Merge branch 'master' into rights

# Conflicts:
#	note_kfet/settings/base.py

note_kfet/settings/__init__.py

@@ -0,0 +1,46 @@
+import os
+import re
+
+from .base import *
+
+def read_env():
+    """Pulled from Honcho code with minor updates, reads local default
+    environment variables from a .env file located in the project root
+    directory.
+    """
+    try:
+        with open('.env') as f:
+            content = f.read()
+    except IOError:
+        content = ''
+    for line in content.splitlines():
+        m1 = re.match(r'\A([A-Za-z_0-9]+)=(.*)\Z', line)
+        if m1:
+            key, val = m1.group(1), m1.group(2)
+            m2 = re.match(r"\A'(.*)'\Z", val)
+            if m2:
+                val = m2.group(1)
+            m3 = re.match(r'\A"(.*)"\Z', val)
+            if m3:
+                val = re.sub(r'\\(.)', r'\1', m3.group(1))
+            os.environ.setdefault(key, val)
+
+read_env()
+
+app_stage = os.environ.get('DJANGO_APP_STAGE', 'dev')
+if app_stage == 'prod':
+    from .production import *
+    DATABASES["default"]["PASSWORD"] = os.environ.get('DJANGO_DB_PASSWORD','CHANGE_ME_IN_ENV_SETTINGS')
+    SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY','CHANGE_ME_IN_ENV_SETTINGS')
+    ALLOWED_HOSTS.append(os.environ.get('ALLOWED_HOSTS','localhost'))
+else:
+    from .development import *
+
+try:
+    from .secrets import *
+except ImportError:
+    pass
+
+# env variables set at the of in /env/bin/activate
+# don't forget to unset in deactivate !
+

note_kfet/settings/base.py

@@ -0,0 +1,211 @@
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import os
+import sys
+
+from django.utils.translation import gettext_lazy as _
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+PROJECT_DIR = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
+APPS_DIR = os.path.realpath(os.path.join(BASE_DIR, "apps"))
+sys.path.append(APPS_DIR)
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = 'CHANGE_ME_IN_LOCAL_SETTINGS!'
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ADMINS = (
+    # ('Admin', 'webmaster@example.com'),
+)
+
+SITE_ID = 1
+
+ALLOWED_HOSTS = []
+
+# Application definition
+
+INSTALLED_APPS = [
+    # Theme overrides Django Admin templates
+    # 'theme',
+
+    # External apps
+    'polymorphic',
+    'guardian',
+    'reversion',
+    'crispy_forms',
+    'django_tables2',
+    # Django contrib
+    'django.contrib.admin',
+    'django.contrib.admindocs',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.sites',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+    # API
+    'rest_framework',
+    'rest_framework.authtoken',
+    # Autocomplete
+    'dal',
+    'dal_select2',
+    # CAS
+    'cas_server',
+    'cas',
+
+    # Note apps
+    'activity',
+    'member',
+    'note',
+    'permission',
+    'api',
+    'logs',
+]
+LOGIN_REDIRECT_URL = '/note/transfer/'
+
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.contrib.admindocs.middleware.XViewMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'django.middleware.locale.LocaleMiddleware',
+    'django.contrib.sites.middleware.CurrentSiteMiddleware',
+    'note_kfet.middlewares.TurbolinksMiddleware',
+    'cas.middleware.CASMiddleware',
+]
+
+ROOT_URLCONF = 'note_kfet.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [os.path.join(BASE_DIR, 'templates')],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+                'django.template.context_processors.request',
+              #  'django.template.context_processors.media',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'note_kfet.wsgi.application'
+
+# Password validation
+# https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+# Use our custom hasher in order to import NK15 passwords
+PASSWORD_HASHERS = [
+    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
+    'member.hashers.CustomNK15Hasher',
+]
+
+# Django Guardian object permissions
+
+AUTHENTICATION_BACKENDS = (
+    'django.contrib.auth.backends.ModelBackend',  # this is default
+    'guardian.backends.ObjectPermissionBackend',
+    'cas.backends.CASBackend',
+)
+
+REST_FRAMEWORK = {
+    # Use Django's standard `django.contrib.auth` permissions,
+    # or allow read-only access for unauthenticated users.
+    'DEFAULT_PERMISSION_CLASSES': [
+        # TODO Maybe replace it with our custom permissions system
+        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
+    ],
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.TokenAuthentication',
+    ]
+}
+
+ANONYMOUS_USER_NAME = None  # Disable guardian anonymous user
+
+GUARDIAN_GET_CONTENT_TYPE = 'polymorphic.contrib.guardian.get_polymorphic_base_content_type'
+
+# Internationalization
+# https://docs.djangoproject.com/en/2.2/topics/i18n/
+
+LANGUAGE_CODE = 'en'
+
+LANGUAGES = [
+    ('de', _('German')),
+    ('en', _('English')),
+    ('fr', _('French')),
+]
+
+TIME_ZONE = 'Europe/Paris'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+LOCALE_PATHS = [os.path.join(BASE_DIR, "locale")]
+
+FIXTURE_DIRS = [os.path.join(BASE_DIR, "note_kfet/fixtures")]
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/2.2/howto/static-files/
+
+# Absolute path to the directory static files should be collected to.
+# Don't put anything in this directory yourself; store your static files
+# in apps' "static/" subdirectories and in STATICFILES_DIRS.
+# Example: "/var/www/example.com/static/"
+STATIC_ROOT = os.path.join(BASE_DIR,"static/")
+# STATICFILES_DIRS = [
+#    os.path.join(BASE_DIR, 'static')]
+STATICFILES_DIRS = []
+CRISPY_TEMPLATE_PACK = 'bootstrap4'
+DJANGO_TABLES2_TEMPLATE = 'django_tables2/bootstrap4.html'
+# URL prefix for static files.
+# Example: "http://example.com/static/", "http://static.example.com/"
+STATIC_URL = '/static/'
+
+ALIAS_VALIDATOR_REGEX = r''
+
+MEDIA_ROOT=os.path.join(BASE_DIR,"media")
+MEDIA_URL='/media/'
+
+# Profile Picture Settings
+PIC_WIDTH = 200
+PIC_RATIO = 1
+
+# CAS Settings
+CAS_AUTO_CREATE_USER = False
+CAS_LOGO_URL = "/static/img/Saperlistpopette.png"
+CAS_FAVICON_URL = "/static/favicon/favicon-32x32.png"
+

