def deletedestination(self, destinationid): "Delete destination server" server = self._get_server(destinationid) if not server: abort(404) c.form = AddDeliveryServerForm(request.POST, server, csrf_context=session) if request.POST and c.form.validate(): name = server.domains.name server_addr = server.address domainid = server.domain_id Session.delete(server) Session.commit() flash(_('The destination server has been deleted')) info = DELETEDELSVR_MSG % dict(d=name, ds=server_addr) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) redirect(url('domain-detail', domainid=domainid)) else: flash( _('The destination server: %(s)s will be deleted,' ' This action is not reversible') % dict(s=server.address)) c.id = destinationid c.domainid = server.domain_id return render('/domains/deletedestination.html')
def delete(self, userid): """/accounts/delete/id""" user = self._get_user(userid) if not user: abort(404) c.form = EditUserForm(request.POST, user, csrf_context=session) c.form.domains.query = Session.query(Domain) if request.POST and c.form.validate(): username = user.username Session.delete(user) Session.commit() update_serial.delay() flash(_('The account has been deleted')) info = DELETEACCOUNT_MSG % dict(u=username) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) if userid == c.user.id: redirect(url('/logout')) redirect(url(controller='accounts', action='index')) else: flash_info( _('The account: %(a)s and all associated data' ' will be deleted, This action is not reversible.') % dict(a=user.username)) c.fields = FORM_FIELDS c.id = userid return render('/accounts/delete.html')
def delete(self, orgid): "Delete an organization" org = self._get_org(orgid) if not org: abort(404) c.form = DelOrgForm(request.POST, org, csrf_context=session) c.form.domains.query = Session.query(Domain) c.form.admins.query = Session.query(User).filter( User.account_type == 2) c.id = org.id if request.POST and c.form.validate(): org_name = org.name if c.form.delete_domains.data: for domain in org.domains: Session.delete(domain) Session.delete(org) Session.commit() info = DELETEORG_MSG % dict(o=org_name) audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now()) flash(_('The organization has been deleted')) redirect(url(controller='organizations')) else: flash(_('The organization: %(s)s will be deleted,' ' This action is not reversible') % dict(s=org.name)) return render('/organizations/delete.html')
def delete_auth(self, authid): "Delete auth server" server = self._get_authserver(authid) if not server: abort(404) c.form = AddAuthForm(request.POST, server, csrf_context=session) if request.POST and c.form.validate(): name = server.domains.name server_addr = server.address domainid = server.domains.id Session.delete(server) Session.commit() flash(_("The authentication settings have been deleted")) info = DELETEAUTHSVR_MSG % dict(d=name, ds=server_addr) audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now()) redirect(url("domain-detail", domainid=domainid)) else: flash( _("The authentication server: %(s)s will be deleted," " This action is not reversible") % dict(s=server.address) ) c.domainid = server.domains.id c.domainname = server.domains.name c.authid = authid return render("/domains/deleteauth.html")
def delete(self, orgid): "Delete an organization" org = self._get_org(orgid) if not org: abort(404) c.form = DelOrgForm(request.POST, org, csrf_context=session) c.form.domains.query = Session.query(Domain) c.form.admins.query = Session.query(User).filter( User.account_type == 2) c.id = org.id if request.POST and c.form.validate(): org_name = org.name if c.form.delete_domains.data: for domain in org.domains: Session.delete(domain) Session.delete(org) Session.commit() info = DELETEORG_MSG % dict(o=org_name) audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now()) flash(_('The organization has been deleted')) redirect(url(controller='organizations')) else: flash( _('The organization: %(s)s will be deleted,' ' This action is not reversible') % dict(s=org.name)) return render('/organizations/delete.html')
def delete(self, userid): """/accounts/delete/id""" user = self._get_user(userid) if not user: abort(404) c.form = EditUserForm(request.POST, user, csrf_context=session) del c.form.domains if request.POST and c.form.validate(): username = user.username user_id = unicode(user.id) Session.delete(user) Session.commit() update_serial.delay() flash(_('The account has been deleted')) info = DELETEACCOUNT_MSG % dict(u=username) audit_log(c.user.username, 4, unicode(info), request.host, request.remote_addr, now()) if userid == user_id: redirect(url('/logout')) redirect(url(controller='accounts', action='index')) else: flash_info(_('The account: %(a)s and all associated data' ' will be deleted, This action is not reversible.') % dict(a=user.username)) c.fields = FORM_FIELDS c.id = userid return render('/accounts/delete.html')
