Infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 70 Pull requests Projects Releases Packages Wiki Activity Actions

Organize the CLA just like we had in FAS1 (we can recover this if we ever need to split into cla_sign/click)

Browse source
This commit is contained in:
Ricky Zhou (周家杰) 2008-03-12 18:18:12 -04:00
parent 191477ed80
commit 1e445f921f
16 changed files with 46 additions and 148 deletions
Download patch file Download diff file Expand all files Collapse all files

13
fas/fas.cfg
View file

@ -1,5 +1,5 @@
[global]
# TODO: better namespacing (maybe fas.admingroup, etc.)
# TODO: better namespacing (maybe a [fas] section)
admingroup = 'accounts'
accounts_email = "nobody@fedoraproject.org"
@ -15,8 +15,8 @@ gpg_fingerprint = "C199 1E25 D00A D200 2D2E 54D1 BF7F 1647 C54E 8410"
gpg_passphrase = "m00!s@ysth3c0w"
gpg_keyserver = "hkp://subkeys.pgp.net"
cla_sign_group = "cla_sign"
cla_click_group = "cla_click"
cla_done_group = "cla_done"
cla_fedora_group = "cla_fedora"
privileged_view_groups = "(^cla_.*)|(^fas-.*)"
username_blacklist = "(.*-members)|(.*-sponsors)|(.*-administrators)|(root)|(webmaster)"
@ -32,8 +32,11 @@ openssl_l = "Raleigh"
openssl_o = "Fedora Project"
openssl_ou = "Upload Files"
# This is where all of your settings go for your development environment
# Settings that are the same for both development and production
# Groups that automatically grant membership to other groups
# Format: 'group1:a,b,c|group2:d,e,f'
auto_approve_groups = 'cvsextras:fedorabugs|cla_dell:cla_done|cla_fedora:cla_done|cla_redhat:cla_done|cla_ibm:cla_done'
# This is where all of your settings go for your development environment # Settings that are the same for both development and production
# (such as template engine, encodings, etc.) all go in
# fas/config/app.cfg

20
fas/fas/auth.py
View file

@ -69,27 +69,13 @@ def isApproved(person, group):
else:
return False
def signedCLAPrivs(person):
def CLADone(person):
'''
Returns True if the user has completed the GPG-signed CLA
'''
cla_sign_group =config.get('cla_sign_group')
cla_done_group =config.get('cla_done_group')
try:
if person.group_roles[cla_sign_group].role_status == 'approved':
return True
else:
return False
except KeyError:
return False
return False
def clickedCLAPrivs(person):
'''
Returns True if the user has completed the click-through CLA
'''
cla_click_group = config.get('cla_click_group')
try:
if person.group_roles[cla_click_group].role_status == 'approved':
if person.group_roles[cla_done_group].role_status == 'approved':
return True
else:
return False

