From ebfe5c41d4d49c94638c8570aa1ccb4b7dabcc63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Delobelle?= Date: Sun, 9 Apr 2017 01:52:26 +0200 Subject: [PATCH 1/8] Fix stats on some browsers - Delete double import in account_read template - Syntax on account_read Stats didn't show on Chrome (at least v57) cause of these. --- kfet/templates/kfet/account_read.html | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/kfet/templates/kfet/account_read.html b/kfet/templates/kfet/account_read.html index 1af7f277..82a7f3ec 100644 --- a/kfet/templates/kfet/account_read.html +++ b/kfet/templates/kfet/account_read.html @@ -8,7 +8,6 @@ - {% if account.user == request.user %} @@ -18,11 +17,11 @@ $(document).ready(function() { var stat_last = new StatsGroup( "{% url 'kfet.account.stat.operation.list' trigramme=account.trigramme %}", - $("#stat_last"), + $("#stat_last") ); var stat_balance = new StatsGroup( "{% url 'kfet.account.stat.balance.list' trigramme=account.trigramme %}", - $("#stat_balance"), + $("#stat_balance") ); }); From 1e18c4043e4593849ebd982340ea26f04f02a363 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Delobelle?= Date: Sun, 9 Apr 2017 15:47:16 +0200 Subject: [PATCH 2/8] Use last channels & co versions - Use last official releases of channels, asgiref, daphne and asgi-redis packages. - Customization of JsonWebsocketConsumer is now in kfet app through a custom class (and so, doesn't require anymore a forked version of channels). - Clean kfet consumers code. --- kfet/consumers.py | 27 +++++++++++---------------- requirements.txt | 8 ++++---- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/kfet/consumers.py b/kfet/consumers.py index dcd69bdf..6e9dc6ca 100644 --- a/kfet/consumers.py +++ b/kfet/consumers.py @@ -1,26 +1,21 @@ # -*- coding: utf-8 -*- -from __future__ import (absolute_import, division, - print_function, unicode_literals) -from builtins import * +from django.core.serializers.json import json, DjangoJSONEncoder -from channels import Group from channels.generic.websockets import JsonWebsocketConsumer -class KPsul(JsonWebsocketConsumer): - # Set to True if you want them, else leave out - strict_ordering = False - slight_ordering = False +class DjangoJsonWebsocketConsumer(JsonWebsocketConsumer): + """Custom Json Websocket Consumer. - def connection_groups(self, **kwargs): - return ['kfet.kpsul'] + Encode to JSON with DjangoJSONEncoder. - def connect(self, message, **kwargs): - pass + """ - def receive(self, content, **kwargs): - pass + @classmethod + def encode_json(cls, content): + return json.dumps(content, cls=DjangoJSONEncoder) - def disconnect(self, message, **kwargs): - pass + +class KPsul(DjangoJsonWebsocketConsumer): + groups = ['kfet.kpsul'] diff --git a/requirements.txt b/requirements.txt index ce081588..990fba3a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,13 +11,13 @@ six==1.10.0 unicodecsv==0.14.1 icalendar==3.10 django-bootstrap-form==3.2.1 -asgiref==0.14.0 -daphne==0.14.3 -asgi-redis==0.14.0 +asgiref==1.1.1 +daphne==1.2.0 +asgi-redis==1.3.0 statistics==1.0.3.5 future==0.15.2 django-widget-tweaks==1.4.1 git+https://git.eleves.ens.fr/cof-geek/django_custommail.git#egg=django_custommail ldap3 -git+https://github.com/Aureplop/channels.git#egg=channels +channels==1.1.3 python-dateutil From 029d59e615adba19c61f2cd2be72a6f2d71cc23a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Delobelle?= Date: Sun, 9 Apr 2017 16:10:27 +0200 Subject: [PATCH 3/8] Enable authentication on KPsul websocket. - PermConsumerMixin allows checking permissions on connection to a consumer. - KPsul consumer uses this mixin to check if connecting user has the permission `kfet.is_team`. Fixes #67. --- kfet/consumers.py | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/kfet/consumers.py b/kfet/consumers.py index 6e9dc6ca..ee096368 100644 --- a/kfet/consumers.py +++ b/kfet/consumers.py @@ -17,5 +17,25 @@ class DjangoJsonWebsocketConsumer(JsonWebsocketConsumer): return json.dumps(content, cls=DjangoJSONEncoder) -class KPsul(DjangoJsonWebsocketConsumer): +class PermConsumerMixin(object): + """Add