def delete(self, request, *args, **kwargs):
try:
node, user = self.get_object()
if node.remove_contributor(user, None, log=False):
update_admin_log(
user_id=self.request.user.id,
object_id=node.pk,
object_repr='Contributor',
message='User {} removed from {} {}.'.format(
user.pk, node.__class__.__name__.lower(), node.pk
),
action_flag=CONTRIBUTOR_REMOVED
)
# Log invisibly on the OSF.
self.add_contributor_removed_log(node, user)
except AttributeError:
return page_not_found(
request,
AttributeError(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('guid')
)
)
)
if isinstance(node, Node):
return redirect(reverse_node(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
if (('spam_confirm' in list(request.POST.keys())
and not request.user.has_perm('osf.mark_spam'))
or ('ham_confirm' in list(request.POST.keys())
and not request.user.has_perm('osf.mark_ham'))):
raise PermissionDenied(
'You do not have permission to update a node flagged as spam.')
node_ids = [
nid for nid in list(request.POST.keys())
if nid not in ('csrfmiddlewaretoken', 'spam_confirm',
'ham_confirm')
]
for nid in node_ids:
node = Node.load(nid)
osf_admin_change_status_identifier(node)
if ('spam_confirm' in list(request.POST.keys())):
node.confirm_spam(save=True)
update_admin_log(user_id=self.request.user.id,
object_id=nid,
object_repr='Node',
message='Confirmed SPAM: {}'.format(nid),
action_flag=CONFIRM_SPAM)
elif ('ham_confirm' in list(request.POST.keys())):
node.confirm_ham(save=True)
update_admin_log(user_id=self.request.user.id,
object_id=nid,
object_repr='Node',
message='Confirmed HAM: {}'.format(nid),
action_flag=CONFIRM_HAM)
return redirect('nodes:flagged-spam')
def post(self, request, *args, **kwargs):
data = dict(request.POST)
action = data.pop('action')[0]
data.pop('csrfmiddlewaretoken', None)
request_ids = list(data.keys())
withdrawal_requests = PreprintRequest.objects.filter(
id__in=request_ids)
if action == 'reject':
for withdrawal_request in withdrawal_requests:
withdrawal_request.run_reject(self.request.user,
withdrawal_request.comment)
update_admin_log(
user_id=self.request.user.id,
object_id=withdrawal_request.id,
object_repr='PreprintRequest',
message=
f'Approved withdrawal request: {withdrawal_request.id} of preprint {withdrawal_request.target._id}',
action_flag=APPROVE_WITHDRAWAL)
if action == 'approve':
for withdrawal_request in withdrawal_requests:
withdrawal_request.run_accept(self.request.user,
withdrawal_request.comment)
update_admin_log(
user_id=self.request.user.id,
object_id=withdrawal_request.id,
object_repr='PreprintRequest',
message=
f'Rejected withdrawal request: {withdrawal_request.id} of preprint {withdrawal_request.target._id}',
action_flag=REJECT_WITHDRAWAL)
return redirect('preprints:withdrawal-requests')
def post(self, request, *args, **kwargs):
preprint = self.get_object()
if preprint.deleted:
preprint.deleted = None
# Log invisibly on the OSF.
update_admin_log(user_id=self.request.user.id,
object_id=preprint.pk,
object_repr='Preprint',
message=f'Preprint {preprint.pk} restored.',
action_flag=PREPRINT_RESTORED)
else:
preprint.deleted = timezone.now()
PreprintLog(
action=PreprintLog.DELETED,
user=None,
params={
'preprint': preprint._id,
},
should_hide=True,
).save()
# Log invisibly on the OSF.
update_admin_log(user_id=self.request.user.id,
object_id=preprint.pk,
object_repr='Preprint',
message=f'Preprint {preprint._id} removed.',
action_flag=PREPRINT_REMOVED)
preprint.save()
return redirect(self.get_success_url())
def form_valid(self, form):
item = Comment.load(self.kwargs.get('spam_id'))
confirm = int(getattr(form, 'cleaned_data', {}).get('confirm', 0))
if not item:
raise Http404(
f'Spam with id "{self.kwargs.get("spam_id")}" not found.')
