- Only admins can now edit the groups of any user
- Only admins can mark any user as active or not
- Refactored all occurrences of admin checks to its own utility function
- Rename AdminMiddleware to AdminRequiredMiddleware to be consistent
with stronghold/Django terminology
- Simplify .gitignore pattern
- Format single line docstrings as per PEP8.
- Add missing docstrings.
- Restrict lines to 79 characters.
- Fix major regression so that steps can submitted multiple times in
case of errors.
- Don't serve the welcome page (and other pages) only once. Show it
until action is an taken. This does not apply to the final step.
- Eliminate all coupling of one first boot step on another.
- Move first boot helper methods to __init__.py instead of middleware as
it is more generic than middleware.
- Implement caching the first boot state to avoid an SQL query on every
page load. The down side is that if first boot state is modified in
the backend DB outside Plinth, Plinth will need to be restarted to
catch the modified value.
- Mark some methods as private.
- Refactor middleware code for slightly more simplicity.
- Don't show sidebar in pagekite first boot step. Set width like other
pages.
Most tables now occupy the full width of the container row. Some of
them are otherwise squished. Also make sure the new fixed container
layout has not reduced the originally intended width of a table.
Now all forms will uniformly occupy the full width of the available
row. Bootstrap originally designed forms this way. However, we were
setting restricted widths on forms as they were too wide. With the new
fixed container layout this is no longer necessary.
In a following pull request, we are expected to solve the cache timing
issue. So, show a generic error message instead of one that suggests a
timing problem.
When editing an existing user, error is being thrown due to restricted
usernames check. This is due to the username matching existing
username.
Also:
- Raise the validation error on the field instead of the entire form.
- Send error code along with validation error message.
- End the validation error message with a full stop for consistency.
Preseeding settings with debconf won't have any effect if the packages
are already installed. Instead, provide an override database to
dpkg-reconfigure.
This can then be used by a privileged action to verify that packages
requested for installation are in fact valid. This slightly improves
security of those privileged actions.
Currently menu items are shown in alphabetical order in applications and
no clear order in system configuration. This is done using static
weights for menu items based on English names that does not work for
other locales.
Sorting can't be done at the time of adding menu items as users of
multiple locales may use the interface at the same time.
Implement a sorting mechanism based on existing order as well as labels
of menu item. This allows the flexiblity of grouping menu items in
future as it may be need for system configuration. In case of help menu
Remove sort order for all modules except for help menu as here we want
that specific order.
- The last part of the module import path is the module name. This also
becomes the Django app name. Apps names have to be unique. Hence,
there is no scope for two different modules with same name but
different load path to exist in the project.
- Most uses of list of loaded modules are dealing with app names instead
of full module load path. This is due to the fact that Django deals
with app names and not module paths.
- It is also somewhat clumsy to access a loaded module as we are
re-importing every time to get access module.
- Simplify all of the above by using app names are module identifiers
and maintaing an ordered dictionary of app names to loadded modules.
- Remove unused imports.
- Minor styling fixes.
- Allow setting multiple SSH keys one per line (which is already
allowed, but advertise it better).
- Use mkhomedir_helper to create the user's home directory. Avoid
security and accuracy complexities of creating a home directory.
- Allow homes that don't exist in /home.
- Move diagnostics into main module instead of action script.
- Ability run diagnostics as non-root user (because it runs in Plinth
instead of action).
- Diagnose whether LDAP server is listening.
- Diagnose directory entities created during setup.
- Merge all ldap actions into one action.
- Setup ldapscripts using augeas.
- Use the default mechanisms used by ldapscripts.
- Remove adding admin users to 'sudo' group. Mixing LDAP groups and
local groups is not a good practice. 'admin' LDAP group will be added
to sudoers in another patch to freedombox-setup.
- Make all users posixAccount and all groups posixGroup for simplicity.
Shell access can be restricted in other ways.
- Work around ldapscripts not able to set password using SASL auth.
- Work around ldapscripts having issues with current locale.
- Create groups on first boot a bit more safely
- Use get_or_create instead of get() and create()
- Fix issue with not showing a full list of groups in user modify page
when there is are no users for that group.
