Ejemplo n.º 1
0
def openid_login_callback(request):
    #构造需要检查签名的内容
    OPENID_RESPONSE = dict(request.GET)
    SIGNED_CONTENT = []
    #import json
    #print json.dumps(OPENID_RESPONSE, indent=4)
    for k in OPENID_RESPONSE['openid.signed'][0].split(","):
        response_data = OPENID_RESPONSE["openid.%s" % k]
        SIGNED_CONTENT.append("%s:%s\n" % (k, response_data[0]))
    SIGNED_CONTENT = "".join(SIGNED_CONTENT).encode("UTF-8")
    # 使用associate请求获得的mac_key与SIGNED_CONTENT进行assoc_type hash,
    # 检查是否与OpenID Server返回的一致
    SIGNED_CONTENT_SIG = base64.b64encode(
        hmac.new(base64.b64decode(request.session.get('mac_key', '')),
                 SIGNED_CONTENT, hashlib.sha256).digest())

    if SIGNED_CONTENT_SIG != OPENID_RESPONSE['openid.sig'][0]:
        return '认证失败,请重新登录验证'

    request.session.pop('mac_key', None)
    email = request.GET.get('openid.sreg.email', '')
    fullname = request.GET.get('openid.sreg.fullname', '')
    next_url = request.GET.get('next', '/')

    login_user = User.objects.filter(username__iexact=email)
    if login_user.exists():
        login_user = login_user[0]
        login_user.set_password("sentry_netease_openid_pwd")
        login_user.name = fullname  # update by hzwangzhiwei @20160329
        login_user.save()
    else:
        #不存在数据,则增加数据数用户表
        login_user = User(username=email, name=fullname, email=email)
        login_user.set_password("sentry_netease_openid_pwd")
        login_user.save()  #save to db

    # 如果不存在将这个人加入到组织member表中
    if not OrganizationMember.objects.filter(
            user=login_user, organization=Organization.get_default()).exists():
        # 同时给他们默认的trace收集
        # 将用户到组织中
        orgMember = OrganizationMember(user=login_user,
                                       organization=Organization.get_default())
        orgMember.save()
        orgMember = OrganizationMember.objects.get(
            user=login_user, organization=Organization.get_default())
        # 保存组织者到第一个小组
        orgMemTeam = OrganizationMemberTeam(organizationmember=orgMember,
                                            team=Team.objects.get(id=1))
        orgMemTeam.save()

    # HACK: grab whatever the first backend is and assume it works
    login_user.backend = settings.AUTHENTICATION_BACKENDS[0]

    auth.login(request, login_user)
    # can_register should only allow a single registration
    request.session.pop('can_register', None)
    request.session.pop('needs_captcha', None)
    return HttpResponseRedirect(next_url)
    def delete(self, request, organization, member_id, team_slug):
        """
        Leave a team

        Leave a team.
        """
        try:
            om = self._get_member(request, organization, member_id)
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        if not self._can_access(request, om):
            return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400)

        try:
            team = Team.objects.get(
                organization=organization,
                slug=team_slug,
            )
        except Team.DoesNotExist:
            raise ResourceDoesNotExist

        try:
            omt = OrganizationMemberTeam.objects.get(
                team=team,
                organizationmember=om,
            )
        except OrganizationMemberTeam.DoesNotExist:
            # we need to create the row in order to handle superusers leaving a
            # team which they were never a member for (therefor there was never
            # a matching row)
            omt = OrganizationMemberTeam(
                team=team,
                organizationmember=om,
                # setting this to true ensures it gets saved below
                is_active=True,
            )

        if omt.is_active:
            omt.is_active = False
            omt.save()

            self.create_audit_entry(
                request=request,
                organization=organization,
                target_object=omt.id,
                target_user=om.user,
                event=AuditLogEntryEvent.MEMBER_LEAVE_TEAM,
                data=omt.get_audit_log_data(),
            )