if confirm == SpamStatus.SPAM:
item.confirm_spam()
update_admin_log(
user_id=self.request.user.id,
object_id=self.kwargs.get('spam_id'),
object_repr='Comment',
message=f'Confirmed SPAM: {self.kwargs.get("spam_id")}',
action_flag=CONFIRM_SPAM)
else:
item.confirm_ham()
update_admin_log(
user_id=self.request.user.id,
object_id=self.kwargs.get('spam_id'),
object_repr='Comment',
message=f'Confirmed HAM: {self.kwargs.get("spam_id")}',
action_flag=CONFIRM_HAM)
return super().form_valid(form)
def form_valid(self, form):
spam_id = self.kwargs.get('spam_id')
item = Comment.load(spam_id)
try:
if int(form.cleaned_data.get('confirm')) == SpamStatus.SPAM:
item.confirm_spam()
item.is_deleted = True
log_message = 'Confirmed SPAM: {}'.format(spam_id)
log_action = CONFIRM_SPAM
else:
item.confirm_ham()
item.is_deleted = False
log_message = 'Confirmed HAM: {}'.format(spam_id)
log_action = CONFIRM_HAM
item.save()
except AttributeError:
raise Http404('Spam with id "{}" not found.'.format(spam_id))
update_admin_log(
user_id=self.request.user.id,
object_id=spam_id,
object_repr='Comment',
message=log_message,
action_flag=log_action
)
return super(SpamDetail, self).form_valid(form)
def change_embargo_date(registration, user, end_date):
"""Update the embargo period of a registration
:param registration: Registration that is being updated
:param user: osf_admin that is updating a registration
:param end_date: Date when the registration should be made public
"""
validate_embargo_date(registration, user, end_date)
registration._initiate_embargo(user, end_date,
for_existing_registration=True,
notify_initiator_on_complete=False)
if registration.is_public:
registration.is_public = False
registration.save()
update_admin_log(
user_id=user.id,
object_id=registration.id,
object_repr='Registration',
message='User {} changed the embargo end date of {} to {}.'.format(
user.pk, registration.pk, end_date
),
action_flag=EMBARGO_UPDATED
)
def post(self, request, *args, **kwargs):
try:
data = json.loads(request.body).get('schema_data', {})
draft = DraftRegistration.load(self.kwargs.get('draft_pk'))
draft.update_metadata(data)
draft.save()
log_message = list()
for key, value in data.iteritems():
comments = data.get(key, {}).get('comments', [])
for comment in comments:
log_message.append('{}: {}'.format(key, comment['value']))
update_admin_log(
user_id=request.user.id,
object_id=draft._id,
object_repr='Draft Registration',
message='Comments: <p>{}</p>'.format('</p><p>'.join(log_message)),
action_flag=COMMENT_PREREG
)
return JsonResponse(serializers.serialize_draft_registration(draft))
except AttributeError:
raise Http404('{} with id "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('draft_pk')
))
except NodeStateError as e:
return bad_request(request, e)
def delete(self, request, *args, **kwargs):
try:
node, user = self.get_object()
if node.remove_contributor(user, None, log=False):
update_admin_log(
user_id=self.request.user.id,
object_id=node.pk,
object_repr='Contributor',
message='User {} removed from node {}.'.format(
user.pk, node.pk),
action_flag=CONTRIBUTOR_REMOVED)
# Log invisibly on the OSF.
osf_log = NodeLog(
action=NodeLog.CONTRIB_REMOVED,
user=None,
params={
'project': node.parent_id,
'node': node.pk,
'contributors': user.pk
},
date=timezone.now(),
should_hide=True,
)
osf_log.save()
except AttributeError:
return page_not_found(
request,
AttributeError('{} with id "{}" not found.'.format(
self.context_object_name.title(), kwargs.get('node_id'))))
return redirect(reverse_node(self.kwargs.get('node_id')))
def delete(self, request, *args, **kwargs):
if not request.user.has_perm('osf.mark_spam'):
raise PermissionDenied(
"You don't have permission to update this user's spam status.")
user_ids = []
for key in list(request.POST.keys()):
if key == 'spam_confirm':
action = 'SPAM'
action_flag = CONFIRM_SPAM
elif key == 'ham_confirm':
action = 'HAM'
action_flag = CONFIRM_HAM
elif key != 'csrfmiddlwaretoken':
user_ids.append(key)
for uid in user_ids:
user = OSFUser.load(uid)
if action == 'SPAM':
user.confirm_spam()
elif action == 'HAM':
user.confirm_ham(save=True)
user.save()
update_admin_log(user_id=self.request.user.id,
object_id=uid,
object_repr='User',
message=f'Confirmed {action}: {uid}',
action_flag=action_flag)
return redirect('users:flagged-spam')
def change_embargo_date(registration, user, end_date):
"""Update the embargo period of a registration
:param registration: Registration that is being updated
:param user: osf_admin that is updating a registration
:param end_date: Date when the registration should be made public
"""
validate_embargo_date(registration, user, end_date)
if registration.embargo:
registration.embargo.end_date = end_date
else:
registration._initiate_embargo(
user,
end_date,
for_existing_registration=True,
notify_initiator_on_complete=False
)
registration.is_public = False
registration.embargo.save()
registration.save()
update_admin_log(
user_id=user.id,
object_id=registration.id,
object_repr='Registration',
message='User {} changed the embargo end date of {} to {}.'.format(
user.pk, registration.pk, end_date
),
action_flag=EMBARGO_UPDATED
)
def post(self, request, *args, **kwargs):
if not request.user.has_perm('osf.change_preprintrequest'):
raise PermissionDenied(
'You do not have permission to approve or reject withdrawal requests.'
