def import_domainalias(user, row, formopts):
"""Specific code for domain aliases import"""
if not user.has_perm("admin.add_domainalias"):
raise PermDeniedException(
_("You are not allowed to import domain aliases."))
domalias = DomainAlias()
domalias.from_csv(user, row)
def delete(self, fromuser, *args, **kwargs):
"""Custom delete method
To check permissions properly, we need to make a distinction
between 2 cases:
* If the user owns a mailbox, the check is made on that object
(useful for domain admins)
* Otherwise, the check is made on the user
"""
from modoboa.lib.permissions import \
get_object_owner, grant_access_to_object, ungrant_access_to_object
if fromuser == self:
raise PermDeniedException(_("You can't delete your own account"))
if not fromuser.can_access(self):
raise PermDeniedException
owner = get_object_owner(self)
for ooentry in self.objectaccess_set.filter(is_owner=True):
if ooentry.content_object is not None:
grant_access_to_object(owner, ooentry.content_object, True)
ungrant_access_to_object(ooentry.content_object, self)
events.raiseEvent("AccountDeleted", self, fromuser, **kwargs)
ungrant_access_to_object(self)
super(User, self).delete()
def import_domain(user, row, formopts):
"""Specific code for domains import"""
if not user.has_perm("admin.add_domain"):
raise PermDeniedException(_("You are not allowed to import domains"))
core_signals.can_create_object.send(
sender="import", context=user, klass=Domain)
dom = Domain()
dom.from_csv(user, row)
def from_csv(self, user, row, crypt_password=True):
"""Create a new account from a CSV file entry.
The expected order is the following::
"account", loginname, password, first name, last name, enabled, group
Additional fields can be added using the *AccountImported* event.
:param user: a ``core.User`` instance
:param row: a list containing the expected information
:param crypt_password:
"""
from modoboa.lib.permissions import get_account_roles
if len(row) < 7:
raise BadRequest(_("Invalid line"))
desired_role = row[6].strip()
if not user.is_superuser:
allowed_roles = get_account_roles(user)
allowed_roles = [role[0] for role in allowed_roles]
if desired_role not in allowed_roles:
raise PermDeniedException(
_("You can't import an account with a role greater than "
"yours"))
self.username = row[1].strip()
try:
User.objects.get(username=self.username)
except User.DoesNotExist:
pass
else:
raise Conflict
if desired_role == "SimpleUsers":
if len(row) < 8 or not row[7].strip():
raise BadRequest(
_("The simple user '%s' must have a valid email address" %
self.username))
if self.username != row[7].strip():
raise BadRequest(
_("username and email fields must not differ for '%s'" %
self.username))
if crypt_password:
self.set_password(row[2].strip())
else:
self.password = row[2].strip()
self.first_name = row[3].strip()
self.last_name = row[4].strip()
self.is_active = (row[5].strip() in ["True", "1", "yes", "y"])
self.save()
self.set_role(desired_role)
self.post_create(user)
if len(row) < 8:
return
events.raiseEvent("AccountImported", user, self, row[7:])
def import_domainalias(user, row, formopts):
"""Specific code for domain aliases import"""
if not user.has_perm("admin.add_domainalias"):
raise PermDeniedException(
_("You are not allowed to import domain aliases."))
core_signals.can_create_object.send(sender="import",
context=user,
object_type="domain_aliases")
domalias = DomainAlias()
domalias.from_csv(user, row)
def from_csv(self, user, row, crypt_password=True):
"""Create a new account from a CSV file entry
The expected order is the following::
loginname, password, first name, last name, enabled, group, address[, domain, ...]
