def update_message_backend(
request: HttpRequest,
user_profile: UserProfile,
message_id: int = REQ(converter=to_non_negative_int, path_only=True),
stream_id: Optional[int] = REQ(converter=to_non_negative_int, default=None),
topic_name: Optional[str] = REQ_topic(),
propagate_mode: str = REQ(
default="change_one", str_validator=check_string_in(PROPAGATE_MODE_VALUES)
),
send_notification_to_old_thread: bool = REQ(default=True, json_validator=check_bool),
send_notification_to_new_thread: bool = REQ(default=True, json_validator=check_bool),
content: Optional[str] = REQ(default=None),
) -> HttpResponse:
number_changed = check_update_message(
user_profile,
message_id,
stream_id,
topic_name,
propagate_mode,
send_notification_to_old_thread,
send_notification_to_new_thread,
content,
)
# Include the number of messages changed in the logs
log_data = get_request_notes(request).log_data
assert log_data is not None
log_data["extra"] = f"[{number_changed}]"
return json_success()
def update_message_backend(
request: HttpRequest,
user_profile: UserMessage,
message_id: int = REQ(converter=to_non_negative_int, path_only=True),
stream_id: Optional[int] = REQ(converter=to_non_negative_int,
default=None),
topic_name: Optional[str] = REQ_topic(),
propagate_mode: Optional[str] = REQ(
default="change_one",
str_validator=check_string_in(PROPAGATE_MODE_VALUES)),
send_notification_to_old_thread: bool = REQ(default=True,
validator=check_bool),
send_notification_to_new_thread: bool = REQ(default=True,
validator=check_bool),
content: Optional[str] = REQ(default=None)
) -> HttpResponse:
if not user_profile.realm.allow_message_editing:
return json_error(
_("Your organization has turned off message editing"))
if propagate_mode != "change_one" and topic_name is None and stream_id is None:
return json_error(_("Invalid propagate_mode without topic edit"))
message, ignored_user_message = access_message(user_profile, message_id)
is_no_topic_msg = (message.topic_name() == "(no topic)")
# You only have permission to edit a message if:
# you change this value also change those two parameters in message_edit.js.
# 1. You sent it, OR:
# 2. This is a topic-only edit for a (no topic) message, OR:
# 3. This is a topic-only edit and you are an admin, OR:
# 4. This is a topic-only edit and your realm allows users to edit topics.
if message.sender == user_profile:
pass
elif (content is
None) and (is_no_topic_msg or user_profile.is_realm_admin
or user_profile.realm.allow_community_topic_editing):
pass
else:
raise JsonableError(
_("You don't have permission to edit this message"))
# If there is a change to the content, check that it hasn't been too long
# Allow an extra 20 seconds since we potentially allow editing 15 seconds
# past the limit, and in case there are network issues, etc. The 15 comes
# from (min_seconds_to_edit + seconds_left_buffer) in message_edit.js; if
# you change this value also change those two parameters in message_edit.js.
edit_limit_buffer = 20
if content is not None and user_profile.realm.message_content_edit_limit_seconds > 0:
deadline_seconds = user_profile.realm.message_content_edit_limit_seconds + edit_limit_buffer
if (timezone_now() - message.date_sent) > datetime.timedelta(
seconds=deadline_seconds):
raise JsonableError(
_("The time limit for editing this message has passed"))
# If there is a change to the topic, check that the user is allowed to
# edit it and that it has not been too long. If this is not the user who
# sent the message, they are not the admin, and the time limit for editing
# topics is passed, raise an error.
if content is None and message.sender != user_profile and not user_profile.is_realm_admin and \
not is_no_topic_msg:
deadline_seconds = Realm.DEFAULT_COMMUNITY_TOPIC_EDITING_LIMIT_SECONDS + edit_limit_buffer
if (timezone_now() - message.date_sent) > datetime.timedelta(
seconds=deadline_seconds):
raise JsonableError(
_("The time limit for editing this message has passed"))
if topic_name is None and content is None and stream_id is None:
return json_error(_("Nothing to change"))
if topic_name is not None:
topic_name = topic_name.strip()
if topic_name == "":
raise JsonableError(_("Topic can't be empty"))
rendered_content = None
links_for_embed: Set[str] = set()
prior_mention_user_ids: Set[int] = set()
mention_user_ids: Set[int] = set()
mention_data: Optional[bugdown.MentionData] = None
if content is not None:
content = content.strip()
if content == "":
content = "(deleted)"
content = truncate_body(content)
mention_data = bugdown.MentionData(
realm_id=user_profile.realm.id,
content=content,
)
user_info = get_user_info_for_message_updates(message.id)
prior_mention_user_ids = user_info['mention_user_ids']
