From 1e445f921f95f3e60be6b2a131e506832e5ff184 Mon Sep 17 00:00:00 2001
From: Ricky Zhou <ricky@fedoraproject.org>
Date: Wed, 12 Mar 2008 18:18:12 -0400
Subject: [PATCH] Organize the CLA just like we had in FAS1 (we can recover
 this if we ever need to split into cla_sign/click)

---
 fas/fas.cfg                      | 13 +++---
 fas/fas/auth.py                  | 20 ++-------
 fas/fas/cla.py                   | 75 ++++++++------------------------
 fas/fas/controllers.py           |  7 +--
 fas/fas/group.py                 |  2 +-
 fas/fas/help.py                  |  2 +-
 fas/fas/templates/cla/click.html | 23 ----------
 fas/fas/templates/cla/index.html |  9 ++--
 fas/fas/templates/cla/view.html  | 15 +------
 fas/fas/templates/group/new.html |  2 +-
 fas/fas/templates/home.html      |  1 -
 fas/fas/templates/user/list.html |  9 +---
 fas/fas/templates/user/view.html |  3 +-
 fas/fas/templates/welcome.html   |  2 +-
 fas/fas/user.py                  |  7 +--
 fas/fas2.sql                     |  4 +-
 16 files changed, 46 insertions(+), 148 deletions(-)
 delete mode 100644 fas/fas/templates/cla/click.html

diff --git a/fas/fas.cfg b/fas/fas.cfg
index 8942dbd..2bb9e44 100644
--- a/fas/fas.cfg
+++ b/fas/fas.cfg
@@ -1,5 +1,5 @@
 [global]
-# TODO: better namespacing (maybe fas.admingroup, etc.)
+# TODO: better namespacing (maybe a [fas] section)
 admingroup = 'accounts'
 
 accounts_email = "nobody@fedoraproject.org"
@@ -15,8 +15,8 @@ gpg_fingerprint = "C199 1E25 D00A D200 2D2E  54D1 BF7F 1647 C54E 8410"
 gpg_passphrase = "m00!s@ysth3c0w"
 gpg_keyserver = "hkp://subkeys.pgp.net"
 
-cla_sign_group = "cla_sign"
-cla_click_group = "cla_click"
+cla_done_group = "cla_done"
+cla_fedora_group = "cla_fedora"
 
 privileged_view_groups = "(^cla_.*)|(^fas-.*)"
 username_blacklist = "(.*-members)|(.*-sponsors)|(.*-administrators)|(root)|(webmaster)"
@@ -32,8 +32,11 @@ openssl_l = "Raleigh"
 openssl_o = "Fedora Project"
 openssl_ou = "Upload Files"
 
-# This is where all of your settings go for your development environment
-# Settings that are the same for both development and production
+# Groups that automatically grant membership to other groups
+# Format: 'group1:a,b,c|group2:d,e,f'
+auto_approve_groups = 'cvsextras:fedorabugs|cla_dell:cla_done|cla_fedora:cla_done|cla_redhat:cla_done|cla_ibm:cla_done'
+
+# This is where all of your settings go for your development environment # Settings that are the same for both development and production
 # (such as template engine, encodings, etc.) all go in 
 # fas/config/app.cfg
 
diff --git a/fas/fas/auth.py b/fas/fas/auth.py
index b6b0a9f..9963b4a 100644
--- a/fas/fas/auth.py
+++ b/fas/fas/auth.py
@@ -69,27 +69,13 @@ def isApproved(person, group):
     else:
         return False
 
