From 7f5925f9e4a6603a0dcd166a26d25e6331f5ed27 Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Tue, 24 Oct 2017 09:28:16 +0200 Subject: [PATCH 01/13] Run `flask import_data` interactively --- ansible/roles/xl_auth/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/xl_auth/tasks/main.yml b/ansible/roles/xl_auth/tasks/main.yml index 7c007db5..1d6d30ef 100644 --- a/ansible/roles/xl_auth/tasks/main.yml +++ b/ansible/roles/xl_auth/tasks/main.yml @@ -71,7 +71,7 @@ image: "{{ xl_auth_docker }}" interactive: yes tty: yes - auto_remove: yes + detach: no command: import_data --verbose --admin-email libris@kb.se links: - postgres From ec61a91b47e2ce516a60aa3d033060aed3109f6e Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Tue, 24 Oct 2017 12:16:59 +0200 Subject: [PATCH 02/13] Add new Nginx Ansible role (with default upstream set to port 5000) --- ansible/deployment.yml | 1 + ansible/roles/nginx/defaults/main.yml | 5 +++++ ansible/roles/nginx/meta/main.yml | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+) create mode 100644 ansible/roles/nginx/defaults/main.yml create mode 100644 ansible/roles/nginx/meta/main.yml diff --git a/ansible/deployment.yml b/ansible/deployment.yml index 0fabee9c..50098589 100644 --- a/ansible/deployment.yml +++ b/ansible/deployment.yml @@ -6,6 +6,7 @@ roles: - common - docker + - nginx - xl_auth ... diff --git a/ansible/roles/nginx/defaults/main.yml b/ansible/roles/nginx/defaults/main.yml new file mode 100644 index 00000000..c6df9aa0 --- /dev/null +++ b/ansible/roles/nginx/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +upstream_port: "5000" + +... diff --git a/ansible/roles/nginx/meta/main.yml b/ansible/roles/nginx/meta/main.yml new file mode 100644 index 00000000..1c95fd20 --- /dev/null +++ b/ansible/roles/nginx/meta/main.yml @@ -0,0 +1,18 @@ +galaxy_info: + author: Mats Blomdahl + description: Provision of Nginx reverse proxy + company: National Library of Sweden + + license: Apache-2.0 + + min_ansible_version: 2.4 + + platforms: + - name: EL + versions: + - 7 + + galaxy_tags: + - nginx + +dependencies: [] From f488367168585b933c6de7b2ce534c3847d77a88 Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Tue, 24 Oct 2017 15:11:54 +0200 Subject: [PATCH 03/13] #39 Add Nginx configs for HTTP/HTTPS --- ansible/roles/nginx/templates/http.conf.j2 | 20 +++++++++++++ ansible/roles/nginx/templates/ssl.conf.j2 | 34 ++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 ansible/roles/nginx/templates/http.conf.j2 create mode 100644 ansible/roles/nginx/templates/ssl.conf.j2 diff --git a/ansible/roles/nginx/templates/http.conf.j2 b/ansible/roles/nginx/templates/http.conf.j2 new file mode 100644 index 00000000..79062e02 --- /dev/null +++ b/ansible/roles/nginx/templates/http.conf.j2 @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- + +server { + listen 80 default_server; + server_name _; + server_tokens off; + charset utf-8; + gzip on; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location / { + proxy_pass http://127.0.0.1:{{ upstream_port }}; + } + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; +} diff --git a/ansible/roles/nginx/templates/ssl.conf.j2 b/ansible/roles/nginx/templates/ssl.conf.j2 new file mode 100644 index 00000000..9804a21a --- /dev/null +++ b/ansible/roles/nginx/templates/ssl.conf.j2 @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- + +server { + listen 80; + server_name _; + server_tokens off; + + location / { + return 301 https://{{ inventory_hostname }}$request_uri; + } +} + +server { + listen 443 default_server; + server_name {{ inventory_hostname }}; + server_tokens off; + charset utf-8; + gzip on; + + ssl on; + ssl_certificate /etc/pki/tls/certs/{{ inventory_hostname }}.pem; + ssl_certificate_key /etc/pki/tls/private/{{ inventory_hostname }}.key; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location / { + proxy_pass http://127.0.0.1:{{ upstream_port }}; + } + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; +} From 5b97bd74fbee6b647362331f0028ad6d9a8396a6 Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Tue, 24 Oct 2017 15:14:17 +0200 Subject: [PATCH 04/13] #39 Add tasks to Nginx role for installing/configuring the proxy --- ansible/roles/nginx/handlers/main.yml | 7 +++ ansible/roles/nginx/tasks/firewall-update.yml | 9 ++++ ansible/roles/nginx/tasks/main.yml | 47 +++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 ansible/roles/nginx/handlers/main.yml create mode 100644 ansible/roles/nginx/tasks/firewall-update.yml create mode 100644 ansible/roles/nginx/tasks/main.yml diff --git a/ansible/roles/nginx/handlers/main.yml b/ansible/roles/nginx/handlers/main.yml new file mode 100644 index 00000000..444178eb --- /dev/null +++ b/ansible/roles/nginx/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: restart nginx + service: name=nginx state=restarted + check_mode: no + +... diff --git a/ansible/roles/nginx/tasks/firewall-update.yml b/ansible/roles/nginx/tasks/firewall-update.yml new file mode 100644 index 00000000..bf68d2f7 --- /dev/null +++ b/ansible/roles/nginx/tasks/firewall-update.yml @@ -0,0 +1,9 @@ +--- + +- name: allow incoming http traffic (firewalld) + firewalld: service=http permanent=True state=enabled immediate=yes + +- name: allow incoming https traffic (firewalld) + firewalld: service=https permanent=True state=enabled immediate=yes + +... diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml new file mode 100644 index 00000000..271c5fe7 --- /dev/null +++ b/ansible/roles/nginx/tasks/main.yml @@ -0,0 +1,47 @@ +--- + +- name: set nginx_ssl_enabled fact + set_fact: + nginx_ssl_enabled: "{{ '.kb.se' in inventory_hostname }}" + tags: nginx + +- name: nginx repo + yum_repository: + name: nginx + description: nginx repo + baseurl: http://nginx.org/packages/centos/$releasever/$basearch/ + gpgkey: http://nginx.org/keys/nginx_signing.key + tags: nginx + +- name: install nginx + yum: name=nginx state=present + tags: nginx + +- name: default nginx conf removed + file: path=/etc/nginx/conf.d/default.conf state=absent + tags: nginx + +- name: template nginx proxy.conf + template: + src: "{{ 'ssl.conf.j2' if nginx_ssl_enabled else 'http.conf.j2' }}" + dest: "/etc/nginx/conf.d/proxy.conf" + validate: "/usr/sbin/nginx -T -g '#%s'" + notify: restart nginx + tags: nginx + +- name: update firewall + import_tasks: firewall-update.yml + tags: nginx, firewall + +- name: selinux must allow nginx proxying + seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + tags: nginx, selinux + +- name: nginx running and enabled + service: name=nginx state=started enabled=yes + tags: nginx + +... From 3716ba4c6892b7448b1826e64e258bd0099ad821 Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Tue, 24 Oct 2017 15:15:18 +0200 Subject: [PATCH 05/13] #39 Update xl_auth role to run Docker at port 5000 (leaving 80/443 for Nginx) --- ansible/roles/xl_auth/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/xl_auth/tasks/main.yml b/ansible/roles/xl_auth/tasks/main.yml index 1d6d30ef..0b786bd7 100644 --- a/ansible/roles/xl_auth/tasks/main.yml +++ b/ansible/roles/xl_auth/tasks/main.yml @@ -26,7 +26,7 @@ links: - postgres ports: - - 80:5000 + - 5000:5000 env: FLASK_DEBUG: 0 SQLALCHEMY_DATABASE_URI: postgresql://xl_auth:xl_auth@postgres/prod From fbc8e948ad522218b5128f9d5477791786a88cb7 Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Tue, 24 Oct 2017 15:15:50 +0200 Subject: [PATCH 06/13] Patch version bump to 0.4.4 --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 17141a5b..098de9c5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "xl_auth", - "version": "0.4.3", + "version": "0.4.4", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 9f073b0d..3a44a511 