- Handle groups needed by an app.
- Handle reserved usernames for an app.
- Updated documentation
- Updated unit tests
Tests performed:
- Reserved usernames: ez-ipupd, ejabberd, Debian-minetest, mldonkey,
monkeysphere, mumble-server, privoxy, quasselcore, radicale, debian-tor,
debian-transmission
- Reserved usernames checks should work in the following forms:
- Create user
- Update user
- First boot user creation
- Full list of available groups should appear in following cases:
- Create user form
- Update user form
- Full list of groups should get created in Django DB during:
- Update user form display
- First boot form save
- When updating the last admin user, the 'admin' group choice is checked
and disabled.
- Following groups show up (sorted by group name):
- bit-torrent: Download files using BitTorrent applications
- git-access: Read-write access to Git repositories
- i2p: Manage I2P application
- wiki: View and edit wiki applications
- minidlna: Media streaming server
- ed2k: Download files using eDonkey applications
- freedombox-share: Access to the private shares
- web-search: Search the web
- syncthing: Administer Syncthing application
- feed-reader: Read and subscribe to news feeds
- admin: Access to all services and system settings
- Directory validation form checks for write permissions for following apps:
- deluge with debian-deluged user
- transmission with debian-transmission user
- Sharing app should show all the groups in add/edit share forms
- The following apps should get added to share group during setup:
debian-transmission
debian-deluged
- Unit tests pass
- Functional tests for users and groups pass
- Test that an app (example syncthing) provides the necessary
permissions to users in that group (but not in admin group).
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Fix i18n of group descriptions]
[sunil: Update developer documentation]
[sunil: Separate out cosmetic changes]
[sunil: Fix component ID for mumble]
[sunil: sharing: Remove unneeded dependency on users app]
[sunil: Implement better API for getting groups in component]
[sunil: Fix incorrect regression change ttrss app]
[sunil: Make iterating over gourps more readable]
[sunil: Improve tests, drop single use fixtures]
[sunil: Simplify test_view.py fixture]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Introduce new API to mark an app that it can't be disabled.
- Mark jsxc, storage, config, upgrade and firewall apps as can't be disabled.
- Fixed functional tests
- Replaced AppForm with forms.Form in all modules' forms.py.
- Remove app.template.js.
- Remove unused styles.
- Remove app status checks in form_valid of Deluge, Diaspora, Matrix, Ejabberd,
MediaWiki, Storage, Transmission, Quassel
- Purge unused is_enabled context variables (Ikiwiki)
- ejabberd: Minor cleanup in template
- jsxc: Cleanup unneeded overrides
- tahoe: Cleanup unnecessary overrides
Tests performed:
- For all apps affected, test enable/disable button works and submitting
configuration form works: with changes updates message and without changes
'settings unchanged' message.
- avahi
- bind
- cockpit
- SKIP: coquelicot
- datetime
- deluge
- SKIP: diaspora
- ejabberd
- gitweb
- i2p
- infinoted
- ikiwiki
- matrixsynapse
- mediawiki
- minetest
- minidlna
- mldonkey
- mumble
- pagekite
- privoxy
- quassel
- radicale
- roundcube
- SKIP: samba
- searx
- SKIP: shaarli
- shadowsocks
- ssh
- tahoe
- transmission
- FAIL: tt-rss (not installable)
- wireguard
- Deluge test that configuration changes when app is disabled work
- Quassel test that setting the domain works when app is diabled
- Transmission test that setting the domain works when app is diabled
- Ikiwiki create form works properly
- Enable/disable button appears as expected when enabled and when disabled
- Enable/disable button works without Javascript
- Functional tests work for affected apps, Tor and OpenVPN
- AppForm is removed from developer documentation
- Forms reference
- Customizing tutorial
- Test all apps using directory select form
- Transmission
- Deluge
- Visit each template that overrides block configuration and ensure that it is
loaded properly and the display is as expected.
- All apps that use AppView that are not tested above should not have an
enable/disable button. That is JSXC, update, config, firewall, storage, users.
Signed-off-by: Alice Kile <buoyantair@protonmail.com>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Remove the need to pass all the individual information elements to the AppView
separately. This eliminates many issues with elements that were mistakenly not
sent to AppView. Also reduces a lot of code duplication.
- Create App classes for power and sso for consistency.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- new share types - group and home shares
- users: when creating, deleting or changing user password, update also Samba
tdbsam backend database
- users: new managed packages - samba-common-bin, tdb-tools
- module page: show current samba users who are in freedombox-share group
- module page: show users who should re-enter their password in the password change page
- fix: use os.path.ismount() from Python standard library to validate a mount point
- fix: samba share permissions, fixes#1729
- fix: delete a share - do not raise an exception if the share doesn't exist
- storage: show samba share type in the directory selection form
Closes#1727
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Directory selection allows to:
- select from default directory
- select from available Samba shares
- specify subdirectory
- insert custom directory
- directory validator checks: path exists, is directory, is readable, is writable
- samba: action script: include share path in share list
- create freedombox-share group inside users module instead of samba module
Closes#1703
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Provide an app title, description and link to manual page.
