Change the permissions required for a signoff, so that the testers group
does not need change_package permission
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
We do this elsewhere on the master keys page, so do the same thing here.
Noticed-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
There have been a few proposed solutions to this, but there really isn't
anything without a drawback. Things break pagination, require loading
the entire result set from the database, etc.
Just plop a new table on the page if someone did a so-called "simple"
search and we have a match. Only show on the first page of the search
results. This results in a relatively fast experience for someone doing
something like searching for the "perl" package.
Signed-off-by: Dan McGee <dan@archlinux.org>
The removal of the root `__init__.py` file is so the testing framework
does consistent imports of our models now that the loading strategy has
changed.
Signed-off-by: Dan McGee <dan@archlinux.org>
Most of these were suggested by PyCharm, and include everything from
little syntax issues and other bad smells to dead or bad code.
Signed-off-by: Dan McGee <dan@archlinux.org>
We sometimes see some web bots and crawlers make HEAD requests to verify
existence of certain pages in the application. However, they are less
than kind as 20-50 requests might arrive at the same time, and package
search and details pages are some of the slowest rendering pages we have
due to the Django template engine.
Rather than waste time generating the content only to throw it away,
response as soon as we can with either a 404 or 200 response as
appropriate, omitting the 'Content-Length' header completely, which
seems to be acceptable by the HTTP spec.
Signed-off-by: Dan McGee <dan@archlinux.org>
This was added in Django 1.4, and ensures both GET and HEAD requests,
but not POST requests, are allowed through.
Signed-off-by: Dan McGee <dan@archlinux.org>
This covers the case where we can't find the package in any other
repositories, but it was removed recently enough that we have a found
package update object.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a bit silly to encode in the URL, or at least makes it much
harder to screen out via robots.txt and other such things.
Signed-off-by: Dan McGee <dan@archlinux.org>
Switch it to a hardcoded value of 100 for all searches instead. It
didn't make much sense having a page number be part of the URL and a
limit value being part of the query string.
Signed-off-by: Dan McGee <dan@archlinux.org>
This was added in Django 1.5 and allows saving only a subset of a
model's fields. It makes sense in a few cases to utilize it.
Signed-off-by: Dan McGee <dan@archlinux.org>
It is a lot easier to just sort the list rather than mess with this
particular field, which didn't even allow you to specify a range or
direction to search in.
Signed-off-by: Dan McGee <dan@archlinux.org>
This works better in most cases since we need the architecture and
repository objects at some point during the view process.
Signed-off-by: Dan McGee <dan@archlinux.org>
We were peppering the database with a bunch of queries here; using
prefetch_related and attach_maintainers can cut down the count
significantly.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is temporary or at least a quick way to ensure regular users aren't
confused by staging packages; later updates should re-enable display of
this for logged in developers and trusted users.
Signed-off-by: Dan McGee <dan@archlinux.org>
This reverts commit 9ab460c53a.
This seemed like the right thing to do, but it doesn't really play well
with our more general dispatch framework we now do on the package
details pages. Just let it 404 like it always did, as these pages are
less essential. We can perhaps add a full dispatcher later if we really
feel the need.
For example, bitcoin-git in the Arch repos is currently marked replaced
by both bitcoin-qt and bitcoin-daemon. This allows us to show a page
with both options listed instead of a blank 404 page.
Signed-off-by: Dan McGee <dan@archlinux.org>
This makes sense if there is only one available replacement. We could
get more sophisticated and show the removed page if there are multiple
replacements available.
Additionally, automatically redirect if there was only one matching
package for a given package update deletion object.
Signed-off-by: Dan McGee <dan@archlinux.org>
We had a variety of fallback paths that we took if a details page didn't
exist for the combination of URL parts passed in. Before I go adding a
few more possibilities, rework this so it is more flexible. It is now as
simple as adding a method to the dispatch options list in order to have
further fallback options.
Signed-off-by: Dan McGee <dan@archlinux.org>
We can convert the entire search view to a generic class-based ListView.
This is still one of the more disgusting views in the application and
has a ton of logic scattered buckshot across several methods, but this
commit is not meant to address all of that in one go.
This is the last of the deprecated pieces I know of we are still using
in the codebase, so we should be relatively safe in the long run now for
an upgrade to the eventual next major Django release.
Signed-off-by: Dan McGee <dan@archlinux.org>
Now that Django actually provides a concise way to use a RequestContext
object without instantiating it, we can use that rather than the old
function-based generic view that worked well to do the same.
Additionally, these function-based generic views will be gone in Django
1.5, so might as well make the move now.
Signed-off-by: Dan McGee <dan@archlinux.org>
This was around from the time when we handled timezones sanely and
Django did not; now that we are on 1.4 we no longer need our own code to
handle this.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is another thing that Google and other search engines try to crawl
that no longer exists at times, so we should handle it gracefully.
Signed-off-by: Dan McGee <dan@archlinux.org>
We should handle the cases dealing with no filelist available, outdated
filelist, or a package without files, just as the HTML server-side page
does. Add a bit more info to the JSON returned so we can do so.
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows us to do better than a generic 404 handler when we know a
package previously existed in a given repository, and should also make
things a bit nicer when getting sent in from a search engine to a page
that no longer exists.
Signed-off-by: Dan McGee <dan@archlinux.org>
This moves a lot of the package and group display logic into a new view
module, similar to what we already did earlier with a bunch of other
views.
Signed-off-by: Dan McGee <dan@archlinux.org>
For something like "/extra/i686/apache-ant/", we can redirect to
"/extra/any/apache-ant/" without ambiguity. Previously this redirected
to the split packages listing with a single package, which was neither
correct nor really expected.
Signed-off-by: Dan McGee <dan@archlinux.org>
As of Python 2.6, this is a builtin module that has all the same
functions and capabilities of the Django simplejson module. Additionally
simplejson is deprecated in the upcoming Django 1.5 release.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is why you should test this stuff with random input before rolling
it out. Whoops. URL that caught this problem:
/opensearch/packages/suggest?q=%D7%A0%D7%9F%D7%92%D7%9F
aka
/opensearch/packages/suggest?q=נןגן
Signed-off-by: Dan McGee <dan@archlinux.org>