)
is_approve_action = 'approveRequest' in request.POST.keys()
request_ids = [
id_ for id_ in request.POST.keys() if id_ not in
['csrfmiddlewaretoken', 'approveRequest', 'rejectRequest']
]
for id_ in request_ids:
withdrawal_request = PreprintRequest.load(id_)
if is_approve_action:
withdrawal_request.run_accept(self.request.user,
withdrawal_request.comment)
else:
withdrawal_request.run_reject(self.request.user,
withdrawal_request.comment)
update_admin_log(
user_id=self.request.user.id,
object_id=id_,
object_repr='PreprintRequest',
message='{} withdrawal request: {} of preprint {}'.format(
'Approved' if is_approve_action else 'Rejected', id_,
withdrawal_request.target._id),
action_flag=APPROVE_WITHDRAWAL
if is_approve_action else REJECT_WITHDRAWAL)
return redirect('preprints:withdrawal-requests')
def form_valid(self, form):
email = form.cleaned_data.get('emails')
user = get_user(email)
if user is None or user._id != self.kwargs.get('guid'):
return HttpResponse(
'{} with id "{}" and email "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('guid'),
email
),
status=409
)
reset_abs_url = furl(DOMAIN)
user.verification_key_v2 = generate_verification_key(verification_type='password')
user.save()
reset_abs_url.path.add(('resetpassword/{}/{}'.format(user._id, user.verification_key_v2['token'])))
send_mail(
subject='Reset OSF Password',
message='Follow this link to reset your password: {}'.format(
reset_abs_url.url
),
from_email=OSF_SUPPORT_EMAIL,
recipient_list=[email]
)
update_admin_log(
user_id=self.request.user.id,
object_id=user.pk,
object_repr='User',
message='Emailed user {} a reset link.'.format(user.pk),
action_flag=USER_EMAILED
)
return super(ResetPasswordView, self).form_valid(form)
def post(self, request, *args, **kwargs):
try:
data = json.loads(request.body).get('schema_data', {})
draft = DraftRegistration.load(self.kwargs.get('draft_pk'))
draft.update_metadata(data)
draft.save()
log_message = list()
for key, value in data.iteritems():
comments = data.get(key, {}).get('comments', [])
for comment in comments:
log_message.append('{}: {}'.format(key, comment['value']))
update_admin_log(
user_id=request.user.id,
object_id=draft._id,
object_repr='Draft Registration',
message='Comments: <p>{}</p>'.format('</p><p>'.join(log_message)),
action_flag=COMMENT_PREREG
)
return JsonResponse(serializers.serialize_draft_registration(draft))
except AttributeError:
raise Http404('{} with id "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('draft_pk')
))
except NodeStateError as e:
return bad_request(request, e)
def delete(self, request, *args, **kwargs):
if not request.user.has_perm('osf.mark_spam'):
raise PermissionDenied(
'You do not have permission to update a preprint flagged as spam.'
)
preprint_ids = []
for key in list(request.POST.keys()):
if key == 'spam_confirm':
action = 'SPAM'
action_flag = CONFIRM_HAM
elif key == 'ham_confirm':
action = 'HAM'
action_flag = CONFIRM_SPAM
elif key != 'csrfmiddlewaretoken':
preprint_ids.append(key)
for pid in preprint_ids:
preprint = Preprint.load(pid)
osf_admin_change_status_identifier(preprint)
if action == 'SPAM':
preprint.confirm_spam(save=True)
elif action == 'HAM':
preprint.confirm_ham(save=True)
update_admin_log(user_id=self.request.user.id,
object_id=pid,
object_repr='Preprint',
message=f'Confirmed {action}: {pid}',
action_flag=action_flag)
return redirect('preprints:flagged-spam')
def delete(self, request, *args, **kwargs):
try:
node, user = self.get_object()
if node.remove_contributor(user, None, log=False):
update_admin_log(
user_id=self.request.user.id,
object_id=node.pk,
object_repr='Contributor',
message='User {} removed from {} {}.'.format(
user.pk, node.__class__.__name__.lower(), node.pk
),
action_flag=CONTRIBUTOR_REMOVED
)
