# -*- mode: python; coding: utf-8 -*- # Re2o est un logiciel d'administration développé initiallement au rezometz. Il # se veut agnostique au réseau considéré, de manière à être installable en # quelques clics. # # Copyright © 2017-2020 Gabriel Détraz # Copyright © 2017-2020 Lara Kermarec # Copyright © 2017-2020 Augustin Lemesle # Copyright © 2017-2020 Hugo Levy--Falk # Copyright © 2017-2020 Jean-Romain Garnier # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # App de gestion des users pour re2o # Lara Kermarec, Gabriel Détraz, Lemesle Augustin # Gplv2 """ Module des views. On définit les vues pour l'ajout, l'edition des users : infos personnelles, mot de passe, etc Permet aussi l'ajout, edition et suppression des droits, des bannissements, des whitelist, des services users et des écoles """ from __future__ import unicode_literals from django.urls import reverse from django.shortcuts import get_object_or_404, render, redirect from django.contrib import messages from django.contrib.auth.decorators import login_required, permission_required from django.db.models import ProtectedError, Count, Max from django.utils import timezone from django.db import transaction from django.http import HttpResponse from django.http import HttpResponseRedirect from django.views.decorators.csrf import csrf_exempt from django.utils.translation import ugettext as _ from django.template import loader from rest_framework.renderers import JSONRenderer from reversion import revisions as reversion from cotisations.models import Facture, Paiement from machines.models import Machine from preferences.models import OptionalUser, GeneralOption, AssoOption from importlib import import_module from re2o.settings_local import OPTIONNAL_APPS_RE2O from re2o.views import form from re2o.utils import all_has_access, permission_tree from re2o.base import re2o_paginator, SortTable from re2o.acl import ( can_create, can_edit, can_delete_set, can_delete, can_view, can_view_all, can_change, ) from cotisations.utils import find_payment_method from topologie.models import Port from .models import ( User, Ban, Whitelist, School, ListRight, Request, ServiceUser, Adherent, Club, ListShell, EMailAddress, SSHKey, ) from .forms import ( BanForm, WhitelistForm, EMailAddressForm, EmailSettingsForm, DelSchoolForm, DelListRightForm, NewListRightForm, StateForm, SchoolForm, ShellForm, EditServiceUserForm, ServiceUserForm, ListRightForm, AdherentCreationForm, AdherentEditForm, ClubForm, MassArchiveForm, PassForm, ResetPasswordForm, ClubAdminandMembersForm, GroupForm, InitialRegisterForm, SSHKeyForm, ) @can_create(Adherent) def new_user(request): """ Vue de création d'un nouvel utilisateur, envoie un mail pour le mot de passe""" user = AdherentCreationForm(request.POST or None, user=request.user) user.request = request GTU_sum_up = GeneralOption.get_cached_value("GTU_sum_up") GTU = GeneralOption.get_cached_value("GTU") is_set_password_allowed = OptionalUser.get_cached_value( "allow_set_password_during_user_creation" ) if user.is_valid(): user = user.save() if user.password: user.send_confirm_email_if_necessary(request) messages.success( request, _("The user %s was created, a confirmation email was sent.") % user.pseudo, ) else: user.reset_passwd_mail(request) messages.success( request, _("The user %s was created, an email to set the password was sent.") % user.pseudo, ) return redirect(reverse("users:profil", kwargs={"userid": str(user.id)})) # Anonymous users are allowed to create new accounts # but they should be treated differently params = { "userform": user, "GTU_sum_up": GTU_sum_up, "GTU": GTU, "showCGU": True, "action_name": _("Commit"), } if is_set_password_allowed: params["load_js_file"] = "/static/js/toggle_password_fields.js" return form(params, "users/user.html", request) @login_required @can_create(Club) def new_club(request): """ Vue de création d'un nouveau club, envoie un mail pour le mot de passe""" club = ClubForm(request.POST or None, user=request.user) club.request = request if club.is_valid(): club = club.save(commit=False) club.save() club.reset_passwd_mail(request) messages.success( request, _("The club %s was created, an email to set the password was sent.") % club.pseudo, ) return redirect(reverse("users:profil", kwargs={"userid": str(club.id)})) return form( {"userform": club, "showCGU": False, "action_name": _("Create a club")}, "users/user.html", request, ) @login_required @can_edit(Club) def edit_club_admin_members(request, club_instance, **_kwargs): """Vue d'edition de la liste des users administrateurs et membres d'un club""" club = ClubAdminandMembersForm(request.POST or None, instance=club_instance) if club.is_valid(): if club.changed_data: club.save() messages.success(request, _("The club was edited.")) return redirect( reverse("users:profil", kwargs={"userid": str(club_instance.id)}) ) return form( {"userform": club, "showCGU": False, "action_name": _("Edit"),}, "users/user.html", request, ) @login_required @can_edit(User) def edit_info(request, user, userid): """ Edite un utilisateur à partir de son id, si l'id est différent de request.user, vérifie la possession du droit cableur """ if user.is_class_adherent: user_form = AdherentEditForm( request.POST or None, instance=user.adherent, user=request.user ) else: user_form = ClubForm( request.POST or None, instance=user.club, user=request.user ) if user_form.is_valid(): if user_form.changed_data: user = user_form.save() messages.success(request, _("The user was edited.")) if user.send_confirm_email_if_necessary(request): messages.success(request, _("Sent a new confirmation email.")) return redirect(reverse("users:profil", kwargs={"userid": str(userid)})) return form( {"userform": user_form, "action_name": _("Edit")}, "users/user.html", request, ) @login_required @can_edit(User, "state") def state(request, user, userid): """ Change the state (active/unactive/archived) of a user""" state_form = StateForm(request.POST or None, instance=user) if state_form.is_valid(): if state_form.changed_data: user_instance = state_form.save() messages.success(request, _("The states were edited.")) if user_instance.trigger_email_changed_state(request): messages.success( request, _("An email to confirm the address was sent.") ) return redirect(reverse("users:profil", kwargs={"userid": str(userid)})) return form( {"userform": state_form, "action_name": _("Edit")}, "users/user.html", request, ) @login_required @can_edit(User, "groups") def groups(request, user, userid): """ View to edit the groups of a user """ group_form = GroupForm(request.POST or None, instance=user, user=request.user) if group_form.is_valid(): if group_form.changed_data: group_form.save() messages.success(request, _("The groups were edited.")) return redirect(reverse("users:profil", kwargs={"userid": str(userid)})) return form( {"userform": group_form, "action_name": _("Edit")}, "users/user.html", request, ) @login_required @can_edit(User, "password") def password(request, user, userid): """ Reinitialisation d'un mot de passe à partir de l'userid, pour self par défaut, pour tous sans droit si droit cableur, pour tous si droit bureau """ u_form = PassForm(request.POST or None, instance=user, user=request.user) if u_form.is_valid(): if u_form.changed_data: u_form.save() messages.success(request, _("The password was changed.")) return redirect(reverse("users:profil", kwargs={"userid": str(userid)})) return form( {"userform": u_form, "action_name": _("Change the password")}, "users/user.html", request, ) @login_required @can_edit(User, "groups") def del_group(request, user, listrightid, **_kwargs): """ View used to delete a group """ user.groups.remove(ListRight.objects.get(id=listrightid)) user.save() messages.success(request, _("%s was removed from the group.") % user) return HttpResponseRedirect(request.META.get("HTTP_REFERER")) @login_required @can_edit(User, "is_superuser") def del_superuser(request, user, **_kwargs): """Remove the superuser right of an user.""" user.is_superuser = False user.save() messages.success(request, _("%s is no longer superuser.") % user) return