2022-07-12 21:04:47 +02:00
|
|
|
from typing import List, Optional, cast
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2020-08-07 01:09:47 +02:00
|
|
|
import orjson
|
2020-06-21 02:36:20 +02:00
|
|
|
from django.core.exceptions import ValidationError
|
2019-02-02 23:53:22 +01:00
|
|
|
from django.db import IntegrityError
|
2017-03-17 10:07:22 +01:00
|
|
|
from django.http import HttpRequest, HttpResponse
|
2021-04-16 00:57:30 +02:00
|
|
|
from django.utils.translation import gettext as _
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2022-04-14 23:46:56 +02:00
|
|
|
from zerver.actions.custom_profile_fields import (
|
2020-06-11 00:54:34 +02:00
|
|
|
check_remove_custom_profile_field_value,
|
|
|
|
do_remove_realm_custom_profile_field,
|
|
|
|
do_update_user_custom_profile_data_if_changed,
|
|
|
|
try_add_realm_custom_profile_field,
|
|
|
|
try_add_realm_default_custom_profile_field,
|
|
|
|
try_reorder_realm_custom_profile_fields,
|
|
|
|
try_update_realm_custom_profile_field,
|
|
|
|
)
|
2022-04-14 23:46:56 +02:00
|
|
|
from zerver.decorator import human_users_only, require_realm_admin
|
2018-08-16 20:12:49 +02:00
|
|
|
from zerver.lib.exceptions import JsonableError
|
2019-05-27 10:59:55 +02:00
|
|
|
from zerver.lib.external_accounts import validate_external_account_field_data
|
2020-06-11 00:54:34 +02:00
|
|
|
from zerver.lib.request import REQ, has_request_variables
|
2021-06-30 18:35:50 +02:00
|
|
|
from zerver.lib.response import json_success
|
2022-07-08 17:13:42 +02:00
|
|
|
from zerver.lib.types import ProfileDataElementUpdateDict, ProfileFieldData, Validator
|
2020-06-11 00:54:34 +02:00
|
|
|
from zerver.lib.users import validate_user_custom_profile_data
|
|
|
|
from zerver.lib.validator import (
|
2022-07-12 21:04:47 +02:00
|
|
|
check_bool,
|
2020-06-11 00:54:34 +02:00
|
|
|
check_capped_string,
|
2022-01-11 09:48:54 +01:00
|
|
|
check_dict,
|
REQ: Check value in update_user_custom_profile_data.
This tightens our checking of user-supplied data
for this endpoint:
path('users/me/profile_data', rest_dispatch,
{'PATCH': 'zerver.views.custom_profile_fields.update_user_custom_profile_data',
...
We now explicitly require the `value` field
to be present in the dicts being passed in
here, as part of `REQ`. There is no reason
that our current clients would be sending
extra fields here, and we would just ignore
them anyway, so we also move to using
check_dict_only.
Here is some relevant webapp code (see settings_account.js):
fields.push({id: field.id, value: user_ids});
update_user_custom_profile_fields(fields, channel.patch);
settings_ui.do_settings_change(method, "/json/users/me/profile_data",
{data: JSON.stringify([field])}, spinner_element);
The webapp code sends fields one at a time
as one-element arrays, which is strange, but
that is out of the scope of this change.