# Log invisibly on the OSF.
self.add_contributor_removed_log(node, user)
except AttributeError:
return page_not_found(
request,
AttributeError(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('guid')
)
)
)
if isinstance(node, Node):
return redirect(reverse_node(self.kwargs.get('guid')))
def form_valid(self, form):
email = form.cleaned_data.get('emails')
user = get_user(email)
if user is None or user._id != self.kwargs.get('guid'):
return HttpResponse(
'{} with id "{}" and email "{}" not found.'.format(
self.context_object_name.title(), self.kwargs.get('guid'),
email),
status=409)
reset_abs_url = furl(DOMAIN)
user.verification_key_v2 = generate_verification_key(
verification_type='password')
user.save()
reset_abs_url.path.add(
('resetpassword/{}/{}'.format(user._id,
user.verification_key_v2['token'])))
send_mail(subject='Reset OSF Password',
message='Follow this link to reset your password: {}'.format(
reset_abs_url.url),
from_email=OSF_SUPPORT_EMAIL,
recipient_list=[email])
update_admin_log(user_id=self.request.user.id,
object_id=user.pk,
object_repr='User',
message='Emailed user {} a reset link.'.format(
user.pk),
action_flag=USER_EMAILED)
return super(ResetPasswordView, self).form_valid(form)
def delete(self, request, *args, **kwargs):
node = self.get_object()
update_node_share(node)
update_admin_log(user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message='Node Reindexed (SHARE): {}'.format(node._id),
action_flag=REINDEX_SHARE)
return redirect(reverse_node(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
node = self.get_object()
node.confirm_ham(save=True)
update_admin_log(user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message='Confirmed HAM: {}'.format(node._id),
action_flag=CONFIRM_HAM)
return redirect(reverse_node(self.kwargs.get('guid')))
def post(self, request, *args, **kwargs):
user = self.get_object()
search.search.update_user(user, async_update=False)
update_admin_log(user_id=self.request.user.id,
object_id=user._id,
object_repr='User',
message=f'User Reindexed (Elastic): {user._id}',
action_flag=REINDEX_ELASTIC)
return redirect(self.get_success_url())
def post(self, request, *args, **kwargs):
user = self.get_object()
user.delete_addon('twofactor')
update_admin_log(user_id=self.request.user.id,
object_id=user.pk,
object_repr='User',
message=f'Removed 2 factor auth for user {user.pk}',
action_flag=USER_2_FACTOR)
return redirect(self.get_success_url())
def delete(self, request, *args, **kwargs):
preprint = self.get_object()
preprint.confirm_ham(save=True)
osf_admin_change_status_identifier(preprint)
update_admin_log(user_id=self.request.user.id,
object_id=preprint._id,
object_repr='PreprintService',
message='Confirmed HAM: {}'.format(preprint._id),
action_flag=CONFIRM_HAM)
return redirect(reverse_preprint(self.kwargs.get('guid')))
def post(self, request, *args, **kwargs):
preprint = self.get_object()
if settings.SHARE_ENABLED:
update_share(preprint)
update_admin_log(user_id=self.request.user.id,
object_id=preprint._id,
object_repr='Preprint',
message=f'Preprint Reindexed (SHARE): {preprint._id}',
action_flag=REINDEX_SHARE)
return redirect(self.get_success_url())
def delete(self, request, *args, **kwargs):
preprint = self.get_object()
update_preprint_share(preprint)
update_admin_log(user_id=self.request.user.id,
object_id=preprint._id,
object_repr='Preprint',
message='Preprint Reindexed (SHARE): {}'.format(
preprint._id),
action_flag=REINDEX_SHARE)
return redirect(reverse_preprint(self.kwargs.get('guid')))
def post(self, request, *args, **kwargs):
node = self.get_object()
search.search.update_node(node, bulk=False, async_update=False)
update_admin_log(user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message=f'Node Reindexed (Elastic): {node._id}',
action_flag=REINDEX_ELASTIC)
return redirect(self.get_success_url())
def post(self, request, *args, **kwargs):
node = self.get_object()
node.spam_status = None
node.save()
update_admin_log(user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message=f'Confirmed Unflagged: {node._id}',
action_flag=UNFLAG_SPAM)
return redirect(self.get_success_url())
def delete(self, request, *args, **kwargs):
node = self.get_object()
osf_admin_change_status_identifier(node, 'unavailable | spam')
node.confirm_spam(save=True)
update_admin_log(user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message='Confirmed SPAM: {}'.format(node._id),
action_flag=CONFIRM_SPAM)
return redirect(reverse_node(self.kwargs.get('guid')))