HttpResponseRedirect(request.META.get("HTTP_REFERER")) @login_required @can_create(ServiceUser) def new_serviceuser(request): """ Vue de création d'un nouvel utilisateur service""" user = ServiceUserForm(request.POST or None) if user.is_valid(): user.save() messages.success(request, _("The service user was created.")) return redirect(reverse("users:index-serviceusers")) return form( {"userform": user, "action_name": _("Add")}, "users/user.html", request, ) @login_required @can_edit(ServiceUser) def edit_serviceuser(request, serviceuser, **_kwargs): """ Edit a ServiceUser """ serviceuser = EditServiceUserForm(request.POST or None, instance=serviceuser) if serviceuser.is_valid(): if serviceuser.changed_data: serviceuser.save() messages.success(request, _("The service user was edited.")) return redirect(reverse("users:index-serviceusers")) return form( {"userform": serviceuser, "action_name": _("Edit")}, "users/user.html", request, ) @login_required @can_delete(ServiceUser) def del_serviceuser(request, serviceuser, **_kwargs): """Suppression d'un ou plusieurs serviceusers""" if request.method == "POST": serviceuser.delete() messages.success(request, _("The service user was deleted.")) return redirect(reverse("users:index-serviceusers")) return form( {"objet": serviceuser, "objet_name": _("service user")}, "users/delete.html", request, ) @login_required @can_create(Ban) @can_edit(User) def add_ban(request, user, userid): """ Ajouter un banissement, nécessite au moins le droit bofh (a fortiori bureau) Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement""" ban_instance = Ban(user=user) ban = BanForm(request.POST or None, instance=ban_instance) ban.request = request if ban.is_valid(): ban.save() messages.success(request, _("The ban was added.")) return redirect(reverse("users:profil", kwargs={"userid": str(userid)})) if user.is_ban(): messages.error(request, _("Warning: this user already has an active ban.")) return form({"userform": ban, "action_name": _("Add")}, "users/user.html", request) @login_required @can_edit(Ban) def edit_ban(request, ban_instance, **_kwargs): """ Editer un bannissement, nécessite au moins le droit bofh (a fortiori bureau) Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement""" ban = BanForm(request.POST or None, instance=ban_instance) ban.request = request if ban.is_valid(): if ban.changed_data: ban.save() messages.success(request, _("The ban was edited.")) return redirect(reverse("users:index")) return form({"userform": ban, "action_name": _("Edit")}, "users/user.html", request) @login_required @can_delete(Ban) def del_ban(request, ban, **_kwargs): """ Supprime un banissement""" if request.method == "POST": ban.delete() messages.success(request, _("The ban was deleted.")) return redirect(reverse("users:profil", kwargs={"userid": str(ban.user.id)})) return form({"objet": ban, "objet_name": _("ban")}, "users/delete.html", request) @login_required @can_create(Whitelist) @can_edit(User) def add_whitelist(request, user, userid): """ Accorder un accès gracieux, temporaire ou permanent. Need droit cableur Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement, raison obligatoire""" whitelist_instance = Whitelist(user=user) whitelist = WhitelistForm(request.POST or None, instance=whitelist_instance) if whitelist.is_valid(): whitelist.save() messages.success(request, _("The whitelist was added.")) return redirect(reverse("users:profil", kwargs={"userid": str(userid)})) if user.is_whitelisted(): messages.error( request, _("Warning: this user already has an active whitelist.") ) return form( {"userform": whitelist, "action_name": _("Add")}, "users/user.html", request, ) @login_required @can_edit(Whitelist) def edit_whitelist(request, whitelist_instance, **_kwargs): """ Editer un accès gracieux, temporaire ou permanent. Need droit cableur Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement, raison obligatoire""" whitelist = WhitelistForm(request.POST or None, instance=whitelist_instance) if whitelist.is_valid(): if whitelist.changed_data: whitelist.save() messages.success(request, _("The