contentdb/app/blueprints/admin/admin.py

# ContentDB
# Copyright (C) 2018-21 rubenwardy
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

from flask import redirect, render_template, url_for, request, flash
from flask_login import current_user, login_user
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import InputRequired, Length, Optional
from app.utils import rank_required, add_audit_log, add_notification, get_system_user, nonempty_or_none
from . import bp
from .actions import actions
from app.models import UserRank, Package, db, PackageState, User, AuditSeverity, NotificationType, PackageAlias


@bp.route("/admin/", methods=["GET", "POST"])
@rank_required(UserRank.ADMIN)
def admin_page():
	if request.method == "POST":
		action = request.form["action"]
		if action in actions:
			ret = actions[action]["func"]()
			if ret:
				return ret

		else:
			flash("Unknown action: " + action, "danger")

	deleted_packages = Package.query.filter(Package.state == PackageState.DELETED).all()
	return render_template("admin/list.html", deleted_packages=deleted_packages, actions=actions)


class SwitchUserForm(FlaskForm):
	username = StringField("Username")
	submit = SubmitField("Switch")


@bp.route("/admin/switchuser/", methods=["GET", "POST"])
@rank_required(UserRank.ADMIN)
def switch_user():
	form = SwitchUserForm(formdata=request.form)
	if form.validate_on_submit():
		user = User.query.filter_by(username=form["username"].data).first()
		if user is None:
			flash("Unable to find user", "danger")
		elif login_user(user):
			return redirect(url_for("users.profile", username=current_user.username))
		else:
			flash("Unable to login as user", "danger")

	# Process GET or invalid POST
	return render_template("admin/switch_user.html", form=form)


class SendNotificationForm(FlaskForm):
	title = StringField("Title", [InputRequired(), Length(1, 300)])
	url = StringField("URL", [InputRequired(), Length(1, 100)], default="/")
	submit = SubmitField("Send")


@bp.route("/admin/send-notification/", methods=["GET", "POST"])
@rank_required(UserRank.ADMIN)
def send_bulk_notification():
	form = SendNotificationForm(request.form)
	if form.validate_on_submit():
		add_audit_log(AuditSeverity.MODERATION, current_user,
				"Sent bulk notification", url_for("admin.admin_page"), None, form.title.data)

		users = User.query.filter(User.rank >= UserRank.NEW_MEMBER).all()
		add_notification(users, get_system_user(), NotificationType.OTHER, form.title.data, form.url.data, None)
		db.session.commit()

		return redirect(url_for("admin.admin_page"))

	return render_template("admin/send_bulk_notification.html", form=form)


@bp.route("/admin/restore/", methods=["GET", "POST"])
@rank_required(UserRank.EDITOR)
def restore():
	if request.method == "POST":
		target = request.form["submit"]
		if "Review" in target:
			target = PackageState.READY_FOR_REVIEW
		elif "Changes" in target:
			target = PackageState.CHANGES_NEEDED
		else:
			target = PackageState.WIP

		package = Package.query.get(request.form["package"])
		if package is None:
			flash("Unknown package", "danger")
		else:
			package.state = target

			add_audit_log(AuditSeverity.EDITOR, current_user, f"Restored package to state {target.value}",
						  package.get_url("packages.view"), package)

			db.session.commit()
			return redirect(package.get_url("packages.view"))

	deleted_packages = Package.query \
		.filter(Package.state == PackageState.DELETED) \
		.join(Package.author) \
		.order_by(db.asc(User.username), db.asc(Package.name)) \
		.all()

	return render_template("admin/restore.html", deleted_packages=deleted_packages)


class TransferPackageForm(FlaskForm):
	old_username = StringField("Old Username", [InputRequired()])
	new_username = StringField("New Username", [InputRequired()])
	package = StringField("Package", [Optional()])
	submit = SubmitField("Transfer")


def perform_transfer(form: TransferPackageForm):
	query = Package.query.filter(Package.author.has(username=form.old_username.data))
	if nonempty_or_none(form.package.data):
		query = query.filter_by(name=form.package.data)

	packages = query.all()
	if len(packages) == 0:
		flash("Unable to find package(s)", "danger")
		return

	new_user = User.query.filter_by(username=form.new_username.data).first()
	if new_user is None:
		flash("Unable to find new user", "danger")
		return

	for package in packages:
		package.author = new_user
		package.maintainers.append(new_user)
		package.aliases.append(PackageAlias(form.old_username.data, package.name))

		add_audit_log(AuditSeverity.MODERATION, current_user,
				f"Transferred {form.old_username.data}/{package.name} to {form.new_username.data}",
				package.get_url("packages.view"), package)

	db.session.commit()

	flash("Transferred " + ", ".join([x.name for x in packages]), "success")

	return redirect(url_for("admin.transfer"))


@bp.route("/admin/transfer/", methods=["GET", "POST"])
@rank_required(UserRank.MODERATOR)
def transfer():
	form = TransferPackageForm(formdata=request.form)
	if form.validate_on_submit():
		ret = perform_transfer(form)
		if ret is not None:
			return ret

