ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-02-25 09:26:29 +00:00
Code Issues Releases Wiki Activity

Compare commits

base: ynerant:d9b4e0a9a93a6c7487255f44b9051570e85d7370
Branches Tags
ynerant:main
ynerant:patch_openers_(forgot_something)
ynerant:respo_comm_permissionsV2
ynerant:fix_activity_view
ynerant:Automation_mailing_lists
ynerant:potvieux
ynerant:New_permission
ynerant:finito_sda
ynerant:beta
ynerant:non-BDE-members-permission-fix
ynerant:survey_wei_2024
ynerant:migration-django-4-2
ynerant:food_traceability
ynerant:summary_notes
ynerant:traduction_inclusive_fr
ynerant:migration-django-5-0
ynerant:qrcode
ynerant:VSS
ynerant:update_permission
ynerant:fix_pipeline
ynerant:permission_var
ynerant:inclusive
ynerant:nix-shell
ynerant:sheets
ynerant:svg_icons
ynerant:faster_ci
ynerant:v1.0.3
ynerant:v1.0.2
ynerant:v1.0.1
ynerant:v1.0.0
...
compare: ynerant:d43fbe7ac6545ca7ff6a93849b95e59d076fb9b4
Branches Tags
ynerant:main
ynerant:patch_openers_(forgot_something)
ynerant:respo_comm_permissionsV2
ynerant:fix_activity_view
ynerant:Automation_mailing_lists
ynerant:potvieux
ynerant:New_permission
ynerant:finito_sda
ynerant:beta
ynerant:non-BDE-members-permission-fix
ynerant:survey_wei_2024
ynerant:migration-django-4-2
ynerant:food_traceability
ynerant:summary_notes
ynerant:traduction_inclusive_fr
ynerant:migration-django-5-0
ynerant:qrcode
ynerant:VSS
ynerant:update_permission
ynerant:fix_pipeline
ynerant:permission_var
ynerant:inclusive
ynerant:nix-shell
ynerant:sheets
ynerant:svg_icons
ynerant:faster_ci
ynerant:v1.0.3
ynerant:v1.0.2
ynerant:v1.0.1
ynerant:v1.0.0

7 Commits
d9b4e0a9a9 ... d43fbe7ac6

Author SHA1 Message Date
ynerant
d43fbe7ac6 Merge branch 'harden' into 'beta' 
Harden Django project configuration

See merge request bde/nk20!194
 2022-03-09 12:30:23 +01:00
Alexandre Iooss
df5f9b5f1e Harden Django project configuration 
Set session and CSRF cookies as secure for production.
Set HSTS header to let browser remember HTTPS for 1 year.
 2022-03-09 12:12:56 +01:00
Yohann D'ANELLO
4161248bff
Add permissions to view/create/change/delete OAuth2 applications 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2022-03-09 12:06:19 +01:00
Yohann D'ANELLO
58136f3c48
Fix permission checks in the /api/me view 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
 2022-03-09 11:45:24 +01:00
ynerant
5f69232560 Merge branch 'beta' into 'main' 
Optional scopes + small bug fix

See merge request bde/nk20!193
 2022-02-12 14:37:58 +01:00
ynerant
1eb72044c2 Merge branch 'beta' into 'master' 
Changements variés et mineurs

Closes #107 et #91

See merge request bde/nk20!191
 2021-12-13 21:16:26 +01:00
ynerant
ca2b9f061c Merge branch 'beta' into 'master' 
Multiples fix, réparation des pots

Closes #75

See merge request bde/nk20!186
 2021-10-05 12:02:03 +02:00
3 changed files with 85 additions and 4 deletions
Show Stats Expand all files Collapse all files

4
apps/api/serializers.py
View File

@ -60,12 +60,12 @@ class OAuthSerializer(serializers.ModelSerializer):
def get_profile(self, obj): def get_profile(self, obj):
# Display the profile of the user only if we have rights to see it. # Display the profile of the user only if we have rights to see it.
return ProfileSerializer().to_representation(obj.profile) \ return ProfileSerializer().to_representation(obj.profile) \
if PermissionBackend.has_perm(get_current_request(), obj.profile, 'view') else None if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None
def get_note(self, obj): def get_note(self, obj):
# Display the note of the user only if we have rights to see it. # Display the note of the user only if we have rights to see it.
return NoteSerializer().to_representation(obj.note) \ return NoteSerializer().to_representation(obj.note) \
if PermissionBackend.has_perm(get_current_request(), obj.note, 'view') else None if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None
def get_memberships(self, obj): def get_memberships(self, obj):
# Display only memberships that we are allowed to see. # Display only memberships that we are allowed to see.

76
apps/permission/fixtures/initial.json
View File

@ -2903,6 +2903,70 @@
"description": "(Dé)bloquer la note de son club et indiquer que cela a été fait manuellement" "description": "(Dé)bloquer la note de son club et indiquer que cela a été fait manuellement"
} }
}, },
{
"model": "permission.permission",
"pk": 186,
"fields": {
"model": [
"oauth2_provider",
"application"
],
"query": "{\"user\": [\"user\"]}",
"type": "view",
"mask": 1,
"field": "",
"permanent": true,
"description": "Voir ses applications OAuth2"
}
},
{
"model": "permission.permission",
"pk": 187,
"fields": {
"model": [
"oauth2_provider",
"application"
],
"query": "{\"user\": [\"user\"]}",
"type": "create",
"mask": 1,
"field": "",
"permanent": true,
"description": "Créer une application OAuth2"
}
},
{
"model": "permission.permission",
"pk": 188,
"fields": {
"model": [
"oauth2_provider",
"application"
],
"query": "{\"user\": [\"user\"]}",
"type": "change",
"mask": 1,
"field": "",
"permanent": true,
"description": "Modifier une application OAuth2"
}
},
{
"model": "permission.permission",
"pk": 189,
"fields": {
"model": [
"oauth2_provider",
"application"
],
"query": "{\"user\": [\"user\"]}",
"type": "delete",
"mask": 1,
"field": "",
"permanent": true,
"description": "Supprimer une application OAuth2"
}
},
{ {
"model": "permission.role", "model": "permission.role",
"pk": 1, "pk": 1,
@ -2933,7 +2997,11 @@
126, 126,
161, 161,
162, 162,
165 165,
186,
187,
188,
189
] ]
} }
}, },
@ -3314,7 +3382,11 @@
182, 182,
183, 183,
184, 184,
185 185,
186,
187,
188,
189
] ]
} }
}, },

9
note_kfet/settings/base.py
View File

@ -24,6 +24,15 @@ ALLOWED_HOSTS = [
os.getenv('NOTE_URL', 'localhost'), os.getenv('NOTE_URL', 'localhost'),
] ]
# Use secure cookies in production
SESSION_COOKIE_SECURE = not DEBUG
CSRF_COOKIE_SECURE = not DEBUG
# Remember HTTPS for 1 year
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
# Application definition # Application definition