whitelist was edited.")) return redirect(reverse("users:index")) return form( {"userform": whitelist, "action_name": _("Edit")}, "users/user.html", request, ) @login_required @can_delete(Whitelist) def del_whitelist(request, whitelist, **_kwargs): """ Supprime un acces gracieux""" if request.method == "POST": whitelist.delete() messages.success(request, _("The whitelist was deleted.")) return redirect( reverse("users:profil", kwargs={"userid": str(whitelist.user.id)}) ) return form( {"objet": whitelist, "objet_name": _("whitelist")}, "users/delete.html", request ) @login_required @can_create(EMailAddress) @can_edit(User) def add_emailaddress(request, user, userid): """ Create a new local email account""" emailaddress_instance = EMailAddress(user=user) emailaddress = EMailAddressForm( request.POST or None, instance=emailaddress_instance ) if emailaddress.is_valid(): emailaddress.save() messages.success(request, _("The local email account was created.")) return redirect(reverse("users:profil", kwargs={"userid": str(userid)})) return form( {"userform": emailaddress, "showCGU": False, "action_name": _("Add"),}, "users/user.html", request, ) @login_required @can_edit(EMailAddress) def edit_emailaddress(request, emailaddress_instance, **_kwargs): """ Edit a local email account""" emailaddress = EMailAddressForm( request.POST or None, instance=emailaddress_instance ) if emailaddress.is_valid(): if emailaddress.changed_data: emailaddress.save() messages.success(request, _("The local email account was edited.")) return redirect( reverse( "users:profil", kwargs={"userid": str(emailaddress_instance.user.id)} ) ) return form( {"userform": emailaddress, "showCGU": False, "action_name": _("Edit"),}, "users/user.html", request, ) @login_required @can_delete(EMailAddress) def del_emailaddress(request, emailaddress, **_kwargs): """Delete a local email account""" if request.method == "POST": emailaddress.delete() messages.success(request, _("The local email account was deleted.")) return redirect( reverse("users:profil", kwargs={"userid": str(emailaddress.user.id)}) ) return form( {"objet": emailaddress, "objet_name": _("email address")}, "users/delete.html", request, ) @login_required @can_edit(User) def edit_email_settings(request, user_instance, **_kwargs): """Edit the email settings of a user""" email_settings = EmailSettingsForm( request.POST or None, instance=user_instance, user=request.user ) if email_settings.is_valid(): if email_settings.changed_data: email_settings.save() messages.success(request, _("The email settings were edited.")) if user_instance.send_confirm_email_if_necessary(request): messages.success( request, _("An email to confirm your address was sent.") ) return redirect( reverse("users:profil", kwargs={"userid": str(user_instance.id)}) ) return form( { "userform": email_settings, "showCGU": False, "load_js_file": "/static/js/email_address.js", "action_name": _("Edit"), }, "users/user.html", request, ) @login_required @can_create(School) def add_school(request): """ Ajouter un établissement d'enseignement à la base de donnée, need cableur""" school = SchoolForm(request.POST or None) if school.is_valid(): school.save() messages.success(request, _("The school was added.")) return redirect(reverse("users:index-school")) return form( {"userform": school, "action_name": _("Add")}, "users/user.html", request, ) @login_required @can_edit(School) def edit_school(request, school_instance, **_kwargs): """ Editer un établissement d'enseignement à partir du schoolid dans la base de donnée, need cableur""" school = SchoolForm(request.POST or None, instance=school_instance) if school.is_valid(): if school.changed_data: school.save() messages.success(request, _("The school was edited.")) return redirect(reverse("users:index-school")) return form( {"userform": school, "action_name": _("Edit")}, "users/user.html", request, ) @login_required @can_delete_set(School) def del_school(request, instances): """ Supprimer un établissement d'enseignement à la base de donnée, need cableur Objet