def edit_user(request, user_id): if not is_active_superuser(request.user): return HttpResponseRedirect(reverse('sentry')) try: user = User.objects.get(pk=user_id) except User.DoesNotExist: return HttpResponseRedirect(reverse('sentry-admin-users')) form = ChangeUserForm(request.POST or None, instance=user) if form.is_valid(): user = form.save() return HttpResponseRedirect(reverse('sentry-admin-users')) project_list = Project.objects.filter( status=0, organization__member_set__user=user, ).order_by('-date_added') context = { 'form': form, 'the_user': user, 'project_list': project_list, } context.update(csrf(request)) return render_to_response('sentry/admin/users/edit.html', context, request)
def test_is_active_superuser(): request = HttpRequest() request.META['REMOTE_ADDR'] = '10.0.0.1' with override_settings(INTERNAL_IPS=()): assert is_active_superuser(request) is False request.user = User() assert is_active_superuser(request) is False request.user.is_superuser = True assert is_active_superuser(request) is True with override_settings(INTERNAL_IPS=('127.0.0.1', )): assert is_active_superuser(request) is False with override_settings(INTERNAL_IPS=('10.0.0.1', )): assert is_active_superuser(request) is True
def can(self, request): if 'prof' not in request.GET: return False if settings.DEBUG: return True if hasattr(request, 'user') and is_active_superuser(request.user): return True return False
def show_toolbar(self, request): # TODO(dcramer): support VPN via INTERNAL_IPS + ipaddr maps if not settings.SENTRY_DEBUGGER: return False if not is_active_superuser(request.user): return False if 'text/html' not in request.META.get('HTTP_ACCEPT', '*/*'): return False return True
def get_active_organization(self, request, organization_slug=None): """ Returns the currently active organization for the request or None if no organization. """ active_organization = None is_implicit = organization_slug is None if is_implicit: organization_slug = request.session.get('activeorg') if organization_slug is not None: if is_active_superuser(request.user): try: active_organization = Organization.objects.get_from_cache( slug=organization_slug, ) if active_organization.status != OrganizationStatus.VISIBLE: raise Organization.DoesNotExist except Organization.DoesNotExist: logging.info('Active organization [%s] not found', organization_slug) return None if active_organization is None: organizations = Organization.objects.get_for_user( user=request.user, ) if active_organization is None and organization_slug: try: active_organization = (o for o in organizations if o.slug == organization_slug).next() except StopIteration: logging.info('Active organization [%s] not found in scope', organization_slug) if is_implicit: del request.session['activeorg'] active_organization = None if active_organization is None: if not is_implicit: return None try: active_organization = organizations[0] except IndexError: logging.info('User is not a member of any organizations') pass if active_organization and active_organization.slug != request.session.get( 'activeorg'): request.session['activeorg'] = active_organization.slug return active_organization
def _can_access(self, request, member): # TODO(dcramer): ideally org owners/admins could perform these actions if is_active_superuser(request.user): return True if not request.user.is_authenticated(): return False if request.user.id == member.user_id: return True return False
def delete(self, request, organization, member_id): try: om = self._get_member(request, organization, member_id) except OrganizationMember.DoesNotExist: raise ResourceDoesNotExist if request.user.is_authenticated() and not is_active_superuser( request.user): try: acting_member = OrganizationMember.objects.get( organization=organization, user=request.user, ) except OrganizationMember.DoesNotExist: return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400) else: if not acting_member.can_manage_member(om): return Response({'detail': ERR_INSUFFICIENT_ROLE}, status=400) # TODO(dcramer): do we even need this check? elif not request.access.has_scope('member:delete'): return Response({'detail': ERR_INSUFFICIENT_SCOPE}, status=400) if self._is_only_owner(om): return Response({'detail': ERR_ONLY_OWNER}, status=403) audit_data = om.get_audit_log_data() with transaction.atomic(): AuthIdentity.objects.filter( user=om.user, auth_provider__organization=organization, ).delete() om.delete() self.create_audit_entry( request=request, organization=organization, target_object=om.id, target_user=om.user, event=AuditLogEntryEvent.MEMBER_REMOVE, data=audit_data, ) return Response(status=204)
def handle(self, request, organization, member_id): try: member = OrganizationMember.objects.get( Q(user__is_active=True) | Q(user__isnull=True), id=member_id, ) except OrganizationMember.DoesNotExist: return self.redirect(reverse('sentry')) if request.POST.get('op') == 'reinvite' and member.is_pending: return self.resend_invite(request, organization, member) can_admin = request.access.has_scope('member:delete') if can_admin and not is_active_superuser(request.user): acting_member = OrganizationMember.objects.get( user=request.user, organization=organization, ) can_admin = acting_member.can_manage_member(member) if member.user == request.user or not can_admin: return self.view_member(request, organization, member) form = self.get_form(request, member) if form.is_valid(): member = form.save(request.user, organization, request.META['REMOTE_ADDR']) messages.add_message(request, messages.SUCCESS, _('Your changes were saved.')) redirect = reverse('sentry-organization-member-settings', args=[organization.slug, member.id]) return self.redirect(redirect) context = { 'member': member, 'form': form, 'role_list': roles.get_all(), } return self.respond('sentry/organization-member-settings.html', context)
