Activity for Apache Allura™

  • Dave Brondsema Dave Brondsema committed [7e3774]

    Prevent private projects by disallowing access to 'permissions' page

  • Dave Brondsema Dave Brondsema updated merge request #354

    Prevent Private Projects by removing legacy /admin/permissions/

  • Dillon Walls Dillon Walls created merge request #354

    Prevent Private Projects by removing legacy /admin/permissions/

  • Dillon Walls Dillon Walls committed [0f73d4]

    Prevent private projects by disallowing access to 'permissions' page

  • Dave Brondsema Dave Brondsema committed [a2785c]

    Bump gunicorn version

  • Dave Brondsema Dave Brondsema committed [71eec3]

    Update req-dev.txt to match versions from req.txt

  • Kenton Taylor Kenton Taylor committed [d7ca5d]

    Small tweaks to controls around user messaging

  • Kenton Taylor Kenton Taylor updated merge request #353

    Small tweaks to controls around user messaging

  • Dave Brondsema Dave Brondsema committed [813155]

    Change test image url, since via.placeholder.com https cert is expired

  • Ingo Ingo posted a comment on ticket #8385

    I played around a bit with it. And to overcome the performance issue, I now delayed the display of the result. Might sound insane, but to me this doesn't feel wrong. Because the tooltip just displays recommendations, and no exact match. https://forge-allura.apache.org/u/labi/allura/ And I only start searching globally, if nothing was found in the project user list.

  • Dave Brondsema Dave Brondsema created merge request #353

    Small tweaks to controls around user messaging

  • Ingo Ingo posted a comment on ticket #8385

    Correct, this works. But it is so unintuitive, that people aren't doing it. [#8293] would also be great. Another cracy idea... Why not doing a search in the following order: search in the project if we found nothing: search in the thread if we still found nothing: search in all users

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8385

    Yea performance would have to be a consideration for autocompleting all usernames. We do have [#8293] with the idea of suggesting other people who have participated on the thread already. Additionally its worth noting that you can type @anyone and even if it doesn't autocomplete I believe it'll still notify them and be a link when saved.

  • Dave Brondsema Dave Brondsema created ticket #8386

    review licenses of python dependencies

  • Ingo Ingo created ticket #8385

    Mention: Search for all users, who can view the artifact

  • Dave Brondsema Dave Brondsema committed [45902b]

    Allow newer versions of Pygments to be used

  • Dave Brondsema Dave Brondsema committed [4b35f0]

    [#7712] fix bulk edit after ticket filter (collaborated with Vrinda A)

  • Dave Brondsema Dave Brondsema modified ticket #7712

    Bulk edit with filter on gives 500

  • Dave Brondsema Dave Brondsema posted a comment on ticket #7712

    Fixed after collaboration with you 😄

  • Vrinda A Vrinda A posted a comment on ticket #7712

    I have also encountered the 500 Error after applying a filter and clicking on 'Bulk Edit' or 'Bulk Move'. The error on the server terminal is 'unicode' object has no attribute 'iteritems' in allura/lib/serach.py

  • Dave Brondsema Dave Brondsema committed [cc183b]

    added new app.sitemap_xml() that is used when generating sitemap.xml

  • Dave Brondsema Dave Brondsema committed [8fbeb7]

    wiki pages with noindex are omitted from sitemap.xml

  • Dillon Walls Dillon Walls committed [f27833]

    wiki pages with noindex are omitted from sitemap.xml

  • Dillon Walls Dillon Walls committed [1c7553]

    added new app.sitemap_xml() that is used when generating sitemap.xml

  • Dave Brondsema Dave Brondsema committed [c69045]

    Avoid error on incorrect url

  • Dave Brondsema Dave Brondsema committed [3ebd41]

    py3: Fix icon handling when error (like SVG uploaded)

  • Ingo Ingo updated merge request #332

    Make memorable.js usable on mobile browsers

  • Dave Brondsema Dave Brondsema committed [0abbda]

    py3 fix for kwargs on admin task view

  • Kenton Taylor Kenton Taylor updated merge request #352

    a py3 fix and some other misc fixes

  • Dave Brondsema Dave Brondsema created merge request #352

    a py3 fix and some other misc fixes

  • Dave Brondsema Dave Brondsema committed [0ce187]

    added noindex tag to profiles with no activity and no projects

  • Dave Brondsema Dave Brondsema updated merge request #351

    Added noindex tag to profiles with no activity and no projects

  • Dave Brondsema Dave Brondsema posted a comment on merge request #351

    Thanks for the contribution!

