gathering / unicorn-backend Goto Github PK
View Code? Open in Web Editor NEWBackend/API for UNICORN
Home Page: https://competitions.gathering.org
License: MIT License
Backend/API for UNICORN
Home Page: https://competitions.gathering.org
License: MIT License
After a successful authentication, fetch nickname from the wannabe API and save it on the user object.
wannabe/api/auth/services/login
with our client_id
, client_secret
and scope=external-wannabe-service-user
access_token
/api/profile/profile/{sub from users token}
with previous access_token
in wannabe_jwt
cookienickname
In competitions/management/commands/update_competition_states.py
there is a function Command.set_permissions
which contains the logic of giving participants permission to view all qualified entries during the timespan of which voting is enabled on the relevant Competition. This logic should be moved closer to the objects.
With the current logic, permissions are not given when, say, the vote end time of a Competition is extended after voting is completed.
ref gathering/unicorn-frontend#13
Det som dog er veldig viktig, og egentlig en nøkkelegenskap jeg er ute etter gjelder innhentingen av informasjon. Den burde kunne tilpasses til den typen premie som skal gis ut i konkurransen, og her trenger vi faktisk bare 3 forskjellige typer premier;
Penger
Fullt navn
Telefonnummer
Epostadresse
Kontonummer
Hvis det er en utenlandsk bankkonto trenger vi også dette;
IBAN-nummer
BIC/SWIFT adresse
SignaturDigital premie (gavekort, vouchers etc.)
Fullt navn
Telefonnummer
EpostadresseFysisk premie
Fullt navn
Telefonnummer
Epostadresse
Korrekt postadresse
Her tror jeg det er enklest om vi forholder oss til de nevnte typene og definerer disse fast. Så kan man ved oppretting av konkurranse selv bestemme hvilke premietype som konkurransen skal bruke.
A new "pre-show lockdown" should be implemented on Competition
to lock all edits a given amount of time before stage show.
Generation of slides for the beamer needs to be done a given amount of time before stage show.
Extra fields on Competition
to specify when the lockdown starts.
None.
Trigger a back-channel logout call to keycloak providers when users are logging out.
Users are logged out of keycloak when logging out, to make sure they are not immediately logged in again when clicking login after logging out.
None
Relevant keycloak docs: https://www.keycloak.org/docs/latest/server_admin/#backchannel-logout
Not supported upstream: python-social-auth/social-app-django#159
Tilgang til å endre på konkurranser som eies av et crew man selv er medlem av.
The current (logged in or not) permissions should be readable via the API. This can be solved for now by exposing group memberships in an endpoint.
Allow frontend applications to show UI elements based on actual permissions.
No.
No.
Implement better integration with Toornament for continuous push and pull of data from start of registrations to end of competition. Also implement support for additional custom fields and public/private notes.
If possible, show status from matches and brackets during the run of the competition.
Better integration for game competitions.
TBD
TBD
Indikerer at voting er ferdig og verifisert (inkl. jury) eller at manuelle poeng er lagt inn, slik at konkurransen kan plukkes opp av premieutdeling.
Refactor the Competition state machine to be less complex, or easier to understand somehow.
The logic is too complex. Especially in Competition.compute_next_state
and Competition.clean
Bytt fra grønn til R:0 G:0 B:255 i logoen. Det ser mer profesjonelt ut. Den oransje passe fint. Bare start på ny med vector graphics og lagre som .svg, husk å fylle inn innimellom pennen. Eg kunne tenkt meg Ada 8.1.0 på serveren min.
PS. Søndag den 19.
ref gathering/unicorn-frontend#13
Det hadde også vært en fordel om man kunne opprettet konkurranser som ikke er synlige for andre enn de med tilgang / crew. Dette skyldes at vi fra tid til annen arrangerer konkurranser som er hemmelige, og hvor vinner blir tilfeldig trukket f.eks blant alle KANDU medlemmer.
Competition admins should be able to fill out an internal FAQ for competitions, where with access to the FAQ should be able to look up information about a competition.
A member in the Creative Desk needs some information about a creative competition. They should then be able to look up the competition to get information about who is responsible for the competition, times and so on. But they should also be able to look up in a FAQ containing frequently asked questions about the given competition.
None.
Create a "My Account" page for users to see all data stored about and connected to them, and allow them to easily export these in a structured format. This page should also have a form/button to request deletion.
This also needs to be tied in with GDPR considerations to make sure we are in the clear.
Both of these elements should also be presented on the first login, in order to show the data we get from external providers (GE, WB) and make the user give their consent to data processing.
It's the law.
Probably some changes required to conform to GDPR.
Probably none.
When images are uploaded, generate thumbnails at predefined sizes.
Improved loading-times and lower data usage on entry administration pages and voting.
We probably need additional fields on the File
model to allow thumbs to be connected to the original media.
Yes, unknown at this time.
I calibrated it with, well, literary the news. NRK at the TV2 channel.
Takk til nå, Ōnō.
When an entry is disqualified, the contributors should be notified via email.
Make sure the contributors are aware immediately in case action is needed on their part before a deadline.
No.
Some way of sending emails.
