def cancel(self, request, pk=None):
"""
Cancel an account via token
"""
validator = validators.CancelAccountValidator(data=request.DATA,
many=False)
if not validator.is_valid():
raise exc.WrongArguments(
_("Invalid, are you sure the token is correct?"))
try:
max_age_cancel_account = getattr(settings,
"MAX_AGE_CANCEL_ACCOUNT", None)
user = get_user_for_token(validator.data["cancel_token"],
"cancel_account",
max_age=max_age_cancel_account)
except exc.NotAuthenticated:
raise exc.WrongArguments(
_("Invalid, are you sure the token is correct?"))
if not user.is_active:
raise exc.WrongArguments(
_("Invalid, are you sure the token is correct?"))
user.cancel()
return response.NoContent()
def remove_user_from_all_my_projects(self, request, **kwargs):
private_only = request.DATA.get('private_only', False)
user_id = request.DATA.get('user', None)
if user_id is None:
raise exc.WrongArguments(_("Invalid user id"))
user_model = apps.get_model("users", "User")
try:
user = user_model.objects.get(id=user_id)
except user_model.DoesNotExist:
return response.BadRequest(_("The user doesn't exist"))
memberships = models.Membership.objects.filter(
project__owner=request.user, user=user)
if private_only:
memberships = memberships.filter(project__is_private=True)
errors = []
for membership in memberships:
if not services.can_user_leave_project(user, membership.project):
errors.append(membership.project.name)
if len(errors) > 0:
error = _(
"This user can't be removed from the following projects, because would "
"leave them without any active admin: {}.".format(
", ".join(errors)))
return response.BadRequest(error)
memberships.delete()
return response.NoContent()
def change_email(self, request, pk=None):
"""
Verify the email change to current logged user.
"""
validator = validators.ChangeEmailValidator(data=request.DATA,
many=False)
if not validator.is_valid():
raise exc.WrongArguments(
_("Invalid, are you sure the token is correct and you "
"didn't use it before?"))
try:
user = models.User.objects.get(
email_token=validator.data["email_token"])
except models.User.DoesNotExist:
raise exc.WrongArguments(
_("Invalid, are you sure the token is correct and you "
"didn't use it before?"))
self.check_permissions(request, "change_email", user)
old_email = user.email
new_email = user.new_email
user.email = new_email
user.new_email = None
user.email_token = None
user.save(update_fields=["email", "new_email", "email_token"])
user_change_email_signal.send(sender=user.__class__,
user=user,
old_email=old_email,
new_email=new_email)
return response.NoContent()
def change_password(self, request, pk=None):
"""
Change password to current logged user.
"""
self.check_permissions(request, "change_password", None)
current_password = request.DATA.get("current_password")
password = request.DATA.get("password")
# NOTE: GitHub users have no password yet (request.user.passwor == '') so
# current_password can be None
if not current_password and request.user.password:
raise exc.WrongArguments(_("Current password parameter needed"))
if not password:
raise exc.WrongArguments(_("New password parameter needed"))
if len(password) < 6:
raise exc.WrongArguments(
_("Invalid password length at least 6 charaters needed"))
if current_password and not request.user.check_password(
current_password):
raise exc.WrongArguments(_("Invalid current password"))
request.user.set_password(password)
request.user.save(update_fields=["password"])
return response.NoContent()
def resend_invitation(self, request, **kwargs):
invitation = self.get_object()
self.check_permissions(request, 'resend_invitation',
invitation.project)
self.pre_conditions_on_save(invitation)
services.send_invitation(invitation=invitation)
return response.NoContent()
def destroy(self, request, pk=None):
user = self.get_object()
self.check_permissions(request, "destroy", user)
stream = request.stream
request_data = stream is not None and stream.GET or None
user_cancel_account_signal.send(sender=user.__class__,
user=user,
request_data=request_data)
user.cancel()
return response.NoContent()
def create(self, request, *args, **kwargs):
projects = models.Project.objects.filter(owner=request.user,
is_private=True)
for project in projects:
services.orphan_project(project)
if settings.CELERY_ENABLED:
