Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-12-18 23:05:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

[FIX] Grammar and spelling

Browse Source
This commit is contained in:
Peter Pfeufer
2023-12-17 20:07:14 +01:00
parent 8aeb061635
commit 6e3219fd1b
52 changed files with 422 additions and 424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/features/apps/autogroups.md
View File

@@ -1,6 +1,6 @@
# Auto Groups
Auto groups allows you to automatically place users of certain states into Corp or Alliance based groups. These groups are created when the first user is added to them and removed when the configuration is deleted.
Auto Groups allows you to automatically place users of certain states into corp or alliance-based groups. These groups are created when the first user is added to them and removed when the configuration is deleted.
## Installation
@@ -10,19 +10,19 @@ To install this app add `'allianceauth.eveonline.autogroups',` to your `INSTALLE
## Configuring a group
When you create an autogroup config you will be given the following options:
When you create an autogroup config, you will be given the following options:
![Create Autogroup page](/_static/images/features/apps/autogroups/group-creation.png)
:::{warning}
After creating a group you wont be able to change the Corp and Alliance group prefixes, name source and the replace spaces settings. Make sure you configure these the way you want before creating the config. If you need to change these you will have to create a new autogroup config.
After creating a group, you won't be able to change the Corp and Alliance group prefixes, name source, and the replace spaces settings. Make sure you configure these the way you want before creating the config. If you need to change these, you will have to create a new autogroup config.
:::
- States selects which states will be added to automatic Corp/Alliance groups
- States select which states will be added to automatic Corp/Alliance groups
- Corp/Alliance groups checkbox toggles Corp/Alliance autogroups on or off for this config.
- Corp/Alliance group prefix sets the prefix for the group name, e.g. if your Corp was called `MyCorp` and your prefix was `Corp`, your autogroup name would be created as `Corp MyCorp`. This field accepts leading/trailing spaces.
- Corp/Alliance name source sets the source of the Corp/Alliance name used in creating the group name. Currently the options are Full name and Ticker.
- Replace spaces allows you to replace spaces in the autogroup name with the value in the Replace spaces with field. This can be blank.
- Corp/Alliance group prefix sets the prefix for the group name, e.g., if your corp was called `MyCorp` and your prefix was `Corp`, your autogroup name would be created as `Corp MyCorp`. This field accepts leading/trailing spaces.
- Corp/Alliance name source sets the source of the Corp/Alliance name used in creating the group name. Currently, the options are Full name and Ticker.
- Replace spaces allows you to replace spaces in the autogroup name with the value in the replace spaces with field. This can be blank.
## Permissions