# We render the message using the current user's realm; since
# the cross-realm bots never edit messages, this should be
# always correct.
# Note: If rendering fails, the called code will raise a JsonableError.
rendered_content = render_incoming_message(
message,
content,
user_info['message_user_ids'],
user_profile.realm,
mention_data=mention_data)
links_for_embed |= message.links_for_preview
mention_user_ids = message.mentions_user_ids
new_stream = None
old_stream = None
number_changed = 0
if stream_id is not None:
if not user_profile.is_realm_admin:
raise JsonableError(
_("You don't have permission to move this message"))
if content is not None:
raise JsonableError(
_("Cannot change message content while changing stream"))
old_stream = get_stream_by_id(message.recipient.type_id)
new_stream = get_stream_by_id(stream_id)
if not (old_stream.is_public() and new_stream.is_public()):
# We'll likely decide to relax this condition in the
# future; it just requires more care with details like the
# breadcrumb messages.
raise JsonableError(_("Streams must be public"))
number_changed = do_update_message(
user_profile, message, new_stream, topic_name, propagate_mode,
send_notification_to_old_thread, send_notification_to_new_thread,
content, rendered_content, prior_mention_user_ids, mention_user_ids,
mention_data)
# Include the number of messages changed in the logs
request._log_data['extra'] = f"[{number_changed}]"
if links_for_embed:
event_data = {
'message_id': message.id,
'message_content': message.content,
# The choice of `user_profile.realm_id` rather than
# `sender.realm_id` must match the decision made in the
# `render_incoming_message` call earlier in this function.
'message_realm_id': user_profile.realm_id,
'urls': links_for_embed
}
queue_json_publish('embed_links', event_data)
return json_success()
def send_message_backend(
request: HttpRequest,
user_profile: UserProfile,
message_type_name: str = REQ("type"),
req_to: Optional[str] = REQ("to", default=None),
forged_str: Optional[str] = REQ("forged",
default=None,
documentation_pending=True),
topic_name: Optional[str] = REQ_topic(),
message_content: str = REQ("content"),
widget_content: Optional[str] = REQ(default=None,
documentation_pending=True),
realm_str: Optional[str] = REQ("realm_str",
default=None,
documentation_pending=True),
local_id: Optional[str] = REQ(default=None),
queue_id: Optional[str] = REQ(default=None),
delivery_type: str = REQ("delivery_type",
default="send_now",
documentation_pending=True),
defer_until: Optional[str] = REQ("deliver_at",
default=None,
documentation_pending=True),
tz_guess: Optional[str] = REQ("tz_guess",
default=None,
documentation_pending=True),
) -> HttpResponse:
# If req_to is None, then we default to an
# empty list of recipients.
message_to: Union[Sequence[int], Sequence[str]] = []
if req_to is not None:
if message_type_name == "stream":
stream_indicator = extract_stream_indicator(req_to)
# For legacy reasons check_send_message expects
# a list of streams, instead of a single stream.
#
# Also, mypy can't detect that a single-item
# list populated from a Union[int, str] is actually
# a Union[Sequence[int], Sequence[str]].
if isinstance(stream_indicator, int):
message_to = [stream_indicator]
else:
message_to = [stream_indicator]
else:
message_to = extract_private_recipients(req_to)
# Temporary hack: We're transitioning `forged` from accepting
# `yes` to accepting `true` like all of our normal booleans.
forged = forged_str is not None and forged_str in ["yes", "true"]
client = request.client
can_forge_sender = request.user.can_forge_sender
if forged and not can_forge_sender:
return json_error(_("User not authorized for this query"))
realm = None
if realm_str and realm_str != user_profile.realm.string_id:
# The realm_str parameter does nothing, because it has to match
# the user's realm - but we keep it around for backward compatibility.
return json_error(_("User not authorized for this query"))
if client.name in [
"zephyr_mirror", "irc_mirror", "jabber_mirror", "JabberMirror"
]:
# Here's how security works for mirroring:
#
# For private messages, the message must be (1) both sent and
# received exclusively by users in your realm, and (2)
# received by the forwarding user.
#
# For stream messages, the message must be (1) being forwarded
# by an API superuser for your realm and (2) being sent to a
# mirrored stream.
#
# The most important security checks are in
# `create_mirrored_message_users` below, which checks the
# same-realm constraint.
if "sender" not in request.POST:
return json_error(_("Missing sender"))
if message_type_name != "private" and not can_forge_sender:
return json_error(_("User not authorized for this query"))
# For now, mirroring only works with recipient emails, not for
# recipient user IDs.
if not all(isinstance(to_item, str) for to_item in message_to):
return json_error(
_("Mirroring not allowed with recipient user IDs"))
# We need this manual cast so that mypy doesn't complain about
# create_mirrored_message_users not being able to accept a Sequence[int]
# type parameter.
message_to = cast(Sequence[str], message_to)
try:
mirror_sender = create_mirrored_message_users(
request, user_profile, message_to)
except InvalidMirrorInput:
return json_error(_("Invalid mirrored message"))
if client.name == "zephyr_mirror" and not user_profile.realm.is_zephyr_mirror_realm:
return json_error(
_("Zephyr mirroring is not allowed in this organization"))
sender = mirror_sender
else:
if "sender" in request.POST:
return json_error(_("Invalid mirrored message"))
sender = user_profile
if (delivery_type == "send_later"
or delivery_type == "remind") and defer_until is None:
return json_error(
_("Missing deliver_at in a request for delayed message delivery"))
if (delivery_type == "send_later"
or delivery_type == "remind") and defer_until is not None:
return handle_deferred_message(
sender,
client,
message_type_name,
message_to,
topic_name,
message_content,
delivery_type,
defer_until,
tz_guess,
forwarder_user_profile=user_profile,
realm=realm,
)
ret = check_send_message(
sender,
client,
message_type_name,
message_to,
topic_name,
message_content,
forged=forged,
forged_timestamp=request.POST.get("time"),
forwarder_user_profile=user_profile,
realm=realm,
local_id=local_id,
sender_queue_id=queue_id,
widget_content=widget_content,
)
return json_success({"id": ret})