This is purely cosmetic, and just puts some similar functions
together in a way that JS lint won't complain about calling a
function before it was defined.
(imported from commit 8a5a81ae5b7ca7dbaa60147ae4f32f50b1cbbf3a)
To apply this to your system, run:
python manage.py update_permissions
A rebuilt database will already have the correct permission defined.
(imported from commit 5b826b940257e14b3e9e44f9c32b20ed0183dedf)
On a Debian/Ubuntu system with the Ops repo installed, you can add this
dependency by running:
sudo apt-get install python-django-guardian
We use a slightly modified version of the package, so users of other
systems should manually download the source from my GitHub fork and
install it as they would any other Python library:
https://github.com/lfaraone/django-guardian/archive/lfaraone-noanon.zip
guardian uses South for migrations. To apply the guardian schema to your
database, run:
python manage.py migrate guardian
(imported from commit 12eaf4ded91e180c3245a44bacfb5b98b660147d)
This creates the required model fields to use the Django permissions
framework or various other third-party frameworks.
To apply this commit, run:
python manage.py migrate zephyr
(imported from commit a14fa7552c5389522d15edecedfd8a34418bb23d)
save it. This fixes the "Humbug note:" error on old messages that
do not have rendered_content in the DB.
(imported from commit f4664d712fc40e4af9eb12eae74f37d100499def)
Now we can begin the transition of the app to the same interface that our
API clients use.
(imported from commit 5b5001237722692f27f5de687f01d97fa0b87ed0)
This would have made reactivations hard, and doesn't really buy us much
additional security.
During deactivation, all a user's current sessions are deactivated and
they are marked as not active. This prevents them from logging in via
the web UI, and makes their API key unusable.
Randomizing their password is probably gratuitious, especially as we
start to allow authorized end-users to deactivate others.
(imported from commit c63d23816da0452a1df821f2fa6c1db2761733da)
Prior to this commit, populate_db would crash if you had ever deactivated
a user in your development instance's message log.
(imported from commit 227b2c0226a46ef5680443d3dbf62a13ce961e64)
This reduces roundtrips hopefully and will provide a friendlier error
message than what would otherwise be produced by Django.
(imported from commit 034aeef00043e3bf059583770f6c08c4f73ceeb5)
This allows us to inform users that the reason they are unable to log in
is because their account has been deactivated. This message (generated by
Django) is only shown when the correct credentials are used and is_active
is False.
(imported from commit 754a4c9af6ec05e8f18cf183bc08b67bacdeb3e0)
Previously we rested on the safety of randomised API keys to ensure that
deactivated users could not use the product. Here, we add an explicit check
to prevent that.
(imported from commit e32f355fb35b898d43503b96efb291f795aac881)
Deleted in 064c159, but it's still used. For some reason, nginx still
serves it on staging and prod despite it being deleted from git.
(imported from commit 11d6d29f974caca6c75d36f273674d3084ad9182)
Fixes the JS traceback "'null' is not an object" introduced in b67e52d.
Testing: Receive a message when narrowed to a different subject, with
the window focused.
(imported from commit 54b9e7924a2bf66ba5cc9799fc3687a084496465)
Steve Howell
Luke Faraone
Kevin Mehall
Jessica McKellar
Allen Rabinovich
acrefoot
Waseem Daher
Leo Franchi
Jeff Arnold