def can_admin_group(user, group, is_remove=False):
from sentry.models import Team
if user.is_superuser:
return True
# We make the assumption that we have a valid membership here
try:
Team.objects.get_for_user(user)[group.project.team.slug]
except KeyError:
return False
# The "remove_event" permission was added after "admin_event".
# First check the new "remove_event" permission, then fall back
# to the "admin_event" permission.
if is_remove:
result = plugins.first('has_perm', user, 'remove_event', group)
if result is False:
return False
result = plugins.first('has_perm', user, 'admin_event', group)
if result is False:
return False
return True
def can_admin_group(user, group, is_remove=False):
from sentry.models import Team
if user.is_superuser:
return True
# We make the assumption that we have a valid membership here
try:
Team.objects.get_for_user(user)[group.project.team.slug]
except KeyError:
return False
# The "remove_event" permission was added after "admin_event".
# First check the new "remove_event" permission, then fall back
# to the "admin_event" permission.
if is_remove:
result = plugins.first('has_perm', user, 'remove_event', group)
if result is False:
return False
result = plugins.first('has_perm', user, 'admin_event', group)
if result is False:
return False
return True
def manage_project_team(request, project):
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False and not request.user.has_perm(
'sentry.can_change_project'):
return HttpResponseRedirect(reverse('sentry'))
if not project.team:
member_list = []
else:
member_list = [(tm, tm.user)
for tm in project.team.member_set.select_related('user')
]
context = csrf(request)
context.update({
'page':
'team',
'project':
project,
'team':
project.team,
'member_list':
member_list,
'can_add_member':
can_add_team_member(request.user, project.team),
})
return render_to_response('sentry/projects/team.html', context, request)
def configure_project_plugin(request, project, slug):
try:
plugin = plugins.get(slug)
except KeyError:
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.slug]))
if not plugin.is_enabled(project):
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.slug]))
result = plugins.first('has_perm', request.user, 'configure_project_plugin', project, plugin)
if result is False and not request.user.is_superuser:
return HttpResponseRedirect(reverse('sentry'))
form = plugin.project_conf_form
if form is None:
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.slug]))
action, view = plugin_config(plugin, project, request)
if action == 'redirect':
return HttpResponseRedirect(request.path + '?success=1')
context = csrf(request)
context.update({
'page': 'plugin',
'title': plugin.get_title(),
'view': view,
'project': project,
'plugin': plugin,
})
return render_to_response('sentry/projects/plugins/configure.html', context, request)
def project_from_auth_vars(auth_vars, data):
signature = auth_vars.get("sentry_signature")
timestamp = auth_vars.get("sentry_timestamp")
api_key = auth_vars.get("sentry_key")
if not signature or not timestamp:
raise APIUnauthorized()
if api_key:
try:
pm = ProjectMember.objects.get_from_cache(public_key=api_key)
except ProjectMember.DoesNotExist:
raise APIForbidden("Invalid signature")
if not pm.is_active or pm.user and not pm.user.is_active:
raise APIUnauthorized("Account is not active")
project = pm.project
secret_key = pm.secret_key
result = plugins.first("has_perm", pm.user, "create_event", pm.project)
if result is False:
raise APIUnauthorized()
else:
project = None
secret_key = settings.KEY
validate_hmac(data, signature, timestamp, secret_key)
return project
def post(self, request, organization, team):
result = plugins.first('has_perm', request.user, 'edit_team', team)
if result is False and not request.user.is_superuser:
return HttpResponseRedirect(reverse('sentry'))
form = self.get_form(request, team)
if form.is_valid():
team = form.save()
AuditLogEntry.objects.create(
organization=organization,
actor=request.user,
ip_address=request.META['REMOTE_ADDR'],
target_object=team.id,
event=AuditLogEntryEvent.TEAM_EDIT,
data=team.get_audit_log_data(),
)
messages.add_message(request, messages.SUCCESS,
_('Changes to your team were saved.'))
return HttpResponseRedirect(
reverse('sentry-manage-team',
args=[organization.slug, team.slug]))
context = {
'form': form,
}
return self.respond('sentry/teams/manage.html', context)
def can_remove_team(user, team):
if team.project_set.exists():
return False
result = plugins.first('has_perm', user, 'remove_team', team)
if result is False and not user.has_perm('sentry.can_remove_team'):
return False
return True
def project_from_api_key_and_id(api_key, project_id):
"""
Given a public api key and a project id returns
a project instance or throws APIUnauthorized.
"""
try:
pk = ProjectKey.objects.get_from_cache(public_key=api_key)
except ProjectKey.DoesNotExist:
raise APIUnauthorized("Invalid api key")
if str(pk.project_id) != str(project_id):
raise APIUnauthorized()
project = Project.objects.get_from_cache(pk=pk.project_id)
if pk.user:
team = Team.objects.get_from_cache(pk=project.team_id)
try:
tm = TeamMember.objects.get(team=team, user=pk.user, is_active=True)
except TeamMember.DoesNotExist:
raise APIUnauthorized("Member does not have access to project")
if not pk.user.is_active:
raise APIUnauthorized("Account is not active")
tm.project = project
result = plugins.first("has_perm", tm.user, "create_event", project)
if result is False:
raise APIUnauthorized()
return project
def manage_project_keys(request, organization, project):
result = plugins.first("has_perm", request.user, "edit_project", project)
if result is False and not request.user.is_superuser:
return HttpResponseRedirect(reverse("sentry"))
key_list = list(ProjectKey.objects.filter(project=project).order_by("-id"))
for key in key_list:
key.project = project
key.can_remove = (can_remove_project_key(request.user, key),)
key.can_edit = (can_edit_project_key(request.user, key),)
context = csrf(request)
context.update(
{
"team": project.team,
"organization": organization,
"page": "keys",
"project": project,
"key_list": key_list,
"can_add_key": can_add_project_key(request.user, project),
}
)
return render_to_response("sentry/projects/keys.html", context, request)
def remove_project_member(request, project, member_id):
try:
member = project.member_set.get(pk=member_id)
except ProjectMember.DoesNotExist:
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.pk]))
if member.user == project.owner:
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.pk]))
result = plugins.first('has_perm', request.user, 'remove_project_member', member)
if result is False and not request.user.has_perm('sentry.can_remove_projectmember'):
return HttpResponseRedirect(reverse('sentry'))
if request.POST:
member.delete()
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.pk]))
context = csrf(request)
context.update({
'member': member,
'project': project,
})
return render_to_response('sentry/projects/members/remove.html', context, request)
def project_from_id(request):
"""
Given a request returns a project instance or throws
APIUnauthorized.
"""
if not request.user.is_active:
raise APIUnauthorized("Account is not active")
try:
project = Project.objects.get_from_cache(pk=request.GET["project_id"])
except Project.DoesNotExist:
raise APIUnauthorized("Invalid project")
try:
team = Team.objects.get_from_cache(pk=project.team_id)
except Project.DoesNotExist:
raise APIUnauthorized("Member does not have access to project")
try:
TeamMember.objects.get(user=request.user, team=team, is_active=True)
except TeamMember.DoesNotExist:
raise APIUnauthorized("Member does not have access to project")
result = plugins.first("has_perm", request.user, "create_event", project)
if result is False:
raise APIUnauthorized()
return project
def remove_team_member(request, team, member_id):
try:
member = team.member_set.get(pk=member_id)
except TeamMember.DoesNotExist:
return HttpResponseRedirect(
reverse('sentry-manage-team', args=[team.slug]))
if member.user == team.owner:
return HttpResponseRedirect(
reverse('sentry-manage-team', args=[team.slug]))
result = plugins.first('has_perm', request.user, 'remove_team_member',
member)
if result is False and not request.user.has_perm(
'sentry.can_remove_teammember'):
return HttpResponseRedirect(reverse('sentry'))
if request.POST:
member.delete()
return HttpResponseRedirect(
reverse('sentry-manage-team', args=[team.slug]))
context = csrf(request)
context.update({
'member': member,
'team': team,
})
return render_to_response('sentry/teams/members/remove.html', context,
request)
def manage_project_keys(request, organization, project):
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False and not request.user.is_superuser:
return HttpResponseRedirect(reverse('sentry'))
key_list = list(ProjectKey.objects.filter(
project=project,
).order_by('-id'))
for key in key_list:
key.project = project
key.can_remove = can_remove_project_key(request.user, key),
key.can_edit = can_edit_project_key(request.user, key),
context = csrf(request)
context.update({
'team': project.team,
'organization': organization,
'page': 'keys',
'project': project,
'key_list': key_list,
'can_add_key': can_add_project_key(request.user, project),
})
return render_to_response('sentry/projects/keys.html', context, request)
def edit_project_member(request, project, member_id):
try:
member = project.member_set.get(pk=member_id)
except ProjectMember.DoesNotExist:
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.pk]))
result = plugins.first('has_perm', request.user, 'edit_project_member', member)
if result is False and not request.user.has_perm('sentry.can_change_projectmember'):
return HttpResponseRedirect(reverse('sentry'))
form = EditProjectMemberForm(project, request.POST or None, instance=member)
if form.is_valid():
member = form.save(commit=True)
return HttpResponseRedirect(request.path + '?success=1')
context = csrf(request)
context.update({
'member': member,
'project': project,
'form': form,
'dsn': member.get_dsn(),
})
return render_to_response('sentry/projects/members/edit.html', context, request)
def post(self, request, organization, team):
result = plugins.first('has_perm', request.user, 'edit_team', team)
if result is False and not request.user.is_superuser:
return HttpResponseRedirect(reverse('sentry'))
form = self.get_form(request, team)
if form.is_valid():
team = form.save()
AuditLogEntry.objects.create(
organization=organization,
actor=request.user,
ip_address=request.META['REMOTE_ADDR'],
target_object=team.id,
event=AuditLogEntryEvent.TEAM_EDIT,
data=team.get_audit_log_data(),
)
messages.add_message(request, messages.SUCCESS,
_('Changes to your team were saved.'))
return HttpResponseRedirect(reverse('sentry-manage-team', args=[organization.slug, team.slug]))
context = {
'form': form,
}
return self.respond('sentry/teams/manage.html', context)
def edit_team_member(request, team, member_id):
try:
member = team.member_set.get(pk=member_id)
except TeamMember.DoesNotExist:
return HttpResponseRedirect(
reverse('sentry-manage-team', args=[team.slug]))
result = plugins.first('has_perm', request.user, 'edit_team_member',
member)
if result is False and not request.user.has_perm(
'sentry.can_change_teammember'):
return HttpResponseRedirect(reverse('sentry'))
form = EditTeamMemberForm(team, request.POST or None, instance=member)
if form.is_valid():
member = form.save(commit=True)
return HttpResponseRedirect(request.path + '?success=1')
context = csrf(request)
context.update({
'member': member,
'team': team,
'form': form,
})
return render_to_response('sentry/teams/members/edit.html', context,
request)
def manage_project_team(request, project):
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False and not request.user.has_perm('sentry.can_change_project'):
return HttpResponseRedirect(reverse('sentry'))
team = project.team
if not team:
member_list = []
pending_member_list = []
else:
member_list = [(tm, tm.user) for tm in team.member_set.select_related('user')]
pending_member_list = [(pm, pm.email) for pm in team.pending_member_set.all().order_by('email')]
context = csrf(request)
context.update({
'page': 'team',
'project': project,
'team': team,
'member_list': member_list,
'pending_member_list': pending_member_list,
'can_add_member': can_add_team_member(request.user, project.team),
'SECTION': 'settings',
})
return render_to_response('sentry/projects/team.html', context, request)
def manage_team(request, team):
result = plugins.first('has_perm', request.user, 'edit_team', team)
if result is False and not request.user.has_perm('sentry.can_change_team'):
return HttpResponseRedirect(reverse('sentry'))
form = EditTeamForm(request.POST or None, instance=team)
if form.is_valid():
team = form.save()
return HttpResponseRedirect(request.path + '?success=1')
member_list = [(pm, pm.user) for pm in team.member_set.select_related('user')]
pending_member_list = [(pm, pm.email) for pm in team.pending_member_set.all()]
project_list = list(team.project_set.all())
context = csrf(request)
context.update({
'can_add_member': can_add_team_member(request.user, team),
'can_remove_team': can_remove_team(request.user, team),
'page': 'details',
'form': form,
'team': team,
'member_list': member_list,
'pending_member_list': pending_member_list,
'project_list': project_list,
})
return render_to_response('sentry/teams/manage.html', context, request)
def project_from_auth_vars(auth_vars):
api_key = auth_vars.get('sentry_key')
if not api_key:
return None
try:
pk = ProjectKey.objects.get_from_cache(public_key=api_key)
except ProjectKey.DoesNotExist:
raise APIForbidden('Invalid api key')
if pk.secret_key != auth_vars.get('sentry_secret', pk.secret_key):
raise APIForbidden('Invalid api key')
project = Project.objects.get_from_cache(pk=pk.project_id)
if pk.user:
try:
team = Team.objects.get_from_cache(pk=project.team_id)
except Team.DoesNotExist:
raise APIUnauthorized('Member does not have access to project')
try:
tm = TeamMember.objects.get(team=team, user=pk.user, is_active=True)
except TeamMember.DoesNotExist:
raise APIUnauthorized('Member does not have access to project')
if not pk.user.is_active:
raise APIUnauthorized('Account is not active')
result = plugins.first('has_perm', tm.user, 'create_event', project)
if result is False:
raise APIForbidden('Creation of this event was blocked')
return project
def configure_project_plugin(request, project, slug):
try:
plugin = plugins.get(slug)
except KeyError:
return HttpResponseRedirect(reverse("sentry-manage-project", args=[project.slug]))
if not plugin.is_enabled(project):
return HttpResponseRedirect(reverse("sentry-manage-project", args=[project.slug]))
result = plugins.first("has_perm", request.user, "configure_project_plugin", project, plugin)
if result is False and not request.user.is_superuser:
return HttpResponseRedirect(reverse("sentry"))
form = plugin.project_conf_form
if form is None:
return HttpResponseRedirect(reverse("sentry-manage-project", args=[project.slug]))
action, view = plugin_config(plugin, project, request)
if action == "redirect":
return HttpResponseRedirect(request.path + "?success=1")
context = csrf(request)
context.update({"page": "plugin", "title": plugin.get_title(), "view": view, "project": project, "plugin": plugin})
return render_to_response("sentry/projects/plugins/configure.html", context, request)
def manage_project_keys(request, team, project):
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False and not request.user.has_perm('sentry.can_change_project'):
return HttpResponseRedirect(reverse('sentry'))
key_list = list(ProjectKey.objects.filter(
project=project,
).select_related('user', 'user_added').order_by('-id'))
for key in key_list:
key.project = project
key.can_remove = can_remove_project_key(request.user, key),
context = csrf(request)
context.update({
'team': team,
'page': 'keys',
'project': project,
'key_list': key_list,
'can_add_key': can_add_project_key(request.user, project),
'SECTION': 'team',
'SUBSECTION': 'projects'
})
return render_to_response('sentry/projects/keys.html', context, request)
def project_from_id(request):
"""
Given a request returns a project instance or throws
APIUnauthorized.
"""
if not request.user.is_active:
raise APIUnauthorized('Account is not active')
try:
project = Project.objects.get_from_cache(pk=request.GET['project_id'])
except Project.DoesNotExist:
raise APIUnauthorized('Invalid project')
try:
team = Team.objects.get_from_cache(pk=project.team_id)
except Project.DoesNotExist:
raise APIUnauthorized('Member does not have access to project')
try:
TeamMember.objects.get(
user=request.user,
team=team,
is_active=True,
)
except TeamMember.DoesNotExist:
raise APIUnauthorized('Member does not have access to project')
result = plugins.first('has_perm', request.user, 'create_event', project)
if result is False:
raise APIForbidden('Creation of this event was blocked')
return project
def manage_project(request, team, project):
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False and not request.user.has_perm('sentry.can_change_project'):
return HttpResponseRedirect(reverse('sentry'))
team_list = Team.objects.get_for_user(project.owner or request.user, MEMBER_OWNER)
form = EditProjectForm(request, team_list, request.POST or None, instance=project, initial={
'origins': '\n'.join(project.get_option('sentry:origins', None) or []),
'owner': project.owner,
'resolve_age': int(project.get_option('sentry:resolve_age', 0)),
})
if form.is_valid():
project = form.save()
project.update_option('sentry:origins', form.cleaned_data.get('origins') or [])
project.update_option('sentry:resolve_age', form.cleaned_data.get('resolve_age'))
messages.add_message(
request, messages.SUCCESS,
_('Changes to your project were saved.'))
return HttpResponseRedirect(reverse('sentry-manage-project', args=[team.slug, project.slug]))
context = csrf(request)
context.update({
'team': team,
'can_remove_project': can_remove_project(request.user, project),
'page': 'details',
'form': form,
'project': project,
'SECTION': 'team',
'SUBSECTION': 'projects'
})
return render_to_response('sentry/projects/manage.html', context, request)
def manage_plugins(request, team, project):
result = plugins.first('has_perm', request.user, 'configure_project_plugin', project)
if result is False and not request.user.has_perm('sentry.can_change_project'):
return HttpResponseRedirect(reverse('sentry'))
if request.POST:
enabled = set(request.POST.getlist('plugin'))
for plugin in plugins.all():
if plugin.can_enable_for_projects():
plugin.set_option('enabled', plugin.slug in enabled, project)
messages.add_message(
request, messages.SUCCESS,
_('Your settings were saved successfully.'))
return HttpResponseRedirect(request.path)
context = csrf(request)
context.update({
'team': team,
'page': 'plugins',
'project': project,
'SECTION': 'team',
'SUBSECTION': 'projects'
})
return render_to_response('sentry/projects/plugins/list.html', context, request)
def configure_project_plugin(request, project, slug):
try:
plugin = plugins.get(slug)
except KeyError:
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.slug]))
if not plugin.is_enabled(project):
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.slug]))
result = plugins.first('has_perm', request.user, 'configure_project_plugin', project, plugin)
if result is False and not request.user.is_superuser:
return HttpResponseRedirect(reverse('sentry'))
form = plugin.project_conf_form
if form is None:
return HttpResponseRedirect(reverse('sentry-manage-project', args=[project.slug]))
action, view = plugin_config(plugin, project, request)
if action == 'redirect':
return HttpResponseRedirect(request.path + '?success=1')
context = csrf(request)
context.update({
'page': 'plugin',
'title': plugin.get_title(),
'view': view,
'project': project,
'plugin': plugin,
})
return render_to_response('sentry/projects/plugins/configure.html', context, request)
def manage_team(request, team):
result = plugins.first("has_perm", request.user, "edit_team", team)
if result is False and not request.user.has_perm("sentry.can_change_team"):
return HttpResponseRedirect(reverse("sentry"))
can_admin_team = request.user == team.owner or request.user.has_perm("sentry.can_add_team")
if can_admin_team:
form_cls = EditTeamAdminForm
else:
form_cls = EditTeamForm
form = form_cls(request.POST or None, initial={"owner": team.owner}, instance=team)
# XXX: form.is_valid() changes the foreignkey
original_owner = team.owner
if form.is_valid():
team = form.save()
if team.owner != original_owner:
# Update access for new membership if it's changed
# (e.g. member used to be USER, but is now OWNER)
team.member_set.filter(user=team.owner).update(type=MEMBER_OWNER)
messages.add_message(request, messages.SUCCESS, _("Changes to your team were saved."))
return HttpResponseRedirect(request.path)
context = csrf(request)
context.update(
{"can_remove_team": can_remove_team(request.user, team), "page": "details", "form": form, "team": team}
)
return render_to_response("sentry/teams/manage.html", context, request)
def manage_project(request, project):
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False and not request.user.has_perm('sentry.can_change_project'):
return HttpResponseRedirect(reverse('sentry'))
team_list = get_team_list(request.user)
form = EditProjectForm(request, team_list, request.POST or None, instance=project)
if form.is_valid():
project = form.save()
return HttpResponseRedirect(request.path + '?success=1')
member_list = [(tm, tm.user) for tm in project.team.member_set.select_related('user')]
try:
key = ProjectKey.objects.get(user=request.user, project=project)
except ProjectKey.DoesNotExist:
key = None # superuser
context = csrf(request)
context.update({
'can_remove_project': can_remove_project(request.user, project),
'page': 'details',
'key': key,
'form': form,
'project': project,
'member_list': member_list,
'TEAM_LIST': team_list.values(),
})
return render_to_response('sentry/projects/manage.html', context, request)
def manage_team(request, team):
result = plugins.first('has_perm', request.user, 'edit_team', team)
if result is False and not request.user.has_perm('sentry.can_change_team'):
return HttpResponseRedirect(reverse('sentry'))
form = EditTeamForm(request.POST or None, instance=team)
if form.is_valid():
team = form.save()
return HttpResponseRedirect(request.path + '?success=1')
member_list = [(pm, pm.user)
for pm in team.member_set.select_related('user')]
pending_member_list = [(pm, pm.email)
for pm in team.pending_member_set.all()]
project_list = list(team.project_set.all())
context = csrf(request)
context.update({
'can_add_member': can_add_team_member(request.user, team),
'can_remove_team': can_remove_team(request.user, team),
'page': 'details',
'form': form,
'team': team,
'member_list': member_list,
'pending_member_list': pending_member_list,
'project_list': project_list,
})
return render_to_response('sentry/teams/manage.html', context, request)
def missing_perm(request, perm, **kwargs):
"""
Returns a generic response if you're missing permission to perform an
action.
Plugins may overwrite this with the ``missing_perm_response`` hook.
"""
response = plugins.first('missing_perm_response', request, perm, **kwargs)
if response:
if isinstance(response, HttpResponseRedirect):
return response
if not isinstance(response, Response):
raise NotImplementedError('Use self.render() when returning responses.')
return response.respond(request, {
'perm': perm,
})
if perm.label:
return render_to_response('sentry/generic_error.html', {
'title': _('Missing Permission'),
'message': _('You do not have the required permissions to %s.') % (perm.label,)
}, request)
return HttpResponseRedirect(reverse('sentry'))
def missing_perm(request, perm, **kwargs):
"""
Returns a generic response if you're missing permission to perform an
action.
Plugins may overwrite this with the ``missing_perm_response`` hook.
"""
response = plugins.first('missing_perm_response', request, perm, **kwargs)
if response:
if isinstance(response, HttpResponseRedirect):
return response
if not isinstance(response, Response):
raise NotImplementedError(
'Use self.render() when returning responses.')
return response.respond(request, {
'perm': perm,
})
if perm.label:
return render_to_response(
'sentry/generic_error.html', {
'title':
_('Missing Permission'),
'message':
_('You do not have the required permissions to %s.') %
(perm.label, )
}, request)
return HttpResponseRedirect(reverse('sentry'))
def missing_perm(request, perm, **kwargs):
"""
Returns a generic response if you're missing permission to perform an
action.
Plugins may overwrite this with the ``missing_perm_response`` hook.
"""
response = plugins.first("missing_perm_response", request, perm, **kwargs)
if response:
if isinstance(response, HttpResponseRedirect):
return response
if not isinstance(response, Response):
raise NotImplementedError("Use self.render() when returning responses.")
return response.respond(request, {"perm": perm})
if perm.label:
return render_to_response(
"sentry/generic_error.html",
{
"title": _("Missing Permission"),
"message": _("You do not have the required permissions to %s.") % (perm.label,),
},
request,
)
return HttpResponseRedirect(reverse("sentry"))
def manage_project(request, project):
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False and not request.user.has_perm('sentry.can_change_project'):
return HttpResponseRedirect(reverse('sentry'))
form = EditProjectForm(request.POST or None, instance=project)
if form.is_valid():
project = form.save()
return HttpResponseRedirect(request.path + '?success=1')
member_list = [(pm, pm.user) for pm in project.member_set.select_related('user')]
context = csrf(request)
context.update({
'can_add_member': _can_add_project_member(request.user, project),
'can_remove_project': _can_remove_project(request.user, project),
'page': 'details',
'form': form,
'project': project,
'member_list': member_list
})
return render_to_response('sentry/projects/manage.html', context, request)
def project_from_api_key_and_id(api_key, project_id):
"""
Given a public api key and a project id returns
a project instance or throws APIUnauthorized.
"""
try:
pk = ProjectKey.objects.get_from_cache(public_key=api_key)
except ProjectKey.DoesNotExist:
raise APIUnauthorized('Invalid api key')
if str(pk.project_id) != str(project_id):
raise APIUnauthorized()
project = Project.objects.get_from_cache(pk=pk.project_id)
if pk.user:
team = Team.objects.get_from_cache(pk=project.team_id)
try:
tm = TeamMember.objects.get(team=team,
user=pk.user,
is_active=True)
except TeamMember.DoesNotExist:
raise APIUnauthorized('Member does not have access to project')
if not pk.user.is_active:
raise APIUnauthorized('Account is not active')
tm.project = project
result = plugins.first('has_perm', tm.user, 'create_event', project)
if result is False:
raise APIUnauthorized()
return project
def manage_project_keys(request, team, project):
result = plugins.first("has_perm", request.user, "edit_project", project)
if result is False and not request.user.has_perm("sentry.can_change_project"):
return HttpResponseRedirect(reverse("sentry"))
key_list = list(ProjectKey.objects.filter(project=project).select_related("user", "user_added").order_by("-id"))
for key in key_list:
key.project = project
key.can_remove = (can_remove_project_key(request.user, key),)
context = csrf(request)
context.update(
{
"team": team,
"page": "keys",
"project": project,
"key_list": key_list,
"can_add_key": can_add_project_key(request.user, project),
"SECTION": "team",
"SUBSECTION": "projects",
}
)
return render_to_response("sentry/projects/keys.html", context, request)
def project_from_id(request):
"""
Given a request returns a project instance or throws
APIUnauthorized.
"""
if not request.user.is_active:
raise APIUnauthorized('Account is not active')
try:
project = Project.objects.get_from_cache(pk=request.GET['project_id'])
except Project.DoesNotExist:
raise APIUnauthorized('Invalid project')
try:
team = Team.objects.get_from_cache(pk=project.team_id)
except Project.DoesNotExist:
raise APIUnauthorized('Member does not have access to project')
try:
TeamMember.objects.get(
user=request.user,
team=team,
is_active=True,
)
except TeamMember.DoesNotExist:
raise APIUnauthorized('Member does not have access to project')
result = plugins.first('has_perm', request.user, 'create_event', project)
if result is False:
raise APIUnauthorized()
return project
def remove_team_member(request, team, member_id):
try:
member = team.member_set.get(pk=member_id)
except TeamMember.DoesNotExist:
return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug]))
if member.user == team.owner:
return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug]))
result = plugins.first('has_perm', request.user, 'remove_team_member', member)
if result is False and not request.user.has_perm('sentry.can_remove_teammember'):
return HttpResponseRedirect(reverse('sentry'))
if request.POST:
member.delete()
return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug]))
context = csrf(request)
context.update({
'member': member,
'team': team,
})
return render_to_response('sentry/teams/members/remove.html', context, request)
def manage_project(request, project):
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False and not request.user.has_perm('sentry.can_change_project'):
return HttpResponseRedirect(reverse('sentry'))
# XXX: We probably shouldnt allow changing the team unless they're the project owner
team_list = Team.objects.get_for_user(project.owner or request.user, MEMBER_OWNER)
if request.user.has_perm('sentry.can_change_project'):
form_cls = EditProjectAdminForm
else:
form_cls = EditProjectForm
form = form_cls(request, team_list, request.POST or None, instance=project, initial={
'origins': '\n'.join(get_option('sentry:origins', project) or []),
'owner': project.owner,
})
if form.is_valid():
project = form.save()
set_option('sentry:origins', form.cleaned_data.get('origins') or [], project)
return HttpResponseRedirect(request.path + '?success=1')
context = csrf(request)
context.update({
'can_remove_project': can_remove_project(request.user, project),
'page': 'details',
'form': form,
'project': project,
'TEAM_LIST': team_list.values(),
'SECTION': 'settings',
})
return render_to_response('sentry/projects/manage.html', context, request)
def manage_project(request, project):
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False and not request.user.has_perm(
'sentry.can_change_project'):
return HttpResponseRedirect(reverse('sentry'))
# XXX: We probably shouldnt allow changing the team unless they're the project owner
team_list = Team.objects.get_for_user(project.owner or request.user,
MEMBER_OWNER)
if request.user.has_perm('sentry.can_change_project'):
form_cls = EditProjectAdminForm
else:
form_cls = EditProjectForm
form = form_cls(request,
team_list,
request.POST or None,
instance=project,
initial={
'origins':
'\n'.join(get_option('sentry:origins', project) or []),
'owner':
project.owner,
})
if form.is_valid():
project = form.save()
set_option('sentry:origins',
form.cleaned_data.get('origins') or [], project)
return HttpResponseRedirect(request.path + '?success=1')
if not project.team:
member_list = []
else:
member_list = [(tm, tm.user)
for tm in project.team.member_set.select_related('user')
]
context = csrf(request)
context.update({
'can_remove_project':
can_remove_project(request.user, project),
'page':
'details',
'form':
form,
'project':
project,
'member_list':
member_list,
'TEAM_LIST':
team_list.values(),
})
return render_to_response('sentry/projects/manage.html', context, request)
def can_add_team_member(user, team):
# must be an owner of the team
if not team.member_set.filter(user=user, type=MEMBER_OWNER).exists():
return False
result = plugins.first('has_perm', user, 'add_team_member', team)
if result is False:
return False
return True
def can_add_team_member(user, team):
# must be an owner of the team
if not team.member_set.filter(user=user, type=MEMBER_OWNER).exists():
return False
result = plugins.first('has_perm', user, 'add_team_member', team)
if result is False:
return False
return True
def can_add_project_key(user, project):
# must be an owner of the team
if project.team and not project.team.member_set.filter(user=user, type=MEMBER_OWNER).exists():
return False
result = plugins.first('has_perm', user, 'add_project_key', project)
if result is False:
return False
return True
def process(self, request, project, auth, data, **kwargs):
event_received.send_robust(ip=request.META['REMOTE_ADDR'],
sender=type(self))
# TODO: improve this API (e.g. make RateLimit act on __ne__)
rate_limit = safe_execute(app.quotas.is_rate_limited, project=project)
if isinstance(rate_limit, bool):
rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)
if rate_limit is not None and rate_limit.is_limited:
raise APIRateLimited(rate_limit.retry_after)
result = plugins.first('has_perm', request.user, 'create_event',
project)
if result is False:
raise APIForbidden('Creation of this event was blocked')
content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')
if content_encoding == 'gzip':
data = decompress_gzip(data)
elif content_encoding == 'deflate':
data = decompress_deflate(data)
elif not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData as e:
raise APIError(u'Invalid data: %s (%s)' %
(six.text_type(e), type(e)))
# mutates data
manager = EventManager(data)
data = manager.normalize()
# insert IP address if not available
if auth.is_public:
ensure_has_ip(data, request.META['REMOTE_ADDR'])
event_id = data['event_id']
# We filter data immediately before it ever gets into the queue
inst = SensitiveDataFilter()
inst.apply(data)
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
logger.debug('New event from project %s/%s (id=%s)', project.team.slug,
project.slug, event_id)
return event_id
def can_add_project_key(user, project):
# must be an owner of the team
if project.team and not project.team.member_set.filter(
user=user, type=MEMBER_OWNER).exists():
return False
result = plugins.first('has_perm', user, 'add_project_key', project)
if result is False:
return False
return True
def can_admin_group(user, group, is_remove=False):
if user.is_superuser:
return True
if not group.project.has_access(user, OrganizationMemberType.MEMBER):