protégé, possible seulement si aucun user n'est affecté à l'établissement """ school = DelSchoolForm(request.POST or None, instances=instances) if school.is_valid(): school_dels = school.cleaned_data["schools"] for school_del in school_dels: try: school_del.delete() messages.success(request, _("The school was deleted.")) except ProtectedError: messages.error( request, _( "The school %s is assigned to at least one user," " impossible to delete it." ) % school_del, ) return redirect(reverse("users:index-school")) return form( {"userform": school, "action_name": _("Confirm")}, "users/user.html", request ) @login_required @can_create(ListShell) def add_shell(request): """ Ajouter un shell à la base de donnée""" shell = ShellForm(request.POST or None) if shell.is_valid(): shell.save() messages.success(request, _("The shell was added.")) return redirect(reverse("users:index-shell")) return form( {"userform": shell, "action_name": _("Add")}, "users/user.html", request ) @login_required @can_edit(ListShell) def edit_shell(request, shell_instance, **_kwargs): """ Editer un shell à partir du listshellid""" shell = ShellForm(request.POST or None, instance=shell_instance) if shell.is_valid(): if shell.changed_data: shell.save() messages.success(request, _("The shell was edited.")) return redirect(reverse("users:index-shell")) return form( {"userform": shell, "action_name": _("Edit")}, "users/user.html", request, ) @login_required @can_delete(ListShell) def del_shell(request, shell, **_kwargs): """Destruction d'un shell""" if request.method == "POST": shell.delete() messages.success(request, _("The shell was deleted.")) return redirect(reverse("users:index-shell")) return form( {"objet": shell, "objet_name": _("shell")}, "users/delete.html", request ) @login_required @can_create(ListRight) def add_listright(request): """ Ajouter un droit/groupe, nécessite droit bureau. Obligation de fournir un gid pour la synchro ldap, unique """ listright = NewListRightForm(request.POST or None) if listright.is_valid(): listright.save() messages.success(request, _("The group of rights was added.")) return redirect(reverse("users:index-listright")) return form( {"form": listright, "action_name": _("Add"), "permissions": permission_tree()}, "users/edit_listright.html", request, ) @login_required @can_edit(ListRight) def edit_listright(request, listright_instance, **_kwargs): """ Editer un groupe/droit, necessite droit bureau, à partir du listright id """ listright_form = ListRightForm(request.POST or None, instance=listright_instance) if listright_form.is_valid(): if listright_form.changed_data: listright_form.save() messages.success(request, _("The group of rights was edited.")) return redirect(reverse("users:index-listright")) return form( { "form": listright_form, "action_name": _("Edit"), "permissions": permission_tree(), "instance": listright_instance, }, "users/edit_listright.html", request, ) @login_required @can_delete_set(ListRight) def del_listright(request, instances): """ Supprimer un ou plusieurs groupe, possible si il est vide, need droit bureau """ listright = DelListRightForm(request.POST or None, instances=instances) if listright.is_valid(): listright_dels = listright.cleaned_data["listrights"] for listright_del in listright_dels: try: listright_del.delete() messages.success(request, _("The group of rights was deleted.")) except ProtectedError: messages.error( request, _( "The group of rights %s is assigned to at least one" " user, impossible to delete it." ) % listright_del, ) return redirect(reverse("users:index-listright")) return form( {"userform": listright, "action_name": _("Confirm")}, "users/user.html", request ) @login_required @can_view_all(User) @can_change(User, "state") def mass_archive(request): """ Permet l'archivage massif""" pagination_number = GeneralOption.get_cached_value("pagination_number") to_archive_form = MassArchiveForm(request.POST or None) to_archive_list = [] if to_archive_form.is_valid(): date = to_archive_form.cleaned_data["date"] full_archive = to_archive_form.cleaned_data["full_archive"] to_archive_list = ( User.objects.exclude(id__in=all_has_access()) .exclude(id__in=all_has_access(search_time=date)) .exclude(state=User.STATE_NOT_YET_ACTIVE) .exclude(state=User.STATE_FULL_ARCHIVE) ) if not full_archive: to_archive_list = to_archive_list.exclude(state=User.STATE_ARCHIVE) if "valider" in request.POST: if full_archive: User.mass_full_archive(to_archive_list) else: User.mass_archive(to_archive_list) messages.success( request, _("%s users were archived.") % to_archive_list.count() ) return redirect(reverse("users:index")) to_archive_list = re2o_paginator(request, to_archive_list, pagination_number) return form( {"userform": to_archive_form, "to_archive_list": to_archive_list}, "users/mass_archive.html", request, ) @login_required @can_view_all(Adherent) def index(request): """ Affiche l'ensemble des adherents, need droit cableur """ pagination_number = GeneralOption.get_cached_value("pagination_number") users_list = Adherent.objects.select_related("room") users_list = SortTable.sort( users_list, request.GET.get("col"), request.GET.get("order"), SortTable.USERS_INDEX, ) users_list = re2o_paginator(request, users_list, pagination_number) return render(request, "users/index.html", {"users_list": users_list}) @login_required @can_view_all(Club) def index_clubs(request): """ Affiche l'ensemble des clubs, need droit cableur """ pagination_number = GeneralOption.get_cached_value("pagination_number") clubs_list = Club.objects.select_related("room") clubs_list = SortTable.sort( clubs_list, request.GET.get("col"), request.GET.get("order"), SortTable.USERS_INDEX, ) clubs_list = re2o_paginator(request, clubs_list, pagination_number) return render(request, "users/index_clubs.html", {"clubs_list": clubs_list}) @login_required @can_view_all(Ban) def index_ban(request): """ Affiche l'ensemble des ban, need droit cableur """ pagination_number = GeneralOption.get_cached_value("pagination_number") ban_list = Ban.objects.select_related("user") ban_list = SortTable.sort( ban_list, request.GET.get("col"), request.GET.get("order"), SortTable.USERS_INDEX_BAN, ) ban_list = re2o_paginator(request, ban_list, pagination_number) return render(request, "users/index_ban.html", {"ban_list": ban_list}) @login_required @can_view_all(Whitelist) def index_white(request): """ Affiche l'ensemble des whitelist, need droit cableur """ pagination_number = GeneralOption.get_cached_value("pagination_number") white_list = Whitelist.objects.select_related("user") white_list = SortTable.sort( white_list, request.GET.get("col"), request.GET.get("order"), SortTable.USERS_INDEX_BAN, ) white_list = re2o_paginator(request, white_list, pagination_number) return render(request, "users/index_whitelist.html", {"white_list": white_list}) @login_required @can_view_all(School) def index_school(request): """ Affiche l'ensemble des établissement""" school_list = School.objects.order_by("name") pagination_number = GeneralOption.get_cached_value("pagination_number") school_list = SortTable.sort( school_list, request.GET.get("col"), request.GET.get("order"), SortTable.USERS_INDEX_SCHOOL, ) school_list = re2o_paginator(request, school_list, pagination_number) return render(request, "users/index_schools.html", {"school_list": school_list}) @login_required @can_view_all(ListShell) def index_shell(request): """ Affiche l'ensemble des shells""" shell_list = ListShell.objects.order_by("shell") return render(request, "users/index_shell.html", {"shell_list": shell_list}) @login_required @can_view_all(ListRight) def index_listright(request): """ Affiche l'ensemble des droits""" rights = {} for right in ( ListRight.objects.order_by("name") .prefetch_related("permissions") .prefetch_related("user_set") ): rights[right] = right.user_set.annotate( action_number=Count("revision"), last_seen=Max("revision__date_created") ) superusers = User.objects.filter(is_superuser=True).annotate( action_number=Count("revision"), last_seen=Max("revision__date_created") ) return render( request, "users/index_listright.html", {"rights": rights, "superusers": superusers}, ) @login_required @can_view_all(ServiceUser) def index_serviceusers(request): """ Affiche les users de services (pour les accès ldap)""" serviceusers_list = ServiceUser.objects.order_by("pseudo") return render( request, "users/index_serviceusers.html", {"serviceusers_list": serviceusers_list}, ) @login_required def mon_profil(request): """ Lien vers profil, renvoie request.id à la fonction """ return redirect(reverse("users:profil", kwargs={"userid": str(request.user.id)})) @login_required @can_view(User) def profil(request, users, **_kwargs): """ Affiche un profil, self or cableur, prend un userid en argument """ machines = ( Machine.objects.filter(user=users) .select_related("user") .prefetch_related("interface_set__domain__extension") .prefetch_related("interface_set__ipv4__ip_type__extension") .prefetch_related("interface_set__machine_type") .prefetch_related("interface_set__domain__related_domain__extension") ) machines = SortTable.sort( machines, request.GET.get("col"), request.GET.get("order"), SortTable.MACHINES_INDEX, ) optionnal_apps = [import_module(app) for app in OPTIONNAL_APPS_RE2O] optionnal_templates_list = [ app.views.profil(request, users) for app in optionnal_apps if hasattr(app.views, "profil") ] pagination_large_number = GeneralOption.get_cached_value("pagination_large_number") nb_machines = machines.count() machines = re2o_paginator(request, machines, pagination_large_number) factures = Facture.objects.filter(user=users) factures = SortTable.sort( factures, request.GET.get("col"), request.GET.get("order"), SortTable.COTISATIONS_INDEX, ) bans = Ban.objects.filter(user=users) bans = SortTable.sort( bans, request.GET.get("col"), request.GET.get("order"), SortTable.USERS_INDEX_BAN, ) whitelists = Whitelist.objects.filter(user=users) whitelists = SortTable.sort( whitelists, request.GET.get("col"), request.GET.get("order"), SortTable.USERS_INDEX_WHITE, ) sshkeys = users.sshkey_set.all() try: balance = find_payment_method(Paiement.objects.get(is_balance=True)) except Paiement.DoesNotExist: user_solde = False else: user_solde = balance is not None and balance.can_credit_balance(request.user) return render( request, "users/profil.html", { "users": users, "machines_list": machines, "nb_machines": nb_machines, "optionnal_templates_list": optionnal_templates_list, "facture_list": factures, "ban_list": bans, "white_list": whitelists, "user_solde": user_solde, "solde_activated": Paiement.objects.filter(is_balance=True).exists(), "asso_name": AssoOption.objects.first().name, "emailaddress_list": users.email_address, "local_email_accounts_enabled": ( OptionalUser.objects.first().local_email_accounts_enabled ), "sshkeys": sshkeys, }, ) def reset_password(request): """ Reintialisation du mot de passe si mdp oublié """ userform = ResetPasswordForm(request.POST or None) if userform.is_valid(): try: user = User.objects.get( pseudo=userform.cleaned_data["pseudo"], email=userform.cleaned_data["email"], state__in=[User.STATE_ACTIVE, User.STATE_NOT_YET_ACTIVE], ) except User.DoesNotExist: messages.error(request, _("The user doesn't exist.")) return form( {"userform": userform, "action_name": _("Reset")}, "users/user.html", request, ) user.reset_passwd_mail(request) messages.success(request, _("An email to reset the password was sent.")) redirect(reverse("index")) return form( {"userform": userform, "action_name": _("Reset")}, "users/user.html", request ) def process(request, token): """Process, lien pour la reinitialisation du mot de passe et la confirmation de l'email""" valid_reqs = Request.objects.filter(expires_at__gt=timezone.now()) req = get_object_or_404(valid_reqs, token=token) if req.type == Request.PASSWD: return process_passwd(request, req) elif req.type == Request.EMAIL: return process_email(request, req) else: messages.error(request, _("Error: please contact an admin.")) redirect(reverse("index")) def process_passwd(request, req): """Process le changeemnt de mot de passe, renvoie le formulaire demandant le nouveau password""" user = req.user u_form = PassForm(request.POST or None, instance=user, user=request.user) if u_form.is_valid(): with transaction.atomic(), reversion.create_revision(): user.confirm_mail() u_form.save() reversion.set_comment("Password reset") # Delete all remaining requests Request.objects.filter(user=user, type=Request.PASSWD).delete() messages.success(request, _("The password was changed.")) return redirect(reverse("index")) return form( {"userform": u_form, "action_name": _("Change the password")}, "users/user.html", request, ) def process_email(request, req): """Process la confirmation de mail, renvoie le formulaire de validation""" user = req.user if request.method == "POST": with transaction.atomic(), reversion.create_revision(): user.confirm_mail() user.save() reversion.set_comment("Email confirmation") # Delete all remaining requests Request.objects.filter(user=user, type=Request.EMAIL).delete() messages.success(request, _("The %s address was confirmed." % user.email)) return redirect(reverse("index")) return form( {"email": user.email, "name": user.get_full_name()}, "users/confirm_email.html", request, ) @login_required @can_edit(User) def resend_confirmation_email(request, logged_user, userid): """ Renvoi du mail de confirmation """ try: user = User.objects.get( id=userid, email_state__in=[User.EMAIL_STATE_PENDING, User.EMAIL_STATE_UNVERIFIED], ) except User.DoesNotExist: messages.error(request, _("The user doesn't exist.")) if request.method == "POST": user.confirm_email_address_mail(request) messages.success(request, _("An email to confirm your address was sent.")) return redirect(reverse("users:profil", kwargs={"userid": userid})) return form({"email": user.email}, "users/resend_confirmation_email.html", request) @login_required def initial_register(request): switch_ip = request.GET.get("switch_ip", None) switch_port = request.GET.get("switch_port", None) client_mac = request.GET.get("client_mac", None) u_form = InitialRegisterForm( request.POST or None, user=request.user, switch_ip=switch_ip, switch_port=switch_port, client_mac=client_mac, ) if not u_form.fields: messages.error(request, _("Incorrect URL, or already registered device.")) return redirect( reverse("users:profil", kwargs={"userid": str(request.user.id)}) ) if switch_ip and switch_port: port = Port.objects.filter( switch__interface__ipv4__ipv4=switch_ip, port=switch_port ).first() if u_form.is_valid(): messages.success( request, _( "Successful registration! Please" " disconnect and reconnect your Ethernet" " cable to get Internet access." ), ) return form({}, "users/plugin_out.html", request) return form( {"userform": u_form, "port": port, "mac": client_mac}, "users/user_autocapture.html", request, ) @login_required @can_create(SSHKey) @can_edit(User) def add_sshkey(request, user, userid): """Create an SSHKey for the given user.""" sshkey_instance = SSHKey(user=user) sshkey = SSHKeyForm(request.POST or None, instance=sshkey_instance) if sshkey.is_valid(): sshkey.save() messages.success(request, _("The SSH key was added.")) return redirect(reverse("users:profil", kwargs={"userid": str(userid)})) return form( {"userform": sshkey, "action_name": _("Add")}, "users/user.html", request ) @login_required @can_edit(SSHKey) def edit_sshkey(request, sshkey_instance, **_kwargs): """Edit an SSHKey for the given user.""" sshkey = SSHKeyForm(request.POST or None, instance=sshkey_instance) sshkey.request = request if sshkey.is_valid(): if sshkey.changed_data: sshkey.save() messages.success(request, _("The SSH Key was edited.")) return redirect(reverse("users:profil", kwargs={"userid": str(userid)})) return form( {"userform": sshkey, "action_name": _("Edit")}, "users/user.html", request ) @login_required @can_delete(SSHKey) def del_sshkey(request, sshkey, **_kwargs): """Delete SSH key.""" if request.method == "POST": sshkey.delete() messages.success(request, _("The SSH key was deleted.")) return redirect(reverse("users:profil", kwargs={"userid": str(sshkey.user.id)})) return form( {"objet": sshkey, "objet_name": _("SSH key")}, "users/delete.html", request )