Pull up production

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.7.2
+FROM docker.io/python:3.9.7-buster
 MAINTAINER Computer Science House <rtp@csh.rit.edu>
 
 ENV IMAGEIO_USERDIR /var/lib/gallery

README.md

@@ -80,3 +80,8 @@ Below are instructions for running gallery locally. It assumes that you have alr
 5. `pip install -r requirements.txt`
 
 6. `python3 wsgi.py`
+
+    a. If you get an error like: `Fatal Python error: saving thread twice?`, you can fix it by modifying `wsgi.py`, 
+    changing `app.run(host=app.config['IP'], port=app.config['PORT'])`
+    to `app.run(host=app.config['IP'], port=app.config['PORT'], threaded=False)`
+    A short discussion of this issue can be found [here](https://github.com/pallets/flask/issues/2744).

config.sample.py

@@ -15,3 +15,8 @@
 OIDC_ISSUER = 'https://sso.csh.rit.edu/auth/realms/csh'
 OIDC_CLIENT_ID = 'gallery'
 OIDC_CLIENT_SECRET = ''
+
+EBOARD_UIDS = ''
+RTP_UIDS = ''
+ORGANIZER_UIDS = ''
+ALUMNI_UIDS = ''

gallery/__init__.py

@@ -84,6 +84,8 @@
         None,
         app.config.get("EBOARD_UIDS", "").split(","),
         app.config.get("RTP_UIDS", "").split(","),
+        app.config.get("ORGANIZER_UIDS", "").split(","),
+        app.config.get("ALUMNI_UIDS", "").split(","),
     )
 
 app.add_template_global(ldap, name="ldap")
@@ -571,6 +573,7 @@ def move_file(file_id: int, auth_dict: Optional[Dict[str, Any]] = None):
     assert auth_dict
     if not (auth_dict['is_eboard']
             or auth_dict['is_rtp']
+            or auth_dict['is_organizer']
             or auth_dict['uuid'] == file_model.author):
         return "Permission denied", 403
 
@@ -597,6 +600,7 @@ def move_dir(dir_id: int, auth_dict: Optional[Dict[str, Any]] = None):
     assert auth_dict
     if not (auth_dict['is_eboard']
             or auth_dict['is_rtp']
+            or auth_dict['is_organizer']
             or auth_dict['uuid'] == dir_model.author):
         return "Permission denied", 403
 

gallery/_version.py

@@ -1,6 +1,6 @@
 from os import environ as env
 
-__version__ = "2.1.2"
+__version__ = "2.2.0"
 
 BUILD_REFERENCE = env.get("OPENSHIFT_BUILD_REFERENCE")
 COMMIT_HASH = env.get("OPENSHIFT_BUILD_COMMIT")

gallery/file_modules/__init__.py

@@ -39,6 +39,7 @@ def generate_thumbnail(self):
         self.thumbnail_uuid = hash_file(self.file_path)
 
         with Image(filename=self.file_path) as img:
+            img.auto_orient()
             with Image(width=img.width, height=img.height,
                     background=Color("#EEEEEE")) as bg:
                 bg.composite(img, 0, 0)

gallery/ldap.py

@@ -13,15 +13,21 @@ def is_member_of_group(member: CSHMember, group: str) -> bool:
 
 
 class LDAPWrapper(object):
-    def __init__(self, ldap: Optional[CSHLDAP], eboard: Optional[List[str]] = None, rtp: Optional[List[str]] = None):
+    def __init__(self, ldap: Optional[CSHLDAP], eboard: Optional[List[str]] = None, rtp: Optional[List[str]] = None, organizer: Optional[List[str]] = None, alumni: Optional[List[str]] = None):
         self._ldap = ldap
         self._eboard: List[str] = []
         self._rtp: List[str] = []
+        self._organizer: List[str] = []
+        self._alumni: List[str] = []
 
         if eboard:
             self._eboard = eboard
         if rtp:
             self._rtp = rtp
+        if organizer:
+            self._organizer = organizer
+        if alumni:
+            self._alumni = alumni
 
     def convert_uuid_to_displayname(self, uuid: str) -> str:
         if uuid == "root":
@@ -38,17 +44,23 @@ def is_eboard(self, uid: str) -> bool:
     def is_rtp(self, uid: str) -> bool:
         if self._ldap is None:
             return uid in self._rtp
-        rtp_group = self._ldap.get_group('rtp')
-        return rtp_group.check_member(self._ldap.get_member(uid, uid=True))
+        return is_member_of_group(self._ldap.get_member(uid, uid=True), 'rtp')
 
     def is_alumni(self, uid: str) -> bool:
+        if self._ldap is None:
+            return uid in self._alumni
         return not is_member_of_group(self._ldap.get_member(uid, uid=True), 'current_student')
 
