def import_domainalias(user, row, formopts): """Specific code for domain aliases import""" if not user.has_perm("admin.add_domainalias"): raise PermDeniedException( _("You are not allowed to import domain aliases.")) domalias = DomainAlias() domalias.from_csv(user, row)
def delete(self, fromuser, *args, **kwargs): """Custom delete method To check permissions properly, we need to make a distinction between 2 cases: * If the user owns a mailbox, the check is made on that object (useful for domain admins) * Otherwise, the check is made on the user """ from modoboa.lib.permissions import \ get_object_owner, grant_access_to_object, ungrant_access_to_object if fromuser == self: raise PermDeniedException(_("You can't delete your own account")) if not fromuser.can_access(self): raise PermDeniedException owner = get_object_owner(self) for ooentry in self.objectaccess_set.filter(is_owner=True): if ooentry.content_object is not None: grant_access_to_object(owner, ooentry.content_object, True) ungrant_access_to_object(ooentry.content_object, self) events.raiseEvent("AccountDeleted", self, fromuser, **kwargs) ungrant_access_to_object(self) super(User, self).delete()
def import_domain(user, row, formopts): """Specific code for domains import""" if not user.has_perm("admin.add_domain"): raise PermDeniedException(_("You are not allowed to import domains")) core_signals.can_create_object.send( sender="import", context=user, klass=Domain) dom = Domain() dom.from_csv(user, row)
def from_csv(self, user, row, crypt_password=True): """Create a new account from a CSV file entry. The expected order is the following:: "account", loginname, password, first name, last name, enabled, group Additional fields can be added using the *AccountImported* event. :param user: a ``core.User`` instance :param row: a list containing the expected information :param crypt_password: """ from modoboa.lib.permissions import get_account_roles if len(row) < 7: raise BadRequest(_("Invalid line")) desired_role = row[6].strip() if not user.is_superuser: allowed_roles = get_account_roles(user) allowed_roles = [role[0] for role in allowed_roles] if desired_role not in allowed_roles: raise PermDeniedException( _("You can't import an account with a role greater than " "yours")) self.username = row[1].strip() try: User.objects.get(username=self.username) except User.DoesNotExist: pass else: raise Conflict if desired_role == "SimpleUsers": if len(row) < 8 or not row[7].strip(): raise BadRequest( _("The simple user '%s' must have a valid email address" % self.username)) if self.username != row[7].strip(): raise BadRequest( _("username and email fields must not differ for '%s'" % self.username)) if crypt_password: self.set_password(row[2].strip()) else: self.password = row[2].strip() self.first_name = row[3].strip() self.last_name = row[4].strip() self.is_active = (row[5].strip() in ["True", "1", "yes", "y"]) self.save() self.set_role(desired_role) self.post_create(user) if len(row) < 8: return events.raiseEvent("AccountImported", user, self, row[7:])
def import_domainalias(user, row, formopts): """Specific code for domain aliases import""" if not user.has_perm("admin.add_domainalias"): raise PermDeniedException( _("You are not allowed to import domain aliases.")) core_signals.can_create_object.send(sender="import", context=user, object_type="domain_aliases") domalias = DomainAlias() domalias.from_csv(user, row)
def from_csv(self, user, row, crypt_password=True): """Create a new account from a CSV file entry The expected order is the following:: loginname, password, first name, last name, enabled, group, address[, domain, ...] :param user: :param row: a list containing the expected information :param crypt_password: """ if len(row) < 6: raise AdminError(_("Invalid line")) role = row[6].strip() if not user.is_superuser and not role in [ "SimpleUsers", "DomainAdmins" ]: raise PermDeniedException( _("You can't import an account with a role greater than yours") ) self.username = row[1].strip() if crypt_password: self.set_password(row[2].strip()) else: self.password = row[2].strip() self.first_name = row[3].strip() self.last_name = row[4].strip() self.is_active = (row[5].strip() == 'True') self.save(creator=user) self.set_role(role) self.email = row[7].strip() if self.email != "": mailbox, domname = split_mailbox(self.email) try: domain = Domain.objects.get(name=domname) except Domain.DoesNotExist: raise AdminError( _("Account import failed (%s): domain does not exist" % self.username)) if not user.can_access(domain): raise PermDeniedException mb = Mailbox(address=mailbox, domain=domain, user=self, use_domain_quota=True) mb.set_quota(override_rules=user.has_perm("admin.change_domain")) mb.save(creator=user) if self.group == "DomainAdmins": for domname in row[8:]: try: dom = Domain.objects.get(name=domname.strip()) except Domain.DoesNotExist: continue dom.add_admin(self)
def save(self, commit=True): account = super(AccountFormGeneral, self).save(commit=False) if self.user == account and not self.cleaned_data["is_active"]: raise PermDeniedException(_("You can't disable your own account")) if commit: if "password1" in self.cleaned_data \ and self.cleaned_data["password1"] != "": account.set_password(self.cleaned_data["password1"]) account.save() account.set_role(self.cleaned_data["role"]) return account
def deldomain(request, dom_id): keepdir = request.POST.get("keepdir", "false") == "true" try: mb = Mailbox.objects.get(user__id=request.user.id) except Mailbox.DoesNotExist: mb = None dom = Domain.objects.get(pk=dom_id) if not request.user.can_access(dom): raise PermDeniedException if mb and mb.domain == dom: raise PermDeniedException(_("You can't delete your own domain")) dom.delete(request.user, keepdir) msg = ungettext("Domain deleted", "Domains deleted", 1) return render_to_json_response(msg)
def get_account_credentials(request, accountid): """View to download a document.""" account = User.objects.get(pk=accountid) if not request.user.can_access(account): raise PermDeniedException() fname = get_creds_filename(account) if not os.path.exists(fname): raise ModoboaException(_("No document available for this user")) content = decrypt_file(fname) if param_tools.get_global_parameter("delete_first_dl"): os.remove(fname) resp = HttpResponse(content) resp["Content-Type"] = "application/pdf" resp["Content-Length"] = len(content) resp["Content-Disposition"] = build_header(os.path.basename(fname)) return resp
def parse_dest(self): self.dests = [] rawdata = self.cleaned_data["dest"].strip() if rawdata == "": return for d in rawdata.split(","): local_part, domname = split_mailbox(d) if not local_part or not domname or not len(domname): raise BadRequest("Invalid mailbox syntax for %s" % d) try: Domain.objects.get(name=domname) except Domain.DoesNotExist: self.dests += [d] else: raise PermDeniedException( _("You can't define a forward to a local destination. " "Please ask your administrator to create an alias " "instead."))
def from_csv(self, user, row, crypt_password=True): """Create a new account from a CSV file entry The expected order is the following:: "account", loginname, password, first name, last name, enabled, group, address[, domain, ...] :param user: a ``core.User`` instance :param row: a list containing the expected information :param crypt_password: """ if len(row) < 7: raise AdminError(_("Invalid line")) role = row[6].strip() if not user.is_superuser and not role in [ "SimpleUsers", "DomainAdmins" ]: raise PermDeniedException( _("You can't import an account with a role greater than yours") ) self.username = row[1].strip() if role == "SimpleUsers": if (len(row) < 8 or not row[7].strip()): raise AdminError( _("The simple user '%s' must have a valid email address" % self.username)) if self.username != row[7].strip(): raise AdminError( _("username and email fields must not differ for '%s'" % self.username)) if crypt_password: self.set_password(row[2].strip()) else: self.password = row[2].strip() self.first_name = row[3].strip() self.last_name = row[4].strip() self.is_active = (row[5].strip() == 'True') self.save(creator=user) self.set_role(role) if len(row) < 8: return events.raiseEvent("AccountImported", user, self, row[7:])
def get_recipients(self): recipients = [] rawdata = self.cleaned_data["dest"].strip() if not rawdata: return recipients for rcpt in rawdata.split(","): local_part, domname = split_mailbox(rcpt) if not local_part or not domname: raise BadRequest("Invalid mailbox syntax for %s" % rcpt) try: Domain.objects.get(name=domname) except Domain.DoesNotExist: recipients += [rcpt] else: raise PermDeniedException( _("You can't define a forward to a local destination. " "Please ask your administrator to create an alias " "instead.") ) return recipients
def wrapped_f(request, *args, **kwargs): if hasattr(request.user, "mailbox"): return f(request, *args, **kwargs) raise PermDeniedException(_("A mailbox is required"))
def wrapped_f(request, *args, **kwargs): if request.user.mailbox_set.count(): return f(request, *args, **kwargs) raise PermDeniedException(_("A mailbox is required"))
def dispatch(self, request, *args, **kwargs): """Check if user has a mailbox.""" if not hasattr(request.user, "mailbox"): raise PermDeniedException(_("A mailbox is required")) return super(CalendarDetailView, self).dispatch(request, *args, **kwargs)