takahe/users/views/admin/domains.py

227 lines
8.4 KiB
Python

from django import forms
from django.core.validators import RegexValidator
from django.db import models
from django.shortcuts import get_object_or_404, redirect
from django.utils.decorators import method_decorator
from django.views.generic import FormView, TemplateView
from users.decorators import admin_required
from users.models import Domain, User
class DomainValidator(RegexValidator):
ul = "\u00a1-\uffff" # Unicode letters range (must not be a raw string).
# Host patterns
hostname_re = (
r"[a-z" + ul + r"0-9](?:[a-z" + ul + r"0-9-]{0,61}[a-z" + ul + r"0-9])?"
)
# Max length for domain name labels is 63 characters per RFC 1034 sec. 3.1
domain_re = r"(?:\.(?!-)[a-z" + ul + r"0-9-]{1,63}(?<!-))*"
tld_re = (
r"\." # dot
r"(?!-)" # can't start with a dash
r"(?:[a-z" + ul + "-]{2,63}" # domain label
r"|xn--[a-z0-9]{1,59})" # or punycode label
r"(?<!-)" # can't end with a dash
r"\.?" # may have a trailing dot
)
regex = "^" + hostname_re + domain_re + tld_re + "$"
message = "This does not look like a domain name"
@method_decorator(admin_required, name="dispatch")
class Domains(TemplateView):
template_name = "admin/domains.html"
def get_context_data(self):
return {
"domains": Domain.objects.filter(local=True).order_by("domain"),
"section": "domains",
}
@method_decorator(admin_required, name="dispatch")
class DomainCreate(FormView):
template_name = "admin/domain_create.html"
extra_context = {"section": "domains"}
class form_class(forms.Form):
domain = forms.CharField(
help_text="The domain displayed as part of a user's identity.\nCannot be changed after the domain has been created.",
validators=[DomainValidator()],
)
service_domain = forms.CharField(
help_text="Optional - a domain that serves Takahē if it is not running on the main domain.\nCannot be changed after the domain has been created.\nMust be unique for each display domain!",
required=False,
validators=[DomainValidator()],
)
public = forms.BooleanField(
help_text="If any user on this server can create identities under this domain",
widget=forms.Select(choices=[(True, "Public"), (False, "Private")]),
required=False,
)
default = forms.BooleanField(
help_text="If this domain is the default option for new identities",
widget=forms.Select(choices=[(False, "No"), (True, "Yes")]),
required=False,
)
users = forms.CharField(
label="Permitted Users",
help_text="If this domain is not public, the email addresses of the users allowed to use it.\nOne email address per line.",
widget=forms.Textarea,
required=False,
)
notes = forms.CharField(
label="Notes",
widget=forms.Textarea(
attrs={
"rows": 3,
},
),
required=False,
)
def clean_domain(self):
if Domain.objects.filter(
models.Q(domain=self.cleaned_data["domain"])
| models.Q(service_domain=self.cleaned_data["domain"])
):
raise forms.ValidationError("This domain name is already in use")
return self.cleaned_data["domain"]
def clean_service_domain(self):
if not self.cleaned_data["service_domain"]:
return None
if Domain.objects.filter(
models.Q(domain=self.cleaned_data["service_domain"])
| models.Q(service_domain=self.cleaned_data["service_domain"])
):
raise forms.ValidationError("This domain name is already in use")
if self.cleaned_data.get("domain") == self.cleaned_data["service_domain"]:
raise forms.ValidationError(
"You cannot have the domain and service domain be the same (did you mean to leave service domain blank?)"
)
return self.cleaned_data["service_domain"]
def clean_default(self):
value = self.cleaned_data["default"]
if value and not self.cleaned_data.get("public"):
raise forms.ValidationError("A non-public domain cannot be the default")
return value
def clean_users(self):
if not self.cleaned_data["users"].strip():
return []
if self.cleaned_data.get("public"):
raise forms.ValidationError(
"You cannot limit by user when the domain is public"
)
# Turn contents into an email set
user_emails = set()
for line in self.cleaned_data["users"].splitlines():
line = line.strip()
if line:
user_emails.add(line)
# Fetch those users
users = list(User.objects.filter(email__in=user_emails))
# See if there's a set difference
missing_emails = user_emails.difference({user.email for user in users})
if missing_emails:
raise forms.ValidationError(
"These emails do not have user accounts: "
+ (", ".join(missing_emails))
)
return users
def form_valid(self, form):
domain = Domain.objects.create(
domain=form.cleaned_data["domain"],
service_domain=form.cleaned_data["service_domain"] or None,
notes=form.cleaned_data["notes"] or None,
public=form.cleaned_data["public"],
default=form.cleaned_data["default"],
local=True,
)
domain.users.set(form.cleaned_data["users"])
if domain.default:
Domain.objects.exclude(pk=domain.pk).update(default=False)
return redirect(Domain.urls.root)
@method_decorator(admin_required, name="dispatch")
class DomainEdit(FormView):
template_name = "admin/domain_edit.html"
extra_context = {"section": "domains"}
class form_class(DomainCreate.form_class):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.fields["domain"].disabled = True
self.fields["service_domain"].disabled = True
def clean_domain(self):
return self.cleaned_data["domain"]
def clean_service_domain(self):
return self.cleaned_data["service_domain"]
def dispatch(self, request, domain):
self.domain = get_object_or_404(
Domain.objects.filter(local=True), domain=domain
)
return super().dispatch(request)
def get_context_data(self, *args, **kwargs):
context = super().get_context_data(*args, **kwargs)
context["domain"] = self.domain
return context
def form_valid(self, form):
self.domain.public = form.cleaned_data["public"]
self.domain.default = form.cleaned_data["default"]
self.domain.notes = form.cleaned_data["notes"] or None
self.domain.save()
self.domain.users.set(form.cleaned_data["users"])
if self.domain.default:
Domain.objects.exclude(pk=self.domain.pk).update(default=False)
return redirect(Domain.urls.root)
def get_initial(self):
return {
"domain": self.domain.domain,
"service_domain": self.domain.service_domain,
"notes": self.domain.notes,
"public": self.domain.public,
"default": self.domain.default,
"users": "\n".join(sorted(user.email for user in self.domain.users.all())),
}
@method_decorator(admin_required, name="dispatch")
class DomainDelete(TemplateView):
template_name = "admin/domain_delete.html"
def dispatch(self, request, domain):
self.domain = get_object_or_404(
Domain.objects.filter(public=True), domain=domain
)
return super().dispatch(request)
def get_context_data(self):
return {
"domain": self.domain,
"num_identities": self.domain.identities.count(),
"section": "domains",
}
def post(self, request):
if self.domain.identities.exists():
raise ValueError("Tried to delete domain with identities!")
self.domain.delete()
return redirect("admin_domains")