2015-02-12 20:57:05 +01:00
|
|
|
from random import choice
|
2014-10-11 14:34:49 +02:00
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
from django.contrib.auth.hashers import make_password
|
2016-12-17 09:30:20 +01:00
|
|
|
from django.contrib.auth.models import Group as DjangoGroup
|
2017-08-23 20:51:06 +02:00
|
|
|
from django.contrib.auth.models import GroupManager as _GroupManager
|
2015-09-16 00:55:27 +02:00
|
|
|
from django.contrib.auth.models import (
|
2015-02-12 20:57:05 +01:00
|
|
|
AbstractBaseUser,
|
|
|
|
BaseUserManager,
|
2016-08-30 09:16:47 +02:00
|
|
|
Permission,
|
2015-06-16 10:37:23 +02:00
|
|
|
PermissionsMixin,
|
2015-02-12 22:42:54 +01:00
|
|
|
)
|
2014-10-11 14:34:49 +02:00
|
|
|
from django.db import models
|
2016-12-17 09:30:20 +01:00
|
|
|
from django.db.models import Prefetch, Q
|
2017-05-23 14:07:06 +02:00
|
|
|
from jsonfield import JSONField
|
2014-10-11 14:34:49 +02:00
|
|
|
|
2017-07-28 15:42:58 +02:00
|
|
|
from ..core.models import Projector
|
2017-01-10 21:43:53 +01:00
|
|
|
from ..utils.collection import CollectionElement
|
2015-09-16 00:55:27 +02:00
|
|
|
from ..utils.models import RESTModelMixin
|
2017-05-23 14:07:06 +02:00
|
|
|
from .access_permissions import (
|
|
|
|
GroupAccessPermissions,
|
|
|
|
PersonalNoteAccessPermissions,
|
|
|
|
UserAccessPermissions,
|
|
|
|
)
|
2017-04-07 16:15:53 +02:00
|
|
|
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
class UserManager(BaseUserManager):
|
2015-01-22 18:29:12 +01:00
|
|
|
"""
|
2015-09-16 00:55:27 +02:00
|
|
|
Customized manager that creates new users only with a password and a
|
2016-09-30 20:42:58 +02:00
|
|
|
username. It also supports our get_full_queryset method.
|
2015-01-22 18:29:12 +01:00
|
|
|
"""
|
2016-09-18 16:00:31 +02:00
|
|
|
def get_full_queryset(self):
|
2016-09-30 20:42:58 +02:00
|
|
|
"""
|
|
|
|
Returns the normal queryset with all users. In the background all
|
2016-12-17 09:30:20 +01:00
|
|
|
groups are prefetched from the database together with all permissions
|
|
|
|
and content types.
|
2016-09-30 20:42:58 +02:00
|
|
|
"""
|
2016-12-17 09:30:20 +01:00
|
|
|
return self.get_queryset().prefetch_related(Prefetch(
|
|
|
|
'groups',
|
|
|
|
queryset=Group.objects
|
|
|
|
.select_related('group_ptr')
|
|
|
|
.prefetch_related(Prefetch(
|
|
|
|
'permissions',
|
|
|
|
queryset=Permission.objects.select_related('content_type')))))
|
2016-09-18 16:00:31 +02:00
|
|
|
|
2017-03-19 14:46:08 +01:00
|
|
|
def create_user(self, username, password, skip_autoupdate=False, **kwargs):
|
2015-09-16 00:55:27 +02:00
|
|
|
"""
|
|
|
|
Creates a new user only with a password and a username.
|
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
user = self.model(username=username, **kwargs)
|
|
|
|
user.set_password(password)
|
2017-03-19 14:46:08 +01:00
|
|
|
user.save(skip_autoupdate=skip_autoupdate, using=self._db)
|
2014-10-11 14:34:49 +02:00
|
|
|
return user
|
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
def create_or_reset_admin_user(self):
|
|
|
|
"""
|
2015-09-16 00:55:27 +02:00
|
|
|
Creates an user with the username 'admin'. If such a user already
|
|
|
|
exists, resets it. The password is (re)set to 'admin'. The user
|
2016-08-30 09:16:47 +02:00
|
|
|
becomes member of the group 'Staff'. The two important permissions
|
|
|
|
'users.can_see_name' and 'users.can_manage' are added to this group,
|
|
|
|
so that the admin can manage all other permissions.