22
docs/features/apps/corpstats.md
View File

@@ -12,13 +12,13 @@ Add `'allianceauth.corputils',` to your `INSTALLED_APPS` list in your auth proje
## Creating a Corp Stats
Upon initial install, nothing will be visible. For every Corp, a model will have to be created before data can be viewed.
Upon initial installation, nothing will be visible. For every Corp, a model will have to be created before data can be viewed.
![nothing is visible](/_static/images/features/apps/corpstats/blank_header.png)
If you are a superuser, the add button will be immediate visible to you. If not, your user account requires the `add_corpstats` permission.
If you are a superuser, the "add" button will be immediately visible to you. If not, your user account requires the `add_corpstats` permission.
Corp Stats requires an EVE SSO token to access data from the EVE Swagger Interface. Upon pressing the Add button, you will be prompted to authenticated. Please select the character who is in the Corporation you want data for.
Corp Stats requires an EVE SSO token to access data from the EVE Swagger Interface. Upon pressing the Add button, you will be prompted to authenticate. Please select the character who is in the Corporation you want data for.
![authorize from the EVE site](/_static/images/features/apps/corpstats/eve_sso_authorization.png)
@@ -26,8 +26,8 @@ You will return to auth where you are asked to select a token with the green arr
![select an SSO token to create with](/_static/images/features/apps/corpstats/select_sso_token.png)
If this works (and you have permission to view the Corp Stats you just created) you'll be returned to a view of the Corp Stats.
If it fails an error message will be displayed.
If this works (and you have permission to view the Corp Stats you just created), you'll be returned to a view of the Corp Stats.
If it fails, an error message will be displayed.
## Corp Stats View
@@ -63,13 +63,13 @@ Each view contains a sortable and searchable table. The number of listings shown
![main list](/_static/images/features/apps/corpstats/main_list.png)
This list contains all main characters in registered in the selected Corporation and their alts. Each character has a link to [zKillboard](https://zkillboard.com).
This list contains all main characters registered in the selected Corporation and their alts. Each character has a link to [zKillboard](https://zkillboard.com).
#### Member List
![member list](/_static/images/features/apps/corpstats/member_list.png)
The list contains all characters in the Corporation. Red backgrounds means they are not registered in auth. A link to [zKillboard](https://zkillboard.com) is present for all characters.
The list contains all characters in the Corporation. Red backgrounds mean they are not registered in auth. A link to [zKillboard](https://zkillboard.com) is present for all characters.
If registered, the character will also have a main character, main Corporation, and main Alliance field.
#### Unregistered List
@@ -108,7 +108,7 @@ Users who add a Corp Stats with their token will be granted permissions to view
## Automatic Updating
By default Corp Stats are only updated on demand. If you want to automatically refresh on a schedule, add an entry to your project's settings file:
By default, Corp Stats are only updated on demand. If you want to automatically refresh on a schedule, add an entry to your project's settings file:
```python
CELERYBEAT_SCHEDULE['update_all_corpstats'] = {
@@ -134,11 +134,11 @@ Only one Corp Stats may exist at a time for a given Corporation.
>Failed to gather corporation statistics with selected token.
During initial population, the EVE Swagger Interface did not return any member data. This aborts the creation process. Please wait for the API to start working before attempting to create again.
During the initial population, the EVE Swagger Interface did not return any member data. This aborts the creation process. Please wait for the API to start working before attempting to create again.
### Failure to update Corp Stats
Any of the following errors will result in a notification to the owning user, and deletion of the Corp Stats model.
Any of the following errors will result in a notification to the owning user and deletion of the Corp Stats model.
>Your token has expired or is no longer valid. Please add a new one to create a new CorpStats.
@@ -146,7 +146,7 @@ This occurs when the SSO token is invalid, which can occur when deleted by the u
>CorpStats for (corp name) cannot update with your ESI token as you have left corp.
The SSO token's character is no longer in the Corporation which the Corp Stats is for, and therefore membership data cannot be retrieved.
The SSO token's character is no longer in the Corporation that the Corp Stats are for, and therefore membership data cannot be retrieved.
>HTTPForbidden

24
docs/features/apps/hrapplications.md
View File

@@ -4,7 +4,7 @@ This app allows you to manage applications for multiple corporations in your all
- Define application questionnaires for corporations
- Users can apply to corporations by filling outquestionnaires
- Manage review and approval process of applications
- Manage a review and approval process of applications
![hr](/_static/images/features/apps/hr.png)
@@ -20,11 +20,11 @@ The most common task is creating ApplicationForm models for corps. Only when suc
The first step is to create questions. This is achieved by creating ApplicationQuestion models, one for each question. Titles are not unique.
Next step is to create the actual ApplicationForm model. It requires an existing EveCorporationInfo model to which it will belong. It also requires the selection of questions. ApplicationForm models are unique per Corporation: only one may exist for any given Corporation concurrently.
The next step is to create the actual ApplicationForm model. It requires an existing EveCorporationInfo model to which it will belong. It also requires the selection of questions. ApplicationForm models are unique per Corporation: only one may exist for any given Corporation concurrently.
You can adjust these questions at any time. This is the preferred method of modifying the form: deleting and recreating will cascade the deletion to all received applications from this form which is usually not intended.
You can adjust these questions at any time. This is the preferred method of modifying the form: deleting and recreating will cascade the deletion to all received applications from this form, which is usually not intended.
Once completed the Corporation will be available to receive applications.
Once completed, the Corporation will be available to receive applications.
### Reviewing Applications
@@ -32,7 +32,7 @@ Superusers can see all applications, while normal members with the required perm
Selecting an application from the management screen will provide all the answers to the questions in the form at the time the user applied.
When a reviewer assigns themselves an application, they mark it as in progress. This notifies the applicant and permanently attached the reviewer to the application.
When a reviewer assigns themselves an application, they mark it as in progress. This notifies the applicant and permanently attaches the reviewer to the application.
Only the assigned reviewer can approve/reject/delete the application if they possess the appropriate permission.
@@ -62,25 +62,25 @@ Users do not require any permission to apply to a corporation and fill out the f
A user with `auth.human_resources` can only see applications to their own corp.
Best practice is to bundle the `auth.human_resources` permission alongside the `hrapplications.approve_application` and `hrapplications.reject_application` permissions, as in isolation these don't make much sense.
Best practice is to bundle the `auth.human_resources` permission alongside the `hrapplications.approve_application` and `hrapplications.reject_application` permissions, as in isolation these make little sense.
## Models
### ApplicationQuestion
This is the model representation of a question. It contains a title, and a field for optional "helper" text. It is referenced by ApplicationForm models but acts independently. Modifying the question after it has been created will not void responses, so it's not advisable to edit the title or the answers may not make sense to reviewers.
This is the model representation of a question. It contains a title and a field for optional "helper" text. It is referenced by ApplicationForm models but acts independently. Modifying the question after it has been created will not void responses, so it's not advisable to edit the title or the answers may not make sense to reviewers.
### ApplicationForm
This is the template for an application. It points at a Corporation, with only one form allowed per Corporation. It also points at ApplicationQuestion models. When a user creates an application, they will be prompted with each question the form includes at the given time. Modifying questions in a form after it has been created will not be reflected in existing applications, so it's perfectly fine to adjust them as you see fit. Changing Corporations however is not advisable, as existing applications will point at the wrong Corporation after they've been submitted, confusing reviewers.
This is the template for an application. It points at a Corporation, with only one form allowed per Corporation. It also points at ApplicationQuestion models. When a user creates an application, they will be prompted with each question the form includes at the given time. Modifying questions in a form after it has been created will not be reflected in existing applications, so it's perfectly fine to adjust them as you see fit. Changing corporations, however, is not advisable, as existing applications will point at the wrong Corporation after they've been submitted, confusing reviewers.
### Application
This is the model representation of a completed application. It references an ApplicationForm from which it was spawned which is where the Corporation specificity comes from. It points at a user, contains info regarding its reviewer, and has a status. Shortcut properties also provide the applicant's main character, the applicant's APIs, and a string representation of the reviewer (for cases when the reviewer doesn't have a main character or the model gets deleted).
This is the model representation of a completed application. It references an ApplicationForm from which it was spawned, which is where the Corporation specificity comes from. It points at a user, contains info regarding its reviewer, and has a status. Shortcut properties also provide the applicant's main character, the applicant's APIs, and a string representation of the reviewer (for cases when the reviewer doesn't have a main character or the model gets deleted).
### ApplicationResponse
This is an answer to a question. It points at the Application to which it belongs, to the ApplicationQuestion which it is answering, and contains the answer text. Modifying any of these fields in dangerous.
This is an answer to a question. It points at the Application to which it belongs, to the ApplicationQuestion which it is answering, and contains the answer text. Modifying any of these fields is dangerous.
### ApplicationComment
@@ -90,8 +90,8 @@ This is a reviewer's comment on an application. Points at the application, point
### No corps accepting applications
Ensure there are ApplicationForm models in the admin site. Ensure the user does not already have an application to these Corporations. If the users wishes to re-apply they must first delete their completed application
Ensure there are ApplicationForm models in the admin site. Ensure the user does not already have an application to these Corporations. If the users wish to re-apply, they must first delete their completed application
### Reviewer unable to complete application
Reviewers require a permission for each of the three possible outcomes of an application, Approve Reject or Delete. Any user with the human resources permission can mark an application as in-progress, but if they lack these permissions then the application will get stuck. Either grant the user the required permissions or change the assigned reviewer in the admin site. Best practice is to bundle the `auth.human_resources` permission alongside the `hrapplications.approve_application` and `hrapplications.reject_application` permissions, as in isolation these don't serve much purpose.
Reviewers require permission for each of the three possible outcomes of an application, Approve Reject or Delete. Any user with the human resources permission can mark an application as in-progress, but if they lack these permissions, then the application will get stuck. Either grant the user the required permissions or change the assigned reviewer in the admin site. Best practice is to bundle the `auth.human_resources` permission alongside the `hrapplications.approve_application` and `hrapplications.reject_application` permissions, as in isolation these serve little purpose.

2
docs/features/apps/index.md
View File

@@ -1,6 +1,6 @@
# Apps
**Alliance Auth** comes with a set of apps (also called plugin-apps) which provide basic functions useful to many organizations in Eve Online like a fleet schedule and a timerboard. This section describes which apps are available and how to install and use them. Please note that any app need to be installed before it can be used.
**Alliance Auth** comes with a set of apps (also called plugin-apps) which provide basic functions useful to many organizations in Eve Online like a fleet schedule and a timerboard. This section describes which apps are available and how to install and use them. Please note that any app needs to be installed before it can be used.
:::{toctree}
:maxdepth: 1

6
docs/features/apps/permissions_tool.md
View File

@@ -1,6 +1,6 @@
# Permissions Auditing
Access to most of Alliance Auth's features are controlled by Django's permissions system. In order to help you secure your services, Alliance Auth provides a permissions auditing tool.
Access to most of Alliance Auth's features is controlled by Django's permissions system. To help you secure your services, Alliance Auth provides a permission auditing tool.
This is an optional app that needs to be installed.
@@ -10,9 +10,9 @@ To install it add `'allianceauth.permissions_tool',` to your `INSTALLED_APPS` li
### Access
In order to grant users access to the permissions auditing tool they will need to be granted the `permissions_tool.audit_permissions` permission or be a superuser.
To grant users access to the permission auditing tool, they will need to be granted the `permissions_tool.audit_permissions` permission or be a superuser.
When a user has access to the tool they will see the "Permissions Audit" menu item under the "Util" sub menu.
When a user has access to the tool, they will see the "Permissions Audit" menu item.
### Permissions Overview

4
docs/features/community/index.md
View File

@@ -1,7 +1,7 @@
# Community Contributions
Another key feature of **Alliance Auth** is that it can be easily extended. Our great community is providing a variety of plug-in apps and services, which you can choose from to add more functions to your AA installation.
Another key feature of **Alliance Auth** is that it can be easily extended. Our great community is providing a variety of plug-in apps and services, which you can choose from to add more functions to your AA installation.
