def deletedestination(self, destinationid):
"Delete destination server"
server = self._get_server(destinationid)
if not server:
abort(404)
c.form = AddDeliveryServerForm(request.POST,
server,
csrf_context=session)
if request.POST and c.form.validate():
name = server.domains.name
server_addr = server.address
domainid = server.domain_id
Session.delete(server)
Session.commit()
flash(_('The destination server has been deleted'))
info = DELETEDELSVR_MSG % dict(d=name, ds=server_addr)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
redirect(url('domain-detail', domainid=domainid))
else:
flash(
_('The destination server: %(s)s will be deleted,'
' This action is not reversible') % dict(s=server.address))
c.id = destinationid
c.domainid = server.domain_id
return render('/domains/deletedestination.html')
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
c.form.domains.query = Session.query(Domain)
if request.POST and c.form.validate():
username = user.username
Session.delete(user)
Session.commit()
update_serial.delay()
flash(_('The account has been deleted'))
info = DELETEACCOUNT_MSG % dict(u=username)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
if userid == c.user.id:
redirect(url('/logout'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(
_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/delete.html')
def delete(self, orgid):
"Delete an organization"
org = self._get_org(orgid)
if not org:
abort(404)
c.form = DelOrgForm(request.POST, org, csrf_context=session)
c.form.domains.query = Session.query(Domain)
c.form.admins.query = Session.query(User).filter(
User.account_type == 2)
c.id = org.id
if request.POST and c.form.validate():
org_name = org.name
if c.form.delete_domains.data:
for domain in org.domains:
Session.delete(domain)
Session.delete(org)
Session.commit()
info = DELETEORG_MSG % dict(o=org_name)
audit_log(c.user.username,
4, info, request.host,
request.remote_addr, datetime.now())
flash(_('The organization has been deleted'))
redirect(url(controller='organizations'))
else:
flash(_('The organization: %(s)s will be deleted,'
' This action is not reversible') % dict(s=org.name))
return render('/organizations/delete.html')
def delete_auth(self, authid):
"Delete auth server"
server = self._get_authserver(authid)
if not server:
abort(404)
c.form = AddAuthForm(request.POST, server, csrf_context=session)
if request.POST and c.form.validate():
name = server.domains.name
server_addr = server.address
domainid = server.domains.id
Session.delete(server)
Session.commit()
flash(_("The authentication settings have been deleted"))
info = DELETEAUTHSVR_MSG % dict(d=name, ds=server_addr)
audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now())
redirect(url("domain-detail", domainid=domainid))
else:
flash(
_("The authentication server: %(s)s will be deleted," " This action is not reversible")
% dict(s=server.address)
)
c.domainid = server.domains.id
c.domainname = server.domains.name
c.authid = authid
return render("/domains/deleteauth.html")
def delete(self, orgid):
"Delete an organization"
org = self._get_org(orgid)
if not org:
abort(404)
c.form = DelOrgForm(request.POST, org, csrf_context=session)
c.form.domains.query = Session.query(Domain)
c.form.admins.query = Session.query(User).filter(
User.account_type == 2)
c.id = org.id
if request.POST and c.form.validate():
org_name = org.name
if c.form.delete_domains.data:
for domain in org.domains:
Session.delete(domain)
Session.delete(org)
Session.commit()
info = DELETEORG_MSG % dict(o=org_name)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, datetime.now())
flash(_('The organization has been deleted'))
redirect(url(controller='organizations'))
else:
flash(
_('The organization: %(s)s will be deleted,'
' This action is not reversible') % dict(s=org.name))
return render('/organizations/delete.html')
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
del c.form.domains
if request.POST and c.form.validate():
username = user.username
user_id = unicode(user.id)
Session.delete(user)
Session.commit()
update_serial.delay()
flash(_('The account has been deleted'))
info = DELETEACCOUNT_MSG % dict(u=username)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, now())
if userid == user_id:
redirect(url('/logout'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/delete.html')
def deletealias(self, aliasid):
"Delete alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = AddDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain)\
.filter(Domain.id==alias.domain_id)
if request.POST and c.form.validate():
domainid = alias.domain_id
aliasname = alias.name
Session.delete(alias)
Session.commit()
update_serial.delay()
info = DELETEDOMALIAS_MSG % dict(d=aliasname)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The domain alias: %s has been deleted') % aliasname)
redirect(url('domain-detail', domainid=domainid))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return render('/domains/deletealias.html')
def deletealias(self, aliasid):
"Delete alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = DelDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain)\
.filter(Domain.id==alias.domain_id)
