Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-12-18 23:05:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

MyST conversion

Browse Source
This commit is contained in:
Ariel Rin
2023-10-31 23:31:41 +10:00
parent 7024552c4e
commit 98e91fe207
25 changed files with 348 additions and 332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/features/apps/autogroups.md
View File

@@ -1,9 +1,5 @@
# Auto Groups
:::{note}
New in 2.0
```
Auto groups allows you to automatically place users of certain states into Corp or Alliance based groups. These groups are created when the first user is added to them and removed when the configuration is deleted.
## Installation
@@ -19,16 +15,13 @@ When you create an autogroup config you will be given the following options:
![Create Autogroup page](/_static/images/features/apps/autogroups/group-creation.png)
:::{warning}
After creating a group you wont be able to change the Corp and Alliance group prefixes, name source and the replace spaces settings. Make sure you configure these the way you want before creating the config. If you need to change these you will have to create a new autogroup config.
After creating a group you wont be able to change the Corp and Alliance group prefixes, name source and the replace spaces settings. Make sure you configure these the way you want before creating the config. If you need to change these you will have to create a new autogroup config.
:::
- States selects which states will be added to automatic Corp/Alliance groups
- Corp/Alliance groups checkbox toggles Corp/Alliance autogroups on or off for this config.
- Corp/Alliance group prefix sets the prefix for the group name, e.g. if your Corp was called `MyCorp` and your prefix was `Corp`, your autogroup name would be created as `Corp MyCorp`. This field accepts leading/trailing spaces.
- Corp/Alliance name source sets the source of the Corp/Alliance name used in creating the group name. Currently the options are Full name and Ticker.
- Replace spaces allows you to replace spaces in the autogroup name with the value in the Replace spaces with field. This can be blank.
## Permissions

3
docs/features/apps/fleetactivitytracking.md
View File

@@ -22,7 +22,6 @@ Users do not require any permissions to interact with FAT Links created.
+=======================================+==================+==========================================================================+
| auth.fleetactivitytracking | None | Create and Modify FATLinks |
+---------------------------------------+------------------+--------------------------------------------------------------------------+
| auth.fleetactivitytracking_statistics | None | Can view detailed statistics for corp models and other characters. |
| auth.fleetactivitytracking_statistics | None | Can view detailed statistics for corp models and other characters. |
+---------------------------------------+------------------+--------------------------------------------------------------------------+
```