Check out the [Community Creations](https://gitlab.com/allianceauth/community-creations) repo for more details.
Or if you have specific needs you can of course always develop your own plugin- apps and services. Please see the [Development](/development/index.md) chapter for details.
Or if you have specific needs, you can always develop your own plugin-apps and services. Please see the [Development](/development/index.md) chapter for details.

28
docs/features/core/admin_site.md
View File

@@ -1,26 +1,26 @@
# Admin Site
The admin site allows administrators to configure, manage and trouble shoot Alliance Auth and all it's applications and services. E.g. you can create new groups and assign groups to users.
The admin site allows administrators to configure, manage and troubleshoot Alliance Auth and all its applications and services. E.g., you can create new groups and assign groups to users.
You can open the admin site by clicking on "Admin" in the drop down menu for a user that has access.
You can open the admin site by clicking on "Admin" in the drop-down menu for a user that has access.
![Admin Site](/_static/images/features/core/admin_site.png)
## Setup for small to medium size installations
For small to medium size alliances it is often sufficient to have no more then two superuser admins (admins that also are superusers). Having two admins usually makes sense, so you can have one primary and one backup.
For small to medium size alliances, it is often sufficient to have no more than two superuser admins (admins that also are superusers). Having two admins usually makes sense, so you can have one primary and one backup.
:::{warning}
Superusers have read & write access to everything on your AA installation. Superusers also automatically have all permissions and therefore access to all features of your apps. Therefore we recommend to be very careful to whom you give superuser privileges.
Superusers have read & write access to everything on your AA installation. Superuser also automatically have all permissions and therefore access to all features of your apps. Therefore, we recommend to be very careful to whom you give superuser privileges.
:::
## Setup for large installations
For large alliances and coalitions you may want to have a couple of administrators to be able to distribute and handle the work load. However, having a larger number of superusers may be a security concern.
For large alliances and coalitions, you may want to have a couple of administrators to be able to distribute and handle the work load. However, having a larger number of superusers may be a security concern.
As an alternative to superusers admins you can define staff admins. Staff admins can perform most of the daily admin work, but are not superusers and therefore can be restricted in what they can access.
As an alternative to superusers admins, you can define staff admins. Staff admins can perform most of the daily admin work, but are not superusers and therefore can be restricted in what they can access.
To create a staff admin you need to do two things:
To create a staff admin, you need to do two things:
1. Enable the `is_staff` property for a user
1. Give the user permissions for admin tasks
@@ -28,21 +28,21 @@ To create a staff admin you need to do two things:
:::{note}
Note that staff admins have the following limitations:
- Can not promote users to staff
- Can not promote users to superuser
- Can not add/remove permissions for users, groups and states
- Cannot promote users to staff
- Cannot promote users to superuser
- Cannot add/remove permissions for users, groups and states
These limitations exist to prevent staff admins to promote themselves to quasi superusers. Only superusers can perform these actions.
These limitations exist to prevent staff admins from promoting themselves to quasi superusers. Only superusers can perform these actions.
:::
### Staff property
Access to the admin site is restricted. Users needs to have the `is_staff` property to be able to open the site at all. The superuser that is created during the installation
Access to the admin site is restricted. Users need to have the `is_staff` property to be able to open the site at all. The superuser created during the installation
process will automatically have access to the admin site.
:::{hint}
Without any permissions a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions.
Without any permissions, a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions.
:::
### Permissions for common admin tasks
@@ -91,4 +91,4 @@ Here is a list of permissions a staff admin would need to perform some common ad
### Permissions for other apps
The permissions a staff admin needs to perform tasks for other applications depends on how the applications are configured. the default is to have four permissions (change, delete, edit view) for each model of the applications. The view permission is usually required to see the model list on the admin site and the other three permissions are required to perform the respective action to an object of that model. However, app developer can chose to define permissions differently.
The permission a staff admin needs to perform tasks for other applications depends on how the applications are configured. The default is to have four permissions (change, delete, edit view) for each model of the applications. The view permission is usually required to see the model list on the admin site, and the other three permissions are required to perform the respective action to an object of that model. However, an app developer can choose to define permissions differently.

16
docs/features/core/analytics.md
View File

@@ -6,7 +6,7 @@
Before you proceed, please read through this page and/or raise any concerns on the Alliance Auth discord. This data helps us make AA better.
To Opt-Out, modify our pre-loaded token using the Admin dashboard */admin/analytics/analyticstokens/1/change/
To opt out, modify our preloaded token using the Admin dashboard */admin/analytics/analyticstokens/1/change/
Each of the three features Daily Stats, Celery Events and Page Views can be enabled/Disabled independently.
@@ -20,13 +20,13 @@ ANALYTICS_DISABLED = True
## What
Alliance Auth has taken great care to anonymize the data sent. In order to identify _unique_ installs we generate a UUIDv4, a random mathematical construct which does not contain any identifying information [UUID - UUID Objects](https://docs.python.org/3/library/uuid.html#uuid.uuid4)
Alliance Auth has taken great care to anonymize the data sent. To identify _unique_ installs, we generate a UUIDv4, a random mathematical construct which does not contain any identifying information [UUID - UUID Objects](https://docs.python.org/3/library/uuid.html#uuid.uuid4)
Analytics comes pre-loaded with our Google Analytics Token, and the Three Types of task can be opted out independently. Analytics can also be loaded with your _own_ GA token and the analytics module will act any/all tokens loaded.
Analytics comes preloaded with our Google Analytics token, and the three types of tasks can be opted out independently. Analytics can also be loaded with your _own_ GA token, and the analytics module will act any/all tokens loaded.
Our Daily Stats contain the following:
- A phone-in task to identify a servers existence
- A phone-in task to identify a server's existence
- A task to send the Number of User models
- A task to send the Number of Token Models
- A task to send the Number of Installed Apps
@@ -36,7 +36,7 @@ Our Daily Stats contain the following:
Our Celery Events contain the following:
- Unique Identifier (The UUID)
- Celery Namespace of the task eg allianceauth.eveonline
- Celery Namespace of the task e.g., allianceauth.eveonline
- Celery Task
- Task Success or Exception
- A context number for bulk tasks or sometimes a binary True/False
@@ -47,18 +47,18 @@ Our Page Views contain the following:
- Page Path
- Page Title
- The locale of the users browser
- The User-Agent of the users browser
- The User-Agent of the user's browser
- The Alliance Auth Version
## Why
This data allows Alliance Auth development to gather accurate statistics on our install base, as well as how those installs are used.
This data allows Alliance Auth development to gather accurate statistics on our installation base, as well as how those installations are used.
This allows us to better target our development time to commonly used modules and features and test them at the scales in use.
## Where
This data is stored in a Team Google Analytics Dashboard. The Maintainers all have Management permissions here, and if you have contributed to the Alliance Auth project or third party applications feel free to ask in the Alliance Auth discord for access.
This data is stored in a Team Google Analytics Dashboard. The Maintainers all have Management permissions here, and if you have contributed to the Alliance Auth project or third party applications, feel free to ask in the Alliance Auth discord for access.
## Using Analytics in my App

6
docs/features/core/dashboard.md
View File

@@ -1,10 +1,10 @@
# Dashboard
The dashboard is the main page of the **Alliance Auth** website and the first page every logged in user will see.
The dashboard is the main page of the **Alliance Auth** website, and the first page every logged-in user will see.
The content of the dashboard is specific to the logged in user. It has a sidebar, which will display the list of apps a user currently as access to based on his permissions. And it also shows which character the user has registered and to which group he belongs.
The content of the dashboard is specific to the logged-in user. It has a sidebar, which will display the list of apps a user currently as access to based on his permissions. And it also shows which character the user has registered and to which group he belongs.
For admin users the dashboard shows additional technical information about the AA instance.
For admin users, the dashboard shows additional technical information about the AA instance.
![dashboard](/_static/images/features/core/dashboard/dashboard.png)

18
docs/features/core/groups.md
View File

@@ -14,7 +14,7 @@ Here you have several options:
### Internal
Users cannot see, join or request to join this group. This is primarily used for Auth's internally managed groups, though can be useful if you want to prevent users from managing their membership of this group themselves. This option will override the Hidden, Open and Public options when enabled.
Users cannot see, join or request to join this group. This is primarily used for Auth's internally managed groups, though it can be useful if you want to prevent users from managing their membership of this group themselves. This option will override the Hidden, Open and Public options when enabled.
By default, every new group created will be an internal group.
@@ -36,11 +36,11 @@ Group is accessible to any registered user, even when they do not have permissio
The key difference is that the group is completely unmanaged by Auth. **Once a member joins they will not be removed unless they leave manually, you remove them manually, or their account is deliberately set inactive or deleted.**
Most people won't have a use for public groups, though it can be useful if you wish to allow public access to some services. You can grant service permissions on a public group to allow this behavior.
Most people won't have a use for public groups, though it can be useful if you wish to allow public access to some services. You can grant service permissions to a public group to allow this behavior.
### Restricted
When a group is restricted only superuser admins can directly add or remove them to/from users. The purpose of this property is prevent staff admins from assigning themselves to groups that are security sensitive. The "restricted" property can be combined with all the other properties.
When a group is restricted, only superuser admins can directly add or remove them to/from users. The purpose of this property is to prevent staff admins from assigning themselves to groups that are security sensitive. The "restricted" property can be combined with all the other properties.
```{eval-rst}
.. _ref-reserved-group-names:
@@ -48,15 +48,15 @@ When a group is restricted only superuser admins can directly add or remove them
## Reserved group names
When using Alliance Auth to manage external services like Discord, Auth will automatically duplicate groups on those services. E.g. on Discord Auth will create roles of the same name as groups. However, there may be cases where you want to manage groups on external services by yourself or by another bot. For those cases you can define a list of reserved group names. Auth will ensure that you can not create groups with a reserved name. You will find this list on the admin site under groupmanagement.
When using Alliance Auth to manage external services like Discord, Auth will automatically duplicate groups on those services. E.g., on Discord Auth will create roles of the same name as groups. However, there may be cases where you want to manage groups on external services by yourself or by another bot. For those cases, you can define a list of reserved group names. Auth will ensure that you cannot create groups with a reserved name. You will find this list on the admin site under groupmanagement.
:::{note}
While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be build in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability.
While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be built in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability.
:::
## Managing groups
In order to access group management, users need to be either a superuser, granted the `auth | user | group_management ( Access to add members to groups within the alliance )` permission or a group leader (discussed later).
To access group management, users need to be either a superuser, granted the `auth | user | group_management ( Access to add members to groups within the alliance )` permission or a group leader (discussed later).
### Group Requests
@@ -64,7 +64,7 @@ When a user joins or leaves a group which is not marked as "Open", their group r
### Group Membership
The group membership tab gives an overview of all of the non-internal groups.
The group membership tab gives an overview of all the non-internal groups.
![Group overview](/_static/images/features/core/groupmanagement/group-membership.png)
@@ -89,7 +89,7 @@ Group leaders have the same abilities as users with the `group_management` permi
- Approve requests for groups they are a leader of.
- View the Group Membership and Group Members of groups they are leaders of.
This allows you to more finely control who has access to manage which groups.
This allows you to more fine control who has access to manage which groups.
### Auto Leave
@@ -121,7 +121,7 @@ Note that all settings are optional and the app will use the documented default
## Permissions
In order to join a group other than a public group, the permission `groupmanagement.request_groups` (`Can request non-public groups` in the admin panel) must be active on their account, either via a group or directly applied to their User account.
To join a group other than a public group, the permission `groupmanagement.request_groups` (`Can request non-public groups` in the admin panel) must be active on their account, either via a group or directly applied to their User account.
When a user loses this permission, they will be removed from all groups _except_ Public groups.