services.delete_projects.delay(projects)
else:
services.delete_projects(projects)
return response.NoContent()
def destroy(self, request, *args, **kwargs):
obj = self.get_object_or_none()
self.check_permissions(request, 'destroy', obj)
if obj is None:
raise Http404
self.pre_delete(obj)
self.pre_conditions_on_delete(obj)
obj.delete()
self.post_delete(obj)
return response.NoContent()
def modules(self, request, pk=None):
project = self.get_object()
self.check_permissions(request, 'modules', project)
modules_config = services.get_modules_config(project)
if request.method == "GET":
return response.Ok(modules_config.config)
else:
self.pre_conditions_on_save(project)
modules_config.config.update(request.DATA)
modules_config.save()
return response.NoContent()
def bulk_update_order(self, request, **kwargs):
if self.request.user.is_anonymous():
return response.Unauthorized()
validator = validators.UpdateProjectOrderBulkValidator(
data=request.DATA, many=True)
if not validator.is_valid():
return response.BadRequest(validator.errors)
data = validator.data
services.update_projects_order_in_bulk(data, "user_order",
request.user)
return response.NoContent(data=None)
def destroy(self, request, *args, **kwargs):
obj = self.get_object_or_none()
self.check_permissions(request, 'destroy', obj)
if obj is None:
raise Http404
self.pre_delete(obj)
self.pre_conditions_on_delete(obj)
services.orphan_project(obj)
if settings.CELERY_ENABLED:
services.delete_project.delay(obj.id)
else:
services.delete_project(obj.id)
return response.NoContent()
def bulk_update_order(self, request, **kwargs):
bulk_data = request.DATA.get(self.bulk_update_param, None)
if bulk_data is None:
raise exc.BadRequest(_("'{param}' parameter is mandatory".format(param=self.bulk_update_param)))
project_id = request.DATA.get('project', None)
if project_id is None:
raise exc.BadRequest(_("'project' parameter is mandatory"))
project = get_object_or_404(Project, id=project_id)
self.check_permissions(request, 'bulk_update_order', project)
if project.blocked_code is not None:
raise exc.Blocked(_("Blocked element"))
self.__class__.bulk_update_order_action(project, request.user, bulk_data)
return response.NoContent(data=None)
def move_issues_to_sprint(self, request, pk=None, **kwargs):
milestone = get_object_or_404(models.Milestone, pk=pk)
self.check_permissions(request, "move_related_items", milestone)
validator = IssuesUpdateMilestoneValidator(data=request.DATA)
if not validator.is_valid():
return response.BadRequest(validator.errors)
data = validator.data
project = get_object_or_404(Project, pk=data["project_id"])
milestone_result = get_object_or_404(models.Milestone,
pk=data["milestone_id"])
if data["bulk_issues"]:
self.check_permissions(request, "move_issues_to_sprint", project)
services.update_issues_milestone_in_bulk(data["bulk_issues"],
milestone_result)
services.snapshot_issues_in_bulk(data["bulk_issues"], request.user)
return response.NoContent()
def change_password_from_recovery(self, request, pk=None):
"""
Change password with token (from password recovery step).
"""
self.check_permissions(request, "change_password_from_recovery", None)
validator = validators.RecoveryValidator(data=request.DATA, many=False)
if not validator.is_valid():
raise exc.WrongArguments(_("Token is invalid"))
try:
user = models.User.objects.get(token=validator.data["token"])
except models.User.DoesNotExist:
raise exc.WrongArguments(_("Token is invalid"))
user.set_password(validator.data["password"])
user.token = None
user.save(update_fields=["password", "token"])
return response.NoContent()
def create(self, request, *args, **kwargs):
project = self._get_project(request)
if not project:
raise exc.BadRequest(_("The project doesn't exist"))
if not self._validate_signature(project, request):
raise exc.BadRequest(_("Bad signature"))
if project.blocked_code is not None:
raise exc.Blocked(_("Blocked element"))
event_name = self._get_event_name(request)
payload = self._get_payload(request)
event_hook_class = self.event_hook_classes.get(event_name, None)
if event_hook_class is not None:
event_hook = event_hook_class(project, payload)
try:
event_hook.process_event()
except ActionSyntaxException as e:
raise exc.BadRequest(e)
return response.NoContent()