def deletealias(self, aliasid): "Delete alias domain" alias = self._get_alias(aliasid) if not alias: abort(404) c.form = AddDomainAlias(request.POST, alias, csrf_context=session) c.form.domain.query = Session.query(Domain)\ .filter(Domain.id==alias.domain_id) if request.POST and c.form.validate(): domainid = alias.domain_id aliasname = alias.name Session.delete(alias) Session.commit() update_serial.delay() info = DELETEDOMALIAS_MSG % dict(d=aliasname) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) flash(_('The domain alias: %s has been deleted') % aliasname) redirect(url('domain-detail', domainid=domainid)) c.aliasid = aliasid c.domainid = alias.domain_id c.domainname = alias.domain.name return render('/domains/deletealias.html')
def deletealias(self, aliasid): "Delete alias domain" alias = self._get_alias(aliasid) if not alias: abort(404) c.form = DelDomainAlias(request.POST, alias, csrf_context=session) c.form.domain.query = Session.query(Domain)\ .filter(Domain.id==alias.domain_id) if request.POST and c.form.validate(): domainid = alias.domain_id aliasname = alias.name Session.delete(alias) Session.commit() update_serial.delay() info = DELETEDOMALIAS_MSG % dict(d=aliasname) audit_log(c.user.username, 4, unicode(info), request.host, request.remote_addr, now()) flash(_('The domain alias: %s has been deleted') % aliasname) redirect(url('domain-detail', domainid=domainid)) c.aliasid = aliasid c.domainid = alias.domain_id c.domainname = alias.domain.name return render('/domains/deletealias.html')
def deletedestination(self, destinationid): "Delete destination server" server = self._get_server(destinationid) if not server: abort(404) c.form = AddDeliveryServerForm(request.POST, server, csrf_context=session) if request.POST and c.form.validate(): name = server.domains.name server_addr = server.address domainid = server.domain_id Session.delete(server) Session.commit() flash(_('The destination server has been deleted')) info = DELETEDELSVR_MSG % dict(d=name, ds=server_addr) audit_log(c.user.username, 4, unicode(info), request.host, request.remote_addr, now()) redirect(url('domain-detail', domainid=domainid)) else: flash(_('The destination server: %(s)s will be deleted,' ' This action is not reversible') % dict(s=server.address)) c.id = destinationid c.domainid = server.domain_id return render('/domains/deletedestination.html')
def delete_auth(self, authid): "Delete auth server" server = self._get_authserver(authid) if not server: abort(404) c.form = AddAuthForm(request.POST, server, csrf_context=session) if request.POST and c.form.validate(): name = server.domains.name server_addr = server.address domainid = server.domains.id Session.delete(server) Session.commit() flash(_('The authentication settings have been deleted')) info = DELETEAUTHSVR_MSG % dict(d=name, ds=server_addr) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) redirect(url('domain-detail', domainid=domainid)) else: flash( _('The authentication server: %(s)s will be deleted,' ' This action is not reversible') % dict(s=server.address)) c.domainid = server.domains.id c.domainname = server.domains.name c.authid = authid return render('/domains/deleteauth.html')
def confirm_delete(self): "Confirm bulk delete of domains" domainids = session.get('bulk_domain_delete', []) if not domainids: redirect(url(controller='domains', action='index')) num_items = 10 if len(domainids) > num_items and len(domainids) <= 20: num_items = 20 if len(domainids) > num_items and len(domainids) <= 50: num_items = 50 if len(domainids) > num_items and len(domainids) <= 100: num_items = 100 domains = Session.query(Domain).filter(Domain.id.in_(domainids))\ .options(joinedload('organizations')) domcount = Session.query(Domain.id).filter(Domain.id.in_(domainids)) if c.user.is_domain_admin: domains = domains.join(domain_owners, (oa, domain_owners.c.organization_id == oa.c.organization_id))\ .filter(oa.c.user_id == c.user.id) domcount = domcount.join(domain_owners, (oa, domain_owners.c.organization_id == oa.c.organization_id))\ .filter(oa.c.user_id == c.user.id) if request.POST: tasks = [] for domain in domains.all(): info = DELETEDOMAIN_MSG % dict(d=domain.name) tasks.append((c.user.username, 4, unicode(info), request.host, request.remote_addr, now())) Session.delete(domain) Session.commit() del session['bulk_domain_delete'] session.save() for task in tasks: audit_log(*task) flash(_('The domains have been deleted')) redirect(url(controller='domains')) else: flash(_('The following domains are about to be deleted,' ' this action is not reversible, Do you wish to' ' continue ?')) try: c.page = paginate.Page(domains, page=1, items_per_page=num_items, item_count=domcount.count()) except DataError: flash_alert(_('An error occured try again')) redirect(url(controller='domains', action='index')) return render('/domains/confirmbulkdel.html')