2
docs/features/core/index.md
View File

@@ -1,6 +1,6 @@
# Core Features
Managing access to applications and services is one of the core functions of **Alliance Auth**. The related key concepts and functionalities are describes in this section.
Managing access to applications and services is one of the core functions of **Alliance Auth**. The related key concepts and functionalities are described in this section.
:::{toctree}
:maxdepth: 1

10
docs/features/core/notifications.md
View File

@@ -1,14 +1,14 @@
# Notifications
Alliance Auth has a build in notification system. The purpose of the notification system is to provide an easy and quick way to send messages to users of Auth. For example some apps are using it to inform users about results after long running tasks have completed and admins will automatically get notifications about system errors.
Alliance Auth has a build in notification system. The purpose of the notification system is to provide an easy and quick way to send messages to users of Auth. For example, some apps are using it to inform users about results after long-running tasks have been completed, and admins will automatically get notifications about system errors.
The number of unread notifications is shown to the user in the top menu. And the user can click on the notification count to open the notifications app.
The number of unread notifications is shown to the user in the top menu. And the user can click on the notification count to open the Notifications app.
![notification app](/_static/images/features/core/notifications.png)
## Settings
The notifications app can be configured through settings.
The Notifications app can be configured through settings.
- `NOTIFICATIONS_REFRESH_TIME`: The unread count in the top menu is automatically refreshed to keep the user informed about new notifications. This setting allows to set the time between each refresh in seconds. You can also set it to `0` to turn off automatic refreshing. Default: `30`
- `NOTIFICATIONS_MAX_PER_USER`: Maximum number of notifications that are stored per user. Older notifications are replaced by newer once. Default: `50`
- `NOTIFICATIONS_REFRESH_TIME`: The unread count in the top menu is automatically refreshed to keep the user informed about new notifications. This setting allows setting the time between each refresh in seconds. You can also set it to `0` to turn off automatic refreshing. Default: `30`
- `NOTIFICATIONS_MAX_PER_USER`: Maximum number of notifications that are stored per user. Newer replace older notifications. Default: `50`

14
docs/features/core/states.md
View File

@@ -1,10 +1,10 @@
# States
States define the basic role of a user based on his affiliation with your organization. A user that has a character in your organization (e.g. alliance) will usually have the `Member` state. And a user, that has no characters in your organization will usually have the `Guest` state.
States define the basic role of a user based on his affiliation with your organization. A user that has a character in your organization (e.g., alliance) will usually have the `Member` state. And a user, that has no characters in your organization will usually have the `Guest` state.
States are assigned and updated automatically. So a user which character just left your organization will automatically loose his `Member` state and get the `Guest` state instead.
States are assigned and updated automatically. So a user which character just left your organization will automatically lose his `Member` state and get the `Guest` state instead.
The main purpose of states like `Member` is to have one place where you can assign all permissions that should apply to all users with that particular state. For example if all your members should have access to the SRP app you would add the permission that gives access to the SRP app to the `Member` state.
The main purpose of states like `Member` is to have one place where you can assign all permissions that should apply to all users with that particular state. For example, if all your members should have access to the SRP app, you would add the permission that gives access to the SRP app to the `Member` state.
## Creating a State
@@ -14,7 +14,7 @@ A number of fields are available and are described below.
### Name
This is the displayed name of a state. Should be self-explanatory.
This is the displayed name of a state. It should be self-explanatory.
### Permissions
@@ -50,9 +50,9 @@ This lets you select which factions the state is available to. Factions can be a
States are mutually exclusive, meaning a user can only be in one at a time.
Membership is determined based on a user's main character. States are tested in order of descending priority - the first one which allows membership to the main character is assigned to the user.
Membership is determined based on a user's main character. States are tested in order of descending priority - the first one, which allows membership to the main character, is assigned to the user.
States are automatically assigned when a user registers to the site, their main character changes, they are activated or deactivated, or states are edited. Note that editing states triggers lots of state checks so it can be a very slow process.
States are automatically assigned when a user registers to the site, their main character changes, they are activated or deactivated, or states are edited. Note that editing states triggers lots of state checks, so it can be a very slow process.
Assigned states are visible in the `Users` section of the `Authentication` admin site.
@@ -60,4 +60,4 @@ Assigned states are visible in the `Users` section of the `Authentication` admin
If no states are available to a user's main character, or their account has been deactivated, they are assigned to a catch-all `Guest` state. This state cannot be deleted nor can its name be changed.
The `Guest` state allows permissions to be granted to users who would otherwise not get any. For example access to public services can be granted by giving the `Guest` state a service access permission.
The `Guest` state allows permissions to be granted to users who would otherwise not get any. For example, access to public services can be granted by giving the `Guest` state a service access permission.

6
docs/features/overview.md
View File

@@ -1,17 +1,17 @@
# Overview
**Alliance Auth** (AA) is a web site that helps Eve Online organizations efficiently manage access to applications and external services.
**Alliance Auth** (AA) is a website that helps Eve Online organizations efficiently manage access to applications and external services.
It has the following key features:
- Automatically grants or revokes users access to external services (e.g. Discord, Mumble) and web apps (e.g. SRP requests) based on the user's current membership to [in-game organizations](/features/core/states) and [groups](/features/core/groups)
- Provides a central web site where users can directly access web apps (e.g. SRP requests) and manage their access to external services and groups.
- Provides a central website where users can directly access web apps (e.g., SRP requests) and manage their access to external services and groups.
- Includes a set of connectors (called ["services"](/features/services/index)) for integrating access management with many popular external services like Discord, Mumble, Teamspeak 3, SMF and others
- Includes a set of web [apps](/features/apps/index) which add many useful functions, e.g.: fleet schedule, timer board, SRP request management, fleet activity tracker
- Can be easily extended with additional services and apps. Many are provided by the [community](/features/community/index).
- It can be easily extended with additional services and apps. Many are provided by the [community](/features/community/index).
- Chinese, English, German and Spanish localization