-def signedCLAPrivs(person):
+def CLADone(person):
     '''
     Returns True if the user has completed the GPG-signed CLA
     '''
-    cla_sign_group =config.get('cla_sign_group')
+    cla_done_group =config.get('cla_done_group')
     try:
-        if person.group_roles[cla_sign_group].role_status == 'approved':
-            return True
-        else:
-            return False
-    except KeyError:
-        return False
-    return False
-
-def clickedCLAPrivs(person):
-    '''
-    Returns True if the user has completed the click-through CLA
-    '''
-    cla_click_group = config.get('cla_click_group')
-    try:
-        if person.group_roles[cla_click_group].role_status == 'approved':
+        if person.group_roles[cla_done_group].role_status == 'approved':
             return True
         else:
             return False
diff --git a/fas/fas/cla.py b/fas/fas/cla.py
index 69001cf..e7f5785 100644
--- a/fas/fas/cla.py
+++ b/fas/fas/cla.py
@@ -25,9 +25,8 @@ class CLA(controllers.Controller):
         username = turbogears.identity.current.user_name
         person = People.by_username(username)
 
-        signedCLA = signedCLAPrivs(person)
-        clickedCLA = clickedCLAPrivs(person)
-        return dict(signedCLA=signedCLA, clickedCLA=clickedCLA)
+        cla = CLADone(person)
+        return dict(cla=cla)
 
     def jsonRequest(self):
         return 'tg_format' in cherrypy.request.params and \
@@ -53,20 +52,20 @@ class CLA(controllers.Controller):
                 turbogears.flash(_('To sign the CLA we must have your telephone number, postal address and gpg key id.  Please ensure they have been filled out'))
                 turbogears.redirect('/user/edit/%s' % username)
 
-        if type == 'click':
-            # Disable click-through CLA for now
-            #if signedCLAPrivs(person):
-            #    turbogears.flash(_('You have already signed the CLA, so it is unnecessary to complete the Click-through CLA.'))
-            #    turbogears.redirect('/cla/')
-            #    return dict()
-            #if clickedCLAPrivs(person):
-            #    turbogears.flash(_('You have already completed the Click-through CLA.'))
-            #    turbogears.redirect('/cla/')
-            #    return dict()
-            turbogears.redirect('/cla/')
-            return dict()
-        elif type == 'sign':
-            if signedCLAPrivs(person):
+        # Disable click-through CLA for now
+        #if type == 'click':
+        #    if signedCLAPrivs(person):
+        #        turbogears.flash(_('You have already signed the CLA, so it is unnecessary to complete the Click-through CLA.'))
+        #        turbogears.redirect('/cla/')
+        #        return dict()
+        #    if clickedCLAPrivs(person):
+        #        turbogears.flash(_('You have already completed the Click-through CLA.'))
+        #        turbogears.redirect('/cla/')
+        #        return dict()
+        #    turbogears.redirect('/cla/')
+        #    return dict()
+        if type == 'sign':
+            if CLADone(person):
                 turbogears.flash(_('You have already signed the CLA.'))
                 turbogears.redirect('/cla/')
                 return dict()
@@ -92,11 +91,11 @@ class CLA(controllers.Controller):
         username = turbogears.identity.current.user_name
         person = People.by_username(username)
         
-        if signedCLAPrivs(person):
+        if CLADone(person):
             turbogears.flash(_('You have already signed the CLA.'))
             turbogears.redirect('/cla/')
             return dict()
-        groupname = config.get('cla_sign_group')
+        groupname = config.get('cla_fedora_group')
         group = Groups.by_name(groupname)
 
         ctx = gpgme.Context()
@@ -189,41 +188,3 @@ that is associated with e-mail address %(email)s. The full signed ICLA is attach
                 turbogears.redirect('/cla/')
                 return dict()
 