75
fas/fas/cla.py
View file

@ -25,9 +25,8 @@ class CLA(controllers.Controller):
username = turbogears.identity.current.user_name
person = People.by_username(username)
signedCLA = signedCLAPrivs(person)
clickedCLA = clickedCLAPrivs(person)
return dict(signedCLA=signedCLA, clickedCLA=clickedCLA)
cla = CLADone(person)
return dict(cla=cla)
def jsonRequest(self):
return 'tg_format' in cherrypy.request.params and \
@ -53,20 +52,20 @@ class CLA(controllers.Controller):
turbogears.flash(_('To sign the CLA we must have your telephone number, postal address and gpg key id. Please ensure they have been filled out'))
turbogears.redirect('/user/edit/%s' % username)
if type == 'click':
# Disable click-through CLA for now
#if signedCLAPrivs(person):
# turbogears.flash(_('You have already signed the CLA, so it is unnecessary to complete the Click-through CLA.'))
# turbogears.redirect('/cla/')
# return dict()
#if clickedCLAPrivs(person):
# turbogears.flash(_('You have already completed the Click-through CLA.'))
# turbogears.redirect('/cla/')
# return dict()
turbogears.redirect('/cla/')
return dict()
elif type == 'sign':
if signedCLAPrivs(person):
# Disable click-through CLA for now
#if type == 'click':
# if signedCLAPrivs(person):
# turbogears.flash(_('You have already signed the CLA, so it is unnecessary to complete the Click-through CLA.'))
# turbogears.redirect('/cla/')
# return dict()
# if clickedCLAPrivs(person):
# turbogears.flash(_('You have already completed the Click-through CLA.'))
# turbogears.redirect('/cla/')
# return dict()
# turbogears.redirect('/cla/')
# return dict()
if type == 'sign':
if CLADone(person):
turbogears.flash(_('You have already signed the CLA.'))
turbogears.redirect('/cla/')
return dict()
@ -92,11 +91,11 @@ class CLA(controllers.Controller):
username = turbogears.identity.current.user_name
person = People.by_username(username)
if signedCLAPrivs(person):
if CLADone(person):
turbogears.flash(_('You have already signed the CLA.'))
turbogears.redirect('/cla/')
return dict()
groupname = config.get('cla_sign_group')
groupname = config.get('cla_fedora_group')
group = Groups.by_name(groupname)
ctx = gpgme.Context()
@ -189,41 +188,3 @@ that is associated with e-mail address %(email)s. The full signed ICLA is attach
turbogears.redirect('/cla/')
return dict()
@identity.require(turbogears.identity.not_anonymous())
@error_handler(error)
# Don't expose click-through CLA for now.
#@expose(template="fas.templates.cla.index")
def click(self, agree):
'''Click-through CLA'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
if signedCLAPrivs(person):
turbogears.flash(_('You have already signed the CLA, so it is unnecessary to complete the Click-through CLA.'))
turbogears.redirect('/cla/')
return dict()
if clickedCLAPrivs(person):
turbogears.flash(_('You have already completed the Click-through CLA.'))
turbogears.redirect('/cla/')
return dict()
groupname = config.get('cla_click_group')
group = Groups.by_name(groupname)
if agree.lower() == 'i agree':
try:
person.apply(group, person) # Apply...
session.flush()
person.sponsor(group, person) # Approve...
session.flush()
except:
turbogears.flash(_("You could not be added to the '%s' group.") % group.name)
turbogears.redirect('/cla/view/click')
return dict()
else:
turbogears.flash(_("You have successfully agreed to the click-through CLA. You are now in the '%s' group.") % group.name)
turbogears.redirect('/cla/')
return dict()
else:
turbogears.flash(_("You have not agreed to the click-through CLA.") % group.name)
turbogears.redirect('/cla/view/click')
return dict()

7
fas/fas/controllers.py
View file

@ -72,12 +72,7 @@ class Root(controllers.RootController):
def home(self):
user_name = turbogears.identity.current.user_name
person = People.by_username(user_name)
cla = None
cla = None
if clickedCLAPrivs(person):
cla = 'clicked'
if signedCLAPrivs(person):
cla = 'signed'
cla = CLADone(person)
return dict(person=person, cla=cla)
@expose(template="fas.templates.about")

2
fas/fas/group.py
View file

@ -470,7 +470,7 @@ into the e-mail aliases within an hour.
username = turbogears.identity.current.user_name
person = People.by_username(username)
if not groupname:
groupname = config.get('cla_sign_group')
groupname = config.get('cla_done_group')
group = Groups.by_name(groupname)
if not canViewGroup(person, group):

2
fas/fas/help.py
View file

@ -33,7 +33,7 @@ class Help(controllers.Controller):
'group_type': ['Group Type', '''<p>Normally it is safe to leave this blank. Though some values include 'tracking', 'shell', 'cvs', 'git', 'hg', 'svn', and 'mtn'. This value only really matters if the group is to end up getting shell access or commit access somewhere like fedorahosted.</p>'''],
'group_needs_sponsor': ['Needs Sponsor', '''<p>If your group requires sponsorship (recommended), this means that when a user is approved by a sponsor. That relationship is recorded in the account system. If user A sponsors user N, then in viewing the members of this group, people will know to contact user A about user N if something goes wrong. If this box is unchecked, this means that only approval is needed and no relationship is recorded about who did the approving</p>'''],
'group_self_removal': ['Self Removal', '''<p>Should users be able to remove themselves from this group without sponsor / admin intervention? (recommended yes)</p>'''],
'group_prerequisite': ['Must Belong To', '''<p>Before a user can join this group, they must belong to the group listed in this box. <b>This value cannot be removed without administrative intervention, only changed</b>. Recommended values are for the 'cla_sign' group.</p>'''],
'group_prerequisite': ['Must Belong To', '''<p>Before a user can join this group, they must belong to the group listed in this box. <b>This value cannot be removed without administrative intervention, only changed</b>. Recommended values are for the 'cla_done' group.</p>'''],
'group_join_message': ['Join Message', '''<p>This message will go out to users when they join the group. It should be informative and offer tips about what to do next. A description of the group would also be valuable here</p>'''],
'gencert': ['Client Side Cert', '''<p>The client side cert is generally used to grant access to upload packages to Fedora or for other authentication purposes like with koji. If you are not a package maintainer there is no need to worry about the client side cert</p>'''],
}