        return Response(serialize(
            team, request.user, TeamWithProjectsSerializer()), status=200)
Ejemplo n.º 3
0
 def save_team_assignments(self, organization_member):
     OrganizationMemberTeam.objects.filter(organizationmember=organization_member).delete()
     OrganizationMemberTeam.objects.bulk_create([
         OrganizationMemberTeam(team=team,
                                organizationmember=organization_member)
         for team in self.cleaned_data['teams']
     ])
 def save_team_assignments(self, organization_member, teams):
     # teams may be empty
     OrganizationMemberTeam.objects.filter(
         organizationmember=organization_member).delete()
     OrganizationMemberTeam.objects.bulk_create([
         OrganizationMemberTeam(team=team,
                                organizationmember=organization_member)
         for team in teams
     ])
def sentry_update_team_member(team, organization_member):
    model = sentry_find_team_member(team, organization_member)
    existing = model is not None
    if not existing:
        model = OrganizationMemberTeam()
        model.organizationmember = organization_member
        model.team = team
        model.save()

    return model, existing
Ejemplo n.º 6
0
    def delete(self, request, organization, member_id, team_slug):
        """
        Leave a team

        Leave a team.
        """
        try:
            om = self._get_member(request, organization, member_id)
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        if not self._can_access(request, om):
            return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400)

        try:
            team = Team.objects.get(
                organization=organization,
                slug=team_slug,
            )
        except Team.DoesNotExist:
            raise ResourceDoesNotExist

        try:
            omt = OrganizationMemberTeam.objects.get(
                team=team,
                organizationmember=om,
            )
        except OrganizationMemberTeam.DoesNotExist:
            # we need to create the row in order to handle superusers leaving a
            # team which they were never a member for (therefor there was never
            # a matching row)
            omt = OrganizationMemberTeam(
                team=team,
                organizationmember=om,
                # setting this to true ensures it gets saved below
                is_active=True,
            )

        if omt.is_active:
            omt.is_active = False
            omt.save()

            self.create_audit_entry(
                request=request,
                organization=organization,
                target_object=omt.id,
                target_user=om.user,
                event=AuditLogEntryEvent.MEMBER_LEAVE_TEAM,
                data=omt.get_audit_log_data(),
            )

        return Response(serialize(team, request.user,
                                  TeamWithProjectsSerializer()),
                        status=200)
Ejemplo n.º 7
0
    def put(self, request: Request, organization, member_id) -> Response:
        try:
            om = self._get_member(request, organization, member_id)
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        serializer = OrganizationMemberSerializer(data=request.data,
                                                  partial=True)

        if not serializer.is_valid():
            return Response(status=400)

        try:
            auth_provider = AuthProvider.objects.get(organization=organization)
            auth_provider = auth_provider.get_provider()
        except AuthProvider.DoesNotExist:
            auth_provider = None

        allowed_roles = None
        result = serializer.validated_data

        # XXX(dcramer): if/when this expands beyond reinvite we need to check
        # access level
        if result.get("reinvite"):
            if om.is_pending:
                if ratelimits.for_organization_member_invite(
                        organization=organization,
                        email=om.email,
                        user=request.user,
                        auth=request.auth,
                ):
                    metrics.incr(
                        "member-invite.attempt",
                        instance="rate_limited",
                        skip_internal=True,
                        sample_rate=1.0,
                    )
                    return Response({"detail": ERR_RATE_LIMITED}, status=429)

                if result.get("regenerate"):
                    if request.access.has_scope("member:admin"):
                        om.regenerate_token()
                        om.save()
                    else:
                        return Response({"detail": ERR_INSUFFICIENT_SCOPE},
                                        status=400)
                if om.token_expired:
                    return Response({"detail": ERR_EXPIRED}, status=400)
                om.send_invite_email()
            elif auth_provider and not getattr(om.flags, "sso:linked"):
                om.send_sso_link_email(request.user, auth_provider)
            else:
                # TODO(dcramer): proper error message
                return Response({"detail": ERR_UNINVITABLE}, status=400)

