Call for comments: Authentication system and repositories

[peterkuma]

Hi Everybody,

I have been thinking about how to move fileshack forward. The authentication system is clearly unsatisfactory for many use cases. Therefore, I would like to propose a new system. Your input on the issue is very much welcome.

The idea is to have user accounts, and allow for multiple common and per-user repositories. Both could be managed via the user interface.

Users

New users could be created in the UI by users with administrator permission. A user would be identified by a username, and have an associated email and an indication if:

• is an administrator
• can have user repositories
• can add common repositories

Logging in would be done either with password, or (optionally) via supported providers (Facebook, Google, ...). The password could be chosen up-front, or you could let fileshack send an invitation e-mail, and users would choose password themselves on a supplied link.

Note: You would be able to set allowed providers in django admin.

Users could also register on the login page, but subsequently this would have to be confirmed by an administrator.

Users would be able to modify some of their details on their own at any time: e-mail, password, and authentication with providers.

Repositories

There would be two types of repositories: common repositories and user repositories. Repositories could be switched in the UI. Users with sufficient permission could create new repositories.

Common repositories would be available at:

http://fileshack.example.org/<repository>/

User repositories would be available at:

http://fileshack.example.org/<username>/<repository>/

Permission

Per-user permission to read, write or manage a repository could be set in the UI by users with manage permission to the repository. A repository could also be set as public, in which case anybody would be able to read it without a user account.

Mockups

[rjmoggach]

I would suggest taking advantage of the already robust options for authentication, user management, profiles, and model/object security. Make it a truly pluggable app that is flexible under many situations so that it can be plugged into existing projects and more people will jump in.

Do one thing really well...managing file IO and sharing in a secured area... then make it extensible - everything you're suggesting is possible using existing apps. If something is missing then try to contribute to that effort instead of reinventing the wheel.

Some feature ideas - -Signals to allow hooking in from other apps -generic pluggable sites for multiple shacks in one domain -subclassable models with mixins to allow customizing feature set -permission to share private shacks without creating a new user using token urls for auth -folder visibility per user/group -users can manage subsets of users... eg. a primary client contact can share with their coworkers and create moderated accounts with access that matches theirs

Here's an early list of apps that should be considered seriously for integration. Doing this will certainly bring attract a wider user base and more contributions.

python-social-auth (previously django-social-auth) django-storages django-subdomains django-tagging OR django-taggit based on INSTALLED_APPS easy-thumbnails OR sorl.thumbnail django-wiki django-userena ajaxuploader django-crispy-forms django-grappelli django-guardian django-haystack django-reversion celery

[peterkuma]

Hi Robert, thank you for the wealth of suggestions. I'll think more about the case when people use it as an embedded app.

One idea was to make it into a standalone javascript library and a minimal django app, which would be handling just the more sophisticated uploading (chunk upload, upload resume). But that would require additional work from the integrator (creating UI). fileshack as it is today could be based on that library.

Another option might be to provide a minimal UI as well, perhaps pluggable by a template tag. This would require almost no additional effort, but there are many questions about what it should look like to satisfy the diversity of environments it could be embedded into. E.g. should there be a notion of users?

Regarding hooks, if it is made into js lib + mini django app, the django app could provide a well defined REST API. When it comes to signals, much could be done with built-in signals on models, but it could perhaps provide a few more for specific cases, like when file was uploaded/removed/changed state.

Multiple shacks in one domain is a good idea.

Subclassable models sound interesting. Something in the spirit of django comments would be viable.

Sharable shacks. Good idea as well.

Folder visibility - that could be done with the system as proposed above, by simply making repositories visible only to those who have read permission. Groups I think would make everything quite a bit more complicated, and I'm not sure if it is worth it.

Subset of users also sounds rather complicated. I think something similar could be done by creating separate sites (possibly under single domain name).

One has to consider that requiring more libraries makes much more space for interoperability issues, because they tend to change in non-backward compatible way. It is also a burden for integrators - e.g. if an app requires 6 other apps to be installed, they might be wary of maintainability and security (some may introduce vulnerabilities and they need to be aware of that).

I went through the apps only briefly, so please excuse any ignorance on my part. Here are some thoughts:

• python-social-auth. Probably a good choice, I wouldn't want to implement oauth myself.
• django-storage. Not bad, but some of the backends may not be able to support chunked upload or upload resume. There may also be issues about making secure (non-guessable) links.
• django-subdomains. Maybe a good one, but think this might be done very easily without it.
• django-tagging. I would rather leave this out for integrators. Or maybe in the future.
• easy-thumbnails. I acutally wish to add support for uploading images in a way that they would be displayed inline, and open a slideshow when clicked.
• django-wiki. I don't see how we could use that, I would rather keep fileshack small and simple.
• django-userena. Might be a good choice.
• ajaxuploader. fileshack already implements these things, and it is actually its major function. The problem with using libraries like this is that it has to support the features fileshack does in order to be beneficial (variable chunk uploading, resume, download while uploading, slicing, portability, ...).
• django-crispy-forms. I don't see how we could use that at the moment.
• django-grappelli. I would rather implement most things well in the UI, in which case django admin would be satisfactory as it is.
• django-guardian. Maybe yes.
• django-haystack. fileshack would need to implement some sort of pagination first, otherwise there can't be many files anyway. But in the case of multiple repositories, site-wide search might be useful.
• django-revision. Revisions are indeed a good idea, but I'm not sure how to support them in the UI without making it feel heavy-weight. I will think about that.
• celery. Yes, if we need tasks, this might be a way to go.

Thanks again for all the stuff.

[rjmoggach]

did you get anywhere with the overhaul?

[peterkuma]

Hi Robert,

No, I haven't started yet. I wanted to allow for some time to think about it. I have decided to go ahead with the original proposition, i.e. to focus on a good experience as a standalone application (rather than embedded), because that is best aligned with how fileshack was originally designed. The aim is to provide a good solution for people who want to create a simple file storage for themselves and friends, or for a small company on their own server.

It is probably not going to be so much of an overhaul in the end. The change is going to require three new models (User, Permission, Repository), RESTful API (backbone-tastypie seems like a good choice), a bulk of frontend work in javascript/backbone (menus & interaction), and two forms for sign-in/sign-up.

Would you like to give a hand with any of that?