Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create groups for ptokens #7944

Merged
merged 4 commits into from
Jan 14, 2021
Merged

Create groups for ptokens #7944

merged 4 commits into from
Jan 14, 2021

Conversation

corydickson
Copy link
Contributor

Description

Returns a 403 on the create ptoken endpoint if a user does not have the necessary permissions and hides the model the dashboard page.

Testing

Run the ptoken migration to add a user to the group and create the necessary permissions. Then, login and navigate to the dashboard page. If a user has permission should see the modal, else it will not appear

@corydickson corydickson changed the title Cd/ptoken groups Create groups for ptokens Nov 26, 2020
@corydickson corydickson changed the base branch from grants-round-8 to master November 26, 2020 01:27
corydickson
corydickson commented Nov 26, 2020
View reviewed changes
app/ptokens/management/commands/setup_ptoken_launch.py
print('Adding seeded users to pToken Group')

# TODO: How else will we determine which users should be added to the group
valid_users = User.objects.filter(~Q(groups__name__in=[pToken_group_name]), profile__trust_profile=True)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just need clarity on the identifier to seed the initial user base. Email / ids ? @thelostone-mc

corydickson
corydickson commented Nov 26, 2020
View reviewed changes
app/ptokens/views.py
@@ -204,6 +204,12 @@ def ptoken(request, token_id='me'):
return JsonResponse(
{'error': _('You must be authenticated via github to use this feature!')},
status=401)

if not user.has_perm('auth.user.add_pToken_auth'):
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mds1 Brought up the good point that a user would be able to abuse Vue here and possibly open the modal; this ensures that they cannot make the request given their creds

amustapha
amustapha approved these changes Nov 26, 2020
View reviewed changes
Copy link
Contributor

@amustapha amustapha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@corydickson corydickson force-pushed the cd/ptoken-groups branch 4 times, most recently from b380f56 to f1806a8 Compare January 12, 2021 06:03
thelostone-mc
thelostone-mc reviewed Jan 12, 2021
View reviewed changes
app/ptokens/management/commands/setup_ptoken_launch.py
for user in valid_users:
user.groups.add(pToken_group)

print('Valid users added to pToken group')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we run this just once and be done with it ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yup, unless you had another way in mind. Let me know how seeding is determined and I can open another PR and add it to this command

@thelostone-mc thelostone-mc merged commit d3008db into gitcoinco:master Jan 14, 2021
@thelostone-mc
Copy link
Member

thelostone-mc commented Jan 20, 2021
edited

Just tested this ! @mds1 @corydickson
I ran setup_ptoken_launch and has_ptoken_auth is true but I don't see a creation modal popping up anywhere

Untitled

@mds1
Copy link
Contributor

mds1 commented Jan 20, 2021

I'll defer to @corydickson on this one. From a quick glance it looks like it's set up correctly, where the "Create" button is behind v-if="has_ptoken_auth".

Can we also add instructions/comments somewhere (even if just as a reply here) that explain what setup_ptoken_launch and has_ptoken_auth are both used for + how to configure them in dev mode? I've never used Django groups so a brief explanation would help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thelostone-mc thelostone-mc thelostone-mc approved these changes

@chibie chibie chibie approved these changes

@amustapha amustapha amustapha approved these changes

@danlipert danlipert Awaiting requested review from danlipert

@frankchen07 frankchen07 Awaiting requested review from frankchen07

@octavioamu octavioamu Awaiting requested review from octavioamu

@PixelantDesign PixelantDesign Awaiting requested review from PixelantDesign

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@corydickson @thelostone-mc @mds1 @chibie @amustapha