        if "teams" in result:
            # dupe code from member_index
            # ensure listed teams are real teams
            teams = list(
                Team.objects.filter(organization=organization,
                                    status=TeamStatus.VISIBLE,
                                    slug__in=result["teams"]))

            if len(set(result["teams"])) != len(teams):
                return Response({"teams": "Invalid team"}, status=400)

            with transaction.atomic():
                # teams may be empty
                OrganizationMemberTeam.objects.filter(
                    organizationmember=om).delete()
                OrganizationMemberTeam.objects.bulk_create([
                    OrganizationMemberTeam(team=team, organizationmember=om)
                    for team in teams
                ])

        if result.get("role"):
            _, allowed_roles = get_allowed_roles(request, organization)
            allowed_role_ids = {r.id for r in allowed_roles}

            # A user cannot promote others above themselves
            if result["role"] not in allowed_role_ids:
                return Response(
                    {
                        "role":
                        "You do not have permission to assign the given role."
                    },
                    status=403)

            # A user cannot demote a superior
            if om.role not in allowed_role_ids:
                return Response(
                    {
                        "role":
                        "You do not have permission to assign a role to the given user."
                    },
                    status=403,
                )

            if om.user == request.user and (result["role"] != om.role):
                return Response(
                    {"detail": "You cannot make changes to your own role."},
                    status=400)

            om.update(role=result["role"])

        self.create_audit_entry(
            request=request,
            organization=organization,
            target_object=om.id,
            target_user=om.user,
            event=AuditLogEntryEvent.MEMBER_EDIT,
            data=om.get_audit_log_data(),
        )

        context = self._serialize_member(om, request, allowed_roles)

        return Response(context)
    def post(self, request, organization, member_id, team_slug):
        """
        Join a team

        Join or request access to a team.

        If the user is already a member of the team, this will simply return
        a 204.

        If the user needs permission to join the team, an access request will
        be generated and the returned status code will be 202.
        """
        try:
            om = self._get_member(request, organization, member_id)
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        if not self._can_access(request, om):
            return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400)

        try:
            team = Team.objects.get(
                organization=organization,
                slug=team_slug,
            )
        except Team.DoesNotExist:
            raise ResourceDoesNotExist

        if not om.has_global_access:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                )
            except OrganizationMemberTeam.DoesNotExist:
                # TODO(dcramer): this should create a pending request and
                # return a 202
                if not organization.flags.allow_joinleave:
                    omt, created = OrganizationAccessRequest.objects.get_or_create(
                        team=team,
                        member=om,
                    )
                    if created:
                        omt.send_request_email()
                    return Response(status=202)

                omt = OrganizationMemberTeam(
                    team=team,
                    organizationmember=om,
                    is_active=False,
                )

            if omt.is_active:
                return Response(status=204)
        else:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                )
            except OrganizationMemberTeam.DoesNotExist:
                # if the relationship doesnt exist, they're already a member
                return Response(status=204)

        omt.is_active = True
        omt.save()

        self.create_audit_entry(
            request=request,
            organization=organization,
            target_object=omt.id,
            target_user=om.user,
            event=AuditLogEntryEvent.MEMBER_JOIN_TEAM,
            data=omt.get_audit_log_data(),
        )

        return Response(serialize(
            team, request.user, TeamWithProjectsSerializer()), status=201)
    def delete(self, request, organization, member_id, team_slug):
        """
        Leave a team