if request.POST and c.form.validate():
domainid = alias.domain_id
aliasname = alias.name
Session.delete(alias)
Session.commit()
update_serial.delay()
info = DELETEDOMALIAS_MSG % dict(d=aliasname)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, now())
flash(_('The domain alias: %s has been deleted') % aliasname)
redirect(url('domain-detail', domainid=domainid))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return render('/domains/deletealias.html')
def deletedestination(self, destinationid):
"Delete destination server"
server = self._get_server(destinationid)
if not server:
abort(404)
c.form = AddDeliveryServerForm(request.POST,
server,
csrf_context=session)
if request.POST and c.form.validate():
name = server.domains.name
server_addr = server.address
domainid = server.domain_id
Session.delete(server)
Session.commit()
flash(_('The destination server has been deleted'))
info = DELETEDELSVR_MSG % dict(d=name, ds=server_addr)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, now())
redirect(url('domain-detail', domainid=domainid))
else:
flash(_('The destination server: %(s)s will be deleted,'
' This action is not reversible') % dict(s=server.address))
c.id = destinationid
c.domainid = server.domain_id
return render('/domains/deletedestination.html')
def delete_auth(self, authid):
"Delete auth server"
server = self._get_authserver(authid)
if not server:
abort(404)
c.form = AddAuthForm(request.POST, server, csrf_context=session)
if request.POST and c.form.validate():
name = server.domains.name
server_addr = server.address
domainid = server.domains.id
Session.delete(server)
Session.commit()
flash(_('The authentication settings have been deleted'))
info = DELETEAUTHSVR_MSG % dict(d=name, ds=server_addr)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
redirect(url('domain-detail', domainid=domainid))
else:
flash(
_('The authentication server: %(s)s will be deleted,'
' This action is not reversible') % dict(s=server.address))
c.domainid = server.domains.id
c.domainname = server.domains.name
c.authid = authid
return render('/domains/deleteauth.html')
def confirm_delete(self):
"Confirm bulk delete of domains"
domainids = session.get('bulk_domain_delete', [])
if not domainids:
redirect(url(controller='domains', action='index'))
num_items = 10
if len(domainids) > num_items and len(domainids) <= 20:
num_items = 20
if len(domainids) > num_items and len(domainids) <= 50:
num_items = 50
if len(domainids) > num_items and len(domainids) <= 100:
num_items = 100
domains = Session.query(Domain).filter(Domain.id.in_(domainids))\
.options(joinedload('organizations'))
domcount = Session.query(Domain.id).filter(Domain.id.in_(domainids))
if c.user.is_domain_admin:
domains = domains.join(domain_owners,
(oa,
domain_owners.c.organization_id ==
oa.c.organization_id))\
.filter(oa.c.user_id == c.user.id)
domcount = domcount.join(domain_owners,
(oa, domain_owners.c.organization_id ==
oa.c.organization_id))\
.filter(oa.c.user_id == c.user.id)
if request.POST:
tasks = []
for domain in domains.all():
info = DELETEDOMAIN_MSG % dict(d=domain.name)
tasks.append((c.user.username,
4, unicode(info), request.host,
request.remote_addr,
now()))
Session.delete(domain)
Session.commit()
del session['bulk_domain_delete']
session.save()
for task in tasks:
audit_log(*task)
flash(_('The domains have been deleted'))
redirect(url(controller='domains'))
else:
flash(_('The following domains are about to be deleted,'
' this action is not reversible, Do you wish to'
' continue ?'))
try:
c.page = paginate.Page(domains, page=1,
items_per_page=num_items,
item_count=domcount.count())
except DataError:
flash_alert(_('An error occured try again'))
redirect(url(controller='domains', action='index'))
return render('/domains/confirmbulkdel.html')
def confirm_delete(self):
"Confirm bulk delete of domains"
domainids = session.get('bulk_domain_delete', [])
if not domainids:
redirect(url(controller='domains', action='index'))
num_items = 10
if len(domainids) > num_items and len(domainids) <= 20:
num_items = 20
if len(domainids) > num_items and len(domainids) <= 50:
num_items = 50
if len(domainids) > num_items and len(domainids) <= 100:
num_items = 100
domains = Session.query(Domain).filter(Domain.id.in_(domainids))\
.options(joinedload('organizations'))
domcount = Session.query(Domain.id).filter(Domain.id.in_(domainids))
if c.user.is_domain_admin:
domains = domains.join(domain_owners,
(oa,
domain_owners.c.organization_id ==
oa.c.organization_id))\
.filter(oa.c.user_id == c.user.id)
domcount = domcount.join(domain_owners,
(oa, domain_owners.c.organization_id ==
oa.c.organization_id))\
.filter(oa.c.user_id == c.user.id)
if request.POST:
tasks = []
for domain in domains.all():
info = DELETEDOMAIN_MSG % dict(d=domain.name)
tasks.append((c.user.username, 4, info, request.host,
request.remote_addr, now()))
Session.delete(domain)
Session.commit()
del session['bulk_domain_delete']
session.save()
for task in tasks:
audit_log(*task)
flash(_('The domains have been deleted'))
redirect(url(controller='domains'))
else:
flash(
_('The following domains are about to be deleted,'
' this action is not reversible, Do you wish to'
' continue ?'))