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "xl_auth", - "version": "0.4.3", + "version": "0.4.4", "author": "National Library of Sweden", "license": "Apache-2.0", "description": "OAuth2 authorization for LibrisXL, replacing BibDB counterpart", From 7219d71d0db46adf2843252e9fb94c233a521176 Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Wed, 25 Oct 2017 12:58:24 +0200 Subject: [PATCH 07/13] Update `flask import_data` command to apply manual adjustments and (optionally) wipe outdated permissions --- xl_auth/commands.py | 100 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 97 insertions(+), 3 deletions(-) diff --git a/xl_auth/commands.py b/xl_auth/commands.py index 91b957d1..f592ceb7 100644 --- a/xl_auth/commands.py +++ b/xl_auth/commands.py @@ -186,10 +186,11 @@ def urls(url, order): @click.command() +@click.option('-v', '--verbose', default=False, is_flag=True, help='Increase verbosity') @click.option('--admin-email', required=True, default=None, help='Email for admin') -@click.option('-v', '--verbose', default=False, is_flag=True, help='Increase verbosity.') +@click.option('--wipe-permissions', default=False, is_flag=True, help='Wipe outdated permissions') @with_appcontext -def import_data(admin_email, verbose): +def import_data(verbose, admin_email, wipe_permissions): """Read data from Voyager dump and BibDB API to create DB entities. Creates: @@ -388,6 +389,32 @@ def _generate_xl_auth_cataloging_admins_and_collections(bibdb_cataloging_admin_t 'cataloging_admins': xl_auth_cataloging_admins } + def _get_manually_added_permissions(): + emails_and_collection_codes = requests.get( + 'https://docs.google.com/spreadsheets/d/e/2PACX-1vT2TjS_L9_J5LJztfKWo0UxQD-RCZo3bheFIH' + 'Ouz2Gu-aGcd7IrlDzHDmQ2yL726z0BnSc47vasL0l3/pub?gid=0&single=true&output=tsv' + ).content.decode('utf-8').splitlines() + + manual_additions = [] + for add_row in emails_and_collection_codes[1:]: + add_email, add_code, _ = add_row.split('\t') + manual_additions.append((add_email.strip(), add_code.strip())) + + return manual_additions + + def _get_manually_deleted_permissions(): + emails_and_collection_codes = requests.get( + 'https://docs.google.com/spreadsheets/d/e/2PACX-1vT2TjS_L9_J5LJztfKWo0UxQD-RCZo3bheFIH' + 'Ouz2Gu-aGcd7IrlDzHDmQ2yL726z0BnSc47vasL0l3/pub?gid=518641812&single=true&output=tsv' + ).content.decode('utf-8').splitlines() + + manual_deletions = [] + for del_row in emails_and_collection_codes[1:]: + del_email, del_code, _ = del_row.split('\t') + manual_deletions.append((del_email.strip(), del_code.strip())) + + return manual_deletions + # Get admin user admin = User.query.filter_by(email=admin_email).first() @@ -445,6 +472,9 @@ def _generate_xl_auth_cataloging_admins_and_collections(bibdb_cataloging_admin_t user = User.create(email=email, full_name=full_name, active=False) user.save() + old_permissions = Permission.query.all() + current_permissions, new_permissions, removed_permissions = [], [], [] + # Store permissions. for email, collections in xl_auth['cataloging_admins'].items(): user = User.query.filter_by(email=email).first() @@ -458,7 +488,71 @@ def _generate_xl_auth_cataloging_admins_and_collections(bibdb_cataloging_admin_t continue permission = Permission.query.filter_by(user_id=user.id, collection_id=collection.id).first() - if not permission: + if permission: + current_permissions.append(permission) + else: permission = Permission.create(user=user, collection=collection, registrant=True, cataloger=True, cataloging_admin=True) permission.save() + new_permissions.append(permission) + + # Apply manual additions. + for email, code in _get_manually_added_permissions(): + user = User.query.filter(User.email.ilike(email)).first() + if not user: + print('Cannot add permission manually; user %r does not exist' % email) + continue + + collection = Collection.query.filter_by(code=code).first() + if not collection: + print('Cannot add permission manually, collection %r does not exist' % code) + continue + + permission = Permission.query.filter_by(user_id=user.id, + collection_id=collection.id).first() + if permission: + current_permissions.append(permission) + if verbose: + print('Manual permission for %r on %r already exists.' % (email, code)) + else: + permission = Permission.create(user=user, collection=collection, registrant=True, + cataloger=True, cataloging_admin=True) + permission.save() + new_permissions.append(permission) + if verbose: + print('Manually added permissions for %r on %r.' % (email, code)) + + # Apply manual deletions. + for email, code in _get_manually_deleted_permissions(): + user = User.query.filter(User.email.ilike(email)).first() + if not user: + print('Cannot delete permission manually; user %r does not exist' % email) + continue + + collection = Collection.query.filter_by(code=code).first() + if not collection: + print('Cannot delete permission manually, collection %r does not exist' % code) + continue + + permission = Permission.query.filter_by(user_id=user.id, + collection_id=collection.id).first() + if permission: + permission.delete() + removed_permissions.append(permission) + if verbose: + print('Manually deleted permissions for %r on %r.' % (email, code)) + else: + current_permissions.append(permission) + if verbose: + print('Cannot manually deleted permissions for %r on %r; does not exist.' + % (email, code)) + + # Optionally wipe stray permissions. + for permission in old_permissions: + if permission in current_permissions and permission not in removed_permissions: + continue + else: + print('Permission for %r on %r not found during import (deleting=%s).' + % (permission.user.email, permission.collection.code, wipe_permissions)) + if wipe_permissions: + permission.delete() From 318aa0d4f20300cdd20db455cd893869098422fb Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Wed, 25 Oct 2017 13:00:35 +0200 Subject: [PATCH 08/13] Only render cataloging admin permissions on `/users/profile/` (unless user is a super-admin) --- xl_auth/templates/users/profile.html | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/xl_auth/templates/users/profile.html b/xl_auth/templates/users/profile.html index df760ef0..d675b90d 100644 --- a/xl_auth/templates/users/profile.html +++ b/xl_auth/templates/users/profile.html @@ -41,8 +41,10 @@

{{ _('Permissions (Active Collections Only)') }}

{{ _('Code') }} {{ _('Friendly Name') }} - {{ _('Registrant') }} - {{ _('Cataloger') }} + {% if user.is_admin %} + {{ _('Registrant') }} + {{ _('Cataloger') }} + {% endif %} {{ _('Cataloguing Administrator') }} @@ -51,12 +53,14 @@

{{ _('Permissions (Active Collections Only)') }}

{{ permission.collection.code }} {{ permission.collection.friendly_name }} - - {{ _('Yes') if permission.registrant else _('No') }} - - - {{ _('Yes') if permission.cataloger else _('No') }} - + {% if user.is_admin %} + + {{ _('Yes') if permission.registrant else _('No') }} + + + {{ _('Yes') if permission.cataloger else _('No') }} + + {% endif %} {{ _('Yes') if permission.cataloging_admin else _('No') }} From 8f5043327c1f7e9362fb0baf08133ce2fad188c7 Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Wed, 25 Oct 2017 13:20:14 +0200 Subject: [PATCH 09/13] Update translations, `Kod -> Sigel` --- messages.pot | 20 +++++++++---------- .../translations/sv/LC_MESSAGES/messages.po | 20 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/messages.pot b/messages.pot index a4782713..51caee44 100644 --- a/messages.pot +++ b/messages.