- Use AppView and app.html to present most of the elements.
- Remove tabs and turn create user into a button.
Tested by running: py.test-3 --include-functional -k users-groups
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- When only when admin user is present, the users list does not show delete
button next to the admin user. The checkbox for admin group is disabled (but
checked) for that user in edit user form.
- When there are multiple admin users preset, the users list shows delete button
against all admin users. The checkbox for admin group is enabled (but checked)
for all admin users.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Introduce base class for all apps that will contain components. With
unittests.
- Introduce base classes for components. With unittests.
- Turn Menu class into an app component.
- Further cleanup Menu class.
- Update tests.
- Maintain a global list of menu items and look them up easily. Generalize
such that subsubmenus can later be merged into Menu class.
- Cleanup scope of main menu initialization.
- Use None instead of empty strings for various values. Ensure that
printing short_description does not show 'None' in output.
- Use enable/disable instead of promote/demote.
- Use menu component in all apps.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Currently, nscd comes as a recommended package of nslcd, which is a dependency
of Plinth. Plinth needs nscd to work. An installation with the --no-recommends
option will cause errors in Plinth.
Users is an essential package in plinth. nscd is now a managed package of users.
Fixes#1213
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Don't allow disabling the only available admin account.
- Don't allow deletion of the only available admin account.
- Don't allow removing admin privileges of the only available admin account.
Signed-off-by: Hemanth Kumar Veeranki <hems.india1997@gmail.com>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Remove conditional registration of groups on module initialization.
- Create uninitialized groups on addition/update of groups for user.
- Remove group creation on setup/installation of a module.
Tested for:
- Multi registration of groups.
- Manual UI test to check visibility of groups irrespective of whether module is
installed/enabled.
Signed-off-by: Aakanksha Saini <aakanksa@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
During the first setup, older_version is sent as 0 instead of None. Make sure
that is actually works by doing proper condition check.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Increment users module version so existing users will get FreedomBox
copy of ldapscripts config file.
Avoid reconfiguration of slapd during module upgrade, because this
will move the existing database.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Edit user form fails because a 'wiki' group entry exists in the database
though the ikiwiki app hasn't been installed yet.
- Register group when a user group is created by an application, so that a
plinth restart can be avoided.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- More user-friendly treatment of groups and their permissions
Closes#690
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Also wrote unit tests in users/tests/test_actions
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Closes#928
- Adds shell and python APIs adding/removing LDAP groups
Signed-off-by: Rahul De <rahul080327@gmail.com>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Removed key generation for mod_auth_pubtkt from first boot.
- Running setup every time plinth starts so that new essential modules
can be setup properly.
Partially fixes#875
- Install mod_auth_pubtkt and generate public/private key-pair.
- Redirect user to login page if no cookie is presented.
- Add check for authenticated user for login page.
- Temporarily switched to DSA because of a bug in mod_auth_pubtkt
which causes it to accept only DSA and not RSA. Also had to use SHA1
instead of SHA256.
- Enabled SSO for Syncthing, Repro and TT-RSS.
- Using tokens to authorize by user groups.
- Generate keys during first boot.
- Remove apps and system modules and merge their views into main views.
- Move main_menu from cfg into menu.py.
- Remove dependencies of other modules on apps and system modules.
- Update tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Preseeding settings with debconf won't have any effect if the packages
are already installed. Instead, provide an override database to
dpkg-reconfigure.
This can then be used by a privileged action to verify that packages
requested for installation are in fact valid. This slightly improves
security of those privileged actions.
Currently menu items are shown in alphabetical order in applications and
no clear order in system configuration. This is done using static
weights for menu items based on English names that does not work for
other locales.
Sorting can't be done at the time of adding menu items as users of
multiple locales may use the interface at the same time.
Implement a sorting mechanism based on existing order as well as labels
of menu item. This allows the flexiblity of grouping menu items in
future as it may be need for system configuration. In case of help menu
Remove sort order for all modules except for help menu as here we want
that specific order.
- The last part of the module import path is the module name. This also
becomes the Django app name. Apps names have to be unique. Hence,
there is no scope for two different modules with same name but
different load path to exist in the project.
- Most uses of list of loaded modules are dealing with app names instead
of full module load path. This is due to the fact that Django deals
with app names and not module paths.
- It is also somewhat clumsy to access a loaded module as we are
re-importing every time to get access module.
- Simplify all of the above by using app names are module identifiers
and maintaing an ordered dictionary of app names to loadded modules.
- Remove unused imports.
- Minor styling fixes.
- Move diagnostics into main module instead of action script.
- Ability run diagnostics as non-root user (because it runs in Plinth
instead of action).
- Diagnose whether LDAP server is listening.
- Diagnose directory entities created during setup.
- If during an action, user does not exist ignore.
- If during an action, return a non-zero exist status.
- Catch an errors during actions as exceptions.
- Display a message that corresponding POSIX operation failed.