-    @identity.require(turbogears.identity.not_anonymous())
-    @error_handler(error)
-    # Don't expose click-through CLA for now.
-    #@expose(template="fas.templates.cla.index")
-    def click(self, agree):
-        '''Click-through CLA'''
-        username = turbogears.identity.current.user_name
-        person = People.by_username(username)
-
-        if signedCLAPrivs(person):
-            turbogears.flash(_('You have already signed the CLA, so it is unnecessary to complete the Click-through CLA.'))
-            turbogears.redirect('/cla/')
-            return dict()
-        if clickedCLAPrivs(person):
-            turbogears.flash(_('You have already completed the Click-through CLA.'))
-            turbogears.redirect('/cla/')
-            return dict()
-        groupname = config.get('cla_click_group')
-        group = Groups.by_name(groupname)
-        if agree.lower() == 'i agree':
-            try:
-                person.apply(group, person) # Apply...
-                session.flush()
-                person.sponsor(group, person) # Approve...
-                session.flush()
-            except:
-                turbogears.flash(_("You could not be added to the '%s' group.") % group.name)
-                turbogears.redirect('/cla/view/click')
-                return dict()
-            else:
-                turbogears.flash(_("You have successfully agreed to the click-through CLA.  You are now in the '%s' group.") % group.name)
-                turbogears.redirect('/cla/')
-                return dict()
-        else:
-            turbogears.flash(_("You have not agreed to the click-through CLA.") % group.name)
-            turbogears.redirect('/cla/view/click')
-            return dict()
-
diff --git a/fas/fas/controllers.py b/fas/fas/controllers.py
index 790bd3a..d82bda7 100644
--- a/fas/fas/controllers.py
+++ b/fas/fas/controllers.py
@@ -72,12 +72,7 @@ class Root(controllers.RootController):
     def home(self):
         user_name = turbogears.identity.current.user_name
         person = People.by_username(user_name)
-        cla = None
-        cla = None
-        if clickedCLAPrivs(person):
-            cla = 'clicked'
-        if signedCLAPrivs(person):
-            cla = 'signed'
+        cla = CLADone(person)
         return dict(person=person, cla=cla)
 
     @expose(template="fas.templates.about")
diff --git a/fas/fas/group.py b/fas/fas/group.py
index 174af8d..d32c6b3 100644
--- a/fas/fas/group.py
+++ b/fas/fas/group.py
@@ -470,7 +470,7 @@ into the e-mail aliases within an hour.
         username = turbogears.identity.current.user_name
         person = People.by_username(username)
         if not groupname:
-            groupname = config.get('cla_sign_group')
+            groupname = config.get('cla_done_group')
         group = Groups.by_name(groupname)
 