  • Dave Brondsema Dave Brondsema committed [6b9f07]

    Put a general network socket timeout around RSS feed fetching (default otherwise is no timeout)

  • guillermo.cruz guillermo.cruz created merge request #351

    Added noindex tag to profiles with no activity and no projects

  • Dave Brondsema Dave Brondsema committed [f6ee5f]

    Handle better invalid URLs like /_list/ with no path after

  • Dave Brondsema Dave Brondsema modified ticket #8166

    No activity

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8166

    The activitystream library prevents concurrent updates, but if an update failed then the flag was never reset, and activity updates would never run for that node again. Fixed with mongo cmd: db.nodes.update({is_aggregating:true}, {$set: {is_aggregating:false}}, {multi:true})

  • Dave Brondsema Dave Brondsema committed [f239d3]

    Remove very-old unused commit hooks (which use py2 syntax also)

  • Dillon Walls Dillon Walls committed [07ec7f]

    Switch web debugger from Backlash (fork of werkzeug) to current werkzeug

  • Dillon Walls Dillon Walls committed [e3fe8c]

    shorter tracebacks on error debug pages

  • Catherine Catherine modified a wiki page

    Feature Comparison

  • Dave Brondsema Dave Brondsema posted a comment on merge request #350

    Sorry for the big delay in reviewing this. Here's my feedback below. What do you think? Are you still interested/able in making some more updates to this? I can help some (especially python 3) but maybe you could make another set of updates first to do what you can with this feedback? Thanks for beginning this contribution. It's a big chunk of code, and a useful feature for sure. nice work adding the license header to the new files. that is important. However, can you make it the very top of the...

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8352

    My suggestions were based just on reading the documentation, I haven't actually tried anything. So I'm not too surprised that they didn't work out. I guess 2 URLs is the simplest way to make it work with mod_wsgi. I think simple is better than trying to deal with a proxy. Another idea though is what if we just kept using mod_python? If it is already working nicely, is it really beneficial to switch to mod_wsgi? I thought it would be good to switch, because mod_python is not popular any more and wsgi...

  • Dave Brondsema Dave Brondsema committed [8c1479]

    SF-5746 use project icon file hash for cache busting

  • Kenton Taylor Kenton Taylor committed [57ae2c]

    SF-5746 use project icon file hash for cache busting

  • Kenton Taylor Kenton Taylor committed [0969d4]

    fixup! SF-5746 use project icon file hash for cache busting

  • Ingo Ingo posted a comment on ticket #8352

    Hey Dave, either I didn't understand your proposed approach, or it doesn't work. WSGIAuthGroupScript has the same problem as WSGIAuthUserScript, it forces the user initially to login, because it relies on credentials. So when I configure one of those two methods, I am always initially prompted for a password. And I guess this is what we want to avoid. 😉 I played around with the other Apache configurations, as I am not that confident with it, yet. And one solution which worked with two URLs, but without...

