| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
These are easier to grok that the old regex based paths, though three
of these are retained as an alternative to creating custom path
converters [1].
[1] https://docs.djangoproject.com/en/3.0/topics/http/urls/#registering-custom-path-converters
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Django 3.1 changed the default hashing algorithm used for things like
password reset tokens from SHA-1 to SHA-256. As noted in the release
notes [1], this is configurable via the 'DEFAULT_HASHING_ALGORITHM'
transitional setting, but that's only intended to allow upgrades of
multiple instances in a HA deployment and shouldn't be used post
upgrade. Instead, we need to fix our URLs to support the longer tokens
generated by SHA-256.
Long term, we want to replace these regex-based routes with the simpler
flask-style template string routes. That's not really backportable so
we'll do that separately.
[1] https://docs.djangoproject.com/en/3.1/releases/3.1/#default-hashing-algorithm-settings
Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #394
|
|
|
|
|
|
|
|
|
| |
Django 3.1 deprecates django.conf.urls.url() as an alias for
django.urls.re_path(). Also switch to using django.urls.include() rather
than django.conf.urls.include().
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to get rid of the split between 'Patch' and 'Submission' because
of the cost of using JOINs basically everywhere we use 'Patch'. Before
we do that, we need to move the other users of 'Submission' to other
models and other models that rely on these users sharing the common
'Submission' base. For the former, there is only one user,
'CoverLetter', while for the latter there is only the 'Comment' model.
As a result, we must do the following:
- Create a new 'Cover' model
- Create a new 'CoverComment' model
- Move everything from 'CoverLetter' to 'Cover' and all entries
associated with a 'CoverLetter' from 'Comment' to 'CoverComment'
- Delete the 'CoverLetter' model
- Rename the 'Comment' model to 'PatchComment'
This means our model "hierarchy" goes from:
Submission
Patch
CoverLetter
Comment
To:
Submission
Patch
PatchComment
Cover
CoverComment
A future change will flatten the 'Submission' and 'Patch' model.
Note that this actually highlighted a bug in Django, which has since
been reported upstream [1]. As noted there, the issue stems from MySQL's
refusal to remove an index from a foreign key when DB constraints are
used and the workaround is to remove the foreign key constraint before
altering the indexes and then re-add the constraint after.
[1] https://code.djangoproject.com/ticket/31335
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
| |
We're going to be doing some model surgery shortly. Do the necessary
renaming of variables ahead of this.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migrate our URL schema as follows:
Patches: /project/<linkname>/patch/<msgid>/
Cover Letters: /project/<linkname>/cover/<msgid>/
The usual sub-resources (mbox, raw) hang off those URLs.
The old style URLs (/patch/NNN/*, /cover/NNN/*) redirect appropriately.
I haven't attempted to do anything meaningful with series, and I
have dropped any attempt to provide a generic message-id lookup
or search functionality. One step at a time.
Our database still stores message ids as with angle brackets; we
just work around that rather than trying to migrate. That too can
come later if we think the pain is justified.
Partially-closes: #106
Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Reported-by-but-I-don't-want-to-spam: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
|
| |
Add the new list archive fields to the API. As this is a
backwards-compatible change, this requires only a minor version increment
to v1.2.
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
|
| |
Let's start managing this via a separate project, which will allow the
client to evolve separately from the server. No redirect is added for
the old '/pwclient' URL as it seems wiser to return a HTTP 404 error
code.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The FSF has a new address since 2005 that hasn't been noted in any file
except the COPYING file. Rather than fix these, simply remove the
headers in favour of a SPDX license header. IANAL but the combination of
the header and the COPYING file in source should resolve this issue.
Note that copyright notices are retained.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #210
Reviewed-by: Veronika Kabatova <vkabatov@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: 5976cce6 ("urls: Remove references to Django < 1.11")
|
|
|
|
|
|
| |
This was missed in the recent "add support for Django 2.0" series.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
| |
Deleting code is fun. We no longer need to carry these so don't.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
|
|
| |
reverse() gets confused when the same view name and kwargs are passed to
it, ignoring what endpoint the request originated from. Fix this by
using different view names for cover letter and patch comments views.
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Veronika Kabatova <vkabatov@redhat.com>
Reviewed-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
| |
Signed-off-by: Veronika Kabatova <vkabatov@redhat.com>
Reviewed-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures clients are getting a consistent response if they request
the old version of the API. We do this by way of extensions to the
'HyperlinkedModelSerializer' class rather than duplicating the
serializers as it results in far less duplication. This approach won't
work for a MAJOR version bump but, all going well, it will be a while
before we have to deal with one of these.
The only two fields added since API 1.0 was released, 'cover.mbox' and
'project.subject_match', are handled accordingly.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
| |
There are two imports not located in the top of the file due to how we
use them. 'noqa' these to prevent issues with static code analysers.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Tested-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
|
|
| |
The function based views are deprecated in Django 1.11 [1], so support
the newer class based views.
