Files
@ 245b4e3abf39
Branch filter:
Location: kallithea/docs/usage/customization.rst - annotation
245b4e3abf39
1.7 KiB
text/prs.fallenstein.rst
auth: add AuthUser.is_anonymous, along with some exposition
This reveals the name of the NotAnonymous decorator to be misleading,
an unfortunate detail only documented here, but which must be properly
resolved in a later changeset.
Note that NotAnonymous behaves as advertised as long as it is used
together with LoginRequired, which is always the case in the current
code, so there's no actual security issue here, the code is just weird,
hard to read and fragile.
---
Some thoughts on cleaning this up in a future changeset: As it turns
out, every controller (except the login page!) should be LoginRequired
decorated (since it doesn't actually block anonymous users, as long as
anonymous access is enabled in the Kallithea config). Thus the most
obvious solution would be to move the LoginRequired functionality into
BaseController (with an override for LoginController), and delete the
decorator entirely. However, LoginRequired does one other thing: it
carries information about whether API access is enabled for individual
controller methods ("@LoginRequired(api_key=True)"), and also performs
the check for this, something which is not easily moved into the base
controller class, since the base controller doesn't know which method is
about to be called. Possibly that can be determined by poking Pylons,
but such code is likely to break with the upcoming TurboGears 2 move.
Thus such cleanup is probably better revisited after the switch to TG2.
This reveals the name of the NotAnonymous decorator to be misleading,
an unfortunate detail only documented here, but which must be properly
resolved in a later changeset.
Note that NotAnonymous behaves as advertised as long as it is used
together with LoginRequired, which is always the case in the current
code, so there's no actual security issue here, the code is just weird,
hard to read and fragile.
---
Some thoughts on cleaning this up in a future changeset: As it turns
out, every controller (except the login page!) should be LoginRequired
decorated (since it doesn't actually block anonymous users, as long as
anonymous access is enabled in the Kallithea config). Thus the most
obvious solution would be to move the LoginRequired functionality into
BaseController (with an override for LoginController), and delete the
decorator entirely. However, LoginRequired does one other thing: it
carries information about whether API access is enabled for individual
controller methods ("@LoginRequired(api_key=True)"), and also performs
the check for this, something which is not easily moved into the base
controller class, since the base controller doesn't know which method is
about to be called. Possibly that can be determined by poking Pylons,
but such code is likely to break with the upcoming TurboGears 2 move.
Thus such cleanup is probably better revisited after the switch to TG2.
60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 60f9840c8df1 | .. _customization:
=============
Customization
=============
There are several ways to customize Kallithea to your needs depending on what
you want to achieve.
HTML/JavaScript/CSS customization
---------------------------------
To customize the look-and-feel of the web interface (for example to add a
company banner or some JavaScript widget or to tweak the CSS style definitions)
you can enter HTML code (possibly with JavaScript and/or CSS) directly via the
*Admin > Settings > Global > HTML/JavaScript customization
block*.
Behavioral customization: rcextensions
--------------------------------------
Some behavioral customization can be done in Python using ``rcextensions``, a
custom Python package that can extend Kallithea functionality.
With ``rcextensions`` it's possible to add additional mappings for Whoosh
indexing and statistics, to add additional code into the push/pull/create/delete
repository hooks (for example to send signals to build bots such as Jenkins) and
even to monkey-patch certain parts of the Kallithea source code (for example
overwrite an entire function, change a global variable, ...).
To generate a skeleton extensions package, run::
paster make-rcext my.ini
This will create an ``rcextensions`` package next to the specified ``ini`` file.
See the ``__init__.py`` file inside the generated ``rcextensions`` package
for more details.
Behavioral customization: code changes
--------------------------------------
As Kallithea is open-source software, you can make any changes you like directly
in the source code.
We encourage you to send generic improvements back to the
community so that Kallithea can become better. See :ref:`contributing` for more
details.
|