def confirm_delete(self): "Confirm bulk delete of domains" domainids = session.get('bulk_domain_delete', []) if not domainids: redirect(url(controller='domains', action='index')) num_items = 10 if len(domainids) > num_items and len(domainids) <= 20: num_items = 20 if len(domainids) > num_items and len(domainids) <= 50: num_items = 50 if len(domainids) > num_items and len(domainids) <= 100: num_items = 100 domains = Session.query(Domain).filter(Domain.id.in_(domainids))\ .options(joinedload('organizations')) domcount = Session.query(Domain.id).filter(Domain.id.in_(domainids)) if c.user.is_domain_admin: domains = domains.join(domain_owners, (oa, domain_owners.c.organization_id == oa.c.organization_id))\ .filter(oa.c.user_id == c.user.id) domcount = domcount.join(domain_owners, (oa, domain_owners.c.organization_id == oa.c.organization_id))\ .filter(oa.c.user_id == c.user.id) if request.POST: tasks = [] for domain in domains.all(): info = DELETEDOMAIN_MSG % dict(d=domain.name) tasks.append((c.user.username, 4, info, request.host, request.remote_addr, now())) Session.delete(domain) Session.commit() del session['bulk_domain_delete'] session.save() for task in tasks: audit_log(*task) flash(_('The domains have been deleted')) redirect(url(controller='domains')) else: flash( _('The following domains are about to be deleted,' ' this action is not reversible, Do you wish to' ' continue ?')) try: c.page = paginate.Page(domains, page=1, items_per_page=num_items, item_count=domcount.count()) except DataError: flash_alert(_('An error occured try again')) redirect(url(controller='domains', action='index')) return render('/domains/confirmbulkdel.html')
def delete_stored(self, filterid, format=None): "Delete a saved dilter" savedfilter = self._get_filter(filterid) if not savedfilter: abort(404) Session.delete(savedfilter) Session.commit() if format == 'json': response.headers['Content-Type'] = JSON_HEADER self.invalidate = True return json.dumps(self._get_data(format, True, {})) flash(_("The filter has been deleted")) redirect(url('toplevel', controller='reports'))
def delete_domain_sigs(self, sigid): "Delete domain signature" sign = self._get_domsign(sigid) if not sign: abort(404) c.form = SigForm(request.POST, sign, csrf_context=session) signature_type = c.form.signature_type.data del c.form['signature_type'] if request.method == 'POST' and c.form.validate(): domain = sign.domain files = [] basedir = config.get('ms.signatures.base', '/etc/MailScanner/signatures') if sign.signature_type == 1: sigfile = os.path.join(basedir, 'domains', domain.name, 'sig.txt') files.append(sigfile) else: if sign.image: for imgobj in sign.image: imgfile = os.path.join(basedir, 'domains', domain.name, imgobj.name) files.append(imgfile) sigfile = os.path.join(basedir, 'domains', domain.name, 'sig.html') files.append(sigfile) Session.delete(sign) Session.commit() if not domain.signatures: sigfile = os.path.join(basedir, 'domains', domain.name) files.append(sigfile) for alias in domain.aliases: sigfile = os.path.join(basedir, 'domains', alias.name) files.append(sigfile) delete_sig.apply_async(args=[files], exchange=FANOUT_XCHG) backend_sig_update(signature_type) info = auditmsgs.DELETEDOMSIG_MSG % dict(d=domain.name) audit_log(c.user.username, 4, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) flash(_('The signature has been deleted')) redirect(url('domain-settings-sigs', domainid=domain.id)) c.sign = sign return self.render('/settings/domain_deletesig.html')
def list_delete(self, listid): "Delete a list item" item = get_listitem(listid) if not item: abort(404) if c.user.account_type != 1 and c.user.id != item.user_id: abort(403) c.form = list_forms[c.user.account_type](request.POST, item, csrf_context=session) if not c.user.is_superadmin: del c.form.add_to_alias if c.user.is_domain_admin: orgs = [group.id for group in c.user.organizations] query = Session.query(Domain.name).join(domain_owners)\ .filter(domain_owners.c.organization_id.in_(orgs)) options = [(domain.name, domain.name) for domain in query] # options.insert(0, ('any', _('All domains'))) c.form.to_domain.choices = options if c.user.is_peleb: query = self._user_addresses() options = [(addr.email, addr.email) for addr in query] c.form.to_address.choices = options c.id = item.id if request.method == 'POST' and c.form.validate(): if item.list_type == 1: listname = _('Approved senders') else: listname = _('Banned senders') name = item.from_address list_type = item.list_type Session.delete(item) Session.commit() update_lists_backend(list_type) info = auditmsgs.LISTDEL_MSG % dict(s=name, l=listname) audit_log(c.user.username, 4, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) flash(_('The item has been deleted')) if not request.is_xhr: redirect(url(controller='lists')) else: c.delflag = True return self.render('/lists/delete.html')
def delete_domain_sigs(self, sigid): "Delete domain signature" sign = self._get_domsign(sigid) if not sign: abort(404) c.form = SigForm(request.POST, sign, csrf_context=session) del c.form['signature_type'] if request.POST and c.form.validate(): domain_id = sign.domain_id domain_name = sign.domain.name files = [] basedir = config.get('ms.signatures.base', '/etc/MailScanner/signatures') if sign.signature_type == 1: domain = self._get_domain(domain_id) if domain: sigfile = os.path.join(basedir, 'domains', domain.name, 'sig.txt') files.append(sigfile) else: if sign.image: imgfile = os.path.join(basedir, 'domains', domain.name, sign.image.name) files.append(imgfile) sigfile = os.path.join(basedir, 'domains', domain.name, 'sig.html') files.append(sigfile) Session.delete(sign) Session.commit() delete_sig.apply_async(args=[files], queue='msbackend') info = DELETEDOMSIG_MSG % dict(d=domain_name) audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now()) flash(_('The signature has been deleted')) redirect(url('domain-settings-sigs', domainid=domain_id)) c.sign = sign return render('/settings/domain_deletesig.html')
def delete_account_sigs(self, sigid): "Delete account signatures" sign = self._get_usrsign(sigid) if not sign: abort(404) c.form = SigForm(request.POST, sign, csrf_context=session) del c.form['signature_type'] if request.POST and c.form.validate(): user_id = sign.user_id user_name = sign.user.username files = [] basedir = config.get('ms.signatures.base', '/etc/MailScanner/signatures') if sign.signature_type == 1: user = self._get_user(user_id) if user: sigfile = os.path.join(basedir, 'users', user.username, 'sig.txt') files.append(sigfile) else: if sign.image: imgfile = os.path.join(basedir, 'users', user.username, sign.image.name) files.append(imgfile) sigfile = os.path.join(basedir, 'users', user.username, 'sig.html') files.append(sigfile) Session.delete(sign) Session.commit() delete_sig.apply_async(args=[files], queue='msbackend') info = DELETEACCSIG_MSG % dict(u=user_name) audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now()) flash(_('The signature has been deleted')) redirect(url('account-detail', userid=user_id)) c.sign = sign return render('/settings/account_deletesig.html')
def delete_server(self, serverid): "Delete a scan server" server = self._get_server(serverid) if not server: abort(404) c.form = ServerForm(request.POST, server, csrf_context=session) c.id = server.id if request.POST and c.form.validate(): hostname = server.hostname Session.delete(server) Session.commit() update_serial.delay() info = HOSTDELETE_MSG % dict(n=hostname) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) flash(_('The scanning server has been deleted')) redirect(url(controller='settings')) return render('/settings/deleteserver.html')
def delete_server(self, serverid): "Delete a scan server" server = self._get_server(serverid) if not server: abort(404) c.form = ServerForm(request.POST, server, csrf_context=session) c.id = server.id if request.POST and c.form.validate(): hostname = server.hostname Session.delete(server) Session.commit() update_serial.delay() info = HOSTDELETE_MSG % dict(n=hostname) audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now()) flash(_('The scanning server has been deleted')) redirect(url(controller='settings')) return render('/settings/deleteserver.html')
def pwtokenreset(self, token): """Reset password using token""" try: token = Session.query(ResetToken)\ .filter(ResetToken.token == token)\ .filter(ResetToken.used == false()).one() threshold = token.timestamp + timedelta(minutes=20) if arrow.utcnow().datetime > threshold: Session.delete(token) Session.commit() raise NoResultFound user = self._get_user(token.user_id) if not user or user.is_superadmin: raise NoResultFound passwd = mkpasswd() user.set_password(passwd) Session.add(user) Session.delete(token) Session.commit() c.passwd = passwd c.firstname = user.firstname or user.username text = self.render('/email/pwchanged.txt') mailer = Mailer(get_conf_options(config)) mailer.start() sdrnme = config.get('baruwa.custom.name', 'Baruwa') email = Msg(author=[(sdrnme, config.get('baruwa.reports.sender'))], to=[('', user.email)], subject=_("[%s] Password reset") % sdrnme) email.plain = text mailer.send(email) mailer.stop() flash( _('The password has been reset, check your email for' ' the temporary password you should use to login.')) except NoResultFound: msg = _('The token used is invalid or does not exist') flash_alert(msg) log.info(msg) redirect(url('/accounts/login'))
def delete_relay(self, settingid): "Delete a mail relay" relay = self._get_setting(settingid) if not relay: abort(404) c.form = RelayForm(request.POST, relay, csrf_context=session) c.relayname = relay.address or relay.username c.relayid = relay.id c.orgid = relay.org_id if request.POST and c.form.validate(): orgid = relay.organization_id try: Session.delete(relay) Session.commit() info = DELETERELAY_MSG % dict(r=c.relayname) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) flash(_("The outbound settings have been deleted")) except: flash(_("The outbound settings could not be deleted")) redirect(url("org-detail", orgid=orgid)) return render("/organizations/deleterelay.html")
def pwtokenreset(self, token): """Reset password using token""" try: token = Session.query(ResetToken)\ .filter(ResetToken.token == token)\ .filter(ResetToken.used == false()).one() threshold = token.timestamp + timedelta(minutes=20) if arrow.utcnow().datetime > threshold: Session.delete(token) Session.commit() raise NoResultFound user = self._get_user(token.user_id) if not user or user.is_superadmin: raise NoResultFound passwd = mkpasswd() user.set_password(passwd) Session.add(user) Session.delete(token) Session.commit() c.passwd = passwd c.firstname = user.firstname or user.username text = self.render('/email/pwchanged.txt') mailer = Mailer(get_conf_options(config)) mailer.start() sdrnme = config.get('baruwa.custom.name', 'Baruwa') email = Msg(author=[(sdrnme, config.get('baruwa.reports.sender'))], to=[('', user.email)], subject=_("[%s] Password reset") % sdrnme) email.plain = text mailer.send(email) mailer.stop() flash(_('The password has been reset, check your email for' ' the temporary password you should use to login.')) except NoResultFound: msg = _('The token used is invalid or does not exist') flash_alert(msg) log.info(msg) redirect(url('/accounts/login'))
def delete_account_sigs(self, sigid): "Delete account signatures" sign = self._get_usrsign(sigid) if not sign: abort(404) c.form = SigForm(request.POST, sign, csrf_context=session) del c.form['signature_type'] if request.POST and c.form.validate(): user_id = sign.user_id user_name = sign.user.username files = [] basedir = config.get('ms.signatures.base', '/etc/MailScanner/signatures') if sign.signature_type == 1: user = self._get_user(user_id) if user: sigfile = os.path.join(basedir, 'users', user.username, 'sig.txt') files.append(sigfile) else: if sign.image: imgfile = os.path.join(basedir, 'users', user.username, sign.image.name) files.append(imgfile) sigfile = os.path.join(basedir, 'users', user.username, 'sig.html') files.append(sigfile) Session.delete(sign) Session.commit() delete_sig.apply_async(args=[files], queue='msbackend') info = DELETEACCSIG_MSG % dict(u=user_name) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) flash(_('The signature has been deleted')) redirect(url('account-detail', userid=user_id)) c.sign = sign return render('/settings/account_deletesig.html')
def delete_domain_sigs(self, sigid): "Delete domain signature" sign = self._get_domsign(sigid) if not sign: abort(404) c.form = SigForm(request.POST, sign, csrf_context=session) del c.form['signature_type'] if request.POST and c.form.validate(): domain_id = sign.domain_id domain_name = sign.domain.name files = [] basedir = config.get('ms.signatures.base', '/etc/MailScanner/signatures') if sign.signature_type == 1: domain = self._get_domain(domain_id) if domain: sigfile = os.path.join(basedir, 'domains', domain.name, 'sig.txt') files.append(sigfile) else: if sign.image: imgfile = os.path.join(basedir, 'domains', domain.name, sign.image.name) files.append(imgfile) sigfile = os.path.join(basedir, 'domains', domain.name, 'sig.html') files.append(sigfile) Session.delete(sign) Session.commit() delete_sig.apply_async(args=[files], queue='msbackend') info = DELETEDOMSIG_MSG % dict(d=domain_name) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) flash(_('The signature has been deleted')) redirect(url('domain-settings-sigs', domainid=domain_id)) c.sign = sign return render('/settings/domain_deletesig.html')
