diff --git a/Dockerfile b/Dockerfile index 1cb5576..f815c19 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.7.2 +FROM docker.io/python:3.9.7-buster MAINTAINER Computer Science House ENV IMAGEIO_USERDIR /var/lib/gallery diff --git a/README.md b/README.md index 40b0bd4..8594982 100644 --- a/README.md +++ b/README.md @@ -80,3 +80,8 @@ Below are instructions for running gallery locally. It assumes that you have alr 5. `pip install -r requirements.txt` 6. `python3 wsgi.py` + + a. If you get an error like: `Fatal Python error: saving thread twice?`, you can fix it by modifying `wsgi.py`, + changing `app.run(host=app.config['IP'], port=app.config['PORT'])` + to `app.run(host=app.config['IP'], port=app.config['PORT'], threaded=False)` + A short discussion of this issue can be found [here](https://github.com/pallets/flask/issues/2744). diff --git a/config.sample.py b/config.sample.py index 9e1ec20..8d2027a 100644 --- a/config.sample.py +++ b/config.sample.py @@ -15,3 +15,8 @@ OIDC_ISSUER = 'https://sso.csh.rit.edu/auth/realms/csh' OIDC_CLIENT_ID = 'gallery' OIDC_CLIENT_SECRET = '' + +EBOARD_UIDS = '' +RTP_UIDS = '' +ORGANIZER_UIDS = '' +ALUMNI_UIDS = '' diff --git a/gallery/__init__.py b/gallery/__init__.py index 3f835c1..b3a8747 100644 --- a/gallery/__init__.py +++ b/gallery/__init__.py @@ -84,6 +84,8 @@ None, app.config.get("EBOARD_UIDS", "").split(","), app.config.get("RTP_UIDS", "").split(","), + app.config.get("ORGANIZER_UIDS", "").split(","), + app.config.get("ALUMNI_UIDS", "").split(","), ) app.add_template_global(ldap, name="ldap") @@ -571,6 +573,7 @@ def move_file(file_id: int, auth_dict: Optional[Dict[str, Any]] = None): assert auth_dict if not (auth_dict['is_eboard'] or auth_dict['is_rtp'] + or auth_dict['is_organizer'] or auth_dict['uuid'] == file_model.author): return "Permission denied", 403 @@ -597,6 +600,7 @@ def move_dir(dir_id: int, auth_dict: Optional[Dict[str, Any]] = None): assert auth_dict if not (auth_dict['is_eboard'] or auth_dict['is_rtp'] + or auth_dict['is_organizer'] or auth_dict['uuid'] == dir_model.author): return "Permission denied", 403 diff --git a/gallery/_version.py b/gallery/_version.py index 3fd7971..0dee9a5 100644 --- a/gallery/_version.py +++ b/gallery/_version.py @@ -1,6 +1,6 @@ from os import environ as env -__version__ = "2.1.2" +__version__ = "2.2.0" BUILD_REFERENCE = env.get("OPENSHIFT_BUILD_REFERENCE") COMMIT_HASH = env.get("OPENSHIFT_BUILD_COMMIT") diff --git a/gallery/file_modules/__init__.py b/gallery/file_modules/__init__.py index 39917ab..efe88db 100644 --- a/gallery/file_modules/__init__.py +++ b/gallery/file_modules/__init__.py @@ -39,6 +39,7 @@ def generate_thumbnail(self): self.thumbnail_uuid = hash_file(self.file_path) with Image(filename=self.file_path) as img: + img.auto_orient() with Image(width=img.width, height=img.height, background=Color("#EEEEEE")) as bg: bg.composite(img, 0, 0) diff --git a/gallery/ldap.py b/gallery/ldap.py index 0a08d66..1549e4a 100644 --- a/gallery/ldap.py +++ b/gallery/ldap.py @@ -13,15 +13,21 @@ def is_member_of_group(member: CSHMember, group: str) -> bool: class LDAPWrapper(object): - def __init__(self, ldap: Optional[CSHLDAP], eboard: Optional[List[str]] = None, rtp: Optional[List[str]] = None): + def __init__(self, ldap: Optional[CSHLDAP], eboard: Optional[List[str]] = None, rtp: Optional[List[str]] = None, organizer: Optional[List[str]] = None, alumni: Optional[List[str]] = None): self._ldap = ldap self._eboard: List[str] = [] self._rtp: List[str] = [] + self._organizer: List[str] = [] + self._alumni: List[str] = [] if eboard: self._eboard = eboard if rtp: self._rtp = rtp + if organizer: + self._organizer = organizer + if alumni: + self._alumni = alumni def convert_uuid_to_displayname(self, uuid: str) -> str: if uuid == "root": @@ -38,17 +44,23 @@ def is_eboard(self, uid: str) -> bool: def is_rtp(self, uid: str) -> bool: if self._ldap is None: return uid in self._rtp - rtp_group = self._ldap.get_group('rtp') - return rtp_group.check_member(self._ldap.get_member(uid, uid=True)) + return is_member_of_group(self._ldap.get_member(uid, uid=True), 'rtp') def is_alumni(self, uid: str) -> bool: + if self._ldap is None: + return uid in self._alumni return not is_member_of_group(self._ldap.get_member(uid, uid=True), 'current_student') + def is_organizer(self, uid: str) -> bool: + if self._ldap is None: + return uid in self._organizer + return is_member_of_group(self._ldap.get_member(uid, uid=True), 'gallery_organizers') + + def get_members(self) -> List[Dict[str, str]]: if self._ldap is None: return [] con = self._ldap.get_con() - res = con.search_s( "dc=csh,dc=rit,dc=edu", pyldap.SCOPE_SUBTREE, diff --git a/gallery/templates/view_dir.html b/gallery/templates/view_dir.html index 840f687..75119a4 100644 --- a/gallery/templates/view_dir.html +++ b/gallery/templates/view_dir.html @@ -81,8 +81,10 @@

This album is empty.

Edit - {% if auth_dict['can_edit'] %} + {% if auth_dict['can_edit'] or auth_dict['is_organizer'] %} Move + {% endif %} + {% if auth_dict['can_edit'] %} Delete {% endif %}
@@ -110,7 +112,7 @@

Edit

- {% if auth_dict['can_edit'] %} + {% if auth_dict['can_edit'] or auth_dict['is_organizer'] %} - + {% endif %} + {% if auth_dict['can_edit'] %} - {% if auth_dict['can_edit'] %} + {% if auth_dict['can_edit'] or auth_dict['is_organizer'] %} Move - + {% endif %} + {% if auth_dict['can_edit'] %} Delete