cleanup for v0.13.3 release (#1296)

.github/ISSUE_TEMPLATE/release_cleanup.md

@@ -11,7 +11,7 @@ assignees: 'mikkonie'
 
 TBA
 
-## Issues to add to CHANGELOG
+## Issues to Add in CHANGELOG
 
 TBA
 

CHANGELOG.rst

@@ -13,6 +13,7 @@ Added
 
 - **General**
     - LDAP settings for TLS and user filter (#1340)
+    - ``LDAP_DEBUG`` Django setting
 - **Projectroles**
     - ``_project_badge.html`` template (#1300)
     - ``InvalidFormMixin`` helper mixin (#1310)

adminalerts/plugins.py

@@ -13,13 +13,13 @@
 class SiteAppPlugin(SiteAppPluginPoint):
     """Projectroles plugin for registering the app"""
 
-    #: Name (slug-safe, used in URLs)
+    #: Name (used as plugin ID)
     name = 'adminalerts'
 
     #: Title (used in templates)
     title = 'Admin Alerts'
 
-    #: App URLs (will be included in settings by djangoplugins)
+    #: UI URLs
     urls = urlpatterns
 
     #: Iconify icon

appalerts/plugins.py

@@ -11,13 +11,13 @@
 class SiteAppPlugin(SiteAppPluginPoint):
     """Site plugin for application alerts"""
 
-    #: Name (slug-safe, used in URLs)
+    #: Name (used as plugin ID)
     name = 'appalerts'
 
     #: Title (used in templates)
     title = 'App Alerts'
 
-    #: App URLs (will be included in settings by djangoplugins)
+    #: UI URLs
     urls = urlpatterns
 
     #: Iconify icon
@@ -36,7 +36,7 @@ class SiteAppPlugin(SiteAppPluginPoint):
 class BackendPlugin(BackendPluginPoint):
     """Backend plugin for application alerts"""
 
-    #: Name (slug-safe, used in URLs)
+    #: Name (used as plugin ID)
     name = 'appalerts_backend'
 
     #: Title (used in templates)

bgjobs/plugins.py

@@ -11,8 +11,13 @@
 class ProjectAppPlugin(ProjectAppPluginPoint):
     """Plugin for registering app with Projectroles"""
 
+    #: Name (used as plugin ID)
     name = 'bgjobs'
+
+    #: Title (used in templates)
     title = 'Background Jobs'
+
+    #: UI URLs
     urls = urls_ui_project
 
     #: Iconify icon
@@ -61,13 +66,13 @@ class BackgroundJobsPluginPoint(PluginPoint):
 class SiteAppPlugin(SiteAppPluginPoint):
     """Projectroles plugin for registering the app"""
 
-    #: Name (slug-safe, used in URLs)
+    #: Name (used as plugin ID)
     name = 'bgjobs_site'
 
     #: Title (used in templates)
     title = 'Site Background Jobs'
 
-    #: App URLs (will be included in settings by djangoplugins)
+    #: UI URLs
     urls = urls_ui_site
 
     #: Iconify icon

config/settings/base.py

@@ -339,6 +339,7 @@
 # Enable LDAP if configured
 ENABLE_LDAP = env.bool('ENABLE_LDAP', False)
 ENABLE_LDAP_SECONDARY = env.bool('ENABLE_LDAP_SECONDARY', False)
+LDAP_DEBUG = env.bool('LDAP_DEBUG', False)
 
 # Alternative domains for detecting LDAP access by email address
 LDAP_ALT_DOMAINS = env.list('LDAP_ALT_DOMAINS', None, [])
@@ -348,6 +349,8 @@
     import ldap
     from django_auth_ldap.config import LDAPSearch
 
+    if LDAP_DEBUG:
+        ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
     # Default values
     LDAP_DEFAULT_CONN_OPTIONS = {ldap.OPT_REFERRALS: 0}
     LDAP_DEFAULT_ATTR_MAP = {

docs/source/app_projectroles_settings.rst

@@ -379,19 +379,26 @@ This part of the setup is **optional**.
     If only using one LDAP/AD server, you can leave the "secondary LDAP server"
     values unset.
 
