[gentoo-soc] Okupy - Report #2

[gentoo-soc] Okupy - Report #2

[Theo Chatzimichos]

[-- Attachment #1: Type: text/plain, Size: 2672 bytes --]

This comes with a dealy, as I've been sick the past days. The LDAP related 
code is 90% done. It now has the following features:

 - Login to the system (report #1 explains in detail how login works). It 
previously was using only the basic info (real name, primary email), but now 
it is configurable to use more info, where the sysadmin is able to define in the 
config files. This was easy to do, by creating a second dictionary to map the 
django user profile fields with LDAP attributes.
 - Signup. For this, an admin LDAP account is needed to be put in the config 
file. The admin account, contrary to other backends, is used only to create new 
users. Other LDAP implementations use that admin account for everything 
though. So, now the user declares username/password, the anon account searches 
if the user already exists (both the username and the email have to be 
unique), and if not, it creates the account, using the same dictionary to map 
django DB fields with LDAP attributes.
 - User settings. There are some forms that allow the user to change his data. 
This is done by using his own account, and not by using the admin account to 
do that. A second password is being created for the session, since we didn't 
want to cache the regular password. (again, report #1 has more info about it).
 - Map LDAP ACL to Django groups. For that, a special multivalued attribute is 
used, in gentoo it is called gentooAccess, which contains some *.group entries 
that specify the user's special permissions. This gives the abillity to a 
special team to touch other users' data, eg infra. While the mapping is 
complete, the UI is not yet.

Other things that I did:

 - I set up the service in one of my home servers, so that Matt can test it 
too. The LDAP used there is very minimalistic.
 - I gave Robin some cfengine patches for both the webapp and the LDAP (which 
should be as much identical to the official as possible). They are not complete 
yet though. Once the webapp is up and running in vulture ( the soc.dev server) 
I'll be able to test it in our official configuration.

What I'm going to do during the weekend:

 - Improve documentation (docstrings) and fire up sphinx
 - Improve logging system
 - I started writing some tests for the backend, I'm going to finish it, and 
plus write tests for all the above as well.
 - Create an ebuild to automate tests
 - Finish the "touch other users' data" UI

After that, the LDAP system will be finished, and let the tests show me bugs. 

Next week I'll start working on the website part, beginning with the LXML 
parsing of our docs.
-- 
Theo Chatzimichos | blog.tampakrap.gr
Gentoo KDE/Qt, Planet, Overlays

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]