return False
# The "remove_event" permission was added after "admin_event".
# First check the new "remove_event" permission, then fall back
# to the "admin_event" permission.
if is_remove:
result = plugins.first('has_perm', user, 'remove_event', group)
if result is False:
return False
result = plugins.first('has_perm', user, 'admin_event', group)
if result is False:
return False
return True
def can_admin_group(user, group, is_remove=False):
if user.is_superuser:
return True
if not group.project.has_access(user, OrganizationMemberType.MEMBER):
return False
# The "remove_event" permission was added after "admin_event".
# First check the new "remove_event" permission, then fall back
# to the "admin_event" permission.
if is_remove:
result = plugins.first('has_perm', user, 'remove_event', group)
if result is False:
return False
result = plugins.first('has_perm', user, 'admin_event', group)
if result is False:
return False
return True
def get(self, request, organization, team):
result = plugins.first('has_perm', request.user, 'edit_team', team)
if result is False and not request.user.is_superuser:
return HttpResponseRedirect(reverse('sentry'))
form = self.get_form(request, team)
context = {
'form': form,
}
return self.respond('sentry/teams/manage.html', context)
def can_edit_project_key(user, project):
if user.is_superuser:
return True
if not is_project_admin(user, project):
return False
result = plugins.first('has_perm', user, 'edit_project_key', project)
if result is False:
return False
return True
def has_permission(self, request, organization, team, project):
if project is None:
return False
if request.user.is_superuser:
return True
result = plugins.first('has_perm', request.user, 'edit_project', project)
if result is False:
return False
return True
def can_admin_group(user, group):
from sentry.models import Team
# We make the assumption that we have a valid membership here
try:
Team.objects.get_for_user(user)[group.project.team.slug]
except KeyError:
return False
result = plugins.first('has_perm', user, 'admin_event', group)
if result is False:
return False
return True
def reinvite_pending_team_member(request, team, member_id):
try:
member = team.pending_member_set.get(pk=member_id)
except PendingTeamMember.DoesNotExist:
return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug]))
result = plugins.first('has_perm', request.user, 'add_team_member', member)
if result is False and not request.user.has_perm('sentry.can_add_teammember'):
return HttpResponseRedirect(reverse('sentry'))
member.send_invite_email()
return HttpResponseRedirect(reverse('sentry-manage-team', args=[team.slug]) + '?success=1')
def can_create_organizations(user):
"""
Returns a boolean describing whether a user has the ability to
create new organizations.
"""
if user.is_superuser:
return True
result = plugins.first('has_perm', user, 'add_organization')
if result is False:
return result
return True
def can_create_teams(user):
"""
Returns a boolean describing whether a user has the ability to
create new projects.
"""
result = plugins.first('has_perm', user, 'add_team')
if result is None:
result = settings.ALLOW_TEAM_CREATION
if result is False:
return result
return True
def has_permission(self, request, organization, team, project):
if project is None:
return False
if request.user.is_superuser:
return True
result = plugins.first('has_perm', request.user, 'edit_project',
project)
if result is False:
return False
return True
def can_set_public_projects(user):
"""
Returns a boolean describing whether a user has the ability to
change the ``public`` attribute of projects.
"""
result = plugins.first('has_perm', user, 'set_project_public')
if result is None:
result = settings.ALLOW_PUBLIC_PROJECTS
if result is False:
return result
return True
def can_remove_team(user, team):
if user.is_superuser:
return True
# must be an owner of the team
if team.owner != user:
return False
result = plugins.first('has_perm', user, 'remove_team', team)
if result is False:
return False
return True
def can_manage_organization_member(user, member, perm):
# permissions always take precedence
if user.is_superuser:
return True
# must be an owner of the team
if not is_organization_admin(user, member.organization):
return False
result = plugins.first('has_perm', user, perm, member)
if result is False:
return False
return True
