- Only admins can now edit the groups of any user
- Only admins can mark any user as active or not
- Refactored all occurrences of admin checks to its own utility function
- Rename AdminMiddleware to AdminRequiredMiddleware to be consistent
with stronghold/Django terminology
- Simplify .gitignore pattern
- Format single line docstrings as per PEP8.
- Add missing docstrings.
- Restrict lines to 79 characters.
Don't try to show setup view for login page. This happens under a rare
circumstance that user does not usually face. If 'users' module has not
been setup but we try to run first boot and last part of the firstboot
process is not yet completed and when user is not already logged in, an
infinite redirect happens.
Simply don't try to show setup view for login URL under any
circumstance. This is similar to how firstboot middleware itself does
not meddle with login URL.
Anonymous users were able to access pages that used
the 'public' decorator of stronghold. If such a page
showed the installation routine of the setup module
they were able to access and use it, in other words:
Anonymous users were able to install software.
Don't raise a 404 exception when a page is not found. Instead, simply
bypass the setup middleware so that other middleware have a chance to
process further.
Slight modification so that resolve method can be mocked during
unittests.
Django runs process_request() on all the middleware classes in order.
Then it runs process_view() on all of them again. During the runs, if
any of the views return a HttpResponse. Further processing is ignored.
Setup middleware was handling process_request() and returning
HttpResponse if the application as not setup. However, stronghold
middleware handles process_view(). Since process_request happens first
and response is being returned there, stronghold middleware is never
called.
Make setup middleware use process_view() instead.