try:
c.page = paginate.Page(domains,
page=1,
items_per_page=num_items,
item_count=domcount.count())
except DataError:
flash_alert(_('An error occured try again'))
redirect(url(controller='domains', action='index'))
return render('/domains/confirmbulkdel.html')
def delete_stored(self, filterid, format=None):
"Delete a saved dilter"
savedfilter = self._get_filter(filterid)
if not savedfilter:
abort(404)
Session.delete(savedfilter)
Session.commit()
if format == 'json':
response.headers['Content-Type'] = JSON_HEADER
self.invalidate = True
return json.dumps(self._get_data(format, True, {}))
flash(_("The filter has been deleted"))
redirect(url('toplevel', controller='reports'))
def delete_stored(self, filterid, format=None):
"Delete a saved dilter"
savedfilter = self._get_filter(filterid)
if not savedfilter:
abort(404)
Session.delete(savedfilter)
Session.commit()
if format == 'json':
response.headers['Content-Type'] = JSON_HEADER
self.invalidate = True
return json.dumps(self._get_data(format, True, {}))
flash(_("The filter has been deleted"))
redirect(url('toplevel', controller='reports'))
def delete_domain_sigs(self, sigid):
"Delete domain signature"
sign = self._get_domsign(sigid)
if not sign:
abort(404)
c.form = SigForm(request.POST, sign, csrf_context=session)
signature_type = c.form.signature_type.data
del c.form['signature_type']
if request.method == 'POST' and c.form.validate():
domain = sign.domain
files = []
basedir = config.get('ms.signatures.base',
'/etc/MailScanner/signatures')
if sign.signature_type == 1:
sigfile = os.path.join(basedir,
'domains',
domain.name,
'sig.txt')
files.append(sigfile)
else:
if sign.image:
for imgobj in sign.image:
imgfile = os.path.join(basedir,
'domains',
domain.name,
imgobj.name)
files.append(imgfile)
sigfile = os.path.join(basedir, 'domains',
domain.name,
'sig.html')
files.append(sigfile)
Session.delete(sign)
Session.commit()
if not domain.signatures:
sigfile = os.path.join(basedir, 'domains', domain.name)
files.append(sigfile)
for alias in domain.aliases:
sigfile = os.path.join(basedir, 'domains', alias.name)
files.append(sigfile)
delete_sig.apply_async(args=[files], exchange=FANOUT_XCHG)
backend_sig_update(signature_type)
info = auditmsgs.DELETEDOMSIG_MSG % dict(d=domain.name)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, arrow.utcnow().datetime)
flash(_('The signature has been deleted'))
redirect(url('domain-settings-sigs', domainid=domain.id))
c.sign = sign
return self.render('/settings/domain_deletesig.html')
def list_delete(self, listid):
"Delete a list item"
item = get_listitem(listid)
if not item:
abort(404)
if c.user.account_type != 1 and c.user.id != item.user_id:
abort(403)
c.form = list_forms[c.user.account_type](request.POST,
item,
csrf_context=session)
if not c.user.is_superadmin:
del c.form.add_to_alias
if c.user.is_domain_admin:
orgs = [group.id for group in c.user.organizations]
query = Session.query(Domain.name).join(domain_owners)\
.filter(domain_owners.c.organization_id.in_(orgs))
options = [(domain.name, domain.name) for domain in query]
# options.insert(0, ('any', _('All domains')))
c.form.to_domain.choices = options
if c.user.is_peleb:
query = self._user_addresses()
options = [(addr.email, addr.email) for addr in query]
c.form.to_address.choices = options
c.id = item.id
if request.method == 'POST' and c.form.validate():
if item.list_type == 1:
listname = _('Approved senders')
else:
listname = _('Banned senders')
name = item.from_address
list_type = item.list_type
Session.delete(item)
Session.commit()
update_lists_backend(list_type)
info = auditmsgs.LISTDEL_MSG % dict(s=name, l=listname)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, arrow.utcnow().datetime)
flash(_('The item has been deleted'))
if not request.is_xhr:
redirect(url(controller='lists'))
else:
c.delflag = True
return self.render('/lists/delete.html')