32
docs/features/services/discord.md
View File

@@ -34,21 +34,21 @@ CELERYBEAT_SCHEDULE['discord.update_all_usernames'] = {
```
:::{note}
You will have to add most the values for these settings, e.g. your Discord server ID (aka guild ID), later in the setup process.
You will have to add most of the values for these settings, e.g., your Discord server ID (aka guild ID), later in the setup process.
:::
### Creating a Server
Navigate to the [Discord site](https://discord.com/) and register an account, or log in if you have one already.
On the left side of the screen youll see a circle with a plus sign. This is the button to create a new server. Go ahead and do that, naming it something obvious.
On the left side of the screen, youll see a circle with a plus sign. This is the button to create a new server. Go ahead and do that, naming it something obvious.
Now retrieve the server ID [following this procedure.](https://support.discord.com/hc/en-us/articles/206346498-Where-can-I-find-my-User-Server-Message-ID-)
Update your auth project's settings file, inputting the server ID as `DISCORD_GUILD_ID`
:::{note}
If you already have a Discord server skip the creation step, but be sure to retrieve the server ID
If you already have a Discord server, skip the creation step, but be sure to retrieve the server ID
:::
### Registering an Application
@@ -58,7 +58,7 @@ Give it a name and description relating to your auth site. Add a redirect to `ht
Update your auth project's settings file, inputting this redirect address as `DISCORD_CALLBACK_URL`
On the application summary page, press Create a Bot User.
On the application summary page, press "Create a Bot User".
Update your auth project's settings file with these pieces of information from the summary page:
@@ -68,15 +68,15 @@ Update your auth project's settings file with these pieces of information from t
### Preparing Auth
Before continuing it is essential to run migrations and restart Gunicorn and Celery.
Before continuing, it is essential to run migrations and restart Gunicorn and Celery.
### Adding a Bot to the Server
Once created, navigate to the services page of your Alliance Auth install as the superuser account. At the top there is a big green button labelled Link Discord Server. Click it, then from the drop down select the server you created, and then Authorize.
Once created, navigate to the "Services" page of your Alliance Auth install as the superuser account. At the top there is a big green button labeled "Link Discord Server". Click it, then from the drop-down select the server you created, and then Authorize.
This adds a new user to your Discord server with a `BOT` tag, and a new role with the same name as your Discord application. Don't touch either of these. If for some reason the bot loses permissions or is removed from the server, click this button again.
To manage roles, this bot role must be at the top of the hierarchy. Edit your Discord server, roles, and click and drag the role with the same name as your application to the top of the list. This role must stay at the top of the list for the bot to work. Finally, the owner of the bot account must enable 2 Factor Authentication (this is required from Discord for kicking and modifying member roles). If you are unsure what 2FA is or how to set it up, refer to [this support page](https://support.discord.com/hc/en-us/articles/219576828). It is also recommended to force 2FA on your server (this forces any admins or moderators to have 2fa enabled to perform similar functions on discord).
To manage roles, this bot role must be at the top of the hierarchy. Edit your Discord server, roles, and click and drag the role with the same name as your application to the top of the list. This role must stay at the top of the list for the bot to work. Finally, the owner of the bot account must enable 2-Factor Authentication (this is required from Discord for kicking and modifying member roles). If you are unsure what 2FA is or how to set it up, refer to [this support page](https://support.discord.com/hc/en-us/articles/219576828). It is also recommended to force 2FA on your server (this forces any admins or moderators to have 2FA enabled to perform similar functions on discord).
Note that the bot will never appear online as it does not participate in chat channels.
@@ -90,22 +90,22 @@ If you want users to have their Discord nickname changed to their in-game charac
## Managing Roles
Once users link their accounts youll notice Roles get populated on Discord. These are the equivalent to groups on every other service. The default permissions should be enough for members to use text and audio communications. Add more permissions to the roles as desired through the server management window.
Once users link their accounts, youll notice Roles get populated on Discord. These are the equivalent to groups on every other service. The default permissions should be enough for members to use text and audio communications. Add more permissions to the roles as desired through the server management window.
By default Alliance Auth is taking over full control of role assignments on Discord. This means that users on Discord can in general only have roles that correlate to groups on Auth. However, there are two exceptions to this rule.
By default, Alliance Auth is taking over full control of role assignments on Discord. This means that users in Discord can in general only have roles that correlate to groups on Auth. However, there are two exceptions to this rule.
### Internal Discord roles
First, users will keep their so called "Discord managed roles". Those are internal roles created by Discord e.g. for Nitro.
First, users will keep their so-called "Discord managed roles". Those are internal roles created by Discord, e.g., for Nitro.
### Excluding roles from being managed by Auth
Second, it is possible to exclude Discord roles from being managed by Auth at all. This can be useful if you have other bots on your Discord server that are using their own roles and which would otherwise conflict with Auth. This would also allow you to manage a role manually on Discord if you so chose.
To exclude roles from being managed by Auth you only have to add them to the list of reserved group names in Group Management.
To exclude roles from being managed by Auth, you only have to add them to the list of reserved group names in Group Management.
:::{note}
Role names on Discord are case sensitive, while reserved group names on Auth are not. Therefore reserved group names will cover all roles regardless of their case. For example if you have reserved the group name "alpha", then the Discord roles "alpha" and "Alpha" will both be persisted.
Role names on Discord are case-sensitive, while reserved group names on Auth are not. Therefore, reserved group names will cover all roles regardless of their case. For example, if you have reserved the group name "alpha", then the Discord roles "alpha" and "Alpha" will both be persisted.
:::
```{eval-rst}
@@ -116,7 +116,7 @@ Role names on Discord are case sensitive, while reserved group names on Auth are
The Discord service contains a number of tasks that can be run to manually perform updates to all users.
You can run any of these tasks from the command line. Please make sure that you are in your venv and then you can run this command from the same folder that your manage.py is located:
You can run any of these tasks from the command line. Please make sure that you are in your venv, and then you can run this command from the same folder that your manage.py is located:
```shell
celery -A myauth call discord.update_all_groups
@@ -175,8 +175,8 @@ This indicates your callback URL doesn't match. Ensure the `DISCORD_CALLBACK_URL
### "Add/Remove" Errors in Discord Service
If you are receiving errors in your Notifications after verifying that your settings are all correct try the following:
If you are receiving errors in your Notifications after verifying that your settings are all correct, try the following:
- Ensure that the bot's role in Discord is at the top of the roles list. Each time you add it to your server you will need to do this again.
- Make sure that the bot is not trying to modify the Owner of the discord, as it will fail. A holding discord account added with invite link will mitigate this.
- Ensure that the bot role in Discord is at the top of the roles list. Each time you add it to your server, you will need to do this again.
- Make sure that the bot is not trying to modify the Owner of the discord, as it will fail. A holding discord account added with an invite link will mitigate this.
- Make sure that the bot role on discord has all needed permissions, Admin etc., remembering that these will need to be set every time you add the bot to the Discord server.

8
docs/features/services/discourse.md
View File

@@ -131,9 +131,9 @@ rake admin:create
Follow prompts, being sure to answer `y` when asked to allow admin privileges.
### Create API key
### Create an API key
Navigate to `discourse.example.com` and log on. Top right press the 3 lines and select `Admin`. Go to API tab and press `Generate Master API Key`.
Navigate to `discourse.example.com` and log on. Top right, press the 3 lines and select `Admin`. Go to API tab and press `Generate Master API Key`.
Add the following values to your auth project's settings file:
@@ -149,9 +149,9 @@ Navigate to `discourse.example.com` and log in. Back to the admin site, scroll d
- `sso_url`: `http://example.com/discourse/sso`
- `sso_secret`: some secure key
Save, now set `DISCOURSE_SSO_SECRET` in your auth project's settings file to the secure key you just put in Discourse.
Now set `DISCOURSE_SSO_SECRET` in your auth project's settings file to the secure key you put in Discourse.
Finally run migrations and restart Gunicorn and Celery.
Finally, run migrations and restart Gunicorn and Celery.
## Permissions

44
docs/features/services/mumble.md
View File

@@ -1,9 +1,9 @@
# Mumble
Mumble is a free voice chat server. While not as flashy as TeamSpeak, it has all the functionality and is easier to customize. And is better. I may be slightly biased.
Mumble is a free voice chat server. While not as flashy as TeamSpeak, it has all the functionality and is easier to customize. And it is better. I may be slightly biased.
:::{note}
Note that this guide assumes that you have installed Auth with the official :doc:`/installation/allianceauth` guide under ``/home/allianceserver`` and that it is called ``myauth``. Accordingly it assumes that you have a service user called ``allianceserver`` that is used to run all Auth services under supervisor.
Note that this guide assumes that you have installed Auth with the official :doc:`/installation/allianceauth` guide under ``/home/allianceserver`` and that it is called ``myauth``. Accordingly, it assumes that you have a service user called ``allianceserver`` that is used to run all Auth services under supervisor.
:::
:::{warning}
@@ -50,7 +50,7 @@ We will now install the authenticator into your Auth virtual environment. Please
source /home/allianceserver/venv/auth/bin/activate
```
Install the python dependencies for the mumble authenticator. Note that this process can take 2-10 minutes to complete.
Install the python dependencies for the mumble authenticator. Note that this process can take 2 to 10 minutes to complete.
```shell
pip install -r requirements.txt
@@ -58,7 +58,7 @@ pip install -r requirements.txt
## Configuring Mumble Server
The mumble server needs it's own database. Open an SQL shell with `mysql -u root -p` and execute the SQL commands to create it:
The mumble server needs its own database. Open an SQL shell with `mysql -u root -p` and execute the SQL commands to create it:
```sql
CREATE DATABASE alliance_mumble CHARACTER SET utf8mb4;
@@ -68,7 +68,7 @@ CREATE DATABASE alliance_mumble CHARACTER SET utf8mb4;
GRANT ALL PRIVILEGES ON alliance_mumble . * TO 'allianceserver'@'localhost';
```
Mumble ships with a configuration file that needs customization. By default its located at `/etc/mumble-server.ini`. Open it with your favorite text editor:
Mumble ships with a configuration file that needs customization. By default, its located at `/etc/mumble-server.ini`. Open it with your favorite text editor:
```shell
sudo nano /etc/mumble-server.ini
@@ -132,7 +132,7 @@ Test your configuration by starting it:
python /home/allianceserver/mumble-authenticator/authenticator.py
```
And finally ensure the allianceserver user has read/write permissions to the mumble authenticator files before proceeding:
And finally, ensure the allianceserver user has read/write permissions to the mumble authenticator files before proceeding:
