/src/sentry/admin.py
Python | 344 lines | 287 code | 53 blank | 4 comment | 5 complexity | 504d753ba6e9c2f38dec6fde59f4c5c2 MD5 | raw file
- from __future__ import absolute_import
- from django import forms
- from django.conf import settings
- from django.conf.urls import url
- from django.contrib import admin, messages
- from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
- from django.core.exceptions import PermissionDenied
- from django.db import transaction
- from django.http import Http404, HttpResponseRedirect
- from django.utils.decorators import method_decorator
- from django.views.decorators.csrf import csrf_protect
- from django.views.decorators.debug import sensitive_post_parameters
- from django.shortcuts import get_object_or_404
- from django.template.response import TemplateResponse
- from django.utils.translation import ugettext, ugettext_lazy as _
- from pprint import saferepr
- from sentry.models import (
- ApiKey,
- AuthIdentity,
- AuthProvider,
- AuditLogEntry,
- Option,
- Organization,
- OrganizationMember,
- Project,
- Team,
- User,
- )
- from sentry.utils.html import escape
- csrf_protect_m = method_decorator(csrf_protect)
- sensitive_post_parameters_m = method_decorator(sensitive_post_parameters())
- class OptionAdmin(admin.ModelAdmin):
- list_display = ("key", "last_updated")
- fields = ("key", "value_repr", "last_updated")
- readonly_fields = ("key", "value_repr", "last_updated")
- search_fields = ("key",)
- def value_repr(self, instance):
- return u'<pre style="display:inline-block;white-space:pre-wrap;">{}</pre>'.format(
- escape(saferepr(instance.value))
- )
- value_repr.short_description = "Value"
- value_repr.allow_tags = True
- admin.site.register(Option, OptionAdmin)
- class ProjectAdmin(admin.ModelAdmin):
- list_display = ("name", "slug", "organization", "status", "date_added")
- list_filter = ("status", "public")
- search_fields = ("name", "organization__slug", "organization__name", "slug")
- raw_id_fields = ("organization",)
- readonly_fields = ("first_event", "date_added")
- admin.site.register(Project, ProjectAdmin)
- class OrganizationApiKeyInline(admin.TabularInline):
- model = ApiKey
- extra = 1
- fields = ("label", "key", "status", "allowed_origins", "date_added")
- raw_id_fields = ("organization",)
- class OrganizationProjectInline(admin.TabularInline):
- model = Project
- extra = 1
- fields = ("name", "slug", "status", "date_added")
- raw_id_fields = ("organization",)
- class OrganizationTeamInline(admin.TabularInline):
- model = Team
- extra = 1
- fields = ("name", "slug", "status", "date_added")
- raw_id_fields = ("organization",)
- class OrganizationMemberInline(admin.TabularInline):
- model = OrganizationMember
- extra = 1
- fields = ("user", "organization", "role")
- raw_id_fields = ("user", "organization")
- class OrganizationUserInline(OrganizationMemberInline):
- fk_name = "user"
- class AuthIdentityInline(admin.TabularInline):
- model = AuthIdentity
- extra = 1
- fields = ("user", "auth_provider", "ident", "data", "last_verified")
- raw_id_fields = ("user", "auth_provider")
- class OrganizationAdmin(admin.ModelAdmin):
- list_display = ("name", "slug", "status")
- list_filter = ("status",)
- search_fields = ("name", "slug")
- fields = ("name", "slug", "status")
- inlines = (
- OrganizationMemberInline,
- OrganizationTeamInline,
- OrganizationProjectInline,
- OrganizationApiKeyInline,
- )
- admin.site.register(Organization, OrganizationAdmin)
- class AuthProviderAdmin(admin.ModelAdmin):
- list_display = ("organization", "provider", "date_added")
- search_fields = ("organization__name",)
- raw_id_fields = ("organization", "default_teams")
- list_filter = ("provider",)
- admin.site.register(AuthProvider, AuthProviderAdmin)
- class AuthIdentityAdmin(admin.ModelAdmin):
- list_display = ("user", "auth_provider", "ident", "date_added", "last_verified")
- list_filter = ("auth_provider__provider",)
- search_fields = ("user__email", "user__username", "auth_provider__organization__name")
- raw_id_fields = ("user", "auth_provider")
- admin.site.register(AuthIdentity, AuthIdentityAdmin)
- class TeamAdmin(admin.ModelAdmin):
- list_display = ("name", "slug", "organization", "status", "date_added")
- list_filter = ("status",)
- search_fields = ("name", "organization__name", "slug")
- raw_id_fields = ("organization",)
- def save_model(self, request, obj, form, change):
- prev_org = obj.organization_id
- super(TeamAdmin, self).save_model(request, obj, form, change)
- if not change:
- return
- new_org = obj.organization_id
- if new_org != prev_org:
- return
- obj.transfer_to(obj.organization)
- admin.site.register(Team, TeamAdmin)
- class UserChangeForm(UserChangeForm):
- username = forms.RegexField(
- label=_("Username"),
- max_length=128,
- regex=r"^[\w.@+-]+$",
- help_text=_("Required. 128 characters or fewer. Letters, digits and " "@/./+/-/_ only."),
- error_messages={
- "invalid": _(
- "This value may contain only letters, numbers and " "@/./+/-/_ characters."
- )
- },
- )
- class UserCreationForm(UserCreationForm):
- username = forms.RegexField(
- label=_("Username"),
- max_length=128,
- regex=r"^[\w.@+-]+$",
- help_text=_("Required. 128 characters or fewer. Letters, digits and " "@/./+/-/_ only."),
- error_messages={
- "invalid": _(
- "This value may contain only letters, numbers and " "@/./+/-/_ characters."
