0
0
mirror of https://github.com/PostHog/posthog.git synced 2024-11-24 18:07:17 +01:00
Commit Graph

11 Commits

Author SHA1 Message Date
Michael Matloka
3c0737f0fd
Plugins access control (#3486)
* Add Organization.PluginsAccess

* Rename PluginsAccess to PluginsAccessLevel

* Use Organization.plugins_access_level in can_…_plugins_via_api

* Add migration for Organization.plugins_access_level

* Remove unused PLUGINS_CLOUD_WHITELISTED_ORG_IDS

* Update access.py

* Add OrganizationPluginsAccessLevel TS enum

* Fix merge

* Disable LocalPlugin UI on Cloud

* Move away from PluginAccess interface

* Extend PluginsAccessLevel range

* Refactor PluginsAccessLevel for brevity

* Remove PluginAccess interface completely

* Add plugins managed globally

* Update migration

* Show managing org name in "Managed" plugin tag

* Smoothen some rough edges

* Smoothen more edges

* Restore correct MULTI_TENANCY default

* All the edges

* Fix most existing tests

* Remove PLUGINS_*_VIA_API env var support

* Update pluginsNeedingUpdates

* Remove can_*_plugins_via_api from instance status page

* Add tests and polish permissioning

* Update migration

* Fix typing

* Make plugin drawer UI less intrusive

* Update migration

* Fix Uninstall button condition

* Use unified _preflight status endpoint instead of the custom plugins one

* Fix plugin update label condition

* Fix "Check for updates" button condition

* Explain PluginsAccessLevel choices with comments

* Hide global plugin installation option on self-hosted

* Don't actions.loadRepository() as install org

* Improve permissioning with tests

* Satisfy mypy

* Add plugins access level to admin and fix org admin

* Check plugins access level more

* Rename endWithPeriod

* Refactor FE access control checks to accessControl.ts

* Deduplicate permissioning

* Add exception message

* Align backend and frontend plugins access level helpers

* Add plugins access level helper tests

* Fix ChartFilter
2021-03-17 15:01:55 +01:00
Michael Matloka
1f3145128c
Enable PLUGIN_SERVER_INGESTION (#3107)
* Enable PLUGIN_SERVER_INGESTION_HANDOFF = get_bool_from_env("PLUGIN_SERVER_INGESTION_HANDOFF

* Don't set PLUGIN_SERVER_INGESTION_HANDOFF in worker

* Add comments

* Remove _HANDOFF from PLUGIN_SERVER_INGESTION

* add stats counter for plugin server handoff, so we can verify events out and events in

* add whitelisted posthog and kea organizations

* disable ingestion this round --> first let's just check the plugin server can talk to kafka & clickhouse before sending real events to it

* enable ingestion in docker-compose.ch.yml

* eliminate bad merge

* async action event matching when using postgres plugin server ingestion (#3182)

* fix org

* remove _HANDOFF from topic

* add plugin_ to plugin server ingestion topic

* update plugin server to 0.7.0

Co-authored-by: Marius Andra <marius.andra@gmail.com>
2021-02-04 16:17:24 +01:00
Michael Matloka
bd3b1ef0d5
Clean up EE settings.py and fix Google auth whitelisted domains (#3159) 2021-02-02 16:03:01 +01:00
James Greenhill
583d4cdd26
Add whitelists for domains on Google OAuth (#3098) 2021-01-26 17:44:44 -08:00
Tim Glaser
02044c616f
Denormalize clickhouse props (#2903)
* Denormalize clickhouse props

* Add allow_denormalized_props option

* Use funnels

* fix funnel query

* Add more denormalized props

* Fix comma

* Use materialized columns instead of mat views

* duplicate ,'s

Co-authored-by: James Greenhill <fuziontech@gmail.com>
2021-01-20 12:38:27 +01:00
Michael Matloka
259e801de6
Whitelist plugins per organization on Cloud (#2791)
* Fix unix-dgram build

* Add per-organization whitelisting of plugins API on Cloud

* Add migration

* Update can_install_plugins_via_api calls in serializer

* Remove unused type: ignore

* Update PluginSerializer for organization_id

* Make Plugin.organization nullable

* Fix can_install_plugins_via_api

* Update pluginsLogic.ts

* Adjust can_configure_plugins_via_api for organization

* Don't include organization_id in serializer

* Set default Plugin.organization to first Organization in instance

* Fix PluginConfigSerializer.create

* Test that other orgs' plugins can't be accessed (as if they didn't exist, 404)

* fix typo

Co-authored-by: Marius Andra <marius.andra@gmail.com>
2020-12-16 14:54:30 +01:00
Michael Matloka
1c80aca907
Cleaned up system status page (#2682)
* Polish system status page

* Show system health badge to is_staff users on Cloud

* Update Cypress test

* Correct inconsistent scene name

* Use RDBMS enum instead of constants

* Add "Analytics database in use" to System Status

* Fix typing
2020-12-09 13:57:12 +01:00
Michael Matloka
86c0c1af91
Make Google login an Enterprise/Cloud feature (#2501)
* Make Google login an Enterprise OR Cloud feature

* Fix test

* isort

* Fix typing

* Restore package.json
2020-12-04 19:54:27 +01:00
Paolo D'Amico
44bfcffca4
201021 Fix weekly email report (#1954)
* refactor weekly email task to schedule one async job per team