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: xl_auth 0.4.3\n" +"Project-Id-Version: xl_auth 0.4.4\n" "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2017-10-24 06:53+0200\n" +"POT-Creation-Date: 2017-10-25 13:18+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -115,16 +115,16 @@ msgstr "" #: tests/end2end/test_editing_user.py:45 xl_auth/templates/permissions/home.html:30 #: xl_auth/templates/permissions/home.html:31 xl_auth/templates/permissions/home.html:32 #: xl_auth/templates/users/home.html:33 xl_auth/templates/users/home.html:76 -#: xl_auth/templates/users/profile.html:55 xl_auth/templates/users/profile.html:58 -#: xl_auth/templates/users/profile.html:61 +#: xl_auth/templates/users/profile.html:58 xl_auth/templates/users/profile.html:61 +#: xl_auth/templates/users/profile.html:65 msgid "Yes" msgstr "" #: tests/end2end/test_editing_user.py:45 xl_auth/templates/permissions/home.html:30 #: xl_auth/templates/permissions/home.html:31 xl_auth/templates/permissions/home.html:32 #: xl_auth/templates/users/home.html:33 xl_auth/templates/users/home.html:76 -#: xl_auth/templates/users/profile.html:55 xl_auth/templates/users/profile.html:58 -#: xl_auth/templates/users/profile.html:61 +#: xl_auth/templates/users/profile.html:58 xl_auth/templates/users/profile.html:61 +#: xl_auth/templates/users/profile.html:65 msgid "No" msgstr "" @@ -295,17 +295,17 @@ msgid "Collection" msgstr "" #: xl_auth/permission/forms.py:22 xl_auth/templates/permissions/home.html:18 -#: xl_auth/templates/users/profile.html:44 +#: xl_auth/templates/users/profile.html:45 msgid "Registrant" msgstr "" #: xl_auth/permission/forms.py:23 xl_auth/templates/permissions/home.html:19 -#: xl_auth/templates/users/profile.html:45 +#: xl_auth/templates/users/profile.html:46 msgid "Cataloger" msgstr "" #: xl_auth/permission/forms.py:24 xl_auth/templates/permissions/home.html:20 -#: xl_auth/templates/users/profile.html:46 +#: xl_auth/templates/users/profile.html:48 msgid "Cataloguing Administrator" msgstr "" @@ -534,7 +534,7 @@ msgstr "" #: xl_auth/templates/users/profile.html:35 msgid "" -"Note: Cataloguing Admin is a new privilege that, in the tear future, will allow you to " +"Note: Cataloguing Admin is a new privilege that, in the near future, will allow you to " "create new user accounts and grant registrant/cataloger privileges to others. " msgstr "" diff --git a/xl_auth/translations/sv/LC_MESSAGES/messages.po b/xl_auth/translations/sv/LC_MESSAGES/messages.po index 8588b2e9..6c624e1d 100644 --- a/xl_auth/translations/sv/LC_MESSAGES/messages.po +++ b/xl_auth/translations/sv/LC_MESSAGES/messages.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: 0.2.1\n" "Report-Msgid-Bugs-To: mats.blomdahl@gmail.com\n" -"POT-Creation-Date: 2017-10-24 08:23+0200\n" +"POT-Creation-Date: 2017-10-25 13:18+0200\n" "PO-Revision-Date: 2017-09-19 12:23+0200\n" "Last-Translator: Mats Blomdahl \n" "Language: sv\n" @@ -57,7 +57,7 @@ msgstr "Kategori saknas" #: xl_auth/collection/forms.py:17 xl_auth/templates/collections/home.html:21 #: xl_auth/templates/collections/home.html:65 xl_auth/templates/users/profile.html:42 msgid "Code" -msgstr "Kod" +msgstr "Sigel" #: tests/end2end/test_editing_collection.py:80 tests/forms/test_collection.py:77 #: xl_auth/collection/forms.py:63 @@ -116,16 +116,16 @@ msgstr "Användare" #: tests/end2end/test_editing_user.py:45 xl_auth/templates/permissions/home.html:30 #: xl_auth/templates/permissions/home.html:31 xl_auth/templates/permissions/home.html:32 #: xl_auth/templates/users/home.html:33 xl_auth/templates/users/home.html:76 -#: xl_auth/templates/users/profile.html:55 xl_auth/templates/users/profile.html:58 -#: xl_auth/templates/users/profile.html:61 +#: xl_auth/templates/users/profile.html:58 xl_auth/templates/users/profile.html:61 +#: xl_auth/templates/users/profile.html:65 msgid "Yes" msgstr "Ja" #: tests/end2end/test_editing_user.py:45 xl_auth/templates/permissions/home.html:30 #: xl_auth/templates/permissions/home.html:31 xl_auth/templates/permissions/home.html:32 #: xl_auth/templates/users/home.html:33 xl_auth/templates/users/home.html:76 -#: xl_auth/templates/users/profile.html:55 