  • Kenton Taylor Kenton Taylor modified ticket #8377

    jenkins tests running in py3

  • Dave Brondsema Dave Brondsema committed [b03365]

    Upgrade pygments package from 2.4.2 -> 2.5.2

  • Dave Brondsema Dave Brondsema committed [91238b]

    Upgrade cryptography

  • Dave Brondsema Dave Brondsema committed [386a1b]

    Switch web debugger from Backlash (fork of werkzeug) to current werkzeug

  • Dave Brondsema Dave Brondsema committed [a5c5ad]

    shorter tracebacks on error debug pages

  • Kenton Taylor Kenton Taylor committed [6bc978]

    SF-5746 use project icon file hash for cache busting

  • Kenton Taylor Kenton Taylor committed [a30d4b]

    Upgrade pygments package from 2.4.2 -> 2.5.2

  • Dave Brondsema Dave Brondsema committed [a0e8c1]

    Update httplib2

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8352

    Have you tried WSGIAuthGroupScript yet? That seems to provide a way to list "groups" and then a "group" can be checked with a Require directive which is a normal httpd directive. And it seems both 401 and 403 statuses are options then. https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#authzsendforbiddenonfailure As for other ideas, the two URL solution obviously would work and be simple, but I feel like it is not very user-friendly and elegant. But maybe an option if the other choices are...

  • Dave Brondsema Dave Brondsema committed [fad830]

    Upgrade jinja2

  • Ingo Ingo modified a comment on ticket #8352

    @brondsem Do you have any directions? The only solution, which I came up with, is the "two URL solution". For example: "/svn/..." and "/git/..." are using allow_access() to check if the repo has anonymous access allowed If it has no access allowed, it will forbid the access "/svn/restricted/..." and "/git/restricted/..." are using check_password() to check the user login Now we can have two scenarios: easiest: we configure two access URLs for the tools. One with login, one for anonymous more complex:...

  • Ingo Ingo posted a comment on ticket #8352

    @brondsem Do you have any directions? The only solution, which I came up with, is the "two URL solution". For example: "/svn/..." and "/git/..." are using allow_access() to check if the repo has anonymous access allowed If it has no access allowed, it will forbid the access * "/svn/restricted/..." and "/git/restricted/..." are using check_password() to check the user login Now we can have two scenarios: easiest: we configure two access URLs for the tools. One with login, one for anonymous more complex:...

  • Dave Brondsema Dave Brondsema committed [dc429b]

    Update bleach package

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8377

    https://ci-builds.apache.org/job/Allura/job/Allura-py3/ using python 3.6.9. Newer versions would be nice, but that's what's available on the ubuntu machies for Apache's jenkins setup

  • Dave Brondsema Dave Brondsema modified ticket #8377

    jenkins tests running in py3

  • Dillon Walls Dillon Walls posted a comment on ticket #8384

    Looks good!

  • Dillon Walls Dillon Walls modified ticket #8384

    Enforce login throughout phone verification process

  • Dillon Walls Dillon Walls committed [61821b]

    [#8384] enforce auth during phone verification

  • Dave Brondsema Dave Brondsema committed [25b96a]

    [#8384] enforce auth during phone verification

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8384

    db/8384

  • Dave Brondsema Dave Brondsema created ticket #8384

    Enforce login throughout phone verification process

  • Dillon Walls Dillon Walls committed [ed4480]

    py3: ensure unicode before all markup handling paths here

  • Dillon Walls Dillon Walls committed [890589]

    py3: encoding fixes in some less common commands

  • Dillon Walls Dillon Walls committed [81d350]

    py3: icon param is bytes when empty

  • Ingo Ingo posted a comment on ticket #8352

    Yes, exactly those functions. "allow_acces" can only return OK or Forbidden. Unauthorized is not possible with WSGI, as far as I saw from the mod_wsgi source. I have no idea what the best solution will be. Maybe we should live with different URLs for anonymous and for authorized access? Because this would work with WSGI. Or should we use a reverse proxy, which is doing the authentication and permission checks!? Any more ideas? ;)

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8352

    Hmm, I forgot this integrated so closely with apache, that it won't be a regular WSGI app. The auth functions you reference are these, right? https://modwsgi.readthedocs.io/en/develop/user-guides/access-control-mechanisms.html#apache-authentication-provider I haven't dealt with those before. What happens when you return true/false from allow_access? It seems like that woud be similar to returning unauthorized or not.