	# Process GET or invalid POST
	return render_template("admin/transfer.html", form=form)
Replace "Content DB" with "ContentDB" 2020-07-12 17:34:25 +02:00			`# ContentDB`
Update copyrights 2021-01-30 17:59:42 +01:00			`# Copyright (C) 2018-21 rubenwardy`
Add license to all JS/py files 2018-05-17 16:18:20 +02:00			`#`
			`# This program is free software: you can redistribute it and/or modify`
Update copyrights 2021-01-30 17:59:42 +01:00			`# it under the terms of the GNU Affero General Public License as published by`
Add license to all JS/py files 2018-05-17 16:18:20 +02:00			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Update copyrights 2021-01-30 17:59:42 +01:00			`# GNU Affero General Public License for more details.`
Add license to all JS/py files 2018-05-17 16:18:20 +02:00			`#`
Update copyrights 2021-01-30 17:59:42 +01:00			`# You should have received a copy of the GNU Affero General Public License`
Add license to all JS/py files 2018-05-17 16:18:20 +02:00			`# along with this program. If not, see <https://www.gnu.org/licenses/>.`

Clean up admin blueprint 2022-01-26 20:12:42 +01:00			`from flask import redirect, render_template, url_for, request, flash`
Add logging of log ins 2020-12-09 21:38:36 +01:00			`from flask_login import current_user, login_user`
Add switch user admin tool 2018-05-13 16:28:27 +02:00			`from flask_wtf import FlaskForm`
Clean up admin blueprint 2022-01-26 20:12:42 +01:00			`from wtforms import StringField, SubmitField`
Add page to transfer packages 2023-07-29 22:34:23 +02:00			`from wtforms.validators import InputRequired, Length, Optional`
			`from app.utils import rank_required, add_audit_log, add_notification, get_system_user, nonempty_or_none`
Clean up code 2020-12-04 03:23:04 +01:00			`from . import bp`
Refactor admin page 2021-07-30 20:42:11 +02:00			`from .actions import actions`
Add page to transfer packages 2023-07-29 22:34:23 +02:00			`from app.models import UserRank, Package, db, PackageState, User, AuditSeverity, NotificationType, PackageAlias`
Clean up code 2020-12-04 03:23:04 +01:00
Add switch user admin tool 2018-05-13 16:28:27 +02:00
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`@bp.route("/admin/", methods=["GET", "POST"])`
Add switch user admin tool 2018-05-13 16:28:27 +02:00			`@rank_required(UserRank.ADMIN)`
			`def admin_page():`
Add import users from Krock's mod list feature 2018-05-15 16:00:12 +02:00			`if request.method == "POST":`
			`action = request.form["action"]`
Remove old restore method 2023-05-12 02:06:09 +02:00			`if action in actions:`
Refactor admin page 2021-07-30 20:42:11 +02:00			`ret = actions[action]["func"]()`
			`if ret:`
			`return ret`
Add Draft/ChangesNeeded notification admin action 2021-07-20 00:02:20 +02:00
Add import users from Krock's mod list feature 2018-05-15 16:00:12 +02:00			`else:`
Split up users blueprint 2020-01-24 19:15:09 +01:00			`flash("Unknown action: " + action, "danger")`
Add import users from Krock's mod list feature 2018-05-15 16:00:12 +02:00
Clean up admin blueprint 2022-01-26 20:12:42 +01:00			`deleted_packages = Package.query.filter(Package.state == PackageState.DELETED).all()`
Refactor admin page 2021-07-30 20:42:11 +02:00			`return render_template("admin/list.html", deleted_packages=deleted_packages, actions=actions)`
Add switch user admin tool 2018-05-13 16:28:27 +02:00
Clean up admin blueprint 2022-01-26 20:12:42 +01:00
Add switch user admin tool 2018-05-13 16:28:27 +02:00			`class SwitchUserForm(FlaskForm):`
			`username = StringField("Username")`
			`submit = SubmitField("Switch")`


Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`@bp.route("/admin/switchuser/", methods=["GET", "POST"])`
Add switch user admin tool 2018-05-13 16:28:27 +02:00			`@rank_required(UserRank.ADMIN)`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`def switch_user():`
Add switch user admin tool 2018-05-13 16:28:27 +02:00			`form = SwitchUserForm(formdata=request.form)`
Implement change password 2020-12-05 00:07:19 +01:00			`if form.validate_on_submit():`
Add switch user admin tool 2018-05-13 16:28:27 +02:00			`user = User.query.filter_by(username=form["username"].data).first()`
			`if user is None:`
Split up users blueprint 2020-01-24 19:15:09 +01:00			`flash("Unable to find user", "danger")`
Add logging of log ins 2020-12-09 21:38:36 +01:00			`elif login_user(user):`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`return redirect(url_for("users.profile", username=current_user.username))`
Add switch user admin tool 2018-05-13 16:28:27 +02:00			`else:`
Split up users blueprint 2020-01-24 19:15:09 +01:00			`flash("Unable to login as user", "danger")`
Add switch user admin tool 2018-05-13 16:28:27 +02:00
			`# Process GET or invalid POST`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`return render_template("admin/switch_user.html", form=form)`
Add bulk notification sending 2020-12-05 22:41:53 +01:00