```shell
sudo chown -R allianceserver:allianceserver /home/allianceserver/mumble-authenticator
@@ -153,7 +153,7 @@ startsecs=10
priority=996
```
In addition we'd recommend to add the authenticator to Auth's restart group in your supervisor conf. For that you need to add it to the group line as shown in the following example:
In addition, we'd recommend adding the authenticator to Auth's restart group in your supervisor conf. For that, you need to add it to the group line as shown in the following example:
```ini
[group:myauth]
@@ -161,7 +161,7 @@ programs=beat,worker,gunicorn,authenticator
priority=999
```
To enable the changes in your supervisor configuration you need to restart the supervisor process itself. And before we do that we are shutting down the current Auth supervisors gracefully:
To enable the changes in your supervisor configuration, you need to restart the supervisor process itself. And before we do that, we are shutting down the current Auth supervisors gracefully:
```shell
sudo supervisor stop myauth:
@@ -225,28 +225,28 @@ The needs and available resources will vary between Alliance Auth installations.
### Bandwidth
<https://wiki.mumble.info/wiki/Murmur.ini#bandwidth>
This is likely the most important setting for scaling a Mumble install, The default maximum Bandwidth is 72000bps Per User. Reducing this value will cause your clients to automatically scale back their bandwidth transmitted, while causing a reduction in voice quality. A value thats still high may cause robotic voices or users with bad connections to drop due entirely due to network load.
This is likely the most important setting for scaling a Mumble installation, The default maximum Bandwidth is 72000bps Per User. Reducing this value will cause your clients to automatically scale back their bandwidth transmitted, while causing a reduction in voice quality. A value that's still high may cause robotic voices or users with bad connections to drop due entirely due to the network load.
Please tune this value to your individual needs, the below scale may provide a rough starting point.
72000 - Superior voice quality - Less than 50 users.
54000 - No noticeable reduction in quality - 50+ Users or many channels with active audio.
36000 - Mild reduction in quality - 100+ Users
30000 - Noticeable reduction in quality but not function - 250+ Users
`72000` - Superior voice quality - Less than 50 users.
`54000` - No noticeable reduction in quality - 50+ Users or many channels with active audio.
`36000` - Mild reduction in quality - 100+ Users
`30000` - Noticeable reduction in quality but not function - 250+ Users
### Forcing Opus
<https://wiki.mumble.info/wiki/Murmur.ini#opusthreshold>
A Mumble server by default, will fall back to the older CELT codec as soon as a single user connects with an old client. This will significantly reduce your audio quality and likely place higher load on your server. We _highly_ reccommend setting this to Zero, to force OPUS to be used at all times. Be aware any users with Mumble clients prior to 1.2.4 (From 2013...) Will not hear any audio.
A Mumble server, by default, will fall back to the older CELT codec as soon as a single user connects with an old client. This will significantly reduce your audio quality and likely place a higher load on your server. We _highly_ reccommend setting this to Zero, to force OPUS to be used at all times. Be aware any users with Mumble clients prior to 1.2.4 (From 2013...) Will not hear any audio.
`opusthreshold=0`
### AutoBan and Rate Limiting
<https://wiki.mumble.info/wiki/Murmur.ini#autobanAttempts.2C_autobanTimeframe_and_autobanTime>
The AutoBan feature has some sensible settings by default, You may wish to tune these if your users keep locking themselves out by opening two clients by mistake, or if you are receiving unwanted attention
The AutoBan feature has some sensible settings by default. You may wish to tune these if your users keep locking themselves out by opening two clients by mistake, or if you are receiving unwanted attention
<https://wiki.mumble.info/wiki/Murmur.ini#messagelimit_and_messageburst>
This too, is set to a sensible configuration by default. Take note on upgrading older installs, as this may actually be set too restrictively and will rate-limit your admins accidentally, take note of the configuration in <https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini#L156>
This, too, is set to a sensible configuration by default. Take note on upgrading older installs, as this may actually be set too restrictively and will rate-limit your admins accidentally, take note of the configuration in <https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini#L156>
### "Suggest" Options
@@ -264,34 +264,34 @@ If Push to Talk is to your tastes, configure the suggestion as follows
### Setting a server password
With the default configuration your mumble server is public. Meaning that everyone who has the address can at least connect to it and might also be able join all channels that don't have any permissions set (Depending on your ACL configured for the root channel). If you want only registered member being able to join your mumble, you have to set a server password. To do so open your mumble server configuration which is by default located at `/etc/mumble-server.ini`.
With the default configuration, your mumble server is public. Meaning that everyone who has the address can at least connect to it and might also be able to join all channels that don't have any permissions set (Depending on your ACL configured for the root channel). If you want only registered member being able to join your mumble, you have to set a server password. To do so open your mumble server configuration which is by default located at `/etc/mumble-server.ini`.
```shell
sudo nano /etc/mumble-server.ini
```
Now search for `serverpassword=` and set your password here. If there is no such line, simply add it.
Now search for `serverpassword=` and set your password here. If there is no such line, add it.
```ini
serverpassword=YourSuperSecretServerPassword
```
Save the file and restart your mumble server afterwards.
Save the file and restart your mumble server afterward.
```shell
sudo service mumble-server restart
```
From now on, only registered member can join your mumble server. Now if you still want to allow guests to join you have 2 options.
From now on, only registered member can join your mumble server. Now if you still want to allow guests to join, you have two options.
- Allow the "Guest" state to activate the Mumble service in your Auth instance
- Use [Mumble temporary links](https://github.com/pvyParts/allianceauth-mumble-temp)
### Enabling Avatars in Overlay (V1.0.0+)
Ensure you have an up to date Mumble-Authenticator, this feature was added in V1.0.0
Ensure you have an up-to-date Mumble-Authenticator. This feature was added in V1.0.0
Edit `authenticator.ini` and change (or add for older installs) This code block.
Edit `authenticator.ini` and change (or add for older installations) This code block.
```ini
;If enabled, textures are automatically set as player's EvE avatar for use on overlay.

10
docs/features/services/nameformats.md
View File

@@ -4,7 +4,7 @@ This app allows you to customize how usernames for services are created.
Each service's username or nickname, depending on which the service supports, can be customized through the use of the Name Formatter config provided the service supports custom formats. This config can be found in the admin panel under **Services -> Name format config**
Currently the following services support custom name formats:
Currently, the following services support custom name formats:
```{eval-rst}
+-------------+-----------+-------------------------------------+
@@ -35,7 +35,7 @@ It's important to note here, before we get into what you can do with a name form
## Available format data
The following fields are available from a users account and main character:
The following fields are available for a user account and main character:
- `username` - Alliance Auth username
- `character_id`
@@ -53,7 +53,7 @@ The following fields are available from a users account and main character:
The name formatter uses the advanced string formatting specified by [PEP-3101](https://www.python.org/dev/peps/pep-3101/). Anything supported by this specification is supported in a name formatter.
A more digestible documentation of string formatting in Python is available on the [PyFormat](https://pyformat.info/) website.
More digestible documentation of string formatting in Python is available on the [PyFormat](https://pyformat.info/) website.
Some examples of strings you could use:
@@ -70,9 +70,9 @@ Some examples of strings you could use:
```
:::{important}
For most services, name formats only take effect when a user creates an account. This means if you create or update a name formatter it wont retroactively alter the format of users names. There are some exceptions to this where the service updates nicknames on a periodic basis. Check the service's documentation to see which of these apply.
For most services, name formats only take effect when a user creates an account. This means if you create or update a name formatter, it won't retroactively alter the format of users' names. There are some exceptions to this where the service updates nicknames on a periodic basis. Check the service's documentation to see which of these apply.
:::
:::{important}
You must only create one formatter per service per state. E.g. don't create two formatters for Mumble for the Member state. In this case one of the formatters will be used and it may not be the formatter you are expecting:
You must only create one formatter per service per state. E.g., don't create two formatters for Mumble for the Member state. In this case, one of the formatters will be used, and it may not be the formatter you are expecting:
:::

14
docs/features/services/openfire.md
View File

@@ -58,11 +58,11 @@ sudo dnf install java-11-openjdk java-11-openjdk-devel
### Download Installer
Openfire is not available through repositories so we need to get a package from the developer.
Openfire is not available through repositories, so we need to get a package from the developer.
On your PC, navigate to the [Ignite Realtime downloads section](https://www.igniterealtime.org/downloads/index.jsp), and under Openfire select Linux, click on the Ubuntu: Debian package (second from bottom of list, ends with .deb) or CentOS: RPM Package (no JRE bundled, as we have installed it on the host)
On your PC, navigate to the [Ignite Realtime downloads section](https://www.igniterealtime.org/downloads/index.jsp), and under Openfire select Linux, click on the Ubuntu: Debian package (second from bottom of the list, ends with .deb) or CentOS: RPM Package (no JRE bundled, as we have installed it on the host)
Retrieve the file location by copying the URL from the “click here” link, depending on your browser you may have a Copy Link or similar option in your right click menu.
Retrieve the file location by copying the URL from the “click here” link. Depending on your browser, you may have a Copy Link or similar option in your right click menu.
In the console, ensure youre in your users home directory:
@@ -92,7 +92,7 @@ yum install -y openfire-4.7.2-1.noarch.rpm
### Create Database
Performance is best when working from a SQL database. If you installed MySQL or MariaDB alongside your auth project, go ahead and create a database for Openfire:
Performance is best when working from an SQL database. If you installed MySQL or MariaDB alongside your auth project, go ahead and create a database for Openfire:
```shell
mysql -u root -p
@@ -128,11 +128,11 @@ Create an administrator account. The actual name is irrelevant, just dont los
Finally, log in to the console with your admin account.
Edit your auth project's settings file and enter the values you just set:
Edit your auth project's settings file and enter the values you set:
- `JABBER_URL` is the pubic address of your jabber server
- `JABBER_URL` is the public address of your jabber server
- `JABBER_PORT` is the port for clients to connect to (usually 5223)
- `JABBER_SERVER` is the name of the jabber server. If you didn't alter it during install it'll usually be your domain (eg `example.com`)
- `JABBER_SERVER` is the name of the jabber server. If you didn't alter it during the installation, it'll usually be your domain (eg `example.com`)
- `OPENFIRE_ADDRESS` is the web address of Openfire's web interface. Use http:// with port 9090 or https:// with port 9091 if you configure SSL in Openfire
### REST API Setup