def create_new_user(request): if not is_active_superuser(request.user): return HttpResponseRedirect(reverse('sentry')) form = NewUserForm(request.POST or None, initial={ 'send_welcome_mail': True, 'create_project': True, }) if form.is_valid(): user = form.save(commit=False) # create a random password password = uuid.uuid4().hex user.set_password(password) user.save() if form.cleaned_data['send_welcome_mail']: context = { 'username': user.username, 'password': password, 'url': absolute_uri(reverse('sentry')), } body = render_to_string('sentry/emails/welcome_mail.txt', context, request) try: send_mail('%s Welcome to Sentry' % (settings.EMAIL_SUBJECT_PREFIX, ), body, settings.SERVER_EMAIL, [user.email], fail_silently=False) except Exception as e: logger = logging.getLogger('sentry.mail.errors') logger.exception(e) return HttpResponseRedirect(reverse('sentry-admin-users')) context = { 'form': form, } context.update(csrf(request)) return render_to_response('sentry/admin/users/new.html', context, request)
def get(self, request): """ List your Organizations ``````````````````````` Return a list of organizations available to the authenticated session. This is particularly useful for requests with an user bound context. For API key based requests this will only return the organization that belongs to the key. :qparam bool member: restrict results to organizations which you have membership :auth: required """ member_only = request.GET.get('member') in ('1', 'true') queryset = Organization.objects.filter( status=OrganizationStatus.VISIBLE, ) if request.auth: if hasattr(request.auth, 'project'): queryset = queryset.filter( id=request.auth.project.organization_id) else: queryset = queryset.filter(id=request.auth.organization.id) elif member_only or not is_active_superuser(request.user): queryset = queryset.filter( id__in=OrganizationMember.objects.filter( user=request.user, ).values('organization'), ) query = request.GET.get('query') if query: queryset = queryset.filter( Q(name__icontains=query) | Q(slug__icontains=query), ) return self.paginate( request=request, queryset=queryset, order_by='name', on_results=lambda x: serialize(x, request.user), paginator_cls=OffsetPaginator, )
def handle(self, request, organization, team): form = self.get_form(request, team) if form.is_valid(): try: team = form.save() except IntegrityError: form.errors['__all__'] = [ 'There was an error while saving your changes. Please try again.' ] if form.is_valid(): AuditLogEntry.objects.create( organization=organization, actor=request.user, ip_address=request.META['REMOTE_ADDR'], target_object=team.id, event=AuditLogEntryEvent.TEAM_EDIT, data=team.get_audit_log_data(), ) messages.add_message(request, messages.SUCCESS, _('Changes to your team were saved.')) return HttpResponseRedirect( reverse('sentry-manage-team', args=[organization.slug, team.slug])) if is_active_superuser(request.user): can_remove_team = True else: can_remove_team = request.access.has_team_scope( team, 'team:delete') context = { 'form': form, 'can_remove_team': can_remove_team, } return self.respond('sentry/teams/manage.html', context)
def get_attrs(self, item_list, user): if is_active_superuser(user) or settings.SENTRY_PUBLIC: inactive_memberships = frozenset( OrganizationMemberTeam.objects.filter( team__in=item_list, organizationmember__user=user, is_active=False, ).values_list('team', flat=True)) memberships = frozenset( [t.id for t in item_list if t.id not in inactive_memberships]) elif user.is_authenticated(): memberships = frozenset( OrganizationMemberTeam.objects.filter( organizationmember__user=user, team__in=item_list, is_active=True, ).values_list('team', flat=True)) else: memberships = frozenset() if user.is_authenticated(): access_requests = frozenset( OrganizationAccessRequest.objects.filter( team__in=item_list, member__user=user, ).values_list('team', flat=True)) else: access_requests = frozenset() result = {} for team in item_list: result[team] = { 'pending_request': team.id in access_requests, 'is_member': team.id in memberships, } return result
def has_permission(self, request, view): if is_active_superuser(request.user): return True return False
def has_perm(self, perm_name): warnings.warn('User.has_perm is deprecated', DeprecationWarning) from sentry.auth.utils import is_active_superuser return is_active_superuser(self)
def has_permission(self, request): return is_active_superuser(request.user)
def get(self, request, user): data = serialize(user, request.user) data['isSuperuser'] = user == request.user and is_active_superuser(user) return Response(data)
def has_module_perms(self, app_label): # the admin requires this method from sentry.auth.utils import is_active_superuser return is_active_superuser(self)
def process_request(self, request): request.is_superuser = lambda: is_active_superuser(request)