+.. hint::
+
+    To help debug possible connection problems with your LDAP server(s), set
+    ``LDAP_DEBUG=1`` in your environment variables.
+
 .. code-block:: python
 
     ENABLE_LDAP = env.bool('ENABLE_LDAP', False)
     ENABLE_LDAP_SECONDARY = env.bool('ENABLE_LDAP_SECONDARY', False)
+    LDAP_DEBUG = env.bool('LDAP_DEBUG', False)
 
     if ENABLE_LDAP:
         import itertools
         import ldap
         from django_auth_ldap.config import LDAPSearch
 
+        if LDAP_DEBUG:
+            ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
         # Default values
         LDAP_DEFAULT_CONN_OPTIONS = {ldap.OPT_REFERRALS: 0}
-        LDAP_DEFAULT_FILTERSTR = '(sAMAccountName=%(user)s)'
         LDAP_DEFAULT_ATTR_MAP = {
             'first_name': 'givenName',
             'last_name': 'sn',
@@ -402,12 +409,22 @@ This part of the setup is **optional**.
         AUTH_LDAP_SERVER_URI = env.str('AUTH_LDAP_SERVER_URI', None)
         AUTH_LDAP_BIND_DN = env.str('AUTH_LDAP_BIND_DN', None)
         AUTH_LDAP_BIND_PASSWORD = env.str('AUTH_LDAP_BIND_PASSWORD', None)
-        AUTH_LDAP_CONNECTION_OPTIONS = LDAP_DEFAULT_CONN_OPTIONS
+        AUTH_LDAP_START_TLS = env.str('AUTH_LDAP_START_TLS', False)
+        AUTH_LDAP_CA_CERT_FILE = env.str('AUTH_LDAP_CA_CERT_FILE', None)
+        AUTH_LDAP_CONNECTION_OPTIONS = {**LDAP_DEFAULT_CONN_OPTIONS}
+        if AUTH_LDAP_CA_CERT_FILE is not None:
+            AUTH_LDAP_CONNECTION_OPTIONS[
+                ldap.OPT_X_TLS_CACERTFILE
+            ] = AUTH_LDAP_CA_CERT_FILE
+            AUTH_LDAP_CONNECTION_OPTIONS[ldap.OPT_X_TLS_NEWCTX] = 0
+        AUTH_LDAP_USER_FILTER = env.str(
+            'AUTH_LDAP_USER_FILTER', '(sAMAccountName=%(user)s)'
+        )
 
         AUTH_LDAP_USER_SEARCH = LDAPSearch(
             env.str('AUTH_LDAP_USER_SEARCH_BASE', None),
             ldap.SCOPE_SUBTREE,
-            LDAP_DEFAULT_FILTERSTR,
+            AUTH_LDAP_USER_FILTER,
         )
         AUTH_LDAP_USER_ATTR_MAP = LDAP_DEFAULT_ATTR_MAP
         AUTH_LDAP_USERNAME_DOMAIN = env.str('AUTH_LDAP_USERNAME_DOMAIN', None)
@@ -427,12 +444,22 @@ This part of the setup is **optional**.
             AUTH_LDAP2_SERVER_URI = env.str('AUTH_LDAP2_SERVER_URI', None)
             AUTH_LDAP2_BIND_DN = env.str('AUTH_LDAP2_BIND_DN', None)
             AUTH_LDAP2_BIND_PASSWORD = env.str('AUTH_LDAP2_BIND_PASSWORD', None)
-            AUTH_LDAP2_CONNECTION_OPTIONS = LDAP_DEFAULT_CONN_OPTIONS
+            AUTH_LDAP2_START_TLS = env.str('AUTH_LDAP2_START_TLS', False)
+            AUTH_LDAP2_CA_CERT_FILE = env.str('AUTH_LDAP2_CA_CERT_FILE', None)
+            AUTH_LDAP2_CONNECTION_OPTIONS = {**LDAP_DEFAULT_CONN_OPTIONS}
+            if AUTH_LDAP2_CA_CERT_FILE is not None:
+                AUTH_LDAP2_CONNECTION_OPTIONS[
+                    ldap.OPT_X_TLS_CACERTFILE
+                ] = AUTH_LDAP2_CA_CERT_FILE
+                AUTH_LDAP2_CONNECTION_OPTIONS[ldap.OPT_X_TLS_NEWCTX] = 0
+            AUTH_LDAP2_USER_FILTER = env.str(
+                'AUTH_LDAP2_USER_FILTER', '(sAMAccountName=%(user)s)'
+            )
 