        Leave a team.
        """
        try:
            om = self._get_member(request, organization, member_id)
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        if not self._can_access(request, om):
            return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400)

        try:
            team = Team.objects.get(
                organization=organization,
                slug=team_slug,
            )
        except Team.DoesNotExist:
            raise ResourceDoesNotExist

        if not om.has_global_access:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                )
            except OrganizationMemberTeam.DoesNotExist:
                # if the relationship doesnt exist, they're already a member
                return Response(serialize(
                    team, request.user, TeamWithProjectsSerializer()), status=200)
        else:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                    is_active=True,
                )
            except OrganizationMemberTeam.DoesNotExist:
                omt = OrganizationMemberTeam(
                    team=team,
                    organizationmember=om,
                    is_active=True,
                )

        if omt.is_active:
            omt.is_active = False
            omt.save()

            self.create_audit_entry(
                request=request,
                organization=organization,
                target_object=omt.id,
                target_user=om.user,
                event=AuditLogEntryEvent.MEMBER_LEAVE_TEAM,
                data=omt.get_audit_log_data(),
            )

        return Response(serialize(
            team, request.user, TeamWithProjectsSerializer()), status=200)
    def put(self, request, organization, member_id):
        try:
            om = self._get_member(request, organization, member_id)
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        serializer = OrganizationMemberSerializer(data=request.DATA,
                                                  partial=True)

        if not serializer.is_valid():
            return Response(status=400)

        try:
            auth_provider = AuthProvider.objects.get(organization=organization)
            auth_provider = auth_provider.get_provider()
        except AuthProvider.DoesNotExist:
            auth_provider = None

        allowed_roles = None
        result = serializer.object

        # XXX(dcramer): if/when this expands beyond reinvite we need to check
        # access level
        if result.get('reinvite'):
            if om.is_pending:
                if result.get('regenerate'):
                    if request.access.has_scope('member:admin'):
                        om.update(token=om.generate_token())
                    else:
                        return Response({'detail': ERR_INSUFFICIENT_SCOPE},
                                        status=400)

                om.send_invite_email()
            elif auth_provider and not getattr(om.flags, 'sso:linked'):
                om.send_sso_link_email(request.user, auth_provider)
            else:
                # TODO(dcramer): proper error message
                return Response({'detail': ERR_UNINVITABLE}, status=400)
        if auth_provider:
            sso_enabled.send(organization=organization, sender=request.user)

        if result.get('teams'):
            # dupe code from member_index
            # ensure listed teams are real teams
            teams = list(
                Team.objects.filter(
                    organization=organization,
                    status=TeamStatus.VISIBLE,
                    slug__in=result['teams'],
                ))

            if len(set(result['teams'])) != len(teams):
                return Response({'teams': 'Invalid team'}, status=400)

            with transaction.atomic():
                # teams may be empty
                OrganizationMemberTeam.objects.filter(
                    organizationmember=om).delete()
                OrganizationMemberTeam.objects.bulk_create([
                    OrganizationMemberTeam(team=team, organizationmember=om)
                    for team in teams
                ])

        if result.get('role'):
            _, allowed_roles = get_allowed_roles(request, organization)
            if not result['role'] in {r.id for r in allowed_roles}:
                return Response(
                    {
                        'role':
                        'You do not have permission to invite that role.'
                    },
                    status=403)
            om.update(role=result['role'])

        context = self._serialize_member(om, request, allowed_roles)

        return Response(context)
Ejemplo n.º 11
0
    def put(self, request, organization, member_id):
        try:
            om = self._get_member(request, organization, member_id)
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        serializer = OrganizationMemberSerializer(
            data=request.DATA, partial=True)

        if not serializer.is_valid():
            return Response(status=400)

        try:
            auth_provider = AuthProvider.objects.get(organization=organization)
            auth_provider = auth_provider.get_provider()
        except AuthProvider.DoesNotExist:
            auth_provider = None

        allowed_roles = None
        result = serializer.object

        # XXX(dcramer): if/when this expands beyond reinvite we need to check
        # access level
        if result.get('reinvite'):
            if om.is_pending:
                if result.get('regenerate'):
                    if request.access.has_scope('member:admin'):
                        om.update(token=om.generate_token())
                    else:
                        return Response({'detail': ERR_INSUFFICIENT_SCOPE}, status=400)

