221V
/
Misago


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
							from datetime import timedelta

from django import forms
from django.contrib.auth import get_user_model
from django.core.exceptions import PermissionDenied
from django.utils import timezone
from django.utils.translation import ugettext_lazy as _
from django.utils.translation import ungettext

from misago.acl import algebra
from misago.acl.decorators import return_boolean
from misago.acl.models import Role


__all__ = [
    'allow_delete_user',
    'can_delete_user',
]
"""
Admin Permissions Form
"""


class PermissionsForm(forms.Form):
    legend = _("Deleting users")

    can_delete_users_newer_than = forms.IntegerField(
        label=_("Maximum age of deleted account (in days)"),
        help_text=_("Enter zero to disable this check."),
        min_value=0,
        initial=0
    )
    can_delete_users_with_less_posts_than = forms.IntegerField(
        label=_("Maximum number of posts on deleted account"),
        help_text=_("Enter zero to disable this check."),
        min_value=0,
        initial=0
    )


def change_permissions_form(role):
    if isinstance(role, Role) and role.special_role != 'anonymous':
        return PermissionsForm
    else:
        return None


"""
ACL Builder
"""


def build_acl(acl, roles, key_name):
    new_acl = {
        'can_delete_users_newer_than': 0,
        'can_delete_users_with_less_posts_than': 0,
    }
    new_acl.update(acl)

    return algebra.sum_acls(
        new_acl,
        roles=roles,
        key=key_name,
        can_delete_users_newer_than=algebra.greater,
        can_delete_users_with_less_posts_than=algebra.greater
    )


"""
ACL's for targets
"""


def add_acl_to_user(user, target):
    target.acl['can_delete'] = can_delete_user(user, target)
    if target.acl['can_delete']:
        target.acl['can_moderate'] = True


def register_with(registry):
    registry.acl_annotator(get_user_model(), add_acl_to_user)


"""
ACL tests
"""


def allow_delete_user(user, target):
    newer_than = user.acl_cache['can_delete_users_newer_than']
    less_posts_than = user.acl_cache['can_delete_users_with_less_posts_than']
    if not newer_than and not less_posts_than:
        raise PermissionDenied(_("You can't delete users."))

    if user.pk == target.pk:
        raise PermissionDenied(_("You can't delete yourself."))
    if target.is_staff or target.is_superuser:
        raise PermissionDenied(_("You can't delete administrators."))

    if newer_than:
        if target.joined_on < timezone.now() - timedelta(days=newer_than):
            message = ungettext(
                "You can't delete users that are "
                "members for more than %(days)s day.", "You can't delete users that are "
                "members for more than %(days)s days.", newer_than
            ) % {
                'days': newer_than
            }
            raise PermissionDenied(message)
    if less_posts_than:
        if target.posts > less_posts_than:
            message = ungettext(
                "You can't delete users that made more than %(posts)s post.",
                "You can't delete users that made more than %(posts)s posts.", less_posts_than
            ) % {
                'posts': less_posts_than
            }
            raise PermissionDenied(message)


can_delete_user = return_boolean(allow_delete_user)