|
2015-02-12 20:57:05 +01:00
|
|
|
"""
|
2016-08-30 09:16:47 +02:00
|
|
|
query_can_see_name = Q(content_type__app_label='users') & Q(codename='can_see_name')
|
|
|
|
query_can_manage = Q(content_type__app_label='users') & Q(codename='can_manage')
|
|
|
|
|
|
|
|
staff, _ = Group.objects.get_or_create(name='Staff')
|
|
|
|
staff.permissions.add(Permission.objects.get(query_can_see_name))
|
|
|
|
staff.permissions.add(Permission.objects.get(query_can_manage))
|
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
admin, created = self.get_or_create(
|
|
|
|
username='admin',
|
|
|
|
defaults={'last_name': 'Administrator'})
|
|
|
|
admin.default_password = 'admin'
|
|
|
|
admin.password = make_password(admin.default_password, '', 'md5')
|
|
|
|
admin.save()
|
|
|
|
admin.groups.add(staff)
|
|
|
|
return created
|
|
|
|
|
|
|
|
def generate_username(self, first_name, last_name):
|
|
|
|
"""
|
|
|
|
Generates a username from first name and last name.
|
|
|
|
"""
|
|
|
|
first_name = first_name.strip()
|
|
|
|
last_name = last_name.strip()
|
|
|
|
|
|
|
|
if first_name and last_name:
|
|
|
|
base_name = ' '.join((first_name, last_name))
|
|
|
|
else:
|
|
|
|
base_name = first_name or last_name
|
|
|
|
if not base_name:
|
|
|
|
raise ValueError("Either 'first_name' or 'last_name' must not be "
|
2015-09-16 00:55:27 +02:00
|
|
|
"empty.")
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
if not self.filter(username=base_name).exists():
|
|
|
|
generated_username = base_name
|
|
|
|
else:
|
|
|
|
counter = 0
|
|
|
|
while True:
|
|
|
|
counter += 1
|
|
|
|
test_name = '%s %d' % (base_name, counter)
|
|
|
|
if not self.filter(username=test_name).exists():
|
|
|
|
generated_username = test_name
|
|
|
|
break
|
|
|
|
|
|
|
|
return generated_username
|
|
|
|
|
|
|
|
def generate_password(self):
|
|
|
|
"""
|
2015-09-16 00:55:27 +02:00
|
|
|
Generates a random passwort. Do not use l, o, I, O, 1 or 0.
|
2015-02-12 20:57:05 +01:00
|
|
|
"""
|
|
|
|
chars = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789'
|
|
|
|
size = 8
|
|
|
|
return ''.join([choice(chars) for i in range(size)])
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
|
2015-06-29 13:31:07 +02:00
|
|
|
class User(RESTModelMixin, PermissionsMixin, AbstractBaseUser):
|
2015-02-12 20:57:05 +01:00
|
|
|
"""
|
2015-09-16 00:55:27 +02:00
|
|
|
Model for users in OpenSlides. A client can login as an user with
|
|
|
|
credentials. An user can also just be used as representation for a person
|
|
|
|
in other OpenSlides apps like motion submitter or (assignment) election
|
2015-02-12 20:57:05 +01:00
|
|
|
candidates.