support to check permissions on Consumers. + + Attributes: + perms_connect (list): Required permissions to connect to this + consumer. + + """ + http_user = True # Enable message.user + perms_connect = [] + + def connect(self, message, **kwargs): + """Check permissions on connection.""" + if message.user.has_perms(self.perms_connect): + super().connect(message, **kwargs) + else: + self.close() + + +class KPsul(PermConsumerMixin, DjangoJsonWebsocketConsumer): groups = ['kfet.kpsul'] + perms_connect = ['kfet.is_team'] From a5fb162aaf412870e86390ca49dd059673308695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20P=C3=A9pin?= Date: Mon, 10 Apr 2017 22:18:00 +0100 Subject: [PATCH 4/8] New organisation of settings files We reproduce what has been done here: https://github.com/dissemin/dissemin The following files can be found under `cof/settings/` - `common.py`: the settings that are shared by all the environments we have + the secrets (see below). - `dev.py`: the settings used by the vagrant VM for local development. - `prod.py`: the production settings (for both www.cof.ens.fr and dev.cof.ens.fr) There is also a notion of "secrets". Some settings like the `SECRET_KEY` or the database's credentials are loaded from an untracked files called `secret.py` in the same directory. This secrets are loaded by the common settings file. --- cof/settings/.gitignore | 1 + cof/{settings_dev.py => settings/common.py} | 93 +++++++-------------- cof/settings/dev.py | 52 ++++++++++++ cof/settings/prod.py | 26 ++++++ cof/settings/secret_example.py | 4 + 5 files changed, 113 insertions(+), 63 deletions(-) create mode 100644 cof/settings/.gitignore rename cof/{settings_dev.py => settings/common.py} (63%) create mode 100644 cof/settings/dev.py create mode 100644 cof/settings/prod.py create mode 100644 cof/settings/secret_example.py diff --git a/cof/settings/.gitignore b/cof/settings/.gitignore new file mode 100644 index 00000000..21425062 --- /dev/null +++ b/cof/settings/.gitignore @@ -0,0 +1 @@ +secret.py diff --git a/cof/settings_dev.py b/cof/settings/common.py similarity index 63% rename from cof/settings_dev.py rename to cof/settings/common.py index b04165c8..4a6f9a12 100644 --- a/cof/settings_dev.py +++ b/cof/settings/common.py @@ -1,32 +1,40 @@ # -*- coding: utf-8 -*- """ -Django settings for cof project. +Django common settings for cof project. -For more information on this file, see -https://docs.djangoproject.com/en/1.8/topics/settings/ - -For the full list of settings and their values, see -https://docs.djangoproject.com/en/1.8/ref/settings/ +Everything which is supposed to be identical between the production server and +the local development serveur should be here. """ -# Build paths inside the project like this: os.path.join(BASE_DIR, ...) import os -BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) +# Database credentials +try: + from .secret import DBNAME, DBUSER, DBPASSWD +except ImportError: + # On the local development VM, theses credentials are in the environment + DBNAME = os.environ["DBNAME"] + DBUSER = os.environ["DBUSER"] + DBPASSWD = os.environ["DBPASSWD"] +except KeyError: + raise RuntimeError("Secrets missing") -EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' +# Other secrets +try: + from .secret import ( + SECRET_KEY, RECAPTCHA_PUBLIC_KEY, RECAPTCHA_PRIVATE_KEY, ADMINS + ) +except ImportError: + raise RuntimeError("Secrets missing") -# Quick-start development settings - unsuitable for production -# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/ -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = 'q()(zn4m63i%5cp4)f+ww4-28_w+ly3q9=6imw2ciu&_(5_4ah' +BASE_DIR = os.path.dirname( + os.path.dirname(os.path.dirname(os.path.abspath(__file__))) +) -# SECURITY WARNING: don't run with debug turned on in production! -DEBUG = True # Application definition -INSTALLED_APPS = ( +INSTALLED_APPS = [ 'gestioncof', 'django.contrib.auth', 'django.contrib.contenttypes', @@ -41,17 +49,15 @@ INSTALLED_APPS = ( 'autocomplete_light', 'captcha', 'django_cas_ng', - 'debug_toolbar', 'bootstrapform', 'kfet', 'channels', 