def delete(self, domainid): "Delete a domain" domain = self._get_domain(domainid) if not domain: abort(404) c.form = AddDomainForm(request.POST, domain, csrf_context=session) del c.form.organizations c.id = domainid if request.POST and c.form.validate(): name = domain.name Session.delete(domain) Session.commit() update_serial.delay() info = DELETEDOMAIN_MSG % dict(d=name) audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now()) flash(_("The domain has been deleted")) redirect(url(controller="domains")) else: flash( _("The domain: %(name)s and all associated data will" " be deleted, This action cannot be reversed.") % dict(name=domain.name) ) return render("/domains/delete.html")
def delete_relay(self, settingid): "Delete a mail relay" relay = self._get_setting(settingid) if not relay: abort(404) c.form = RelayForm(request.POST, relay, csrf_context=session) c.relayname = relay.address or relay.username c.relayid = relay.id c.orgid = relay.org_id if request.POST and c.form.validate(): orgid = relay.organization_id try: Session.delete(relay) Session.commit() info = DELETERELAY_MSG % dict(r=c.relayname) audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now()) flash(_('The outbound settings have been deleted')) except: flash(_('The outbound settings could not be deleted')) redirect(url('org-detail', orgid=orgid)) return render('/organizations/deleterelay.html')
def deleteaddress(self, addressid): "Delete address" address = self._get_address(addressid) if not address: abort(404) c.form = AddressForm(request.POST, address, csrf_context=session) if request.POST and c.form.validate(): user_id = address.user_id addr = address.address username = address.user.username Session.delete(address) Session.commit() update_serial.delay() info = ADDRDELETE_MSG % dict(a=addr, ac=username) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) flash(_('The address has been deleted')) redirect( url(controller='accounts', action='detail', userid=user_id)) c.id = addressid c.userid = address.user_id return render('/accounts/deleteaddress.html')
def deleteaddress(self, addressid): "Delete address" address = self._get_address(addressid) if not address: abort(404) c.form = AddressForm(request.POST, address, csrf_context=session) if request.POST and c.form.validate(): user_id = address.user_id addr = address.address username = address.user.username Session.delete(address) Session.commit() update_serial.delay() info = ADDRDELETE_MSG % dict(a=addr, ac=username) audit_log(c.user.username, 4, unicode(info), request.host, request.remote_addr, now()) flash(_('The address has been deleted')) redirect(url(controller='accounts', action='detail', userid=user_id)) c.id = addressid c.userid = address.user_id return render('/accounts/deleteaddress.html')
def delete(self, domainid): "Delete a domain" domain = self._get_domain(domainid) if not domain: abort(404) c.form = AddDomainForm(request.POST, domain, csrf_context=session) del c.form.organizations c.id = domainid if request.POST and c.form.validate(): name = domain.name Session.delete(domain) Session.commit() update_serial.delay() info = DELETEDOMAIN_MSG % dict(d=name) audit_log(c.user.username, 4, info, request.host, request.remote_addr, now()) flash(_('The domain has been deleted')) redirect(url(controller='domains')) else: flash( _('The domain: %(name)s and all associated data will' ' be deleted, This action cannot be reversed.') % dict(name=domain.name)) return render('/domains/delete.html')
def confirm_delete(self): "Confirm mass delete" accountids = session.get('bulk_account_delete', []) if not accountids: redirect(url(controller='accounts', action='index')) num_items = 10 if len(accountids) > num_items and len(accountids) <= 20: num_items = 20 if len(accountids) > num_items and len(accountids) <= 50: num_items = 50 if len(accountids) > num_items and len(accountids) <= 100: num_items = 100 users = Session.query(User).filter(User.id.in_(accountids)) usrcount = Session.query(User.id) if c.user.is_domain_admin and usrcount: users = users.join(domain_users, (dom_owns, domain_users.c.domain_id == dom_owns.c.domain_id), (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) usrcount = usrcount.join(domain_users, (dom_owns, domain_users.c.domain_id == dom_owns.c.domain_id), (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) if request.method == 'POST': tasks = [] # try: for account in users.all(): info = DELETEACCOUNT_MSG % dict(u=account.username) Session.delete(account) tasks.append([c.user.username, 4, unicode(info), request.host, request.remote_addr, now()]) Session.commit() # except DataError: # flash_alert(_('An error occured try again')) # redirect(url(controller='accounts', action='index')) del session['bulk_account_delete'] session.save() update_serial.delay() for task in tasks: audit_log(*task) flash(_('The accounts have been deleted')) redirect(url(controller='accounts')) else: flash(_('The following accounts are about to be deleted,' ' this action is not reversible, Do you wish to ' 'continue ?')) try: c.page = paginate.Page(users, page=1, items_per_page=num_items, item_count=usrcount.count()) except DataError: flash_alert(_('An error occured try again')) redirect(url(controller='accounts', action='index')) return render('/accounts/confirmbulkdel.html')
class FilemanagerController(BaseController): def __before__(self): "set context" BaseController.__before__(self) if self.identity: c.user = self.identity['user'] else: c.user = None def index(self, domainid=None, userid=None): "Index" action = request.GET.get('action', None) if not action: body = dict(success=False, error=_("Action not supported"), errorno=255) response.headers['Content-Type'] = 'application/json' return json.dumps(body) kw = {} if domainid: requesturl = url('fm-domains', domainid=domainid) model = DomSigImg domain = self._get_domain(domainid) if not domain: abort(404) if (not c.user.is_superadmin and not check_domain_ownership(c.user.id, domainid)): abort(404) ownerattr = 'domain_id' kw[ownerattr] = domainid ownerid = domainid else: requesturl = url('fm-users', userid=userid) model = UserSigImg user = self._get_user(userid) if not user: abort(404) if c.user.is_peleb and c.user.id != user.id: abort(403) if not c.user.is_superadmin and c.user.id != user.id: orgs = [org.id for org in c.user.organizations] doms = [dom.id for dom in user.domains] if not check_dom_access(orgs, doms): abort(403) ownerattr = 'user_id' kw[ownerattr] = userid ownerid = userid if action == 'auth': body = dict(success=True, data=dict( move=dict(enabled=False, handler=requesturl), rename=dict(enabled=False, handler=requesturl), remove=dict(enabled=True, handler=requesturl), mkdir=dict(enabled=False, handler=requesturl), upload=dict(enabled=True, handler=requesturl + '?action=upload', accept_ext=['gif', 'jpg', 'png']), baseUrl='') ) elif action == 'list': imgq = Session.query(model).filter_by(**kw).all() imgs = {} def builddict(img): sigtype = 'domains' if domainid else 'users' format = img.name.split('.')[-1] or 'png' imgs[img.name] = url('fm-view-img', sigtype=sigtype, imgid=img.id, format=format) [builddict(img) for img in imgq] body = dict(success=True, data=dict( directories={}, files=imgs) ) elif action == 'upload': form = Fmgr(request.POST, csrf_context=session) if request.POST and form.validate(): try: count = Session.query(model).filter_by(**kw).count() if count > 0: raise ValueError(_('Only one image is permitted per signature')) imgdata = request.POST['handle'] mime = magic.Magic(mime=True) content_type = mime.from_buffer(imgdata.file.read(1024)) imgdata.file.seek(0) chunk = imgdata.file.read() ext = imghdr.what('./xxx', chunk) if not ext in ['gif', 'jpg', 'png', 'jpeg']: raise ValueError(_('The uploaded file is not acceptable')) name = form.newName.data or 'sigimage.%s' % ext name = os.path.basename(name) dbimg = model() dbimg.name = name dbimg.image = base64.encodestring(chunk) dbimg.content_type = content_type setattr(dbimg, ownerattr, ownerid) imgdata.file.close() Session.add(dbimg) Session.commit() respond = _('File has been uploaded') except ValueError, msg: if 'imgdata' in locals() and hasattr(imgdata, 'file'): imgdata.file.close() respond = msg else: respond = _('Invalid upload request') return respond elif action == 'remove': fname = request.GET.get('file', None) imgs = Session.query(model).filter(model.name == fname).all() basedir = config.get('ms.signatures.base', '/etc/MailScanner/signatures') files = [] for img in imgs: if userid: imgfile = os.path.join(basedir, 'users', user.username, img.name) else: imgfile = os.path.join(basedir, 'domains', domain.name, img.name) files.append(imgfile) Session.delete(img) Session.commit() respond = _('The file has been deleted') body = dict(success=True, data=respond) delete_sig.apply_async(args=[files])
