| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Add center scope restriction using /image/restrict.
Add view in Images to update scope permissions.
Disable images in Commands for image update and restore if the
client belongs to a disabled center.
Consolidate template code to render scope selection checkboxes.
|
| |
|
|
| |
Add class="mx-5" to allign the form with the header of the page.
|
| |
|
|
| |
Make headings take less space and have a dashed line under them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new user permission system to control the allowed operations
accessible from each account.
Add a permission matrix editable through the user/add and user/edit
views. The permission matrix has client, center, room, folder, image
and repository as permission targets and add, update and delete as
permission types.
Restrict each view based on the user permissions, hide all actions
from not autheticated users.
permissions defined in the class UserForm.
Serialize each user permissions into ogcp.json as:
{
...
"USERS" [
{
"USER": "admin"
...
"PERMISSIONS": {
"CLIENT": {
"ADD": true,
"UPDATE": true,
"DELETE": true,
},
... <- same structure for "CENTER", "ROOM", "FOLDER", "IMAGE"
and "REPOSITORY"
}
},
...
],
...
}
Grant all the permissions to old user configuration to not disrupt their
workflow. The administrator will need to assign the permissions for each
user.
Ignore scope and permission restrictions for admin users.
Save permissions and scopes even if the user is admin to account for the
case of a temporal admin promotion without losing the previous
configuration.
Use template inheritance for add_user.html and edit_user.html to prevent
big code duplication with the new HTML code to render the permission
matrix.
Make user administration an admin only feature.
Define methods get_permission and target_is_disabled to improve readability
in template conditionals that disable features based on user permissions.
|
| |
|
|
|
|
|
|
|
| |
Add the option to leave the password fields empty in the form.
When the passwords are not set the user keeps the old password
configuration.
Define a EditUserForm based on UserForm in forms/auth.py to remove
the InputRequired validator in the password fields.
Update the html template to make the password fields optional.
|
| |
|
|
|
|
|
| |
Enable selection of multiple scopes in user/add and user/edit
for restricted users.
Replace quick form creation with an inline form definition in
add_user.html and edit_user.html
|
| |
|
|
|
| |
Remove the <script> block as the function digestUserFormPassword no
longer exists.
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch moves login password hashing from the frontend/javascript to
the backend/flask.
This patch moves password hashing of login and user management forms.
Related commits:
* c7b0024 ("Add password hashing")
* 661254b ("Add 'Add user' to Users section")
|
| |
|
|
|
| |
Creates "Delete user" form. The user to be deleted is selected from the
sidebar in Users section.
|
| |
|
|
|
|
| |
Creates "Edit user" form with the following inputs: password, password
confirmation, role (administrator or regular), allowed scopes. It does
no allow to change/edit the username.
|
| |
|
|
|
| |
Creates "Add user" form with the following inputs: username, password,
password confirmation, role (administrator or regular), allowed scopes.
|
| |
|
|
|
|
|
|
|
|
|
| |
The front-end now hashes passwords before sending them to the back-end.
It uses SHA-512.
This commit adds a hidden input which sends the password hash to not
interfere with browsers' save password functionality.
Also change passwords of the template configuration file for their
hashed/digested versions.
|
| |
|
|
|
| |
Otherwise, wtforms use "submit" as id of the <input> tag, shadowing
javascript function ".submit()".
|
| |
|
|
|
|
|
|
|
| |
Update the login template based on the AdminLTE extra page:
https://adminlte.io/themes/v3/pages/examples/login.html
This patch also adds a font-awesome icon to the login page, we've
font-awesome from the AdminLTE plugins so we can use this icons in the
interface.
|
|
|
Ogcp requires a simple login page in order to avoid exposure of the
ogServer API to anyone trying to access the web page.
Because the main authorization mechanism in ogServer is the api token
the login implemented for the ogcp does not include registration process
but a single user and password specified in the ogcp.json.
"USER": "user",
"PASS": "pass"
Adds two new views: /login and /logout. They are used to login the user so
that the rest of views regarding ogServer functionality can be accessed
in a "login required" fashion. Index view (/) is an exception, it can be
accessed logged in or not so different data can be displayed.
Templates can now access a variable "current_user" to get information
about login status. This is a Flask-Login feature.
- Templates regarding login can be found in templates/auth/
- Login form is defined in forms/auth.py to separate it from
action_forms.py
- Adds Flask-Login module to requirements.txt
- Adds default user and pass in ogcp.json
|