2020-06-25 17:28:06 +02:00
|
|
|
check_dict_only,
|
2020-06-11 00:54:34 +02:00
|
|
|
check_int,
|
|
|
|
check_list,
|
2020-06-21 03:22:21 +02:00
|
|
|
check_string,
|
|
|
|
check_union,
|
2021-03-24 12:48:00 +01:00
|
|
|
validate_select_field_data,
|
2020-06-11 00:54:34 +02:00
|
|
|
)
|
2022-10-30 11:19:51 +01:00
|
|
|
from zerver.models import CustomProfileField, Realm, UserProfile, custom_profile_fields_for_realm
|
2020-06-11 00:54:34 +02:00
|
|
|
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
def list_realm_custom_profile_fields(
|
|
|
|
request: HttpRequest, user_profile: UserProfile
|
|
|
|
) -> HttpResponse:
|
2017-03-17 10:07:22 +01:00
|
|
|
fields = custom_profile_fields_for_realm(user_profile.realm_id)
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request, data={"custom_fields": [f.as_dict() for f in fields]})
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2018-03-31 07:30:24 +02:00
|
|
|
hint_validator = check_capped_string(CustomProfileField.HINT_MAX_LENGTH)
|
2018-08-16 20:12:49 +02:00
|
|
|
name_validator = check_capped_string(CustomProfileField.NAME_MAX_LENGTH)
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2018-08-16 20:12:49 +02:00
|
|
|
def validate_field_name_and_hint(name: str, hint: str) -> None:
|
|
|
|
if not name.strip():
|
2019-08-03 02:30:15 +02:00
|
|
|
raise JsonableError(_("Label cannot be blank."))
|
2018-08-16 20:12:49 +02:00
|
|
|
|
2020-06-21 02:36:20 +02:00
|
|
|
try:
|
2021-02-12 08:20:45 +01:00
|
|
|
hint_validator("hint", hint)
|
|
|
|
name_validator("name", name)
|
2020-06-21 02:36:20 +02:00
|
|
|
except ValidationError as error:
|
|
|
|
raise JsonableError(error.message)
|
2018-03-31 07:30:24 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
|
|
|
def validate_custom_field_data(field_type: int, field_data: ProfileFieldData) -> None:
|
2020-06-21 02:36:20 +02:00
|
|
|
try:
|
2021-03-20 11:39:22 +01:00
|
|
|
if field_type == CustomProfileField.SELECT:
|
2020-06-21 02:36:20 +02:00
|
|
|
# Choice type field must have at least have one choice
|
|
|
|
if len(field_data) < 1:
|
|
|
|
raise JsonableError(_("Field must have at least one choice."))
|
2021-03-24 12:48:00 +01:00
|
|
|
validate_select_field_data(field_data)
|
2020-06-21 02:36:20 +02:00
|
|
|
elif field_type == CustomProfileField.EXTERNAL_ACCOUNT:
|
|
|
|
validate_external_account_field_data(field_data)
|
|
|
|
except ValidationError as error:
|
|
|
|
raise JsonableError(error.message)
|
2019-06-07 08:00:37 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-12 21:04:47 +02:00
|
|
|
def validate_display_in_profile_summary_field(
|
|
|
|
field_type: int, display_in_profile_summary: bool
|
|
|
|
) -> None:
|
|
|
|
if not display_in_profile_summary:
|
|
|
|
return
|
|
|
|
|
|
|
|
# The LONG_TEXT field type doesn't make sense visually for profile
|
|
|
|
# field summaries. The USER field type will require some further
|
|
|
|
# client support.
|
|
|
|
if field_type == CustomProfileField.LONG_TEXT or field_type == CustomProfileField.USER:
|
|
|
|
raise JsonableError(_("Field type not supported for display in profile summary."))
|
|
|
|
|
|
|
|
|
2019-08-24 13:52:25 +02:00
|
|
|
def is_default_external_field(field_type: int, field_data: ProfileFieldData) -> bool:
|
|
|
|
if field_type != CustomProfileField.EXTERNAL_ACCOUNT:
|
|
|
|
return False
|
2021-02-12 08:20:45 +01:00
|
|
|
if field_data["subtype"] == "custom":
|
2019-08-24 13:52:25 +02:00
|
|
|
return False
|
|
|
|
return True
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
|
|
|
def validate_custom_profile_field(
|
2022-07-12 21:04:47 +02:00
|
|
|
name: str,
|
|
|
|
hint: str,
|
|
|
|
field_type: int,
|
|
|
|
field_data: ProfileFieldData,
|
|
|
|
display_in_profile_summary: bool,
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> None:
|
2019-08-24 13:13:48 +02:00
|
|
|
# Validate field data
|
|
|
|
validate_custom_field_data(field_type, field_data)
|
|
|
|
|
2019-08-24 13:52:25 +02:00
|
|
|
if not is_default_external_field(field_type, field_data):
|
|
|
|
# If field is default external field then we will fetch all data
|
|
|
|
# from our default field dictionary, so no need to validate name or hint
|
|
|
|
# Validate field name, hint if not default external account field
|
|
|
|
validate_field_name_and_hint(name, hint)
|
|
|
|
|
2019-08-24 13:13:48 +02:00
|
|
|
field_types = [i[0] for i in CustomProfileField.FIELD_TYPE_CHOICES]
|
|
|
|
if field_type not in field_types:
|
|
|
|
raise JsonableError(_("Invalid field type."))
