Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

grack and auth #302

Merged
merged 16 commits into from
Jul 11, 2015
Merged

grack and auth #302

merged 16 commits into from
Jul 11, 2015

Conversation

sonalkr132
Copy link
Collaborator

  • integrate gitlab-grack
  • override auth of grack
  • allow cloning of only public projects
  • auth for cloning of private projects
  • auth for push to projects
  • change path of bare repo and sync it with non-bare one
  • generate commit and inspire images
  • test for auth before clone, push, pull and fetch
  • allow owner of project to add collaborators
  • test project access

Previous exisiting implementation was outdated and didn't use
grack adapter. Current state is lockdown, rack::auth::basic needs
to be overridden for auth.
Override grack::auth module to add authentication. If user tries to
clone private ones he will be asked to enter his username and password.
Auth is working, however cloning of private projects is still in
locked downstate.
Cloning of public projects doesn't ask user to login. Only check is that
project exists in our DB.
Push command template for auth is also added.
Check if user is owner of the project when git sends push request or
clone request for private projects.
Changed path of barer repo from repos/username/project/bare.git to
repos/username/project.git, so that user can use conventional push url:
git push http://localhost:3000/username/project.git branch_name
Push form terminal is made to bare one, which required that non-bare
and bare are synced. Since rugged doesn't support local push to
non-bare repo, first we need to fetch and then update the branch ref with
fetched remote ref.
Override of grack::server was required cause we need to sync only after
push to bare was successful. <- May need refactoring
Last image each commit and its parent's diff is used to generate the
thumbnails.
Last image of repo.head.target and its parent's diff is use to generate
the inspire images.
Some changes were made in project.rb (model) file so that generation of
images after push form shell and changes form web UI are consistent.
…or master

Updating inspire image everytime an image is updated on any branch would require
tracking of last updated branch. <- Possible TODO
@sonalkr132
Copy link
Collaborator Author

Here is deployment: http://ruby-glitterfollowers.rhcloud.com

Please take out some time to test it and break it. I have covered all the cases I could think of, however I am sure there are cases left where it will break.
Points to look out for:

  • User should be able to clone public projects. For ex: git clone http://ruby-glitterfollowers.rhcloud.com/addie/cards.git should work.However it will ask for credentials if you clone private ones.
  • It will always ask you for credentials if you are going to push. Use username and not email
  • If you have made changes form the web UI, make sure you pull those changes first or else do a force update
  • Inspire page images will only change if you make changes to master branch (for simplicity)
  • Images which are used for thumbnail and inspire image generation won't necessarily be the last image you update, it will use the last image which rugged::diff returns. There is no notion of last updated file/image in git between two commits.

Possible changes/refactoring:

  • Right now only project owner has option to clone private project and make push There is no option to add collaborators. This one will need quite a few changes in overall project. Many to many association between users and projects, each association will have different type of roles assigned to it, changes in web UI so that owner can add users to his project, Tags associated with each user to show the role of user. Let me know if I need to start working on it right away.
  • support both username and email for login
  • private projects show on inspire page
  • refactor the way sync is done between non-bare and bare repo. I have overloaded grack::server's service_rpc method to achieve it. Intuitively it feels wrong, most likely because it makes the code brittle.

Help:
I haven't looked much into sparkleshare, I still have 10 days before my current iteration ends, so it should be enough time. First look tells me that it is job of sparkleshare that they support our website (like the way the have added support for github, gitlab, piano, bitbucket etc). Let me know what you guys already know about integrating sparkleshare.

Forward slash in repo_path was causing git commands to fail on openshift.
Also fixed other tests on project model due to new changes.
- get_context moved to application controller so that both issues and
project_members controller can share it.
- Current_user is added as owner when he creates a new project.
- Name of foreign for project was changed from project_id to gallery_id.
it was conflicting with other things named project_id
- Project owners can search and add new users as owner, collaborator and
reporters on project's setting page. There can be only one relationship
between a project and a user.
Before this commit, logic of checking project being private was in view, which
was not safe. It also added ability of members of projects. Collaborator
and owners have read and write access to project from web UI. Guests and
reporters (in case of private projects) have read access. Only project
owners can delete projects.
Collaborators and owners can perform all git commands, while reporters can only
clone and fetch. For now only roles that can be added are collaborator and reporter.
Addition of owner would mean supporting transfering of ownership.
Other changes: check if diff object is nil or one for creation of dir. If so
then find diff in next parent-commit pair. Inspire_image generation was giving:
ActionView::Template::Error (undefined method `new_file' for nil:NilClass)
Create action of ProjectMember is as such because we need to allow only
project owners to add members, however there is no way ability model
can know about three objects (project, user and project_member)
…bers feature

Exisiting tests of project and issues controller and ability model were
modified to incorperate addition of members to projects.
A new helper for spec was made for addition of project members cause it
was used at quite a few places across different spec files.
@sonalkr132 sonalkr132 changed the title grack and auth - WIP grack and auth Jun 27, 2015
@sonalkr132
Copy link
Collaborator Author

#296, #301 and #302 can be merged and #161 can be closed. woot woot!

@sonalkr132
Copy link
Collaborator Author

I have updated deployment http://ruby-glitterfollowers.rhcloud.com/

You can test following users for private project: addie/Batman
username: collaborator
password: secretpassword
should be able to clone/fetch/pull and push to http://ruby-glitterfollowers.rhcloud.com/addie/Batman.git

username: reporter
password: secretpassword
should be able to clone/fetch/pull but not push.

For further details of ability please read spec/models/ability_spec.rb

NOTE: You can see private projects on index page. <- will fix in a new PR

Other changes: Allow only members to see their member_projects. If
we allow others to see it as well then we would need to take care of
quite a few things.
Show public contribution <- Nice to have and later
sarupbanskota added a commit that referenced this pull request Jul 11, 2015
@sarupbanskota sarupbanskota merged commit cbfcf61 into glittergallery:master Jul 11, 2015
@sonalkr132 sonalkr132 deleted the grack branch November 9, 2015 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants