- Added validation logic in the backend to compensate
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't allow disabling the only available admin account.
- Don't allow deletion of the only available admin account.
- Don't allow removing admin privileges of the only available admin account.
Signed-off-by: Hemanth Kumar Veeranki <hems.india1997@gmail.com>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- It may not be a good thing for the user created/edit forms to inherit from
Django Form and ModelForm at the same time. So, simply by introducing a
minimal mixin.
- Save only when committing.
- Use auto-saving feature.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Separate language cookie are only used if sessions (session middleware) are not
available. Otherwise, even anonymous users have their language preference in
sessions instead of cookies. This is default Django behavior, conform to it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- UserProfile model is created, it has one-to-one relationship with User.
- Language selection dropdown added to UserCreate and UserUpdate forms.
- Adds None to language selection dropdown to explicitly unselect.
- LANGUAGE_SESSION_KEY is set to User's preferred language on LogIn activity.
- LANGUAGE_SESSION_KEY is deleted on User's LogOut activity.
Signed-off-by: Sai Kiran Naragam <saikiran.rguiiit@gmail.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Remove conditional registration of groups on module initialization.
- Create uninitialized groups on addition/update of groups for user.
- Remove group creation on setup/installation of a module.
Tested for:
- Multi registration of groups.
- Manual UI test to check visibility of groups irrespective of whether module is
installed/enabled.
Signed-off-by: Aakanksha Saini <aakanksa@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Edit user form fails because a 'wiki' group entry exists in the database
though the ikiwiki app hasn't been installed yet.
- Register group when a user group is created by an application, so that a
plinth restart can be avoided.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- More user-friendly treatment of groups and their permissions
Closes#690
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Also wrote unit tests in users/tests/test_actions
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit contains an implementation only for module repro
- Loop through all the loaded modules
- Get each module reserved_username attribute
- Check the username against the reserved_username
- Only admins can now edit the groups of any user
- Only admins can mark any user as active or not
- Refactored all occurrences of admin checks to its own utility function
In a following pull request, we are expected to solve the cache timing
issue. So, show a generic error message instead of one that suggests a
timing problem.
When editing an existing user, error is being thrown due to restricted
usernames check. This is due to the username matching existing
username.
Also:
- Raise the validation error on the field instead of the entire form.
- Send error code along with validation error message.
- End the validation error message with a full stop for consistency.
- Allow setting multiple SSH keys one per line (which is already
allowed, but advertise it better).
- Use mkhomedir_helper to create the user's home directory. Avoid
security and accuracy complexities of creating a home directory.
- Allow homes that don't exist in /home.
- Merge all ldap actions into one action.
- Setup ldapscripts using augeas.
- Use the default mechanisms used by ldapscripts.
- Remove adding admin users to 'sudo' group. Mixing LDAP groups and
local groups is not a good practice. 'admin' LDAP group will be added
to sudoers in another patch to freedombox-setup.
- Make all users posixAccount and all groups posixGroup for simplicity.
Shell access can be restricted in other ways.
- Work around ldapscripts not able to set password using SASL auth.
- Work around ldapscripts having issues with current locale.
- Create groups on first boot a bit more safely
- Use get_or_create instead of get() and create()
- Fix issue with not showing a full list of groups in user modify page
when there is are no users for that group.