|
|
|
|
|
2022-07-12 21:04:47 +02:00
|
|
|
validate_display_in_profile_summary_field(field_type, display_in_profile_summary)
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-01-11 09:48:54 +01:00
|
|
|
check_profile_field_data: Validator[ProfileFieldData] = check_dict(
|
|
|
|
value_validator=check_union([check_dict(value_validator=check_string), check_string])
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2022-07-12 21:04:47 +02:00
|
|
|
def update_only_display_in_profile_summary(
|
|
|
|
requested_name: str,
|
|
|
|
requested_hint: str,
|
|
|
|
requested_field_data: ProfileFieldData,
|
|
|
|
existing_field: CustomProfileField,
|
|
|
|
) -> bool:
|
|
|
|
if (
|
|
|
|
requested_name != existing_field.name
|
|
|
|
or requested_hint != existing_field.hint
|
|
|
|
or requested_field_data != orjson.loads(existing_field.field_data)
|
|
|
|
):
|
|
|
|
return False
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
2022-10-30 11:19:51 +01:00
|
|
|
def display_in_profile_summary_limit_reached(
|
|
|
|
realm: Realm, profile_field_id: Optional[int] = None
|
|
|
|
) -> bool:
|
|
|
|
query = CustomProfileField.objects.filter(realm=realm, display_in_profile_summary=True)
|
2022-07-12 21:04:47 +02:00
|
|
|
if profile_field_id is not None:
|
|
|
|
query = query.exclude(id=profile_field_id)
|
|
|
|
return query.count() >= CustomProfileField.MAX_DISPLAY_IN_PROFILE_SUMMARY_FIELDS
|
|
|
|
|
|
|
|
|
2017-03-17 10:07:22 +01:00
|
|
|
@require_realm_admin
|
|
|
|
@has_request_variables
|
2021-02-12 08:19:30 +01:00
|
|
|
def create_realm_custom_profile_field(
|
|
|
|
request: HttpRequest,
|
|
|
|
user_profile: UserProfile,
|
2022-01-11 10:10:56 +01:00
|
|
|
name: str = REQ(default="", converter=lambda var_name, x: x.strip()),
|
2021-02-12 08:20:45 +01:00
|
|
|
hint: str = REQ(default=""),
|
2022-01-11 09:48:54 +01:00
|
|
|
field_data: ProfileFieldData = REQ(default={}, json_validator=check_profile_field_data),
|
2021-04-07 22:00:44 +02:00
|
|
|
field_type: int = REQ(json_validator=check_int),
|
2022-07-12 21:04:47 +02:00
|
|
|
display_in_profile_summary: bool = REQ(default=False, json_validator=check_bool),
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2022-10-30 11:19:51 +01:00
|
|
|
if display_in_profile_summary and display_in_profile_summary_limit_reached(user_profile.realm):
|
2022-07-12 21:04:47 +02:00
|
|
|
raise JsonableError(
|
|
|
|
_("Only 2 custom profile fields can be displayed in the profile summary.")