'widget_tweaks', 'custommail', 'djconfig', -) +] -MIDDLEWARE_CLASSES = ( - 'debug_toolbar.middleware.DebugToolbarMiddleware', +MIDDLEWARE_CLASSES = [ 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', @@ -62,7 +68,7 @@ MIDDLEWARE_CLASSES = ( 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'djconfig.middleware.DjConfigMiddleware', -) +] ROOT_URLCONF = 'cof.urls' @@ -73,7 +79,6 @@ TEMPLATES = [ 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ - 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', @@ -89,17 +94,12 @@ TEMPLATES = [ }, ] -# WSGI_APPLICATION = 'cof.wsgi.application' - -# Database -# https://docs.djangoproject.com/en/1.8/ref/settings/#databases - DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', - 'NAME': os.environ['DBNAME'], - 'USER': os.environ['DBUSER'], - 'PASSWORD': os.environ['DBPASSWD'], + 'NAME': DBNAME, + 'USER': DBUSER, + 'PASSWORD': DBPASSWD, 'HOST': os.environ.get('DBHOST', 'localhost'), } } @@ -119,18 +119,9 @@ USE_L10N = True USE_TZ = True -# Static files (CSS, JavaScript, Images) -# https://docs.djangoproject.com/en/1.8/howto/static-files/ - -STATIC_URL = '/static/' -STATIC_ROOT = '/var/www/static/' - # Media upload (through ImageField, SiteField) # https://docs.djangoproject.com/en/1.9/ref/models/fields/ -MEDIA_ROOT = os.path.join(BASE_DIR, 'media/') -MEDIA_URL = '/media/' - # Various additional settings SITE_ID = 1 @@ -163,12 +154,6 @@ AUTHENTICATION_BACKENDS = ( 'kfet.backends.GenericTeamBackend', ) -# LDAP_SERVER_URL = 'ldaps://ldap.spi.ens.fr:636' - -# EMAIL_HOST="nef.ens.fr" - -RECAPTCHA_PUBLIC_KEY = "DUMMY" -RECAPTCHA_PRIVATE_KEY = "DUMMY" RECAPTCHA_USE_SSL = True # Channels settings @@ -183,22 +168,4 @@ CHANNEL_LAYERS = { } } - -def show_toolbar(request): - """ - On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar - car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la - machine physique n'est pas forcément connue, et peut difficilement être - mise dans les INTERNAL_IPS. - """ - if not DEBUG: - return False - if request.is_ajax(): - return False - return True - -DEBUG_TOOLBAR_CONFIG = { - 'SHOW_TOOLBAR_CALLBACK': show_toolbar, -} - FORMAT_MODULE_PATH = 'cof.locale' diff --git a/cof/settings/dev.py b/cof/settings/dev.py new file mode 100644 index 00000000..8f5c9f29 --- /dev/null +++ b/cof/settings/dev.py @@ -0,0 +1,52 @@ +""" +Django development settings for the cof project. +The settings that are not listed here are imported from .common +""" + +import os + +from .common import * + + +EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + +DEBUG = True + +TEMPLATES[0]["OPTIONS"]["context_processors"] += [ + 'django.template.context_processors.debug' +] + + +# --- +# Apache static/media config +# --- + +STATIC_URL = '/static/' +STATIC_ROOT = '/var/www/static/' + +MEDIA_ROOT = os.path.join(BASE_DIR, 'media/') +MEDIA_URL = '/media/' + + +# --- +# Debug tool bar +# --- + +def show_toolbar(request): + """ + On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar + car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la + machine physique n'est pas forcément connue, et peut difficilement être + mise dans les INTERNAL_IPS. + """ + if not DEBUG: + return False + if request.is_ajax(): + return False + return True + +INSTALLED_APPS += ["debug_toolbar"] +MIDDLEWARE_CLASSES += ["debug_toolbar.middleware.DebugToolbarMiddleware"] +DEBUG_TOOLBAR_CONFIG = { + 'SHOW_TOOLBAR_CALLBACK': show_toolbar, +} diff --git a/cof/settings/prod.py b/cof/settings/prod.py new file mode 100644 index 00000000..5fae5651 --- /dev/null +++ b/cof/settings/prod.py @@ -0,0 +1,26 @@ +""" +Django development settings for the cof project. +The settings that are not listed here are imported from .common +""" + +import os + +from .common import * + + +DEBUG = False + +ALLOWED_HOSTS = [ + "cof.ens.fr", + "www.cof.ens.fr", + "dev.cof.ens.fr" +] + +STATIC_ROOT = os.path.join(os.path.dirname(BASE_DIR), "static") +STATIC_URL = "/gestion/static/" +MEDIA_ROOT = os.path.join(os.path.dirname(BASE_DIR), "media") +MEDIA_URL = "/gestion/media/" + +LDAP_SERVER_URL = "ldaps://ldap.spi.ens.fr:636" + +EMAIL_HOST = "nef.ens.fr" diff --git a/cof/settings/secret_example.py b/cof/settings/secret_example.py new file mode 100644 index 00000000..36a8e932 --- /dev/null +++ b/cof/settings/secret_example.py @@ -0,0 +1,4 @@ +SECRET_KEY = 'q()(zn4m63i%5cp4)f+ww4-28_w+ly3q9=6imw2ciu&_(5_4ah' +RECAPTCHA_PUBLIC_KEY = "DUMMY" +RECAPTCHA_PRIVATE_KEY = "DUMMY" +ADMINS = None From 40abe81402649b326a4c8334290ae5177e079f5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20P=C3=A9pin?