         if not canViewGroup(person, group):
diff --git a/fas/fas/help.py b/fas/fas/help.py
index f8ba0aa..f8cdc47 100644
--- a/fas/fas/help.py
+++ b/fas/fas/help.py
@@ -33,7 +33,7 @@ class Help(controllers.Controller):
             'group_type':           ['Group Type', '''<p>Normally it is safe to leave this blank.  Though some values include 'tracking', 'shell', 'cvs', 'git', 'hg', 'svn', and 'mtn'.  This value only really matters if the group is to end up getting shell access or commit access somewhere like fedorahosted.</p>'''],
             'group_needs_sponsor':  ['Needs Sponsor', '''<p>If your group requires sponsorship (recommended), this means that when a user is approved by a sponsor.  That relationship is recorded in the account system.  If user A sponsors user N, then in viewing the members of this group, people will know to contact user A about user N if something goes wrong.  If this box is unchecked, this means that only approval is needed and no relationship is recorded about who did the approving</p>'''],
             'group_self_removal':   ['Self Removal', '''<p>Should users be able to remove themselves from this group without sponsor / admin intervention?  (recommended yes)</p>'''],
-            'group_prerequisite':   ['Must Belong To', '''<p>Before a user can join this group, they must belong to the group listed in this box.  <b>This value cannot be removed without administrative intervention, only changed</b>.  Recommended values are for the 'cla_sign' group.</p>'''],
+            'group_prerequisite':   ['Must Belong To', '''<p>Before a user can join this group, they must belong to the group listed in this box.  <b>This value cannot be removed without administrative intervention, only changed</b>.  Recommended values are for the 'cla_done' group.</p>'''],
             'group_join_message':   ['Join Message', '''<p>This message will go out to users when they join the group.  It should be informative and offer tips about what to do next.  A description of the group would also be valuable here</p>'''],
             'gencert':              ['Client Side Cert', '''<p>The client side cert is generally used to grant access to upload packages to Fedora or for other authentication purposes like with koji.  If you are not a package maintainer there is no need to worry about the client side cert</p>'''],
             }
diff --git a/fas/fas/templates/cla/click.html b/fas/fas/templates/cla/click.html
deleted file mode 100644
index 85db7bd..0000000
--- a/fas/fas/templates/cla/click.html
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"
-  xmlns:py="http://genshi.edgewall.org/"
-  xmlns:xi="http://www.w3.org/2001/XInclude">
-  <xi:include href="../master.html" />
-  <head>
-    <title>${_('Fedora Accounts System')}</title>
-  </head>
-  <body>
-    <!-- Click-through CLA -->
-    <h2>${_('Contributor License Agreement')}</h2>
-    <xi:include href="cla.html" />
-    <form action="${tg.url('/cla/click/%s' % userName)}" method="post">
-      <div>
-        ${_('If you agree to these terms and conditions, type "%s" here:') % 'I agree'} <input type="text" id="agree" name="agree" /><br />
-        ${_('Full Name:')} ${user.givenName}<br />
-        ${_('E-mail:')} ${user.mail}<br />
-        ${_('Date:')} ${date}<br />
-        <input type="submit" value="${_('Submit CLA')}" />
-      </div>
-    </form>
-  </body>
-</html>
diff --git a/fas/fas/templates/cla/index.html b/fas/fas/templates/cla/index.html
index 40396d4..21a2a0c 100644
--- a/fas/fas/templates/cla/index.html
+++ b/fas/fas/templates/cla/index.html
@@ -9,17 +9,16 @@
   <body>
     <h2>${_('Fedora Contributor License Agreement')}</h2>
     <p>
-    <!-- TODO: Update to not mention click-through CLA (until it's ready) -->
-    ${Markup(_('There are two ways to sign the CLA.  Most users will want to do a signed CLA as it will promote them to a full contributor in Fedora.  The click-through CLA only grants partial access but may be preferred for those with special legal considerations.  See:  &lt;a href="http://fedoraproject.org/wiki/Legal/CLAAcceptanceHierarchies"&gt;CLA Acceptance Hierarchies&lt;/a&gt; for more information.'))}
+    <!-- TODO: Better text there -->
+    ${Markup(_('In order to become a full Fedora contributor, you must sign the CLA.'))}
     </p>
     <br/>
     <p>
-      <ul py:if="not signedCLA">
+      <ul py:if="not cla">
         <li><a href="${tg.url('/cla/view/sign')}">${_('Sign Contributor License Agreement (CLA)')}</a></li>
-        <!--<li py:if="not clickedCLA"><a href="${tg.url('/cla/view/click')}">${_('Click-through CLA')}</a></li>-->
       </ul>
     </p>
-    <p py:if="signedCLA">
+    <p py:if="cla">
     ${Markup(_('You have already sucessfully signed the &lt;a href="%s"&gt;CLA&lt;/a&gt;.') % tg.url('/cla/view'))}
     </p>
   </body>
diff --git a/fas/fas/templates/cla/view.html b/fas/fas/templates/cla/view.html
index 6c2c1a5..c91a893 100644
--- a/fas/fas/templates/cla/view.html
+++ b/fas/fas/templates/cla/view.html
@@ -7,24 +7,11 @@
     <title>${_('Fedora Accounts System')}</title>
   </head>
   <body>
-    <!-- Click-through CLA -->
     <h2>${_('Contributor License Agreement')}</h2>
-    <py:if test="type is None">
+    <py:if test="not type">
       <xi:include href="cla.html" />
     </py:if>
 
