New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable users to create groups #2402
Conversation
|
||
def _get_hashids(request): | ||
salt = security.derive_key( | ||
request.registry.settings["secret_key"], "h.groups.hashid", length=20) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we discussed, I think this is a dangerous route to go down. Just add a config option for this.
So, just to be clear, this is butt ugly at the moment and definitely will need more work. My comment about the feature flags is merely observing that merging this doesn't block deployment, so if we're happy with what's here we can merge and carry on in additional PRs. |
|
__tablename__ = 'group' | ||
|
||
id = sa.Column(sa.Integer, autoincrement=True, primary_key=True) | ||
name = sa.Column(sa.Unicode(100), nullable=False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How do we motivate a choice of group name size limit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Honestly, I just figured that
East Louisiana State Troopers Chinchilla Brevicaudata Appreciation Society - East Baton Rouge Branch
Was more than long enough for a group name.
Looks fine, just a few small questions. |
|
It might be nice to tweak some names to make them consistent. Our view callables are You could argue for verb first or noun first, or in the case of the callables and the templates just verb without noun ( We don't seem to be consistent about this in |
47a7a8a
to
8d39d1c
Compare
@@ -15,6 +15,8 @@ use: egg:h | |||
#h.client_id: | |||
#h.client_secret: | |||
|
|||
h.hashids.salt: production salt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm inclined to remove this so that if you don't set the environment var in production the application will explode rather than silently using a predictable salt.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Iirc correctly I put this in because Travis was crashing otherwise (it builds the Chrome extension with production.ini iirc). We could fix the Travis script instead
|
Just fixed most of landscape's issues, I'm happy to leaves it remaining complaints alone |
|
@tilgovi We're done with this, merge if you're happy with it |
|
This commit adds a package "h.groups", which for now contains only data models for group membership, and a schema migration to create the relevant tables in the database. For now, groups are identified simply by unique id, and they have a unicode name, which is expected to be their display name.
On form submission create a new group in the db and then redirect to the group's page. Validation of form params still needs to be done. We're using the group id direct from the db in the group page's URL, this needs to be replaced with a hashid based on the group's id and some salt.
- create_group() validates the posted params with our colander schema, rerenders the form on validation failure - Views now return two items to the template: "form" and "data" (a dict of any values the user had entered into the form, e.g. {"name": "My New Group"}), so we can rerender the template with the user's data intact
Rather than exposing raw primary keys in the group URLs, we use hashids so that the URLs cannot be trivially enumerated. In production, we set a hashid salt that ensures that other people can't generate our hashids.
This commit adds a list of groups to the "topbar" when the groups feature flag is enabled.
This commit slightly simplifies the handling of requests with missing slugs, while also catering for another common scenario: mistyped slugs. Now, given a group with hashid "abc123" and slug "hello-world", all of the following paths will redirect to "/groups/abc123/hello-world": /groups/abc123 /groups/abc123/ /groups/abc123/hello-wolrd Any more path components will throw a 404 as before. In addition, the redirect is now served as a 301 Moved Permanently.
These view functions are already namespaced, so referencing groups is redundant and leads to inconsistencies with the global namespace of route names. create_group_form -> create_form create_group -> create read_group -> read
Rebased over the simple conflict with the admins permissions PR. Waiting for the green light just to be paranoid, but it looks good and I'll hit merge when that's good. |
\o/ |
@nickstenning suggests that (since it's behind a feature flag) this can be merged now even though the groups dropdown list in the sidebar is still a fake.
@tilgovi Want to review this? Since Nick and I have both worked on it.
What this does:
/groups/new
to get a form for creating a new group