def list_delete(self, listid):
"Delete a list item"
item = get_listitem(listid)
if not item:
abort(404)
if c.user.account_type != 1 and c.user.id != item.user_id:
abort(403)
c.form = list_forms[c.user.account_type](request.POST,
item,
csrf_context=session)
if not c.user.is_superadmin:
del c.form.add_to_alias
if c.user.is_domain_admin:
orgs = [group.id for group in c.user.organizations]
query = Session.query(Domain.name).join(domain_owners)\
.filter(domain_owners.c.organization_id.in_(orgs))
options = [(domain.name, domain.name) for domain in query]
# options.insert(0, ('any', _('All domains')))
c.form.to_domain.choices = options
if c.user.is_peleb:
query = self._user_addresses()
options = [(addr.email, addr.email) for addr in query]
c.form.to_address.choices = options
c.id = item.id
if request.method == 'POST' and c.form.validate():
if item.list_type == 1:
listname = _('Approved senders')
else:
listname = _('Banned senders')
name = item.from_address
list_type = item.list_type
Session.delete(item)
Session.commit()
update_lists_backend(list_type)
info = auditmsgs.LISTDEL_MSG % dict(s=name, l=listname)
audit_log(c.user.username, 4, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
flash(_('The item has been deleted'))
if not request.is_xhr:
redirect(url(controller='lists'))
else:
c.delflag = True
return self.render('/lists/delete.html')
def delete_domain_sigs(self, sigid):
"Delete domain signature"
sign = self._get_domsign(sigid)
if not sign:
abort(404)
c.form = SigForm(request.POST, sign, csrf_context=session)
del c.form['signature_type']
if request.POST and c.form.validate():
domain_id = sign.domain_id
domain_name = sign.domain.name
files = []
basedir = config.get('ms.signatures.base',
'/etc/MailScanner/signatures')
if sign.signature_type == 1:
domain = self._get_domain(domain_id)
if domain:
sigfile = os.path.join(basedir,
'domains',
domain.name,
'sig.txt')
files.append(sigfile)
else:
if sign.image:
imgfile = os.path.join(basedir,
'domains',
domain.name,
sign.image.name)
files.append(imgfile)
sigfile = os.path.join(basedir, 'domains',
domain.name,
'sig.html')
files.append(sigfile)
Session.delete(sign)
Session.commit()
delete_sig.apply_async(args=[files], queue='msbackend')
info = DELETEDOMSIG_MSG % dict(d=domain_name)
audit_log(c.user.username,
4, info, request.host,
request.remote_addr, datetime.now())
flash(_('The signature has been deleted'))
redirect(url('domain-settings-sigs', domainid=domain_id))
c.sign = sign
return render('/settings/domain_deletesig.html')
def delete_account_sigs(self, sigid):
"Delete account signatures"
sign = self._get_usrsign(sigid)
if not sign:
abort(404)
c.form = SigForm(request.POST, sign, csrf_context=session)
del c.form['signature_type']
if request.POST and c.form.validate():
user_id = sign.user_id
user_name = sign.user.username
files = []
basedir = config.get('ms.signatures.base',
'/etc/MailScanner/signatures')
if sign.signature_type == 1:
user = self._get_user(user_id)
if user:
sigfile = os.path.join(basedir,
'users',
user.username,
'sig.txt')
files.append(sigfile)
else:
if sign.image:
imgfile = os.path.join(basedir,
'users',
user.username,
sign.image.name)
files.append(imgfile)
sigfile = os.path.join(basedir, 'users',
user.username,
'sig.html')
files.append(sigfile)
Session.delete(sign)
Session.commit()
delete_sig.apply_async(args=[files], queue='msbackend')
info = DELETEACCSIG_MSG % dict(u=user_name)
audit_log(c.user.username,
4, info, request.host,
request.remote_addr, datetime.now())
flash(_('The signature has been deleted'))
redirect(url('account-detail', userid=user_id))
c.sign = sign
return render('/settings/account_deletesig.html')
def delete_server(self, serverid):
"Delete a scan server"
server = self._get_server(serverid)
if not server:
abort(404)
c.form = ServerForm(request.POST, server, csrf_context=session)
c.id = server.id