xl_auth/templates/users/profile.html:58 -#: xl_auth/templates/users/profile.html:61 +#: xl_auth/templates/users/profile.html:58 xl_auth/templates/users/profile.html:61 +#: xl_auth/templates/users/profile.html:65 msgid "No" msgstr "Nej" @@ -296,17 +296,17 @@ msgid "Collection" msgstr "Samling" #: xl_auth/permission/forms.py:22 xl_auth/templates/permissions/home.html:18 -#: xl_auth/templates/users/profile.html:44 +#: xl_auth/templates/users/profile.html:45 msgid "Registrant" msgstr "Beståndsregistrerare" #: xl_auth/permission/forms.py:23 xl_auth/templates/permissions/home.html:19 -#: xl_auth/templates/users/profile.html:45 +#: xl_auth/templates/users/profile.html:46 msgid "Cataloger" msgstr "Katalogisatör" #: xl_auth/permission/forms.py:24 xl_auth/templates/permissions/home.html:20 -#: xl_auth/templates/users/profile.html:46 +#: xl_auth/templates/users/profile.html:48 msgid "Cataloguing Administrator" msgstr "Katalogiseringsadmin" @@ -538,7 +538,7 @@ msgstr "" #: xl_auth/templates/users/profile.html:34 msgid "Permissions (Active Collections Only)" -msgstr "Behörigheter på aktiva samlingar/sigler" +msgstr "Behörigheter på aktiva sigel" #: xl_auth/templates/users/profile.html:35 msgid "" From c1a6f8dc11523f30bd21c9d7bf35e6aac2aebcbe Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Wed, 25 Oct 2017 13:27:08 +0200 Subject: [PATCH 10/13] Use new export from #38 --- xl_auth/commands.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xl_auth/commands.py b/xl_auth/commands.py index f592ceb7..b5c27a4c 100644 --- a/xl_auth/commands.py +++ b/xl_auth/commands.py @@ -259,7 +259,7 @@ def _get_collection_details_from_bibdb(code): def _get_voyager_data(): raw_voyager_sigels_and_locations = requests.get( - 'https://github.com/libris/xl_auth/files/1406251/171023_KB--sigel_locations.txt' + 'https://github.com/libris/xl_auth/files/1414385/171025_KB--sigel_locations.txt' ).content.decode('latin-1').splitlines() voyager_sigels_and_collections = dict() voyager_main_sigels, voyager_location_sigels = set(), set() From ddba0c513c145330a59b862241824f4a8eaf6fee Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Wed, 25 Oct 2017 13:27:29 +0200 Subject: [PATCH 11/13] Update changelog for 0.4.4 --- README.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.rst b/README.rst index 057db723..3cd52ded 100644 --- a/README.rst +++ b/README.rst @@ -183,6 +183,14 @@ DB Models Changelog ========= +v. 0.4.4 +-------- + +* Data import updates (`#44 `_) +* UI adjustments; irrelevant permissions no longer shown to cataloging admins, using + term "sigel" instead of "kod" + + v. 0.4.3 -------- From 3239cd98a0acafd05baf73fdb23cd8166847267e Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Wed, 25 Oct 2017 13:29:03 +0200 Subject: [PATCH 12/13] Update Ansible provisioning to wipe outdated permissions --- ansible/roles/xl_auth/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/xl_auth/tasks/main.yml b/ansible/roles/xl_auth/tasks/main.yml index 0b786bd7..6101c574 100644 --- a/ansible/roles/xl_auth/tasks/main.yml +++ b/ansible/roles/xl_auth/tasks/main.yml @@ -72,7 +72,7 @@ interactive: yes tty: yes detach: no - command: import_data --verbose --admin-email libris@kb.se + command: import_data --verbose --admin-email libris@kb.se --wipe-permissions links: - postgres env: From 870b88d257d535f29241c0a8f8923bd7bb423fdf Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Wed, 25 Oct 2017 13:34:23 +0200 Subject: [PATCH 13/13] Add #39 to changelog --- README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.rst b/README.rst index 3cd52ded..36bf83b7 100644 --- a/README.rst +++ b/README.rst @@ -189,6 +189,8 @@ v. 0.4.4 * Data import updates (`#44 `_) * UI adjustments; irrelevant permissions no longer shown to cataloging admins, using term "sigel" instead of "kod" +* Ansible provisioning updated to use Nginx reverse proxy and SSL + (`#39 `_) v. 0.4.3