d43fbe7ac6
Merge branch 'harden' into 'beta'
...
Harden Django project configuration
See merge request bde/nk20!194
2022-03-09 12:30:23 +01:00
Alexandre Iooss
df5f9b5f1e
Harden Django project configuration
...
Set session and CSRF cookies as secure for production.
Set HSTS header to let browser remember HTTPS for 1 year.
2022-03-09 12:12:56 +01:00
4161248bff
Add permissions to view/create/change/delete OAuth2 applications
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2022-03-09 12:06:19 +01:00
58136f3c48
Fix permission checks in the /api/me view
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2022-03-09 11:45:24 +01:00
d9b4e0a9a9
Fix membership tables for clubs without an ending membership date
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2022-02-13 17:53:05 +01:00
8563a8d235
Fix membership tables for clubs without an ending membership date
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2022-02-13 17:51:22 +01:00
5f69232560
Merge branch 'beta' into 'main'
...
Optional scopes + small bug fix
See merge request bde/nk20!193
2022-02-12 14:37:58 +01:00
d3273e9ee2
Prepare WEI 2022 (because tests are broken)
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2022-02-12 14:24:32 +01:00
4e30f805a7
Merge branch 'optional-scopes' into 'beta'
...
Implement optional scopes : clients can request scopes, but they are not guaranteed to get them
See merge request bde/nk20!192
2022-02-12 13:57:19 +01:00
546e422e64
Ensure some values exist before updating them
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2022-02-12 13:56:07 +01:00
9048a416df
In the /api/me page, display note, profile and memberships only if we have associated permissions
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-23 23:25:18 +01:00
8578bd743c
Add documentation about optional scopes
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-23 22:15:06 +01:00
45a10dad00
Refresh token expire between 14 days
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-23 22:00:08 +01:00
18a1282773
Implement optional scopes : clients can request scopes, but they are not guaranteed to get them
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-23 21:59:37 +01:00
132afc3d15
Fix scope view
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-15 18:59:23 +01:00
6bf16a181a
[ansible] Deploy buster-backports repository only on Debian 10
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-15 15:59:58 +01:00
e20df82346
Main branch is now called main
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-15 15:55:13 +01:00
1eb72044c2
Merge branch 'beta' into 'master'
...
Changements variés et mineurs
Closes #107 et #91
See merge request bde/nk20!191
2021-12-13 21:16:26 +01:00
f88eae924c
Use local version of Turbolinks instead of using Cloudfare
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 21:00:34 +01:00
4b6e3ba546
Display club transactions only with note rights, fixes #107
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 20:01:00 +01:00
bf0fe3479f
Merge branch 'lock-club-notes' into 'beta'
...
Verrouillage de notes
See merge request bde/nk20!190
2021-12-13 18:55:03 +01:00
45ba4f9537
Linting
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 18:33:18 +01:00
b204805ce2
Add permissions to (un)lock club notes
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 18:31:36 +01:00
2f28e34cec
Fix permissions to lock our own note
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 18:27:24 +01:00
9c8ea2cd41
Club notes can now be locked through web interface
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 17:48:20 +01:00
41289857b2
Merge branch 'tirage-au-sort' into 'beta'
...
Boutons
See merge request bde/nk20!189
2021-12-13 17:37:13 +01:00
28a8792c9f
[activity] Add space before line breaks in Wiki export of activities
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 17:30:13 +01:00
58cafad032
Sort buttons by category name instead of id in button list
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 17:19:10 +01:00
7848cd9cc2
Don't search buttons by prefix
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 17:18:54 +01:00
d18ccfac23
Sort aliases by normalized name in profile alias view
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 17:18:54 +01:00
Nicolas Margulies
e479e1e3a4
Added messages for Hide/Show
2021-10-07 23:06:40 +02:00
Nicolas Margulies
82b0c83b1f
Added a Hide/Show button for transaction templates, fixes #91
2021-10-07 22:54:01 +02:00
38ca414ef6
Res[pot] can display user information in order to get first/last name in credits
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-06 10:44:24 +02:00
fd811053c7
Commit missing migrations
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-06 10:41:58 +02:00
9d386d1ecf
Unauthenticated users can't display activity entry view
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-06 10:41:42 +02:00
erdnaxe
0bd447b608
Merge branch 'relax_requirements' into 'beta'
...
Relax requirements and ignore shell.nix
See merge request bde/nk20!187
2021-10-05 15:45:31 +02:00
Alexandre Iooss
3f3c93d928
Ignore shell.nix in Git tree
...
shell.nix is used in Nix to create a specific shell with custom
packages. The name is standardised and need to be in project folder to
ease development tools integrations.
2021-10-05 15:14:56 +02:00
Alexandre Iooss
340c90f5d3
Relax requirements
...
Relax requirements to allow the use of newer versions of dependencies
found in NixPkgs and ArchLinux. Do not limit upper version of
django-extensions as it is not mission critical.
2021-10-05 15:10:20 +02:00
ca2b9f061c
Merge branch 'beta' into 'master'
...
Multiples fix, réparation des pots
Closes #75
See merge request bde/nk20!186
2021-10-05 12:02:03 +02:00
a05dfcbf3d
Linting
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-05 11:46:24 +02:00
ba3c0fb18d
Fix activity get in invite view
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 21:53:35 +02:00
ab69963ea1
Merge branch 'cest-lheure-du-pot' into 'beta'
...
Améliorations Pot
See merge request bde/nk20!184
2021-10-04 18:45:21 +02:00
654c01631a
BDE members can see aliases from other people now
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 18:29:34 +02:00
d94cc2a7ad
NameNAN
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 18:26:14 +02:00
69bb38297f
Fix membership dates for new memberships, fix tests
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 18:15:07 +02:00
9628560d64
Improve entry search with a debouncer
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 14:39:53 +02:00
df3bb71357
Serve static files with Nginx only in production to make JavaScript development easier
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 13:58:48 +02:00
2a216fd994
Entries are distinct
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 13:50:39 +02:00
8dd2619013
Activities are distinct
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 13:50:21 +02:00
62431a4910
Treasurers can manage activity entries
...
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 13:49:16 +02:00