             AUTH_LDAP2_USER_SEARCH = LDAPSearch(
                 env.str('AUTH_LDAP2_USER_SEARCH_BASE', None),
                 ldap.SCOPE_SUBTREE,
-                LDAP_DEFAULT_FILTERSTR,
+                AUTH_LDAP2_USER_FILTER,
             )
             AUTH_LDAP2_USER_ATTR_MAP = LDAP_DEFAULT_ATTR_MAP
             AUTH_LDAP2_USERNAME_DOMAIN = env.str('AUTH_LDAP2_USERNAME_DOMAIN')

docs/source/app_projectroles_usage.rst

@@ -397,6 +397,14 @@ Revoked Access
     reading project metadata (title, description..) without member roles are
     implemented in the data model and backend, but currently disabled in the UI.
 
+.. note::
+
+    If synchronizing a project with *public guest access* enabled, this setting
+    is **not** automatically set on the target site. If you wish to make the
+    project also publicly accessible on the target site, it needs to be
+    explicitly set by the project owner, delegate or a superuser in the
+    :guilabel:`Update Project` form.
+
 Once desired access to specific projects has been granted and confirmed, the
 target site will sync the data by sending a request to the source site.
 

docs/source/dev_core_guide.rst

@@ -56,6 +56,11 @@ your commit(s).
 Code Conventions
 ================
 
+This section lists code conventions when contributing to the SODAR Core project.
+
+General Conventions
+-------------------
+
 The following conventions should be adhered to in SODAR Core development:
 
 - Limit line length to 80 characters.
@@ -70,6 +75,32 @@ The following conventions should be adhered to in SODAR Core development:
     * Possibility to expand the entire project into using type hints will be
       looked into.
 
+Module Imports
+--------------
+
+Import order of python modules is as follows. Use alphabetical order within each
+of the groups.
+
+- Full imports of Python standard library or general purpose packages
+    * E.g. ``import io``
+- Submodule imports of Python standard library or general purpose packages
+    * E.g. ``from math import ceil``
+- Django imports
+    * E.g. ``from django.conf import settings``
+- Imports from packages extending Django
+    * Such as ``rules``, ``django-rest-framework`` or Django testing specific
+      requirements
+    * E.g. ``from rest_framework import serializers``
+- SODAR Core ``projectroles`` imports
+    * E.g. ``from projectroles.plugins import get_backend_api``
+    * Prefix these with ``# Projectroles dependency``
+    * Hardcoded imports from other SODAR Core apps should be avoided, use
+      ``get_backend_api()`` instead.
+- Imports from within the current app
+    * E.g. ``from yourapp.forms import YourForm``
+    * For consistency and clarity, give the full module path for imports. E.g.
+      ``from yourapp.views import x`` instead of ``from views import x``
+
 
 .. _dev_core_guide_template:
 

docs/source/dev_resource.rst

@@ -80,15 +80,22 @@ arguments in its init function, with the exception of ``queryset``,
 
 The init function also takes new arguments which are specified below:
 
