be loaded anyway if `DEBUG=False`.
- Ddt's middleware should be loaded first
We reproduce what has been done here:
https://github.com/dissemin/dissemin
The following files can be found under `cof/settings/`
- `common.py`: the settings that are shared by all the environments we
have + the secrets (see below).
- `dev.py`: the settings used by the vagrant VM for local development.
- `prod.py`: the production settings (for both www.cof.ens.fr and
dev.cof.ens.fr)
There is also a notion of "secrets". Some settings like the `SECRET_KEY`
or the database's credentials are loaded from an untracked files called
`secret.py` in the same directory. This secrets are loaded by the common
settings file.