def post(self, request, *args, **kwargs):
preprint = self.get_object()
search.search.update_preprint(preprint, bulk=False, async_update=False)
update_admin_log(
user_id=self.request.user.id,
object_id=preprint._id,
object_repr='Preprint',
message=f'Preprint Reindexed (Elastic): {preprint._id}',
action_flag=REINDEX_ELASTIC)
return redirect(self.get_success_url())
def delete(self, request, *args, **kwargs):
user = self.get_object()
search.search.update_user(user, async=False)
update_admin_log(user_id=self.request.user.id,
object_id=user._id,
object_repr='User',
message='User Reindexed (Elastic): {}'.format(
user._id),
action_flag=REINDEX_ELASTIC)
return redirect(reverse_user(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
node = self.get_object()
search.search.update_node(node, bulk=False, async_update=False)
update_admin_log(user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message='Node Reindexed (Elastic): {}'.format(
node._id),
action_flag=REINDEX_ELASTIC)
return redirect(reverse_node(self.kwargs.get('guid')))
def post(self, request, *args, **kwargs):
node = self.get_object()
if settings.SHARE_ENABLED:
update_share(node)
update_admin_log(user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message=f'Node Reindexed (SHARE): {node._id}',
action_flag=REINDEX_SHARE)
return redirect(self.get_success_url())
def post(self, request, *args, **kwargs):
withdrawal_request = self.get_object()
withdrawal_request.run_reject(self.request.user, withdrawal_request.comment)
update_admin_log(
user_id=self.request.user.id,
object_id=withdrawal_request._id,
object_repr='PreprintRequest',
message='Rejected withdrawal request: {}'.format(withdrawal_request._id),
action_flag=REJECT_WITHDRAWAL,
)
return redirect(reverse_preprint(self.kwargs.get('guid')))
def post(self, request, *args, **kwargs):
user = self.get_object()
user.confirm_spam(save=True)
update_admin_log(
user_id=request.user.id,
object_id=user._id,
object_repr='User',
message=
f'Confirmed SPAM: {user._id} when user {user._id} marked as spam',
action_flag=CONFIRM_SPAM)
return redirect(self.get_success_url())
def delete(self, request, *args, **kwargs):
node = self.get_object()
search.search.update_node(node, bulk=False, async=False)
update_admin_log(
user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message='Node Reindexed (Elastic): {}'.format(node._id),
action_flag=REINDEX_ELASTIC
)
return redirect(reverse_node(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
node = self.get_object()
update_node_share(node)
update_admin_log(
user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message='Node Reindexed (SHARE): {}'.format(node._id),
action_flag=REINDEX_SHARE
)
return redirect(reverse_node(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
node = self.get_object()
node.confirm_ham(save=True)
osf_admin_change_status_identifier(node)
update_admin_log(user_id=self.request.user.id,
object_id=node._id,
object_repr=self.object_type,
message='Confirmed HAM: {}'.format(node._id),
action_flag=CONFIRM_HAM)
if isinstance(node, Node):
return redirect(reverse_node(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
user = self.get_object()
search.search.update_user(user, async_update=False)
update_admin_log(
user_id=self.request.user.id,
object_id=user._id,
object_repr='User',
message='User Reindexed (Elastic): {}'.format(user._id),
action_flag=REINDEX_ELASTIC
)
return redirect(reverse_user(self.kwargs.get('guid')))
def post(self, request, *args, **kwargs):
withdrawal_request = self.get_object()
withdrawal_request.run_reject(self.request.user, withdrawal_request.comment)
update_admin_log(
user_id=self.request.user.id,
object_id=withdrawal_request._id,
object_repr='PreprintRequest',
message='Rejected withdrawal request: {}'.format(withdrawal_request._id),
action_flag=REJECT_WITHDRAWAL,
)
return redirect(reverse_preprint(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
preprint = self.get_object()
search.search.update_preprint(preprint, bulk=False, async_update=False)
update_admin_log(
user_id=self.request.user.id,
object_id=preprint._id,
object_repr='Preprint',
message='Preprint Reindexed (Elastic): {}'.format(preprint._id),
action_flag=REINDEX_ELASTIC
)
return redirect(reverse_preprint(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
preprint = self.get_object()
update_preprint_share(preprint)
update_admin_log(
user_id=self.request.user.id,
object_id=preprint._id,
object_repr='Preprint',
message='Preprint Reindexed (SHARE): {}'.format(preprint._id),
action_flag=REINDEX_SHARE
)
return redirect(reverse_preprint(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
node = self.get_object()
node.confirm_ham(save=True)
osf_admin_change_status_identifier(node, 'public')
update_admin_log(
user_id=self.request.user.id,
object_id=node._id,
object_repr='Node',
message='Confirmed HAM: {}'.format(node._id),
action_flag=CONFIRM_HAM
)
return redirect(reverse_node(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
preprint = self.get_object()
preprint.confirm_ham(save=True)
osf_admin_change_status_identifier(preprint)
update_admin_log(
user_id=self.request.user.id,
object_id=preprint._id,
object_repr='PreprintService',
message='Confirmed HAM: {}'.format(preprint._id),
action_flag=CONFIRM_HAM
)
return redirect(reverse_preprint(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
node = self.get_object()
osf_admin_change_status_identifier(node)
node.confirm_spam(save=True)
update_admin_log(
user_id=self.request.user.id,
object_id=node._id,
object_repr=self.object_type,
message='Confirmed SPAM: {}'.format(node._id),
action_flag=CONFIRM_SPAM
)
if isinstance(node, Node):
return redirect(reverse_node(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
try:
node = self.get_object()
flag = None
osf_flag = None
message = None
if node.is_deleted:
node.is_deleted = False
node.deleted_date = None
flag = NODE_RESTORED
message = 'Node {} restored.'.format(node.pk)
osf_flag = NodeLog.NODE_CREATED
elif not node.is_registration:
node.is_deleted = True
node.deleted_date = timezone.now()
flag = NODE_REMOVED
message = 'Node {} removed.'.format(node.pk)
osf_flag = NodeLog.NODE_REMOVED
node.save()
if flag is not None:
update_admin_log(
user_id=self.request.user.id,
object_id=node.pk,
object_repr='Node',
message=message,
action_flag=flag
)
if osf_flag is not None:
# Log invisibly on the OSF.
osf_log = NodeLog(
action=osf_flag,
user=None,
params={
'project': node.parent_id,
},
date=timezone.now(),
should_hide=True,
)
osf_log.save()
except AttributeError:
return page_not_found(
request,
AttributeError(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
kwargs.get('guid')
)
)
)
return redirect(reverse_node(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
try:
user = self.get_object()
if user.date_disabled is None or kwargs.get('is_spam'):
user.disable_account()
user.is_registered = False
if 'spam_flagged' in user.system_tags or 'ham_confirmed' in user.system_tags:
if 'spam_flagged' in user.system_tags:
t = Tag.all_tags.get(name='spam_flagged', system=True)
# TODO: removing system tags this way does not currently work -- https://openscience.atlassian.net/browse/OSF-7760
user.tags.remove(t)
if 'ham_confirmed' in user.system_tags:
t = Tag.all_tags.get(name='ham_confirmed', system=True)
user.tags.remove(t)
if kwargs.get('is_spam') and 'spam_confirmed' not in user.system_tags:
user.add_system_tag('spam_confirmed')
flag = USER_REMOVED
message = 'User account {} disabled'.format(user.pk)
else:
user.date_disabled = None
subscribe_on_confirm(user)
user.is_registered = True
if 'spam_flagged' in user.system_tags or 'spam_confirmed' in user.system_tags:
if 'spam_flagged' in user.system_tags:
t = Tag.all_tags.get(name='spam_flagged', system=True)
user.tags.remove(t)
if 'spam_confirmed' in user.system_tags:
t = Tag.all_tags.get(name='spam_confirmed', system=True)
user.tags.remove(t)
if 'ham_confirmed' not in user.system_tags:
user.add_system_tag('ham_confirmed')
flag = USER_RESTORED
message = 'User account {} reenabled'.format(user.pk)
user.save()
except AttributeError:
raise Http404(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('guid')
))
update_admin_log(
user_id=self.request.user.id,
object_id=user.pk,
object_repr='User',
message=message,
action_flag=flag
)
return redirect(reverse_user(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
try:
preprint = self.get_object()
flag = None
osf_flag = None
message = None
if preprint.deleted:
preprint.deleted = None
flag = PREPRINT_RESTORED
message = 'Preprint {} restored.'.format(preprint.pk)
else:
preprint.deleted = timezone.now()
flag = PREPRINT_REMOVED
message = 'Preprint {} removed.'.format(preprint.pk)
osf_flag = PreprintLog.DELETED
preprint.save()
if flag is not None:
update_admin_log(
user_id=self.request.user.id,
object_id=preprint.pk,
object_repr='Preprint',
message=message,
action_flag=flag
)
if osf_flag is not None:
# Log invisibly on the OSF.
osf_log = PreprintLog(
action=osf_flag,
user=None,
params={
'preprint': preprint._id,
},
should_hide=True,
)
osf_log.save()
except AttributeError:
return page_not_found(
request,
AttributeError(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
kwargs.get('guid')
)
)
)
return redirect(reverse_preprint(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
if not self.get('bad_drafts', None):
self.get_object()
for draft_id in self.bad_drafts:
draft = DraftRegistration.objects.get(id=draft_id)
for draft_file in draft.branched_from.files.filter(checkout__in=self.prereg_admins):
draft_file.checkout = None
draft_file.save()
update_admin_log(
user_id=self.request.user.id,
object_id=draft.branched_from._id,
object_repr='Node',
message='Cleared Prereg checkouts from {}'.format(draft.branched_from._id),
action_flag=CHECKOUT_CHECKUP
)
return redirect(reverse('pre_reg:prereg'))
def delete(self, request, *args, **kwargs):
user = self.get_object()
try:
user.delete_addon('twofactor')
except AttributeError:
raise Http404(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('guid')
))
update_admin_log(
user_id=self.request.user.id,
object_id=user.pk,
object_repr='User',
message='Removed 2 factor auth for user {}'.format(user.pk),
action_flag=USER_2_FACTOR
)
return redirect(reverse_user(self.kwargs.get('guid')))
def delete(self, request, *args, **kwargs):
if not request.user.has_perm('auth.mark_spam'):
raise PermissionDenied('You do not have permission to update a preprint flagged as spam.')
preprint_ids = [
pid for pid in request.POST.keys()
if pid != 'csrfmiddlewaretoken'
]
for pid in preprint_ids:
preprint = Preprint.load(pid)
osf_admin_change_status_identifier(preprint)
preprint.confirm_spam(save=True)
update_admin_log(
user_id=self.request.user.id,
object_id=pid,
object_repr='Preprint',
message='Confirmed SPAM: {}'.format(pid),
action_flag=CONFIRM_SPAM
)
return redirect('preprints:flagged-spam')
def delete(self, request, *args, **kwargs):
if not request.user.has_perm('auth.mark_spam'):
raise PermissionDenied('You do not have permission to update a node flagged as spam.')
node_ids = [
nid for nid in request.POST.keys()
if nid != 'csrfmiddlewaretoken'
]
for nid in node_ids:
node = Node.load(nid)
osf_admin_change_status_identifier(node, 'unavailable | spam')
node.confirm_spam(save=True)
update_admin_log(
user_id=self.request.user.id,
object_id=nid,
object_repr='Node',
message='Confirmed SPAM: {}'.format(nid),
action_flag=CONFIRM_SPAM
)
return redirect('nodes:flagged-spam')
def delete(self, request, *args, **kwargs):
if not request.user.get_perms('osf.mark_spam'):
raise PermissionDenied("You don't have permission to update this user's spam status.")
user_ids = [
uid for uid in request.POST.keys()
if uid != 'csrfmiddlewaretoken'
]
for uid in user_ids:
user = OSFUser.load(uid)
if 'spam_flagged' in user.system_tags:
user.system_tags.remove('spam_flagged')
user.add_system_tag('spam_confirmed')
user.save()
update_admin_log(
user_id=self.request.user.id,
object_id=uid,
object_repr='User',
message='Confirmed SPAM: {}'.format(uid),
action_flag=CONFIRM_SPAM
)
return redirect('users:flagged-spam')
def delete(self, request, *args, **kwargs):
try:
user = self.get_object()
if user.date_disabled is None or kwargs.get('is_spam'):
user.disable_account()
user.is_registered = False
if 'spam_flagged' in user.system_tags:
user.tags.through.objects.filter(tag__name='spam_flagged').delete()
if 'ham_confirmed' in user.system_tags:
user.tags.through.objects.filter(tag__name='ham_confirmed').delete()
if kwargs.get('is_spam') and 'spam_confirmed' not in user.system_tags:
user.add_system_tag('spam_confirmed')
flag = USER_REMOVED
message = 'User account {} disabled'.format(user.pk)
else:
user.requested_deactivation = False
user.date_disabled = None
subscribe_on_confirm(user)
user.is_registered = True
user.tags.through.objects.filter(tag__name__in=['spam_flagged', 'spam_confirmed'], tag__system=True).delete()
if 'ham_confirmed' not in user.system_tags:
user.add_system_tag('ham_confirmed')
flag = USER_RESTORED
message = 'User account {} reenabled'.format(user.pk)
user.save()
except AttributeError:
raise Http404(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('guid')
))
update_admin_log(
user_id=self.request.user.id,
object_id=user.pk,
object_repr='User',
message=message,
action_flag=flag
)
return redirect(reverse_user(self.kwargs.get('guid')))
def post(self, request, *args, **kwargs):
if not request.user.has_perm('osf.change_preprintrequest'):
raise PermissionDenied('You do not have permission to approve or reject withdrawal requests.')
is_approve_action = 'approveRequest' in request.POST.keys()
request_ids = [
id_ for id_ in request.POST.keys()
if id_ not in ['csrfmiddlewaretoken', 'approveRequest', 'rejectRequest']
]
for id_ in request_ids:
withdrawal_request = PreprintRequest.load(id_)
if is_approve_action:
withdrawal_request.run_accept(self.request.user, withdrawal_request.comment)
else:
withdrawal_request.run_reject(self.request.user, withdrawal_request.comment)
update_admin_log(
user_id=self.request.user.id,
object_id=id_,
object_repr='PreprintRequest',
message='{} withdrawal request: {} of preprint {}'.format('Approved' if is_approve_action else 'Rejected', id_, withdrawal_request.target._id),
action_flag=APPROVE_WITHDRAWAL if is_approve_action else REJECT_WITHDRAWAL
)
return redirect('preprints:withdrawal-requests')
def delete(self, request, *args, **kwargs):
try:
user = self.get_object()
except AttributeError:
raise Http404(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
self.kwargs.get('guid')
))
if user:
for node in user.contributor_to:
if node.is_spam:
node.confirm_ham(save=True)
update_admin_log(
user_id=request.user.id,
object_id=node._id,
object_repr='Node',
message='Confirmed HAM: {} when user {} marked as ham'.format(node._id, user._id),
action_flag=CONFIRM_SPAM
)
kwargs.update({'is_spam': False})
return super(HamUserRestoreView, self).delete(request, *args, **kwargs)
def delete(self, request, *args, **kwargs):
try:
node, user = self.get_object()
if node.remove_contributor(user, None, log=False):
update_admin_log(
user_id=self.request.user.id,
object_id=node.pk,
object_repr='Contributor',
message='User {} removed from node {}.'.format(
user.pk, node.pk
),
action_flag=CONTRIBUTOR_REMOVED
)
# Log invisibly on the OSF.
osf_log = NodeLog(
action=NodeLog.CONTRIB_REMOVED,
user=None,
params={
'project': node.parent_id,
'node': node.pk,
'contributors': user.pk
},
date=timezone.now(),
should_hide=True,
)
osf_log.save()
except AttributeError:
return page_not_found(
request,
AttributeError(
'{} with id "{}" not found.'.format(
self.context_object_name.title(),
kwargs.get('node_id')
)
)
)
return redirect(reverse_node(self.kwargs.get('node_id')))
def form_valid(self, form):
if 'approve_reject' in form.changed_data:
osf_user = self.request.user
try:
if form.cleaned_data.get('approve_reject') == 'approve':
flag = ACCEPT_PREREG
message = 'Approved'
self.draft.approve(osf_user)
else:
flag = REJECT_PREREG
message = 'Rejected'
self.draft.reject(osf_user)
except PermissionsError as e:
return permission_denied(self.request, e)
self.checkin_files(self.draft)
update_admin_log(self.request.user.id, self.kwargs.get('draft_pk'),
'Draft Registration', message, flag)
admin_settings = form.cleaned_data
self.draft.notes = admin_settings.get('notes', self.draft.notes)
del admin_settings['approve_reject']
del admin_settings['notes']
self.draft.flags = admin_settings
self.draft.save()
return super(DraftFormView, self).form_valid(form)
def test_add_log(self):
user = UserFactory()
update_admin_log(user.id, 'dfqc2', 'This', 'log_added')
nt.assert_equal(AdminLogEntry.objects.count(), 1)
log = AdminLogEntry.objects.latest('action_time')
nt.assert_equal(log.user_id, user.id)
