2019-03-27 00:57:33 +01:00
|
|
|
from datetime import timedelta
|
|
|
|
|
2019-08-13 03:15:00 +02:00
|
|
|
from django.conf import settings
|
2022-12-05 12:22:50 +01:00
|
|
|
from django.db import transaction
|
2020-06-11 00:54:34 +02:00
|
|
|
from django.http import HttpRequest, HttpResponse
|
2019-03-27 00:57:33 +01:00
|
|
|
from django.utils.timezone import now as timezone_now
|
2021-04-16 00:57:30 +02:00
|
|
|
from django.utils.translation import gettext as _
|
2019-03-27 00:57:33 +01:00
|
|
|
|
2020-06-11 00:54:34 +02:00
|
|
|
from analytics.models import RealmCount
|
2022-04-14 23:40:10 +02:00
|
|
|
from zerver.actions.realm_export import do_delete_realm_export, notify_realm_export
|
2019-03-27 00:57:33 +01:00
|
|
|
from zerver.decorator import require_realm_admin
|
2021-06-30 18:35:50 +02:00
|
|
|
from zerver.lib.exceptions import JsonableError
|
2020-06-11 00:54:34 +02:00
|
|
|
from zerver.lib.export import get_realm_exports_serialized
|
2019-03-27 00:57:33 +01:00
|
|
|
from zerver.lib.queue import queue_json_publish
|
2021-06-30 18:35:50 +02:00
|
|
|
from zerver.lib.response import json_success
|
2020-06-11 00:54:34 +02:00
|
|
|
from zerver.models import RealmAuditLog, UserProfile
|
2024-09-03 15:58:19 +02:00
|
|
|
from zerver.models.realm_audit_logs import AuditLogEventType
|
2019-08-01 19:59:36 +02:00
|
|
|
|
2019-03-27 00:57:33 +01:00
|
|
|
|
2022-12-05 12:22:50 +01:00
|
|
|
@transaction.atomic(durable=True)
|
2019-03-27 00:57:33 +01:00
|
|
|
@require_realm_admin
|
2019-06-24 02:51:13 +02:00
|
|
|
def export_realm(request: HttpRequest, user: UserProfile) -> HttpResponse:
|
|
|
|
# Currently only supports public-data-only exports.
|
2024-09-03 15:58:19 +02:00
|
|
|
event_type = AuditLogEventType.REALM_EXPORTED
|
2019-03-27 00:57:33 +01:00
|
|
|
event_time = timezone_now()
|
|
|
|
realm = user.realm
|
2019-08-13 03:15:00 +02:00
|
|
|
EXPORT_LIMIT = 5
|
2022-09-16 00:32:17 +02:00
|
|
|
|
|
|
|
# Exporting organizations with a huge amount of history can
|
|
|
|
# potentially consume a lot of disk or otherwise have accidental
|
|
|
|
# DoS risk; for that reason, we require large exports to be done
|
|
|
|
# manually on the command line.
|
|
|
|
#
|
|
|
|
# It's very possible that higher limits would be completely safe.
|
2019-08-13 03:15:00 +02:00
|
|
|
MAX_MESSAGE_HISTORY = 250000
|
|
|
|
MAX_UPLOAD_QUOTA = 10 * 1024 * 1024 * 1024
|
2019-03-27 00:57:33 +01:00
|
|
|
|
|
|
|
# Filter based upon the number of events that have occurred in the delta
|
|
|
|
# If we are at the limit, the incoming request is rejected
|
2019-08-13 03:15:00 +02:00
|
|
|
event_time_delta = event_time - timedelta(days=7)
|
2021-02-12 08:19:30 +01:00
|
|
|
limit_check = RealmAuditLog.objects.filter(
|
|
|
|
realm=realm, event_type=event_type, event_time__gte=event_time_delta
|
2024-04-12 21:47:12 +02:00
|
|
|
).count()
|
|
|
|
if limit_check >= EXPORT_LIMIT:
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("Exceeded rate limit."))