14
docs/features/services/permissions.md
View File

@@ -4,17 +4,17 @@ In the past, access to services was dictated by a list of settings in `settings.
## Permissions based access
Instead of granting access to services by the previous rigid structure, access to services is now granted by the built in Django permissions system. This means that service access can be more granular, allowing only certain states, certain groups, for instance Corp CEOs, or even individual user access to each enabled service.
Instead of granting access to services by the previous rigid structure, access to services is now granted by the built-in Django permissions system. This means that service access can be more granular, allowing only certain states, certain groups, for instance, Corp CEOs, or even individual user access to each enabled service.
:::{important}
If you grant access to an individual user, they will have access to that service regardless of whether or not they are a member.
If you grant access to an individual user, they will have access to that service regardless of whether they are a member.
:::
Each service has an access permission defined, named like `Can access the <service name> service`.
To mimick the old behaviour of enabling services for all members, you would select the `Member` group from the admin panel, add the required service permission to the group and save. Likewise for Blues, select the `Blue` group and add the required permission.
To mimic the old behaviour of enabling services for all members, you would select the `Member` group from the admin panel, add the required service permission to the group and save. Likewise for Blues, select the `Blue` group and add the required permission.
A user can be granted the same permission from multiple sources. e.g. they may have it granted by several groups and directly granted on their account as well. Auth will not remove their account until all instances of the permission for that service have been revoked.
A user can be granted the same permission from multiple sources. e.g., they may have it granted by several groups and directly granted on their account as well. Auth will not remove their account until all instances of the permission for that service have been revoked.
## Removing access
@@ -22,10 +22,10 @@ A user can be granted the same permission from multiple sources. e.g. they may h
Access removal is processed immediately after removing a permission from a user or group. If you remove access from a large group, such as Member, it will immediately remove all users from that service.
:::
When you remove a service permission from a user, a signal is triggered which will activate an immediate permission check. For users this will trigger an access check for all services. For groups, due to the potential extra load, only the services whose permissions have changed will be verified, and only the users in that group.
When you remove a service permission from a user, a signal is triggered which will activate an immediate permission check. For users, this will trigger an access check for all services. For groups, due to the potential extra load, only the services whose permissions have changed will be verified, and only the users in that group.
If a user no longer has permission to access the service when this permissions check is triggered, that service will be immediately disabled for them.
If a user no longer has permission to access the service when this permission check is triggered, that service will be immediately disabled for them.
### Disabling user accounts
When you unset a user as active in the admin panel, all of that users service accounts will be immediately disabled or removed. This is due to the built in behaviour of the Django permissions system, which will return False for all permissions if a users account is disabled, regardless of their actual permissions state.
When you unset a user as active in the admin panel, all of that user's service accounts will be immediately disabled or removed. This is due to the built-in behaviour of the Django permissions system, which will return False for all permissions if a user's account is disabled, regardless of their actual permissions state.