|
|
|
|
"""
|
2016-02-11 22:58:32 +01:00
|
|
|
access_permissions = UserAccessPermissions()
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
USERNAME_FIELD = 'username'
|
|
|
|
|
|
|
|
username = models.CharField(
|
2015-09-16 00:55:27 +02:00
|
|
|
max_length=255,
|
|
|
|
unique=True,
|
|
|
|
blank=True)
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
first_name = models.CharField(
|
2015-09-16 00:55:27 +02:00
|
|
|
max_length=255,
|
|
|
|
blank=True)
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
last_name = models.CharField(
|
2015-09-16 00:55:27 +02:00
|
|
|
max_length=255,
|
|
|
|
blank=True)
|
|
|
|
|
|
|
|
# TODO: Try to remove the default argument in the following fields.
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
structure_level = models.CharField(
|
2015-09-16 00:55:27 +02:00
|
|
|
max_length=255,
|
|
|
|
blank=True,
|
2016-01-09 13:32:56 +01:00
|
|
|
default='')
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
title = models.CharField(
|
2015-09-16 00:55:27 +02:00
|
|
|
max_length=50,
|
|
|
|
blank=True,
|
2016-01-09 13:32:56 +01:00
|
|
|
default='')
|
2014-10-11 14:34:49 +02:00
|
|
|
|
2016-08-03 16:30:04 +02:00
|
|
|
number = models.CharField(
|
|
|
|
max_length=50,
|
|
|
|
blank=True,
|
|
|
|
default='')
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
about_me = models.TextField(
|
2015-09-16 00:55:27 +02:00
|
|
|
blank=True,
|
2016-01-09 13:32:56 +01:00
|
|
|
default='')
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
comment = models.TextField(
|
2015-09-16 00:55:27 +02:00
|
|
|
blank=True,
|
2016-01-09 13:32:56 +01:00
|
|
|
default='')
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
default_password = models.CharField(
|
2015-09-16 00:55:27 +02:00
|
|
|
max_length=100,
|
|
|
|
blank=True,
|
|
|
|
default='')
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
is_active = models.BooleanField(
|
2016-01-09 13:32:56 +01:00
|
|
|
default=True)
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
is_present = models.BooleanField(
|
2016-01-09 13:32:56 +01:00
|
|
|
default=False)
|
2014-10-11 14:34:49 +02:00
|
|
|
|
2016-06-30 13:06:23 +02:00
|
|
|
is_committee = models.BooleanField(
|
|
|
|
default=False)
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
objects = UserManager()
|
|
|
|
|
|
|
|
class Meta:
|
2015-12-10 00:20:59 +01:00
|
|
|
default_permissions = ()
|
2014-10-11 14:34:49 +02:00
|
|
|
permissions = (
|
2016-01-27 13:41:19 +01:00
|
|
|
('can_see_name', 'Can see names of users'),
|
2016-03-05 20:45:57 +01:00
|
|
|
('can_see_extra_data', 'Can see extra data of users (e.g. present and comment)'),
|
2016-01-27 13:41:19 +01:00
|
|
|
('can_manage', 'Can manage users'),
|
2014-10-11 14:34:49 +02:00
|
|
|
)
|
2015-09-16 00:55:27 +02:00
|
|
|
ordering = ('last_name', 'first_name', 'username', )
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
def __str__(self):
|
2015-01-22 18:29:12 +01:00
|
|
|
# Strip white spaces from the name parts
|
|
|
|
first_name = self.first_name.strip()
|
|
|
|
last_name = self.last_name.strip()
|
|
|
|
|
|
|
|
# The user has a last_name and a first_name
|
|
|
|
if first_name and last_name:
|
2016-11-04 13:26:44 +01:00
|
|
|
name = ' '.join((self.first_name, self.last_name))
|
2015-01-22 18:29:12 +01:00
|
|
|
# The user has only a first_name or a last_name or no name
|
|
|
|
else:
|
|
|
|
name = first_name or last_name or self.username
|
2014-10-11 14:34:49 +02:00
|
|
|
|
2015-09-16 00:55:27 +02:00
|
|
|
# Return result
|
|
|
|
return name
|
2015-06-24 22:11:54 +02:00
|
|
|
|
2017-01-10 21:43:53 +01:00
|
|
|
def save(self, *args, **kwargs):
|
|
|
|
"""
|
|
|
|
Overridden method to skip autoupdate if only last_login field was
|
|
|
|
updated as it is done during login.
|
|
|
|
"""
|
|
|
|
if kwargs.get('update_fields') == ['last_login']:
|
|
|
|
kwargs['skip_autoupdate'] = True
|
|
|
|
CollectionElement.from_instance(self)
|
|
|
|
return super().save(*args, **kwargs)
|
|
|
|
|
2017-07-28 15:42:58 +02:00
|
|
|
def delete(self, skip_autoupdate=False, *args, **kwargs):
|
|
|
|
"""
|
|
|
|
Customized method to delete an user. Ensures that a respective
|
|
|
|
user projector element is disabled.
|
|
|
|
"""
|
|
|
|
Projector.remove_any(
|
|
|
|
skip_autoupdate=skip_autoupdate,
|
|
|
|
name='users/user',
|
|
|
|
id=self.pk)
|
2017-08-24 12:26:55 +02:00
|
|
|
return super().delete(skip_autoupdate=skip_autoupdate, *args, **kwargs) # type: ignore
|
2017-07-28 15:42:58 +02:00
|
|
|
|
2017-01-26 21:15:35 +01:00
|
|
|
def has_perm(self, perm):
|
|
|
|
"""
|
|
|
|
This method is closed. Do not use it but use openslides.utils.auth.has_perm.
|
|
|
|
"""
|
|
|
|
raise RuntimeError('Do not use user.has_perm() but use openslides.utils.auth.has_perm')
|
|
|
|
|
2016-12-17 09:30:20 +01:00
|
|
|
|
2017-08-23 20:51:06 +02:00
|
|
|
class GroupManager(_GroupManager):
|
2016-12-17 09:30:20 +01:00
|
|
|
"""
|
|
|
|
Customized manager that supports our get_full_queryset method.
|
|
|
|
"""
|
|
|
|
def get_full_queryset(self):
|
|
|
|
"""
|
|
|
|
Returns the normal queryset with all groups. In the background all
|
|
|
|
permissions with the content types are prefetched from the database.
|
|
|
|
"""
|
|
|
|
return (self.get_queryset()
|
|
|
|
.select_related('group_ptr')
|
|
|
|
.prefetch_related(Prefetch(
|
|
|
|
'permissions',
|
|
|
|
queryset=Permission.objects.select_related('content_type'))))
|
|
|
|
|
|
|
|
|
|
|
|
class Group(RESTModelMixin, DjangoGroup):
|
|
|
|
"""
|
|
|
|
Extend the django group with support of our REST and caching system.
|
|
|
|
"""
|
|
|
|
access_permissions = GroupAccessPermissions()
|
|
|
|
objects = GroupManager()
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
default_permissions = ()
|
2017-05-23 14:07:06 +02:00
|
|
|
|
|
|
|
|
|
|
|
class PersonalNoteManager(models.Manager):
|
|
|
|
"""
|
|
|
|
Customized model manager to support our get_full_queryset method.
|
|
|
|
"""
|
|
|
|
def get_full_queryset(self):
|
|
|
|
"""
|
|
|
|
Returns the normal queryset with all personal notes. In the background all
|
|
|
|
users are prefetched from the database.
|
|
|
|
"""
|
|
|
|
return self.get_queryset().select_related('user')
|
|
|
|
|
|
|
|
|
|
|
|
class PersonalNote(RESTModelMixin, models.Model):
|
|
|
|
"""
|
|
|
|
Model for personal notes (e. g. likes/stars) of a user concerning different
|
|
|
|
openslides objects like motions.
|
|
|
|
"""
|
|
|
|
access_permissions = PersonalNoteAccessPermissions()
|
|
|
|
|
|
|
|
objects = PersonalNoteManager()
|
|
|
|
|
|
|
|
user = models.OneToOneField(
|
|
|
|
User,
|
|
|
|
on_delete=models.CASCADE)
|
|
|
|
notes = JSONField()
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
default_permissions = ()
|