- Only admins can now edit the groups of any user
- Only admins can mark any user as active or not
- Refactored all occurrences of admin checks to its own utility function
- Rename AdminMiddleware to AdminRequiredMiddleware to be consistent
with stronghold/Django terminology
- Simplify .gitignore pattern
- Format single line docstrings as per PEP8.
- Add missing docstrings.
- Restrict lines to 79 characters.
- Fix major regression so that steps can submitted multiple times in
case of errors.
- Don't serve the welcome page (and other pages) only once. Show it
until action is an taken. This does not apply to the final step.
- Eliminate all coupling of one first boot step on another.
- Move first boot helper methods to __init__.py instead of middleware as
it is more generic than middleware.
- Implement caching the first boot state to avoid an SQL query on every
page load. The down side is that if first boot state is modified in
the backend DB outside Plinth, Plinth will need to be restarted to
catch the modified value.
- Mark some methods as private.
- Refactor middleware code for slightly more simplicity.
- Don't show sidebar in pagekite first boot step. Set width like other
pages.
- Allow setting multiple SSH keys one per line (which is already
allowed, but advertise it better).
- Use mkhomedir_helper to create the user's home directory. Avoid
security and accuracy complexities of creating a home directory.
- Allow homes that don't exist in /home.
- Merge all ldap actions into one action.
- Setup ldapscripts using augeas.
- Use the default mechanisms used by ldapscripts.
- Remove adding admin users to 'sudo' group. Mixing LDAP groups and
local groups is not a good practice. 'admin' LDAP group will be added
to sudoers in another patch to freedombox-setup.
- Make all users posixAccount and all groups posixGroup for simplicity.
Shell access can be restricted in other ways.
- Work around ldapscripts not able to set password using SASL auth.
- Work around ldapscripts having issues with current locale.
- If during an action, user does not exist ignore.
- If during an action, return a non-zero exist status.
- Catch an errors during actions as exceptions.
- Display a message that corresponding POSIX operation failed.
We manually have to call the form.save() method in form_valid().
Plus tiny cleanups like using SetPasswordForm instead of
AdminPasswordChangeForm.
Note: this allows any logged-in user to change all other user passwords.
- allows editing users (currently the groups and username)
- allows any logged-in user to change the passwords of any other users
- improved url highlighting of subsubmenu