23
fas/fas/templates/cla/click.html
View file

@ -1,23 +0,0 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:py="http://genshi.edgewall.org/"
xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:include href="../master.html" />
<head>
<title>${_('Fedora Accounts System')}</title>
</head>
<body>
<!-- Click-through CLA -->
<h2>${_('Contributor License Agreement')}</h2>
<xi:include href="cla.html" />
<form action="${tg.url('/cla/click/%s' % userName)}" method="post">
<div>
${_('If you agree to these terms and conditions, type "%s" here:') % 'I agree'} <input type="text" id="agree" name="agree" /><br />
${_('Full Name:')} ${user.givenName}<br />
${_('E-mail:')} ${user.mail}<br />
${_('Date:')} ${date}<br />
<input type="submit" value="${_('Submit CLA')}" />
</div>
</form>
</body>
</html>

9
fas/fas/templates/cla/index.html
View file

@ -9,17 +9,16 @@
<body>
<h2>${_('Fedora Contributor License Agreement')}</h2>
<p>
<!-- TODO: Update to not mention click-through CLA (until it's ready) -->
${Markup(_('There are two ways to sign the CLA. Most users will want to do a signed CLA as it will promote them to a full contributor in Fedora. The click-through CLA only grants partial access but may be preferred for those with special legal considerations. See: &lt;a href="http://fedoraproject.org/wiki/Legal/CLAAcceptanceHierarchies"&gt;CLA Acceptance Hierarchies&lt;/a&gt; for more information.'))}
<!-- TODO: Better text there -->
${Markup(_('In order to become a full Fedora contributor, you must sign the CLA.'))}
</p>
<br/>
<p>
<ul py:if="not signedCLA">
<ul py:if="not cla">
<li><a href="${tg.url('/cla/view/sign')}">${_('Sign Contributor License Agreement (CLA)')}</a></li>
<!--<li py:if="not clickedCLA"><a href="${tg.url('/cla/view/click')}">${_('Click-through CLA')}</a></li>-->
</ul>
</p>
<p py:if="signedCLA">
<p py:if="cla">
${Markup(_('You have already sucessfully signed the &lt;a href="%s"&gt;CLA&lt;/a&gt;.') % tg.url('/cla/view'))}
</p>
</body>

15
fas/fas/templates/cla/view.html
View file

@ -7,24 +7,11 @@
<title>${_('Fedora Accounts System')}</title>
</head>
<body>
<!-- Click-through CLA -->
<h2>${_('Contributor License Agreement')}</h2>
<py:if test="type is None">
<py:if test="not type">
<xi:include href="cla.html" />
</py:if>
<py:if test="type == 'click'">
<xi:include href="cla.html" />
<form action="${tg.url('/cla/click')}" method="post">
<div>
${_('If you agree to these terms and conditions, type "%s" here:') % 'I agree'} <input type="text" id="agree" name="agree" /><br />
${_('Full Name:')} ${person.human_name}<br />
${_('E-mail:')} ${person.email}<br />
${_('Date:')} ${date}<br />
<input type="submit" value="${_('Submit CLA')}" />
</div>
</form>
</py:if>
<py:if test="type == 'sign'">
<p>
${Markup(_('Use the below link to download/save the CLA as fedora-icla-%(username)s.txt, and run: &lt;pre&gt;gpg -as fedora-icla-%(username)s.txt&lt;/pre&gt; After, upload fedora-icla-%(username)s.txt.asc in the form below.') % {'username': person.username})}

2
fas/fas/templates/group/new.html
View file

@ -41,7 +41,7 @@
</div>
<div class="field">
<label for="prerequisite">${_('Must Belong To:')}</label>
<input type="text" id="prerequisite" name="prerequisite" value="cla_sign" />
<input type="text" id="prerequisite" name="prerequisite" value="cla_done" />
<script type="text/javascript">var group_prerequisite = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_prerequisite')}'});</script>
</div>
<div class="field">

1
fas/fas/templates/home.html
View file

@ -21,7 +21,6 @@
</py:if>
</py:for>
<ul class="queue">
<li py:if="cla == 'clicked'" class="approved">${_('Click-through CLA')} (<a href="${tg.url('/cla/')}">${_('GPG Sign it!')}</a>)</li>
<li py:if="not cla" class="unapproved">${_('CLA Not Signed. To become a full Fedora Contributor please ')}<a href="${tg.url('/cla/')}">${_('Sign the CLA')}</a>.</li>
<li py:if="not person.ssh_key">You have not submitted an SSH key, some Fedora resources require an SSH key. Please submit yours by editing <a href="${tg.url('/user/edit')}">My Account</a></li>
</ul>

