def get_identities(self, querydict=None):
"""Return all identities owned by this user
:param querydict: a querydict object
:return: a queryset
"""
from modoboa.lib.permissions import get_content_type
from itertools import chain
if querydict:
squery = querydict.get("searchquery", None)
idtfilter = querydict.getlist("idtfilter", None)
grpfilter = querydict.getlist("grpfilter", None)
else:
squery = None
idtfilter = None
grpfilter = None
accounts = []
if not idtfilter or "account" in idtfilter:
userct = get_content_type(self)
ids = self.objectaccess_set.filter(content_type=userct) \
.values_list('object_id', flat=True)
q = Q(pk__in=ids)
if squery:
q &= Q(username__icontains=squery) | Q(email__icontains=squery)
if grpfilter and len(grpfilter):
if "SuperAdmins" in grpfilter:
q &= Q(is_superuser=True)
grpfilter.remove("SuperAdmins")
if len(grpfilter):
q |= Q(groups__name__in=grpfilter)
else:
q &= Q(groups__name__in=grpfilter)
accounts = User.objects.select_related().filter(q)
aliases = []
if not idtfilter or ("alias" in idtfilter
or "forward" in idtfilter
or "dlist" in idtfilter):
alct = get_content_type(Alias)
ids = self.objectaccess_set.filter(content_type=alct) \
.values_list('object_id', flat=True)
q = Q(pk__in=ids)
if squery:
if '@' in squery:
local_part, domname = split_mailbox(squery)
if local_part:
q &= Q(address__icontains=local_part)
if domname:
q &= Q(domain__name__icontains=domname)
else:
q &= Q(address__icontains=squery) | Q(domain__name__icontains=squery)
aliases = Alias.objects.select_related().filter(q)
if idtfilter:
aliases = [al for al in aliases if al.type in idtfilter]
return chain(accounts, aliases)
def get_identities(self, querydict=None):
"""Return all identities owned by this user
:param querydict: a querydict object
:return: a queryset
"""
from modoboa.lib.permissions import get_content_type
from itertools import chain
if querydict:
squery = querydict.get("searchquery", None)
idtfilter = querydict.getlist("idtfilter", None)
grpfilter = querydict.getlist("grpfilter", None)
else:
squery = None
idtfilter = None
grpfilter = None
accounts = []
if not idtfilter or "account" in idtfilter:
userct = get_content_type(self)
ids = self.objectaccess_set.filter(content_type=userct) \
.values_list('object_id', flat=True)
q = Q(pk__in=ids)
if squery:
q &= Q(username__icontains=squery) | Q(email__icontains=squery)
if grpfilter and len(grpfilter):
if "SuperAdmins" in grpfilter:
q &= Q(is_superuser=True)
grpfilter.remove("SuperAdmins")
if len(grpfilter):
q |= Q(groups__name__in=grpfilter)
else:
q &= Q(groups__name__in=grpfilter)
accounts = User.objects.select_related().filter(q)
aliases = []
if not idtfilter or ("alias" in idtfilter or "forward" in idtfilter
or "dlist" in idtfilter):
alct = get_content_type(Alias)
ids = self.objectaccess_set.filter(content_type=alct) \
.values_list('object_id', flat=True)
q = Q(pk__in=ids)
if squery:
if '@' in squery:
local_part, domname = split_mailbox(squery)
if local_part:
q &= Q(address__icontains=local_part)
if domname:
q &= Q(domain__name__icontains=domname)
else:
q &= Q(address__icontains=squery) | Q(
domain__name__icontains=squery)
aliases = Alias.objects.select_related().filter(q)
if idtfilter:
aliases = [al for al in aliases if al.type in idtfilter]
return chain(accounts, aliases)
def grant_access_to_all_objects(self):
"""Give access to all objects defined in the database
Must be used when an account is promoted as a super user.
"""
from modoboa.lib.permissions import grant_access_to_objects, get_content_type
grant_access_to_objects(self, User.objects.all(), get_content_type(User))
grant_access_to_objects(self, Domain.objects.all(), get_content_type(Domain))
grant_access_to_objects(self, DomainAlias.objects.all(), get_content_type(DomainAlias))
grant_access_to_objects(self, Mailbox.objects.all(), get_content_type(Mailbox))
grant_access_to_objects(self, Alias.objects.all(), get_content_type(Alias))
def grant_access_to_all_objects(self):
"""Give access to all objects defined in the database
Must be used when an account is promoted as a super user.
"""
from modoboa.lib.permissions import grant_access_to_objects, get_content_type
grant_access_to_objects(self, User.objects.all(), get_content_type(User))
grant_access_to_objects(self, Domain.objects.all(), get_content_type(Domain))
grant_access_to_objects(self, DomainAlias.objects.all(), get_content_type(DomainAlias))
grant_access_to_objects(self, Mailbox.objects.all(), get_content_type(Mailbox))
grant_access_to_objects(self, Alias.objects.all(), get_content_type(Alias))
def can_access(self, obj):
"""Check if the user can access a specific object
This function is recursive : if the given user hasn't got direct
access to this object and if he has got access other ``User``
objects, we check if one of those users owns the object.
:param obj: a admin object
:return: a boolean
"""
from modoboa.lib.permissions import get_content_type
if self.is_superuser:
return True
ct = get_content_type(obj)
try:
ooentry = self.objectaccess_set.get(content_type=ct,
object_id=obj.id)
except ObjectAccess.DoesNotExist:
pass
else:
return True
if ct.model == "user":
return False
ct = self.get_content_type()
qs = self.objectaccess_set.filter(content_type=ct)
for ooentry in qs.all():
if ooentry.content_object.is_owner(obj):
return True
return False
def get_mailboxes(self, squery=None):
"""Return the mailboxes that belong to this user
The result will contain the mailboxes defined for each domain that
user can see.
:param string squery: a search query
:return: a list of ``Mailbox`` objects
"""
from modoboa.lib.permissions import get_content_type
qf = None
if squery is not None:
if '@' in squery:
parts = squery.split('@')
addrfilter = '@'.join(parts[:-1])
domfilter = parts[-1]
qf = Q(address__contains=addrfilter) & Q(
domain__name__contains=domfilter)
else:
qf = Q(address__contains=squery) | Q(
domain__name__contains=squery)
ids = self.objectaccess_set.filter(content_type=get_content_type(Mailbox)) \
.values_list('object_id', flat=True)
if qf is not None:
qf = Q(pk__in=ids) & qf
else:
qf = Q(pk__in=ids)
return Mailbox.objects.filter(qf)
def can_access(self, obj):
"""Check if the user can access a specific object
This function is recursive : if the given user hasn't got direct
access to this object and if he has got access other ``User``
objects, we check if one of those users owns the object.
:param obj: a admin object
:return: a boolean
"""
from modoboa.lib.permissions import get_content_type
if self.is_superuser:
return True
ct = get_content_type(obj)
try:
ooentry = self.objectaccess_set.get(content_type=ct, object_id=obj.id)
except ObjectAccess.DoesNotExist:
pass
else:
return True
if ct.model == "user":
return False
ct = self.get_content_type()
qs = self.objectaccess_set.filter(content_type=ct)
for ooentry in qs.all():
if ooentry.content_object.is_owner(obj):
return True
return False
def get_mailboxes(self, squery=None):
"""Return the mailboxes that belong to this user
The result will contain the mailboxes defined for each domain that
user can see.
:param string squery: a search query
:return: a list of ``Mailbox`` objects
"""
from modoboa.lib.permissions import get_content_type
qf = None
if squery is not None:
if '@' in squery:
parts = squery.split('@')
addrfilter = '@'.join(parts[:-1])
domfilter = parts[-1]
qf = Q(address__contains=addrfilter) & Q(domain__name__contains=domfilter)
else:
qf = Q(address__contains=squery) | Q(domain__name__contains=squery)
ids = self.objectaccess_set.filter(content_type=get_content_type(Mailbox)) \
.values_list('object_id', flat=True)
if qf is not None:
qf = Q(pk__in=ids) & qf
else:
qf = Q(pk__in=ids)
return Mailbox.objects.filter(qf)
def is_owner(self, obj):
"""Tell is the user is the unique owner of this object
:param obj: an object inheriting from ``models.Model``
:return: a boolean
"""
from modoboa.lib.permissions import get_content_type
ct = get_content_type(obj)
try:
ooentry = self.objectaccess_set.get(content_type=ct, object_id=obj.id)
except ObjectAccess.DoesNotExist:
return False
return ooentry.is_owner
def is_owner(self, obj):
"""Tell is the user is the unique owner of this object
:param obj: an object inheriting from ``models.Model``
:return: a boolean
"""
from modoboa.lib.permissions import get_content_type
ct = get_content_type(obj)
try:
ooentry = self.objectaccess_set.get(content_type=ct, object_id=obj.id)
except ObjectAccess.DoesNotExist:
return False
return ooentry.is_owner
def get_aliases(self):
from modoboa.lib.permissions import get_content_type
ids = self.objectaccess_set.filter(content_type=get_content_type(Alias)) \
.values_list('object_id', flat=True)
return Alias.objects.filter(pk__in=ids)
def get_aliases(self):
from modoboa.lib.permissions import get_content_type
ids = self.objectaccess_set.filter(content_type=get_content_type(Alias)) \
.values_list('object_id', flat=True)
return Alias.objects.filter(pk__in=ids)
