New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How do we "authorize" users to archive license requests? #237
Comments
I found that code that checks the permissions at: spdx-online-tools/src/app/utils.py Line 56 in 415fcec
When I use the production instance at http://13.57.134.254/app/ my username is goneall9ea2cb6faa12445f and I am authorized. On the test instance at http://52.32.53.255/app, my username is goneall and I am not authorized. |
@goneall It checks if the user has collaboration access to https://github.com/spdx/tools-python/. Can you check your github login username from superadmin on the test instance (Not sure if Also, I think we need to change who can archive license requests feature - the person who submitted the requests, and spdx team members. We can assign a role to spdx team members and that should be checked instead of collaboration access. Django provides RBAC - but some super admin has to assign the roles (manual process). |
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
After reading through the code, it looks like the fix for authorizing the archive function was inside the post code. I submitted PR #239 to resolve. |
Fix archive authorization - resolves issue #237
* Create an issue when license is found to be a near match not PR Changes took place in the commit are: (1) Create an issue when the license should match based on user's response. (2) Add a post screenshot script to post a SC to github. (3) URL of the screenshot included in issue body. * Fix issue #137 - non-unique license submittal request Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * change file extension to .xls * add links to field in license form * add links of OSI approved list * import LicenseRequest to utils * add version information * add version information * change LicenseRequest to License * add OSI link to submit license form * make file of app migrations * add migrations for app * write comments in the version file * Update version.py Change version from 2.1.20 to 2.1.8 * Change spdx_version to spdx_online_tools_version * change spdx_tools to spdx_online_tools * solve archive issue * sove archive requests issue * Update license_requests.html * update the template file to use the login feature * change name to github username * hide button when not permitted or not logged in * combine 2 ifs and check in backend * add try/except * fix some errors in the code * Add github actions for CI/CD We already have a travis check setup, github actions can also be used for the same. * Update workflow * Remove xvfb * add function check permission to utils * modify tests for archive button * Update SPDX legal team mailing email address * changing cover image * update * Fix overflows in the UI * Add option to remove a source * Add autogenerated folder in .gitignore. Signed-off-by: shubhamgupta2956 <shubham.gupta2956@gmail.com> * Add "src/src/secret.py" in ".gitignore". Signed-off-by: shubhamgupta2956 <shubham.gupta2956@gmail.com> * Change -remove to red cross next to the input * Change source for the spdx-license-matcher to the SPDX github repo Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Remove "src/spdx-license-matcher/" from .gitignore Signed-off-by: shubhamgupta2956 <shubham.gupta2956@gmail.com> * Fix cross size * Updated path of some files in README.md to make minor things more clear Signed-off-by: shubham.gupta2956 <shubham.gupta2956@gmail.com> * Fix validation for file having whitespaces in name Currently, when the user uploads a file having white spaces in its name, it is not validated as the file name is changed due to replacement of whitespace by "%20". This commit replaces it with whitespaces so that the correct file can be validated Signed-off-by: shubham.gupta2956 <shubham.gupta2956@gmail.com> * Change python version in README.md Signed-off-by: shubhamgupta2956 <shubham.gupta2956@gmail.com> * Fix validation for file having whitespaces in name in all locations Signed-off-by: shubhamgupta2956 <shubham.gupta2956@gmail.com> * Increase modal view to remove overflowing errors. Signed-off-by: shubhamgupta2956 <shubham.gupta2956@gmail.com> * Remove unused variable "uploaded_file_url" Signed-off-by: shubhamgupta2956 <shubham.gupta2956@gmail.com> * Get sensitive data from environment variables * add dotenv module * Make relevant documentation changes * add ignore .env in src/src/ * Modify variable names matching GitHub naming rules * Add env to workflow * Remove travis CI integration * Add default to django secret key for tests * Add production and development container configs * Add supervisor configuration * Add WSGI (gunicorn) configuration * Add docker-compose configurations * Fix typo * Add pylint workflow and removein container multistage Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Add dockerignore Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Add supervisor logs to a mapped logfile Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Add env variable to stop storing .pyc files Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Fix PYTHONDONTWRITEBYTECOD environment variable (syntax fix) * Fix EOF newline Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Add JDK8 to spdx containers Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Modify tool.jar path Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Get redis host as env var Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Add redis host env to docker-compose configs Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Get env from secret.py Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Fixed runserver - Version1, Added JException, is_authenticated, zip, on_delete, relative imports * Update readme and migrations * Use wb instead of w when opening files * Run 2to3 * Fix example dir path * Update dockerfiles, req, workflow for py3 and tests for bytes * Fix env variable name Signed-off-by: K mehant <411843@student.nitandhra.ac.in> * Update dockefile, settings, and environment variables for EC2 docker deployment Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add venv to dockerignore Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update README file Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Production docker compose referencing the ECR instances Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Change port for redis to 80 Signed-off-by: Gary O'Neall gary@sourceauditor.com * Update README-PRODUCTION with somwhat working configuration Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update SPDX tools and docker config files for locally cached licenses Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Increase supervisor timeout Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Clean up the deploy scripts per PR review comments from @kmehant Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add redirect to production for tools.spdx.org Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add production environment variables to dockerignore Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update examples to avoid warnings Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add configuration for screenshot - initial checkin Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Pass github token from Python to JS Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add environment variable for personal access token for the license diff repo Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Cleanup - remove unused import and variables Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Screenshot upload to diff rep from backend through ajax call * Fix test failure * Fix async issue causing diff URL not to show up in issue Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add proper credits in production README Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update lets-encrypt file for the correct docker-compose file Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Set execution bit for letsencrypt script Signed-off-by: Ubuntu <ubuntu@ip-172-31-6-122.us-west-2.compute.internal> * Clean up files and README for the SSL docker deployment Signed-off-by: Ubuntu <ubuntu@ip-172-31-6-122.us-west-2.compute.internal> * Remove staging flag from letsencrypt Signed-off-by: Ubuntu <ubuntu@ip-172-31-6-122.us-west-2.compute.internal> * Update TODO's in README-PRODUCTION.md Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add attribution and license to lets-encrypt script Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Change name to SPDX Online Tool * bump version of the online-tools Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Resolve issue #222 - stale requirements file Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Resolve issue #227 - compare expects RDF only Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix issue #228 - missing add image Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Resolves issue #227 - change file type from xlsx to xls Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix issue #226 for API calls Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Resolve issue #215 - update message when submitting license requests Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Resolve issue #211 - display close matches as yellow Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add secret.py back - it no longer contains secrets Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix issue #235 GitHub oauth redirect URI mismatch Signed-off-by: Gary O'Neall (Production) <gary@sourceauditor.com> * Update the version of social-auth-app-django Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix archive authorization - resolves issue #237 Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add authorised check in post request * Change authorization check for archive license to use the license-list-xml repo Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Implement the Verify function with the new Java library Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update compare function to use the new SPDX tools Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update Compare View test cases * Change convert to use the new Java library Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update unit tests for new Java tools version Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Remove debugging console.log statement Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update API code for the new Java library version Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix unit test failure for compare license text Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add data-ext tags to html options and show file extensions accordingly * Add setting to_format value when from_fromat is changing * Fix issues identified in review Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add docker instructions to the README file Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update instructions Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update form for new license submittal fields Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update the SPDX Java tools to address issue #242 Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Complete implementation of project example URLs Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Clean up field names and clear out exampleUrl fields on error Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Make the example URLs required and change URL's to URLs Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Allow multiple examples and source URL's. Resolves issue #249 Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Bump production version Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add instructions for updating the production database Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix failures when submitting issues outside of license request (#250) Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Change the migration commands to use docker exec rather than the shell Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Resolve issue #252 - add text to top of license submittal page Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Remove backup files of 2to3 conversion * Change failobj to default * Fix is_authenticated * Fix issue #255 - use the correct values for SPDX file formats for validate Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add major contributor names on about page (#257) * Limit allowed hosts for production. Resolves issue #224 Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add allowed host for the legacy server IP address Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Bump version Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix issue where DEBUG is not property set Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix None attribute error when the issues list is not formatted correctly Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update nginx config to no longer redirect to the legacy website Signed-off-by: Ubuntu <ubuntu@ip-172-31-6-122.us-west-2.compute.internal> * Fix issue #261 - static files were showing 404 errors on production website Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Remove unnecessary JavaScript editor inclusion Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Resolve encoding exception issue 267 Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Remove remaining decode calls for licenseText Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Bump production version Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Bump production version Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Put back the correct version which was overwritten in a merge Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix configuration issue for Certbot and lets-encrypt to work Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Documentation updates for Python3 implementations Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Uprage spdx-license-matcher version to 2.0 * Remove str.decode for license text (#271) Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update jypye version * Fix bug where DEBUG is not properly interpreted when using system variables Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Bump lxml from 4.2.5 to 4.6.2 Bumps [lxml](https://github.com/lxml/lxml) from 4.2.5 to 4.6.2. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.2.5...lxml-4.6.2) Signed-off-by: dependabot[bot] <support@github.com> * Fix malformed xml which converting bytes to str in py3 (#273) * Add decode for bytes to string * Add decode for bytes to string * Add unicode encoding and check if instance of str * Resolve issue #275 - use unicode for xmltree encoding Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add encoding to opens in views.py - resolves issue #274 Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix more open calls * Update encode decode func calls Co-authored-by: Rohit Lodha <rohit.lodha@rubrik.com> Co-authored-by: Gary O'Neall <gary@sourceauditor.com> * Update Java tools to version 0.0.6 Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Resolve issue when beautify is called on some license XML files Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update examples for unit tests Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update Jar file version and production version Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update production version number Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Specific social-auth-core version - resolves issue #284 Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Update versions Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Change version of social-auth-core to a python 2.7 compatible version Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Add back in imports which were deleted from an incorrect merge Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Increase the timeout from 60 seconds to 240 seconds Signed-off-by: Gary O'Neall <gary@sourceauditor.com> * Fix #241: Added automatic filename in convert (#291) * Added automatic filename in convert Signed-off-by: Hardik Katehara <hardikkatehara@gmail.com> * Update spdx-license-matcher to 2.1 version * Bump lxml from 4.6.2 to 4.6.3 Bumps [lxml](https://github.com/lxml/lxml) from 4.6.2 to 4.6.3. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.6.2...lxml-4.6.3) Signed-off-by: dependabot[bot] <support@github.com> * Remove depreciated GoogleOpenId and YahooOpenId (#305) * Remove depreciated GoogleOpenId and YahooOpenId * Remove additonal oauth backends, Google,Twitter and OpenID Co-authored-by: Gary O'Neall <gary@sourceauditor.com> Co-authored-by: Ugtan <umang.taneja0173@gmail.com> Co-authored-by: anshuldutt21 <anshuldutt21@gmail.com> Co-authored-by: Anshul Dutt Sharma <45336622+anshuldutt21@users.noreply.github.com> Co-authored-by: Yash Varshney <b18038@students.iitmandi.ac.in> Co-authored-by: K mehant <411843@student.nitandhra.ac.in> Co-authored-by: shubhamgupta2956 <shubham.gupta2956@gmail.com> Co-authored-by: Rohit Lodha <rlodha@qubole.com> Co-authored-by: Ubuntu <ubuntu@ip-172-31-6-122.us-west-2.compute.internal> Co-authored-by: Tushar Mittal <chiragmittal.mittal@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Hardik Katehara <54679643+hardikkat24@users.noreply.github.com> Co-authored-by: Nishant Choudhary <nishantmailbox2011@gmail.com>
The archive license requests is only allowed for authorized users.
Since the logins are now done by Github, creating a superuser for this function won't work.
How do we enable an existing user to be authorized for these functions?
The text was updated successfully, but these errors were encountered: