users.py 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347
  1. from django.contrib import messages
  2. from django.contrib.auth import get_user_model, update_session_auth_hash
  3. from django.db import transaction
  4. from django.http import JsonResponse
  5. from django.shortcuts import redirect
  6. from django.utils.translation import gettext_lazy as _
  7. from ....acl.useracl import get_user_acl
  8. from ....admin.auth import authorize_admin
  9. from ....admin.views import generic
  10. from ....categories.models import Category
  11. from ....core.mail import mail_users
  12. from ....core.pgutils import chunk_queryset
  13. from ....threads.models import Thread
  14. from ...avatars.dynamic import set_avatar as set_dynamic_avatar
  15. from ...datadownloads import request_user_data_download, user_has_data_download_request
  16. from ...deletesrecord import record_user_deleted_by_staff
  17. from ...models import Ban
  18. from ...profilefields import profilefields
  19. from ...setupnewuser import setup_new_user
  20. from ...signatures import set_user_signature
  21. from ..forms import (
  22. BanUsersForm,
  23. EditUserForm,
  24. EditUserFormFactory,
  25. NewUserForm,
  26. create_filter_users_form,
  27. )
  28. from ..tasks import delete_user_with_content
  29. User = get_user_model()
  30. class UserAdmin(generic.AdminBaseMixin):
  31. root_link = "misago:admin:users:index"
  32. templates_dir = "misago/admin/users"
  33. model = User
  34. def get_form_class(self, request, target):
  35. add_is_active_fields = False
  36. add_admin_fields = False
  37. if not target.is_deleting_account:
  38. if not target.is_staff:
  39. add_is_active_fields = True
  40. elif request.user.is_superuser:
  41. add_is_active_fields = request.user.pk != target.pk
  42. if request.user.is_superuser:
  43. add_admin_fields = request.user.pk != target.pk
  44. return EditUserFormFactory(
  45. self.form_class,
  46. target,
  47. add_is_active_fields=add_is_active_fields,
  48. add_admin_fields=add_admin_fields,
  49. )
  50. class UsersList(UserAdmin, generic.ListView):
  51. items_per_page = 24
  52. ordering = [
  53. ("-id", _("From newest")),
  54. ("id", _("From oldest")),
  55. ("slug", _("A to z")),
  56. ("-slug", _("Z to a")),
  57. ("-posts", _("Biggest posters")),
  58. ("posts", _("Smallest posters")),
  59. ]
  60. selection_label = _("With users: 0")
  61. empty_selection_label = _("Select users")
  62. mass_actions = [
  63. {"action": "activate", "name": _("Activate accounts")},
  64. {"action": "ban", "name": _("Ban users"), "icon": "fa fa-lock"},
  65. {"action": "request_data_download", "name": _("Request data download")},
  66. {
  67. "action": "delete_accounts",
  68. "name": _("Delete accounts"),
  69. "confirmation": _("Are you sure you want to delete selected users?"),
  70. },
  71. {
  72. "action": "delete_all",
  73. "name": _("Delete with content"),
  74. "confirmation": _(
  75. "Are you sure you want to delete selected users? "
  76. "This will also delete all content associated with their accounts."
  77. ),
  78. "is_atomic": False,
  79. },
  80. ]
  81. def get_queryset(self):
  82. qs = super().get_queryset()
  83. return qs.select_related("rank")
  84. def get_filter_form(self, request):
  85. return create_filter_users_form()
  86. def action_activate(self, request, users):
  87. inactive_users = []
  88. for user in users:
  89. if user.requires_activation:
  90. inactive_users.append(user)
  91. if not inactive_users:
  92. message = _("You have to select inactive users.")
  93. raise generic.MassActionError(message)
  94. else:
  95. activated_users_pks = [u.pk for u in inactive_users]
  96. queryset = User.objects.filter(pk__in=activated_users_pks)
  97. queryset.update(requires_activation=User.ACTIVATION_NONE)
  98. subject = _("Your account on %(forum_name)s forums has been activated")
  99. mail_subject = subject % {"forum_name": request.settings.forum_name}
  100. mail_users(
  101. inactive_users,
  102. mail_subject,
  103. "misago/emails/activation/by_admin",
  104. context={"settings": request.settings},
  105. )
  106. messages.success(request, _("Selected users accounts have been activated."))
  107. def action_ban(
  108. self, request, users
  109. ): # pylint: disable=too-many-locals, too-many-nested-blocks, too-many-branches
  110. users = users.order_by("slug")
  111. for user in users:
  112. if user.is_superuser:
  113. message = _("%(user)s is super admin and can't be banned.")
  114. mesage = message % {"user": user.username}
  115. raise generic.MassActionError(mesage)
  116. form = BanUsersForm(users=users)
  117. if "finalize" in request.POST:
  118. form = BanUsersForm(request.POST, users=users)
  119. if form.is_valid():
  120. cleaned_data = form.cleaned_data
  121. banned_values = []
  122. ban_kwargs = {
  123. "user_message": cleaned_data.get("user_message"),
  124. "staff_message": cleaned_data.get("staff_message"),
  125. "expires_on": cleaned_data.get("expires_on"),
  126. }
  127. for user in users:
  128. for ban in cleaned_data["ban_type"]:
  129. banned_value = None
  130. if ban == "usernames":
  131. check_type = Ban.USERNAME
  132. banned_value = user.username.lower()
  133. if ban == "emails":
  134. check_type = Ban.EMAIL
  135. banned_value = user.email.lower()
  136. if ban == "domains":
  137. check_type = Ban.EMAIL
  138. banned_value = user.email.lower()
  139. at_pos = banned_value.find("@")
  140. banned_value = "*%s" % banned_value[at_pos:]
  141. if ban == "ip" and user.joined_from_ip:
  142. check_type = Ban.IP
  143. banned_value = user.joined_from_ip
  144. if ban in ("ip_first", "ip_two") and user.joined_from_ip:
  145. check_type = Ban.IP
  146. if ":" in user.joined_from_ip:
  147. ip_separator = ":"
  148. if "." in user.joined_from_ip:
  149. ip_separator = "."
  150. bits = user.joined_from_ip.split(ip_separator)
  151. if ban == "ip_first":
  152. formats = (bits[0], ip_separator)
  153. if ban == "ip_two":
  154. formats = (bits[0], ip_separator, bits[1], ip_separator)
  155. banned_value = "%s*" % ("".join(formats))
  156. if banned_value and banned_value not in banned_values:
  157. ban_kwargs.update(
  158. {"check_type": check_type, "banned_value": banned_value}
  159. )
  160. Ban.objects.create(**ban_kwargs)
  161. banned_values.append(banned_value)
  162. Ban.objects.invalidate_cache()
  163. messages.success(request, _("Selected users have been banned."))
  164. return None
  165. return self.render(
  166. request,
  167. {"users": users, "form": form},
  168. template_name="misago/admin/users/ban.html",
  169. )
  170. def action_request_data_download(self, request, users):
  171. for user in users:
  172. if not user_has_data_download_request(user):
  173. request_user_data_download(user, requester=request.user)
  174. messages.success(
  175. request, _("Data download requests have been placed for selected users.")
  176. )
  177. def action_delete_accounts(self, request, users):
  178. for user in users:
  179. if user == request.user:
  180. raise generic.MassActionError(_("You can't delete yourself."))
  181. if user.is_staff or user.is_superuser:
  182. message = _("%(user)s is admin and can't be deleted.") % {
  183. "user": user.username
  184. }
  185. raise generic.MassActionError(message)
  186. for user in users:
  187. user.delete(anonymous_username=request.settings.anonymous_username)
  188. record_user_deleted_by_staff()
  189. messages.success(request, _("Selected users have been deleted."))
  190. def action_delete_all(self, request, users):
  191. for user in users:
  192. if user == request.user:
  193. raise generic.MassActionError(_("You can't delete yourself."))