-    <py:if test="type == 'click'">
-      <xi:include href="cla.html" />
-      <form action="${tg.url('/cla/click')}" method="post">
-        <div>
-          ${_('If you agree to these terms and conditions, type "%s" here:') % 'I agree'} <input type="text" id="agree" name="agree" /><br />
-          ${_('Full Name:')} ${person.human_name}<br />
-          ${_('E-mail:')} ${person.email}<br />
-          ${_('Date:')} ${date}<br />
-          <input type="submit" value="${_('Submit CLA')}" />
-        </div>
-      </form>
-    </py:if>
     <py:if test="type == 'sign'">
       <p>
       ${Markup(_('Use the below link to download/save the CLA as fedora-icla-%(username)s.txt, and run: &lt;pre&gt;gpg -as fedora-icla-%(username)s.txt&lt;/pre&gt; After, upload fedora-icla-%(username)s.txt.asc in the form below.') % {'username': person.username})}
diff --git a/fas/fas/templates/group/new.html b/fas/fas/templates/group/new.html
index 6037801..f74862c 100644
--- a/fas/fas/templates/group/new.html
+++ b/fas/fas/templates/group/new.html
@@ -41,7 +41,7 @@
       </div>
       <div class="field">
         <label for="prerequisite">${_('Must Belong To:')}</label>
-        <input type="text" id="prerequisite" name="prerequisite" value="cla_sign" />
+        <input type="text" id="prerequisite" name="prerequisite" value="cla_done" />
         <script type="text/javascript">var group_prerequisite = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_prerequisite')}'});</script>
       </div>
       <div class="field">
diff --git a/fas/fas/templates/home.html b/fas/fas/templates/home.html
index 993b462..e602b63 100644
--- a/fas/fas/templates/home.html
+++ b/fas/fas/templates/home.html
@@ -21,7 +21,6 @@
       </py:if>
       </py:for>
       <ul class="queue">
-        <li py:if="cla == 'clicked'" class="approved">${_('Click-through CLA')} (<a href="${tg.url('/cla/')}">${_('GPG Sign it!')}</a>)</li>
         <li py:if="not cla" class="unapproved">${_('CLA Not Signed.  To become a full Fedora Contributor please ')}<a href="${tg.url('/cla/')}">${_('Sign the CLA')}</a>.</li>
         <li py:if="not person.ssh_key">You have not submitted an SSH key, some Fedora resources require an SSH key.  Please submit yours by editing <a href="${tg.url('/user/edit')}">My Account</a></li>
       </ul>
diff --git a/fas/fas/templates/user/list.html b/fas/fas/templates/user/list.html
index b2eb221..8a0ba7c 100644
--- a/fas/fas/templates/user/list.html
+++ b/fas/fas/templates/user/list.html
@@ -33,14 +33,9 @@
           <td><a href="${tg.url('/user/view/%s' % person.username)}">${person.username}</a></td>
           <td>
             <?python
-            cla = None
-            if auth.clickedCLAPrivs(person):
-                cla = 'clicked'
-            if auth.signedCLAPrivs(person):
-                cla = 'signed'
+            cla = auth.CLADone(person):
             ?>
-            <span py:if="cla == 'signed'" class="approved">${_('Signed CLA')}</span>
-            <span py:if="cla == 'clicked'" class="approved">${_('Click-through CLA')}</span>
+            <span py:if="cla" class="approved">${_('CLA Done')}</span>
             <span py:if="not cla" class="unapproved">${_('Not Done')}</span>
           </td>
         </tr>
diff --git a/fas/fas/templates/user/view.html b/fas/fas/templates/user/view.html
index ec568d5..0c29c87 100644
--- a/fas/fas/templates/user/view.html
+++ b/fas/fas/templates/user/view.html
@@ -38,8 +38,7 @@
         <span py:if="person.status == 'pinged'" class="approved">${_('Pinged')}</span>
         <script type="text/javascript">var hb1 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/user_account_status')}'});</script></dd>
         <dt>${_('CLA:')}</dt><dd>
-        <span py:if="cla == 'signed'" class="approved">${_('Signed CLA')}</span>
-        <span py:if="cla == 'clicked'" class="approved">${_('Click-through CLA')}<py:if test="personal"> (<a href="${tg.url('/cla/')}">${_('GPG Sign it!')}</a></py:if>)</span>
+        <span py:if="cla" class="approved">${_('CLA Done')}</span>
         <span py:if="not cla" class="unapproved">${_('Not Done')}<py:if test="personal"> (<a href="${tg.url('/cla/')}">${_('Sign it!')}</a>)</py:if></span>
         <script type="text/javascript">var hb2 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/user_cla')}'});</script></dd>
       </dl>
diff --git a/fas/fas/templates/welcome.html b/fas/fas/templates/welcome.html
index e4bbae9..94418a8 100644
--- a/fas/fas/templates/welcome.html
+++ b/fas/fas/templates/welcome.html
@@ -15,7 +15,7 @@
   </head>
   <body>
     <p>
-    ${_('Welcome to the Fedora Accounts System 2.  Please submit bugs to https://fedorahosted.org/fedora-infrastructure/ or stop by #fedora-admin on irc.freenode.net')}
+    ${_('Welcome to the Fedora Accounts System 2.  Please submit bugs to &lt;a href="https://fedorahosted.org/fedora-infrastructure/"&gt;https://fedorahosted.org/fedora-infrastructure/&lt;a&gt; or stop by #fedora-admin on irc.freenode.net')}
     </p>
     <ul>
       <li><a href="${tg.url('/login')}">${_('Log In')}</a></li>
diff --git a/fas/fas/user.py b/fas/fas/user.py
index de1024b..9a2f265 100644
--- a/fas/fas/user.py
+++ b/fas/fas/user.py
@@ -217,10 +217,7 @@ class User(controllers.Controller):
         for group in person.roles:
             groups.append(Groups.by_name(group.group.name))
         cla = None
-        if clickedCLAPrivs(person):
-            cla = 'clicked'
-        if signedCLAPrivs(person):
-            cla = 'signed'
+        cla = CLADone(person)
         person.jsonProps = {
                 'People': ('approved_memberships', 'unapproved_memberships')
                 }
@@ -610,7 +607,7 @@ https://admin.fedoraproject.org/accounts/user/verifypass/%(user)s/%(token)s
     def gencert(self):
       username = turbogears.identity.current.user_name
       person = People.by_username(username) 
-      if signedCLAPrivs(person):
+      if CLADone(person):
           person.certificate_serial = person.certificate_serial + 1
 
           pkey = openssl_fas.createKeyPair(openssl_fas.TYPE_RSA, 1024);
diff --git a/fas/fas2.sql b/fas/fas2.sql
index abcb7c3..8fce9d0 100644
--- a/fas/fas2.sql
+++ b/fas/fas2.sql
@@ -347,8 +347,8 @@ GRANT ALL ON TABLE people, groups, person_roles, group_roles, bugzilla_queue, co
 INSERT INTO people (id, username, human_name, password, email) VALUES (100001, 'admin', 'Admin User', '$1$djFfnacd$b6NFqFlac743Lb4sKWXj4/', 'root@localhost');
 
 -- Create default groups and populate
-INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (100002, 'cla_sign', 'Signed CLA Group', (SELECT id from people where username='admin'), 'tracking');
-INSERT INTO groups (name, display_name, owner_id, group_type) VALUES ('cla_click', 'Click-through CLA Group', (SELECT id from people where username='admin'), 'tracking');
+INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (100002, 'cla_done', 'CLA Done Group', (SELECT id from people where username='admin'), 'tracking');
+INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (101441, 'cla_fedora', 'Fedora CLA Group', (SELECT id from people where username='admin'), 'tracking');
 INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (100006, 'accounts', 'Account System Admins', (SELECT id from people where username='admin'), 'tracking');
 INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (100148, 'fedorabugs', 'Fedora Bugs Group', (SELECT id from people where username='admin'), 'tracking');
 INSERT INTO groups (name, display_name, owner_id, group_type) VALUES ('fas-system', 'System users allowed to get password and key information', (SELECT id from people where username='admin'), 'system');