Create groups for ptokens #7944
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -55,47 +55,46 @@ | |
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </header> | ||
| <section v-if="has_ptoken_auth" class="container"> | ||
| <div class="row"> | ||
| <div class="col-12"> | ||
| <div class="bg-white rounded border my-4"> | ||
| <div class="d-flex justify-content-between align-items-center p-4 border-bottom"> | ||
| <template v-if="!user_has_token"> | ||
| <div> | ||
| Create a personal token to get paid today for work tomorrow <a href="{% url 'ptoken_quickstart' %}" class="underline">Learn more</a> | ||
| </div> | ||
| <div id="showCreationSuccessModal" hidden data-toggle="modal" data-target="#createTokenSuccessModal"></div> | ||
| <button class="btn btn-sm btn-outline-gc-blue m-2" data-toggle="modal" data-target="#createTokenModal"> | ||
| Create | ||
| </button> | ||
| </template> | ||
| <template v-else-if="pToken.tx_status === 'pending'"> | ||
| <div>Please wait for your transaction to be confirmed</div> | ||
| <button class="btn btn-sm m-2" type="button" disabled> | ||
| <span class="spinner-border btn-gc-green spinner-border-sm" role="status" aria-hidden="true"></span> | ||
| Mining... | ||
| </button> | ||
| </template> | ||
| <template v-else-if="pToken.tx_status === 'success'"> | ||
| <div>Modify your Personal Token</div> | ||
| <button class="btn btn-sm btn-outline-gc-blue m-2" data-toggle="modal" data-target="#editpTokenModal"> | ||
| Edit | ||
| </button> | ||
| </template> | ||
| <template v-else> | ||
| <div>An error occurred trying to create your pToken</div> | ||
| <button class="btn btn-sm btn-gc-outline-red m-2" data-toggle="modal" data-target="#createTokenModal"> | ||
| Please try again or contact [email protected] | ||
| </button> | ||
| </template> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </section> | ||
|
|
||
| <section class="container"> | ||
| <div class="row"> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| ''' | ||
| Copyright (C) 2020 Gitcoin Core | ||
| This program is free software: you can redistribute it and/or modify | ||
| it under the terms of the GNU Affero General Public License as published | ||
| by the Free Software Foundation, either version 3 of the License, or | ||
| (at your option) any later version. | ||
| This program is distributed in the hope that it will be useful, | ||
| but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| GNU Affero General Public License for more details. | ||
| You should have received a copy of the GNU Affero General Public License | ||
| along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
| ''' | ||
| from django.contrib.auth.models import Group, Permission, User | ||
| from django.contrib.contenttypes.models import ContentType | ||
| from django.core.management.base import BaseCommand | ||
| from django.db.models import Q | ||
|
|
||
|
|
||
| class Command(BaseCommand): | ||
| help = "Setup pToken Permissions" | ||
|
|
||
| def handle(self, *args, **options): | ||
| pToken_group_name = "pToken-Seed-Round" | ||
| pToken_group = Group.objects.get_or_create(name=pToken_group_name)[0] | ||
| ct = ContentType.objects.get_for_model(model=User) | ||
| add_pToken_auth = Permission.objects.get_or_create(name="Add pToken", codename="add_pToken_auth", content_type=ct)[0] | ||
| pToken_group.permissions.add(add_pToken_auth) | ||
|
|
||
| print('Adding seeded users to pToken Group') | ||
|
|
||
| # TODO: How else will we determine which users should be added to the group | ||
| valid_users = User.objects.filter(~Q(groups__name__in=[pToken_group_name]), profile__trust_profile=True) | ||
| for user in valid_users: | ||
| user.groups.add(pToken_group) | ||
|
|
||
| print('Valid users added to pToken group') | ||
|
There was a problem hiding this comment. Do we run this just once and be done with it ? There was a problem hiding this comment. yup, unless you had another way in mind. Let me know how seeding is determined and I can open another PR and add it to this command |
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -204,6 +204,12 @@ def ptoken(request, token_id='me'): | |
| return JsonResponse( | ||
| {'error': _('You must be authenticated via github to use this feature!')}, | ||
| status=401) | ||
|
|
||
| if not user.has_perm('auth.user.add_pToken_auth'): | ||
|
There was a problem hiding this comment. @mds1 Brought up the good point that a user would be able to abuse Vue here and possibly open the modal; this ensures that they cannot make the request given their creds |
||
| return JsonResponse( | ||
| {'error': _('You are not allowed to use this feature!')}, | ||
| status=403) | ||
|
|
||
| event_name = request.POST.get('event_name') | ||
| if user.profile != ptoken.token_owner_profile: | ||
| return JsonResponse( | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just need clarity on the identifier to seed the initial user base. Email / ids ? @thelostone-mc