|
|
|
|
)
|
|
|
|
|
|
|
|
validate_custom_profile_field(name, hint, field_type, field_data, display_in_profile_summary)
|
2017-03-17 10:07:22 +01:00
|
|
|
try:
|
2019-08-24 13:52:25 +02:00
|
|
|
if is_default_external_field(field_type, field_data):
|
2021-02-12 08:20:45 +01:00
|
|
|
field_subtype = field_data["subtype"]
|
2020-06-23 06:50:30 +02:00
|
|
|
assert isinstance(field_subtype, str)
|
2019-08-24 13:52:25 +02:00
|
|
|
field = try_add_realm_default_custom_profile_field(
|
|
|
|
realm=user_profile.realm,
|
|
|
|
field_subtype=field_subtype,
|
2022-07-12 21:04:47 +02:00
|
|
|
display_in_profile_summary=display_in_profile_summary,
|
2019-08-24 13:52:25 +02:00
|
|
|
)
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request, data={"id": field.id})
|
2019-08-24 13:52:25 +02:00
|
|
|
else:
|
|
|
|
field = try_add_realm_custom_profile_field(
|
|
|
|
realm=user_profile.realm,
|
|
|
|
name=name,
|
|
|
|
field_data=field_data,
|
|
|
|
field_type=field_type,
|
|
|
|
hint=hint,
|
2022-07-12 21:04:47 +02:00
|
|
|
display_in_profile_summary=display_in_profile_summary,
|
2019-08-24 13:52:25 +02:00
|
|
|
)
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request, data={"id": field.id})
|
2017-03-17 10:07:22 +01:00
|
|
|
except IntegrityError:
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("A field with that label already exists."))
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2017-03-17 10:07:22 +01:00
|
|
|
@require_realm_admin
|
2021-02-12 08:19:30 +01:00
|
|
|
def delete_realm_custom_profile_field(
|
|
|
|
request: HttpRequest, user_profile: UserProfile, field_id: int
|
|
|
|
) -> HttpResponse:
|
2017-03-17 10:07:22 +01:00
|
|
|
try:
|
|
|
|
field = CustomProfileField.objects.get(id=field_id)
|
|
|
|
except CustomProfileField.DoesNotExist:
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("Field id {id} not found.").format(id=field_id))
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
do_remove_realm_custom_profile_field(realm=user_profile.realm, field=field)
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request)
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2017-03-17 10:07:22 +01:00
|
|
|
@require_realm_admin
|
|
|
|
@has_request_variables
|
2021-02-12 08:19:30 +01:00
|
|
|
def update_realm_custom_profile_field(
|
|
|
|
request: HttpRequest,
|
|
|
|
user_profile: UserProfile,
|
|
|
|
field_id: int,
|
2022-01-11 10:10:56 +01:00
|
|
|
name: str = REQ(default="", converter=lambda var_name, x: x.strip()),
|
2021-02-12 08:20:45 +01:00
|
|
|
hint: str = REQ(default=""),
|
2022-01-11 09:48:54 +01:00
|
|
|
field_data: ProfileFieldData = REQ(default={}, json_validator=check_profile_field_data),
|
2022-07-12 21:04:47 +02:00
|
|
|
display_in_profile_summary: bool = REQ(default=False, json_validator=check_bool),
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2017-03-17 10:07:22 +01:00
|
|
|
realm = user_profile.realm
|
|
|
|
try:
|
|
|
|
field = CustomProfileField.objects.get(realm=realm, id=field_id)
|
|
|
|
except CustomProfileField.DoesNotExist:
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("Field id {id} not found.").format(id=field_id))
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2022-10-30 11:19:51 +01:00
|
|
|
if display_in_profile_summary and display_in_profile_summary_limit_reached(
|
|
|
|
user_profile.realm, field.id
|
|
|
|
):
|
2022-07-12 21:04:47 +02:00
|
|
|
raise JsonableError(
|
|
|
|
_("Only 2 custom profile fields can be displayed in the profile summary.")
|
|
|
|
)
|
|
|
|
|
2019-08-24 13:52:25 +02:00
|
|
|
if field.field_type == CustomProfileField.EXTERNAL_ACCOUNT:
|
2022-07-12 21:04:47 +02:00
|
|
|
# HACK: Allow changing the display_in_profile_summary property
|
|
|
|
# of default external account types, but not any others.
|
|
|
|
#
|
|
|
|
# TODO: Make the name/hint/field_data parameters optional, and
|
|
|
|
# just require that None was passed for all of them for this case.
|
|
|
|
if is_default_external_field(
|
|
|
|
field.field_type, orjson.loads(field.field_data)
|
|
|
|
) and not update_only_display_in_profile_summary(name, hint, field_data, field):
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("Default custom field cannot be updated."))