18
docs/features/core/admin_site.md
View File

@@ -11,8 +11,9 @@ You can open the admin site by clicking on "Admin" in the drop down menu for a u
For small to medium size alliances it is often sufficient to have no more then two superuser admins (admins that also are superusers). Having two admins usually makes sense, so you can have one primary and one backup.
:::{warning}
Superusers have read & write access to everything on your AA installation. Superusers also automatically have all permissions and therefore access to all features of your apps. Therefore we recommend to be very careful to whom you give superuser privileges.
Superusers have read & write access to everything on your AA installation. Superusers also automatically have all permissions and therefore access to all features of your apps. Therefore we recommend to be very careful to whom you give superuser privileges.
:::
## Setup for large installations
For large alliances and coalitions you may want to have a couple of administrators to be able to distribute and handle the work load. However, having a larger number of superusers may be a security concern.
@@ -25,14 +26,15 @@ To create a staff admin you need to do two things:
1. Give the user permissions for admin tasks
:::{note}
Note that staff admins have the following limitations:
Note that staff admins have the following limitations:
- Can not promote users to staff
- Can not promote users to superuser
- Can not add/remove permissions for users, groups and states
- Can not promote users to staff
- Can not promote users to superuser
- Can not add/remove permissions for users, groups and states
These limitations exist to prevent staff admins to promote themselves to quasi superusers. Only superusers can perform these actions.
```
These limitations exist to prevent staff admins to promote themselves to quasi superusers. Only superusers can perform these actions.
:::
### Staff property
@@ -40,7 +42,7 @@ Access to the admin site is restricted. Users needs to have the `is_staff` prope
process will automatically have access to the admin site.
:::{hint}
Without any permissions a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions.
Without any permissions a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions.
:::
### Permissions for common admin tasks

11
docs/features/core/groups.md
View File

@@ -45,14 +45,13 @@ When a group is restricted only superuser admins can directly add or remove them
```{eval-rst}
.. _ref-reserved-group-names:
```
## Reserved group names
When using Alliance Auth to manage external services like Discord, Auth will automatically duplicate groups on those services. E.g. on Discord Auth will create roles of the same name as groups. However, there may be cases where you want to manage groups on external services by yourself or by another bot. For those cases you can define a list of reserved group names. Auth will ensure that you can not create groups with a reserved name. You will find this list on the admin site under groupmanagement.
:::{note}
While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be build in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability.
```
While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be build in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability.
:::
## Managing groups
@@ -102,7 +101,7 @@ GROUPMANAGEMENT_AUTO_LEAVE = True
:::{note}
Before you set `GROUPMANAGEMENT_AUTO_LEAVE = True`, make sure there are no pending leave requests, as this option will hide the "Leave Requests" tab.
```
:::
## Settings
@@ -126,8 +125,8 @@ In order to join a group other than a public group, the permission `groupmanagem
When a user loses this permission, they will be removed from all groups _except_ Public groups.
:::{note}
By default, the ``groupmanagement.request_groups`` permission is applied to the ``Member`` group. In most instances this, and perhaps adding it to the ``Blue`` group, should be all that is ever needed. It is unsupported and NOT advisable to apply this permission to a public group. See #697 for more information.
```
By default, the ``groupmanagement.request_groups`` permission is applied to the ``Member`` group. In most instances this, and perhaps adding it to the ``Blue`` group, should be all that is ever needed. It is unsupported and NOT advisable to apply this permission to a public group. See #697 for more information.
:::
Group Management should be mostly done using group leaders, a series of permissions are included below for thoroughness:

19
docs/features/services/discord.md
View File

@@ -35,7 +35,7 @@ CELERYBEAT_SCHEDULE['discord.update_all_usernames'] = {
:::{note}
You will have to add most the values for these settings, e.g. your Discord server ID (aka guild ID), later in the setup process.
```
:::
### Creating a Server
@@ -48,9 +48,8 @@ Now retrieve the server ID [following this procedure.](https://support.discord.c
Update your auth project's settings file, inputting the server ID as `DISCORD_GUILD_ID`
:::{note}
If you already have a Discord server skip the creation step, but be sure to retrieve the server ID
```
If you already have a Discord server skip the creation step, but be sure to retrieve the server ID
:::
### Registering an Application
Navigate to the [Discord Developers site.](https://discord.com/developers/applications/me) Press the plus sign to create a new application.
@@ -106,14 +105,13 @@ Second, it is possible to exclude Discord roles from being managed by Auth at al
To exclude roles from being managed by Auth you only have to add them to the list of reserved group names in Group Management.
:::{note}
Role names on Discord are case sensitive, while reserved group names on Auth are not. Therefore reserved group names will cover all roles regardless of their case. For example if you have reserved the group name "alpha", then the Discord roles "alpha" and "Alpha" will both be persisted.
```
Role names on Discord are case sensitive, while reserved group names on Auth are not. Therefore reserved group names will cover all roles regardless of their case. For example if you have reserved the group name "alpha", then the Discord roles "alpha" and "Alpha" will both be persisted.
:::
```{eval-rst}
.. seealso::
For more information see :ref:`ref-reserved-group-names`.
```
## Tasks
The Discord service contains a number of tasks that can be run to manually perform updates to all users.
@@ -134,10 +132,9 @@ Name Description
`update_all` Update groups, nicknames, usernames of all users
======================== ====================================================
```
:::{note}
Depending on how many users you have, running these tasks can take considerable time to finish. You can calculate roughly 1 sec per user for all tasks, except update_all, which needs roughly 3 secs per user.
```
Depending on how many users you have, running these tasks can take considerable time to finish. You can calculate roughly 1 sec per user for all tasks, except update_all, which needs roughly 3 secs per user.
:::
## Settings
@@ -159,7 +156,6 @@ Name Description
`DISCORD_TASKS_MAX_RETRIES` max retries of tasks after an error occurred `3`
=================================== ============================================================================================= =======
```
## Permissions
To use this service, users will require some of the following.
@@ -171,7 +167,6 @@ To use this service, users will require some of the following.
| discord.access_discord | None | Can Access the Discord Service |
+---------------------------------------+------------------+--------------------------------------------------------------------------+
```
## Troubleshooting
### "Unknown Error" on Discord site when activating service

13
docs/features/services/mumble.md
View File

@@ -3,16 +3,19 @@
Mumble is a free voice chat server. While not as flashy as TeamSpeak, it has all the functionality and is easier to customize. And is better. I may be slightly biased.
:::{note}
Note that this guide assumes that you have installed Auth with the official :doc:`/installation/allianceauth` guide under ``/home/allianceserver`` and that it is called ``myauth``. Accordingly it assumes that you have a service user called ``allianceserver`` that is used to run all Auth services under supervisor.
```
Note that this guide assumes that you have installed Auth with the official :doc:`/installation/allianceauth` guide under ``/home/allianceserver`` and that it is called ``myauth``. Accordingly it assumes that you have a service user called ``allianceserver`` that is used to run all Auth services under supervisor.
:::
:::{warning}
This guide is currently for Ubuntu only.
This guide is currently for Ubuntu only.
:::
## Installations
### Installing Mumble Server
::::{tabs}
:::{group-tab} Ubuntu 2004, 2204
The mumble server package can be retrieved from a repository, which we need to add:
```shell
@@ -29,6 +32,10 @@ Now three packages need to be installed:
sudo apt-get install python-software-properties mumble-server libqt5sql5-mysql
```
:::
::::
### Installing Mumble Authenticator
Next, we need to download the latest authenticator release from the [authenticator repository](https://gitlab.com/allianceauth/mumble-authenticator).