note_kfet/settings/development.py

@@ -0,0 +1,54 @@
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+########################
+# Development Settings #
+########################
+# For local dev on your machine:
+#  - Enabled by default
+#  - use sqlite as a db engine , Debug is True.
+#  - standalone mail server
+#  - and more ...
+
+
+# Database
+# https://docs.djangoproject.com/en/2.2/ref/settings/#databases
+from . import *
+import os
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+    }
+}
+
+# Break it, fix it!
+DEBUG = True
+
+# Mandatory !
+ALLOWED_HOSTS = ['*']
+
+# Emails
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+# EMAIL_USE_SSL = False
+# EMAIL_HOST = 'smtp.example.org'
+# EMAIL_PORT = 25
+# EMAIL_HOST_USER = 'change_me'
+# EMAIL_HOST_PASSWORD = 'change_me'
+
+SERVER_EMAIL = 'no-reply@example.org'
+
+# Security settings
+SECURE_CONTENT_TYPE_NOSNIFF = False
+SECURE_BROWSER_XSS_FILTER = False
+SESSION_COOKIE_SECURE = False
+CSRF_COOKIE_SECURE = False
+CSRF_COOKIE_HTTPONLY = False
+X_FRAME_OPTIONS = 'DENY'
+SESSION_COOKIE_AGE = 60 * 60 * 3
+
+# CAS Client settings
+# Can be modified in secrets.py
+CAS_SERVER_URL = "https://note.comby.xyz/cas/"

note_kfet/settings/production.py

@@ -0,0 +1,52 @@
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+########################
+# Production  Settings #
+########################
+# For local dev on your machine:
+#  - Enabled by setting env variable DJANGO_APP_STAGE = 'prod'
+#  - use Postgresql as db engine
+#  - Debug should be false.
+#  - should have a dedicated mail server
+#  - and more ...
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        'NAME': 'note_db',
+        'USER': 'note',
+        'PASSWORD': 'update_in_env_variable',
+        'HOST': '127.0.0.1',
+        'PORT': '',
+    }
+}
+
+# Break it, fix it!
+DEBUG = True
+
+# Mandatory !
+ALLOWED_HOSTS = ['127.0.0.1','note.comby.xyz']
+
+# Emails
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+# EMAIL_USE_SSL = False
+# EMAIL_HOST = 'smtp.example.org'
+# EMAIL_PORT = 25
+# EMAIL_HOST_USER = 'change_me'
+# EMAIL_HOST_PASSWORD = 'change_me'
+
+SERVER_EMAIL = 'no-reply@example.org'
+
+# Security settings
+SECURE_CONTENT_TYPE_NOSNIFF = False
+SECURE_BROWSER_XSS_FILTER = False
+SESSION_COOKIE_SECURE = False
+CSRF_COOKIE_SECURE = False
+CSRF_COOKIE_HTTPONLY = False
+X_FRAME_OPTIONS = 'DENY'
+SESSION_COOKIE_AGE = 60 * 60 * 3
+
+# CAS Client settings
+CAS_SERVER_URL = "https://note.crans.org/cas/"