Support a new type of competitions where participants are given a certain timeslot.
For allocating timeslots in the Tech:Online competition, and possibly for future workshops.
Yes, several.
Probably not
The original owner should no longer have permissions to edit and delete the entry, only view.
The original owner retains their edit and delete permissions after the new owner is set.
Try to submit data, e.g. a new Competition, with emojis in one of the text fields.
cURL example
curl 'https://unicorn.zoodo.io/api/competitions/competitions/8/' -X PUT -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36' -H 'Referer: http://localhost:3000/admin/competitions/8' -H 'Origin: http://localhost:3000' -H 'Authorization: JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6bnVsbCwiZXhwIjoxNTUyODMyMzU5LCJ1aWQiOjIsImVtYWlsIjoiam8tZW1pbEB6b29kby5ubyIsInVzZXJuYW1lIjoiODk1M2I3YmMtNGI5MC00MjQzLTk1NTUtNjQ0MmEyMzM0NjQxIiwiZmlyc3RfbmFtZSI6IkpvIEVtaWwiLCJsYXN0X25hbWUiOiJIb2xlbiIsImRpc3BsYXlfbmFtZSI6ImpvbXMiLCJpc3MiOiJPc2NhciJ9.LDPe0T4rXjbs0EXVlIYy93CLYT7LAFHi0sUUtre9BKZdxZ3jvs-vAhdD69skhXXIFm63d2c9naBpR2TTr0qxlgALlpQyDeDEYBW-AvqTkxfSa9wDO04arEkN99KtRNJpuFAaarjuSMaPgAXZLH_SA2pLxZxDd2fGqTJIvHX8FKivz9njM0iPxnCrMBsJjzncmvqSul26Cse8VD4AVqTjcMooMA9cH-A5fIkZtADrqvoVfiaojLkh8NirJIGcWq6UABG8L22Te_hraOFGFbs2C1XGbw-UGSOnvWq-VO5FAQrxECWVzUpIcZRZy0yPfIIPM9u61rL6EO-OETC2wLNAAA' -H 'content-type: application/json' --data-binary '{"name":"Test compo yo!","brief_description":"Lorem ipsum dolor sit amet, consecteturs","description":"Test compo yo!","rules":"<p>æ…“øåTest compo <strong>\ud83d</strong>\ude07</p>\n","editorState":{"enabled":false},"run_time_start":"2019-03-17T11:17:00.000Z","run_time_end":"2019-03-24T11:17:00.000Z","participant_limit":0,"genre":2,"_fileupload":{"enabled":true,"fileupload":[{"id":"73d91a73-1b73-42a4-b34a-28ad6d32e7b6","file":"archive","type":"entry","input":"Main entry"}]},"extra":{"enabled":false,"contributor_extra":null},"rsvp":false,"header_image":"https://672061c0b827554def11-ea8c7607510173b2cbad15f9892e8687.ssl.cf2.rackcdn.com/rl-birthday.f44ca8609585ba611e1277fc600f5cc1.jpg","header_credit":"Psyonix","prizes":["1234","234","34","4"],"id":8,"url":"https://unicorn.zoodo.io/api/competitions/competitions/8/","published":false,"state":{"value":8,"label":"Currently Running"},"entries_count":0,"entries":[],"show_time_start":null,"show_time_end":null,"team_required":false,"created":"2019-03-17T11:52:29.630543+01:00","last_updated":"2019-03-17T14:58:16.722641+01:00","next_state":{"value":256,"label":"Finished"},"fileupload":[{"id":"73d91a73-1b73-42a4-b34a-28ad6d32e7b6","file":"archive","type":"entry","input":"Main entry"}],"register_time_start":null,"register_time_end":null,"team_min":null,"team_max":null,"vote_time_start":null,"vote_time_end":null}' --compressed
The request should be successful and, in the above example, the competition should be created.
An Exception is thrown in the save()
method of the Competition
model, on the last line calling super()
.
UnicodeEncodeError: 'utf-8' codec can't encode character '\ud83d' in position 22: surrogates not allowed
There should be created a database dump based on the production database for use in beta and staging environments. This dump should be washed to remove all sensible information about users. This information should be manipulated in such a way that it can't be reversed, but it's length and format should be contained.
For example could [email protected]
be formatted as [email protected]
.
When creating new environments for testing, having actual data is quite useful. This prevents having to create new data every time a new environment is created.
None.
None.
Fields that contains data should have some sort of XSS protection. This would usually be something that removes illegal tags and attributes.
Known fields that use HTML are the description and rules fields in Competition
, with more to come.
Improved protection against XSS attacks
None
Possibly html-sanitizer
A competition administrator should be able enable file upload for users having a registered entry a set period after competition is closed. They should also be able to enable upload on a single entry for a set period. As another alternative, competition administrators should also be able to upload files to entries themselves.
In case of unforeseen problems with uploading files or other situations.
Possibly some fields on either Competition
, Entry
or both.
None
Ref gathering/unicorn-frontend#13
Creative
TGTV
SoMe / Community (FB, Instagram, Snapchat, Discord)
Diverse konkurranser ombudene arrangerer
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.