= Date: Mon, 10 Apr 2017 22:44:52 +0100 Subject: [PATCH 5/8] Integrate the new settings workflow into vagrant --- provisioning/bootstrap.sh | 7 +++++-- provisioning/cron.dev | 2 +- provisioning/supervisor.conf | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/provisioning/bootstrap.sh b/provisioning/bootstrap.sh index 269e4f25..c8f73ab6 100644 --- a/provisioning/bootstrap.sh +++ b/provisioning/bootstrap.sh @@ -36,7 +36,7 @@ chown -R ubuntu:www-data /var/www/static # Mise en place du .bash_profile pour tout configurer lors du `vagrant ssh` cat >> ~ubuntu/.bashrc < Date: Thu, 13 Apr 2017 15:15:59 +0200 Subject: [PATCH 6/8] Check negative on cancellation. - Like perform operations, cancel_operations can add/remove an account from negative accounts system. - Balances checks are now performed against real_balance instead of balance. So if someone with a balance_offset go, for real, to positive land (ie even without taking into account the balance offset), its account is removed from the negative system. - Fix bug on real_balance when negative exists but balance_offset is not set. Fixes #156. --- kfet/models.py | 25 ++++++++++++++++++++++++- kfet/views.py | 36 ++++++++++++++++++------------------ 2 files changed, 42 insertions(+), 19 deletions(-) diff --git a/kfet/models.py b/kfet/models.py index 7c03191a..af24db49 100644 --- a/kfet/models.py +++ b/kfet/models.py @@ -81,7 +81,7 @@ class Account(models.Model): # Propriétés supplémentaires @property def real_balance(self): - if (hasattr(self, 'negative')): + if hasattr(self, 'negative') and self.negative.balance_offset: return self.balance - self.negative.balance_offset return self.balance @@ -210,6 +210,29 @@ class Account(models.Model): def delete(self, *args, **kwargs): pass + def check_negative(self): + if self.real_balance < 0: + if hasattr(self, 'negative') and not self.negative.start: + self.negative.start = timezone.now() + self.negative.save() + elif not hasattr(self, 'negative'): + self.negative = ( + AccountNegative.objects.create( + account=self, start=timezone.now(), + ) + ) + elif hasattr(self, 'negative'): + # self.real_balance >= 0 + balance_offset = self.negative.balance_offset + if balance_offset: + ( + Account.objects + .filter(pk=self.pk) + .update(balance=F('balance')-balance_offset) + ) + self.refresh_from_db() + self.negative.delete() + class UserHasAccount(Exception): def __init__(self, trigramme): self.trigramme = trigramme diff --git a/kfet/views.py b/kfet/views.py index 330b195a..82ef8433 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1105,22 +1105,15 @@ def kpsul_perform_operations(request): with transaction.atomic(): # If not cash account, # saving account's balance and adding to Negative if not in - if not operationgroup.on_acc.is_cash: - Account.objects.filter(pk=operationgroup.on_acc.pk).update( - balance=F('balance') + operationgroup.amount) - operationgroup.on_acc.refresh_from_db() - if operationgroup.on_acc.balance < 0: - if hasattr(operationgroup.on_acc, 'negative'): - if not operationgroup.on_acc.negative.start: - operationgroup.on_acc.negative.start = timezone.now() - operationgroup.on_acc.negative.save() - else: - negative = AccountNegative( - account=operationgroup.on_acc, start=timezone.now()) - negative.save() - elif (hasattr(operationgroup.on_acc, 'negative') and - not operationgroup.on_acc.negative.balance_offset): - operationgroup.on_acc.negative.delete() + on_acc = operationgroup.on_acc + if not on_acc.is_cash: + ( + Account.objects + .filter(pk=on_acc.pk) + .update(balance=F('balance') + operationgroup.amount) + ) + on_acc.refresh_from_db() + on_acc.check_negative() # Updating