  • Dillon Walls Dillon Walls committed [d16d93]

    [#8382] avoid a py3 ming error (on py2 I think flush silently misses the task until the next request flushes)

  • Dillon Walls Dillon Walls committed [f1322d]

    [#8382] encoding fixes in import_api used by trac wiki importer

  • Dillon Walls Dillon Walls committed [14a622]

    [#8382] simpler version of smart_str, handles already encoded/binary better too

  • Dillon Walls Dillon Walls committed [81d9f0]

    [#8382] py3: avoid error if global 'c' isn't set yet

  • Ingo Ingo posted a comment on ticket #8352

    I played around with it more. The good thing: Looking at it in detail, I found, that the structure of the existing handler is not the worst, when we want to stay with the interface between the apache instance, and the allura instance itself. So I would not change this fundamentally at the moment. The bad thing: I didn't find a way to allow this optional anonymous access, how we do it with mod_python, for WSGI. Background: With mod_python we are able to return HTTP error codes. So we can "simply"...

  • Dave Brondsema Dave Brondsema committed [00ba2e]

    py3: icon param is bytes when empty

  • Dave Brondsema Dave Brondsema committed [07f998]

    py3: ensure unicode before all markup handling paths here

  • Dave Brondsema Dave Brondsema committed [0f1793]

    py3: encoding fixes in some less common commands

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8382

    Those are intentional yes :)

  • Dillon Walls Dillon Walls modified ticket #8382

    py3: forgepastebin, tracwikiimporter

  • Dillon Walls Dillon Walls posted a comment on ticket #8382

    in trac importer, were these two page['text']/page['labels'] lines intended to be removed? tracwikiimporter/scripts/wiki_from_trac/loaders.py, diff --git tracwikiimporter/scripts/wiki_from_trac/loaders.py tracwikiimporter/scripts/wiki_from_trac/loaders.py index e9ab881..c877f45 100644 --- tracwikiimporter/scripts/wiki_from_trac/loaders.py +++ tracwikiimporter/scripts/wiki_from_trac/loaders.py @@ -69,11 +74,9 @@ def import_wiki(cli, project, tool, options, doc_txt): else: pages = doc if options.verbose:...

  • Dave Brondsema Dave Brondsema committed [3bedd3]

    Youtube oembed test: be ok with different but similar outcomes

  • Dave Brondsema Dave Brondsema committed [b7e0a0]

    Handle more status codes from youtube oembed

  • Dave Brondsema Dave Brondsema committed [c2e115]

    Update to latest cryptography

  • Dave Brondsema Dave Brondsema committed [0cb2f2]

    A bit more logging before phone validation

  • Dave Brondsema Dave Brondsema committed [7c1a67]

    travis: fix pip cmd; enable py3 testing

  • Dave Brondsema Dave Brondsema committed [72dcc7]

    remove old Makefile

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8382

    forgepastebin,tracwikiimporter,allura:db/8382 Need to do releases and version bumps. I found http://www.cansas.org/trac/wiki as a small real trac instance you can test importing from.

  • Dave Brondsema Dave Brondsema modified ticket #8382

    py3: forgepastebin, tracwikiimporter

  • Dave Brondsema Dave Brondsema committed [abde7b]

    [#8382] avoid a py3 ming error (on py2 I think flush silently misses the task until the next request flushes)

  • Dave Brondsema Dave Brondsema committed [602d13]

    [#8382] simpler version of smart_str, handles already encoded/binary better too

  • Dave Brondsema Dave Brondsema committed [309553]

    [#8382] encoding fixes in import_api used by trac wiki importer

  • Dave Brondsema Dave Brondsema committed [88b269]

    [#8382] py3: avoid error if global 'c' isn't set yet

  • Dave Brondsema Dave Brondsema posted a comment on ticket #8352

    Hi Ingo, The ApacheAccessHandler.py file has always been a bit rough in my opinion, so improving it and adding features would be great. I have not done anything yet to convert it to mod_wsgi (or python 3), so definitely your contributions would be welcome. SAML support sounds nice. I don't think we have any ticket about that, but it could probably be a nice config option that can help somebody else in the future too. Flattened SVN directory support would for sure be good. [#7940] is a related ticket....

1 >