OpenAtlas

On develop the new feature is available. It is a decorator @check_ip, which checks the incoming IP against a list of IPs in app.config['ALLOWED_IPS']. I added it to every /api/ path.

Only logged in users can access the API or clients with the IP on the whitelist. I tested localhost locally, there it works.

I think my part is done.

Thank you Berni for preparing, there were multiple issues:

• IP should have overwritten the public off option but not the public on option, maybe I should have communicate that more clearly
• Since I don't think we need two access functions I merge them. But I wasn't sure why they weren't always called together so I hope I didn't miss something
• I noticed some inconsistency with orders of wrappers, this can matter so better watch out there
• I changed the error msg in api_access to "'Access denied!'" but not sure if we haven't already talked about this and there was a reason for this

• Configuration is still in default.py, I change that in one go if I move other stuff too
• Code coverage is now missing for 403 because localhost is always allowed but we wanted to look at tests anyway so I left it for now

I hope I didn't missed or break something on my part. It's all pushed in develop and online at the 2 frontend. Thanks again and see you soon.