9
docs/features/services/nameformats.md
View File

@@ -29,10 +29,9 @@ Currently the following services support custom name formats:
| Xenforo | Username | ``{character_name}`` |
+-------------+-----------+-------------------------------------+
```
:::{note}
It's important to note here, before we get into what you can do with a name formatter, that before the generated name is passed off to the service to create an account it will be sanitized to remove characters (the letters and numbers etc.) that the service cannot support. This means that, despite what you configured, the service may display something different. It is up to you to test your formatter and understand how your format may be disrupted by a certain services sanitization function.
```
It's important to note here, before we get into what you can do with a name formatter, that before the generated name is passed off to the service to create an account it will be sanitized to remove characters (the letters and numbers etc.) that the service cannot support. This means that, despite what you configured, the service may display something different. It is up to you to test your formatter and understand how your format may be disrupted by a certain services sanitization function.
:::
## Available format data
@@ -71,9 +70,9 @@ Some examples of strings you could use:
```
:::{important}
For most services, name formats only take effect when a user creates an account. This means if you create or update a name formatter it wont retroactively alter the format of users names. There are some exceptions to this where the service updates nicknames on a periodic basis. Check the service's documentation to see which of these apply.
For most services, name formats only take effect when a user creates an account. This means if you create or update a name formatter it wont retroactively alter the format of users names. There are some exceptions to this where the service updates nicknames on a periodic basis. Check the service's documentation to see which of these apply.
:::
:::{important}
You must only create one formatter per service per state. E.g. don't create two formatters for Mumble for the Member state. In this case one of the formatters will be used and it may not be the formatter you are expecting.
You must only create one formatter per service per state. E.g. don't create two formatters for Mumble for the Member state. In this case one of the formatters will be used and it may not be the formatter you are expecting:
:::

51
docs/features/services/openfire.md
View File

@@ -23,23 +23,37 @@ BROADCAST_SERVICE_NAME = "broadcast"
Openfire require a Java 8 runtime environment.
Ubuntu 1804, 2004, 2204:
::::{tabs}
:::{group-tab} Ubuntu 2004, 2204
```shell
sudo apt-get install openjdk-11-jre
```
Centos 7:
:::
:::{group-tab} CentOS 7
```shell
sudo yum install java-11-openjdk java-11-openjdk-devel
```
Centos Stream 8, Stream 9:
:::
:::{group-tab} CentOS Stream 8
```shell
sudo dnf install java-11-openjdk java-11-openjdk-devel
```
:::
:::{group-tab} CentOS Stream 9
```shell
sudo dnf install java-11-openjdk java-11-openjdk-devel
```
:::
::::
## Setup
### Download Installer
@@ -51,31 +65,40 @@ On your PC, navigate to the [Ignite Realtime downloads section](https://www.igni
Retrieve the file location by copying the URL from the “click here” link, depending on your browser you may have a Copy Link or similar option in your right click menu.
In the console, ensure youre in your users home directory:
```shell
cd ~
```
Download and install the package, replacing the URL with the latest you got from the Openfire download page earlier
Ubuntu 1804, 2004, 2204:
::::{tabs}
:::{group-tab} Ubuntu 2004, 2204
```shell
wget https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_4.7.2_all.deb
:::
:::{group-tab} CentOS 7
wget <https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_4.7.2_all.deb>
dpkg -i openfire_4.7.2_all.deb
```
Centos 7, Stream 8, Stream 9:
```shell
wget https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-4.7.2-1.noarch.rpm
:::
:::{group-tab} CentOS Stream 8
wget <https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-4.7.2-1.noarch.rpm>
yum install -y openfire-4.7.2-1.noarch.rpm
```
:::
:::{group-tab} CentOS Stream 9
wget <https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-4.7.2-1.noarch.rpm>
yum install -y openfire-4.7.2-1.noarch.rpm
:::
::::
### Create Database
Performance is best when working from a SQL database. If you installed MySQL or MariaDB alongside your auth project, go ahead and create a database for Openfire:
```shell
mysql -u root -p
```
```sql
create database alliance_jabber;
grant all privileges on alliance_jabber . * to 'allianceserver'@'localhost';
exit;
@@ -83,7 +106,7 @@ exit;
### Web Configuration
The remainder of the setup occurs through Openfires web interface. Navigate to http://example.com:9090, or if youre behind CloudFlare, go straight to your servers IP:9090.
The remainder of the setup occurs through Openfires web interface. Navigate to <http://example.com:9090>, or if youre behind CloudFlare, go straight to your servers IP:9090.
Select your language. I sure hope its English if youre reading this guide.

4
docs/features/services/permissions.md
View File

@@ -7,7 +7,7 @@ In the past, access to services was dictated by a list of settings in `settings.
Instead of granting access to services by the previous rigid structure, access to services is now granted by the built in Django permissions system. This means that service access can be more granular, allowing only certain states, certain groups, for instance Corp CEOs, or even individual user access to each enabled service.
:::{important}
If you grant access to an individual user, they will have access to that service regardless of whether or not they are a member.
If you grant access to an individual user, they will have access to that service regardless of whether or not they are a member.
:::
Each service has an access permission defined, named like `Can access the <service name> service`.
@@ -19,7 +19,7 @@ A user can be granted the same permission from multiple sources. e.g. they may h
## Removing access
:::{danger}
Access removal is processed immediately after removing a permission from a user or group. If you remove access from a large group, such as Member, it will immediately remove all users from that service.
Access removal is processed immediately after removing a permission from a user or group. If you remove access from a large group, such as Member, it will immediately remove all users from that service.
:::
When you remove a service permission from a user, a signal is triggered which will activate an immediate permission check. For users this will trigger an access check for all services. For groups, due to the potential extra load, only the services whose permissions have changed will be verified, and only the users in that group.

