On a Debian/Ubuntu system with the Ops repo installed, you can add this
dependency by running:
sudo apt-get install python-django-guardian
We use a slightly modified version of the package, so users of other
systems should manually download the source from my GitHub fork and
install it as they would any other Python library:
https://github.com/lfaraone/django-guardian/archive/lfaraone-noanon.zip
guardian uses South for migrations. To apply the guardian schema to your
database, run:
python manage.py migrate guardian
(imported from commit 12eaf4ded91e180c3245a44bacfb5b98b660147d)
This creates the required model fields to use the Django permissions
framework or various other third-party frameworks.
To apply this commit, run:
python manage.py migrate zephyr
(imported from commit a14fa7552c5389522d15edecedfd8a34418bb23d)
save it. This fixes the "Humbug note:" error on old messages that
do not have rendered_content in the DB.
(imported from commit f4664d712fc40e4af9eb12eae74f37d100499def)
Now we can begin the transition of the app to the same interface that our
API clients use.
(imported from commit 5b5001237722692f27f5de687f01d97fa0b87ed0)
This would have made reactivations hard, and doesn't really buy us much
additional security.
During deactivation, all a user's current sessions are deactivated and
they are marked as not active. This prevents them from logging in via
the web UI, and makes their API key unusable.
Randomizing their password is probably gratuitious, especially as we
start to allow authorized end-users to deactivate others.
(imported from commit c63d23816da0452a1df821f2fa6c1db2761733da)
Prior to this commit, populate_db would crash if you had ever deactivated
a user in your development instance's message log.
(imported from commit 227b2c0226a46ef5680443d3dbf62a13ce961e64)
This reduces roundtrips hopefully and will provide a friendlier error
message than what would otherwise be produced by Django.
(imported from commit 034aeef00043e3bf059583770f6c08c4f73ceeb5)
This allows us to inform users that the reason they are unable to log in
is because their account has been deactivated. This message (generated by
Django) is only shown when the correct credentials are used and is_active
is False.
(imported from commit 754a4c9af6ec05e8f18cf183bc08b67bacdeb3e0)
Previously we rested on the safety of randomised API keys to ensure that
deactivated users could not use the product. Here, we add an explicit check
to prevent that.
(imported from commit e32f355fb35b898d43503b96efb291f795aac881)
Deleted in 064c159, but it's still used. For some reason, nginx still
serves it on staging and prod despite it being deleted from git.
(imported from commit 11d6d29f974caca6c75d36f273674d3084ad9182)
Fixes the JS traceback "'null' is not an object" introduced in b67e52d.
Testing: Receive a message when narrowed to a different subject, with
the window focused.
(imported from commit 54b9e7924a2bf66ba5cc9799fc3687a084496465)
Fixes the JS traceback "Selected message id not in MessageList"
introduced by b67e52d
Testing:
* Narrow to a subject and send a PM
* Narrow to a PM recipient and send a stream message
* Narrow to a subject and send a stream message to a different subject
(imported from commit 1171c3f97813dc7db891042906762be8afb2a1b5)
This reverts commit f8fbf70c8502370a78159e24f3cf9589fb9d384f, since
we're waiting on some Firefox and no-hover fixes.
(imported from commit 6b13f5bb9d907303ab311afd7da584bc06538c91)
(The dead code made sense in the very early phases of sketching out
the feature, but it's no longer executed.)
(imported from commit 464145f227ddb25f0554bbbade0b0e3e0e399bc3)
This is slightly inconsistent, but keeps the unread count from decreasing
when narrowing and un-narrowing.
(imported from commit 185e8653c31a312c166e784b335ae7ae7e9b78e9)