-- ``scope``: Scope of users to include (string)
-    * ``all``: All users on the site
-    * ``project``: Limit search to users in given project
-    * ``project_exclude`` Exclude existing users of given project
-- ``project``: Project object or project UUID string (optional)
-- ``exclude``: List of User objects or User UUIDs to exclude (optional)
-- ``forward``: Parameters to forward to autocomplete view (optional)
-- ``url``: Autocomplete ajax class override (optional)
-- ``widget_class``: Widget class override (optional)
+``scope``
+    Scope of users to include (string). Options:
+
+    - ``all``: All users on the site
+    - ``project``: Limit search to users in given project
+    - ``project_exclude`` Exclude existing users of given project
+``project``
+    Project object or project UUID string (optional)
+``exclude``
+    List of User objects or User UUIDs to exclude (optional)
+``forward``
+    Parameters to forward to autocomplete view (optional)
+``url``
+    Autocomplete ajax class override (optional)
+``widget_class``
+    Widget class override (optional)
 
 Below is an example of the classes usage. Note that you can also define the
 field as a form class member, but the ``project`` or ``exclude`` values are
@@ -477,13 +484,17 @@ UI test classes found in ``projectroles.tests.test_ui``. Default values for
 these settings can be found in ``config/settings/test.py``. The settings are as
 follows:
 
-- ``PROJECTROLES_TEST_UI_CHROME_OPTIONS``: Options for Chrome through Selenium.
-  Can be used to e.g. enable/disable headless testing mode.
-- ``PROJECTROLES_TEST_UI_WINDOW_SIZE``: Custom browser window size.
-- ``PROJECTROLES_TEST_UI_WAIT_TIME``: Maximum wait time for UI test operations
-- ``PROJECTROLES_TEST_UI_LEGACY_LOGIN``: If set ``True``, use the legacy UI
-  login and redirect function for testing with different users. This can be used
-  if e.g. issues with cookie-based logins are encountered.
+``PROJECTROLES_TEST_UI_CHROME_OPTIONS``
+    Options for Chrome through Selenium. Can be used to e.g. enable/disable
+    headless testing mode.
+``PROJECTROLES_TEST_UI_WINDOW_SIZE``
+    Custom browser window size.
+``PROJECTROLES_TEST_UI_WAIT_TIME``
+    Maximum wait time for UI test operations
+``PROJECTROLES_TEST_UI_LEGACY_LOGIN``
+    If set ``True``, use the legacy UI login and redirect function for testing
+    with different users. This can be used if e.g. issues with cookie-based
+    logins are encountered.
 
 Base Test Classes and Helpers
 -----------------------------

docs/source/major_changes.rst

@@ -22,6 +22,7 @@ v0.13.3 (WIP)
 - Fix hidden JSON project setting reset on non-superuser project update
 - Fix custom app setting validation calls in forms
 - Fix multiple remote sync app settings updating issues
+- Fix request object not provided to perform_project_modify() on create
 - General bug fixes and minor updates
 
 

example_backend_app/plugins.py

@@ -7,7 +7,7 @@
 class BackendPlugin(BackendPluginPoint):
     """Plugin for registering backend app with Projectroles"""
 
-    #: Name (slug-safe, used in URLs)
+    #: Name (used as plugin ID)
     name = 'example_backend_app'
 
     #: Title (used in templates)

example_project_app/plugins.py

@@ -36,13 +36,13 @@ class ProjectAppPlugin(ProjectModifyPluginMixin, ProjectAppPluginPoint):
 
     # Properties required by django-plugins ------------------------------
 
-    #: Name (slug-safe)
+    #: Name (used as plugin ID)
     name = 'example_project_app'
 
     #: Title (used in templates)
     title = 'Example Project App'
 
-    #: App URLs (will be included in settings by djangoplugins)
+    #: UI URLs
     urls = urlpatterns
 
     # Properties defined in ProjectAppPluginPoint -----------------------

example_site_app/plugins.py

@@ -7,13 +7,13 @@
 class SiteAppPlugin(SiteAppPluginPoint):
     """Projectroles plugin for registering the app"""
 
-    #: Name (slug-safe, used in URLs)
+    #: Name (used as plugin ID)
     name = 'example_site_app'
 
     #: Title (used in templates)
     title = 'Example Site App'
 
-    #: App URLs (will be included in settings by djangoplugins)
+    #: UI URLs
     urls = urlpatterns
 
     #: Iconify icon