8
docs/features/services/phpbb3.md
View File

@@ -67,7 +67,7 @@ Now we need to move this to our web directory. Usually `/var/www/forums`.
mv phpBB3 /var/www/forums
```
The web server needs read/write permission to this folder
The web server needs read/write permissions to this folder
Apache: `chown -R www-data:www-data /var/www/forums`
Nginx: `chown -R nginx:nginx /var/www/forums`
@@ -80,7 +80,7 @@ Nginx: `chown -R nginx:nginx /var/www/forums`
### Configuring Web Server
You will need to configure you web server to serve PHPBB3 before proceeding with installation.
You will need to configure your web server to serve PHPBB3 before proceeding with installation.
A minimal Apache config file might look like:
@@ -128,7 +128,7 @@ Enter your forum's web address as the `PHPBB3_URL` setting in your auth project'
### Web Install
Navigate to your forums web address where you will be presented with an installer.
Navigate to your forum web address where you will be presented with an installer.
Click on the `Install` tab.
@@ -155,7 +155,7 @@ phpBB will then write its own config file.
### Open the Forums
Before users can see the forums, we need to remove the install directory
Before users can see the forums, we need to remove the installation directory
```shell
rm -rf /var/www/forums/install

8
docs/features/services/smf.md
View File

@@ -32,7 +32,7 @@ DATABASES['smf'] = {
### Download SMF
Using your browser, you can download the latest version of SMF to your desktop computer. All SMF downloads can be found at SMF Downloads. The latest recommended version will always be available at <http://www.simplemachines.org/download/index.php/latest/install/>. Retrieve the file location from the hyperlinked box icon for the zip full install, depending on your browser you may have a Copy Link or similar option in your right click menu.
Using your browser, you can download the latest version of SMF to your desktop computer. All SMF downloads can be found at SMF Downloads. The latest recommended version will always be available at <http://www.simplemachines.org/download/index.php/latest/install/>. Retrieve the file location from the hyperlinked box icon for the zip full install, depending on your browser, you may have a Copy Link or similar option in your right click menu.
Download using wget, replacing the URL with the URL for the package you just retrieved
@@ -52,13 +52,13 @@ Now we need to move this to our web directory. Usually `/var/www/forums`.
mv smf /var/www/forums
```
The web server needs read/write permission to this folder
The web server needs read/write permissions to this folder
Apache: `chown -R www-data:www-data /var/www/forums`
Nginx: `chown -R nginx:nginx /var/www/forums`
:::{tip}
Nginx: Some distributions use the ``www-data:www-data`` user:group instead of ``nginx:nginx``. If you run into problems with permissions try it instead.
Nginx: Some distributions use the ``www-data:www-data`` user:group instead of ``nginx:nginx``. If you run into problems with permissions, try it instead.
:::
### Database Preparation
@@ -117,7 +117,7 @@ Enter the web address to your forums into the `SMF_URL` setting in your auth pro
### Web Install
Navigate to your forums address where you will be presented with an installer.
Navigate to your forum address where you will be presented with an installer.
Click on the `Install` tab.

12
docs/features/services/teamspeak3.md
View File

@@ -34,7 +34,7 @@ CELERYBEAT_SCHEDULE['run_ts3_group_update'] = {
### Download Installer
To install we need a copy of the server. You can find the latest version from the [TeamSpeak site](https://www.teamspeak.com/downloads#)). Be sure to get a link to the Linux version.
To install, we need a copy of the server. You can find the latest version on the [TeamSpeak website](https://www.teamspeak.com/downloads#). Be sure to get a link to the Linux version.
Download the server, replacing the link with the link you got earlier.
@@ -75,7 +75,7 @@ ln -s /usr/local/teamspeak/ts3server_startscript.sh /etc/init.d/teamspeak
update-rc.d teamspeak defaults
```
Finally we start the server.
Finally, we start the server.
```shell
service teamspeak start
@@ -109,7 +109,7 @@ Click the URL provided to automatically connect to our server. It will prompt yo
### Groups
Now we need to make groups. AllianceAuth handles groups in teamspeak differently: instead of creating groups it creates an association between groups in TeamSpeak and groups in AllianceAuth. Go ahead and make the groups you want to associate with auth groups, keeping in mind multiple TeamSpeak groups can be associated with a single auth group.
Now we need to make groups. AllianceAuth handles groups in teamspeak differently: instead of creating groups, it creates an association between groups in TeamSpeak and groups in AllianceAuth. Go ahead and make the groups you want to associate with auth groups, keeping in mind multiple TeamSpeak groups can be associated with a single auth group.
Navigate back to the AllianceAuth admin interface (example.com/admin) and under `Teamspeak3`, select `Auth / TS Groups`.
@@ -127,7 +127,7 @@ To enable advanced permissions, on your client go to the `Tools` menu, `Applicat
### TS group models not populating on admin site
The method which populates these runs every 30 minutes. To populate manually you start the process from the admin site or from the Django shell.
The method which populates these runs every 30 minutes. To populate manually, you start the process from the admin site or from the Django shell.
#### Admin Site
@@ -156,7 +156,7 @@ Ensure that command does not return an error.
This usually occurs because auth is trying to remove a user from the `Guest` group (group ID 8). The guest group is only assigned to a user when they have no other groups, unless you have changed the default teamspeak server config.
Teamspeak servers v3.0.13 and up are especially susceptible to this. Ensure the Channel Admin Group is not set to `Guest (8)`. Check by right clicking on the server name, `Edit virtual server`, and in the middle of the panel select the `Misc` tab.
Teamspeak servers v3.0.13 and up are especially susceptible to this. Ensure the Channel Admin Group is not set to `Guest (8)`. Check by right-clicking on the server name, `Edit virtual server`, and in the middle of the panel select the `Misc` tab.
### `TypeError: string indices must be integers, not str`
@@ -174,7 +174,7 @@ The serverquery account login specified in local.py is incorrect. Please verify
### `2568 insufficient client permissions`
This usually occurs if you've created a separate serverquery user to use with auth. It has not been assigned sufficient permissions to complete all the tasks required of it. The full list of required permissions is not known, so assign liberally.
This usually occurs if you've created a separate serverquery user to use with auth. It has not been assigned sufficient permissions to complete all the tasks required of it. The full list of required permissions is not known, so assign them liberally.
## Permissions

8
docs/features/services/xenforo.md
View File

@@ -2,7 +2,7 @@
## Overview
[XenForo](https://xenforo.com/) is a popular paid forum. This guide will assume that you already have XenForo installed with a valid license (please keep in mind that XenForo is not free nor open-source, therefore you need to purchase a license first). If you come across any problems related with the installation of XenForo please contact their support service.
[XenForo](https://xenforo.com/) is a popular, paid forum. This guide will assume that you already have XenForo installed with a valid license (please keep in mind that XenForo is not free nor open-source, therefore, you need to purchase a license first). If you come across any problems related with the installation of XenForo please contact their support service.
## Prepare Your Settings
@@ -20,12 +20,12 @@ XENFORO_APIKEY = 'yourapikey'
## XenAPI
By default XenForo does not support any kind of API, however there is a third-party package called [XenAPI](https://github.com/Contex/XenAPI) which provides a simple REST interface by which we can access XenForo's functions in order to create and edit users.
By default, XenForo does not support any kind of API, however, there is a third-party package called [XenAPI](https://github.com/Contex/XenAPI) which provides a simple REST interface by which we can access XenForo's functions to create and edit users.
The installation of XenAPI is pretty straight forward. The only thing you need to do is to download the `api.php` from the official repository and upload it in the root folder of your XenForo installation. The final result should look like this:
*forumswebsite.com/***api.php**
Now that XenAPI is installed the only thing left to do is to provide a key.
Now that XenAPI is installed, the only thing left to do is to provide a key.
```php
$restAPI = new RestAPI('REPLACE_THIS_WITH_AN_API_KEY');
@@ -37,7 +37,7 @@ The settings you created earlier now need to be filled out.
`XENFORO_ENDPOINT` is the address to the API you added. No leading `http://`, but be sure to include the `/api.php` at the end.
`XENFORO_DEFAULT_GROUP` is the ID of the group in XenForo auth users will be added to. Unfortunately XenAPI **cannot create new groups**, therefore you have to create a group manually and then get its ID.
`XENFORO_DEFAULT_GROUP` is the ID of the group in XenForo auth users will be added to. Unfortunately, XenAPI **cannot create new groups**, therefore, you have to create a group manually and then get its ID.
`XENFORO_API_KEY` is the API key value you set earlier.