                om.send_invite_email()
            elif auth_provider and not getattr(om.flags, 'sso:linked'):
                om.send_sso_link_email(request.user, auth_provider)
            else:
                # TODO(dcramer): proper error message
                return Response({'detail': ERR_UNINVITABLE}, status=400)

        if result.get('teams'):
            # dupe code from member_index
            # ensure listed teams are real teams
            teams = list(Team.objects.filter(
                organization=organization,
                status=TeamStatus.VISIBLE,
                slug__in=result['teams'],
            ))

            if len(set(result['teams'])) != len(teams):
                return Response({'teams': 'Invalid team'}, status=400)

            with transaction.atomic():
                # teams may be empty
                OrganizationMemberTeam.objects.filter(
                    organizationmember=om).delete()
                OrganizationMemberTeam.objects.bulk_create(
                    [
                        OrganizationMemberTeam(
                            team=team, organizationmember=om)
                        for team in teams
                    ]
                )

        if result.get('role'):
            _, allowed_roles = get_allowed_roles(request, organization)
            allowed_role_ids = {r.id for r in allowed_roles}

            # A user cannot promote others above themselves
            if result['role'] not in allowed_role_ids:
                return Response(
                    {'role': 'You do not have permission to assign the given role.'}, status=403)

            # A user cannot demote a superior
            if om.role not in allowed_role_ids:
                return Response(
                    {'role': 'You do not have permission to assign a role to the given user.'}, status=403)

            if om.user == request.user and (result['role'] != om.role):
                return Response(
                    {'detail': 'You cannot make changes to your own role.'}, status=400)

            om.update(role=result['role'])

        self.create_audit_entry(
            request=request,
            organization=organization,
            target_object=om.id,
            target_user=om.user,
            event=AuditLogEntryEvent.MEMBER_EDIT,
            data=om.get_audit_log_data(),
        )

        context = self._serialize_member(om, request, allowed_roles)

        return Response(context)
Ejemplo n.º 12
0
    def post(self, request, organization, member_id, team_slug):
        """
        Join a team

        Join or request access to a team.

        If the user is already a member of the team, this will simply return
        a 204.

        If the user needs permission to join the team, an access request will
        be generated and the returned status code will be 202.
        """
        try:
            om = OrganizationMember.objects.filter(
                organization=organization,
                id=member_id,
            ).select_related('user').get()
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        if not self._can_access(request, om):
            return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400)

        try:
            team = Team.objects.get(
                organization=organization,
                slug=team_slug,
            )
        except Team.DoesNotExist:
            raise ResourceDoesNotExist

        if not om.has_global_access:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                )
            except OrganizationMemberTeam.DoesNotExist:
                # TODO(dcramer): this should create a pending request and
                # return a 202
                if not organization.flags.allow_joinleave:
                    omt, created = OrganizationAccessRequest.objects.get_or_create(
                        team=team,
                        member=om,
                    )
                    if created:
                        omt.send_request_email()
                    return Response(status=202)

                omt = OrganizationMemberTeam(
                    team=team,
                    organizationmember=om,
                    is_active=False,
                )

            if omt.is_active:
                return Response(status=204)
        else:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                )
            except OrganizationMemberTeam.DoesNotExist:
                # if the relationship doesnt exist, they're already a member
                return Response(status=204)

        omt.is_active = True
        omt.save()

        AuditLogEntry.objects.create(
            organization=organization,
            actor=request.user,
            ip_address=request.META['REMOTE_ADDR'],
            target_object=omt.id,
            target_user=request.user,
            event=AuditLogEntryEvent.MEMBER_JOIN_TEAM,
            data=omt.get_audit_log_data(),
        )

        return Response(serialize(team), status=201)
Ejemplo n.º 13
0
    def delete(self, request, organization, member_id, team_slug):
        """
        Leave a team