def confirm_delete(self): "Confirm mass delete" accountids = session.get('bulk_account_delete', []) if not accountids: redirect(url(controller='accounts', action='index')) num_items = 10 if len(accountids) > num_items and len(accountids) <= 20: num_items = 20 if len(accountids) > num_items and len(accountids) <= 50: num_items = 50 if len(accountids) > num_items and len(accountids) <= 100: num_items = 100 users = Session.query(User).filter(User.id.in_(accountids)) usrcount = Session.query(User.id) if c.user.is_domain_admin and usrcount: users = users.join(domain_users, (dom_owns, domain_users.c.domain_id == dom_owns.c.domain_id), (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) usrcount = usrcount.join(domain_users, (dom_owns, domain_users.c.domain_id == dom_owns.c.domain_id), (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) if request.method == 'POST': tasks = [] # try: for account in users.all(): info = auditmsgs.DELETEACCOUNT_MSG % dict(u=account.username) Session.delete(account) tasks.append([ c.user.username, 4, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime ]) Session.commit() del session['bulk_account_delete'] session.save() backend_user_update(None, True) for task in tasks: audit_log(*task) flash(_('The accounts have been deleted')) redirect(url(controller='accounts')) else: flash( _('The following accounts are about to be deleted,' ' this action is not reversible, Do you wish to ' 'continue ?')) try: c.page = paginate.Page(users, page=1, items_per_page=num_items, item_count=usrcount.count()) except DataError: msg = _('An error occured try again') flash_alert(msg) log.info(msg) redirect(url(controller='accounts', action='index')) return self.render('/accounts/confirmbulkdel.html')
def section(self, serverid=1, sectionid='1'): "Settings section" server = self._get_server(serverid) if not server: abort(404) if not int(sectionid) in CONFIG_SECTIONS: abort(404) c.serverid = serverid c.sectionid = sectionid c.scanner = server c.sections = CONFIG_SECTIONS c.form = settings_forms[sectionid](request.POST, csrf_context=session) if not request.method == 'POST': for field in c.form: if (sectionid == '1' and '_' in field.name and not field.name == 'csrf_token'): internal = global_settings_dict[field.name] else: internal = field.name conf = self._get_setting(serverid, internal) if conf: attr = getattr(c.form, field.name) attr.data = conf.value updated = None if request.method == 'POST' and c.form.validate(): for field in c.form: if field.type == 'SelectMultipleField' or \ (field.data and not field.name == 'csrf_token'): if sectionid == '1': if '_' in field.name: external = global_settings_dict[field.name] internal = external else: external = CONFIG_RE.sub(u'', unicode(field.label.text)) internal = field.name else: external = CONFIG_RE.sub(u'', unicode(field.label.text)) internal = field.name conf = self._get_setting(serverid, internal) if conf is None: if (field.type == 'SelectMultipleField' and len(field.data) and field.data != field.default)\ or (field.type != 'SelectMultipleField' and field.data != field.default): check_field(field) conf = ConfigSettings( internal=internal, external=external, section=sectionid ) conf.value = field.data conf.server = server updated = True Session.add(conf) Session.commit() subs = dict(svr=server.hostname, s=external, a=conf.value) info = auditmsgs.HOSTSETTING_MSG % subs audit_log(c.user.username, 3, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) else: subs = dict(svr=conf.server.hostname, s=external, a=conf.value) info = auditmsgs.HOSTSETTING_MSG % subs check_value = get_check_value(field.type, conf.value) if check_value != field.data: # stored value not equal to updated value if (field.type == 'SelectMultipleField' and len(field.data) and field.data != field.default) or \ (field.type != 'SelectMultipleField' and field.data != field.default): # not a default, we can update check_field(field) conf.value = field.data updated = True Session.add(conf) Session.commit() audit_log(c.user.username, 2, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) else: # is the default lets delete the stored value Session.delete(conf) Session.commit() updated = True audit_log(c.user.username, 4, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) if updated: flash(_('%(settings)s updated') % dict( settings=CONFIG_SECTIONS[int(sectionid)])) create_ms_settings.apply_async(exchange=FANOUT_XCHG) update_serial.delay() else: flash_info(_('No configuration changes made')) # redirect(url('settings-scanner', serverid=serverid)) elif request.method == 'POST' and not c.form.validate(): msg = _("Error detected, check the settings below") flash_alert(msg) log.info(msg) return self.render('/settings/section.html')