|
2019-03-27 00:57:33 +01:00
|
|
|
|
2022-09-16 00:32:17 +02:00
|
|
|
# The RealmCount analytics table lets us efficiently get an
|
|
|
|
# estimate for the number of public stream messages in an
|
|
|
|
# organization. It won't match the actual number of messages in
|
|
|
|
# the export, because this measures the number of messages that
|
|
|
|
# went to a public stream at the time they were sent. Thus,
|
|
|
|
# messages that were deleted or moved between streams will be
|
|
|
|
# treated differently for this check vs. in the export code.
|
|
|
|
exportable_messages_estimate = sum(
|
2021-02-12 08:19:30 +01:00
|
|
|
realm_count.value
|
|
|
|
for realm_count in RealmCount.objects.filter(
|
2022-09-16 00:32:17 +02:00
|
|
|
realm=realm, property="messages_sent:message_type:day", subgroup="public_stream"
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
|
|
|
)
|
2022-09-16 00:32:17 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
if (
|
2022-09-16 00:32:17 +02:00
|
|
|
exportable_messages_estimate > MAX_MESSAGE_HISTORY
|
2021-02-12 08:19:30 +01:00
|
|
|
or user.realm.currently_used_upload_space_bytes() > MAX_UPLOAD_QUOTA
|
|
|
|
):
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(
|
2021-02-12 08:20:45 +01:00
|
|
|
_("Please request a manual export from {email}.").format(
|
2021-02-12 08:19:30 +01:00
|
|
|
email=settings.ZULIP_ADMINISTRATOR,
|
|
|
|
)
|
|
|
|
)
|
2019-08-13 03:15:00 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
row = RealmAuditLog.objects.create(
|
|
|
|
realm=realm, event_type=event_type, event_time=event_time, acting_user=user
|
|
|
|
)
|
2020-04-16 23:00:24 +02:00
|
|
|
|
|
|
|
# Allow for UI updates on a pending export
|
2023-06-28 18:08:17 +02:00
|
|
|
notify_realm_export(realm)
|
2020-04-16 23:00:24 +02:00
|
|
|
|
2019-05-24 20:03:56 +02:00
|
|
|
# Using the deferred_work queue processor to avoid
|
2019-05-17 00:54:56 +02:00
|
|
|
# killing the process after 60s
|
2021-02-12 08:19:30 +01:00
|
|
|
event = {
|
2021-02-12 08:20:45 +01:00
|
|
|
"type": "realm_export",
|
|
|
|
"time": event_time,
|
|
|
|
"realm_id": realm.id,
|
|
|
|
"user_profile_id": user.id,
|
|
|
|
"id": row.id,
|
2021-02-12 08:19:30 +01:00
|
|
|
}
|
2022-12-05 12:22:50 +01:00
|
|
|
transaction.on_commit(lambda: queue_json_publish("deferred_work", event))
|
2023-05-16 19:14:14 +02:00
|
|
|
return json_success(request, data={"id": row.id})
|
2019-06-23 22:57:14 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2019-06-23 22:57:14 +02:00
|
|
|
@require_realm_admin
|
2019-06-24 02:51:13 +02:00
|
|
|
def get_realm_exports(request: HttpRequest, user: UserProfile) -> HttpResponse:
|
2023-06-28 18:08:17 +02:00
|
|
|
realm_exports = get_realm_exports_serialized(user.realm)
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request, data={"exports": realm_exports})
|
2019-08-01 19:59:36 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2019-08-01 19:59:36 +02:00
|
|
|
@require_realm_admin
|
|
|
|
def delete_realm_export(request: HttpRequest, user: UserProfile, export_id: int) -> HttpResponse:
|
|
|
|
try:
|
2021-02-12 08:19:30 +01:00
|
|
|
audit_log_entry = RealmAuditLog.objects.get(
|
2024-09-03 15:58:19 +02:00
|
|
|
id=export_id, realm=user.realm, event_type=AuditLogEventType.REALM_EXPORTED
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2019-08-01 19:59:36 +02:00
|
|
|
except RealmAuditLog.DoesNotExist:
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("Invalid data export ID"))
|
2019-08-01 19:59:36 +02:00
|
|
|
|
2023-07-13 19:46:06 +02:00
|
|
|
export_data = audit_log_entry.extra_data
|
2023-05-16 18:18:32 +02:00
|
|
|
if export_data.get("deleted_timestamp") is not None:
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("Export already deleted"))
|
2023-05-16 18:18:32 +02:00
|
|
|
if export_data.get("export_path") is None:
|
|
|
|
if export_data.get("failed_timestamp") is not None:
|
|
|
|
raise JsonableError(_("Export failed, nothing to delete"))
|
|
|
|
raise JsonableError(_("Export still in progress"))
|
2023-06-28 18:08:17 +02:00
|
|
|
do_delete_realm_export(audit_log_entry)
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request)
|
2024-09-17 19:58:09 +02:00
|
|
|
|
|
|
|
|
|
|
|
@require_realm_admin
|
|
|
|
def get_users_export_consents(request: HttpRequest, user: UserProfile) -> HttpResponse:
|
|
|
|
rows = UserProfile.objects.filter(realm=user.realm, is_active=True, is_bot=False).values(
|
|
|
|
"id", "allow_private_data_export"
|
|
|
|
)
|
|
|
|
export_consents = [
|
|
|
|
{"user_id": row["id"], "consented": row["allow_private_data_export"]} for row in rows
|
|
|
|
]
|
|
|
|
return json_success(request, data={"export_consents": export_consents})
|