Index: docs/en_US/release_notes_4_24.rst IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- docs/en_US/release_notes_4_24.rst (revision 64f5253bd30edfe3e3c30c3661a3ac5e5ee64a05) +++ docs/en_US/release_notes_4_24.rst (date 1594980718433) @@ -9,6 +9,7 @@ New features ************ +| `Issue #5235 `_ - Support configuration files that are external to the application installation. | `Issue #5484 `_ - Added support for LDAP authentication with different DN by setting the dedicated user for the LDAP connection. | `Issue #5583 `_ - Added support for schema level restriction. | `Issue #5601 `_ - Added RLS Policy support in Schema Diff. Index: docs/en_US/config_py.rst IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- docs/en_US/config_py.rst (revision 64f5253bd30edfe3e3c30c3661a3ac5e5ee64a05) +++ docs/en_US/config_py.rst (date 1594979538425) @@ -23,10 +23,21 @@ and may be created by users in the same directory as ``config.py`` if needed. -.. note:: If the SERVER_MODE setting is changed in ``config_distro.py`` or ``config_local.py``, - you will most likely need to re-set the LOG_FILE, SQLITE_PATH, SESSION_DB_PATH - and STORAGE_DIR values as well as they will have been set based on the default - configuration or overridden by the runtime. +* ``config_system.py``: This file is read after ``config_local.py`` and is + intended for system administrators to include settings that are configured + system-wide from a secure location that users cannot normally modify and that + is outside of the pgAdmin installation. The location for this file varies + based on the platform, and only needs to be created if desired: + + * Linux: ``/etc/pgadmin/config_system.py`` + * macOS: ``/Library/Preferences/pgadmin/config_system.py`` + * Windows: ``%CommonProgramFiles%\pgadmin\config_system.py`` + +.. note:: If the SERVER_MODE setting is changed in ``config_distro.py``, + ``config_local.py``, or ``config_system.py`` you will most likely need to + re-set the LOG_FILE, SQLITE_PATH, SESSION_DB_PATH and STORAGE_DIR values + as well as they will have been set based on the default configuration or + overridden by the runtime. The default ``config.py`` file is shown below for reference: Index: docs/en_US/code_overview.rst IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- docs/en_US/code_overview.rst (revision 64f5253bd30edfe3e3c30c3661a3ac5e5ee64a05) +++ docs/en_US/code_overview.rst (date 1594980391487) @@ -29,9 +29,10 @@ The core application configuration is found in **config.py**. This file includes all configurable settings for the application, along with descriptions of their -use. It is essential that various settings are configured prior to deployent on -a web server; these can be overriden in **config_local.py** to avoid modifying -the main configuration file. +use. It is essential that various settings are configured prior to deployment on +a web server; these can be overridden in **config_local.py** or +**config_system.py** (see the :ref:`config.py ` documentation) to +avoid modifying the main configuration file. User Settings ============= @@ -108,7 +109,7 @@ the module into the rest of the application - for example, a hook might tell the caller what CSS files need to be included on the rendered page, or what menu options to include and what they should do. Hook points need not exist if they -are not required. It is the responsiblity of the caller to ensure they are +are not required. It is the responsibility of the caller to ensure they are present before attempting to utilise them. Hooks currently implemented are: @@ -210,6 +211,6 @@ Backform for generating properties/create dialog for selected node. We have divided each module in small chunks as much as possible. Not all javascript modules are required to be loaded (i.e. loading a javascript module for -database will make sense only when a server node is loaded competely.) Please +database will make sense only when a server node is loaded completely.) Please look at the the javascript files node.js, browser.js, menu.js, panel.js, etc for better understanding of the code. \ No newline at end of file Index: docs/en_US/query_tool.rst IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- docs/en_US/query_tool.rst (revision 64f5253bd30edfe3e3c30c3661a3ac5e5ee64a05) +++ docs/en_US/query_tool.rst (date 1594980391491) @@ -286,8 +286,10 @@ Query History is maintained across sessions for each database on a per-user basis when running in Query Tool mode. In View/Edit Data mode, history is not retained. By default, the last 20 queries are stored for each database. This -can be adjusted in `config_local.py` by overriding the `MAX_QUERY_HIST_STORED` -value. See the :ref:`Deployment ` section for more information. +can be adjusted in ``config_local.py`` or ``config_system.py`` (see the +:ref:`config.py ` documentation) by overriding the +`MAX_QUERY_HIST_STORED` value. See the :ref:`Deployment ` section +for more information. Connection Status ***************** Index: docs/en_US/enabling_ldap_authentication.rst IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- docs/en_US/enabling_ldap_authentication.rst (revision 64f5253bd30edfe3e3c30c3661a3ac5e5ee64a05) +++ docs/en_US/enabling_ldap_authentication.rst (date 1594980391494) @@ -5,9 +5,10 @@ ************************************************** To enable LDAP authentication for pgAdmin, you must configure the LDAP -settings in the *config_local.py* or *config_distro.py* file on the system where -pgAdmin is installed in Server mode. You can copy these settings from *config.py* -file and modify the values for the following parameters: +settings in the *config_local.py* or *config_system.py* file (see the +:ref:`config.py ` documentation) on the system where pgAdmin is +installed in Server mode. You can copy these settings from *config.py* file +and modify the values for the following parameters: .. csv-table:: :header: "**Parameter**", "**Description**" @@ -21,9 +22,12 @@ * [‘ldap’]: pgAdmin will use only LDAP authentication. * [‘ldap’, ‘internal’]: pgAdmin will first try to authenticate the user through - LDAP. If that authentication fails, then internal user entries of pgAdmin will be used for authentication. + LDAP. If that authentication fails, then internal user entries of pgAdmin + will be used for authentication. - * [‘internal’, ‘ldap’]: pgAdmin will first try to authenticate the user through internal user entries. If that authentication fails, then LDAP authentication will be used." + * [‘internal’, ‘ldap’]: pgAdmin will first try to authenticate the user + through internal user entries. If that authentication fails, then LDAP + authentication will be used." "LDAP_AUTO_CREATE_USER", "Specifies if you want to automatically create a pgAdmin user corresponding to the LDAP user credentials. Please note that LDAP password is not stored in the pgAdmin database." Index: web/config.py IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- web/config.py (revision 64f5253bd30edfe3e3c30c3661a3ac5e5ee64a05) +++ web/config.py (date 1594978703234) @@ -16,7 +16,6 @@ import os import sys - # We need to include the root directory in sys.path to ensure that we can # find everything we need when running in the standalone runtime. root = os.path.dirname(os.path.realpath(__file__)) @@ -572,7 +571,23 @@ except ImportError: pass -# Override DEFAULT_SERVE value from environment variable. +# Load system config overrides. We do this last, so that the sysadmin can +# override anything they want from a config file that's in a protected system +# directory and away from pgAdmin to avoid invalidating signatures. +system_config_dir = '/etc/pgadmin' +if sys.platform.startswith('win32'): + system_config_dir = os.environ['CommonProgramFiles'] + '/pgadmin' +elif sys.platform.startswith('darwin'): + system_config_dir = '/Library/Preferences/pgadmin' + +if os.path.exists(system_config_dir + '/config_system.py'): + try: + sys.path.insert(0, system_config_dir) + from config_system import * + except ImportError: + pass + +# Override DEFAULT_SERVER value from environment variable. if 'PGADMIN_CONFIG_DEFAULT_SERVER' in os.environ: DEFAULT_SERVER = os.environ['PGADMIN_CONFIG_DEFAULT_SERVER']