def can_admin_group(user, group, is_remove=False): from sentry.models import Team if user.is_superuser: return True # We make the assumption that we have a valid membership here try: Team.objects.get_for_user(user)[group.project.team.slug] except KeyError: return False # The "remove_event" permission was added after "admin_event". # First check the new "remove_event" permission, then fall back # to the "admin_event" permission. if is_remove: result = plugins.first('has_perm', user, 'remove_event', group) if result is False: return False result = plugins.first('has_perm', user, 'admin_event', group) if result is False: return False return True
def manage_project_team(request, project): result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False and not request.user.has_perm( 'sentry.can_change_project'): return HttpResponseRedirect(reverse('sentry')) if not project.team: member_list = [] else: member_list = [(tm, tm.user) for tm in project.team.member_set.select_related('user') ] context = csrf(request) context.update({ 'page': 'team', 'project': project, 'team': project.team, 'member_list': member_list, 'can_add_member': can_add_team_member(request.user, project.team), }) return render_to_response('sentry/projects/team.html', context, request)
def configure_project_plugin(request, project, slug): try: plugin = plugins.get(slug) except KeyError: return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.slug])) if not plugin.is_enabled(project): return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.slug])) result = plugins.first('has_perm', request.user, 'configure_project_plugin', project, plugin) if result is False and not request.user.is_superuser: return HttpResponseRedirect(reverse('sentry')) form = plugin.project_conf_form if form is None: return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.slug])) action, view = plugin_config(plugin, project, request) if action == 'redirect': return HttpResponseRedirect(request.path + '?success=1') context = csrf(request) context.update({ 'page': 'plugin', 'title': plugin.get_title(), 'view': view, 'project': project, 'plugin': plugin, }) return render_to_response('sentry/projects/plugins/configure.html', context, request)
def project_from_auth_vars(auth_vars, data): signature = auth_vars.get("sentry_signature") timestamp = auth_vars.get("sentry_timestamp") api_key = auth_vars.get("sentry_key") if not signature or not timestamp: raise APIUnauthorized() if api_key: try: pm = ProjectMember.objects.get_from_cache(public_key=api_key) except ProjectMember.DoesNotExist: raise APIForbidden("Invalid signature") if not pm.is_active or pm.user and not pm.user.is_active: raise APIUnauthorized("Account is not active") project = pm.project secret_key = pm.secret_key result = plugins.first("has_perm", pm.user, "create_event", pm.project) if result is False: raise APIUnauthorized() else: project = None secret_key = settings.KEY validate_hmac(data, signature, timestamp, secret_key) return project
def post(self, request, organization, team): result = plugins.first('has_perm', request.user, 'edit_team', team) if result is False and not request.user.is_superuser: return HttpResponseRedirect(reverse('sentry')) form = self.get_form(request, team) if form.is_valid(): team = form.save() AuditLogEntry.objects.create( organization=organization, actor=request.user, ip_address=request.META['REMOTE_ADDR'], target_object=team.id, event=AuditLogEntryEvent.TEAM_EDIT, data=team.get_audit_log_data(), ) messages.add_message(request, messages.SUCCESS, _('Changes to your team were saved.')) return HttpResponseRedirect( reverse('sentry-manage-team', args=[organization.slug, team.slug])) context = { 'form': form, } return self.respond('sentry/teams/manage.html', context)
def can_remove_team(user, team): if team.project_set.exists(): return False result = plugins.first('has_perm', user, 'remove_team', team) if result is False and not user.has_perm('sentry.can_remove_team'): return False return True
def project_from_api_key_and_id(api_key, project_id): """ Given a public api key and a project id returns a project instance or throws APIUnauthorized. """ try: pk = ProjectKey.objects.get_from_cache(public_key=api_key) except ProjectKey.DoesNotExist: raise APIUnauthorized("Invalid api key") if str(pk.project_id) != str(project_id): raise APIUnauthorized() project = Project.objects.get_from_cache(pk=pk.project_id) if pk.user: team = Team.objects.get_from_cache(pk=project.team_id) try: tm = TeamMember.objects.get(team=team, user=pk.user, is_active=True) except TeamMember.DoesNotExist: raise APIUnauthorized("Member does not have access to project") if not pk.user.is_active: raise APIUnauthorized("Account is not active") tm.project = project result = plugins.first("has_perm", tm.user, "create_event", project) if result is False: raise APIUnauthorized() return project
def manage_project_keys(request, organization, project): result = plugins.first("has_perm", request.user, "edit_project", project) if result is False and not request.user.is_superuser: return HttpResponseRedirect(reverse("sentry")) key_list = list(ProjectKey.objects.filter(project=project).order_by("-id")) for key in key_list: key.project = project key.can_remove = (can_remove_project_key(request.user, key),) key.can_edit = (can_edit_project_key(request.user, key),) context = csrf(request) context.update( { "team": project.team, "organization": organization, "page": "keys", "project": project, "key_list": key_list, "can_add_key": can_add_project_key(request.user, project), } ) return render_to_response("sentry/projects/keys.html", context, request)
def remove_project_member(request, project, member_id): try: member = project.member_set.get(pk=member_id) except ProjectMember.DoesNotExist: return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.pk])) if member.user == project.owner: return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.pk])) result = plugins.first('has_perm', request.user, 'remove_project_member', member) if result is False and not request.user.has_perm('sentry.can_remove_projectmember'): return HttpResponseRedirect(reverse('sentry')) if request.POST: member.delete() return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.pk])) context = csrf(request) context.update({ 'member': member, 'project': project, }) return render_to_response('sentry/projects/members/remove.html', context, request)
def project_from_id(request): """ Given a request returns a project instance or throws APIUnauthorized. """ if not request.user.is_active: raise APIUnauthorized("Account is not active") try: project = Project.objects.get_from_cache(pk=request.GET["project_id"]) except Project.DoesNotExist: raise APIUnauthorized("Invalid project") try: team = Team.objects.get_from_cache(pk=project.team_id) except Project.DoesNotExist: raise APIUnauthorized("Member does not have access to project") try: TeamMember.objects.get(user=request.user, team=team, is_active=True) except TeamMember.DoesNotExist: raise APIUnauthorized("Member does not have access to project") result = plugins.first("has_perm", request.user, "create_event", project) if result is False: raise APIUnauthorized() return project
def remove_team_member(request, team, member_id): try: member = team.member_set.get(pk=member_id) except TeamMember.DoesNotExist: return HttpResponseRedirect( reverse('sentry-manage-team', args=[team.slug])) if member.user == team.owner: return HttpResponseRedirect( reverse('sentry-manage-team', args=[team.slug])) result = plugins.first('has_perm', request.user, 'remove_team_member', member) if result is False and not request.user.has_perm( 'sentry.can_remove_teammember'): return HttpResponseRedirect(reverse('sentry')) if request.POST: member.delete() return HttpResponseRedirect( reverse('sentry-manage-team', args=[team.slug])) context = csrf(request) context.update({ 'member': member, 'team': team, }) return render_to_response('sentry/teams/members/remove.html', context, request)
def manage_project_keys(request, organization, project): result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False and not request.user.is_superuser: return HttpResponseRedirect(reverse('sentry')) key_list = list(ProjectKey.objects.filter( project=project, ).order_by('-id')) for key in key_list: key.project = project key.can_remove = can_remove_project_key(request.user, key), key.can_edit = can_edit_project_key(request.user, key), context = csrf(request) context.update({ 'team': project.team, 'organization': organization, 'page': 'keys', 'project': project, 'key_list': key_list, 'can_add_key': can_add_project_key(request.user, project), }) return render_to_response('sentry/projects/keys.html', context, request)
def edit_project_member(request, project, member_id): try: member = project.member_set.get(pk=member_id) except ProjectMember.DoesNotExist: return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.pk])) result = plugins.first('has_perm', request.user, 'edit_project_member', member) if result is False and not request.user.has_perm('sentry.can_change_projectmember'): return HttpResponseRedirect(reverse('sentry')) form = EditProjectMemberForm(project, request.POST or None, instance=member) if form.is_valid(): member = form.save(commit=True) return HttpResponseRedirect(request.path + '?success=1') context = csrf(request) context.update({ 'member': member, 'project': project, 'form': form, 'dsn': member.get_dsn(), }) return render_to_response('sentry/projects/members/edit.html', context, request)
def post(self, request, organization, team): result = plugins.first('has_perm', request.user, 'edit_team', team) if result is False and not request.user.is_superuser: return HttpResponseRedirect(reverse('sentry')) form = self.get_form(request, team) if form.is_valid(): team = form.save() AuditLogEntry.objects.create( organization=organization, actor=request.user, ip_address=request.META['REMOTE_ADDR'], target_object=team.id, event=AuditLogEntryEvent.TEAM_EDIT, data=team.get_audit_log_data(), ) messages.add_message(request, messages.SUCCESS, _('Changes to your team were saved.')) return HttpResponseRedirect(reverse('sentry-manage-team', args=[organization.slug, team.slug])) context = { 'form': form, } return self.respond('sentry/teams/manage.html', context)
def edit_team_member(request, team, member_id): try: member = team.member_set.get(pk=member_id) except TeamMember.DoesNotExist: return HttpResponseRedirect( reverse('sentry-manage-team', args=[team.slug])) result = plugins.first('has_perm', request.user, 'edit_team_member', member) if result is False and not request.user.has_perm( 'sentry.can_change_teammember'): return HttpResponseRedirect(reverse('sentry')) form = EditTeamMemberForm(team, request.POST or None, instance=member) if form.is_valid(): member = form.save(commit=True) return HttpResponseRedirect(request.path + '?success=1') context = csrf(request) context.update({ 'member': member, 'team': team, 'form': form, }) return render_to_response('sentry/teams/members/edit.html', context, request)
def manage_project_team(request, project): result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False and not request.user.has_perm('sentry.can_change_project'): return HttpResponseRedirect(reverse('sentry')) team = project.team if not team: member_list = [] pending_member_list = [] else: member_list = [(tm, tm.user) for tm in team.member_set.select_related('user')] pending_member_list = [(pm, pm.email) for pm in team.pending_member_set.all().order_by('email')] context = csrf(request) context.update({ 'page': 'team', 'project': project, 'team': team, 'member_list': member_list, 'pending_member_list': pending_member_list, 'can_add_member': can_add_team_member(request.user, project.team), 'SECTION': 'settings', }) return render_to_response('sentry/projects/team.html', context, request)
def manage_team(request, team): result = plugins.first('has_perm', request.user, 'edit_team', team) if result is False and not request.user.has_perm('sentry.can_change_team'): return HttpResponseRedirect(reverse('sentry')) form = EditTeamForm(request.POST or None, instance=team) if form.is_valid(): team = form.save() return HttpResponseRedirect(request.path + '?success=1') member_list = [(pm, pm.user) for pm in team.member_set.select_related('user')] pending_member_list = [(pm, pm.email) for pm in team.pending_member_set.all()] project_list = list(team.project_set.all()) context = csrf(request) context.update({ 'can_add_member': can_add_team_member(request.user, team), 'can_remove_team': can_remove_team(request.user, team), 'page': 'details', 'form': form, 'team': team, 'member_list': member_list, 'pending_member_list': pending_member_list, 'project_list': project_list, }) return render_to_response('sentry/teams/manage.html', context, request)
def project_from_auth_vars(auth_vars): api_key = auth_vars.get('sentry_key') if not api_key: return None try: pk = ProjectKey.objects.get_from_cache(public_key=api_key) except ProjectKey.DoesNotExist: raise APIForbidden('Invalid api key') if pk.secret_key != auth_vars.get('sentry_secret', pk.secret_key): raise APIForbidden('Invalid api key') project = Project.objects.get_from_cache(pk=pk.project_id) if pk.user: try: team = Team.objects.get_from_cache(pk=project.team_id) except Team.DoesNotExist: raise APIUnauthorized('Member does not have access to project') try: tm = TeamMember.objects.get(team=team, user=pk.user, is_active=True) except TeamMember.DoesNotExist: raise APIUnauthorized('Member does not have access to project') if not pk.user.is_active: raise APIUnauthorized('Account is not active') result = plugins.first('has_perm', tm.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') return project
def configure_project_plugin(request, project, slug): try: plugin = plugins.get(slug) except KeyError: return HttpResponseRedirect(reverse("sentry-manage-project", args=[project.slug])) if not plugin.is_enabled(project): return HttpResponseRedirect(reverse("sentry-manage-project", args=[project.slug])) result = plugins.first("has_perm", request.user, "configure_project_plugin", project, plugin) if result is False and not request.user.is_superuser: return HttpResponseRedirect(reverse("sentry")) form = plugin.project_conf_form if form is None: return HttpResponseRedirect(reverse("sentry-manage-project", args=[project.slug])) action, view = plugin_config(plugin, project, request) if action == "redirect": return HttpResponseRedirect(request.path + "?success=1") context = csrf(request) context.update({"page": "plugin", "title": plugin.get_title(), "view": view, "project": project, "plugin": plugin}) return render_to_response("sentry/projects/plugins/configure.html", context, request)
def manage_project_keys(request, team, project): result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False and not request.user.has_perm('sentry.can_change_project'): return HttpResponseRedirect(reverse('sentry')) key_list = list(ProjectKey.objects.filter( project=project, ).select_related('user', 'user_added').order_by('-id')) for key in key_list: key.project = project key.can_remove = can_remove_project_key(request.user, key), context = csrf(request) context.update({ 'team': team, 'page': 'keys', 'project': project, 'key_list': key_list, 'can_add_key': can_add_project_key(request.user, project), 'SECTION': 'team', 'SUBSECTION': 'projects' }) return render_to_response('sentry/projects/keys.html', context, request)
def project_from_id(request): """ Given a request returns a project instance or throws APIUnauthorized. """ if not request.user.is_active: raise APIUnauthorized('Account is not active') try: project = Project.objects.get_from_cache(pk=request.GET['project_id']) except Project.DoesNotExist: raise APIUnauthorized('Invalid project') try: team = Team.objects.get_from_cache(pk=project.team_id) except Project.DoesNotExist: raise APIUnauthorized('Member does not have access to project') try: TeamMember.objects.get( user=request.user, team=team, is_active=True, ) except TeamMember.DoesNotExist: raise APIUnauthorized('Member does not have access to project') result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') return project
def manage_project(request, team, project): result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False and not request.user.has_perm('sentry.can_change_project'): return HttpResponseRedirect(reverse('sentry')) team_list = Team.objects.get_for_user(project.owner or request.user, MEMBER_OWNER) form = EditProjectForm(request, team_list, request.POST or None, instance=project, initial={ 'origins': '\n'.join(project.get_option('sentry:origins', None) or []), 'owner': project.owner, 'resolve_age': int(project.get_option('sentry:resolve_age', 0)), }) if form.is_valid(): project = form.save() project.update_option('sentry:origins', form.cleaned_data.get('origins') or []) project.update_option('sentry:resolve_age', form.cleaned_data.get('resolve_age')) messages.add_message( request, messages.SUCCESS, _('Changes to your project were saved.')) return HttpResponseRedirect(reverse('sentry-manage-project', args=[team.slug, project.slug])) context = csrf(request) context.update({ 'team': team, 'can_remove_project': can_remove_project(request.user, project), 'page': 'details', 'form': form, 'project': project, 'SECTION': 'team', 'SUBSECTION': 'projects' }) return render_to_response('sentry/projects/manage.html', context, request)
def manage_plugins(request, team, project): result = plugins.first('has_perm', request.user, 'configure_project_plugin', project) if result is False and not request.user.has_perm('sentry.can_change_project'): return HttpResponseRedirect(reverse('sentry')) if request.POST: enabled = set(request.POST.getlist('plugin')) for plugin in plugins.all(): if plugin.can_enable_for_projects(): plugin.set_option('enabled', plugin.slug in enabled, project) messages.add_message( request, messages.SUCCESS, _('Your settings were saved successfully.')) return HttpResponseRedirect(request.path) context = csrf(request) context.update({ 'team': team, 'page': 'plugins', 'project': project, 'SECTION': 'team', 'SUBSECTION': 'projects' }) return render_to_response('sentry/projects/plugins/list.html', context, request)
def manage_team(request, team): result = plugins.first("has_perm", request.user, "edit_team", team) if result is False and not request.user.has_perm("sentry.can_change_team"): return HttpResponseRedirect(reverse("sentry")) can_admin_team = request.user == team.owner or request.user.has_perm("sentry.can_add_team") if can_admin_team: form_cls = EditTeamAdminForm else: form_cls = EditTeamForm form = form_cls(request.POST or None, initial={"owner": team.owner}, instance=team) # XXX: form.is_valid() changes the foreignkey original_owner = team.owner if form.is_valid(): team = form.save() if team.owner != original_owner: # Update access for new membership if it's changed # (e.g. member used to be USER, but is now OWNER) team.member_set.filter(user=team.owner).update(type=MEMBER_OWNER) messages.add_message(request, messages.SUCCESS, _("Changes to your team were saved.")) return HttpResponseRedirect(request.path) context = csrf(request) context.update( {"can_remove_team": can_remove_team(request.user, team), "page": "details", "form": form, "team": team} ) return render_to_response("sentry/teams/manage.html", context, request)
def manage_project(request, project): result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False and not request.user.has_perm('sentry.can_change_project'): return HttpResponseRedirect(reverse('sentry')) team_list = get_team_list(request.user) form = EditProjectForm(request, team_list, request.POST or None, instance=project) if form.is_valid(): project = form.save() return HttpResponseRedirect(request.path + '?success=1') member_list = [(tm, tm.user) for tm in project.team.member_set.select_related('user')] try: key = ProjectKey.objects.get(user=request.user, project=project) except ProjectKey.DoesNotExist: key = None # superuser context = csrf(request) context.update({ 'can_remove_project': can_remove_project(request.user, project), 'page': 'details', 'key': key, 'form': form, 'project': project, 'member_list': member_list, 'TEAM_LIST': team_list.values(), }) return render_to_response('sentry/projects/manage.html', context, request)
def missing_perm(request, perm, **kwargs): """ Returns a generic response if you're missing permission to perform an action. Plugins may overwrite this with the ``missing_perm_response`` hook. """ response = plugins.first('missing_perm_response', request, perm, **kwargs) if response: if isinstance(response, HttpResponseRedirect): return response if not isinstance(response, Response): raise NotImplementedError('Use self.render() when returning responses.') return response.respond(request, { 'perm': perm, }) if perm.label: return render_to_response('sentry/generic_error.html', { 'title': _('Missing Permission'), 'message': _('You do not have the required permissions to %s.') % (perm.label,) }, request) return HttpResponseRedirect(reverse('sentry'))
def missing_perm(request, perm, **kwargs): """ Returns a generic response if you're missing permission to perform an action. Plugins may overwrite this with the ``missing_perm_response`` hook. """ response = plugins.first('missing_perm_response', request, perm, **kwargs) if response: if isinstance(response, HttpResponseRedirect): return response if not isinstance(response, Response): raise NotImplementedError( 'Use self.render() when returning responses.') return response.respond(request, { 'perm': perm, }) if perm.label: return render_to_response( 'sentry/generic_error.html', { 'title': _('Missing Permission'), 'message': _('You do not have the required permissions to %s.') % (perm.label, ) }, request) return HttpResponseRedirect(reverse('sentry'))
def missing_perm(request, perm, **kwargs): """ Returns a generic response if you're missing permission to perform an action. Plugins may overwrite this with the ``missing_perm_response`` hook. """ response = plugins.first("missing_perm_response", request, perm, **kwargs) if response: if isinstance(response, HttpResponseRedirect): return response if not isinstance(response, Response): raise NotImplementedError("Use self.render() when returning responses.") return response.respond(request, {"perm": perm}) if perm.label: return render_to_response( "sentry/generic_error.html", { "title": _("Missing Permission"), "message": _("You do not have the required permissions to %s.") % (perm.label,), }, request, ) return HttpResponseRedirect(reverse("sentry"))
def manage_project(request, project): result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False and not request.user.has_perm('sentry.can_change_project'): return HttpResponseRedirect(reverse('sentry')) form = EditProjectForm(request.POST or None, instance=project) if form.is_valid(): project = form.save() return HttpResponseRedirect(request.path + '?success=1') member_list = [(pm, pm.user) for pm in project.member_set.select_related('user')] context = csrf(request) context.update({ 'can_add_member': _can_add_project_member(request.user, project), 'can_remove_project': _can_remove_project(request.user, project), 'page': 'details', 'form': form, 'project': project, 'member_list': member_list }) return render_to_response('sentry/projects/manage.html', context, request)
def project_from_api_key_and_id(api_key, project_id): """ Given a public api key and a project id returns a project instance or throws APIUnauthorized. """ try: pk = ProjectKey.objects.get_from_cache(public_key=api_key) except ProjectKey.DoesNotExist: raise APIUnauthorized('Invalid api key') if str(pk.project_id) != str(project_id): raise APIUnauthorized() project = Project.objects.get_from_cache(pk=pk.project_id) if pk.user: team = Team.objects.get_from_cache(pk=project.team_id) try: tm = TeamMember.objects.get(team=team, user=pk.user, is_active=True) except TeamMember.DoesNotExist: raise APIUnauthorized('Member does not have access to project') if not pk.user.is_active: raise APIUnauthorized('Account is not active') tm.project = project result = plugins.first('has_perm', tm.user, 'create_event', project) if result is False: raise APIUnauthorized() return project
def manage_project_keys(request, team, project): result = plugins.first("has_perm", request.user, "edit_project", project) if result is False and not request.user.has_perm("sentry.can_change_project"): return HttpResponseRedirect(reverse("sentry")) key_list = list(ProjectKey.objects.filter(project=project).select_related("user", "user_added").order_by("-id")) for key in key_list: key.project = project key.can_remove = (can_remove_project_key(request.user, key),) context = csrf(request) context.update( { "team": team, "page": "keys", "project": project, "key_list": key_list, "can_add_key": can_add_project_key(request.user, project), "SECTION": "team", "SUBSECTION": "projects", } ) return render_to_response("sentry/projects/keys.html", context, request)
def project_from_id(request): """ Given a request returns a project instance or throws APIUnauthorized. """ if not request.user.is_active: raise APIUnauthorized('Account is not active') try: project = Project.objects.get_from_cache(pk=request.GET['project_id']) except Project.DoesNotExist: raise APIUnauthorized('Invalid project') try: team = Team.objects.get_from_cache(pk=project.team_id) except Project.DoesNotExist: raise APIUnauthorized('Member does not have access to project') try: TeamMember.objects.get( user=request.user, team=team, is_active=True, ) except TeamMember.DoesNotExist: raise APIUnauthorized('Member does not have access to project') result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIUnauthorized() return project
def remove_team_member(request, team, member_id): try: member = team.member_set.get(pk=member_id) except TeamMember.DoesNotExist: return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug])) if member.user == team.owner: return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug])) result = plugins.first('has_perm', request.user, 'remove_team_member', member) if result is False and not request.user.has_perm('sentry.can_remove_teammember'): return HttpResponseRedirect(reverse('sentry')) if request.POST: member.delete() return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug])) context = csrf(request) context.update({ 'member': member, 'team': team, }) return render_to_response('sentry/teams/members/remove.html', context, request)
def manage_project(request, project): result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False and not request.user.has_perm('sentry.can_change_project'): return HttpResponseRedirect(reverse('sentry')) # XXX: We probably shouldnt allow changing the team unless they're the project owner team_list = Team.objects.get_for_user(project.owner or request.user, MEMBER_OWNER) if request.user.has_perm('sentry.can_change_project'): form_cls = EditProjectAdminForm else: form_cls = EditProjectForm form = form_cls(request, team_list, request.POST or None, instance=project, initial={ 'origins': '\n'.join(get_option('sentry:origins', project) or []), 'owner': project.owner, }) if form.is_valid(): project = form.save() set_option('sentry:origins', form.cleaned_data.get('origins') or [], project) return HttpResponseRedirect(request.path + '?success=1') context = csrf(request) context.update({ 'can_remove_project': can_remove_project(request.user, project), 'page': 'details', 'form': form, 'project': project, 'TEAM_LIST': team_list.values(), 'SECTION': 'settings', }) return render_to_response('sentry/projects/manage.html', context, request)
def manage_project(request, project): result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False and not request.user.has_perm( 'sentry.can_change_project'): return HttpResponseRedirect(reverse('sentry')) # XXX: We probably shouldnt allow changing the team unless they're the project owner team_list = Team.objects.get_for_user(project.owner or request.user, MEMBER_OWNER) if request.user.has_perm('sentry.can_change_project'): form_cls = EditProjectAdminForm else: form_cls = EditProjectForm form = form_cls(request, team_list, request.POST or None, instance=project, initial={ 'origins': '\n'.join(get_option('sentry:origins', project) or []), 'owner': project.owner, }) if form.is_valid(): project = form.save() set_option('sentry:origins', form.cleaned_data.get('origins') or [], project) return HttpResponseRedirect(request.path + '?success=1') if not project.team: member_list = [] else: member_list = [(tm, tm.user) for tm in project.team.member_set.select_related('user') ] context = csrf(request) context.update({ 'can_remove_project': can_remove_project(request.user, project), 'page': 'details', 'form': form, 'project': project, 'member_list': member_list, 'TEAM_LIST': team_list.values(), }) return render_to_response('sentry/projects/manage.html', context, request)
def can_add_team_member(user, team): # must be an owner of the team if not team.member_set.filter(user=user, type=MEMBER_OWNER).exists(): return False result = plugins.first('has_perm', user, 'add_team_member', team) if result is False: return False return True
def can_add_project_key(user, project): # must be an owner of the team if project.team and not project.team.member_set.filter(user=user, type=MEMBER_OWNER).exists(): return False result = plugins.first('has_perm', user, 'add_project_key', project) if result is False: return False return True
def process(self, request, project, auth, data, **kwargs): event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self)) # TODO: improve this API (e.g. make RateLimit act on __ne__) rate_limit = safe_execute(app.quotas.is_rate_limited, project=project) if isinstance(rate_limit, bool): rate_limit = RateLimit(is_limited=rate_limit, retry_after=None) if rate_limit is not None and rate_limit.is_limited: raise APIRateLimited(rate_limit.retry_after) result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '') if content_encoding == 'gzip': data = decompress_gzip(data) elif content_encoding == 'deflate': data = decompress_deflate(data) elif not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e))) # mutates data manager = EventManager(data) data = manager.normalize() # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # We filter data immediately before it ever gets into the queue inst = SensitiveDataFilter() inst.apply(data) # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id) return event_id
def can_add_project_key(user, project): # must be an owner of the team if project.team and not project.team.member_set.filter( user=user, type=MEMBER_OWNER).exists(): return False result = plugins.first('has_perm', user, 'add_project_key', project) if result is False: return False return True
def can_admin_group(user, group, is_remove=False): if user.is_superuser: return True if not group.project.has_access(user, OrganizationMemberType.MEMBER): return False # The "remove_event" permission was added after "admin_event". # First check the new "remove_event" permission, then fall back # to the "admin_event" permission. if is_remove: result = plugins.first('has_perm', user, 'remove_event', group) if result is False: return False result = plugins.first('has_perm', user, 'admin_event', group) if result is False: return False return True
def get(self, request, organization, team): result = plugins.first('has_perm', request.user, 'edit_team', team) if result is False and not request.user.is_superuser: return HttpResponseRedirect(reverse('sentry')) form = self.get_form(request, team) context = { 'form': form, } return self.respond('sentry/teams/manage.html', context)
def can_edit_project_key(user, project): if user.is_superuser: return True if not is_project_admin(user, project): return False result = plugins.first('has_perm', user, 'edit_project_key', project) if result is False: return False return True
def has_permission(self, request, organization, team, project): if project is None: return False if request.user.is_superuser: return True result = plugins.first('has_perm', request.user, 'edit_project', project) if result is False: return False return True
def can_admin_group(user, group): from sentry.models import Team # We make the assumption that we have a valid membership here try: Team.objects.get_for_user(user)[group.project.team.slug] except KeyError: return False result = plugins.first('has_perm', user, 'admin_event', group) if result is False: return False return True
def reinvite_pending_team_member(request, team, member_id): try: member = team.pending_member_set.get(pk=member_id) except PendingTeamMember.DoesNotExist: return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug])) result = plugins.first('has_perm', request.user, 'add_team_member', member) if result is False and not request.user.has_perm('sentry.can_add_teammember'): return HttpResponseRedirect(reverse('sentry')) member.send_invite_email() return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug]) + '?success=1')
def can_create_organizations(user): """ Returns a boolean describing whether a user has the ability to create new organizations. """ if user.is_superuser: return True result = plugins.first('has_perm', user, 'add_organization') if result is False: return result return True
def can_create_teams(user): """ Returns a boolean describing whether a user has the ability to create new projects. """ result = plugins.first('has_perm', user, 'add_team') if result is None: result = settings.ALLOW_TEAM_CREATION if result is False: return result return True
def can_set_public_projects(user): """ Returns a boolean describing whether a user has the ability to change the ``public`` attribute of projects. """ result = plugins.first('has_perm', user, 'set_project_public') if result is None: result = settings.ALLOW_PUBLIC_PROJECTS if result is False: return result return True
def can_remove_team(user, team): if user.is_superuser: return True # must be an owner of the team if team.owner != user: return False result = plugins.first('has_perm', user, 'remove_team', team) if result is False: return False return True
def can_manage_organization_member(user, member, perm): # permissions always take precedence if user.is_superuser: return True # must be an owner of the team if not is_organization_admin(user, member.organization): return False result = plugins.first('has_perm', user, perm, member) if result is False: return False return True