:param user:
:param row: a list containing the expected information
:param crypt_password:
"""
if len(row) < 6:
raise AdminError(_("Invalid line"))
role = row[6].strip()
if not user.is_superuser and not role in [
"SimpleUsers", "DomainAdmins"
]:
raise PermDeniedException(
_("You can't import an account with a role greater than yours")
)
self.username = row[1].strip()
if crypt_password:
self.set_password(row[2].strip())
else:
self.password = row[2].strip()
self.first_name = row[3].strip()
self.last_name = row[4].strip()
self.is_active = (row[5].strip() == 'True')
self.save(creator=user)
self.set_role(role)
self.email = row[7].strip()
if self.email != "":
mailbox, domname = split_mailbox(self.email)
try:
domain = Domain.objects.get(name=domname)
except Domain.DoesNotExist:
raise AdminError(
_("Account import failed (%s): domain does not exist" %
self.username))
if not user.can_access(domain):
raise PermDeniedException
mb = Mailbox(address=mailbox,
domain=domain,
user=self,
use_domain_quota=True)
mb.set_quota(override_rules=user.has_perm("admin.change_domain"))
mb.save(creator=user)
if self.group == "DomainAdmins":
for domname in row[8:]:
try:
dom = Domain.objects.get(name=domname.strip())
except Domain.DoesNotExist:
continue
dom.add_admin(self)
def save(self, commit=True):
account = super(AccountFormGeneral, self).save(commit=False)
if self.user == account and not self.cleaned_data["is_active"]:
raise PermDeniedException(_("You can't disable your own account"))
if commit:
if "password1" in self.cleaned_data \
and self.cleaned_data["password1"] != "":
account.set_password(self.cleaned_data["password1"])
account.save()
account.set_role(self.cleaned_data["role"])
return account
def deldomain(request, dom_id):
keepdir = request.POST.get("keepdir", "false") == "true"
try:
mb = Mailbox.objects.get(user__id=request.user.id)
except Mailbox.DoesNotExist:
mb = None
dom = Domain.objects.get(pk=dom_id)
if not request.user.can_access(dom):
raise PermDeniedException
if mb and mb.domain == dom:
raise PermDeniedException(_("You can't delete your own domain"))
dom.delete(request.user, keepdir)
msg = ungettext("Domain deleted", "Domains deleted", 1)
return render_to_json_response(msg)
def get_account_credentials(request, accountid):
"""View to download a document."""
account = User.objects.get(pk=accountid)
if not request.user.can_access(account):
raise PermDeniedException()
fname = get_creds_filename(account)
if not os.path.exists(fname):
raise ModoboaException(_("No document available for this user"))
content = decrypt_file(fname)
if param_tools.get_global_parameter("delete_first_dl"):
os.remove(fname)
resp = HttpResponse(content)
resp["Content-Type"] = "application/pdf"
resp["Content-Length"] = len(content)
resp["Content-Disposition"] = build_header(os.path.basename(fname))
return resp
def parse_dest(self):
self.dests = []
rawdata = self.cleaned_data["dest"].strip()
if rawdata == "":
return
for d in rawdata.split(","):
local_part, domname = split_mailbox(d)
if not local_part or not domname or not len(domname):
raise BadRequest("Invalid mailbox syntax for %s" % d)
try:
Domain.objects.get(name=domname)
except Domain.DoesNotExist:
self.dests += [d]
else:
raise PermDeniedException(
_("You can't define a forward to a local destination. "
"Please ask your administrator to create an alias "
"instead."))
def from_csv(self, user, row, crypt_password=True):
"""Create a new account from a CSV file entry
The expected order is the following::
"account", loginname, password, first name, last name, enabled, group, address[, domain, ...]
:param user: a ``core.User`` instance
:param row: a list containing the expected information
:param crypt_password:
"""
if len(row) < 7:
raise AdminError(_("Invalid line"))
role = row[6].strip()
if not user.is_superuser and not role in [
"SimpleUsers", "DomainAdmins"
]:
raise PermDeniedException(
_("You can't import an account with a role greater than yours")
)
self.username = row[1].strip()
if role == "SimpleUsers":
if (len(row) < 8 or not row[7].strip()):
raise AdminError(
_("The simple user '%s' must have a valid email address" %
self.username))
if self.username != row[7].strip():
raise AdminError(
_("username and email fields must not differ for '%s'" %
self.username))
if crypt_password:
self.set_password(row[2].strip())
else:
self.password = row[2].strip()
self.first_name = row[3].strip()
self.last_name = row[4].strip()
self.is_active = (row[5].strip() == 'True')
self.save(creator=user)
self.set_role(role)
if len(row) < 8:
return
events.raiseEvent("AccountImported", user, self, row[7:])
def get_recipients(self):
recipients = []
rawdata = self.cleaned_data["dest"].strip()
if not rawdata:
return recipients
for rcpt in rawdata.split(","):
local_part, domname = split_mailbox(rcpt)
if not local_part or not domname:
raise BadRequest("Invalid mailbox syntax for %s" % rcpt)
try:
Domain.objects.get(name=domname)
except Domain.DoesNotExist:
recipients += [rcpt]
else:
raise PermDeniedException(
_("You can't define a forward to a local destination. "
"Please ask your administrator to create an alias "
"instead.")
)
return recipients
def wrapped_f(request, *args, **kwargs):
if hasattr(request.user, "mailbox"):
return f(request, *args, **kwargs)
raise PermDeniedException(_("A mailbox is required"))
def wrapped_f(request, *args, **kwargs):
if request.user.mailbox_set.count():
return f(request, *args, **kwargs)
raise PermDeniedException(_("A mailbox is required"))
def dispatch(self, request, *args, **kwargs):
"""Check if user has a mailbox."""
if not hasattr(request.user, "mailbox"):
raise PermDeniedException(_("A mailbox is required"))
return super(CalendarDetailView,
self).dispatch(request, *args, **kwargs)