if request.POST and c.form.validate():
hostname = server.hostname
Session.delete(server)
Session.commit()
update_serial.delay()
info = HOSTDELETE_MSG % dict(n=hostname)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The scanning server has been deleted'))
redirect(url(controller='settings'))
return render('/settings/deleteserver.html')
def delete_server(self, serverid):
"Delete a scan server"
server = self._get_server(serverid)
if not server:
abort(404)
c.form = ServerForm(request.POST, server, csrf_context=session)
c.id = server.id
if request.POST and c.form.validate():
hostname = server.hostname
Session.delete(server)
Session.commit()
update_serial.delay()
info = HOSTDELETE_MSG % dict(n=hostname)
audit_log(c.user.username,
4, info, request.host,
request.remote_addr, datetime.now())
flash(_('The scanning server has been deleted'))
redirect(url(controller='settings'))
return render('/settings/deleteserver.html')
def pwtokenreset(self, token):
"""Reset password using token"""
try:
token = Session.query(ResetToken)\
.filter(ResetToken.token == token)\
.filter(ResetToken.used == false()).one()
threshold = token.timestamp + timedelta(minutes=20)
if arrow.utcnow().datetime > threshold:
Session.delete(token)
Session.commit()
raise NoResultFound
user = self._get_user(token.user_id)
if not user or user.is_superadmin:
raise NoResultFound
passwd = mkpasswd()
user.set_password(passwd)
Session.add(user)
Session.delete(token)
Session.commit()
c.passwd = passwd
c.firstname = user.firstname or user.username
text = self.render('/email/pwchanged.txt')
mailer = Mailer(get_conf_options(config))
mailer.start()
sdrnme = config.get('baruwa.custom.name', 'Baruwa')
email = Msg(author=[(sdrnme, config.get('baruwa.reports.sender'))],
to=[('', user.email)],
subject=_("[%s] Password reset") % sdrnme)
email.plain = text
mailer.send(email)
mailer.stop()
flash(
_('The password has been reset, check your email for'
' the temporary password you should use to login.'))
except NoResultFound:
msg = _('The token used is invalid or does not exist')
flash_alert(msg)
log.info(msg)
redirect(url('/accounts/login'))
def delete_relay(self, settingid):
"Delete a mail relay"
relay = self._get_setting(settingid)
if not relay:
abort(404)
c.form = RelayForm(request.POST, relay, csrf_context=session)
c.relayname = relay.address or relay.username
c.relayid = relay.id
c.orgid = relay.org_id
if request.POST and c.form.validate():
orgid = relay.organization_id
try:
Session.delete(relay)
Session.commit()
info = DELETERELAY_MSG % dict(r=c.relayname)
audit_log(c.user.username, 4, info, request.host, request.remote_addr, now())
flash(_("The outbound settings have been deleted"))
except:
flash(_("The outbound settings could not be deleted"))
redirect(url("org-detail", orgid=orgid))
return render("/organizations/deleterelay.html")
def pwtokenreset(self, token):
"""Reset password using token"""
try:
token = Session.query(ResetToken)\
.filter(ResetToken.token == token)\
.filter(ResetToken.used == false()).one()
threshold = token.timestamp + timedelta(minutes=20)
if arrow.utcnow().datetime > threshold:
Session.delete(token)
Session.commit()
raise NoResultFound
user = self._get_user(token.user_id)
if not user or user.is_superadmin:
raise NoResultFound
passwd = mkpasswd()
user.set_password(passwd)
Session.add(user)
Session.delete(token)
Session.commit()
c.passwd = passwd
c.firstname = user.firstname or user.username
text = self.render('/email/pwchanged.txt')
mailer = Mailer(get_conf_options(config))
mailer.start()
sdrnme = config.get('baruwa.custom.name', 'Baruwa')
email = Msg(author=[(sdrnme,
config.get('baruwa.reports.sender'))],
to=[('', user.email)],
subject=_("[%s] Password reset") % sdrnme)
email.plain = text
mailer.send(email)
mailer.stop()
flash(_('The password has been reset, check your email for'
' the temporary password you should use to login.'))
