Hi Everyone, The 3.1.2 version is a bug fix release to Arches v3.1.1 after it was discovered that non-logged in users could access the RDM and resource manager directly by using the respective urls (Thanks Joel and Adam!). As a bit of background, in Arches 3.1.1 we added an actual user called "anonymous" that administrators and developers can use to give more fine grained control over what a non-logged in user can do. The anonymous user can be managed like any other user in the system via the admin console. This lead to a few placed in the code that weren't updated and the reason for this latest 3.1.2 release.
Users are encouraged to update Arches at their earliest convenience. If you already updated to 3.1.1 then all you have to do is run the following command from an activated environment: 1. pip install arches --upgrade 2. update authentication/authorization logic in any files (see PLEASE READ section below) 3. restart apache (if using) If you haven't already upgraded to 3.1.1 then follow those directions found here (https://groups.google.com/forum/#!topic/archesproject/vC6kDuXqVwM) then follow steps 2-3 above. *PLEASE READ:* If you upgraded from a previous version (as opposed to installing Arches from scratch), then your templates/header.htm will probably need to be updated in a couple of places: 1. Around line 31 find the line that looks like this <li> <a id="auth-link" href="{% url 'auth' %}?next={{ request.get_full_path }}{% if user.is_anonymous %}">{% trans "Login" %}{% else %}&logout=true">Welcome {{ user.username }} - {% trans "Logout" %}{% endif %}</a> </li> and replace with this <li> <a id="auth-link" href="{% url 'auth' %}?next={{ request.get_full_path }}{% if user.username != 'anonymous' %}&logout=true{% endif %}">{% if user.username == 'anonymous' %}{% trans "Login" %}{% else %}{% trans "Welcome" %} {{ user.username }} - {% trans "Logout" %}{% endif %}</a> </li> 2. Around line 84 find this {% if user_can_edit %} and replace with this {% if 'edit' in user.user_groups %} For parity with earlier releases, users should do the following: 1. Replace any instance of the @login_required decorator with @permission_required('edit') 2. Replace any use of user.is_anonymous() with user.username == 'anonymous' 3. Replace any use of user.is_authenticated() with user.username != 'anonymous' (or alternatively, 'edit' in user.user_groups) Cheers, The Arches Team Listing of changes in the latest releases: Arches 3.1.2 - replace @login_required decorator and is_authenticated() method with actual check for "edit" privileges (this should bring us into sync with the anonymous user updates) -- -- To post, send email to [email protected]. To unsubscribe, send email to [email protected]. For more information, visit https://groups.google.com/d/forum/archesproject?hl=en --- You received this message because you are subscribed to the Google Groups "Arches Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