|
2019-08-24 13:52:25 +02:00
|
|
|
|
2022-07-12 21:04:47 +02:00
|
|
|
validate_custom_profile_field(
|
|
|
|
name, hint, field.field_type, field_data, display_in_profile_summary
|
|
|
|
)
|
2017-03-17 10:07:22 +01:00
|
|
|
try:
|
2022-07-12 21:04:47 +02:00
|
|
|
try_update_realm_custom_profile_field(
|
|
|
|
realm,
|
|
|
|
field,
|
|
|
|
name,
|
|
|
|
hint=hint,
|
|
|
|
field_data=field_data,
|
|
|
|
display_in_profile_summary=display_in_profile_summary,
|
|
|
|
)
|
2017-03-17 10:07:22 +01:00
|
|
|
except IntegrityError:
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("A field with that label already exists."))
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request)
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2018-04-08 18:13:37 +02:00
|
|
|
@require_realm_admin
|
|
|
|
@has_request_variables
|
2021-02-12 08:19:30 +01:00
|
|
|
def reorder_realm_custom_profile_fields(
|
|
|
|
request: HttpRequest,
|
|
|
|
user_profile: UserProfile,
|
2021-04-07 22:00:44 +02:00
|
|
|
order: List[int] = REQ(json_validator=check_list(check_int)),
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2018-04-08 18:13:37 +02:00
|
|
|
try_reorder_realm_custom_profile_fields(user_profile.realm, order)
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request)
|
2018-04-08 18:13:37 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2018-06-05 12:57:02 +02:00
|
|
|
@human_users_only
|
|
|
|
@has_request_variables
|
2021-02-12 08:19:30 +01:00
|
|
|
def remove_user_custom_profile_data(
|
|
|
|
request: HttpRequest,
|
|
|
|
user_profile: UserProfile,
|
2021-04-07 22:00:44 +02:00
|
|
|
data: List[int] = REQ(json_validator=check_list(check_int)),
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2018-06-05 12:57:02 +02:00
|
|
|
for field_id in data:
|
2019-01-15 11:52:14 +01:00
|
|
|
check_remove_custom_profile_field_value(user_profile, field_id)
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request)
|
2018-06-05 12:57:02 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-08 17:13:42 +02:00
|
|
|
check_profile_data_element_update_dict = cast(
|
|
|
|
Validator[ProfileDataElementUpdateDict],
|
|
|
|
check_dict_only(
|
|
|
|
[
|
|
|
|
("id", check_int),
|
|
|
|
("value", check_union([check_string, check_list(check_int)])),
|
|
|
|
]
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2017-07-31 20:30:08 +02:00
|
|
|
@human_users_only
|
2017-03-17 10:07:22 +01:00
|
|
|
@has_request_variables
|
|
|
|
def update_user_custom_profile_data(
|
2020-06-21 03:22:21 +02:00
|
|
|
request: HttpRequest,
|
|
|
|
user_profile: UserProfile,
|
2022-07-08 17:13:42 +02:00
|
|
|
data: List[ProfileDataElementUpdateDict] = REQ(
|
2021-04-07 22:00:44 +02:00
|
|
|
json_validator=check_list(
|
2022-07-08 17:13:42 +02:00
|
|
|
check_profile_data_element_update_dict,
|
2020-06-21 03:22:21 +02:00
|
|
|
)
|
|
|
|
),
|
|
|
|
) -> HttpResponse:
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2018-09-04 20:23:44 +02:00
|
|
|
validate_user_custom_profile_data(user_profile.realm.id, data)
|
2019-10-01 04:22:50 +02:00
|
|
|
do_update_user_custom_profile_data_if_changed(user_profile, data)
|
2017-03-17 10:07:22 +01:00
|
|
|
# We need to call this explicitly otherwise constraints are not check
|
2022-01-31 13:44:02 +01:00
|
|
|
return json_success(request)
|