[1] https://docs.djangoproject.com/en/dev/releases/1.11/#id2
Signed-off-by: Stephen Finucane <stephen@that.guru>
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
| |
Integrate token support into the web UI.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This raises a warning in Django 1.9 and will cause an error in Django
2.0. Per the documentation [1] it is not even necessary so it can simply
be removed.
This resolves all issues with Django 1.9.
[1] https://docs.djangoproject.com/en/1.11/ref/contrib/admin/\
#hooking-adminsite-instances-into-your-urlconf
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
| |
This is super handy for debugging/development of Patchwork and Patchwork
clients alike.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One of the few remaining warts in the API is versioning. There is some
basic versioning there, but it doesn't work properly as-is. Fix this by
correcting the index endpoint ('/') to use Django REST Framework's
'reverse' function [1], which handles versioning for us [2] and
switching from 'NamespaceVersioning' to 'URLPathVersioning', the latter
of which does the same thing but in a different way.
[1] http://www.django-rest-framework.org/api-guide/reverse/#reverse
[2] http://www.django-rest-framework.org/api-guide/versioning/#reversing-urls-for-versioned-apis
[3] http://www.django-rest-framework.org/api-guide/versioning/#urlpathversioning
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to download a patch mbox with all dependencies. Now make
it possible to download the entire series. This takes the form of the
following URL when using the default routes:
/series/{seriesID}/mbox/
Like the equivalent patch and bundle links, this will return a 404 if
'{seriesID}' does not match an existing series' ID. However, a 404 will
also be returned in the series is not complete, as indicated by
Series.total > Series.received_total. You can override this behavior by
providing the 'force' parameter:
/series/{seriesID}/mbox/?force=1
Note that there are no current plans to provide a series-specific view,
a.k.a.
/series/{seriesID}/
As a result, this particular URL will continue to return a 404.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Reviewed-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
| |
The 'setbundles' view is also removed as it's not called by
anything/anyone.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Reviewed-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I had initially resisted adding a '/bundle' endpoint to the API as I
wanted to kill this feature in favour of series. However, series are not
a like-for-like replacement for bundles. Among other things, series do
not provide the composability of bundles: bundles can be manually
created, meaning you can use bundles to group not only multiple patches
but also multiple series (or at least the patches in those series).
Seeing as we're not getting rid of this feature, we should expose it via
the API. Bundles are little unusual, in that they can be public or
private, thus, we should only show bundles that are public or belonging
to the currently authenticated user, if any. For now, this is a
read-only endpoint. We may well allow creation of bundles via the API
once we figure out how to do this cleanly.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Reviewed-by: Andy Doan <andy.doan@linaro.org>
|
|
|
|
|
|
|
|
|
| |
This is a list only endpoint as it's expected that we would kill events
after a certain duration and would have no reason to allow indexing of
past events.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Tested-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
|
|
|
| |
This is the standard URL for such pages. This involves removing the
pwclient help page, but this is migrated to the project summary page
and detailed in the documentation.
Permanent redirects are included to prevent dead links.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Reviewed-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adopt a hybrid approach, by adding an additional series endpoint to the
existing patch endpoint:
/series/${series_id}/
/patches/${patch_id}/
This is based on the approach described here:
http://softwareengineering.stackexchange.com/a/275007/106804
This is necessary due to the N:N mapping of series and patches: it's
possible for a patch to belong to many series, and a series usually
contains many patches. This means it is not possible to rely on the
patch endpoint alone.
It is also necessary to add a cover letter endpoint, such that the
series body can include this.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ViewSet provide an easy way to define an API, but they don't offer much
flexibility. To get them to work as expected, a lot of hacks were
required. Generic views provide a more verbose, but ultimately easier to
understand, version. Using generic views lets us remove the dependency
of drf-nested-routers, bringing us back down to two main dependencies.
It also lets us remove the AuthenticatedReadOnly permission class, as
the DRF provides a similar permission class that can be used with
generic views.
The main user facing change is that invalid methods, such as POST on an
endpoint that doesn't allow object creation, will now return a HTTP 405
(Method Not Allowed) error code rather than the HTTP 403 (Forbidden)
error code previously returned. This is the semantically correct option
and should have been used all along.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Reviewed-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
|
|
|
| |
Move all REST API-related code into an 'api' directory. This allows us
to break the existing files into endpoint-based files and will allow us
to split the API into a different Django app in the future. This
involves simply shuffling code around for now, so there no functional
changes introduced.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Reviewed-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes-bug: #39
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Don't use 'str', 'id', 'max', etc. as variable names
* Remove unnecessary use of six.range
* Remove unnecessary use of six.map
There is one paramter in xmlrpc that cannot be renamed as it could
break some client code. noqa this instead.