9
fas/fas/templates/user/list.html
View file

@ -33,14 +33,9 @@
<td><a href="${tg.url('/user/view/%s' % person.username)}">${person.username}</a></td>
<td>
<?python
cla = None
if auth.clickedCLAPrivs(person):
cla = 'clicked'
if auth.signedCLAPrivs(person):
cla = 'signed'
cla = auth.CLADone(person):
?>
<span py:if="cla == 'signed'" class="approved">${_('Signed CLA')}</span>
<span py:if="cla == 'clicked'" class="approved">${_('Click-through CLA')}</span>
<span py:if="cla" class="approved">${_('CLA Done')}</span>
<span py:if="not cla" class="unapproved">${_('Not Done')}</span>
</td>
</tr>

3
fas/fas/templates/user/view.html
View file

@ -38,8 +38,7 @@
<span py:if="person.status == 'pinged'" class="approved">${_('Pinged')}</span>
<script type="text/javascript">var hb1 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/user_account_status')}'});</script></dd>
<dt>${_('CLA:')}</dt><dd>
<span py:if="cla == 'signed'" class="approved">${_('Signed CLA')}</span>
<span py:if="cla == 'clicked'" class="approved">${_('Click-through CLA')}<py:if test="personal"> (<a href="${tg.url('/cla/')}">${_('GPG Sign it!')}</a></py:if>)</span>
<span py:if="cla" class="approved">${_('CLA Done')}</span>
<span py:if="not cla" class="unapproved">${_('Not Done')}<py:if test="personal"> (<a href="${tg.url('/cla/')}">${_('Sign it!')}</a>)</py:if></span>
<script type="text/javascript">var hb2 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/user_cla')}'});</script></dd>
</dl>

2
fas/fas/templates/welcome.html
View file

@ -15,7 +15,7 @@
</head>
<body>
<p>
${_('Welcome to the Fedora Accounts System 2. Please submit bugs to https://fedorahosted.org/fedora-infrastructure/ or stop by #fedora-admin on irc.freenode.net')}
${_('Welcome to the Fedora Accounts System 2. Please submit bugs to &lt;a href="https://fedorahosted.org/fedora-infrastructure/"&gt;https://fedorahosted.org/fedora-infrastructure/&lt;a&gt; or stop by #fedora-admin on irc.freenode.net')}
</p>
<ul>
<li><a href="${tg.url('/login')}">${_('Log In')}</a></li>

7
fas/fas/user.py
View file

@ -217,10 +217,7 @@ class User(controllers.Controller):
for group in person.roles:
groups.append(Groups.by_name(group.group.name))
cla = None
if clickedCLAPrivs(person):
cla = 'clicked'
if signedCLAPrivs(person):
cla = 'signed'
cla = CLADone(person)
person.jsonProps = {
'People': ('approved_memberships', 'unapproved_memberships')
}
@ -610,7 +607,7 @@ https://admin.fedoraproject.org/accounts/user/verifypass/%(user)s/%(token)s
def gencert(self):
username = turbogears.identity.current.user_name
person = People.by_username(username)
if signedCLAPrivs(person):
if CLADone(person):
person.certificate_serial = person.certificate_serial + 1
pkey = openssl_fas.createKeyPair(openssl_fas.TYPE_RSA, 1024);

4
fas/fas2.sql
View file

@ -347,8 +347,8 @@ GRANT ALL ON TABLE people, groups, person_roles, group_roles, bugzilla_queue, co
INSERT INTO people (id, username, human_name, password, email) VALUES (100001, 'admin', 'Admin User', '$1$djFfnacd$b6NFqFlac743Lb4sKWXj4/', 'root@localhost');
-- Create default groups and populate
INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (100002, 'cla_sign', 'Signed CLA Group', (SELECT id from people where username='admin'), 'tracking');
INSERT INTO groups (name, display_name, owner_id, group_type) VALUES ('cla_click', 'Click-through CLA Group', (SELECT id from people where username='admin'), 'tracking');
INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (100002, 'cla_done', 'CLA Done Group', (SELECT id from people where username='admin'), 'tracking');
INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (101441, 'cla_fedora', 'Fedora CLA Group', (SELECT id from people where username='admin'), 'tracking');
INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (100006, 'accounts', 'Account System Admins', (SELECT id from people where username='admin'), 'tracking');
INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (100148, 'fedorabugs', 'Fedora Bugs Group', (SELECT id from people where username='admin'), 'tracking');
INSERT INTO groups (name, display_name, owner_id, group_type) VALUES ('fas-system', 'System users allowed to get password and key information', (SELECT id from people where username='admin'), 'system');