23
docs/features/services/smf.md
View File

@@ -11,6 +11,7 @@ SMF requires PHP installed in your web server. Apache has `mod_php`, NGINX requi
## Prepare Your Settings
In your auth project's settings file, do the following:
- Add `'allianceauth.services.modules.smf',` to your `INSTALLED_APPS` list
- Append the following to the bottom of the settings file:
@@ -31,8 +32,7 @@ DATABASES['smf'] = {
### Download SMF
Using your browser, you can download the latest version of SMF to your desktop computer. All SMF downloads can be found at SMF Downloads. The latest recommended version will always be available at http://www.simplemachines.org/download/index.php/latest/install/. Retrieve the file location from the hyperlinked box icon for the zip full install, depending on your browser you may have a Copy Link or similar option in your right click menu.
Using your browser, you can download the latest version of SMF to your desktop computer. All SMF downloads can be found at SMF Downloads. The latest recommended version will always be available at <http://www.simplemachines.org/download/index.php/latest/install/>. Retrieve the file location from the hyperlinked box icon for the zip full install, depending on your browser you may have a Copy Link or similar option in your right click menu.
Download using wget, replacing the URL with the URL for the package you just retrieved
@@ -41,11 +41,13 @@ wget https://download.simplemachines.org/index.php?thanks;filename=smf_2-1-2_ins
```
This needs to be unpackaged. Unzip it, replacing the file name with that of the file you just downloaded
```shell
unzip smf_2-1-2_install.zip
```
Now we need to move this to our web directory. Usually `/var/www/forums`.
```shell
mv smf /var/www/forums
```
@@ -56,19 +58,18 @@ Apache: `chown -R www-data:www-data /var/www/forums`
Nginx: `chown -R nginx:nginx /var/www/forums`
:::{tip}
Nginx: Some distributions use the ``www-data:www-data`` user:group instead of ``nginx:nginx``. If you run into problems with permissions try it instead.
..
Nginx: Some distributions use the ``www-data:www-data`` user:group instead of ``nginx:nginx``. If you run into problems with permissions try it instead.
:::
### Database Preparation
SMF needs a database. Create one:
```shell
mysql -u root -p
```
```mysql
```sql
create database alliance_smf;
grant all privileges on alliance_smf . * to 'allianceserver'@'localhost';
exit;
@@ -81,7 +82,8 @@ Enter the database information into the `DATABASES['smf']` section of your auth
Your web server needs to be configured to serve SMF.
A minimal Apache config might look like:
```apache
```ini
<VirtualHost *:80>
ServerName forums.example.com
DocumentRoot /var/www/forums
@@ -92,7 +94,8 @@ A minimal Apache config might look like:
````
A minimal Nginx config might look like:
```nginx
```ini
server {
listen 80;
server_name forums.example.com;
@@ -108,7 +111,8 @@ server {
include fastcgi_params;
}
}
````
```
Enter the web address to your forums into the `SMF_URL` setting in your auth project's settings file.
### Web Install
@@ -120,6 +124,7 @@ Click on the `Install` tab.
All the requirements should be met. Press `Start Install`.
Under Database Settings, set the following:
- Database Type is `MySQL`
- Database Server Hostname is `127.0.0.1`
- Database Server Port is left blank

2
docs/features/services/teamspeak3.md
View File

@@ -38,7 +38,7 @@ To install we need a copy of the server. You can find the latest version from th
Download the server, replacing the link with the link you got earlier.
```bash
```shell
cd ~
wget https://files.teamspeak-services.com/releases/server/3.13.7/teamspeak3-server_linux_amd64-3.13.7.tar.bz2
```