+    def is_organizer(self, uid: str) -> bool:
+        if self._ldap is None:
+            return uid in self._organizer
+        return is_member_of_group(self._ldap.get_member(uid, uid=True), 'gallery_organizers')
+
+
     def get_members(self) -> List[Dict[str, str]]:
         if self._ldap is None:
             return []
         con = self._ldap.get_con()
-
         res = con.search_s(
                 "dc=csh,dc=rit,dc=edu",
                 pyldap.SCOPE_SUBTREE,

gallery/templates/view_dir.html

@@ -81,8 +81,10 @@ <h2>This album is empty.</h2>
 <div class="row">
     <div class="col-xs-12 text-center">
         <a href="#!" class="btn btn-primary" onclick="editDirDescription()">Edit</a>
-        {% if auth_dict['can_edit'] %}
+        {% if auth_dict['can_edit'] or auth_dict['is_organizer'] %}
         <a href="#!" class="btn btn-warning" onclick="moveDir()">Move</a>
+        {% endif %}
+        {% if auth_dict['can_edit'] %}
         <a href="#!" class="btn btn-danger" onclick="deleteDir()">Delete</a>
         {% endif %}
     </div>
@@ -110,7 +112,7 @@ <h4 class="modal-title">Edit</h4>
         </div>
     </div>
 
-    {% if auth_dict['can_edit'] %}
+    {% if auth_dict['can_edit'] or auth_dict['is_organizer'] %}
     <div class="modal fade" id="move" role="dialog">
         <div class="modal-dialog">
             <div class="modal-content">
@@ -129,7 +131,8 @@ <h4 class="modal-title">Select a new parent folder:</h4>
             </div>
         </div>
     </div>
-
+    {% endif %}
+    {% if auth_dict['can_edit'] %}
     <div class="modal fade" id="delete" role="dialog">
         <div class="modal-dialog modal-sm">
             <div class="modal-content">

gallery/templates/view_file.html

@@ -126,7 +126,7 @@ <h4 class="modal-title">Edit</h4>
                         </div>
                     </div>
                 </div>
-            {% if auth_dict['can_edit'] %}
+            {% if auth_dict['can_edit'] or auth_dict['is_organizer'] %}
                 <a href="#!" class="btn btn-warning" onclick="moveFile()">Move</a>
 
                 <div class="modal fade" id="move" role="dialog">
@@ -147,7 +147,8 @@ <h4 class="modal-title">Select a new parent folder:</h4>
                         </div>
                     </div>
                 </div>
-
+            {% endif %}
+            {% if auth_dict['can_edit'] %}
                 <a href="#!" class="btn btn-danger" onclick="deleteFile()">Delete</a>
 
                 <div class="modal fade" id="delete" role="dialog">

gallery/util.py

@@ -75,6 +75,7 @@ def wrapped_function(*args: Any, **kwargs: Any) -> Any:
         is_eboard = ldap.is_eboard(uid)
         is_rtp = ldap.is_rtp(uid)
         is_alumni = ldap.is_alumni(uid)
+        is_organizer = ldap.is_organizer(uid)
 
         # NOTE(rossdylan): This is probably a more precise type than we need,
         # if different data is needed just expand the value type to Any
@@ -85,6 +86,7 @@ def wrapped_function(*args: Any, **kwargs: Any) -> Any:
         auth_dict['is_eboard'] = is_eboard
         auth_dict['is_rtp'] = is_rtp
         auth_dict['is_alumni'] = is_alumni
+        auth_dict['is_organizer'] = is_organizer
         kwargs['auth_dict'] = auth_dict
         return func(*args, **kwargs)
     return wrapped_function

requirements.txt

@@ -2,14 +2,14 @@ Flask==1.0.2
 Flask-pyoidc==2.0.0
 csh_ldap~=2.2.0
 addict==2.2.0
-flask_sqlalchemy==2.3.2
+flask_sqlalchemy==2.5
 flask_migrate==2.3.1
-psycopg2==2.7.7
+psycopg2-binary==2.9.1
 python-magic==0.4.15
 piexif==1.1.2
 wand==0.5.0
 gunicorn==19.9.0
 moviepy==0.2.3.5
 imageio==2.4.0
-boto3
+boto3==1.18.62
 werkzeug == 0.16.1

setup.cfg

@@ -6,7 +6,7 @@ summary = Python Photo Gallery Written in Flask
 url = "https://github.com/ComputerScienceHouse/gallery"
 description-file = README.md
 license = MIT
-version = 2.1.2
+version = 2.2.0
 classifier =
     Natural Language :: English
     Operating System :: POSIX :: Linux