Signed-off-by: Stephen Finucane <stephenfinucane@hotmail.com>
Reviewed-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
| |
There's no need to do imports this way, so move notification handling
into a suitable module.
Signed-off-by: Stephen Finucane <stephenfinucane@hotmail.com>
Reviewed-by: Daniel Axtens <dja@axtens.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This exports patch checks via the REST API.
The drf-nested-routers package is used to handle the fact Checks are
nested under a Patch.
Security Constraints:
* Anyone (logged in or not) can read all objects.
* No one can update/delete objects.
* Project maintainers and patch owners may create objects.
Signed-off-by: Andy Doan <andy.doan@linaro.org>
Reviewed-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This exports projects via the REST API.
Security Constraints:
* Anyone (logged in or not) can read all objects.
* No one can create/delete objects.
* Project maintainers are allowed to update (ie "patch"
attributes)
Signed-off-by: Andy Doan <andy.doan@linaro.org>
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
Inspired-by: Damien Lespiau <damien.lespiau@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the ability to expose a REST API based on the Django REST
framework project. Since this project isn't packaged in most current
distributions, we ensure that its both installed and enabled before
trying to use it.
Signed-off-by: Andy Doan <andy.doan@linaro.org>
Inspired-by: Damien Lespiau <damien.lespiau@intel.com>
Reviewed-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
There isn't really any need to list cover letters right now, seeing as
they're really only valuable in the context of series. However, if
someone requests a cover letter by ID then this should be displayed.
To this effect, add a new "covers" endpoint that can display the basic
elements of the cover letter. This includes redirects from/to the
"patches" endpoint.
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
Reviewed-by: Andy Doan <andy.doan@linaro.org>
|
|
|
|
|
|
|
| |
It's already obvious that the user has logged out, so don't bother
displaying a message saying as much. Redirect to the home page instead.
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
| |
These were introduced in the recent Django 1.9 changes.
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'django-debug-toolbar' application provides an automatic method of
configuring the plugin. However, as noted in the documentation [1],
this can cause issues like circular imports. In this case, a
"Table 'patchwork.patchwork_state' doesn't exist" exception was being
raised when attempting to do an initial migration.
Resolve this by using the manual configuration provided in the docs.
[1] https://django-debug-toolbar.readthedocs.org/en/1.4/installation.html
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
Closes-bug: #29
---
v2: Don't rely on 'settings.DEBUG', as this is set to False in tests
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We'd like to have a per-project list of bundles as we present all data
in the context of a single project anyway.
Still keep the instance-wide list bundles around.
v2: Rename the existing 'bundle-list' url to 'user-bundles', as this is
more inkeeping with the other URLs
Signed-off-by: Damien Lespiau <damien.lespiau@intel.com>
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It would be helpful to provide autocomplete functionality for the
delegate filter field, similar to that provided for the submitter
field. This will provide a way to handle larger delegate lists without
overloading the user with options.
Add this functionality through use of Selectize, which is already used
to provide similar functionality for filtering of "submitters".
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Reversing by Python paths has been deprecated in Django 1.8, causes
warnings in Django 1.9 and will be removed in Django 2.0. Resolve the
warnings and prevent issues in the future by importing by module
instead.
https://docs.djangoproject.com/en/1.9/releases/1.8/#passing-a-dotted-path-to-reverse-and-url
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
|
|
| |
Reverse by name is an alternative to reverse by Python path. The names
must be added as a prerequisite for removing reverse by Python path,
per Django documentation.
https://docs.djangoproject.com/en/1.9/ref/urlresolvers/#django.core.urlresolvers.reverse
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
| |
This is a collection of unrelated functions, many of which belong in
their own file. Do this, taking the opportunity to rename some of these
functions to better indicate their purpose in the process.
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'autopep8' tool can't do everything, and it is necessary to resolve
some final issues. Most of these issues fall under the following
categories:
E501 line too long
E241 multiple spaces after ','
F401 'module' imported but unused
F841 local variable 'name' is assigned to but never used
It is also necessary to insert '# noqa' comments to hide some F403
errors ('unable to detect undefined names') where 'import *' is useful.
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
| |
...using the 'autopep8' tool.
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
| |
Imports are easier to read if they are grouped by type (standard
library, third party, application) and organised alphabetically. Make
it so.
Signed-off-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refurbished version from 2010
Doesn't mention the username in the mail but in the confirmation step.
Essentially the templates are all optional but they do look better (and
more integrated in patchwork) than the default django admin thing.
No testing beyond some bored clicking here and there.
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Acked-by: Stephen Finucane <stephen.finucane@intel.com>
|
|
This change updates patchwor to the newer project struture: we've moved
the actual application out of the apps/ directory, and the
patchwork-specific templates to under the patchwork application.
This gives us the manage.py script in the top-level now.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|