- )
- },
- )
- class UserAdmin(admin.ModelAdmin):
- add_form_template = "admin/auth/user/add_form.html"
- change_user_password_template = None
- fieldsets = (
- (None, {"fields": ("username", "password")}),
- (_("Personal info"), {"fields": ("name", "email")}),
- (_("Permissions"), {"fields": ("is_active", "is_staff", "is_superuser")}),
- (_("Important dates"), {"fields": ("last_login", "date_joined")}),
- )
- add_fieldsets = (
- (None, {"classes": ("wide",), "fields": ("username", "password1", "password2")}),
- )
- form = UserChangeForm
- add_form = UserCreationForm
- change_password_form = AdminPasswordChangeForm
- list_display = ("username", "email", "name", "is_staff", "date_joined")
- list_filter = ("is_staff", "is_superuser", "is_active", "is_managed")
- search_fields = ("username", "name", "email")
- ordering = ("username",)
- inlines = (OrganizationUserInline, AuthIdentityInline)
- def get_fieldsets(self, request, obj=None):
- if not obj:
- return self.add_fieldsets
- return super(UserAdmin, self).get_fieldsets(request, obj)
- def get_form(self, request, obj=None, **kwargs):
- """
- Use special form during user creation
- """
- defaults = {}
- if obj is None:
- defaults.update(
- {"form": self.add_form, "fields": admin.util.flatten_fieldsets(self.add_fieldsets)}
- )
- defaults.update(kwargs)
- return super(UserAdmin, self).get_form(request, obj, **defaults)
- def get_urls(self):
- return [
- url(r"^(\d+)/password/$", self.admin_site.admin_view(self.user_change_password))
- ] + super(UserAdmin, self).get_urls()
- def lookup_allowed(self, lookup, value):
- # See #20078: we don't want to allow any lookups involving passwords.
- if lookup.startswith("password"):
- return False
- return super(UserAdmin, self).lookup_allowed(lookup, value)
- @sensitive_post_parameters_m
- @csrf_protect_m
- @transaction.atomic
- def add_view(self, request, form_url="", extra_context=None):
- # It's an error for a user to have add permission but NOT change
- # permission for users. If we allowed such users to add users, they
- # could create superusers, which would mean they would essentially have
- # the permission to change users. To avoid the problem entirely, we
- # disallow users from adding users if they don't have change
- # permission.
- if not self.has_change_permission(request):
- if self.has_add_permission(request) and settings.DEBUG:
- # Raise Http404 in debug mode so that the user gets a helpful
- # error message.
- raise Http404(
- 'Your user does not have the "Change user" permission. In '
- "order to add users, Django requires that your user "
- 'account have both the "Add user" and "Change user" '
- "permissions set."
- )
- raise PermissionDenied
- if extra_context is None:
- extra_context = {}
- username_field = self.model._meta.get_field(self.model.USERNAME_FIELD)
- defaults = {"auto_populated_fields": (), "username_help_text": username_field.help_text}
- extra_context.update(defaults)
- return super(UserAdmin, self).add_view(request, form_url, extra_context)
- @sensitive_post_parameters_m
- def user_change_password(self, request, id, form_url=""):
- if not self.has_change_permission(request):
- raise PermissionDenied
- user = get_object_or_404(self.queryset(request), pk=id)
- if request.method == "POST":
- form = self.change_password_form(user, request.POST)
- if form.is_valid():
- form.save()
- msg = ugettext("Password changed successfully.")
- messages.success(request, msg)
- return HttpResponseRedirect("..")
- else:
- form = self.change_password_form(user)
- fieldsets = [(None, {"fields": list(form.base_fields)})]
- adminForm = admin.helpers.AdminForm(form, fieldsets, {})
- context = {
- "title": _("Change password: %s") % escape(user.get_username()),
- "adminForm": adminForm,
- "form_url": form_url,
- "form": form,
- "is_popup": "_popup" in request.GET,
- "add": True,
- "change": False,
- "has_delete_permission": False,
- "has_change_permission": True,
- "has_absolute_url": False,
- "opts": self.model._meta,
- "original": user,
- "save_as": False,
- "show_save": True,
- }
- return TemplateResponse(
- request,
- self.change_user_password_template or "admin/auth/user/change_password.html",
- context,
- current_app=self.admin_site.name,
- )
- def response_add(self, request, obj, post_url_continue=None):
- """
- Determines the HttpResponse for the add_view stage. It mostly defers to
- its superclass implementation but is customized because the User model
- has a slightly different workflow.
- """
- # We should allow further modification of the user just added i.e. the
- # 'Save' button should behave like the 'Save and continue editing'
- # button except in two scenarios:
- # * The user has pressed the 'Save and add another' button
- # * We are adding a user in a popup
- if "_addanother" not in request.POST and "_popup" not in request.POST:
- request.POST["_continue"] = 1
- return super(UserAdmin, self).response_add(request, obj, post_url_continue)
- admin.site.register(User, UserAdmin)
- class AuditLogEntryAdmin(admin.ModelAdmin):
- list_display = ("event", "organization", "actor", "datetime")
- list_filter = ("event", "datetime")
- search_fields = ("actor__email", "organization__name", "organization__slug")
- raw_id_fields = ("organization", "actor", "target_user")
- readonly_fields = (
- "organization",
- "actor",
- "actor_key",
- "target_object",
- "target_user",
- "event",
- "ip_address",
- "data",
- "datetime",
- )
- admin.site.register(AuditLogEntry, AuditLogEntryAdmin)