except NoResultFound:
msg = _('The token used is invalid or does not exist')
flash_alert(msg)
log.info(msg)
redirect(url('/accounts/login'))
def delete_account_sigs(self, sigid):
"Delete account signatures"
sign = self._get_usrsign(sigid)
if not sign:
abort(404)
c.form = SigForm(request.POST, sign, csrf_context=session)
del c.form['signature_type']
if request.POST and c.form.validate():
user_id = sign.user_id
user_name = sign.user.username
files = []
basedir = config.get('ms.signatures.base',
'/etc/MailScanner/signatures')
if sign.signature_type == 1:
user = self._get_user(user_id)
if user:
sigfile = os.path.join(basedir, 'users', user.username,
'sig.txt')
files.append(sigfile)
else:
if sign.image:
imgfile = os.path.join(basedir, 'users', user.username,
sign.image.name)
files.append(imgfile)
sigfile = os.path.join(basedir, 'users', user.username,
'sig.html')
files.append(sigfile)
Session.delete(sign)
Session.commit()
delete_sig.apply_async(args=[files], queue='msbackend')
info = DELETEACCSIG_MSG % dict(u=user_name)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The signature has been deleted'))
redirect(url('account-detail', userid=user_id))
c.sign = sign
return render('/settings/account_deletesig.html')
def delete_domain_sigs(self, sigid):
"Delete domain signature"
sign = self._get_domsign(sigid)
if not sign:
abort(404)
c.form = SigForm(request.POST, sign, csrf_context=session)
del c.form['signature_type']
if request.POST and c.form.validate():
domain_id = sign.domain_id
domain_name = sign.domain.name
files = []
basedir = config.get('ms.signatures.base',
'/etc/MailScanner/signatures')
if sign.signature_type == 1:
domain = self._get_domain(domain_id)
if domain:
sigfile = os.path.join(basedir, 'domains', domain.name,
'sig.txt')
files.append(sigfile)
else:
if sign.image:
imgfile = os.path.join(basedir, 'domains', domain.name,
sign.image.name)
files.append(imgfile)
sigfile = os.path.join(basedir, 'domains', domain.name,
'sig.html')
files.append(sigfile)
Session.delete(sign)
Session.commit()
delete_sig.apply_async(args=[files], queue='msbackend')
info = DELETEDOMSIG_MSG % dict(d=domain_name)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The signature has been deleted'))
redirect(url('domain-settings-sigs', domainid=domain_id))
c.sign = sign
return render('/settings/domain_deletesig.html')
def delete(self, domainid):
"Delete a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainForm(request.POST, domain, csrf_context=session)
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
name = domain.name
Session.delete(domain)
Session.commit()
update_serial.delay()
info = DELETEDOMAIN_MSG % dict(d=name)
audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now())
flash(_("The domain has been deleted"))
redirect(url(controller="domains"))
else:
flash(
_("The domain: %(name)s and all associated data will" " be deleted, This action cannot be reversed.")
% dict(name=domain.name)
)
return render("/domains/delete.html")
def delete_relay(self, settingid):
"Delete a mail relay"
relay = self._get_setting(settingid)
if not relay:
abort(404)
c.form = RelayForm(request.POST, relay, csrf_context=session)
c.relayname = relay.address or relay.username
c.relayid = relay.id
c.orgid = relay.org_id
if request.POST and c.form.validate():
orgid = relay.organization_id
try:
Session.delete(relay)
Session.commit()
info = DELETERELAY_MSG % dict(r=c.relayname)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, datetime.now())
flash(_('The outbound settings have been deleted'))
except:
flash(_('The outbound settings could not be deleted'))
redirect(url('org-detail', orgid=orgid))
return render('/organizations/deleterelay.html')
def deleteaddress(self, addressid):
"Delete address"
address = self._get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.POST and c.form.validate():
user_id = address.user_id
addr = address.address
username = address.user.username
Session.delete(address)
Session.commit()
update_serial.delay()
info = ADDRDELETE_MSG % dict(a=addr, ac=username)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The address has been deleted'))
redirect(
url(controller='accounts', action='detail', userid=user_id))
c.id = addressid
c.userid = address.user_id
return render('/accounts/deleteaddress.html')
def deleteaddress(self, addressid):
"Delete address"
address = self._get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.POST and c.form.validate():
user_id = address.user_id
addr = address.address
username = address.user.username
Session.delete(address)
Session.commit()
update_serial.delay()
info = ADDRDELETE_MSG % dict(a=addr, ac=username)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, now())
flash(_('The address has been deleted'))
redirect(url(controller='accounts', action='detail',
userid=user_id))
c.id = addressid
c.userid = address.user_id
return render('/accounts/deleteaddress.html')
def delete(self, domainid):
"Delete a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainForm(request.POST, domain, csrf_context=session)
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
name = domain.name
Session.delete(domain)
Session.commit()
update_serial.delay()
info = DELETEDOMAIN_MSG % dict(d=name)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The domain has been deleted'))
redirect(url(controller='domains'))
else:
flash(
_('The domain: %(name)s and all associated data will'
' be deleted, This action cannot be reversed.') %
dict(name=domain.name))
return render('/domains/delete.html')
def confirm_delete(self):
"Confirm mass delete"
accountids = session.get('bulk_account_delete', [])
if not accountids:
redirect(url(controller='accounts', action='index'))
num_items = 10
if len(accountids) > num_items and len(accountids) <= 20:
num_items = 20
if len(accountids) > num_items and len(accountids) <= 50:
num_items = 50
if len(accountids) > num_items and len(accountids) <= 100:
num_items = 100
users = Session.query(User).filter(User.id.in_(accountids))
usrcount = Session.query(User.id)
if c.user.is_domain_admin and usrcount:
users = users.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id == oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
usrcount = usrcount.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
if request.method == 'POST':
tasks = []
# try:
for account in users.all():
info = DELETEACCOUNT_MSG % dict(u=account.username)
Session.delete(account)
tasks.append([c.user.username,
4,
unicode(info),
request.host,
request.remote_addr,
now()])
Session.commit()
# except DataError:
# flash_alert(_('An error occured try again'))
# redirect(url(controller='accounts', action='index'))
del session['bulk_account_delete']
session.save()
update_serial.delay()
for task in tasks:
audit_log(*task)
flash(_('The accounts have been deleted'))
redirect(url(controller='accounts'))
else:
flash(_('The following accounts are about to be deleted,'
' this action is not reversible, Do you wish to '
'continue ?'))
