eventray-archive / horus Goto Github PK

They are very re-usable

After adding horus in requires list and executing python setup.py develop I got a compilation error saying that
"cryptacular/bcrypt/_bcrypt.c:26:20: fatal error: Python.h: No such file or directory
compilation terminated.
error: Setup script exited with error: command 'gcc' failed with exit status 1
"

Currently in some cases if you don't have pyramid_tm everything breaks. We need to fire events that they can handle.

The "index" route should be called "home". Not because "index" is better, but because when one starts a new Pyramid project, the scaffold creates a "home" route and a "home" view.

I can make this change for you guys, but I want you to approve the idea first. Anyone have anything against this?

Result is a traceback that NoneType has no attribute 'activation'.

@sontek two questions:

1. Should I fix this, or is the intention to let this repo die and move everything to Pylons/horus?
2. If I fix it, what error do we want to raise (if any)? Are we concerned about leaking information about which email addresses have accounts?

Hi,

We are using Horus at hypothes.is

We would like to have an option in Horus that makes it possible to send all registration requests through a configured [group of] admin[s].

So, while horus.require_activation enables automatic activation mails, we would like some thing like horus.require_admin_action, which would send a mail to admin, to allow/deny the new registration.

Thank you.

This is just to let people know that, due to lack of maintenance in the main project, I have been maintaining a fork. It is called "pluserable".
http://docs.nando.audio/pluserable/latest/
https://pypi.python.org/pypi/pluserable

nandoflorestan> Hey John, I notice in horus anyone can edit anyone's profile (email and password) right now.
sontek> I must have accidentally removed the acl
nandoflorestan> I think the url for editing the profile should not include the profile id -- only the active user would be editable.
sontek> I think the ID in the profile URL for viewing other profiles and for admins to edit, but there should definitely be a group permission with an acl for editing
sontek> Maybe the default edit URL can be without ID
sontek> but still have viewing with an ID?
sontek> what do you think?
nandoflorestan> Is there really a use case for admins editing other people's emails and passwords?
sontek> In private/admin type apps, like internal business to business applications, but not on consumer products
nandoflorestan> Viewing with an ID is useful for some apps, not for others (mine for instance).
sontek> Thats the hard part of balancing flexibility with defaults
sontek> But I could probably make it all configurable with a few settings
sontek> I'll do that. By default lets go with more secure
nandoflorestan> Cool. Let's fix the ACL bug first
sontek> So no IDs in URLs and add acl, but with a flag in .ini you can trigger the other URLs to be added
nandoflorestan> Nice idea.

I see that horus is being used by hypothesis to do the authentication, it inherits the model straight up. But I do not see anywhere where horus utilize sqlalchemy to initialize the table in the database. Is this step supposed to be manual?

Please note in your setup.py the dependencies this packages has, namely: colander, cryptacular, deform, pyramid_deform, maybe pyramid_mailer, and maybe pystache.

We need good documentation for people to use us.

I see in the code, there are already views defined for an admin panel, but there are no tests for it. Activating it in my application, I get an error on json() when trying to edit a user from the list.

What is the status on this feature? Is there a roadmap for the functionality?

I will have to build out this functionality for my application, including the feature requested in #35. I can send a pull request when I am done, but I wanted to check with the developers first.

Thanks!
James

I added redirect_login and rediirect_logout routes in development.ini as

redirect_login  = '/accounts/login'
redirect_logout = 'accounts/logout'

When I go those routes I am getting a 404 Not found error. Am i missing something ?

Currently I am integrating horus into my python app. I really like the flexibility of your package, but I stumbled upon a little problem. I already have an User class and table in my application. For testing I wanted to rename the horus User class. After doing this, SQLAlchemy initialization fails, because it's not able to find the User class. I had a look at the source code and saw, that the GroupMixin has a hard-coded "User" in the Group to User relationship.

    @declared_attr
    def users(self):
        """Relationship for users belonging to this group"""
        return sa.orm.relationship(
            'User',
            secondary=UserGroupMixin.__tablename__,
            # order_by='%s.user.username' % UserMixin.__tablename__,
            passive_deletes=True,
            passive_updates=True,
            backref=pluralize(GroupMixin.__tablename__),
        )

Same goes for Activation to User

    @declared_attr
    def activation(self):
        return sa.orm.relationship(
            'Activation',
            backref='user'
        )

I don't know if that is intended. It's not that hard to fix (I just rename my own class), but I think this makes it harder to integrade horus in an existing model.

We should have a generic "login" controller that doesn't do HTTP redirecting or anything, just does the validation and returns the response.

This will allow you to do AJAX login forms