			`class SendNotificationForm(FlaskForm):`
Clean up admin blueprint 2022-01-26 20:12:42 +01:00			`title = StringField("Title", [InputRequired(), Length(1, 300)])`
			`url = StringField("URL", [InputRequired(), Length(1, 100)], default="/")`
Add bulk notification sending 2020-12-05 22:41:53 +01:00			`submit = SubmitField("Send")`


			`@bp.route("/admin/send-notification/", methods=["GET", "POST"])`
			`@rank_required(UserRank.ADMIN)`
			`def send_bulk_notification():`
			`form = SendNotificationForm(request.form)`
			`if form.validate_on_submit():`
Use snake_case for method names 2023-06-19 22:27:49 +02:00			`add_audit_log(AuditSeverity.MODERATION, current_user,`
Clean up admin blueprint 2022-01-26 20:12:42 +01:00			`"Sent bulk notification", url_for("admin.admin_page"), None, form.title.data)`
Add bulk notification sending 2020-12-05 22:41:53 +01:00
			`users = User.query.filter(User.rank >= UserRank.NEW_MEMBER).all()`
Use snake_case for method names 2023-06-19 22:27:49 +02:00			`add_notification(users, get_system_user(), NotificationType.OTHER, form.title.data, form.url.data, None)`
Add bulk notification sending 2020-12-05 22:41:53 +01:00			`db.session.commit()`

			`return redirect(url_for("admin.admin_page"))`

			`return render_template("admin/send_bulk_notification.html", form=form)`
Allow editors to restore packages 2021-12-21 00:52:51 +01:00

			`@bp.route("/admin/restore/", methods=["GET", "POST"])`
			`@rank_required(UserRank.EDITOR)`
			`def restore():`
			`if request.method == "POST":`
			`target = request.form["submit"]`
			`if "Review" in target:`
			`target = PackageState.READY_FOR_REVIEW`
			`elif "Changes" in target:`
			`target = PackageState.CHANGES_NEEDED`
			`else:`
			`target = PackageState.WIP`

			`package = Package.query.get(request.form["package"])`
			`if package is None:`
			`flash("Unknown package", "danger")`
			`else:`
			`package.state = target`

Use snake_case for method names 2023-06-19 22:27:49 +02:00			`add_audit_log(AuditSeverity.EDITOR, current_user, f"Restored package to state {target.value}",`
			`package.get_url("packages.view"), package)`
Allow editors to restore packages 2021-12-21 00:52:51 +01:00
			`db.session.commit()`
Use consistent naming scheme for methods/functions 2023-06-18 22:56:19 +02:00			`return redirect(package.get_url("packages.view"))`
Allow editors to restore packages 2021-12-21 00:52:51 +01:00
Clean up admin blueprint 2022-01-26 20:12:42 +01:00			`deleted_packages = Package.query \`
			`.filter(Package.state == PackageState.DELETED) \`
			`.join(Package.author) \`
			`.order_by(db.asc(User.username), db.asc(Package.name)) \`
			`.all()`

			`return render_template("admin/restore.html", deleted_packages=deleted_packages)`
Add page to transfer packages 2023-07-29 22:34:23 +02:00

			`class TransferPackageForm(FlaskForm):`
			`old_username = StringField("Old Username", [InputRequired()])`
			`new_username = StringField("New Username", [InputRequired()])`
			`package = StringField("Package", [Optional()])`
			`submit = SubmitField("Transfer")`


			`def perform_transfer(form: TransferPackageForm):`
			`query = Package.query.filter(Package.author.has(username=form.old_username.data))`
			`if nonempty_or_none(form.package.data):`
			`query = query.filter_by(name=form.package.data)`

			`packages = query.all()`
			`if len(packages) == 0:`
			`flash("Unable to find package(s)", "danger")`
			`return`

			`new_user = User.query.filter_by(username=form.new_username.data).first()`
			`if new_user is None:`
			`flash("Unable to find new user", "danger")`
			`return`

			`for package in packages:`
			`package.author = new_user`
			`package.maintainers.append(new_user)`
			`package.aliases.append(PackageAlias(form.old_username.data, package.name))`

			`add_audit_log(AuditSeverity.MODERATION, current_user,`
			`f"Transferred {form.old_username.data}/{package.name} to {form.new_username.data}",`
			`package.get_url("packages.view"), package)`

			`db.session.commit()`

			`flash("Transferred " + ", ".join([x.name for x in packages]), "success")`

			`return redirect(url_for("admin.transfer"))`


			`@bp.route("/admin/transfer/", methods=["GET", "POST"])`
			`@rank_required(UserRank.MODERATOR)`
			`def transfer():`
			`form = TransferPackageForm(formdata=request.form)`
			`if form.validate_on_submit():`
			`ret = perform_transfer(form)`
			`if ret is not None:`
			`return ret`

			`# Process GET or invalid POST`
			`return render_template("admin/transfer.html", form=form)`