try:
c.page = paginate.Page(users, page=1,
items_per_page=num_items,
item_count=usrcount.count())
except DataError:
flash_alert(_('An error occured try again'))
redirect(url(controller='accounts', action='index'))
return render('/accounts/confirmbulkdel.html')
class FilemanagerController(BaseController):
def __before__(self):
"set context"
BaseController.__before__(self)
if self.identity:
c.user = self.identity['user']
else:
c.user = None
def index(self, domainid=None, userid=None):
"Index"
action = request.GET.get('action', None)
if not action:
body = dict(success=False,
error=_("Action not supported"),
errorno=255)
response.headers['Content-Type'] = 'application/json'
return json.dumps(body)
kw = {}
if domainid:
requesturl = url('fm-domains', domainid=domainid)
model = DomSigImg
domain = self._get_domain(domainid)
if not domain:
abort(404)
if (not c.user.is_superadmin and not
check_domain_ownership(c.user.id, domainid)):
abort(404)
ownerattr = 'domain_id'
kw[ownerattr] = domainid
ownerid = domainid
else:
requesturl = url('fm-users', userid=userid)
model = UserSigImg
user = self._get_user(userid)
if not user:
abort(404)
if c.user.is_peleb and c.user.id != user.id:
abort(403)
if not c.user.is_superadmin and c.user.id != user.id:
orgs = [org.id for org in c.user.organizations]
doms = [dom.id for dom in user.domains]
if not check_dom_access(orgs, doms):
abort(403)
ownerattr = 'user_id'
kw[ownerattr] = userid
ownerid = userid
if action == 'auth':
body = dict(success=True,
data=dict(
move=dict(enabled=False,
handler=requesturl),
rename=dict(enabled=False,
handler=requesturl),
remove=dict(enabled=True,
handler=requesturl),
mkdir=dict(enabled=False,
handler=requesturl),
upload=dict(enabled=True,
handler=requesturl + '?action=upload',
accept_ext=['gif', 'jpg', 'png']),
baseUrl='')
)
elif action == 'list':
imgq = Session.query(model).filter_by(**kw).all()
imgs = {}
def builddict(img):
sigtype = 'domains' if domainid else 'users'
format = img.name.split('.')[-1] or 'png'
imgs[img.name] = url('fm-view-img',
sigtype=sigtype,
imgid=img.id,
format=format)
[builddict(img) for img in imgq]
body = dict(success=True,
data=dict(
directories={},
files=imgs)
)
elif action == 'upload':
form = Fmgr(request.POST, csrf_context=session)
if request.POST and form.validate():
try:
count = Session.query(model).filter_by(**kw).count()
if count > 0:
raise ValueError(_('Only one image is permitted per signature'))
imgdata = request.POST['handle']
mime = magic.Magic(mime=True)
content_type = mime.from_buffer(imgdata.file.read(1024))
imgdata.file.seek(0)
chunk = imgdata.file.read()
ext = imghdr.what('./xxx', chunk)
if not ext in ['gif', 'jpg', 'png', 'jpeg']:
raise ValueError(_('The uploaded file is not acceptable'))
name = form.newName.data or 'sigimage.%s' % ext
name = os.path.basename(name)
dbimg = model()
dbimg.name = name
dbimg.image = base64.encodestring(chunk)
dbimg.content_type = content_type
setattr(dbimg, ownerattr, ownerid)
imgdata.file.close()
Session.add(dbimg)
Session.commit()
respond = _('File has been uploaded')
except ValueError, msg:
if 'imgdata' in locals() and hasattr(imgdata, 'file'):
imgdata.file.close()
respond = msg
else:
respond = _('Invalid upload request')
return respond
elif action == 'remove':
fname = request.GET.get('file', None)
imgs = Session.query(model).filter(model.name == fname).all()
basedir = config.get('ms.signatures.base', '/etc/MailScanner/signatures')
files = []
for img in imgs:
if userid:
imgfile = os.path.join(basedir, 'users', user.username,
img.name)
else:
imgfile = os.path.join(basedir, 'domains', domain.name,
img.name)
files.append(imgfile)
Session.delete(img)
Session.commit()
respond = _('The file has been deleted')
body = dict(success=True, data=respond)
delete_sig.apply_async(args=[files])
def confirm_delete(self):
"Confirm mass delete"
accountids = session.get('bulk_account_delete', [])
if not accountids:
redirect(url(controller='accounts', action='index'))
num_items = 10
if len(accountids) > num_items and len(accountids) <= 20:
num_items = 20
if len(accountids) > num_items and len(accountids) <= 50:
num_items = 50