  194. if user.is_staff or user.is_superuser:
  195. message = _("%(user)s is admin and can't be deleted.") % {
  196. "user": user.username
  197. }
  198. raise generic.MassActionError(message)
  199. for user in users:
  200. user.is_active = False
  201. user.save()
  202. delete_user_with_content.delay(user.pk)
  203. messages.success(
  204. request,
  205. _(
  206. "Selected users have been disabled and queued for deletion "
  207. "together with their content."
  208. ),
  209. )
  210. class NewUser(UserAdmin, generic.ModelFormView):
  211. form_class = NewUserForm
  212. template_name = "new.html"
  213. message_submit = _('New user "%(user)s" has been registered.')
  214. def get_form(self, form_class, request, target):
  215. if request.method == "POST":
  216. return form_class(
  217. request.POST, request.FILES, instance=target, request=request
  218. )
  219. return form_class(instance=target, request=request)
  220. def handle_form(self, form, request, target):
  221. new_user = User.objects.create_user(
  222. form.cleaned_data["username"],
  223. form.cleaned_data["email"],
  224. form.cleaned_data["new_password"],
  225. title=form.cleaned_data["title"],
  226. rank=form.cleaned_data.get("rank"),
  227. joined_from_ip=request.user_ip,
  228. )
  229. if form.cleaned_data.get("roles"):
  230. new_user.roles.add(*form.cleaned_data["roles"])
  231. new_user.update_acl_key()
  232. setup_new_user(request.settings, new_user)
  233. messages.success(request, self.message_submit % {"user": target.username})
  234. return redirect("misago:admin:users:edit", pk=new_user.pk)
  235. class EditUser(UserAdmin, generic.ModelFormView):
  236. form_class = EditUserForm
  237. template_name = "edit.html"
  238. message_submit = _('User "%(user)s" has been edited.')
  239. def real_dispatch(self, request, target):
  240. target.old_username = target.username
  241. target.old_is_avatar_locked = target.is_avatar_locked
  242. return super().real_dispatch(request, target)
  243. def get_form(self, form_class, request, target):
  244. if request.method == "POST":
  245. return form_class(
  246. request.POST, request.FILES, instance=target, request=request
  247. )
  248. return form_class(instance=target, request=request)
  249. def handle_form(self, form, request, target):
  250. target.username = target.old_username
  251. if target.username != form.cleaned_data.get("username"):
  252. target.set_username(
  253. form.cleaned_data.get("username"), changed_by=request.user
  254. )
  255. if form.cleaned_data.get("new_password"):
  256. target.set_password(form.cleaned_data["new_password"])
  257. if form.cleaned_data.get("email"):
  258. target.set_email(form.cleaned_data["email"])
  259. if form.cleaned_data.get("is_avatar_locked"):
  260. if not target.old_is_avatar_locked:
  261. set_dynamic_avatar(target)
  262. if "is_staff" in form.fields and "is_superuser" in form.fields:
  263. target.is_staff = form.cleaned_data.get("is_staff")
  264. target.is_superuser = form.cleaned_data.get("is_superuser")
  265. if "is_active" in form.fields and "is_active_staff_message" in form.fields:
  266. target.is_active = form.cleaned_data.get("is_active")
  267. target.is_active_staff_message = form.cleaned_data.get(
  268. "is_active_staff_message"
  269. )
  270. target.rank = form.cleaned_data.get("rank")
  271. target.roles.clear()
  272. target.roles.add(*form.cleaned_data["roles"])
  273. target_acl = get_user_acl(target, request.cache_versions)
  274. set_user_signature(
  275. request, target, target_acl, form.cleaned_data.get("signature")
  276. )
  277. profilefields.update_user_profile_fields(request, target, form)
  278. target.update_acl_key()
  279. target.save()
  280. if target.pk == request.user.pk:
  281. authorize_admin(request)
  282. update_session_auth_hash(request, target)
  283. messages.success(request, self.message_submit % {"user": target.username})