checkout's balance if to_checkout_balance: @@ -1311,8 +1304,15 @@ def kpsul_cancel_operations(request): (Operation.objects.filter(pk__in=opes) .update(canceled_by=canceled_by, canceled_at=canceled_at)) for account in to_accounts_balances: - Account.objects.filter(pk=account.pk).update( - balance = F('balance') + to_accounts_balances[account]) + ( + Account.objects + .filter(pk=account.pk) + .update(balance=F('balance') + to_accounts_balances[account]) + ) + if not account.is_cash: + # Should always be true, but we want to be sure + account.refresh_from_db() + account.check_negative() for checkout in to_checkouts_balances: Checkout.objects.filter(pk=checkout.pk).update( balance = F('balance') + to_checkouts_balances[checkout]) From 9668f1d1ec94dc92d6befa6b61bcffc540eb1c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Delobelle?= Date: Thu, 13 Apr 2017 15:48:13 +0200 Subject: [PATCH 7/8] Account: check_negative() -> update_negative() --- kfet/models.py | 2 +- kfet/views.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kfet/models.py b/kfet/models.py index af24db49..6c1f1240 100644 --- a/kfet/models.py +++ b/kfet/models.py @@ -210,7 +210,7 @@ class Account(models.Model): def delete(self, *args, **kwargs): pass - def check_negative(self): + def update_negative(self): if self.real_balance < 0: if hasattr(self, 'negative') and not self.negative.start: self.negative.start = timezone.now() diff --git a/kfet/views.py b/kfet/views.py index 82ef8433..60dbb44b 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1113,7 +1113,7 @@ def kpsul_perform_operations(request): .update(balance=F('balance') + operationgroup.amount) ) on_acc.refresh_from_db() - on_acc.check_negative() + on_acc.update_negative() # Updating checkout's balance if to_checkout_balance: @@ -1312,7 +1312,7 @@ def kpsul_cancel_operations(request): if not account.is_cash: # Should always be true, but we want to be sure account.refresh_from_db() - account.check_negative() + account.update_negative() for checkout in to_checkouts_balances: Checkout.objects.filter(pk=checkout.pk).update( balance = F('balance') + to_checkouts_balances[checkout]) From ff73a635f82dfb85af4922f6d5319e06c8f29e54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20P=C3=A9pin?= Date: Sat, 15 Apr 2017 11:09:16 +0100 Subject: [PATCH 8/8] Minor fixes in settings/ - Typo - Removes old comments - Moves the template debug context processor back to the common file: it won't be loaded anyway if `DEBUG=False`. - Ddt's middleware should be loaded first --- cof/settings/common.py | 7 ++----- cof/settings/dev.py | 9 ++++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/cof/settings/common.py b/cof/settings/common.py index 4a6f9a12..93b11dae 100644 --- a/cof/settings/common.py +++ b/cof/settings/common.py @@ -3,7 +3,7 @@ Django common settings for cof project. Everything which is supposed to be identical between the production server and -the local development serveur should be here. +the local development server should be here. """ import os @@ -79,6 +79,7 @@ TEMPLATES = [ 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ + 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', @@ -118,10 +119,6 @@ USE_L10N = True USE_TZ = True - -# Media upload (through ImageField, SiteField) -# https://docs.djangoproject.com/en/1.9/ref/models/fields/ - # Various additional settings SITE_ID = 1 diff --git a/cof/settings/dev.py b/cof/settings/dev.py index 8f5c9f29..6272e6d9 100644 --- a/cof/settings/dev.py +++ b/cof/settings/dev.py @@ -12,10 +12,6 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' DEBUG = True -TEMPLATES[0]["OPTIONS"]["context_processors"] += [ - 'django.template.context_processors.debug' -] - # --- # Apache static/media config @@ -46,7 +42,10 @@ def show_toolbar(request): return True INSTALLED_APPS += ["debug_toolbar"] -MIDDLEWARE_CLASSES += ["debug_toolbar.middleware.DebugToolbarMiddleware"] +MIDDLEWARE_CLASSES = ( + ["debug_toolbar.middleware.DebugToolbarMiddleware"] + + MIDDLEWARE_CLASSES +) DEBUG_TOOLBAR_CONFIG = { 'SHOW_TOOLBAR_CALLBACK': show_toolbar, }