if len(accountids) > num_items and len(accountids) <= 100:
num_items = 100
users = Session.query(User).filter(User.id.in_(accountids))
usrcount = Session.query(User.id)
if c.user.is_domain_admin and usrcount:
users = users.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id == oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
usrcount = usrcount.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
if request.method == 'POST':
tasks = []
# try:
for account in users.all():
info = auditmsgs.DELETEACCOUNT_MSG % dict(u=account.username)
Session.delete(account)
tasks.append([
c.user.username, 4,
unicode(info), request.host, request.remote_addr,
arrow.utcnow().datetime
])
Session.commit()
del session['bulk_account_delete']
session.save()
backend_user_update(None, True)
for task in tasks:
audit_log(*task)
flash(_('The accounts have been deleted'))
redirect(url(controller='accounts'))
else:
flash(
_('The following accounts are about to be deleted,'
' this action is not reversible, Do you wish to '
'continue ?'))
try:
c.page = paginate.Page(users,
page=1,
items_per_page=num_items,
item_count=usrcount.count())
except DataError:
msg = _('An error occured try again')
flash_alert(msg)
log.info(msg)
redirect(url(controller='accounts', action='index'))
return self.render('/accounts/confirmbulkdel.html')
def section(self, serverid=1, sectionid='1'):
"Settings section"
server = self._get_server(serverid)
if not server:
abort(404)
if not int(sectionid) in CONFIG_SECTIONS:
abort(404)
c.serverid = serverid
c.sectionid = sectionid
c.scanner = server
c.sections = CONFIG_SECTIONS
c.form = settings_forms[sectionid](request.POST, csrf_context=session)
if not request.method == 'POST':
for field in c.form:
if (sectionid == '1' and '_' in field.name
and not field.name == 'csrf_token'):
internal = global_settings_dict[field.name]
else:
internal = field.name
conf = self._get_setting(serverid, internal)
if conf:
attr = getattr(c.form, field.name)
attr.data = conf.value
updated = None
if request.method == 'POST' and c.form.validate():
for field in c.form:
if field.type == 'SelectMultipleField' or \
(field.data and not field.name == 'csrf_token'):
if sectionid == '1':
if '_' in field.name:
external = global_settings_dict[field.name]
internal = external
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
conf = self._get_setting(serverid, internal)
if conf is None:
if (field.type == 'SelectMultipleField' and
len(field.data) and field.data != field.default)\
or (field.type != 'SelectMultipleField' and
field.data != field.default):
check_field(field)
conf = ConfigSettings(
internal=internal,
external=external,
section=sectionid
)
conf.value = field.data
conf.server = server
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=server.hostname,
s=external,
a=conf.value)
info = auditmsgs.HOSTSETTING_MSG % subs
audit_log(c.user.username,
3, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
else:
subs = dict(svr=conf.server.hostname,
s=external,
a=conf.value)
info = auditmsgs.HOSTSETTING_MSG % subs
check_value = get_check_value(field.type, conf.value)
if check_value != field.data:
# stored value not equal to updated value
if (field.type == 'SelectMultipleField' and
len(field.data) and
field.data != field.default) or \
(field.type != 'SelectMultipleField' and
field.data != field.default):
# not a default, we can update
check_field(field)
conf.value = field.data
updated = True
Session.add(conf)
Session.commit()
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
else:
# is the default lets delete the stored value
Session.delete(conf)
Session.commit()
updated = True
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
if updated:
flash(_('%(settings)s updated') % dict(
settings=CONFIG_SECTIONS[int(sectionid)]))
create_ms_settings.apply_async(exchange=FANOUT_XCHG)
update_serial.delay()
else:
flash_info(_('No configuration changes made'))
# redirect(url('settings-scanner', serverid=serverid))
elif request.method == 'POST' and not c.form.validate():
msg = _("Error detected, check the settings below")
flash_alert(msg)
log.info(msg)
return self.render('/settings/section.html')