        Leave a team.
        """
        try:
            om = OrganizationMember.objects.filter(
                organization=organization,
                id=member_id,
            ).select_related('user').get()
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        if not self._can_access(request, om):
            return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400)

        try:
            team = Team.objects.get(
                organization=organization,
                slug=team_slug,
            )
        except Team.DoesNotExist:
            raise ResourceDoesNotExist

        if not om.has_global_access:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                )
            except OrganizationMemberTeam.DoesNotExist:
                # if the relationship doesnt exist, they're already a member
                return Response(status=204)
        else:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                    is_active=True,
                )
            except OrganizationMemberTeam.DoesNotExist:
                omt = OrganizationMemberTeam(
                    team=team,
                    organizationmember=om,
                    is_active=True,
                )

        if omt.is_active:
            omt.is_active = False
            omt.save()

            AuditLogEntry.objects.create(
                organization=organization,
                actor=request.user,
                ip_address=request.META['REMOTE_ADDR'],
                target_object=omt.id,
                target_user=request.user,
                event=AuditLogEntryEvent.MEMBER_LEAVE_TEAM,
                data=omt.get_audit_log_data(),
            )

        return Response(status=204)
Ejemplo n.º 14
0
    def delete(self, request, organization, member_id, team_slug):
        """
        Leave a team

        Leave a team.
        """
        try:
            om = self._get_member(request, organization, member_id)
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        if not self._can_access(request, om):
            return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400)

        try:
            team = Team.objects.get(
                organization=organization,
                slug=team_slug,
            )
        except Team.DoesNotExist:
            raise ResourceDoesNotExist

        if not om.has_global_access:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                )
            except OrganizationMemberTeam.DoesNotExist:
                # if the relationship doesnt exist, they're already a member
                return Response(serialize(team, request.user,
                                          TeamWithProjectsSerializer()),
                                status=200)
        else:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                    is_active=True,
                )
            except OrganizationMemberTeam.DoesNotExist:
                omt = OrganizationMemberTeam(
                    team=team,
                    organizationmember=om,
                    is_active=True,
                )

        if omt.is_active:
            omt.is_active = False
            omt.save()

            self.create_audit_entry(
                request=request,
                organization=organization,
                target_object=omt.id,
                target_user=om.user,
                event=AuditLogEntryEvent.MEMBER_LEAVE_TEAM,
                data=omt.get_audit_log_data(),
            )

        return Response(serialize(team, request.user,
                                  TeamWithProjectsSerializer()),
                        status=200)
    def delete(self, request, organization, member_id, team_slug):
        """
        Leave a team

        Leave a team.
        """
        try:
            om = OrganizationMember.objects.filter(
                organization=organization,
                id=member_id,
            ).select_related('user').get()
        except OrganizationMember.DoesNotExist:
            raise ResourceDoesNotExist

        if not self._can_access(request, om):
            return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400)

        try:
            team = Team.objects.get(
                organization=organization,
                slug=team_slug,
            )
        except Team.DoesNotExist:
            raise ResourceDoesNotExist

        if not om.has_global_access:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                )
            except OrganizationMemberTeam.DoesNotExist:
                # if the relationship doesnt exist, they're already a member
                return Response(status=204)
        else:
            try:
                omt = OrganizationMemberTeam.objects.get(
                    team=team,
                    organizationmember=om,
                    is_active=True,
                )
            except OrganizationMemberTeam.DoesNotExist:
                omt = OrganizationMemberTeam(
                    team=team,
                    organizationmember=om,
                    is_active=True,
                )

        if omt.is_active:
            omt.is_active = False
            omt.save()

            AuditLogEntry.objects.create(
                organization=organization,
                actor=request.user,
                ip_address=request.META['REMOTE_ADDR'],
                target_object=omt.id,
                target_user=request.user,
                event=AuditLogEntryEvent.MEMBER_LEAVE_TEAM,
                data=omt.get_audit_log_data(),
            )

        return Response(status=204)