* optimise async email processing

* turns on weekly email cron job if env var is True

* ensure weekly report emails are sent only once to each email address

* fix mypy
2020-10-22 18:46:33 +02:00
Marius Andra
1eeed28751
Fix Master EE code (#1701)
* add test runner to ease pycharm dev

* fix broken import

* drop and recreate the clickhouse test db before running tests

* fix person uuid str json serialization issue

* make kafka optional in tests

* fix inits

* remove need for kafka in person.py

* fix a bunch of mypy errors

* fix function and add process_event to pipeline

* fixed missing params and tests

* change uuid and fix types

* types

* optimize for merge prop test

* make ClickhouseProducer to produce to clickhouse one way or another

* annotate types

Co-authored-by: Eric <eeoneric@gmail.com>
Co-authored-by: James Greenhill <fuziontech@gmail.com>
2020-09-24 06:14:17 -04:00
Michael Matloka
c040601f49
Personal API keys and Zapier integration (#1281)
* Add missing migration

* Add generate_random_token() model util

* Move PublicTokenAuthentication to utils

* Make use of generate_random_token

* Add User.personal_access_token field

* Add PersonalAccessTokenAuthentication

* Fix PublicTokenAuthentication

* Fix migration and auth import

* Add personal_access_token to user API

* Update Setup.js

* Support trailing slash in API

* Improve PAT auth quality

* Add django-rest-hooks requirement

* Update settings.py for rest_hooks

* Fix django-rest-hooks requirement

* Bring back API routes with no double trailing slash

* Rename posthog.api.team to team_user

* Add API TODO

* Ad PAT auth with X-PAT HTTP header

* Replace User.personal_access_token with PersonalAPIKey model

* Fix PersonalAPIKey max_lengths

* Describe posthog.models.utils.generate_random_token better

* Add personal_api_key to API

* Add authenticate_header to PersonalAPIKeyAuthentication

* Add hook API endpoint

* Use django.utils.timezone in place of datetime.datetime

* Add Personal API Keys to Setup

* Sort personal_api_keys in ORM

* Add Action.on_perform()

* Remove requirements.txt comment

* Add a

* Add REST hook tasks

* Optimize PersonalAPIKeyAuthentication query

* Add a trailing slash version of /e endpoint

* Add team field to PersonalAPIKey model

* Add personal API key support to capture endpoint, get_cached_from_token

* Reject personal API keys from inactive users

* Add extra_properties_json field to /capture

* Improve PAK auth header regex

* Use custom hook model

* Deliver hooks

* Handle action.on_perform

* Consolidate userLogic in userLogic.tsx

* Update PersonalAPIKeys.js

* Make PersonalAPIKey foreign keys read-only

* Update requirements/dev.txt

* Make PersonalAPIKeys TSX

* Fix conflict

* Fix migration

* Fix minor mishaps

* Update and fix tests

* Use CharField of random 32 bits as hook.id

* Fix conflicting migrations

* Fix ValidationError in HookSerializer.validate_event

* Use query param in /api/event/actions ID filtering

* Rename endpoint `hook` to `hooks`

* Satisfy mypy

* Add tests

* Use DRF serialization in action_defined and annotation_created triggers

* Update migration leafs

* Make mypy ignore rest_hooks

* Update Django signal receiver names

* Update TS dependencies

* Revert "Update TS dependencies"

This reverts commit 7fc26fefcd.

* Add field user to Hook model

* Update migration leafs

* Fix circular import

* Fix some code

* Install git before running pip install in Dockerfiles

* Improve personal API keys UI

* Satisfy mypy

* Reword key label placeholder

* Add personal API key support to /api/user/*

Unfortunately these endpoints are still limited by CSRF protections at the moment, so not accessible outside PostHog itself.

* Improve PersonalAPIKeyAuthentication and add CsrfOrKeyViewMiddleware

* Run collectstatic before test

* Don't install dev dependencies in CI

* Update dependency installation order in CI

* Fix bug and describe PersonalAPIKeyAuthentication

* Fix CI issues

* Fix typing issues

* Fix more typing issues

* Use /api/personal_api_keys to list keys

* Move REST hooks (and therefore Zapier) to ee/

* Refactor personal API logic with kea-loaders

* Add "More about API authentication in PostHog docs."

* Update PersonalAPIKeys.tsx

* Use TestMixin

* Fix "Authentication" that should've been "Authorization"

* Add option to skip self.client.force_login in API tests

* Include team_id and user_id in personal API key serialization

* Update test_hooks.py

* Add personal API key tests

* Remove leftover

* Make ee.settings override posthog.settings

* Don't directly import from models

* Remove unused imports

* Fix mypy issues

* Fix HOOK_DELIVERER

* Use decorator for /api/user PAK auth

* Don't fire REST hook if user doesn't have "zapier" feature

* Import Optional

* Reword to "premium Zapier"

* Make mypy happy

* Fix test_delete_personal_api_key

* Fix misclick

* Fix and test /capture with personal API key

* Make mypy happy

* Remove extra_properties_json

* Resolve migrations

* Remove apt-utils

* Optimize and test PAK user.is_active filtering

* Replace DEBUG true with 1

* Remove unused instance_id

* Improve typing

* Fix deletion toast

* Refactor CopyToClipboard and use it in PAKs

* Use toast.success

* Update migrations

* Fix migration

* Fix migrations

* Complete merge

Co-authored-by: Tim Glaser <tim@glsr.nl>
2020-08-26 10:34:57 +02:00